The latest Snowden docs have some great screenshots of the NSA-internal MediaWiki installation Snowden is alleged to have obtained a lot of his material from:
https://firstlook.org/theintercept/article/2014/02/18/snowden-docs-reveal-co...
Looks like a static HTML dump, as a few of the external extension images haven't loaded.
The last details on their technical infrastructure indicated that Snowden used "web crawler" (love the quotes) software to obtain information from their internal wiki:
http://www.nytimes.com/2014/02/09/us/snowden-used-low-cost-tool-to-best-nsa....
What's not mentioned in the NYT piece is that their MediaWiki instance likely didn't have any read-only ACLs set up, or if they did they were buggy (are any of the third-party ACL extensions good?) -- which was perhaps one reason why Snowden was able to access the entire site once he had any access at all?
"If you actually need fancy read restrictions to keep some of your own people from reading each others' writing, MediaWiki is not the right software for you." -brion.
..like, if you're a nation-state's intelligence agency, or something :P
I think it's fascinating that this technical decision[1] by the MediaWiki team long ago may have had such an impact on the world! And much more fascinating that the NSA folks may not have read the docs.
-Philip
1. http://www.mediawiki.org/wiki/Manual:Preventing_access#Restrict_viewing_of_c...
On 2/18/14, Philip Neustrom philip@localwiki.org wrote:
The latest Snowden docs have some great screenshots of the NSA-internal MediaWiki installation Snowden is alleged to have obtained a lot of his material from:
https://firstlook.org/theintercept/article/2014/02/18/snowden-docs-reveal-co...
Looks like a static HTML dump, as a few of the external extension images haven't loaded.
The last details on their technical infrastructure indicated that Snowden used "web crawler" (love the quotes) software to obtain information from their internal wiki:
http://www.nytimes.com/2014/02/09/us/snowden-used-low-cost-tool-to-best-nsa....
What's not mentioned in the NYT piece is that their MediaWiki instance likely didn't have any read-only ACLs set up, or if they did they were buggy (are any of the third-party ACL extensions good?) -- which was perhaps one reason why Snowden was able to access the entire site once he had any access at all?
"If you actually need fancy read restrictions to keep some of your own people from reading each others' writing, MediaWiki is not the right software for you." -brion.
..like, if you're a nation-state's intelligence agency, or something :P
I think it's fascinating that this technical decision[1] by the MediaWiki team long ago may have had such an impact on the world! And much more fascinating that the NSA folks may not have read the docs.
-Philip
http://www.mediawiki.org/wiki/Manual:Preventing_access#Restrict_viewing_of_c... _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
I think its safe to say, that if the NSA wanted to design a secure ACL system for MediaWiki, they are more than capable of doing so. (That said, they also know enough that a system like mediawiki is inappropriate for keeping data with different levels of classification separate, and would either use separate wikis for different classification levels or a different tool).
Of course its hard to know what Snowden did and did not do (Especially when the reporting includes such useless nuggets like "But experts say they may well have been downloaded not by him but by the program acting on his behalf." which make you wonder if these reporters have ever used a computer). The coverage I've read so far seems to suggest that he had legitimate access to the data and didn't exploit implementation details of the security system (Well the technical implementation. Arguably he exploited implementation weaknesses in the social structure that made him a trusted entity in the system with no checks against mass downloading). But again, who knows what really happened.
--bawolff
On 18 February 2014 07:45, Brian Wolff bawolff@gmail.com wrote:
I think its safe to say, that if the NSA wanted to design a secure ACL system for MediaWiki, they are more than capable of doing so. (That said, they also know enough that a system like mediawiki is inappropriate for keeping data with different levels of classification separate, and would either use separate wikis for different classification levels or a different tool).
I note they didn't choose Confluence over MediaWiki. ACLs are supposedly a popular tick-box feature of Confluence ...
- d.
On 18 February 2014 07:45, Brian Wolff bawolff@gmail.com wrote:
...
The coverage I've read so far seems to suggest
that he had legitimate access to the data and didn't exploit implementation details of the security system (Well the technical implementation. Arguably he exploited implementation weaknesses in the social structure that made him a trusted entity in the system with no checks against mass downloading). But again, who knows what really happened.
--bawolff
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
This is the impression I had as well. Snowden's been described in various reports as a sysadmin, and supposedly had "top secret" clearance.
As for the software, we already know about Intellipedia (intelligence community) [1], Bureaupedia (FBI) [2], and Diplopedia (State Department) [3] - all apparently using MediaWiki. So it doesn't surprise me that the NSA are using it too.
Pete / the wub
[1] https://en.wikipedia.org/wiki/Intellipedia [2] https://en.wikipedia.org/wiki/Bureaupedia [3] https://en.wikipedia.org/wiki/Diplopedia
Le 18/02/2014 08:18, Philip Neustrom a écrit :
The last details on their technical infrastructure indicated that Snowden used "web crawler" (love the quotes) software to obtain information from their internal wiki:
http://www.nytimes.com/2014/02/09/us/snowden-used-low-cost-tool-to-best-nsa....
Hello,
From a usability point of view, I am wondering why he had to rely on a
web crawler to export the whole Wiki as HTML. For those wondering, you could use:
https://www.mediawiki.org/wiki/Extension:DumpHTML maintenance script which generate a HTML version of your wiki for archival purposes
https://www.mediawiki.org/wiki/Extension:Pdf_Book to assemble articles in a single document export as PDF.
MediaWiki has Special:Export, but it only export Wikitext.
cheers,
On 18 February 2014 20:41, Antoine Musso hashar+wmf@free.fr wrote:
Le 18/02/2014 08:18, Philip Neustrom a écrit :
The last details on their technical infrastructure indicated that Snowden used "web crawler" (love the quotes) software to obtain information from their internal wiki:
http://www.nytimes.com/2014/02/09/us/snowden-used-low-cost-tool-to-best-nsa....
Hello,
From a usability point of view, I am wondering why he had to rely on a web crawler to export the whole Wiki as HTML. For those wondering, you could use:
https://www.mediawiki.org/wiki/Extension:DumpHTML maintenance script which generate a HTML version of your wiki for archival purposes
https://www.mediawiki.org/wiki/Extension:Pdf_Book to assemble articles in a single document export as PDF.
MediaWiki has Special:Export, but it only export Wikitext.
cheers,
Because all the articles are just speculation?
On 18.02.2014, 14:51 K. wrote:
On 18 February 2014 20:41, Antoine Musso hashar+wmf@free.fr wrote:
From a usability point of view, I am wondering why he had to rely on a web crawler to export the whole Wiki as HTML. For those wondering, you could use:
https://www.mediawiki.org/wiki/Extension:DumpHTML maintenance script which generate a HTML version of your wiki for archival purposes
https://www.mediawiki.org/wiki/Extension:Pdf_Book to assemble articles in a single document export as PDF.
MediaWiki has Special:Export, but it only export Wikitext.
cheers,
Because all the articles are just speculation?
Because he wasn't a sysadmin of that wiki?
On Mon, Feb 17, 2014 at 11:18 PM, Philip Neustrom philip@localwiki.orgwrote:
The latest Snowden docs have some great screenshots of the NSA-internal MediaWiki installation Snowden is alleged to have obtained a lot of his material from:
https://firstlook.org/theintercept/article/2014/02/18/snowden-docs-reveal-co...
Looks like a static HTML dump, as a few of the external extension images haven't loaded.
The last details on their technical infrastructure indicated that Snowden used "web crawler" (love the quotes) software to obtain information from their internal wiki:
http://www.nytimes.com/2014/02/09/us/snowden-used-low-cost-tool-to-best-nsa....
What's not mentioned in the NYT piece is that their MediaWiki instance likely didn't have any read-only ACLs set up, or if they did they were buggy (are any of the third-party ACL extensions good?) -- which was perhaps one reason why Snowden was able to access the entire site once he had any access at all?
"If you actually need fancy read restrictions to keep some of your own people from reading each others' writing, MediaWiki is not the right software for you." -brion.
..like, if you're a nation-state's intelligence agency, or something :P
I think it's fascinating that this technical decision[1] by the MediaWiki team long ago may have had such an impact on the world! And much more fascinating that the NSA folks may not have read the docs.
There's a good article about this on the Washington Post web site (< http://www.washingtonpost.com/blogs/monkey-cage/wp/2014/02/10/how-the-911-co...). The author argues that the choice of software that facilitates discovery and collaboration was deliberate, motivated by the 9/11 Commission Report, which attributed intelligence failures to lack of effective knowledge-sharing in the intelligence community.
wikitech-l@lists.wikimedia.org