Hacker News new | past | comments | ask | show | jobs | submit login

> Hi Andreas - I'm not saying it was posted publicly by you or someone in the Bosnadev team. Please contact me directly (matt at recordedfuture dot com) and I will share more details with you.

You left this comment on Bosnadev's blog. Mind sharing with the rest of us?




Maybe they posted the URL privately on some other platform (ie. slack, some instant messenger, whatsapp, who knows)? And recorded future got it from there?


That's basically right. Our system observed the URL elsewhere on the web - not on a private messaging service. We've offered to share those details with Bosnadev.

RE: whether these comments really are from the RF team, we're about to post the same info on our own blog.


Here's the link to our blog: https://www.recordedfuture.com/facebook-chat-messages/


Thank you.

Your link to the blog is broken (the href is missing an '=').

Unfortunately no new information for those following the threads. Are there any plans to release more details (links, logs) publicly?


xpost from comment on the orig blog

http://pastebin.com/ukBvSKyw - Look at the timestamps. And no "Recorded Future" here, hence published before their fetch.


Sorry, I don't follow. Could you unpack this?


Search Google for the "secret" URL. Make sure you click the option to show the "omitted" search results. In the search results, look for the results that date from before the article was posted. You will find an URL on pastebin.com. Look at the timestamp. This page contains a partial HTTP log, containing not only the relative URL but also, in the referrers, the complete "secret" URL. So, my conclusion is: in the group conducting the "secret" chat, somebody posted the HTTP log to Pastebin.com, and then, and only then, was the "secret" URL picked up by Recorded Future.


Can a log on pastebin containing a relative path be resolved to an absolute URL?


(continued from previous comment) The "secret" string to google is "/_temp/cork.png". People should be aware that once they post an HTTP log to pastebin, their "secret" URLs are not secret anymore.


(continued) And now, somebody has deleted that pastebin page. Because they want this hoax to thrive?


...weird, indeed.

Since the OP published the article implying such a grand circumstance, and commented "I assure you it was not posted publicly by any of us. Newly created URL and link c/p to fb chat.", I believe that there are still a few basic questions in order, in any case:

1. What "link generation" program was the OP using? Is it possible this program streamed its output through something like Pastebin - without the explicit knowledge of the OP - and if so, can we verify this is the case by following up with an example?

2. Can the representative from Recorded Future comment on whether or not this site, Pastebin, is being monitored?

Thanks all, for what we'd surely hope to be a trivial, if unusual, case of software being stealthy...


If what you're saying is true, then where was the source of the "leak"?

Perhaps you won't say, exactly, without the OP's permission?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: