• United States




Wget -r -l 0 obvious

Feb 10, 20143 mins

The Internet had a collective guffaw yesterday at an article in the NY Times that breathlessly described how Edward Snowden used an “inexpensive and widely available software to “scrape” the National Security Agency’s networks, and kept at it even after he was briefly challenged by agency officials.” Wow, didn’t realize he was such a technically adroit mastermind. I can almost see him putting the tip of his pinky finger up to his mouth a la Dr Evil.

From NY Times:

Evidence presented during Private Manning’s court-martial for his role as the source for large archives of military and diplomatic files given to WikiLeaks revealed that he had used a program called “wget” to download the batches of files. That program automates the retrieval of large numbers of files, but it is considered less powerful than the tool Mr. Snowden used.


Hold up, Wget? OK what is Wget then for those of your amongst the readers who might be unfamiliar?


GNU Wget has many features to make retrieving large files or mirroring entire web or FTP sites easy, including:


Can resume aborted downloads, using REST and RANGE

Can use filename wild cards and recursively mirror directories

NLS-based message files for many different languages

Optionally converts absolute links in downloaded documents to relative, so that downloaded documents may link to each other locally

Runs on most UNIX-like operating systems as well as Microsoft Windows

Supports HTTP proxies

Supports HTTP cookies

Supports persistent HTTP connections

Unattended / background operation

Uses local file timestamps to determine whether documents need to be re-downloaded when mirroring

Now then, the question remaining. Wget was, “less powerful” than the tool used by Snowden? So, did he use cURL? Burpsuite? Maltego?

My $deity…it is simply DIABOLICAL!

I completely agree with my fellow writer, Steve Ragan, who mused as to why this story got the notice that it did. While I, along with many others, poke fun at the NY Times article, it belies a much more serious issue. The loss of clarity. There will inevitably be a backlash against tools such as a Wget and others. Some politician will attempt to make a name for themselves by introducing legislation to ban such nefarious wares. While all along missing the point.

This has nothing to do with the tools used. Let’s dispense with that shall we? If a person is caught carrying a hammer it is no indication that they are going to commit either a crime or build a shed. The question that seems to get glossed over here is how was this even possible? Were the internal controls that bad that both Manning and Snowden could easily get away with this? The answer has proven itself out as being yes. 

The abject failure on the part of the organizations to control the access to the data is the real story. These are the organizations that, by their own admission, are there to protect the citizenry but, by virtue of deed had abdicated that responsibility.

What’s the O/U on Wget ending up the focus of some legislation?

(Image used under CC from Lee Bennett)


Dave Lewis has over two decades of industry experience. He has extensive experience in IT security operations and management. Currently, Dave is a Global Security Advocate for Akamai Technologies. He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast.

The opinions expressed in this blog are those of Dave Lewis and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author