Guest essay by Brandon Schollenberger
I’ve got mad haxor skillz. I’m a l33t hacker paid by evil organizations and shadowy conglomerates. That’s how I found Skeptical Science’s secret stash of Nazi fantasies. Or so some would have you believe. One commenter at Judith Curry’s blog said:
It may be that Anthony/WUWT did not know that WUWT’s “anonymous” contributor was probing the SkS website for vulnerabilities using professional-grade hacking techniques and/or software tools.
Given the shocking nature of my discovery, I figure people might be curious how I came about it. Was it via some l33t haxor skillz? Was it because of some professional grade hacking? Was I perhaps paid by someone to break into a secure site and extract incriminating photos?
No. It was much simpler than that.
It all began when I read a post on Skeptical Science’s website. I read the post, and I was curious. Naturally, I decided to click on a few links. That’s when I came across this link:
http://www.sksforum.org/redirect.php?t=11065&u=http%3A%2F%2Fwww.ncdc.noaa.gov%2Fcag%2F
As you can guess by the word “redirect,” the link went to the NCDC website. It just went there via www.sksforum.org. That’s when I first learned of www.sksforum.org. I didn’t expect anything from the site, but I decided to visit it anyway. When I did I did, I saw a banner at the top that was obvious an image file. I checked the URL for the image, finding it was hosted in the directory: http://www.sksforum.org/images/. I found the Nazi imagery when I went to that URL and clicked on a subdirectory (user_uploaded).
That’s it. I got intrigued by a link I saw on an SkS post, and I followed a couple links I found from it. My l33t haxor skillz amounted to nothing more than being able to follow a few links. But that’s not where the story ends. When I went to write about how I came across the Nazi roleplaying, I found I couldn’t find the links I had originally used. Why is that? Skeptical Science deleted the post.
That’s right. SkS deleted a post they had written simply because it inadvertently included links that exposed their private forum’s location. Google has a cached verison of the post, but without that, there’d be no record of its existence. Rather than just fix the links for the post, SkS deleted it in its entirely to cover up the existence of their forum. That’s how desperate they are when it comes to PR – They’d rather delete an entire post than address a minor mistake.
Author’s Note: To be clear, I was not an “anonymous” contributor. I made no attempt to hide my identity. Anthony Watts decided not to post my name simply because, at the time, I had not told him I was okay with being identified. It was simply a courtesy.
Moreover, I am trained in network security. I know a fair amount about hacking. I don’t believe in engaging in it, and I would happily help any blogger with security issues. Upon first discovering this directory, I intended to contact John Cook to inform him of the problem.
I only “went public” with my discovery after seeing SkS’s Photoshopped images of their critics. I appreciate privacy, but I feel no obligation to hide my knowledge of inappropriate behavior
That said, if you feel I’ve engaged in professional-grade hacking, feel free to contact me about potential jobs. I’d happily take your money to browse some URLs.
=============================================================
Yes, Brandon’s description is true, it was all out in the open as I’m sure many WUWT readers also discovered. I simply didn’t use his name in the original essay because he hadn’t used the typical “submit story” route for WUWT, which automatically applies permission to include your name as part of the publication agreement, and given the lunacy over there at SkS, I didn’t know if he was concerned about retaliation. He brought the issue to my attention later in the day, and I amended the post to include his name.
And, in case you have not seen it, this is worth a look – Anthony
This is clearly a coverup by WuWT. Brandom is clearly a CIA/KGB/OSI triple agent with 60 years of computer cracking training not to mention another 50 years of experience. He is also clearly fund by fossil fuel companies. This is duh facts.
Brandon,
Has Putin offered you asylum in Russia yet? You are posting this from someplace in China, right?
You can run from the SkS but you can’t hide!
/sarc
Dumb jokes aside, interesting article. I’d have thought Cook to be a more competent webmaster what with the twitterbots and all.
Oh dear. I possess all those hacker skills and all for the same reason. I suppose my arrest and incarceration is imminent. Ah well — it’s been a good life — a few years in a cell is not the end of the world. As long as Drillbit Dana is nowhere near my cell…
Got my name wrong — someday I cain’t do nuttin right…
8173 1
Well as I said — I possess all the same hacking skills — likely I too will end up in a jail cell.
Hopefully Drillbit Dana will be in another block!
I host websites and provide other online services for a living (augmenting my retirement). It is a wholly owned business that I alone built (ignoring Obama’s spontifications that suggest otherwise). It is successful because I make sure my customers are not exposed to this kind of casual browsing. (I have been in the dot com industry since before it was an industry, before the web, before DNS, even, and have been in the employ of a number of very large and prominent dot coms.) It is nothing but casual browsing that reveals the bulk of this kind of webspace error. Anyone can stumble onto this kind of site management error without having any bad intentions. It is a fact that has existed from the day the first web site was created and is why there are so many tools to prevent it.
This was nothing but operator error and that error grew as the day went on. The pathetic attempt to defeat casual browsing by creating the “allgon3” folder was doomed for the same reason the original images directory was exposed. The server was allowed to auto-index the parent directory and all subdirectories and it cheerfully did so, revealing the allgon3 directory and its contents. This auto-index capability is frequently the default for some web servers, and it was once considered a useful feature – those trusting days are long gone, but the capability lingers on.
If you are going to offer content on the internet via a web server you need expertise for basic security as a minimum, even if you have to pay for it.
As a sidebar, I am aware of at least one person who was successfully sued for opening a public link and then manually shortening the URL path in his browser so see what was upstream. I was stunned to learn this was deemed a crime. I’ll see if I can relocate that story as there are consequences for this seeming innocent activity.
That comment would have been by Afomod. A strange fellow, and not all there. But thanks for the explanation. Most “hacks” are not really hacks, but sloppy security.
Mornington Crescent!
The UK computer misuse act:
1 Unauthorised access to computer material.E+W+S+N.I
(1)A person is guilty of an offence if—
(a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer [F1, or to enable any such access to be secured]F1 ;
(b)the access he intends to secure [F2, or to enable to be secured,]F2 is unauthorised; and
(c)he knows at the time when he causes the computer to perform the function that that is the case
(2)The intent a person has to have to commit an offence under this section need not be directed at—
(a)any particular program or data;
(b)a program or data of any particular kind; or
(c)a program or data held in any particular computer
[F3(3)A person guilty of an offence under this section shall be liable—
(a)on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;
(b)on summary conviction in Scotland, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both;
(c)on conviction on indictment, to imprisonment for a term not exceeding two years or to a fine or to both.]
————————-
So no passwords need be hacked no security breached. Simply to access unauthorised data is an offence!!!!
No get out clauses about its OK if its funny etc.
Re: “I read the post, and I was curious. Naturally, I decided to click on a few links. That’s when I came across this link:”
SkS denizens do not appear to have thought of that.
Since preschoolers are being trained in computer skills, I wonder if SkS could rise to that standard of expertise?
Looks like they’ve fixed the error and shut down their forum too?
It was wide open when I viewed the images the other day.
I was hoping Josh would have superimposed “Super Mandia” into the pic in front of Lord M so it would look complete. BTW, Mandia has better boots than the rest of you guys Anthony, LOL!
Those folks over at SkS are a bunch of ID-Ten-T’s!
(Let’s see if any of ’em can figure THAT out.)
No the forum’s still running.
There are even links there to Brandon’s photo cache and my Downfall video 😉
http://www.skepticalscience.com/fox-news-driving-climate-denial.html
(Posted by some unknown Italian sceptic)
Why would JC say that hacking tools, indeed ‘professional-grade’ tools, had been used?
I suspect it was more likely she was ‘told’ this by the Skidz, who once they found out the ‘hackers’ identity thought they could make some PR of their own?
Has JC been duped?
Afomod – who originated the “mad skills” thesis on climate etc – is a funny fellow. He’s got a kind of adjective Tourette’s.
dp says:
August 8, 2013 at 11:05 am
“…I am aware of at least one person who was successfully sued for opening a public link and then manually shortening the URL path in his browser so see what was upstream. I was stunned to learn this was deemed a crime.”
Wow. That is disturbing. Would like to know the legal reasoning behind that one, if you can find it.
Guys, do me a favor and don’t minimize my accomplishments here. I need to seem all awesome and amazing if I’m going to get funding from big oil!
Awesome Brandon! get your ticket to Moscow now! 😉
apologies – it wasn’t JC that had been duped but one of her commenters!
@Brandon
I guess ‘the mouse is mightier than the sword’ ? Will put a word in to my mates in Big Oil for you!
I’ve had a kind of Dr. Evil idea and that is to refer to web artifacts that demonstrate zombie characteristics be called “allgon3” so that this stupidity lives on. A zombie in its own right. For example – polar sea ice that should be gone. Here is a polor ice allgon3 image:
http://home.comcast.net/~ewerme/wuwt/cryo_compare.jpg
The models have claimed it, the hysterical scientists have assured us, the press has flogged the story of disappearing polar ice. So we obviously have zombie ice as seen in the allgon3 ice image. I give this image an allgon3 index of 10 on a scale of ten of things that won’t die.
Kivalina gets an allgon3 index of 0 as it definitely has no chance of becoming a zombie island and for no other reason than it is a barrier island and washing away is what they do. The Kivalina story, though, gets another allgon3 index rating of 10 for being a story that won’t die.
this is the same skill level as typing 80085 into a calculator.
Connecting four dots must seem like magic to those who cannot see obvious factual discrepancies in their chosen faith.
Otteryd says:
August 8, 2013 at 11:15 am
“Mornington Crescent!”
Very deep. I’m not sure that SkS would understand the rules of the game 😉