With donations against cancer, the Pr0gramm community has made cancer aid crash
t-online.deMan, this is a complicated story. The strategy of protesting Krebs' writing by donating to an German anti-cancer website (Krebs = cancer in German) is definitely interesting.
At the surface level, it's an attack on Krebs, but there's a secondary thing going on here.
Krebs' main investigation was on Coinhive, a group which embeds Monero mining scripts in pages which run on page visitors' machines. But in his criticism of Coinhive and its association with Pr0gramm, it seems he may have cast too wide a net, doxxing and accusing Pr0gramm users who may not have anything to do with Coinhive. Instead of apologizing for this, he doubled down on it, typifying Pr0gramm users as basement dwellers who anonymously post nastygrams and threaten journalists with death.
Donating to cancer research is a direct response to that: it shows that Pr0gramm users are at least not only bad--they also do things generally considered altruistic, like donating to cancer research.
Both sides have definitely dirtied their hands: at least some Pr0gramm users are mining cryptocurrency on other people's machines through Coinhive, and Krebs has definitely made the false insinuation that Monero's anonymity is only useful for criminal activity. The open question is whether this behavior is typical of Pr0gramm or Krebs has actually accused Pr0gramm users who weren't involved in Coinhive.
I don't know who is in the right here--I simply don't have enough information to know. What information I do have comes from sources which are clearly biased. But it's interesting to see how even at this level, security cases are being tried in the court of public opinion.
An aside to this story which I find interesting:
I definitely think that mining cryptocurrency on other people's machines without their consent is malicious, and I am glad that the security industry is treating this as an exploit. This shares similarities with ads in webpages, which run without my consent.
However, unlike ads, mining scripts don't grab my attention without my consent, they only use my processing power, which is something I would be willing to negotiate for the right website. I'd be happy to click a button which says "Allow nytimes.com to mine cryptocurrency on your browser while you browse their website", for example. There would need to be secure systems in place around this sort of mechanism--I'd rather have this implemented by the browser than as a JS script--but this might provide an alternative to pay models which sites seem unwilling to try, and ad models which I am unwilling to agree to.
This is exactly what happened on Pr0gramm.
The users of the platform are not the people who include Coinhive on hacked websites. Pr0gramm simply allowed its users to voluntarily mine in their browsers and be rewarded with a premium account. The main benefit of a premium account is, that no ads are shown on the site.
> The users of the platform are not the people who include Coinhive on hacked websites.
They're apparently basement dwellers. Hint: basement dwellers don't pay their own electricity bill.
yup, at least pr0 gives you something back and you do NOT do it without consent... unlike some websides where I wonder why the hell does this site need 50% of my 4GHz processing power....
As long as it's implemented in an open-source browser and I get some fine grained control over my processor time dedicated to each site, I'd consider it a pretty killer feature.
>I'd be happy to click a button which says "Allow nytimes.com to mine cryptocurrency on your browser while you browse their website",
Ya know, I wonder if poeple hat agree to this have made comments online about global warming and how serious a threat it is, and how dirty deniers are stupidbadpeople?
Because being proCrypto in my mind, is just like that same type of hippy type being anti-nuclear, just with more irony and ignorance.
And I’m not someone that believes 1/2 the gloom and doom, just that I like the hypocrisy of “climate informed” types being pro-crypto which is the biggest waste of power we’ve ever made.
You're judging all cryptocurrencies against Bitcoin, which is already inaccurate. They don't all work the same way or consume mass amounts of power like Bitcoin does.
That only makes sense if you ignore the fact that most "climate informed" people think renewable energy is the solution to climate change rather than luddism.
Great to see somebody actually acknowledge that he simply doesn't know in a world full of know-it-alls. ;)
I try. I definitely have know-it-all tendencies but I'm trying to reform. :)
> Donating to cancer research is a direct response to that: it shows that Pr0gramm users are at least not only bad--they also do things generally considered altruistic, like donating to cancer research.
I don't know any particulars of this specific situation, but I would caution folks against accepting this sort of claim at face value. The GamerGate "movement" sprinkled donations to charity in with telling women that they wanted to rape and kill them. There are gradations here.
I think the difficulty with GamerGate, and in this case with Pr0gramm, is that "users" or "members" is not a singular entity. The GG-people that donated to charity are not the same people that threatened women. Same goes for these Pr0gramm users i assume.
Maybe--until it became fully and completely obvious that GamerGate was just grievance against "the SJWs", there were certainly some people who actually bought that it was about some kind of ethics. (That has obviously since changed to the point where "ethics in games journalism" means you're probably fitted out for some Hugo Boss.) But--and why I pointed it out--is that those donations are then used by the shitheads to shield their behavior and legitimate themselves, and clearing that tactic in the open is useful and important.
> The GG-people that donated to charity are not the same people that threatened women.
I think this is just an assertion without evidence.
This is so right. Userbases can not be boiled down to some core attributes everybody shares.
I think we can agree that donating to charity doesn't excuse bad behaviors.
The point which Pr0gramm users are making is that the Pr0gramm users donating to cancer research and the Pr0gramm users mining through Coinhive might be different people, and lumping them together because they all use Pr0gramm would be unfair (this is the argument they're making--I don't know whether it's true).
The thing is, Pr0gramm users are not the people that add Coinhive scripts to hacked websites.
Before Coinhive was launched, users on Pr0gramm were able to activate mining and be rewarded with a premium account on the site. They weren't even forced to do so but were able to opt-in voluntarily.
So the relation between Coinhive and Pr0gramm merely is, that the people behind each website know each other and used Pr0gramm as a testbed for Coinhive before it became publicly available.
>The critical point which is being made is that the Pr0gramm users donating to cancer research and the Pr0gramm users mining through Coinhive might be different people, and lumping them together because they all use Pr0gramm would be unfair (this is the argument they're making--I don't know whether it's true).
I think you misunderstood something. Pr0gramm users can use something like coinhive voluntarily, on their own machine only, unless they like blasting their login data out into the internet. This can be used to get premium time for this pr0gramm account and nothing else.
The connection here is, that this was the prototype for what is now coinhive, which has been developed by the former pr0gramm admin.
This is the connection between pr0gramm and coinhive. I don't think anyone ever claimed (not even Krebs) a lot of pr0gramm users would be involved in blackhat usage of coinhive. It's an imageboard with thousands of users. I mean, seriously, the amout of people on HN proportionally that use coinhive in a blackhat way is probably higher than on pr0gramm. Simply because most people here have the technical skill to do it, where pr0gramm is simply a website for shitposting.
I think uncovering the person / company behind Coinhive is not a bad idea. However, in doing so, Brian Krebs did several extremely questionable decisions and moves:
- publishing material by users he knew had trolled him to further the agenda that this is a right-wing site (it is not, the site has a huge fan base of Bernie Sanders and other leftist politicians)
- look at his tweets and headlines (on Vice Motherboard for example) that are used to promote the story: They are almost exclusively focusing the the Mathias Moench part, which is completely irrelevant to pr0gramm, Coinhive, and even the mindmap.
Given that, his whole article reeks of sensationalism, not journalism. This is fake news. Seeing reporters report about a thing you know well instills me with me with dread about how I believe their articles about the things I don't know well. I lost all the respect I had for Mr. Krebs work, and I am one step closer to losing respect for all journalists. Which isn't a bad thing, being aware how biased and badly researched publications are is not a bad thing.
€dit: typos
And yes, I understand that "German nazi separatist site registered on millionaires son who hired a hitman to kill his parents with a machete responsible for hottest crypto malware of the year"
sounds great to push the story. Except that it could not be farther from the truth. I just wasn't expecting someone who calls themselves an investigative journalist like Brian Krebs to try to beat the Sun (or Bild, for Germany) at their game.
I used Pr0gramm to kill time in university ~4 years ago and I'd definitely say that it has become more right-wing. Sure there are still discussions and people from all over the spectrum around, but right populism does seem to dominate.
From the article:
Am Abend änderte sich die Auseinandersetzung dann, nachdem ein Nutzer, "BassT87", einen Screenshot als Beleg für eine 25-Euro-Spende an die Krebshilfe postete. "Ich habe den Rummel um Herrn Krebs mal zum Anlass genommen, meinen Teil gegen Krebs beizutragen. Vielleicht macht der ein oder andere es ja (statt dem drölftausendsten Meme) ja nach...".
In english:
In the evening, the dispute changed after a user, "BassT87", posted a screenshot as proof of a 25 euro donation to Krebshilfe. "I took the hype about Mr. Krebs as an opportunity to do my part against cancer[Krebs]. Maybe one or the other will (instead of the thrwelvethousandth meme) imitate it...".
This is really the kind of absurd humour I like...
(Edit: format)
Krebs = Cancer in german
This is apparently in protest of this article by Krebs: https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive...
Which according to some screenshots on pr0gramm also contains bullshit users fed to Krebs in an attempt to toll him. [0]
But the obvious problem here is the unnecessary doxing of people, just because Brian doesn't believe someone can compile a CPU miner with emscripten as one single person.
Following the doxxing of the people behind pr0gramm.com the community knew that retaliation by ddos or other bad methods would not work for Brian Krebs, who enjoys DDOS protection by google. So they started a donation raid on the German Cancer Help Foundation, because Krebs literally tranlates to cancer in german. The raid is ongoing and unconfirmed sources talk about 11k donations. The avarage ammount seems to be > 15€ with at least one single donation of 10k€
That's a big plus in hacker humour, considering DDoS, swatting and other malicious stuff (get it) flung at Krebs.
Edit: are they DDoSsing or donating? If the former, than it's even worse form. Had my hopes up for a second. The article talks about a failing site because of many donations, but other replies here about DDoS.
They are donating and posting their confirmation mails on pr0gramm.com. The servers cant keep up with the amount of donations.
Hmmm... it's interesting if true. Or we could be being trolled by the same group along with Von Lars Wienand.
It would still be a bit sad if a cancer donation site could be brought down with so much less than 1 donation per second, but I'd use occam's razor.
The institutes which have been donated to are confirming a huge amount of Donations, which started last night. So there are very many real donations.
Awesome! There were 4000 (plus 73) donations at the time and I hear that there have been more than 10k over the last day for more than 100k euro.
Still we don't know if that brought down the server accidentally or on purpose. It's a question of intent, and their desire for publicity. Sadly, it only takes one.
No DDoSing, the site is collapsing from donations.
How many (hundreds or even thousands?) donations over how many hours... and nothing else is causing the server to fall over. That's one incredibly slow server.
> How many (hundreds or even thousands?) donations over how many hours
> The raid is ongoing and unconfirmed sources talk about 11k donations.
I mean, the site is back up now and the raid still ongoing, but I can very well imagine the (shared?) server of a charity collapsing when suddenly even a few hundred or thousand people start clicking around on the website simultaneously.
But I guess you have to call the charity and ask them if you want exact numbers?
Woah... so most of the people who donated were (from your post) clicking around on the site at the same time? That sounds like a slashdotting-DDOS. Was "the raid" coordinated, because (according to you) it sounds like it?
I'd have to know that the charity was real, that all of those clicks were real, the donations were real, and that they weren't coordinated in loading particularly heavy pages with the intent to bring it down. Cui bono from the publicity?
A side question: Who is Dr. Matthias Moench (now I really want to know) and what murder was he convicted of? that seems almost as relevant.
Sorry, but I think this is the wrong website for baseless conspiracy theories.
Not baseless.
That none of the many savy hackers people who want publicity for their protest tried to find out how many donation pages they could have open simultaneously sounds like it would take a conspiracy. The 'raid' and its coordinated nature is almost by definition conspiracy.
The description of Dr. Moench and his conviction for murder is on the exact Krebs post being protested.
Just a FYI regarding "Dr. Moench" or "Dr. Matthias Moench". Anyone can call themselves Dr. in Germany. Ie. it is a meaningless title in Germany.
As for his background story and the crimes he committed see [1].
[1] https://www.welt.de/wirtschaft/article135077209/Viagra-ist-f... (use something like Google Translate if you don't understand German)
I don't understand?
They're getting back at Krebs by donating to a charity?
Yeah, I was having a bit of trouble as well...
They're not (intentionally) DDOSing the charity. The charity's website is simply overloaded from visitors seeking to donate.
The charity's slogan is "Cancer (Krebs) is one of the worst problems of our time". So I guess it makes sense. Somehow.
It's the sort of passive-egressive altruism that quite elegantly straddles the divide of childishness and maturity.
The word "Krebs" in German translates to crab as well as cancer. They are donating to the charities that work against cancer and are commenting "Krebs ist scheiße" which would translate to "Cancer is shit" as well as "[Brian ]Krebs is shit".
But aren't they still, in essence, donating to charity to get back at Krebs?
I think it's more of a peaceful protest against his questionable journalism practices rather than getting back at him.
But yes.
Yes, that makes it so beautiful, IMO.
And since the server crashed, they donated to other charities, as well. DKMS saw many donations, as well.
Cancer translates to Krebs in germany, they're donating to "fight against Krebs" so to speak.
They are DDOSing a german cancer help, krebshilfe. See the substring match?
They aren't (intentionally) DDoSing. The site simple couldn't handle the legitimate load of thousands of donations.