The Wikipedia Signpost
The Wikipedia Signpost
Single-Page View Archives



Volume 3, Issue 19 7 May 2007 About the Signpost

(← Prev) 2007 archives (Next →)

Four administrator accounts desysopped after hijacking, vandalism Digg revolt over DVD key spills over to Wikipedia
Debate over non-free images heats up Update on Wikimania 2007
Norwegian Wikipedian awarded scholarship WikiWorld comic: "Friday the 13th"
News and notes Features and admins
The Report on Lengthy Litigation

Home  |  Archives  |  Newsroom  |  Tip Line Shortcut : WP:POST/A

SPV

Four administrator accounts desysopped after hijacking, vandalism

On 7 May, 2007, four administrator accounts were desysopped as an emergency response after committing acts of vandalism including deleting the Main Page and blocking several other administrator accounts. The incident highlighted the need for improved individual and site-wide password security.

The four users, AndyZ, Jiang, Conscious, and Marine 69-71, used weak passwords that were cracked by an unknown person. Since the incidents, two admins (AndyZ, Marine 69-71) were resysopped after their identities were confirmed.

Incident reports

AndyZ

Admin AndyZ (talk · contribs · blocks · protections · deletions · page moves · rights · RfA) was indefinitely blocked and desysopped after deleting the main page with the edit summary, "My password is password!" Mark logged in to the account and changed the password, and emailed the user asking for an explanation. Late Monday evening, an IP user claiming to be AndyZ posted to the administrators' noticeboard and apologized. AZPR, a semi-bot account operated by AndyZ, also logged in and posted an unblock request at User talk:AndyZ [1]. As of this writing, AndyZ's main account is still indefinitely blocked pending verification of his identity. Because AndyZ had not edited under his usernames for over two months, checkuser verification of his account is not technically feasible (in keeping with Wikimedia's privacy policy). On 8 May, 2007, AndyZ was unblocked per this unblocking request by Thatcher131.

Checkuser evidence on the attacker, meanwhile, revealed that the deletion of the main page was done through an open proxy but that a block of Ryulong was made from an IP address used by BuickCenturyDriver (talk · contribs · deleted contribs · logs · filter log · block user · block log). As a result, BuickCenturyDriver was also indefinitely blocked. While it is possible that BuickCenturyDriver is the culprit behind the main page vandalism, it is also possible that he saw AndyZ's password exposed in the deletion log and decided to play a prank. BuickCenturyDriver has asked to be unblocked, and discussions are ongoing.

Jiang

Admin Jiang (talk · contribs · blocks · protections · deletions · page moves · rights · RfA) was indefinitely blocked and desysopped after deleting the main page and blocking Jimbo Wales. Jiang admitted on his user talk page that his password was "fuckyou", which is the 7th most commonly used password. Mark unblocked Jiang after Jiang e-mailed him from his registered e-mail address, and after a checkuser established that the vandal edits were made from an open proxy, but that Jiang's subsequent edits were made from his long-time IP address.

Conscious

Admin Conscious (talk · contribs · blocks · protections · deletions · page moves · rights · RfA) was indefinitely blocked and desysopped after deleting the main page and several other articles and blocking a dozen or so editors. As of this writing, Conscious has not made contact or requested to have his account unblocked. On May 11, 2007, Conscious was unblocked per this unblocking request by Thatcher131, and was re-sysoped.

Marine 69-71

Administrator Marine 69-71 (talk · contribs · blocks · protections · deletions · page moves · rights · RfA) (also known as Tony the Marine) was indefinitely blocked and desysopped after deleting the main page and blocking several editors. Marine 69-71 requested unblocking on his user talk page and admitted to using a weak password. Checkuser confirmed that the vandal edits were made from an open proxy, but that Marine's subsequent edits were made from his long-time IP address. After he confirmed that he had changed his password, and his son, AntonioMartin, confirmed that his father was in control of the account, he was unblocked and resysopped.

Eagle 101

A fifth administrator, Eagle 101 (talk · contribs · blocks · protections · deletions · page moves · rights · RfA), also deleted the Main Page, but this was an accident caused by his browser locking up. He was desysopped but resysopped 3 minutes later after confirming that his account was not compromised.

Responses

Robdurbar?

Immediately following the incidents, some users questioned whether the attacks were related to Robdurbar's similar rampage, which was not the result of a hacking, but instead was an active and successful effort by banned user Robdurbar, a sockpuppet account of Wonderfool to gain adminship, in order to eventually create havoc (see archived story). However, checkuser Dmcdevit confirmed that the attacker was not related, saying, "I'm very sure Robdurbar isn't related. He's an actual rogue admin, with a university IP as well as his Tiscali ones. No open proxies."

Regaining Adminship

Normally, the decision of whether to restore adminship is left to the discretion of the bureaucrats. In discussions at the Bureaucrats' noticeboard, several bureaucrats have expressed a willingness to "reinstate the rights of any administrator who can demonstrate that the compromised account in fact belongs to him", as long as the editor also affirms that he or she is now using a strong password.

Other editors have expressed the feeling that administrators who compromised Wikipedia's security through a weak password may have lost the community's trust and should have to re-apply for adminship through RFA.

At the present time, only Marine 69-71 has been restored to administrator status.

Password Security

Several editors have called for increased password security. Although administrator accounts make an attractive _target for vandals, any account with a weak password is vulnerable to being hijacked. Editors who do not already have a strong password should consider changing their password or risk permanently losing access to their accounts.

A new proposed policy, Wikipedia:Security, emphasizes personal responsibility for password security. It also discusses potential security weaknesses including weak passwords and packet sniffing, with recommendations on how to access Wikipedia securely. A bugzilla report has been filed requesting several security improvements, such as requiring newly registered users to select stronger passwords and limiting the number of times a user can attempt to log in with an incorrect password, to reduce the ability of crackers to use brute force methods of password cracking.

Lead developer Brion VIBBER has run a password cracker on all administrator accounts and invalidated the weak passwords of several additional admin accounts. These admins will have to reset their passwords by e-mail before logging in again. Wikipedia:Administrators has been amended to note the importance of strong passwords for administrators, bureaucrats, checkusers, stewards and oversighters. HighInBC has sent a mass e-mail to all administrators informing them of the situation and advising them to select strong passwords if they have not already done so.

Several additional security measures have been added to the MediaWiki software or will be added in the near future:

  • Additional logging to better detect dictionary-style attacks
  • After a failed login attempt, MediaWiki now requires the user to validate a captcha image on the second attempt, to limit the ability of automated password cracking software to make multiple login attempts.
  • Several _targeted blocks against known cracking attempts.
  • More automated password-strength checking at login / set-password / change-password time to reduce the danger of guessable passwords. [2]

See also


SPV

Digg revolt over DVD key spills over to Wikipedia

A number of Wikipedia articles got caught up in events elsewhere on the internet this past week, including an unusual form of spam that prompted developer intervention. This came about as the byproduct of a revolt on a popular social news website over the takedown of postings containing a compromised encryption key.

Background

The incident highlights some of the controversial provisions of the Digital Millennium Copyright Act as it relates to digital rights management (DRM). It dealt with the Advanced Access Content System, a standard used on the HD DVD and Blu-ray formats for high-density optical discs. AACS has been the subject of efforts to crack its copy protection since it began appearing on devices last year. A specific key that is part of the system was published in February on various websites, starting with the Doom9 forum. AACS Licensing Administrator (a trade group that manages the DRM technology for these formats) described it as a "processing key" and announced that it had taken steps to render the hack largely ineffective.

The key that appeared in February was a 32-character sequence in hexadecimal notation. It eventually began appearing on the voting-based news site Digg with posts urging people to "spread this number." One of these disappeared from the site, and a follow-up post received an inordinately large number of votes, or "diggs", before it too disappeared. On 1 May, Digg acknowledged that it was removing these postings in reaction to legal complaints. But the posts circulating this key continued to mushroom and collect votes, drowning out other activity on the site. A variety of other websites that covered the controversy also experienced a rash of similar postings in any forums open to public comment. Finally, eight hours after its previous statement, Digg announced it would no longer delete items containing the key, and the site eventually returned to normal.

Wikipedia effects

Unlike Digg, where the entire home page was taken over by posts related to the key until management backed down, the key never appeared on the Wikipedia Main Page. It did get posted repeatedly to various articles, some on topics relevant to the issue, but also on a number of completely unrelated articles. Given the key's appearance in totally inappropriate places and the way things had played out on Digg's website, the developers responded to multiple requests and added it to the spam filter. Greg Maxwell wrote an essay about the problem that formed the basis for the page Wikipedia:Keyspam.

The inclusion in the spam filter prevents any edit containing the character sequence of the key from being saved. This drew objections from editors who thought it should at least be mentioned in the articles on HD DVD or AACS. In response, others pointed out that the incident or even the hack itself could be discussed without reproducing the actual key. The legal ramifications of the decision were also a major topic of discussion, since the DMCA makes it illegal to provide any part or component of technology designed to circumvent technological access controls on copyrighted works. A number of people concluded this would preclude publishing the key, while others argued that the purpose of its use on Wikipedia is not covered by the statute, or else that a lawsuit was at least unlikely.

As explained by Electronic Frontier Foundation attorney Fred von Lohmann, the issue is not one of copyright infringement, meaning that online service providers might not be protected from liability by the "safe harbor" of the DMCA's notice-and-takedown process. Digg CEO Jay Adelson told Wired the company actually received a cease-and-desist letter earlier, not specifically related to the post that sparked the revolt. This would be consistent with the fact that similar letters were sent in mid-April, to Google among others. (The Wikimedia Foundation has not received one; although the New York Times initially included Wikipedia in the reported list of recipients, the paper issued a correction the next day.)

Even with the use of filtering to block the key itself, administrators intervened to protect a number of articles affected by the fallout. And naturally, the entire saga was being documented with its own article, AACS encryption key controversy, covering the incident along with some of the creative manifestations of the key.


SPV

Debate over non-free images heats up

In continuation of the story the Signpost ran last week about featured lists, discussion began Tuesday, involving more than two dozen editors, on the administrators' noticeboard. It concerns the inclusion of fair use images in lists such as that of Family Guy episodes, and the general undertakings of the Episode list WikiProject.

Last month, after noting its effect on the nominees for featured list status, Tompw initiated discussion about modifying the featured list criteria to exclude non-free content from lists. It was aimed mainly at lists for television series which contain a screenshot from every episode. Most in support of the changes stated that screenshots could be used on the articles for individual episodes, but need not be used in episode summaries, which generally contain only one or two sentences about specific episodes. Several editors 'strongly' opposed the modifications, citing various things, including the lack of usability of a screenshot for piracy. Others said screenshots simply made the list more visually appealing and an easier recognition of a given episode, without reading the summary. Discussion on the page continued through April.

On April 30, ESkog removed all of the images from List of Family Guy episodes, claiming a lack of fair use in his edit summaries. Shortly thereafter, an anonymous user reverted the change, but ESkog restored his version some three hours later.

The images in this fair-use image gallery are continually re-added by anons and other editors who seem not to appreciate our fair-use policy which explicitly prohibits decorative uses such as this one.

The anonymous user again reverted the change, after which ESkog made mention of the issue on the administrators' noticeboard. At this point, administrator Ryulong quickly reverted to ESkog's imageless version and protected the page, saying, "fair use violations aplenty." The original posting by ESkog and note of protection at the noticeboard has since sparked nearly 40,000 words of discussion. In it, he described the inclusion of a screenshot for every list as a "decorative fair-use gallery". Cburnett was very unhappy with the change and quick protection by Ryulong, calling it an obvious endorsement of his preferred version. He also accused Ryulong of taking the administrative action of protection against a page to which he was involved in editing. Also troublesome was the definition of "decorative"; several users sided with ESkog and maintained the philosophy that listed screenshots should not be included.

Cburnett queried as to the amount of time that was spent ridding the Family Guy list of non-free images, when other lists, such as that for Naruto, were allowed to retain them. Ryulong then swiftly made his first edits to that list, three of which were formatting-related. The other was a reversion of the restoration by Someguy0830 of Zscout370's removal of the screenshots.

There are 15 featured List of X episode pages. Five of them are currently fine and look like any other featured list, sparsely illustrated if at all. The remaining, however, are overloaded with decorative non-free images. Start your vacuums.

Peregrine Fisher appeared to be the main advocate for non-free image retention. He initially questioned the poor location of the discussion, and later tried to shed light on the decision that had been made regarding a proposed amendment to Wikipedia's fair use criteria. Discussion continued for a number of hours, concerning the number of editors required to achieve consensus, followed by numerous reminders that the discussion was not strictly a vote. Later, WAS 4.250 proposed that smaller (icon) sized images should be used, but the proposal was quickly dismissed. Administrator Cyde Weys, a major contributor to the discussion, said that he had taken the initiative in deleting images that had been orphaned since their removal from various lists.

Gmaxwell provided a list of articles that were featured, but had episode screenshots. The most notable were those of The Simpsons, a series for which there are eighteen seasons. Future Perfect at Sunrise and Picaroon9288 removed the non-free screenshots from these lists. For a number of the other lists, users who were unaware of the discussion on the noticeboard, reverted the image removal. Early Tuesday, Cyde created a page on which lists that have had their screenshots removed are to be added. Several users have since assisted in the massive removal of the images, sparking minor edit wars at various locations; a number of episode lists were temporarily protected because of disputes that arose from the removal of images, which involved multiple editors.

Consensus, or at least a general acceptance of the policy and the subsequent image removal effort, began to emerge Wednesday. Cburnett, who initially was unhappy with the immediacy of the matter and lack of consensus, praised editors for dealing with the issue in a professional manner. Hard feelings finally turned against Wikipedia's vague fair use policy for non-free images. Regarding long-term solutions to the problem, Crotalus horridus proposed a separate Wiki exclusively for popular culture. The forked site would continue to license text under the GNU Free Documentation License, but there would be a much less restrictive use on non-free content. The proposal generated discussion, but was considered unfeasible.


SPV

Update on Wikimania 2007

Plans are shaping up for Wikimania 2007, the annual conference of the Wikimedia Foundation, which will be held from August 3-5 in Taipei, Taiwan. Wikimania is the annual conference of the Wikimedia Foundation, which is the parent organization for Wikipedia and its sister projects. Wikimania is for the community members of the Wikimedia projects to come together and discuss issues and research relevant to the communities, as well as socialize with international colleagues. Previous Wikimania conferences have been held in Frankfurt, Germany and Boston, USA; this will be the third annual conference. They are international events, with last year's conference attracting Wikimedians from nearly 50 countries.

This year's conference will be held at the Chien Tan Overseas Youth Activity Center, a convention center with on-site dormitory style housing. It is in the heart of Taipei, close to the Shilin Night Market. Keynote speakers announced so far include Joi Ito. Other programs will include a film festival, community lightning talks and a Foundation Board panel. As in previous years, there will be a hacking days session for MediaWiki developers before the main conference. There will also be a Citizen Journalism Unconference held on August 2nd. The conference this year is being organized by an international group of volunteers, led by an organizing team based in Taiwan. Help and volunteers are welcome.

Submissions for the conference are open for one more week, until May 15. Submission types include presentations, posters, and workshops, centered around three themes: Wikimedia Communities, Free Content and Technical Infrastructure. Please visit the submissions page for guidelines and to access the submission system.

Online registration for the conference is open, and will be closed on 30 July. Accommodation at CTOYAC is is available from 1 August - 5 August, and visa assistance for overseas travellers is available. See the registration page for details.

For more information, visit the website or sign up for the Wikimania mailing list (which is used from year to year).


SPV

Norwegian Wikipedian awarded scholarship

On 28 April, long-time contributor to the Wikipedia in Nynorsk, Ranveig Mossige Thattai (known as Ranveig), was awarded a scholarship of 50 000 NOK (approx. 8 170 USD) for writing articles on the Nynorsk Wikipedia. The scholarship was awarded by Noregs Mållag, an organization aiming to promote the use of Nynorsk as a written language in every field of Norwegian society.

Ranveig has been a contributor to the Nynorsk Wikipedia since 9 October, 2004, and has more than 26,000 contributions. She has been an administrator since 27 October, 2004, and a bureaucrat since 26 August, 2006. She is currently living in England, studying history.

The Nynorsk Wikipedia was started as a fork of the Norwegian Wikipedia (later to become the Bokmål Wikipedia) on 31 July, 2004. It is the first encyclopædia in Nynorsk to be written since the publishing of the 10-volume Norsk Allkunnebok between 1948 and 1964. The Nynorsk Wikipedia currently has more than 22,000 articles.

This marks the first time a Norwegian Wikipedian has been awarded a scholarship to work on Wikipedia. Ranveig has said she wants to write articles that can be useful for children looking for information online.


SPV

WikiWorld comic: "Friday the 13th"

WikiWorld is a weekly comic, carried by the Signpost, that highlights a few of the fascinating but little-known articles in the vast Wikipedia archives. The text for each comic is excerpted from one or more existing Wikipedia articles. WikiWorld offers visual interpretations on a wide range of topics: offbeat cultural references and personality profiles, obscure moments in history and unlikely slices of everyday life - as well as "mainstream" subjects with humorous potential. The comic can now be found on cartoon site Humorous Maximus.

Cartoonist Greg Williams developed the WikiWorld project in cooperation with the Wikimedia Foundation, and is releasing the comics under the Creative Commons Attribution ShareAlike 2.5 license for use on Wikipedia and elsewhere.



(← Prev)
Signpost archives
(Next →)


SPV

News and notes

Foundation seeking election volunteers

The Wikimedia Foundation is seeking out volunteers who are interested in helping with the upcoming election of three members of the Board of Trustees. The terms of Erik Möller, Kat Walsh, and Oscar van Dillen expire 1 July, and their seats will be filled in this election. Wikimedia chair Florence Devouard, the other elected member of the board, earlier had her term extended until 2008, partly to stagger terms for future elections.

The opportunity was announced by Jan-Bart de Vreede, who as an appointed member of the board has been selected to head up the process. Volunteers have only a short time to make themselves known, as the deadline for applications is 13 May. In order to help with election work, they must forgo the opportunity to run, vote in, or openly support candidates in the election.

Administrator contest

On 29 April, Wikipedia administrator Grandmasterka proposed a contest in which administrators are awarded points for performing various maintenance tasks, aimed at reducing Wikipedia's growing backlogs. Points would be awarded and deducted in a number of areas, including deletions, blocking, conflicts, and protection. For example, participants would be awarded ten points for properly identifying and dealing with a suspected sockpuppet. Conversely, users would be penalized twenty points for blocking a user who was later reinstated after community discussion. The idea for the contest sparked from discussion here, which concerned inactive administrators.

Though in its very early stages, YechielMan and zzuuzz questioned the feasibility of logging all administrator actions, and the diversion of resources it may create. DESiegel, an administrator himself since 2005, quickly opposed the idea for a contest, nominating it for deletion last Tuesday. In his rationale, he predicted over-zealous administrators developing "adminitis", whereby deletions, protections, and blocks are instituted just because such action is easy to take. Over a dozen editors chipped into the discussion, which concluded with a prominent "keep" result on Thursday. Nearly all disagreed with DESiegel, believing the contest would help reduce the backlogs and initiate friendly competition among administrators where it is sorely needed.

Briefly


SPV

Features and admins

Administrators

Eleven users were granted admin status via the Requests for Adminship process this week: Adambro (nom) Bibliomaniac15 (nom). Selket (nom), Matt Britt (nom), Prolog (nom), Croat Canuck (nom), TwinsMetsFan (nom), Stephen (nom), The Rambling Man (nom), AGK (nom), and Sr13 (nom)

Bots

Four bots were approved to begin operating this week: Gerakibot (task request), JabbaTheBot (task request), TonyBot (task request), and VshBot (task request).

Seven bots were approved to begin another task starting this week: Snowbot (task request), MartinBotIII (task request), Jogersbot (task request), NW557Bot (task request), SelketBot (task request), Gnome (Bot) (task request) (task nom 2), and BetacommandBot (task request).

Twenty-three articles were promoted to featured status last week: Eye (cyclone) (nom), Conatus (nom), Samuel Adams (nom), Mom and Dad (nom), École Polytechnique massacre (nom), Cameroon (nom), Russian-Circassian War (nom), York City F.C. (nom), Lage Raho Munna Bhai (nom), Equipartition theorem (nom), Uncle Tom's Cabin (nom), Quatermass II (nom), Original Stories from Real Life (nom), Borat: Cultural Learnings of America for Make Benefit Glorious Nation of Kazakhstan (nom), Manos: The Hands of Fate (nom), Kate Bush (nom), Homer's Enemy (nom), 1998 Pacific hurricane season (nom), Turkish language (nom), The Bus Uncle (nom), Fighting in ice hockey (nom), Bart King (nom), and Pontiac's Rebellion (nom).

Five articles were de-featured last week: Dred Scott v. Sandford (nom), Nuclear weapon (nom), Moorgate (nom), Aquarium (nom), and Cannabis rescheduling in the United States (nom).

Eight lists were promoted to featured status last week: List of premature obituaries (nom), List of Florida hurricanes (1950-1974) (nom), List of counties in Texas (nom), Italian football champions (nom), List of Cuban birds (nom), Grade I listed buildings in Bristol (nom), List of Kashimashi episodes (nom), and List of birds of Belize (nom).

No sounds, topics, or portals were promoted to featured status this week.

The following featured articles were displayed last week on the Main Page as Today's featured article: 1994 San Marino Grand Prix, Scottish Parliament Building, William Monahan, Gilwell Park, History of Tamil Nadu, Elliott Smith, and Rhodes blood libel.

The following featured pictures were displayed last week on the Main Page as picture of the day: Willet, Project Excelsior, Short-beaked Echidna, Metallic Ringtail, Wright Flyer, Lakes on Titan, and Queen meat ant.

Two pictures were de-featured last week: Image:Converted.png (nom), and Image:Frogspawn closeup.jpg (nom).

Five pictures were promoted to featured status last week:


SPV

The Report on Lengthy Litigation

The Arbitration Committee opened two cases this week, and closed four cases. One requested case was not accepted, following the desysopping of an involved administrator.

Not accepted

Closed cases

  • Certified.Gangsta-Ideogram: A case involving the actions of Certified.Gangsta and Ideogram, both of whom Durova and others alleged to have been involved in edit-warring on Taiwan-related articles. Ideogram, who had also been accused of improper behaviour on the community noticeboard, denied the allegations. Certified.Gangsta presented evidence, in which he alleged that Ideogram has engaged in canvassing, wikistalking, and orchestrating an anti-Certified.Gangsta campaign. He also denies Durova's allegiations. As a result of the case, both parties were placed on revert parole, and Ideogram was admonished to "fully adhere to all Wikipedia policies".
  • Betacommand: A case involving the actions of Betacommand. Some of Betacommand's blocks were questioned, and his bot-related actions led to his removal from the bot approvals group. Betacommand noted that he makes numerous username-related blocks, and that most of his blocks were appropriate. Whether Betacommand used his administrative account for bot-related activity, whether he is unique in doing so, and whether such an action should be allowed or not, were also questioned. As a result of the case, Betacommand was desysopped.
  • Freedom skies: A case involving the actions of Freedom skies. JFD and others alleged that he has edit warred to push his point of view. He denied the allegations. As a result of the case, Freedom Skies was placed on revert parole for one year, and limited to one account.

New cases

Evidence phase

  • Piotrus: A case involving administrator Piotrus (talk · contribs) and other editors on Eastern Europe related articles. Multiple parties accuse others of edit warring, incivility, unethical behavior and biased editing. (An earlier arbitration case, Piotrus-Ghirla, was dismissed without prejudice in part due to inactivity of Ghirlandajo (talk · contribs), who was listed a party in the new case.)
  • TingMing: A case involving the actions of TingMing (talk · contribs). Ideogram (talk · contribs) alleges that he has engaged in "controversial edits", edit warring, incivility, and possibly sockpuppetry. TinMing denies the allegations, and alleges incivility on the part of Ideogram.
  • Zeq-Zero0000: A case involving the actions of Zeq (talk · contribs) and Zero0000 (talk · contribs). Zero alleges that Zeq has engaged in POV-pushing, while Zeq alleges that Zero has misused administrative tools in blocking him, the case in particular involving the question of whether probations, article bans, etc. can be enforced by involved admins.

Motion to close

  • Falun Gong: A case regarding the conduct of various editors on the Falun Gong article. Olaf Stephanos and Asdfg12345 allege that Samuel Luo has edit-warred in removing pro-Falun Gong material from the article, while Luo, Tomananda and others allege that Stephanos, Asdfg and others have edit-warred (including page blanking) in removing anti-Falun Gong material. If passed, Falun Gong would be placed on article probation, Mcconn placed on revert parole, and Samual Luo and Tomananda banned from editing the articles or their talk pages.


  NODES
admin 56
COMMUNITY 6
Idea 2
idea 2
INTERN 4
Note 7
Project 6
todo 9
twitter 9
USERS 12