Kim Dotcom Strikes Back with Mega Encrypted Filesharing

Chat about just about anything else

Kim Dotcom Strikes Back with Mega Encrypted Filesharing

Postby ASmith on Sat Jan 19, 2013 7:40 pm

Kim DotCom launches the enormously popular global Mega encrypted filesharing cloud service
Image[9]
Timed to the day last year when USA FBI agents went to New Zealand seizing DotCom's servers, homes, vehicles, cash which allegedly New Zealand Judges deemed was illegal and a gross invasion of many of Kim DotCom's rights, Kim is preparing to launch tomorrow his new fully end-end encrypted file sharing cloud sourced site Mega out of New Zealand.

History/Findings/Opinion

When USA agents raided Kim DotCom's Megaupload services overseas in such a grievous jack booted action, it completely appeared to me that the USA Judicial had deliberately planned to illegally seize all means from Kim DotCom to adequately mount a professional defense team to fight the many inflated charges, taking his vehicles, homes, cash, IT infrastructure and even charging a Megaupload web editor/designer with a potential 15yr prison sentence in their attempt to gain a conviction and flip Megaupload employees against Kim. Apparently such jack booted efforts appeared to have backfired. The New Zealand Judges apparently ruled the gross raid and actions were far beyond what is allowed in New Zealand and Kim had managed to hide many millions in assets away from the USA search and seizure raid which allowed Kim DotCom to mount an adequate defense team to tackle the USA Government behind their New Zealand ambush raid on him.

I discussed much of this at length here in the Linux Mint Forum, GooseStepping FBI Agents Shut-Down MegaUploads sites[1]
Image[9]
What is worth pointing out here is that I made 5 suggestions to Kim DotCom for his new file sharing site and for others to use as a blueprint in the future. Kim DotCom implemented FOUR of the 5 [1] in Mega. The only one not visibly implemented or directly mentioned was for Entirely Anonymous filesharing on the encrypted files. International Laws forcing ISP providers to keep IP addresses on customers, visitors and uploaders/downloaders might be part of a backroom agreement which is not widely publicly listed nor mentioned. However it is entirely likely Kim's legal team added that in the legal user/site agreement terms to further isolate them from foreign nations judicial interference.[8]

Briefly, end-end 2048 RSA encryption prevents Kim DotCom's Mega employees from ever knowing what is being uploaded/downloaded unless that file is decrypted. Only the sender has the encryption key which presumably they privately share with those wanting to download it along with that files link. Cloudservers based in New Zealand are allegedly not subject to the vast majority of visible and invisible USA Internet laws. Mega's pro accounts deal in Euro currency's not USD again closing that backdoor to USA agents by not accepting USA currency.

The new Kim DotCom Mega Encrypted filesharing service is entirely built from the ground compared to his vulnerable ground server based MegaUpload and with Kim DotCom implementing my suggestions it appears Kim has largely insulated himself and employees from Jack Booted foreign agents attempting Illegal raids, searches, arrests and seizures.

Despite a single Mega Rack space having more bandwidth than all of New Zealand and some 100,000 new registered users in the first hour, the pre-launch of Mega has been so active and anticipated the load has jumped over 250GB/s in new members during today's pre-launch which has temporarily dragged down Mega's resources. With tomorrow's (Jan 20th. 2012) launch, I expect Kim DotCom and Mega to be flying the friendly skys free of censorship and foreign nations manipulation.

Mega's grand launch tomorrow will allegedly begin the implementation of many additional Mega features [4].

NOTE: I'm experiencing broken SSL alerts via my Calomel SSL addon in Firefox and unable to successfully pull up the Mega website via Firefox nor Opera browsers. I can Only access the Mega filesharing site via Chrome or Chromium Browsers. Keep that in mind if you are using a different browser and having difficulty's connecting to that service.[10]

References:

[1] GooseStepping FBI Agents Shut-Down MegaUploads sites http://forums.linuxmint.com/viewtopic.php?f=58&t=92200
[2] Kim Dotcom's new file locker 'Mega' opens to the public http://arstechnica.com/tech-policy/2013/01/kim-dotcoms-new-file-locker-mega-open-to-the-public/
[3] Mega Launches Its Cloud Storage And File Sharing Service As ‘The Privacy Company’, ‘Thousands Of Registrations Per Minute’ http://techcrunch.com/2013/01/19/mega-launches-its-cloud-storage-and-file-sharing-service-as-the-privacy-company-amid-a-huge-surge-of-interest/
[4] Kim Dotcom’s Mega Opens For Early-Access Users, Reveals Pricing Tiers, Roadmap With Mobile Access, IM, Office-Style Features http://techcrunch.com/2013/01/18/kim-dotcoms-mega-opens-site-to-early-users-reveals-roadmap-with-mobile-access-office-style-features-and-more/
[5] Kim Dotcom's Mega is Now Open To the Public http://gizmodo.com/5977329/kim-dotcoms-mega-is-now-open-to-the-public?utm_campaign=socialflow_gizmodo_twitter&utm_source=gizmodo_twitter&utm_medium=socialflow
[6] Kim Dotcom @KimDotcom on Twitter https://twitter.com/KimDotcom
[7] Mega arrives: Hands-on with Kim Dotcom’s new cloud storage site Free users will get 50GB; $13 to $40 per month buys you 500GB to 4TB of storage. http://arstechnica.com/business/2013/01/mega-arrives-ars-goes-hands-on-with-kim-dotcoms-cloud-storage-site/
[8] Mega Launches: Brilliantly Secure, But Not Anonymous http://torrentfreak.com/mega-is-brilliantly-secure-but-not-anonymous-130118/?utm_source=dlvr.it&utm_medium=twitter
[9] Mega launch: Kim Dotcom's new file storage project kicks off http://rt.com/news/dotcom-launch-mega-website-336/comments/
[10] Mega filesharing website https://mega.co.nz/
Last edited by ASmith on Wed Jan 23, 2013 12:42 am, edited 3 times in total.
User avatar
ASmith
Level 3
Level 3
 
Posts: 151
Joined: Tue Nov 08, 2011 1:47 am

Linux Mint is funded by ads and donations.
 

Re: Kim Dotcom Strikes Back with Mega Encrypted Filesharing

Postby nomko on Sat Jan 19, 2013 7:49 pm

Great news! I've already visited that site thursday and there was an option to enter your email to get a notification when "the shop opens it's doors". But now it looks like that site is down or what?? Link: Mega.co.nz

In the news announcement iv'e read it was stated that the site will be launched this saturday.
MSI GE70-2PE*Quad core Intel Core i7-4710HQ*Kingston 16 GB RAM*Intel 4th Gen. Integr. GPU/NVidia GeForce GTX860M*Qualcomm Atheros Killer E2200/Intel Wireless 3160*Sitecom X5-N600 Router (WLR-5100)

Visit my website:
My personal website
User avatar
nomko
Level 9
Level 9
 
Posts: 2920
Joined: Sat Feb 25, 2012 7:28 pm
Location: The Hague, The Netherlands

Re: Kim Dotcom Strikes Back with Mega Encrypted Filesharing

Postby xenopeek on Sat Jan 19, 2013 8:23 pm

It will probably be slow for a while, though I managed to have a good look around and upload some files. Apparently they had 100.000 sign-ups in the first hour alone! But 50 GiB free storage, with end-to-end encryption? Sure, you can debate the terms of use as is being done elsewhere, but if you just want to have a remote backup also of your family pictures and videos then this is the service I will be using...
User avatar
xenopeek
Level 21
Level 21
 
Posts: 15280
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Kim Dotcom Strikes Back with Mega Encrypted Filesharing

Postby ASmith on Wed Jan 23, 2013 12:39 am

When anyone registers as a potential new user, free or pro account on the Mega site, it is absolutely essential that you beforehand create a unique, long as possible and complex password that you possibly can for that initial login REGISTRATION.

Early security findings appear to reveal the very password a Mega user first chooses is salted then utilised to create your 'unique' DES 1024,2048 keys. Someone cracking or any domestic or foreign XYZ agency obtaining your Mega password creates a backdoor to quickly decrypt any and all alleged DES 2048bit encrypted files you stored on the Mega cloud server.

I'll try to follow up on this early finding and suggestion to present and future Mega Users in a near future post.

I seriously suggest any sensitive files not be stored on any cloud server where domestic and foreign XYZ agencys are able to obtain business secrets and personal information on private citizens without warrant, charges nor even a notice.

Files stored on the Mega filesharing service should first on a local machine use Free and Open Sourced TrueCrypt [1] to chain TwoFish-Serpent encryption on that file or group of files THEN sent to Mega where it is allegedly SSL back to back encrypted with DES 2048 and stored. Individuals cracking or backdooring the DES 2048bit encryption would be stopped dead in their tracks by the chained TwoFish-Serpent encryption.

References

[1] Outstanding Free, Open Source Linux File,Directory,Partition and Drive Encryption Program TrueCrypt http://www.truecrypt.org/
User avatar
ASmith
Level 3
Level 3
 
Posts: 151
Joined: Tue Nov 08, 2011 1:47 am

Re: Kim Dotcom Strikes Back with Mega Encrypted Filesharing

Postby ASmith on Fri Jan 25, 2013 12:42 am

Image [2]

The Mega website Encryption scheme is largely in place to protect Kim DotCom (Mega Owner) and his employees (200+) from another outrageous over reaching USA Justice Department Raiding party on behalf of the apparent Obama/Biden AIPAC Jewish Lobby friends in the Music and Film industry who directly appear to be behind this abuse of USA taxpayer revenues and the USA Justice Department. The files are all client side encrypted and the Mega server staff has no ready means to decrypt it nor does the company give them the permission to do so. This is largely to protect Kim DotCom and his Mega staff from attempts by the Film/Music Industry Lobbying the USA Justice Department to arrest and shut down filesharing websites.

When it was discovered New Zealand had no extradition built on mere copyright claims, the USA Justice Department added 'Racketeering' to their pile of faux charges trying to convince New Zealand judges to send Kim DotCom back to a Virginia Hearing and jury.

Personal Observation/Comment:

Imagine the utterly outrageous gaul of Music and Film industry leaders who are alleged to have links to the Jewish Mafia, telling their corrupted USA Justice Department puppets to add 'Racketeering' to the charges against Kim DotCom in their rabid attempts to have DotCom extradicted and severely punished for operating a filesharing service.

"The Mega Website client encryption key is not random. The encryption key is actually derived directly from the user’s password. And the process by which the key is derived from the password is quite fast, so that if someone has a hash of the password, the password can be recovered (and the corresponding key re-synthesized) quite easily.

Mega has a copy of the password hash for your account, and they even send it to you via plain email as an element of the URL in the “confirm my account” link.

So the bottom line is that the data is not actually safe “at rest” because the data is stored on the server along with the password hash, which can quickly be reversed to the password, which can directly produce the decryption key. And to boot, the hashed password is also sent to you via email, so if somebody gets into your email account (and your Mega confirmation email is there), they can also get into your Mega account by cracking your password using a freely available tool." [1]


RSA 1024bit encryption being weaker than RSA 2048bit sounds very well when allegedly the greatest RSA integer to be factored only had 768 bits. Kim DotCom appears to sell his Mega encryption on RSA 2048bit encryption, however such is very much like a used car dealer telling a potential buyer a grandmother was the sole owner of that used car. Kim DotCom's claim can be entirely self-serving yet accurate to protect himself and his employees yet insufficient in regards to providing enough protection to sensitive files.

Image [2]

This explains why I suggested:

1) Mega registration should use a long,complicated and unique password as that is going to be used to build your client side encryption key.

2) Use TrueCrypt to chain TwoFish-Serpent encryption on the file or files you want to store on the Mega filesharing service using a different encryption key than the one the Mega site gives you.

Observation/Option:

A favourite technique by USA Government XYZ agencys and likely UK,Israel's Mossad is to break a sites or clients SSL connection. I use the Calomel Real Time SSL constant scan,check add-on. Many SSL connection icons or such only check at the beginning of the SSL session and when that SSL is broken mid-session there is ZERO notification which is precisely why XYZ agencys deploy that method. The snoopers then simply squat and record your files,keys sent in plain sight while you are fooled into thinking seeing that padlock icon or https url, your data is safely SSL encrypted back to back.

References:

[1] Kim Dotcom's Mega Fileshare Service Riddled With Security Holes http://www.techweekeurope.co.uk/news/kim-dotcom-mega-fileshare-security-law-105024?ModPagespeed=noscript
[2] Kim Dotcom wants to encrypt half of the Internet to end government surveillance http://endthelie.com/2013/01/24/kim-dotcom-wants-to-encrypt-half-of-the-internet-to-end-government-surveillance/?utm_source=feedburner&utm_medium=twitter&utm_campaign=Feed%3A+EndTheLie+%28End+the+Lie%29
User avatar
ASmith
Level 3
Level 3
 
Posts: 151
Joined: Tue Nov 08, 2011 1:47 am


Return to Open chat

Who is online

Users browsing this forum: No registered users and 1 guest