Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

CTunnel and the Palin breach

It seems like everyone and there twin sisters first cousin is blogging about the breach of Palin’s email accounts. I’ve resisted so far, but wanted to touch on the latest report from the BBC that says that FBI agents are investigation the breach. As part of the news story the use of the CTunnel tool was mentioned as the anonymous proxy service used by the “hacker”. It seems that the FBI is seeking records from the people behind CTunnel in connection to the investigation.

After a quick look at the CTunnel website, I found the following text in reference to the CTunnel logging and retention of data.

“Because our visitors value their privacy, it is not in our interests to spy on you, lest we lose traffic and advertising revenue. Because government subpenoa could require us to hand over our server access logs, access logs are regularly deleted to protect your privacy. In short, we value your browsing experience as well as your anonymity, and would not do anything to break your trust in us.”

It’s not specific from this what “regularly” means, and it will be interesting to see what legal ramifications come from the use of CTunnel in this breach. If the people behind CTunnel are forced to provide all logs related to the breach, I can see people moving away from the service for fear of future privacy issues. I would be much more comfortable if CTunnel had a specific written policy that details things a little better than just “regularly”. However I’m not a customer of the service, so it’s not for me to say. However if CTunnel truly “value your browsing experience as well as your anonymity” then I’d hope they have better in-house policies than the badly worded ones listed on their website.

I guess we’ll have to watch this one as it unfolds.

14 responses to “CTunnel and the Palin breach

  1. Chris Riley September 21, 2008 at 14:33

    Using proxy services such as CTunnel isn’t a free pass to hack who and what you want. I think your policies prove that, and hopefully the logs will prove useful to authorities.

    Now that the *supposed* identity of the hacker is known as Rubico10 (real name David Kernell), I wish you luck with the 80 gigabytes of logs you needed to filter in order to confirm the facts of the case. That’s a lot of grepping to do…

  2. lpgrant September 21, 2008 at 17:59

    I wish we took privacy seriously. I fill out a lot of paperwork – dentist, doctors, work, etc… but pretty much at every other meeting I’m in email is being brought in as evidence of one thing or another. And even though it feels creepy, the ‘bosses’ can take over my machine, view my machine, read anything on my computer, anytime he or she feels like it. Privacy – it is kind of like believing in social security. It is a nice thought.

  3. In Egg, Ma September 22, 2008 at 23:42

    This story will give you an idea of how badly he fails to live up to his claims that he wouldn’t knowingly or willingly volunteer information. He downloaded them to the FBI upon a simple request… no subpoena. He says he might even be able to find out for the FBI who it is. He’s not just giving up the logs… HE’S HELPING THEM TRACK THE GUY DOWN! Also, apparently he doesn’t delete his logs with enough frequency to be effective.

    NOTE: I don’t condone hacking and this guy deserves to get caught, busted and hit hard by the judge. And no, I’m not a Sarah Palin, fan… I’m voting Obama. My point here is that Ramuglia’s claims that protecting your privacy is in his own best interest are betrayed by how willingly he becomes a government bloodhound to track you down.

    http://elections.foxnews.com/2008/09/22/warrant-served-on-residence-of-college-student-in-palin-e-mail-hack/

    Here’s an excerpt of the pertinent stuff.

    The hacker who compromised Palin’s account used Ctunnel.com, an Internet proxy site, which renders Web users anonymous, to get into Palin’s e-mail. The site is run by Gabriel Ramuglia, 25, a Web developer from Athens, Ga., who said the hacker left behind revealing clues after posting screen grabs of Palin’s inbox.

    Ramuglia said he saw the screenshots and recognized his site. He is now working with the FBI to provide agents with his business logs to help identify the criminal.

    “I should be able to find out who is involved by going through my logs,” he said. “The FBI called me last night and they wanted to know that the logs weren’t deleted — as long as they weren’t deleted — and they asked me to help, so I’m downloading them.”

    Ramuglia said the FBI told him they also reached out to Yahoo! to ask for help. The hope is that information from Yahoo! can be matched with something in the proxy site’s logs, identifying the hacker. The logs from both Ctunnel.com and Yahoo! were to be delivered to the FBI last week, Ramuglia said.

    “As long as they didn’t use a second proxy, I should be able to find them,” Ramuglia said. “I don’t think they were careful enough to do that.”

  4. Eric White September 23, 2008 at 11:07

    Gabriel Ramuglia of Athens, Georgia:

    You are a coward. I hope your business fails. Providing a service such as yours, and then rolling over like the bi**h that you are, is the sign of a real sack of crap. Your customers would be insane to stick with you after this.

  5. Chris Riley September 23, 2008 at 13:36

    @In Egg: I appreciate the link, but I think you’re being overly harsh on Mr Ramuglia. He’s simply responding to a request by providing logs that pertain to an illegal act. Sure it’s debatable if he should/shouldn’t wait for a legal form saying he has to, but do you really think that the FBI couldn’t produce such a document. Sometimes there’s no point in swimming against the tide, especially when your business is in the news for vacilitating the hack. Sometimes you need to do whats right and not what the other people on the internet tell you is right.

    @Eric White: I debated about approval of your message, but think that your message serves to prove that you can’t keep everyone happy. Everyones opinions are respected, but you should also step into Mr Ramuglia’s shoes for a few moments before giving harsh repsonses.

    The saga continues…

%d bloggers like this: