Evidence suggests “email@example.com” gained access to Independent Media Solidarity’s Google Drive. But how?
IMS (Independent Media Solidarity), the independent collective of citizen journalists was recently the victim of theft. Thankfully for them, the experience wasn’t entirely negative. The community of people skeptical of the Sandy Hook narrative can now see the lengths to which the opposition will go to halt their efforts. Factors to better assess the true situation they find themselves in. But for the most part, what transpired was disruptive, unsettling and criminal.
Soon after IMS was formed in mid 2014, a Google Drive account was established for cloud storage of sensitive research materials and collaboration. Authorized IMS members stored a variety of files in Drive, including video, audio and photographic evidence, web page and PDF file evidence, meeting agendas and minutes, project proposals and outlines, scripted narrations, statistical analysis of evidence; basically everything the group had a need to store and collaborate on. Sometime after Feb. 1st and before Feb. 13th an unauthorized party made off with a copy of the entire contents of this drive.
The Google Drive Service
Before detailing how the theft was discovered, here’s a brief explanation of the Google Drive service, the security aspects of the service and the measures IMS took to maintain document security. To quote from Wikipedia,
“Google Drive is a file storage and synchronization service created by Google. It allows users to store files in the cloud, share files, and edit documents, spreadsheets, and presentations with collaborators. Google Drive encompasses Google Docs, Sheets, and Slides, an office suite that permits collaborative editing of documents, spreadsheets, presentations, drawings, forms, and more.”
To further quote from Wikipedia on the topic of sharing,
“Google Drive incorporates a system of file sharing in which the creator of a file or folder, is by default, its owner. The owner has the ability to regulate the public visibility of the file or folder…Files and folders can also be made ‘public on the web’, which means that they can be indexed by search engines and thus can be found and accessed by anyone. The owner may also set an access level for regulating permissions. The three access levels offered are ‘can edit’, ‘can comment’ and ‘can view’. Users with editing access can invite others to edit.”
Google employs secure-sockets layer (HTTPS) encryption of all Drive traffic to prevent man-in-the-middle type data theft and has built Drive to virtually the same security standards as their many other services, including Gmail.
It’s worth noting that, although users with “Can edit” level access can invite outside parties to manage files or folders, that activity will appear in the Drive account owner’s activity log. Those new parties will then appear on the list of authorized users as well.
IMS Group Security Policies
IMS member, Peter Klein is the original creator/owner of the “Official IMS Group Drive” folder. The same security protocol has been in place ever since. Only IMS members have ever been granted access to documents stored within the folder. On the rare occasion that someone was removed from IMS membership, so too was their Drive documents access.
No folder or sensitive file had ever had access settings of “Anybody with the link” or “Public on the web.” Google ensures its users that will prevent access even if a link to a file is somehow leaked and prevents the files from being searchable on the web.
IMS has always been concerned about the privacy of its members, the integrity and security of its materials. This is reflected beginning with its basic member policies. All IMS members must be nominated by an existing member, which then leads to a vote. Membership requires a minimum of 10 “yes” votes and zero “no” votes. Through this and other policies, IMS has gone to every reasonable length to ensure member privacy and document security.
First Sign that There Was a Problem
On March 4th, an IMS member was looking through the information posted on the Google+ feed of Honr Network. They discovered this post and promptly reported it to the group…
It wasn’t the posting of a public video by an IMS member nor the fact that they characterized IMS member, Peter Klein as “…so Evil” that concerned the group. It was the Google Drive link. The post reads, “They also have some organizational skills…” followed by a link to Google Drive. When clicked, this is what was seen…
From all appearances, the link led to IMS’s private Google Drive. Immediately the group began to determine the depth of the breach and just how it may have taken place.
Strangely, some members were able to access the files through this link without even being logged in to the account normally required for access. In response, an audit was undertaken of the entire Drive contents to determine how this was possible, given the access and security settings of the account.
Identifying & Isolating the Problem
Still unsure of the scope and scale of the problem, the group continued to deliberate and research. Some looked into the Google Drive service.Were there any reports of bugs in recent months? The Drive activity log was scoured for any indication that either outside parties had been granted access or that any changes were made to the files themselves. Nothing was found to indicate either had occurred.
The experience of the Drive being somehow accessed by an unauthorized party combined with the files being accessible apparently without restriction didn’t comport with the settings on the account or make any sense at all.
Then it was thought that maybe what they were seeing was merely a copy, and not the original. While viewing what appeared to be the main IMS Drive folder, a member navigated up one directory, and huzzah! This is what they found…
At that moment it was clear what had occurred, which was much more serious than previously thought. The IMS Drive contents had indeed been copied entirely and subsequently uploaded to Drive by Gmail user, “firstname.lastname@example.org”. It WAS a copy of the “Official IMS Group Drive” the whole time! A thorough audit of the Drive’s security history showed that, at no time had outside parties been granted access or had the account configuration been such that access could have been granted inadvertently.
Only a few possibilities remained…
- The Google Drive service has inherent flaws that can be exploited resulting in unauthorized access
- Access was explicitly granted by Google
- Some form of back door exists in the Google Drive service
Google is obviously expert at developing online application services, possibly being unparalleled in their capabilities. It seems highly unlikely that what occurred is the result of some, as yet unreported bug. That leaves only the possibility that Google itself facilitated the theft or some party authorized by Google made use of a back door to commit the theft. In either case, the situation was and is troubling.
Characterizing the Event as Theft
Some might argue that what took place wasn’t theft at all because anything posted online is public information, and no longer private property. That would only be remotely true had the information been “posted” or published in some way. In this case, the material was only stored online for use by a private group of authorized parties.
Others might argue that when Honr Network uploaded the files with the setting “Anybody with the link” to a separate Drive account and then posted a public link to the files, it was a copyright infringement. That could only be true if the material had ever been published, which it had not been.
Upon consideration, IMS believes this to be a case of theft of intellectual property. Not only because of the means by which the theft was facilitated, but by virtue of the simple fact that the material stolen was unpublished material clearly for private use do they conclude that this is theft…pure and simple.
Resolving the Problem
The contents of the IMS group Drive folder were backed-up before being removed from the Drive cloud while another service to provide cloud storage and online collaboration can be established. Whatever the solution, it’s unlikely the brand-name services will be a good fit.
From the research conducted as a result of this issue and considering the nature of the theft, it seems unlikely that claims made about security and privacy, or even the specific guarantees set forth in service-level agreements can be entirely trusted. IMS is still considering other document storage and collaboration options.
Reporting the Security Breach & Theft
After the scope and scale of the theft had been determined, it was decided that the correct course of action is to first report the issue to Google. An email detailing the issue was submitted to Google’s Drive Service Support Team also asking if there was another, more appropriate department to contact or other way in which to submit a report with these types of issues.
Google responded later in the day, but didn’t provide any direct answers or any personal attention to the issue. A more detailed follow-up reply was then submitted which Google responded to, again that day. This time a “Report abuse” form was submitted containing an option for type of violation, “Private & Confidential Information,” which seemed to be a match.
The trouble ticket reference ID was included in the hopes that the very detailed information already provided can be referenced going forward. It’s unknown if anything will be achieved through this avenue or whether Google will be a dead end.
What might Google recommend as a resolution or next course of action anyway? The unresolved issues and possible actions appear to be…
- Receive confirmation from Google that they, an authorized agent or unknown party gained access to the Drive contents.
- Receive confirmation that Google is aware that both the Gmail user, email@example.com and Goolge+ user, Honr Network are in possession of stolen property.
- Pursue prosecution of party who originally stole the Drive property.
- Pursue prosecution of the party or parties behind the firstname.lastname@example.org and Honr Network Google+ accounts.
On March 11th, Peter Klein visited the Lexington Kentucky police department and reported the incident. That began the process of law enforcement determining whether a crime took place, which crime(s) and the proper agency to handle the investigation. IMS will be following up with Lexington PD soon to allow some time for a detective to review the report.
It’s highly likely that the report will be referred to the FBI through their Internet Crime Complaint Center (IC3). But many compelling opinions and accounts in recent years characterize the FBI as being unaccountable for their actions and possibly even party to the Sandy Hook operation; that operation being the likely genesis for why the theft took place in the first place.
Another possible agency that might pursue an investigation is the Department of Justice, Computer Crime & Intellectual Property Section (CCIPS). But the problems of unaccountability, complicity or participation in the Sandy Hook operation are distinctly possible at the DOJ as well.
The Activities of Lenny Pozner & Associates
From the beginning, before IMS formed as a group to produce documentaries and push to disclose the truth behind Sandy Hook they have approached the topic with professionalism, consideration and fairness. This extended to all persons, regardless of their views toward IMS or the degree to which their private or organized activities might have been disagreeable. There is, however both a limit to professional courtesy and few limits to any American’s right to free speech.
When IMS publicly revealed that a person going by the name of Lenny Pozner was largely responsible for the copyright claims against IMS’s first documentary, We Need to Talk about Sandy Hook and numerous copies of the video online, it was only because the claims were false. No material contained within the video was the property of a Lenny Pozner or anyone going by that name.
IMS was only further justified in making the fraudulent copyright claims a talking point when they learned that each claim was also, very likely a case of perjury. It’s very likely that “Lenny Pozner” is merely an alias, and YouTube policies explicitly state that all YouTube claims of copyright infringement must be made using a person’s legal name. Dozens of reports from YouTube users of losing their entire channel due to a third strike submitted by Lenny poured in, most asking for help.
Despite all of that, IMS merely wrote a couple of articles describing the fraud, disputed the fraudulent claims through the standard methods provided by YouTube and advised a few others about how to do the same. When a video plea to YouTube management was made on behalf of IMS and over a hundred victims of these fraudulent claims, Open Message to YouTube Management, YouTube chose to ignore it.
At no time did IMS or its members produce defamatory videos directed at Lenny Pozner on either IMS’s YouTube channel or any of its members’ channels. IMS has not made a practice of attacking or harassing Lenny Pozner.
Even after receiving numerous accounts of malicious behavior by Lenny and seeing a fair amount of proof that his tactics weren’t entirely reasonable, the IMS position remained to simply work around any of his attempts to stymie their efforts.
Crossing the Line from Unsavory to Criminal Behavior
A change seems to have taken place over the past few months leading to greater forms of harassment or worse. Before the change, people representing the Honr Network or other Sandy Hook narrative promoters including Lenny Pozner generally kept their behavior within socially permissible parameters. The innumerable acts of copyright claim fraud he engaged in did exceed those parameters, however.
Setting aside the theft of IMS property issue for the moment, the actions of Honr Network and related individuals in recent months have become criminal. Typical of their behavior, these acts were committed against individuals challenging the official Sandy Hook event narrative. That seems to be the single point of connection.
As recently as this past week, a Sandy Hook researcher whom IMS was not yet familiar with was the victim of criminal harassment, which is detailed in the following article, Sandy Hook Researcher Stalked.
A similar act was committed, targeting a well known Sandy Hook Researcher and IMS member, Tony Mead, Lenny Pozner’s Honr Network: The Fine Art of Online Stalking and Harassment.
The overall issue was expertly equated to a free speech battle by SwanSong in his article for Insane Media, Sandy Hook: Free Speech Battleground.
Although many would argue that Lenny Pozner has shown himself to be unworthy of the respect IMS has extended to him, IMS will continue its practice of remaining neutral except when specifically targeted.
Returning to the IMS Drive account issue, it’s reasonable to conclude that Lenny Pozner has specifically targeted IMS. Even if he wasn’t the party that gained access to the private IMS Drive, it was through his public posting of the stolen material on what is most likely his Google+ account, Honr Network that led to discovery of the problem. It’s as if Lenny has been handed a letter of marquees, granting him immunity for his actions. At minimum, he is in possession of stolen material. IMS wishes to learn how he came into possession of it.