The UN Accidentally Exposed Passwords And Sensitive Data To The Entire Internet


The U.N. accidentally released passwords, internal documents, and other sensitive details when it failed to properly secure its accounts on Trello, a popular workplace project management website.

According to The Intercept[a]ffected data included credentials for a U.N. file server, the video conferencing system at the U.N.’s language school, and a web development environment for the U.N.’s Office for the Coordination of Humanitarian Affairs.” It was made available to anyone who had the links to the material as opposed to specific users granted access.

The security slips were first identified by Security researcher Kushagra Pathak back in August after he conducted Google searches, which led him to public Trello pages that also linked to Google documents and Jira pages. Jira is an “issue tracking app,” as noted by The Intercept.

Despite Pathak’s attempts to notify the U.N., the international governing body first took two weeks to respond and verify they would investigate his concerns. A little over a week later, they told him they were unable to locate the vulnerabilities and asked for more information on how he located the exposed information. “May we request you to provide the exact Google search criteria that was used?” they asked him.

Throughout this time, he continued to send them his findings on the publicly available information.

 “In all, he reported 60 Trello boards, several Google Drive and Google Docs links that contained sensitive information, and sensitive information from a public U.N. account on Jira,” The Intercept reports.

The outlet also says they contacted the U.N. on September 12, and a day later, they started taking down the exposed information.

In an email statement to The Intercept, U.N. spokesperson Florencia Soto Nino-Martinez said :

Some of the boards listed have communications materials which are not sensitive, while some have outdated information. However, we are reviewing all boards on the list to ensure that no passwords or credentials are shared through this medium.

She also said:

We take security very seriously and have reached out to all staff reminding them of the risks of using a third-party platform to share content and to take the necessary precautions to ensure no sensitive content is public.”

The Intercept noted “just some” of the information made available to the public:

  • A social media team promoting the U.N.’s “peace and security” efforts published credentials to access a U.N. remote file access, or FTP, server in a Trello card coordinating promotion of the International Day of United Nations Peacekeepers. It is not clear what information was on the server; Pathak said he did not connect to it.

  • The U.N.’s Language and Communication Programme, which offers language courses at U.N. Headquarters in New York City, published credentials for a Google account and a Vimeo account. The program also exposed, on a publicly visible Trello board, credentials for a test environment for a human resources web app. It also made public a Google Docs spreadsheet, linked from a public Trello board, that included a detailed meeting schedule for 2018, along with passwords to remotely access the program’s video conference system to join these meetings.

  • One public Trello board used by the developers of Humanitarian Response and ReliefWeb, both websites run by the U.N.’s Office for the Coordination of Humanitarian Affairs, included sensitive information like internal task lists and meeting notes. One public card from the board had a PDF, marked “for internal use only,” that contained a map of all U.N. buildings in New York City. Another card had an attached PDF that included a phone tree with names and phones numbers of people working for a division of U.N.’s human resources department. Some cards contained links to internal documents hosted on Google Docs that, in turn, contained sensitive information about web development projects, including a web address and password to access a staging environment to test early features of the website.

  • The U.N. website developers also used a public Jira bug tracker that contained detailed technical information about how the sites were developed and what issues they were having.

Pathak says he thinks organizations make their sensitive information public simply because it’s easier. They can “share the details present on the board with their team members just by sharing the URL of the board with them without adding them to the board,” he said.

How Long Before China’s Exports Are Hammered By Trade War

Two weeks ago we asked “when will the US finally feel the pain from trade wars” and answered: as soon as the $200BN in “phase II” tariffs are implemented, which happened just after midnight on Monday at which point is is only a matter of time before rising prices catch up with ordinary Americans. Today, we reverse the query and ask a similar question for China, which unlike the US has already suffered substantially in its capital markets (and the slumping currency), if not so much where it really matters – at least according to Trump – its exports, the reason behind the US trade deficit.

In other words: When will the trade war affect China’s exports?  

Echoing the above observations, Deutsche Bank, which once again deconstructs the answer, notes that while the US-China trade war has caused “visible damage” to China’s stocks, it seems to have had no impact on China’s exports so far. But now that the US has announced a tariff on US$ 200bn of China’s exports, when will the actual pain to exporters, corporates, and consumers start to be felt?

Well, according to DB’s Zhang Zhiwei, the damage of the trade war has already shown up in disaggregate data. Specifically, after the US imposed a 25% tariff on $34bn of Chinese exports on July 6, US Customs data show that the imports of this group of goods dropped by 10% yoy in July. However, disaggregate data on this level is only available with a lag of about two months, which is why DB expects imports in August for this group of goods to drop further.

The flipside, of course, is that aggregate US  imports from China were strong in July, because of interesting “front running” behavior as traders rushed to lock in deliveries, and prices, ahead of the next tariff round. The US government announced on June 15 that a 25% tariff would be imposed on another group of Chinese goods worth US $16bn, which came into effect on August 23. This caused a surge of imports for this group in July, up to 40% yoy, which in turn helped to offset the slump of imports for the US$ 34bn of goods already facing tariffs in July. Meanwhile, the headline trade data, which is the total US imports from China, remained strong at 8% yoy in July.

In addition to tariff frontrunning, other factors that may have helped China stabilize trade include

  1. strong external demand, as evidenced by the high PMI numbers ( Figure 2 );
  2. depreciation of the RMB against the dollar; and
  3. hiking tax rebates for exporters for some goods.

Looking ahead, Deutsche Bank expects to see a moderate slowdown of exports in the next few months as the front-running efforts may help to smooth out the damage:

The $200bn tariff list was first announced in July. Tariffs will become effective at 10% on September 24, and will increase to 25% on the first day of 2019. Exports could be supported by front-running efforts against this list in Q3. As a baseline expect exports to fall in Q4. But there could be some upside risk, as companies might choose to increase their exports in Q4 to front-run the 25% tariff, even if they need to pay a 10% tariff on them. Exports should drop in 2019 when the tariff rate increases to 25%.

In addition, the US said it may further impose tariffs on the remaining $267bn of Chinese exports. These include major products such as computers, cell phones, apparel and shoes (Figure 3). If the US takes further action on this, it may trigger further front-running in the short run for these products.

In other words, with staggered “frontrunning” of future sanctions, 2018 will likely be a strong year for Chinese trade: as a baseline case, overall exports growth is expected to slow, but only gradually to 7% in Q4 2018 and 4% in Q1 2019. As a result, exports to the US will slow more rapidly, though growth will likely still stay positive in Q4 2018, and finally turn negative only in Q1 2019. It is only then that the trade outlook will be more challenging, especially if the trade war escalates further and drives out some supply chains from China.

Ron Paul Praises New Tax Plan Making It Easier To “Ed-exit”

Authored by Ron Paul via The Ron Paul Institute for Peace & Prosperity,

This week the House of Representatives will vote on a package of bills making the temporary tax cuts contained in last year’s tax reform bill permanent and making additional tax law changes. The bills will likely pass in the House, but will almost certainly be filibustered in the Senate if the Senate leadership tries to bring them to the floor.

The GOP tax plan does offset some of the damage caused by federal control of education by making it easier for parents to escape failing government schools or ‘edexit’. It accomplishes this by allowing money saved in a tax-free 529 education savings account to be used for homeschooling expenses.

This provision will help homeschooling families and inspire more families to consider homeschooling. Homeschooling parents must not only pay for all their children’s education expenses, they also must subsidize government schools via property taxes and other taxes. A commitment to homeschooling may also require a parent to limit or even forgo outside employment.

Despite the financial costs, more families are choosing to homeschool. This is due to increasing dissatisfaction with government schools, greater public acceptance of homeschooling, and the availability of quality online homeschooling curricula, such as my Ron Paul Curriculum.

My curriculum provides students with a well-rounded education including rigorous programs in history, mathematics, and the physical and natural sciences. The curriculum also provides instruction in personal finance. Students can develop superior oral and verbal communication skills via intensive writing and public speaking courses. Students also get the opportunity to create and run their own internet businesses.

The government and history sections emphasize Austrian economics, libertarian political theory, and the history of liberty. However, unlike government schools, my curriculum never puts ideological indoctrination ahead of education.

Unlike government schools, and even many private schools, my curriculum addresses the crucial role religion played in the development of Western civilization. However, the materials are drafted in such a way that parents of any or no religious belief can feel comfortable using the curriculum.

Interactive forums allow students to engage with and learn from each other. The forums ensure students are actively engaged in their education as well as give them an opportunity to interact with their peers outside of a formal setting.

The latest Republican tax plan has laudable features, such as allowing the use of tax-free education savings accounts for homeschooling. However, as long as Congress refuses to offset tax cuts with spending cuts, the benefits of tax cuts will be limited and short-lived. Therefore, while all lovers of liberty should support any and all tax cuts, we must work to pressure Congress to cut spending. Bringing the troops home and shutting down the Department of Education are two good places to start.

*  *  *

Parents interested in my homeschooling curriculum can find out more about it at

China-Japan Maritime Crisis Would Threaten “Belt and Road Initiative”, PLA Warns

Kyodo News has published an internal document from China’s People’s Liberation Army (PLA) that specified a military crisis at sea between China and Japan would severely threaten Beijing’s strategy of peaceful development and its “Belt and Road initiative” (BRI).

The internal report, authored by two military officials at the Naval Military Research Institute and Dalian Naval Academy, suggested the probability of a significant military crisis at sea between both countries is rapidly increasing due to disputes over the sovereignty of the Senkaku Islands, maritime demarcation in the East China Sea, and the development of marine resources in the region.

Last week, a Japanese submarine war drill was conducted in the South China Sea. The Maritime Self-Defense Force (MSDF) said in a rare statement that one submarine and three other vessels performed aggressive maneuvers to deter China’s militarization in the region.

The PLA report, which was published for internal use only in April 2017, warns that a minor misjudgment of the above issues could deteriorate bilateral relations between both countries and lead to a maritime crisis.

As a result, the disruption could jeopardize Beijing’s BRI or the Silk Road Economic Belt and the 21st-century Maritime Silk Road, a series of trade routes that connect China by land, air, and sea to Southeast Asia, Pakistan and Central Asia, and beyond to the Middle East, Europe and Africa.

The second region in focus for a potential trigger point between China and Japan is the East China Sea, in particular, the Japan-owned Senkakus Islands, which are also claimed by China, where the land masses are known as the Diaoyu, and Taiwan, which calls them Tiaoyutai.

In late 2012, a private Japanese landowner sold the group of uninhabited islands to the Japanese government, infuriating Beijing and leading to a brief but acute diplomatic war between the two nations.

“The Diaoyu clearly possess economic and sovereign value, but its military significance is even more evident,” the PLA report states. “Its location is strategically important if we choose to take Taiwan by force. It is also important in competing with Japan for maritime rights.”

The third potential region where a military crisis could emerge between both countries is the Taiwan Strait and the South China Sea.

The PLA report also states Japan’s strategy is to strengthen relations with Taiwan and the US to contain China. In the South China Sea, Japan is said to be jointly working with individual Southeast Asian countries and the US to challenge China’s “legitimate actions to protect its national sovereignty in the area,” the report claims.

To prevent a military skirmish between China and Japan that could spiral out of control and lead to World War III, the PLA report suggests six precautionary measures:

“The first is to ensure both sides maintain high-level official contacts and “properly handle” long-standing disputes, while the second is to have both establish a military confidence-building mechanism and strengthen military exchanges.

Recognizing that the disputes over the Senkakus and the demarcation of the East China Sea cannot be resolved overnight, the article advised, as a third measure, that Beijing and Tokyo establish a “highly efficient” crisis management mechanism that involves government agencies related to such fields as defense, diplomacy, and maritime affairs.

The fourth is to strengthen the capacity for managing a military crisis, including through academic study of maritime crisis management.

The fifth is to strengthen cooperation on maritime security with the United States. The purpose is to avoid involving the United States in a “China-Japan military crisis on the sea” so China will not be “hijacked into a maritime crisis with the United States.”

Finally, the sixth measure calls for China to build a strong navy to ensure its maritime supremacy.”

The PLA report also said Japan as a country has a tradition of “not making enemies with a strong country.” China’s survivability depends on the strength of its naval power. “Only by securing maritime supremacy can we make our adversary flinch,” the report concluded.

As a result, we can now add the smoldering China-Japan maritime crisis to the list of powderkegs ready to ignite into a regional, or global, armed conflict.

Confirming Assange’s Assertion That WikiLeaks’ Source Was The DNC Itself

Authored by Elizabeth Vos via,

Disobedient Media has closely followed the work of the Forensicator, whose analysis has shed much light on the publications by the Guccifer 2.0 persona for over a year. In view of the more recent work published by the Forensicator regarding potential media collusion with Guccifer 2.0, we are inclined to revisit an interview given by WikiLeaks Editor-In-Chief Julian Assange in August of 2016, prior to the publication of the Podesta Emails in October, and the November US Presidential election.

During the interview, partially transcribed below, Assange makes a number of salient points on the differentiation between the thousands of pristine emails WikiLeaks received, and those which had surfaced in other US outlets by that date. Though Assange does not name the Guccifer 2.0 persona directly throughout the interview, he does name multiple outlets which publicized Guccifer 2.0’s documents.

The significance of revisiting Assange’s statements is the degree to which his most significant claim is corroborated or paralleled by the Forensicator’s analysis. This is of enhanced import in light of allegations by Robert Mueller (not to mention the legacy media), despite a total absence of evidence, that Guccifer 2.0 was WikiLeaks’s source of the DNC and Podesta emails.

This author previously discussed the possibility that Assange’s current isolation might stem in part from the likelihood that upon expulsion from the embassy, Julian Assange could provide evidential proof that the DNC emails and Podesta emails published by WikiLeaks were not sourced from Russia, or backed by the Kremlin, all without disclosing the identity of their source.

Julian Assange told RT:

 “In the US media there has been a deliberate conflation between DNC leaks, which is what we’ve been publishing, and DNC hacks, of the US Democratic Party which have occurred over the last two years, by their own admission… what [Hillary Clinton] is attempting to do is to conflate our publication of pristine emails – no one in the Democratic party argues that a single email is not completely valid. That hasn’t been done. The head of the DNC, Debbie Wasserman-Schultz, has rolled as a result.

… And whatever hacking has occurred, of the DNC or other political organizations in the United States, by a range of actors – in the middle, we have something, which is the publication by other media organizations, of information reportedly from the DNC, and that seems to be the case. That’s the publication of word documents in pdfs published by The Hill, by Gawker, by The Smoking Gun. This is a completely separate batch of documents, compared to the 20,000 pristine emails that we have at WikiLeaks. 

… In this [separate] batch of documents, released by these other media organizations, there are claims that in the metadata, someone has done a document to pdf conversion, and in some cases the language of the computer that was used for that conversion was Russian. So that’s the circumstantial evidence that some Russian was involved, or someone who wanted to make it look like a Russian was involved, with these other media organizations. That’s not the case for the material we released. 

… The Hillary Clinton hack campaign has a serious problem in trying to figure out how to counter-spin our publication… because the emails are un-arguable… There’s an attempt to bring in a meta-story. And the meta-story is, did some hacker obtain these emails? Ok. Well, people have suggested that there’s evidence that the DNC has been hacked. I’m not at all surprised its been hacked. If you read very carefully, they say it’s been hacked many times over the last two years. Our sources say that DNC security is like Swiss Cheese.

… Hillary Clinton is saying, untruthfully, that she knows who the source of our emails are. Now, she didn’t quite say “our emails.” She’s playing some games, because there have been other publications by The Hill, by Gawker, other US media, of different documents, not emails. So, we have to separate the various DNC or RNC hacks that have occurred over the years, and who’s done that. The source: we know who the source is, it’s the Democratic National Committee itself. And our sources who gave these materials, and other pending materials, to us. These are all different questions.

The core assertion made by Assange in the above-transcribed segment of his 2016 interview with RT is the differentiation between WikiLeaks’s publications from the altered documents released by Guccifer 2.0 (after being pre-released to US media outlets as referenced by Assange). This finer point is one that is corroborated by the Forensicator’s analysis, and one which it seems much of the public has yet to entirely digest.

Disobedient Media previously wrote regarding the Forensicator’s publication of Did Guccifer 2 Plant his Russian Fingerprints?:

 “Ars Technica found “Russian fingerprints” in a PDF posted by Gawker the previous day. Apparently, both Gawker and The Smoking Gun (TSG) had received pre-release copies of Guccifer 2.0’s first batch of documents; Guccifer 2.0 would post them later, on his blog site. Although neither Gawker nor TSG reported on these Russian error messages, some readers noticed them and mentioned them in social media forums; Ars Technica was likely the first media outlet to cover those “Russian fingerprints.”

The Forensicator’s analysis cannot enlighten us as to the ultimate source of WikiLeaks’s releases. At present, there is no evidence whatsoever to indicate that Guccifer 2.0 was, or was not, WikiLeaks’ source. There is no evidence connecting Guccifer 2.0 with WikiLeaks, but there is likewise no evidence to rule out a connection.

It is nonetheless critically important, as Assange indicated, to differentiate between the files published by Guccifer 2.0 and those released by WikiLeaks. None of the “altered” documents (with supposed Russian fingerprints) published by Guccifer 2.0 appear in WikiLeaks’s publications. 

It is also worth noting that, though Assange’s interview took place before the publication of the Podesta email collection, the allegations of a Russian hack based on Guccifer 2.0’s publication were ultimately contradicted by a DNC official, as reported by the Associated Press. Disobedient Media wrote:

Ultimately, it is the DNC’s claim that they were breached by Russian hackers, who stole the Trump opposition report, which directly belies their allegation – because the document did not come from the DNC, but from John Podesta’s emails.”

Again: The very document on which the initial “Russian hack” allegations were based did not originate within the DNC Emails at all, but in the Podesta Emails, which at the time of Assange’s RT interview, had not yet been published.

Disobedient Media also noted in relation to the Forensicator’s Media Mishaps report:

 “The fact the email to which the Trump opposition report was attached was later published in the Podesta Email collection by WikiLeaks does not prove that Guccifer 2.0 and WikiLeaks shared a source on the document. However, it does suggest that either the DNC, the operators of the Guccifer 2.0 persona, or both parties had access to Podesta’s emails. This raises questions as to why the DNC would interpret the use of this particular file as evidence of Russian penetration of the DNC.”

This creates a massive contradiction within the DNC’s narrative, but it does not materially change Assange’s assertion that the pristine emails obtained by WikiLeaks were fundamentally distinct and should not be conflated with the altered documents published by Guccifer 2.0, as the WikiLeaks publication of the Podesta emails contain none of the alterations shown in the version of the documents published by Guccifer 2.0.

Though no establishment media outlet has reported on this point, when reviewing the evidence at hand and especially the work of the Forensicator, it is evident that the Guccifer 2.0 persona never actually published a single email. The persona published documents and even screenshots of emails – but never the emails themselves. Thus, again, Guccifer 2.0’s works are critically different from the DNC and Podesta email publications by WikiLeaks.

The following charts are included to help remind readers of the timeline of events relative to Guccifer 2.0, including the date specific documents were published:

Image Courtesy Of The Forensicator

Image Courtesy of the Forensicator

This writer previously opined on the apparent invulnerability of the Russiagate saga to factual refutation. One cannot blame the public for such narrative immortality, as the establishment-backed press has made every effort to confuse and conflate the alterations made to documents published by Guccifer 2.0 and the WikiLeaks releases. One can only hope, however, that this reminder of their distinct state will help raise public skepticism of a narrative based on no evidence whatsoever.

It is also especially important to reconsider Julian Assange’s statements and texts in light of his ongoing isolation from the outside world, which has prevented him from commenting further on an infinite array of subjects including Guccifer 2.0 and the “Russian hacking” saga.

Winston S. contributed to the content of this report.

Gossip and views about privacy, gold, wealth, asset preservation