Google Hacked the 'Skeptical Science' Website

Worst damage control ever?

Guest essay by Brandon Schollenberger

Despite my joking comments about having mad haxor skillz being a source of amusement for many people, it appears some people actually believe I hacked the Skeptical Science forum’s website. Rob Honeycutt, a key team member at Skeptical Science, has referred to my actions, saying things like:

“Back door” was used by me as a metaphor. Hack = “To break into comp sys with malicious intent.” An easy hack is still a hack.

when did theft become legal?

When Shub Niggurath expressed his disbelief at my actions being called hacking, Honeycutt explicitly said it was hacking:

Yes, accessing involved effort and some determination to filter thru 1000’s of images 2 locate 1s that cld be taken out context.

Clearly, Rob Honeycutt claims my “effort” to find this directory was hacking. The problem for Honeycutt is Google used the exact same process.

It crawled and saved a cached version of that directory.

SKS_forum_google_cache

That means, according to Rob Honeycutt, Google hacked Skeptical Science!

And according to Honeycutt, that makes Google dumb:

dumb_zps70081796[2]

Personally, I disagree. I think the only person who was “dumb enough to publicly expose private files” was John Cook for configuring his server to have “private files” displayed in a public directory. It seems to me Honeycutt is damning his own team with his comments. And he really nails them in the follow-up exchange:

Priceless_zps4d11ebf1[1]

If you look at this Skeptical Science post. That post currently links directly to six stolen documents. Those documents were illicitly obtained by Peter Gleick, and Skeptical Science happily promotes their dissemination. According to Rob Honeycutt, that is dumb and unethical.

Google hacked Skeptical Science. Skeptical Science was unethical in disseminating files Peter Gleick illicitly obtained. John Cook was “dumb enough to publicly expose private files.” That’s what Rob Honeycutt has basically said. And that’s pretty much all anyone at Skeptical Science is saying about their Nazi images.

UPDATE: Lucia has an interesting discussion of the issue here: http://rankexploits.com/musings/2013/the-sks-nazi-images-thoughts-on-fair-use/

Advertisements

  Subscribe  
newest oldest most voted
Notify of
magilson

I remember when I didn’t understand how the internet worked.

David, UK

They’re peed off because their likely scam (to fabricate a supposed ad hom attack from sceptics by use of the pics) was foiled. I can’t think of any other reason for them making the pics in the first place.

M Courtney

Yes, this guy is a talkative idiot.
But did he answer the one question that no-one can fathom?
Why did John Cook allow himself to be portrayed in Nuremburg Rally style?
I mean, why would anyone not just delete the pics and kick the bottom of the bloke who made the images?
It’s weird.

Chris B

It appears that R. Honeycutt is a pure propagandist, and should be treated as such. It seems that very little thought goes into the rationality of what he says, before, or after, he says it.

Well, the Nazi imagery looks more and more appropriate each day.

Reblogged this on Climate Ponderings.

Latitude

…why is this sounding more and more like our current government

CodeTech

If it’s in a publicly accessible directory, and it’s crawlable, there can be absolutely no expectation of privacy. The analogy I’d use is a public figure walking around naked in front of the windows, then complaining that the media is publishing pictures of it.
Besides, nobody actually cares. I’m more amused by their inability to comprehend how their web server works than the childish images they had in there.

Mark Nutley

So what was their excuse for the Nazi pics anyway?

OldWeirdHarold

Maybe somebody needs to ‘splain robots.txt to these guys. Yeah, if you don’t tell the spiders they aren’t welcome, they make themselves at home even if they’re the only ones who ever visit your site.

But none of these images were “private files”.
All these images were placed in a public directory (as evidenced by the fact that a person could simply go to the right URL an view them, without a password or anything).
All these public images were linked from a public web page (see screenshot above).
There was no notice to search engines saying that they were not supposed to look (using robots.txt) at these public files or the public web page linking to them.
There was no notice to people saying that they were not supposed to look at these public files or the public web page linking to them.
How was anybody supposed to know that despite all this publishing to the public, that they were intended to be private? Telepathy?
Complaining about these public files is like parading in fancy dress inthe street with a neon sign saying “look at me”, then allowing national media (newspapers etc) to show pictures of the event, and only after all that complaining people weren’t supposed to look at your “private” antics.

Some context on what goes on in that forum (also found through an open public access to their forum) is discussed here:
http://wattsupwiththat.com/2012/09/15/we-need-a-conspiracy-to-save-humanity/

geek49203

IF you publish it to a live, public spot, it is fair game. “Security through obscurity” is NOT a security method. Simply pulling up a directory is NOT a “hack” and I can’t imagine that it would pass a laugh test in court.
Having said that — wanna bet that the AGW alarmists are probing sites like this to find that file that says, “Exxon and BP are sending us a big check to publish their latest planted scientific-looking graph”? Cause you KNOW they are. Heck, betting they’d PLANT it, then wait for another leftist hacker to find it! Ask people on the Right who have had their email hacked how the Left operates. Obama’s data collection in the last 2 elections borders on “very damned spooky” and I have to wonder where that data really came from (*cough*NSA*cough*).

cynical_scientist

In my opinion the SKS people should be thankful that these images came to light now. People with no real concept of internet security shouldn’t be planning things like “false flag operations”, if that is indeed what they were planning.
If these images had been fired in anger just how long do you think it would have been before they were traced back to SKS and nailed embarrassingly to their door. I would give it less than a day. Look at how long it took before Gleick was identified.
The premature discovery leaves room for the SKS people to claim uncertainty as to what exactly the images were intended for. Perhaps they were not planning to use them to try to discredit skeptics. Maybe they just have a bit of a strange nazi fetish.

David L. Hagen

Ancient standards applied: Proverbs 6:31 NIV

“Yet if he is caught, he must pay sevenfold, though it costs him all the wealth of his house.”

Mark Bofill

You’d think a bunch of propagandists like the folks at SkS would have the sense to keep quiet about this so it’d blow over. The more they talk about it the longer they keep it alive and current in people’s minds. But nothing these guys do really surprises me anymore.

Frosty

I’ve worked in IT since the mid 80’s. In no way was what Anthony did any kind of hack. All the software, though poorly configured, was behaving exactly as configured. No attempt was made to compromise accounts/passwords. No attempt was made to subvert the normal operation of any system. He just accessed it. As a previous poster just pointed out, obscurity is not security. Obscurity is a valid strategy as part of an overall security policy, but if its the only arrow in your quiver then you clearly don’t have a clue.

Rud Istvan

Other than the possibility of brewing a false flag attack, it is incomprehensible. But then so is SkS general attempt to defend the indefensible, whether climate science itself, or their 97% consensus about it that Brandon helped expose elsewhere.
The SkS crowd should learn to follow Churchill’s advice that it is better to remain silent and be thought a fool than to speak and remove all doubt.
Good show, Brandon. Enjoying it.

I recently attended a seminar of a renowned security expert (one of the top 15 in the world). over 90% of “hacking” is social engineering. Basically what Gleick did. He never mentioned web crawlers as a source of hacking.

John W. Garrett

The Scott Mandias and the Gorebots are out on climate patrol every day at NPR. Every now and then, a little reality intrudes:
http://www.npr.org/2013/08/06/209462713/earth-scientists-pin-climate-change-squarely-on-humanity#comment-999212978

john robertson

R Honeycutt? Was that not a character in Asimov’s robot series?
I love this clowns, whatever his real name is, logic.
If he does it, it is A Ok.
If it is done to him, it is a low dishonest blow, by evil people.
Sounds like a product of our public school system for sure.
This ethical disconnect is the trait of a cult,in a collective of weak minded people, like the “cause”, the chosen ones are automatically given a pass, but any who doubt are evil by definition.
Brings to mind the old joke of a man so crooked, that he cannot walk straight.

M Courtney

From the link that Antony Watts just posted:

Our ‘side’ has got to get professional, ASAP. We don’t need to blog. We need to network. Every single blog, organisation, movement is like a platoon in an army. ..This has a lot of similarities to the Vietnam War….And the skeptics are the Viet Cong… Not fighting like ‘Gentlemen’ at all. And the mainstream guys like Gleick don’t know how to deal with this. Queensberry Rules rather than biting and gouging.
..So, either Mother Nature deigns to give the world a terrifying wake up call. Or people like us have to build the greatest guerilla force in human history. Now. Because time is up…Someone needs to convene a council of war of the major environmental movements, blogs, institutes etc. In a smoke filled room (OK, an incense filled room) we need a conspiracy to save humanity.

Crazy? Perhaps. But note:
either Mother Nature deigns to give the world a terrifying wake up call. Or people like us have to build the greatest guerilla force in human history, sic.
Well, the world didn’t work like they guessed it would. So they are committed to guerrilla warfare in the sphere of public thought.
If Gleick was weak in their eyes then morality has been jettisoned. Theft, deceit and fraud is OK for The Cause.
Their cause is beyond good and evil in their eyes.
But only their eyes.
At least, my insight into their psychology is that they are not beyond merely failing to be good.

rabbit

If I understand this, Honeycutt is arguing that accessing files in the normal manner from a public web site is unethical if the owner of the web site did not intend to make those files public.
I guess the theory is that you don’t have the right to enter a stranger’s house even if he leaves the front door unlocked. Such a theory might find support if there was a good reason for a web surfer to think those files were never intended to be made public. Was there any such reason? I can’t imagine what it might even be.

Look, we can’t expect “progressive” climate alarmists to live up to the standards of conduct they expect from others. They don’t have any standards. Their mantra is “no rules, only results”. So in their minds, the end justifies the means no matter what the means.
We are not dealing with what we would consider normally adjusted people here. We are dealing with people who have a profound sense of entitlement and “noble cause” corruption runs rampant through these circles. They believe that unethical behavior is justified if it is for the advancement of what they see as a noble goal.
Basically, they are about as emotionally mature as your average 8 year old, so behavior such as this does not surprise me. They play many of the same social games that kids on an elementary playground do. If you don’t “believe” in their theories, then you have “cooties”.

ARW

Honeycutt…”Yes, accessing involved effort and some determination to filter thru 1000′s of images 2 locate 1s that cld be taken out context.”
If they were taken out of context, please put them in context. I really want to know in what context they should be taken.
There may be a completely rational explanation for wanting to be portrayed that way, so yes, the correct “context” would help me out here and probably prolong my enjoyment of this peek into the minds of the chosen ones.

kim

‘and the skeptics are the Vietcong…..not fighting like gentlemen at all’.
If you don’t hear from me again, it’s because I died laughing.
====================

Mike Smith

Oh man. The gift that keeps on giving.

Greg

“Yes, accessing involved effort and some determination to filter thru 1000′s of images 2 locate 1s that cld be taken out context.”
Oh, the old “out of context” ploy again.
Perhaps Rob Honeycutt can provide us with the “context” to correctly understand these images.
That would be really interesting to see.

Kev-in-Uk

Sorry, but in relation to SkS and their behaviour on this issue, only one word seems to fit – Jerks !

Lil Fella from OZ

Don’t overlook the fact that there are several rule books by which they play. They simply use the one which is most convenient at the time. We call is shifting the goal posts.

Clearly two sets of rules. Actually, it’s worse than that. What’s perfectly legit is seen as unethical if we do it (glancing through a public directory), and what’s outright criminal legally (Gleick = theft and forgery) is seen as perfectly fine and dandy as it’s an attempt to further the Cause.
I used to think there were some wool-over-the-eyes issues with the CAGW crowd, but it’s looking more and more as though they are wilfully obtuse as they continue to present such discrepancies and imbalances as innocent or, worse, justified.
As for the uniforms they adopted… I don’t know. I the creepy feeling this is how they see themselves – the Master Race.

baileyt

The irony of the pictures and them being upset about the old acronym is hilarious. Can we go back to referring to SkS simply as SS now? Somehow it seems apropos.

DirkH

Have patience with Rob. He is a maker of purses and knows nothing of technology.

DirkH

“Honeycutt…”Yes, accessing involved effort and some determination to filter thru 1000′s of images 2 locate 1s that cld be taken out context.””
Rob; don’t name your images “tankboy”. EVERYONE clicks on that.

James Smyth

When you GET/POST, you are effectively asking for, and receiving an official response to a request. You aren’t just reaching in and stealing something.
Or maybe it’s a bit like knocking and having someone come to the door. Whereas what Zuckerberg did to hack Harvard Crimson accounts (vis a vis using the identical passwords that the users stored in his Facebook database) is like copying someone’s keys and gaining access.
There are some blurry lines in the world of hacking, but this is not one of them.

OldWeirdHarold

“Yes, accessing involved effort and some determination to filter thru 1000′s of images 2 locate 1s that cld be taken out context.”
Fortunately, you 5uxorz pointed right to them by placing them in a directory called a11g0n3.

James Smyth

HTTP GET/POST, that is.

James Smyth

“I guess the theory is that you don’t have the right to enter a stranger’s house even if he leaves the front door unlocked. ”
No, that’s a bad analogy. HTTP access is a request/response paradigm.

M. Nichopolis

What’s that mom? Nazi files? Why did Dad find that I have pictures of me and my playmates dressed as nazis?
Oh wait, Ma! Dad is a sneaky spy, that’s the real issue here! Let’s punish dad for noticing my nazi pictures that I left on the top of my desk! That’s really the problem here ma, really, not that I’m into nazis, stink of saurkraut, and walk with really stiff legs lately! So let’s straighten Dad out — no more looking at stuff I leave around in plain sight. Yavoltz?

DirkH

James Smyth says:
August 13, 2013 at 2:19 pm
““I guess the theory is that you don’t have the right to enter a stranger’s house even if he leaves the front door unlocked. ”
No, that’s a bad analogy. HTTP access is a request/response paradigm.”
A webserver is not some stranger’s house. A webserver is a shop that sells newspapers. It’s MADE for publishing stuff.
The theory is therefore that you don’t have the right to enter a stranger’s NEWSPAPER SHOP if he leaves the front door unlocked… Shopowners HATE it when customers enter, donchaknow!

EternalOptimist

I hate the fact that the words crawler, Cook, Nazi and ilicit have all managed to make sense in any sentance written in the English language

A curious thing is that Rob Honeycutt suggests we had to scan through “thousands” of images to find the handful of Nazi images.
He’s wrong on two counts; a visual simple scroll of the cached Google listing can spot them easily, see http://webcache.googleusercontent.com/search?q=cache:http://www.sksforum.org/images/user_uploaded/
…and by my count (copying the listing into MS Word and assigning line numbers to the document) there are 329 images, not thousands.

I guess that they somehow missed website admin 101 that states “Never post anything in a public file/folder that you wouldn’t be happy being splashed across the front page of the (Insert your national newspaper name here/billboards) . I said last week they needed a 14 year old to run the admin side. I wasn’t joking. These blokes don’t have a clue what they are doing. Which is very entertaining for the rest of us. There are a number of For Dummies book that they could have read that would have pointed them in the right direction re web admin and security.

sometimes, when I don’t want to sort through them all at once, & I have a certain nagging suspicion that the webmastur[sic] will suddenly lock access to the directory in question I’ll use the old friend:
$ wget --mirror http://www.sample-url.com/files/directory_i_want/
I suppose using the command line would be extremely criminal hacking, to some of these (not terribly sharp) tools.

Berényi Péter

Move along folks, nothing to see here. Extreme environmentalism is entirely consistent with nazism.

kevinm

Mark: “You’d think a bunch of propagandists like the folks at SkS would have the sense to keep quiet about this so it’d blow over.”
Are they propogandists selling a message, or are they attention startved boys selling themselves?
I believe they did not destroy the images on discovery because they were proud of their craftsmanship, and happy that someone was looking at them.
See it all the time when someone accomplishes a work task that could be reported in a conversation with one person. It will be reported in a reply-all instead, possibly as a powerpoint.

Greg

“Perhaps they were not planning to use them to try to discredit skeptics. Maybe they just have a bit of a strange nazi fetish.”
I don’t think they have the collective brains to organise a black flag op. Jeez, they can’t even run a web server and get it right!
Nazi fetish, I doubt. More likely they think Nazis were tough and ruthless and devastatingly effective (for a while). Not having any moral constraints on how they take over the world probably appeals too.
They seem rather confused as to what role they wish to play in all these pseudo-military metaphors but they long to be tough (and effective).
In short they are the most pathetic bunch of losers imaginable.
That’s the missing “context”. No black flags, there’s nothing more complicated or confusing about it. Just a sorry bunch of jerks with high school mentalities.

thesdale

Golden rule of the Internet:
Never post anything you don’t want the entire world to know.

Merovign

Even if you were to accept the house metaphor instead of the shop metaphor, this isn’t like someone entering the house, this is like the residents taping pictures to the inside of the windows, facing out, and then being incensed that people walking by see the pictures.
Even worse, people are *thinking* about those pictures and their context, which is like evil horrible denier behavior.

g3ellis

RH is an idiot. A) Posted on an open server. B) the robots.txt tells all web crawlers not to read comments.php. No other files requested to be denied.
User-agent: *
Disallow: comments.php
I hate hypocrites.