One foot outside the law?

by | May 29, 2009 | 0 comments

A few weeks ago, maybe even months, there was a summons sent
into a court apb3to find out who was using an IP adress at a certain time,
all according to the IPRED law that has hit the nation of Sweden.
All in all, this was not too bad and seemed OK.

According to the the Anti Piracy Bureau in Sweden, the server was
packed with pretty much every swedish audiobook ever realese, and
this was shared to the public, and so they acted on behalf of their
employers. Now, this is all well and good, but now, some new lights
has come into the light. You see, if I set up a server, that is totally
free to use, so that anyone could log into it without any password
verification, and then fill it with whatever copyrighted material I
can find, the APB can, and probably will go over the server and then
drag me into the court. However, If the server has any form of password
protection, a new problem rears itself and stares you in the face. Let me explain:

If the server was password protected, it was not made public to the
general populace. Hence, the subpoena is faulty in its initial phrasing.
Ok, so, you can rephrase that.

If the server was password protected, you need the permission from
the server owner to log on. In other words he, or someone he appointed,
have given you your own personal login details.

If the Anti Piracy Bureau did not have their own password and user,
they either A: used an informer who had a password who then sent
logs, screenshots and files downloaded to the Anti Piracy Bureau.
I want you to know that ANYONE who has the slightest interrest
in computers can write a log that makes it look like someone downloaded
whatever file from whereever, be it a log, or a screenshot.
Let me demonstrate.

Look at this image:
proof

Now, before someone decides to find that torrent tracker, let me tell you this: A short lookup
will tell you that there is none there. What in reality is there is http://www.aftonbladet.se

You want more “proof” ? Ok, how about a real FTP log, this log is what I actually did:

Status:    Ansluter till 192.168.1.103:21…
Status:    Anslutningen etablerad, väntar på välkomstmeddelande…
Svar:    220 ProFTPD 1.3.1 Server (Debian) [::ffff:192.168.1.103]
Kommando:    USER zutgorak
Svar:    331 Password required for zutgorak
Kommando:    PASS ******
Svar:    230 User zutgorak logged in
Kommando:    SYST
Svar:    215 UNIX Type: L8
Kommando:    FEAT
Svar:    211-Features:
Svar:     MDTM
Svar:     REST STREAM
Svar:     SIZE
Svar:    211 End
Status:    Ansluten
Status:    Hämtar kataloglistning…
Kommando:    PWD
Svar:    257 “/home/zutgorak” is the current directory
Kommando:    TYPE I
Svar:    200 Type set to I
Kommando:    PORT 192,168,1,100,13,44
Svar:    200 PORT command successful
Kommando:    LIST
Svar:    150 Opening ASCII mode data connection for file list
Svar:    226 Transfer complete
Status:    Kataloglistningen lyckades
Status:    Hämtar kataloglistning…
Kommando:    CWD haven
Svar:    250 CWD command successful
Kommando:    PWD
Svar:    257 “/home/zutgorak/haven” is the current directory
Kommando:    PORT 192,168,1,100,13,47
Svar:    200 PORT command successful
Kommando:    LIST
Svar:    150 Opening ASCII mode data connection for file list
Svar:    226 Transfer complete
Status:    Beräknar serverns tidzonsskillnad…
Kommando:    MDTM blogs.html
Svar:    213 20090515222120
Status:    Tidszonsskillnader: Servern: 0 sekunder. Lokalt: 7200 sekunder. Skillnad: 7200 sekunder.
Status:    Kataloglistningen lyckades
Status:    Ansluter till 192.168.1.103:21…
Status:    Anslutningen etablerad, väntar på välkomstmeddelande…
Svar:    220 ProFTPD 1.3.1 Server (Debian) [::ffff:192.168.1.103]
Kommando:    USER zutgorak
Svar:    331 Password required for zutgorak
Kommando:    PASS ******
Svar:    230 User zutgorak logged in
Status:    Ansluten
Status:    Påbörjar hämtning av /home/zutgorak/haven/blogs.html
Kommando:    CWD /home/zutgorak/haven
Svar:    250 CWD command successful
Kommando:    PWD
Svar:    257 “/home/zutgorak/haven” is the current directory
Kommando:    TYPE I
Svar:    200 Type set to I
Kommando:    PORT 192,168,1,100,13,52
Svar:    200 PORT command successful
Kommando:    RETR blogs.html
Svar:    150 Opening BINARY mode data connection for blogs.html (6350 bytes)
Svar:    226 Transfer complete
Status:    Filöverföringen lyckades

Now, this is in swedish, but still, its easy to understand if you read FTP logs on a fairly regular basis.
Lets change this a little. Note that I use the same “movie” again in this log just to keep it consistent:

Status:    Ansluter till 192.168.1.103:21…
Status:    Anslutningen etablerad, väntar på välkomstmeddelande…
Svar:    220 ProFTPD 1.3.1 Server (Debian) [::ffff:192.168.1.103]
Kommando:    USER zutgorak
Svar:    331 Password required for zutgorak
Kommando:    PASS ******
Svar:    230 User zutgorak logged in
Kommando:    SYST
Svar:    215 UNIX Type: L8
Kommando:    FEAT
Svar:    211-Features:
Svar:     MDTM
Svar:     REST STREAM
Svar:     SIZE
Svar:    211 End
Status:    Ansluten
Status:    Hämtar kataloglistning…
Kommando:    PWD
Svar:    257 “/home/zutgorak” is the current directory
Kommando:    TYPE I
Svar:    200 Type set to I
Kommando:    PORT 192,168,1,100,13,44
Svar:    200 PORT command successful
Kommando:    LIST
Svar:    150 Opening ASCII mode data connection for file list
Svar:    226 Transfer complete
Status:    Kataloglistningen lyckades
Status:    Hämtar kataloglistning…
Kommando:    CWD moviez
Svar:    250 CWD command successful
Kommando:    PWD
Svar:    257 “/home/zutgorak/moviez” is the current directory
Kommando:    PORT 192,168,1,100,13,47
Svar:    200 PORT command successful
Kommando:    LIST
Svar:    150 Opening ASCII mode data connection for file list
Svar:    226 Transfer complete
Status:    Beräknar serverns tidzonsskillnad…
Kommando:    MDTM moviez
Svar:    213 20090515222120
Status:    Tidszonsskillnader: Servern: 0 sekunder. Lokalt: 7200 sekunder. Skillnad: 7200 sekunder.
Status:    Kataloglistningen lyckades
Status:    Ansluter till 192.168.1.103:21…
Status:    Anslutningen etablerad, väntar på välkomstmeddelande…
Svar:    220 ProFTPD 1.3.1 Server (Debian) [::ffff:192.168.1.103]
Kommando:    USER zutgorak
Svar:    331 Password required for zutgorak
Kommando:    PASS ******
Svar:    230 User zutgorak logged in
Status:    Ansluten
Status:    Påbörjar hämtning av /home/zutgorak/moviez/Tropic Thunder [2008 DVD5 Retail].iso
Kommando:    CWD /home/zutgorak/moviez
Svar:    250 CWD command successful
Kommando:    PWD
Svar:    257 “/home/zutgorak/haven” is the current directory
Kommando:    TYPE I
Svar:    200 Type set to I
Kommando:    PORT 192,168,1,100,13,52
Svar:    200 PORT command successful
Kommando:    RETR Tropic Thunder [2008 DVD5 Retail].iso
Svar:    150 Opening BINARY mode data connection for Tropic Thunder [2008 DVD5 Retail].iso (41237278 kilobytes)
Svar:    226 Transfer complete
Status:    Filöverföringen lyckades

ponten

Henrik Ponte´n

What can we deduce of this then. Well, we can
deduce that digital evidence is wayto easy to
manipulate, and in my opinion should not be
valid in a court of law.
Back to the track, dont let me wander off now 🙂

What they could have done, and this could be
a possibility if the server owner was sloppy
and careless enough not to set maximum
errouneous tries to log on, but, just brute force
your way in using dictionaries and random keys.
It takes a while, a looong while, but hey, with
mulitple computers trying, you reduce the time
needed.

So, lets sum up a little, either they paid someone to get digital evidence
wich as I have shown you, are very easy to conterfeit, or they broke
into the server. Now, breaking into a server is also breaking the law.

Here is a little kicker. Henrik Ponte´n, the lawyer for
the swedish APB denies any allegations regarding
illegal methods of obtaining evidence, but refuses to
state how the actual gathering of proof has been conducted.
This in itself is really suspicious in my book but hey, I am not
a lawyer, so I am not really sure what to say about this.

andre

Andre´Rickardsson

However, when this case was known to the public,
a complaint was made stating that APB had hacked
their way into the system and the complaint was filed
by Andre´Rickardsson, a former cybercrime
investigator for the swedish security police.

Henril Ponte´n responded that those accusations was
groundless, but of course, refused to make it official on
how the evidence had been gathered.

Now, in an addition to the summons, from the 8th of
may, it is confirmed that the server in question was,
in fact password protected. Lending more credibility
to Rickardssons accusations. The same information
came from another addition from the Internet Service
Provider “Ephone” who had the server owner as a customer.

How far can a company go to gather evidence for their
own cause? Have companies overstepped the law repeatedly in gathering evidence in the matter of filesharing?

Well, I think so, but sofar, this is only speculation on my part and not hard facts.

Everyone is entitled to their own opinions and by Pete, you should be allowed to voice
them as long as they are not aimed to intentionally hurt anyone.

I will be following this case a little with a large interrest though.

Sarkozy, the enemy of the internet

by | May 14, 2009 | 0 comments

It appears that the French government has pulled something out of the blue
that really, really is cause for a second french revolution. At least in my book.

Here is the article: http://www.aftonbladet.se/nyheter/article5128913.ab

Hear me out here BEFORE you decide to bomb the comment block.
Filesharing is a pretty hot topic right now and has for some reason, become
a synonym with software and art piracy. Now, I am not really sure but
isn’t pretty much EVERYTHING on the internet filesharing? I mean,
you are reading this blog, that means you are downloading index.php
header.php, footer.php, bgbody.jpg and whatnot. So, what is said that
after 2 warnings, french filesharers will be disconnected from the net.

Now, Sweden is bad. I mean, really bad. We have private little armies
sifting through our fibres for any trace of illegal activity like filesharing
and then we have the government on TOP of that to listen in the cables
for possible occurance of terrorism. Oh, this reminds me, you dont have
to read the next 2 rows. Its just to piss people off.

Jihad, Allah, God, Sarine, VX, Gas, C4, Dynamite, Nitroglycerine, firing pin,
grenade, For the people, Revolution, Assassinate, Holy War, Arms shipment.

Sorry bout that. Just had to alert the authorities. I get such nice server logs
when I do that 😛

Ok, back to the french conundrum. Who will the french have decide what is
illegal filesharing? The french eqvivalent to RIAA? Oh yeaaaaah! that will be
great. 96 year old man who lives on yogurt alone and has been too spastic
to even write his name on a check will get warned twice for sharing the
latest of Insane Clown Posse and Blacknuss Allstars. Come on. Dont you
have better things to waste time on?

I am not gonna bring up the classic “you have bigger crimes to fish for” because
it really isnt doing any good. What I WILL bring up is that its really really REALLY
about time that we threw the companies out of the politics. If they are going
to continue their slaughter on free speech, free will and free thinking, sooner
or later George Orwell’s 1984 will become more of a reality then it already is.

I am saying more of a reality because in effect, Big Brother IS watching us
all already, registering our keystrokes, what websites we read and I wouldnt
be surprised if our sexual preferrences where the case for a lot of  laughs
in the secret archives. But if companies that wants to supress technology
and evolution keep buying politics like Sarkozy, Soon we wont be able
to bend over because when we do, someone will shove a microscope
up our rear end to see if we have eaten anything that was not grown
by GrainFarm(tm) because if we did, we are to be summarily executed.

Come on. Get real. Go outside, Sniff some fresh air.
Go lie down on a lawn somewhere for an hour and just watch
the sky. It is beautiful, and for a a little longer at least, copyright free.

Politics without solutions

by | Oct 22, 2008 | 0 comments

On what does one base an application for political
asylum? Think about it. Even globally, software and
hardware downloads are increasing, and the companies
that hunts them are being more and more ruthless

What REALLY scares me is that the governments makes
more and more laws that are digging in deep into
the integrity of their citizens just because of one
single thing. Money. The RIAA has got more funding
then a lot of countries has BNP, and still they are
claiming that they are not making enough. Fine.

Now just to make you a little view on why I am
fuming about money and the record industry.

This month, there was a court session regarding
a very well known artist. Björn Ulvaeus, one of
the men in the once HUGE band ABBA. Now, he
has on numerous occasions thundered in media regarding
the shameful acts of downloading songs, because that
is stealing money from him. Ok, I can see why
he would be a little miffed. Im not sure that he
gets that much per song, but seeing how big
ABBA used to be, there has to have been a lot
of downloads that he hasnt gotten the royalties
for. That might be a few 100 thousand SEK.

BUT here comes the kicker. He got an 85 MILLION
SEK TAX REFUND! 85 frigging millions is a lot more
then he would ever be able to spend if he just
saved it. I mean, seriously. The interrest alone
is a lot more from any bank then what a standard
student/wageslave does in a year.

So, ok. jealousy is not a commendable trait, I know
that but I will never ever even get HALF of what
this man got as a tax refund, much less in savings.
Is it so wrong of me to enjoy art in various ways,
to be able to listen, hear and feel the feelings
that he once tried to give the world anew?

Musicians starts with music for pretty much 3 reasons
1. The money
2. Share the art
3. Become famous.

But for some reason, when they achieved number 3
the first takes precedence and becomes all compassing.
They are famous and richer then trolls sleeping on troves
of gold, yet they grasp for more. Jealousy isn’t a commendable
trait, but Greed is one of the seven deadly sins.

Now the world is coming to : You want beauty, you need cash
You aint got cash, you aint getting art.

So now I want to ask political asylum from whatever nation
doesnt dance to the tunes of the lobbyists that wants to
restrain entertainment and art so hard that it chokes
on the money that they cant digest.

Do you know who this is?

by | Jun 19, 2008 | 0 comments

Camilla LindbergThis my friends is a new fav of
mine. Her name is
Camilla Lindberg
And she was one of those
who voted No on the FRA
proposal. Sadly, the scores
to the right of her tells us
a story of defeat for the personal integrity and a victory
for the swedish government to
snoop around in our private mails that goes abroad, all chat connections
that isnt within sweden (and to be honest, that would be NONE since I dont know
of a swedish IM client) and they will store that data. Now, lets see how long
it takes for the FRA to get hacked and get information leaked out to the general
public. My hope is that it is VERY soon so that they understand that they will
be having a ticking bomb in their hands. Also, I am actually considering to
apply for political asylum in another nation such as Norway on the fact
that the government is “having me under constant surveillance despite
the fact that I havent done anything criminal and this is causing me severe
mental problems related to stress, wich may turn into psychosomatic health
problems.”

Do you think thats doable?

Anyhow, this Camilla Lindberg, although being from the right wing and I am not
has earned my respect. She went against the flow of her own party and voted
from her heart, every single flower and every single thank-you mail she has
got, she definetly deserves. My hat is off for you Camilla, and for the rest of you
that voted yes on the bill, I sincerely and utterly hope that all your personal
surfing habits, how dirty they may be, and your cyberaffairs gets to be public
knowledge soon.

-Z-