"Protestware"

edit

Don't sugarcoat it. Call it what it is. Malware is malware regardless of motive. 75.161.128.65 (talk) 02:12, 19 March 2022 (UTC)Reply

I made a small edit in the mean time. 75.161.128.65 (talk) 02:19, 19 March 2022 (UTC)Reply
@75.161.128.65: I think the best venue for debating this would be to create an Articles for Deletion discussion for the Protestware article. -"Ghost of Dan Gurney" 19:10, 19 March 2022 (UTC)Reply
For the time being we should leave the word out of this article as it is an extremely new neologism without widespread acceptance. The Gentle Sleep (talk) 08:27, 20 March 2022 (UTC)Reply
This is the term that is being commonly accepted by many in the industry as this all plays out. I would suggest changing it to that as the association with malware is just the confusion of this module with the way a massive security hole was exposed in the node ecosystem. That security hole had a significant impact on US GOV cyber policy and security requirements. The drama surrounding what happened is one way to get people to pay attention. All that said, it is wholly unrelated to peacenotwar and I think it would be best to adopt the new term that has been coined for this. Just because something is a new term does not mean it should be mislabeled with an older term which does not fit it quite well. Otherwise we would still be using words like oriental. Times change, new words are created. Lets be progressive. RIAEvangelist (talk) 18:39, 26 April 2022 (UTC)Reply

Confusion with node-ipc

edit

I think this article is confusing two separate malwares written by the same author: node-ipc and peacenotwar. peacenotwar doesn't have geolocation unlike malicious code included in node-ipc. Xfix (talk) 10:49, 19 March 2022 (UTC)Reply

the code that wipes the disk in Russia and Belarus wasn't included in affected vue-cli releases, so this whole situation most probably never caused any real damage except for creating a text file in the Desktop folder. ref: https://github.com/vuejs/vue-cli/issues/7054#issuecomment-1068677029 Азаров Александр (talk) 13:31, 19 March 2022 (UTC)Reply
Both are function of the same malware, there are just additional functions in some versions. There are also reports that some organizations and individuals had their systems wiped. This can be seen in related issues on the gist page for the malware. Also the list of projects affected is pretty long. The Gentle Sleep (talk) 20:29, 20 March 2022 (UTC)Reply


18:34, 26 April 2022 (UTC)Brandon Nozaki Miller There is a lot of confusion about the exposure of a massive security hole which resulted in new governmental efforts to secure systems (NDA) and the peacenotwar module. The peace not war module never did anything scary looking, and the node-ipc issue never actually erased any disks. However, the dramatic articles and videos did serve as a wonderful platform to inspire many businesses to shore up their security. I removed one confusion from the article after being notified of it, but left the rest. — Preceding unsigned comment added by RIAEvangelist (talkcontribs) 18:34, 26 April 2022 (UTC)Reply

NPOV?

edit

There appears to be at least one source [1] with the alleged perpetrator issuing some sort of denial. I'm not sure how reliable this source is, but I feel it's worth bringing up for NPOV reasons. -"Ghost of Dan Gurney" 19:19, 19 March 2022 (UTC)Reply

The accused frequently deny their crimes, and there is overwhelming evidence of what happened. This is covered in the page for NPOV iirc. The Gentle Sleep (talk) 08:26, 20 March 2022 (UTC)Reply

Racial profiling vs hate crime

edit

The definition used by the Wikipedia on racial profiling (which comes for the ACLU) includes targeting based on nationality. Since I've not seen reports of criminal charges being brought thus far, I'd hold off on calling this a hate crime. This objectively is racial profiling though, & saying otherwise wouldn't be a neutral point of view. If this was created in response to the occupation of Palestine, and targeted Israelis in general rather than specific agencies or systems, would anyone be seriously arguing that wouldn't be racial profiling?The Gentle Sleep (talk) 19:44, 20 March 2022 (UTC)Reply

It's a point of view and original research to pipe a link to racial profiling in an article where no source makes a mention of the sort. Also I kindly ask that you not refer to my edits as vandalism in your edit summaries. I am starting to doubt that you are editing in good faith here. -"Ghost of Dan Gurney" 04:18, 21 March 2022 (UTC)Reply
How else should I refer to your refusal to seek consensus about changing an article rather than starting an edit war? Even now you've removed the link rather than seeking a consensus, and then just commented about it here, knowing there's disagreement. The Gentle Sleep (talk) 17:54, 21 March 2022 (UTC)Reply
The very first sentence of your citation, ACLU: "Racial Profiling" refers to the discriminatory practice by law enforcement officials of targeting individuals for suspicion of crime based on the individual's race, ethnicity, religion or national origin.". Will you please stop appropriating this term to petty incidents to which it does not apply, or at the very least stop edit warring to push your POV? -"Ghost of Dan Gurney" 04:44, 21 March 2022 (UTC)Reply
This is why I created this section, we can find a more appropriate word for these actions by consensus if you'll work together with me. These actions objectively targeted users based on their nationality, this is mentioned in most if not all of the citations on the page. There is some form of attack going on against people based on nationality, if it were a crime that would qualify as a hate crime, however afaik he hasn't been charged with a crime yet. You clearly agree that hate crime isn't appropriate yet, so how would you feel about hate incident? Alternately we could just link to the page on discrimination. This incident didn't target government infrastructure or specific services, it instead targeted a nationality in general, so that's some type of discriminatory attack. I'm open to input on the exact type, but looking at this from an objective point of view that's what this is. The Gentle Sleep (talk) 18:02, 21 March 2022 (UTC)Reply
I disagree with any and all of those suggestions. This is not at all a hate-based incident. I need you to find sources describing this as such otherwise you are adding your own commentary via piping links, which is inherently pushing your POV. You have demonstrated a willingness to have pages protected to keep your preferred version and accused me of vandalism (EDIT: and have now violated the 3RR bright line), so please don't say that I'm the one refusing to seek consensus. Please start a Request for Comment if you feel strongly about piping a link to any of those suggestions unless you can find sources clearly describing this incident as such. -"Ghost of Dan Gurney" 18:10, 21 March 2022 (UTC)Reply
I was seeking protection to force users to seek consensus rather than having an edit war, specifically in response to your refusal to seek consensus on these issues, as I said I'm not sure how else to view that besides vandalism. If there's a better term for what you were doing I'd be open to it. I'm unfamiliar with any rule or guideline stating that words and adjectives must come from a source when the underlying facts are already cited, if you could direct me to a guideline along these lines that would be helpful. These facts are cited numerous times: 1) The malware was installed indiscriminately to systems which it could infect. 2) The malware took destructive actions against users of two specific nationalities. This is exactly what WP:CAPTAINOBVIOUS is talking about, this is like requiring a citation that 2+2=4. If the other examples aren't acceptable to you, perhaps you'd prefer Anti-Russian sentiment, I don't believe that anyone could disagree with that applying here in good faith. The Gentle Sleep (talk) 18:19, 21 March 2022 (UTC)Reply
You reverted edits from me and an IP editor; I don't think this is a case of me refusing to seek consensus, but a case of you attempting to force your personal consensus into the article. I believe you are attempting to have the article worded to as to cast the creator as somehow a racist and by suppressing his denial, you are also violating NPOV that way. I do find it odd that you've reverted my removal of "racial profiling" and refused to add an inline citation for it and then turn around and revert the IP's addition of his denial, source and all. -"Ghost of Dan Gurney" 18:29, 21 March 2022 (UTC)Reply
It's commonly accepted that the accused will generally deny their actions, and that their denial isn't automatically worthy of inclusion, unless there are reliable sources backing up the claim. The accused isn't a reliable source themselves. The source cited in regard to him denying responsibility also immediately dismisses his denial, so it is not a source giving weight to his claims. As for whether or not the creator is racist, that isn't for us to decide, only he knows what he thinks and feels. I don't understand what you're saying about an inline citation, so if you could clarify that point it would be helpful to me. Whether or not the creator is racist or was motivated by hatred, the actions do target people based on their nationality, which is a racist action. The Gentle Sleep (talk) 18:40, 21 March 2022 (UTC)Reply
It doesn't matter what your opinion is on whether it is a racist act or not; the fact is that zero sources have said so. Zero sources (to my knowledge) have used the term "discrimination" or "anti-Russian sentiment". An inline citation is the process of using <ref> tags to cite a reference in the prose of the article. This is required for all edits and those edits lacking a source can be freely challenged and removed. -"Ghost of Dan Gurney" 18:45, 21 March 2022 (UTC)Reply
Once again, I'm unaware of any policy requiring a specific adjective be used in a source if the facts cited are sufficient to reach the conclusion. I still don't understand what you're getting at about inline citation, I'm sorry if I'm being thick. >_< The Gentle Sleep (talk) 18:54, 21 March 2022 (UTC)Reply
Oh wait, I understand what you're saying now. You're saying I should cite somewhere using those words specifically. I disagree with you there, since this conclusion can be reached with the absolute minimum level of reasoning based on facts which are already cited. It isn't an opinion that this malware targeted these groups based on their nationality, if the malware had targeted infrastructure or government services specifically that would be an entirely different matter. As cited sources already laid out, this targeted anyone who was Russian or Belarusian. There's also already inline citations to those facts at the end of the sentence.The Gentle Sleep (talk) 19:01, 21 March 2022 (UTC)Reply
And since you've gone ahead and edited the article again to push this POV (a 5th revert, oh my!), I reiterate that a link is not needed at all. -"Ghost of Dan Gurney" 18:37, 21 March 2022 (UTC)Reply
There's been a link in that spot since the page was created iirc, or at the very least since before anyone other than the page creator had edited it. I'm trying in good faith to reach a consensus with you, but I disagree that no link is needed here. This incident targetted people based on Russian and Belarusian nationality, so it fits squarely within anti-Russian sentiment. The Gentle Sleep (talk) 18:45, 21 March 2022 (UTC)Reply
The message delivered by the peacenotwar module is explicitly not racist, was delivered to computers around the world, not to specific IP ranges and directly calls for people to remember that soldiers are not their nations and when this is all over we should try to forgive and follow our moral compasses. What a perversion to call it racial profiling or a hatecrime. RIAEvangelist (talk) 18:41, 26 April 2022 (UTC)Reply

Some clarification on the nature of this malware

edit

Both the generation of the txt file and the additional destructive functions are the same malware, but not all versions contain the additional functions. The 1st iteration with destructive functions included it within peacenotwar, and a later iteration moved the destructive functions to a seperate file which was called by peacenotwar. So both are functions of peacenotwar, even if some functions use an outside file for the purpose of code obfuscation. The Gentle Sleep (talk) 08:36, 20 March 2022 (UTC)Reply

There are no destructive function to peacenotwar, the code is completly public and documented. This is a confusion with node-ipc and peacenotwar.
The node-ipc release also had an invalid API key preventing its code from ever running before release as a last bastion of safety. It was a simple exposure of a major threat to the global economy and governments around the world. It resulted in policy change in the US government as well as many major companies nationally and internationally. The drama that resulted while painful for me, seems to have worked well at disseminating the danger in a way people will listen to and react to, instead of just shrugging it off. RIAEvangelist (talk) 18:46, 26 April 2022 (UTC)Reply

The gist page for the malware shows that it's the same malware, and even shows the code in detail. I can grab some extra sources if needed, but the code itself is pretty simple and easy to read. The creator of the gist page also covers what the code does in detail.The Gentle Sleep (talk) 08:54, 20 March 2022 (UTC)Reply

As far as I can see (note: I am not a developer, just an enthusiast, so take my POV with a grain of salt!) the destructive payload was (briefly) incorporated directly into node-ipc's own source, and not the peacenotwar dependency. While reliable sources have reported both functions as belonging to peacenotwar, it appears to my (non-expert) eye that they do so in error, though it is hard to be certain given the speed with which the destructive payload was removed and the fact that it was introduced at the same time as the peacenotwar module. UOSSReiska (talk) 00:10, 21 March 2022 (UTC)Reply
It may have additionally been moved directly into node-ipc's source during one of the iterations, the creator seems to have rapidly deployed several different versions to try and obfuscate the code and avoid being stopped. He also deleted several issues and comments which further complicates things. I just hope he doesn't vandalize this page, since the page on him personally was heavily written/ edited by him. The Gentle Sleep (talk) 00:27, 21 March 2022 (UTC)Reply
This is correct.
Further the "dangerous" payload was wrapped with a bad API key to prevent it from being able to execute. Policy changes were made globally due to the dramatic and confused reports made. I was also in direct contact with many of the reporters that did this. They understood how important it was to expose this on the off chance the world heads into a new era of war. RIAEvangelist (talk) 18:49, 26 April 2022 (UTC)Reply

Also here's the initial request to remove the peacenotwar malware, as this has some more information about what happened. Reliable sources have separately reported both functions as belonging to peacenotwar, and these accounts from the time of the attack back up the assessment of said reliable sources. The Gentle Sleep (talk) 09:04, 20 March 2022 (UTC)Reply

The code is fully public and its entire history can be seen. The sources you sighted are incorrect but do spread the risks associated with these types of attacks in a way that has resulted in policy changes both governmentally and in the private sector to better secure critical infrstructure which relies on nodejs. RIAEvangelist (talk) 18:50, 26 April 2022 (UTC)Reply