The Anonymous hactivist collective has seen a tool arise from amidst its ranks that seeks to replace the use of Pastebin for releasing manifestos, articles of leaked data, and evidence of past exploits (often criminal or sensitive in nature.)
This project, called “AnonPaste” has been announced in a joint statement between Anonymous and a yet-unknown group calling itself the People’s Liberation Front. The new site appears to be use encryption and an open source project called ZeroBin to ensure security and anonymity to people who publish content. This is a response to the recent announcement by Pastebin that the site would be hiring more workers to clean out sensitive information published on their site.
As paste sites such as Pastebin have become extremely popular with the Anonymous collective and other hactivist groups this would mean that a primary mode of communication and leaks would be cut off. So AnonPaste has been born.
The mission statement reads: “AnonPaste is based on the open source ZeroBin software. It is a minimalist, opensource online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.” And also provides a link to the project page of the open source ZeroBin software being used.
The joint statement calls Pastebin “infamous,” and accuses Pastebin of censorship,
As many might be aware, PasteBin has been in the news lately for making some rather shady claims as to what they are willing to censor, and when they are willing to give up IP addresses to the authorities. And as a recent leak of private E-Mails show clearly, PasteBin is not only willing to give up IP addresses to governments – but apparently has already given many IPs to at least one private security firm. And these leaked E-Mail’s also revealed a distinct animosity towards Anonymous. And so the PLF and Anonymous have teamed up to offer a paste service truly free of all such nonsense.
Among the features listed for AnonPaste include no connection logs, browser-based 256 AES encryption, no moderation or censorship of posts, no advertisements, and a built in URL shortener.
They go on to say that it’s designed to be a place to encourage and enable online information activism without repercussions and even hold politically sensitive information.
The question remains: who and whom hosts the www.anonpaste.tk website and where is it hosted? Certainly due to the decentralized and anonymous nature of Anonymous (and this other unknown group) there’s little oversight and it could be a honeypot. Of course, if everything posted there is entirely public, is shown to collect no connection data, and people posting there wisely connect through TOR or another anonymizing service it won’t matter if it is a honeypot.
Personally, I’d be amused if some group used a free cloud-based service in order to host something similar to this. We’re ever moving closer to botnets enabling exactly this—rogue programs using peer-to-peer connections to transfer and store information in vast networks hiding on other people’s harddrives using a virtual corollary to the Streisand Effect to make sure that leaked documents are always available to anyone who connects to any node of the botnet.
We’ve seen various Anonymous cells attempt to creation of new software, even their own flavor of Linux that was claimed to have ZeuS malware in it (the jury is still out on that) but so far nothing has stuck.
AnonPaste might be a new beginning for releasing and storing sensitive information; or it might get targeted by a government agency or authorities to shut it down and force the amorphous hactivist collective to remain a moving target until they produce the next manifesto and exploit window gallery.