Archive for the ‘1st Amendment’ Category
So here’s my thing….
VQX HWMVCUSE JQJFASSNTG QV! X HQ JD ISIAVVE!
Face it.. We are all PWND six ways to Sunday
Every frigging day we hear more and more about how the NSA has been emptying our lives of privacy and subverting the laws of this land and others with their machinations. It’s true, and I have been saying as much since the day Mr. Klein came out of his telco closet and talked about how the NARUS system had been plugged into the MAE West back in the day. We are all well and truly fucked if we want any kind of privacy today kids and we all need to just sit back and think about that.
*ponder ponder ponder*
Ok, I have thought about it and I have tried to think of any way to protect myself from the encroachment of the NSA and all the big and little sisters out there. I am absolutely flummoxed to come up with any cogent means to really and truly protect my communications. Short of having access to the NSA supercloud and some cryptographers I don’t think that we will not truly have any privacy anymore. If you place it on the net, or in the air. We have reached in my opinion the very real possibility of the N-Dystopia I have talked about before in the Great Cyber Game post.
As the pundits like Schneier and others groan on and on about how the NSA is doing all of this to us all I have increasingly felt the 5 stages of grief. I had the disbelief (ok not completely as you all know but the scope was incredible at each revelation) Then the anger came and washed over me, waves and waves of it as I saw the breadth and scope of the abuse. Soon though that anger went away and I was then feeling the bargaining phase begin. I started to bargain in my head with ideas that I could in fact create my own privacy with crypto and other OPSEC means. I thought I could just deny the government the data. I soon though began to understand that no matter what I did with the tools out there that it was likely they had already been back door’d. This came to be more than the case once the stories came out around how the NSA had been pressuring all kinds of tech companies to weaken standards or even build full back doors into their products under the guise of “National Security”
Over time the revelations have all lead to the inescapable truth that there is nothing really anyone can do to stop the nation state from mining our communications on a technological level. Once that had fully set in my mind the depression kicked in. Of late I have been more quiet online and more depressed about our current state as well as our future state with regard to surveillance and the cyberwarz. I came to the conclusion that no matter the railing and screaming I might do it would mean nothing to the rapidly approaching cyberpocalypse of our own creation arriving. ….In short, we can’t stop it and thus the last of the five stages for me has set in. I accept that there is nothing I can do, nay, nothing “we” can do to stop this short of a bloody coup on the government at large.
I now luxuriate in my apathy and were I to really care any more I would lose my fucking mind.
OPSEC! OPSEC! OPSEC!
Speaking of losing one’s mind.. Lately people all have been yelling that OPSEC is the only way! One (the gruqq) has been touting this and all kinds of counterintelligence as the panacea for the masses on these issues. Well, why? Why should we all have to be spies to just have a little privacy in our lives huh? I mean it’s one thing to be a shithead and just share every fucking stupid idea you have on FriendFace and Tweeter but really, if you can’t shut yourself up that is your problem right? No, I speak of the every day email to your mom telling her about your health status or maybe your decision to come out etc. Why should the government have the eminent domain digitally to look at all that shit now or later?
If you take measures to protect these transactions and those measures are already compromised by the government why then should you even attempt to protect them with overburdened measures such as OPSEC huh? I mean, really if you are that worried about that shit then go talk to someone personally huh? I know, quite the defeatist attitude I have there huh? The reality is that even though I claim not to be caring about it (re: apathy above) I actually do but I realize that we no longer have privacy even if we try to create it for ourselves with technical means. If the gov wants to see your shit they will make a way to do so without your knowing about it. I fully expect someday that they will just claim eminent domain over the internet completely.
Fuck OPSEC.. I want my government to do the right thing and not try to hide all their skirting of the law by making it classified and sending me an NSL that threatens to put me in jail for breaking the law.
Fuck this shit.
CYBERWARZ
Then we have the CYBERWARZ!! Oh yeah, the gubment, the military, and the private sector all have the CYBERWARZ fever. I cannot tell you how sick of that bullshit I am really. I am tired of all the hype and misdirection. Let me clear this up for you all right here and right now. THERE IS NO CYBERWAR! There is only snake oil and espionage. UNTIL such time as there is a full out kinetic war going on where systems have been destroyed or compromised just before tanks roll in or nukes hit us there is no cyberwar to speak of. There is only TALK OF cyber war.. Well more like masturbatory fantasies by the likes of Beitlich et al in reality. So back the fuck off of this shit mmkay? We do not live in the world of William Gibson and NO you are not Johnny Mnemonic ok!
Sick. And. Tired.
I really feel like that Shatner skit where he tells the Trekkies to get a life…
Awaiting the DERPOCALYPSE
All that is left for us all now is the DERPOCALYPSE. This is the end state of INFOSEC to me. We are all going to be co-opted into the cyberwarz and the privacy wars and none of us have a snowball’s chance in hell of doing anything productive with our lives. Some of us are breaking things because we love it. Others are trying to protect “ALL THE THINGS” from the breakers and the people who take their ideas and technologies and begin breaking all those things. It’s a vicious cycle of derp that really has no end. It’s an ouroboros of fail.
RAGE! RAGE! AGAINST THE DYING OF THE PRIVACY! is a nice sentiment but in reality we have no way to completely stop the juggernaut of the NSA and the government kids. We are all just pawns in a larger geopolitical game and we have to accept this. If we choose not to, and many have, then I suggest you gird your loins for the inevitable kick in the balls that you will receive from the government eventually. The same applies for all those companies out there aiding the government in their quest for the panopticon or the cyberwarz. Money talks and there is so much of it in this industry now that there is little to stop it’s abuse as well.
We are well and truly fucked.
So, if you too are feeling burned out by all of this take heart gentle reader. All you need do is just not care anymore. Come, join me in the pool of acceptance. Would you care for a lotus blossom perhaps? It’s all good once you have accepted the truth that there is nothing you can do and that if you do things that might secure you then you are now more of a target. So, do nothing…
Derp.
K.
BORN ON THE FOURTH OF JULY
jw hnne pjofkeq lhr Juoacbf
REVELATIONS
On this fourth of July as I sit here early in the morning I am left to think on all that is going on and the future from this moment on regarding the NSA revelations by EJ Snowden. Since coming out to Glenn Greenwald and the Guardian “We The People” have been getting the veil ripped away for us on some of the actions of our government for our “safety” from terror. Said actions have been in my opinion the end running of the constitution, the laws of the United States, and the bamboozling of the governed by the governors through the manipulation of fear and secrecy on the populace. The rubric of capturing all data to target only the wicked terrorists is a falsehood. No matter the protestations of the Clapper’s of the secret squirrel world that their machinations have defeated (X) amount of plots against us can assuage my fears that the system could and already has (by Snowden) be abused. Thus the assurance of “Trust us” by the government is hollow at the very least if not disingenuous.
It is said there are to be more revelatory things to come from “Snowman” but I think we should all be upset enough already to be storming the gates of congress seeking redress as it is. Let’s all face it, a system has been created to tap us all. No matter what is said about how it is run by laws that have been created to subvert our most basic of laws to start, the system itself presents a threat. We are now seeing congress going into action as well trying to shed some light on things that have been in fact lied about in their hearings but I fear that a combination of secrecy, our own collective apathy, and an ineptitude on the part of our representatives has already won out and this security industrial complex has rooted itself too deeply to be excised or even pruned. Know you all though, that it’s out there and that our most sovereign of ideals that our country was founded on has been tattered. Tattered by our own elected officials to “protect us” like children who cannot handle a boo boo.
MOTIVATIONS
Much has been made on the motivations of EJ Snowden and I will just throw my psychological hat in this ring right here and now. Given what I have seen of this man I think he has a narcissistic streak a mile wide and an active imagination that he is Jason Bourne or 007. That said though, I think his core belief here is that he was doing the right thing. I cannot fault him there because what he has shown us all is that the government is spying on us all no matter what they say. Collecting all data, saving it, and then choosing to sift through it is in fact a power that no one should have collectively on us all in one database. Think of this program as the one ring and you as Frodo.. But you have are wearing the one ring all the time and Sauron see’s your every move. Unless you go completely Luddite the government is going to have your number figuratively and literally and that is damn scary no matter the alleged protocols that they have in place.
So, now we come to the time where the attacks on Snowden, the media manipulations that go on for ratings, and the government spin makes him to be the story more so than the actual programs that he has brought to light. It is important here to not care about our boy Snowden any more than an amusing character in a larger passion play. Please consider “Snowman” the Falstaff to the Harry of the government. He is but a cipher to a larger story. Let EJ hang around in Shermeteyevo and pay him no more mind. Pay attention to the real problem here, and that is the programs that he has shown us all are out there and capturing all our data. Don’t get lost in the media derp.
PROTESTATIONS
Look to the Congress people! Look at history as well. If Nixon had had this technology we would have all been not only listened to but we would have become dissidents under the watchful eye of the likes of J. Edgar in some prison for having the temerity of not believing as he did. Power corrupts and absolute power corrupts absolutely as the saying goes. These programs in tandem with the laws being created around them to allow for the bypassing of other laws is absolute corruption. I do not care to hear the prevarications or the finagling that the government is tap dancing to to allow these things. It’s just wrong no matter the intent and it all stems from an administration that thought that torture was legal and sought to legalize it with the Yoo Memo’s. What was it that Nixon said? “If the President does it it is not illegal” I’m sorry no, it is illegal and immoral and a beast that has been created that cannot be controlled. I look at all of this and I keep going back to Caesar. Caesar was a great general and was installed during a time of great need to have a man like him running things. He won the war and then decided that he should be ruler in perpetuity, an emperor. I think we have crossed that same Rubicon today with these programs and I fear that it will not end and they will be abused.
All hail Caesar.. SPQR
K.
Creating Your Own Privacy & ROI
img courtesy of XKCD http://xkcd.com/
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Preamble
With all the alleged revelations over the drift net surveillance happening to us all by the government I and others have been pondering the processes needed to protect one’s communications online and over the phone. Wired and other venues have put out reasonably ok articles on this but generally I think they have lacked on the ROI factor for the varying degree’s of surveillance that has been carried out for some time now, not just the NSA with PRISM. The immensity of it all I think can put one off on the idea of being able to keep their privacy especially given the pains that one must take to keep it on the nation state scale. However, there is much that could be done to have a modicum of privacy but one just has to understand the idea of OPSEC and have some technical base to work from in order to use the technologies such as TOR or CRYPTO in the first place. It is another thing altogether to keep that mindset every day and to understand the import of their use and the cause and effect that comes from failing to use them.
PRISM and NATION STATE SURVEILLANCE
As Ali (@packetknife) alluded to on the “Loopcast” recently with me, the idea that someone can completely deny the nation state program of surveillance is a tough one to swallow today. We all are connected to the net in some way whether it be your smartphone or some other connected device that we carry with us 24/7. In the case of the smart phone the utter and total pwn that goes on there is spectacular to think about. There is no need for tinfoil hat conspiracies about barcode tattoo’s on one’s neck here, all you really need is an iPhone and connectivity to know quite a bit about a person. This is why the metadata issue is a big one and people are seemingly unable to comprehend it. Let me clarify this for you all by also saying that not only are the calls to and from being easily monitored and mined (stored later for perusal when needed) by the NSA it seems, but also the GPS data as well. Remember the hubbub over the Apple collection of GPS data on the phones a couple years back? Remember the outrage on some parts over this? Well, now look at that in relations to how much of that data is accessible by the government too in this program. More to the point and this has not really been talked about, but are they correlating that data as well in the phone surveillance being carried out? My assumption is yes but like I said that seems to have been dwarfed and drowned out by the PRISM revelations.
Ok so now we are being data mined and correlated on the phone calls we make (metadata). Of who we are calling, how long we are talking, and when as well as the GPS (location) as well? All of that data is very informational about the habits of a person alone but start to analyze it from a personal and psychological perspective and you can build quite the dossier on someone without even having to listen to their conversations. Which I hasten to add that there are rumors of the caching of conversations generally not just under warrant from FISA. At this level, the nation state level of surveillance, one cannot hope to really be secure in their communications using technologies as they are because of the access the government has built for themselves post 9/11 with the Patriot Act as it’s fulcrum. Access mind you that we are giving them by proxy of the devices we buy and the services that provide the connection because without them we have no way to communicate other than in person or pen to paper with the post offices help right?
All of this though does not mean that the government is spying on you now. What it means though is that the legalities have been created or bent to the will of the government to have the illusion that the wholesale collection of all kinds of data for later use of anyone using these systems is legal. It also means that no matter the protestation of the government and the law enforcement bodies that they take all due care not to collect/use/surveill you vis a vis your data that there is a chance that someone within the system “could” and “might” do so outside of the rules and that is the problem here … Well other than the Constitutional, moral, and ethical issues that is. Just because it is against the rules does not mean someone won’t do it if they have the access. You know.. Like EJ Snowden having access to highly classified data that perhaps he shouldn’t have? Or furthermore the availability of Mr. Snowden being able to insert a USB drive into systems and siphon off said data to give to the press or anyone who’d listen right?
PRIVATE SECTOR or THE LITTLE SISTERS
Another issue that seems to be taking a back seat here is the notion of the Little Sisters to Big Brother. This idea springs from something I alluded to above in that the corporations that offer you the services (Gmail/ATT/Facebook etc) all collect data on you every minute of every day. They use this data for advertising, data mining, selling that data to other companies to form synergies on how to sell you on things etc. It is this practice of collecting all this data on us and our complicity in it that has given rise to the drift net approach that the government has taken with the surveillance programs like PRISM. The government is simply leveraging the capacities that are already there in the first place! You want to blame someone for this mess? Look in the mirror as you have allowed your data to be collected in the first place. YOU have placed your minute details out there on the internet to start with in email or posts to Twitter and Facebook for example. YOU are the culprit because you fail to understand OPSEC (Operational Security) and just scattered it on the net for anyone to see.
Of course other bits are more arcane. Cookies, tracking data within browsers and the like also give away much data on who you are, what you like, and allow the marketers to tailor ads for you when you go to sites that pay for the services. The aggregate of all of this data makes a digital portrait of you that unless you take pains to disallow the collection, will be sold and used by the corporations to package YOU as the commodity. I mean, how do you think Facebook works? It’s a social contract to connect to others and allow Facebook to make money off of your habits. Zucky is not in this to win a Nobel Peace Prize here ya know.
So when you think about all this surveillance going on please remember that you are complicit in it every time you surf the web, make a facebook post, a tweet, or send an email unencrypted (Google analytics kids) because they are all sifting that data to “get to know you better” *cough* It’s just a friends with benefits thing as the government see’s it being able to just hit them with an NSL and plant a server in the infrastructure to cull the data they want. As long as it doesn’t effect the bottom line (money) for them I suspect their worries about privacy are, well, pretty low on average. I mean after all you have already signed away your rights have you not? The little sisters are insidious and subtle and I am afraid they have already become metasticized within the society body.
The Only Privacy You Can Have Is That Which You Make Yourselves
“The only privacy that you have today is that which you make for yourself” is something I said a while back on a blog post or podcast and I still stand by it. It seems all the more relevant in the post Snowden world today. By creating privacy I mean leveraging technologies like encryption to keep your communications private and OPSEC to consider how you transmit information over the internet and telco. There are inherent problems though with all of these things as you can always make a mistake and end up leaking information either technically (an instance would be logging online with your own IP address to something) or process wise like putting your current location on Facebook and saying you’re on vacation for two weeks. It is all a matter of degree though and even if you are practicing OPSEC there are things outside of your control when the nation state is looking to spy on you. There are just no two ways about it, you can only fight the nation state so much with technology as they have more resources to defeat your measures eventually by end run or by brute force.
On the level of defeating the little sisters, well the same applies but with limitations. You can in fact surf the net on TOR with NOSCRIPT, cookies disallowed and on an inherently anonymized OS on a USB stick right? The little sisters can only do so much and they only interact when they see a profit in it. They after all are not looking to be voyeurs just for the fun of it. They want to sell you something or sell you as metadata right? However, if you start to anonymize yourself as much as you can and you are diligent about it you can stop the Little Sisters which in turn may minimize what the Big Brother can use too. The caveat is that you have to take pains to do this and you have to know what you are doing. There are no magic easy button offerings on the shelf that will hide you from them all and if you care then you will take the time to learn how to perform these measures.
ROI On Privacy
Finally, I would like to take stock of the fight here that you need to take on and what the ROI is for each adversary involved. In reality unless you go off the grid, change your identity and never touch another piece of technology ever again there is a high likelihood that your information will be tracked. One may in fact create a separate identity to pay bills with and use that one to surf online as well as other things but that is an extreme just like the idea of becoming a Luddite. There must be a middle road where you can feel that you are protecting a certain portion of your lives from the unblinking eye of the companies and governments that own or access the technologies that we use every day. You have to though, understand all of this and accept that in the end you may fail at keeping your privacy yours and yours alone. Come to grips with this and be smart and you can have a modicum of success if you are diligent.
A for instance of this ROI would be on the phones. If you TRULY want to be private then you have to lose your smartphone that you have billed to you and buy a burn phone. Cash is king and there is no information taken if you do it right. The unfortunate thing is that you then have to call only others who have the same burn phones out there without any metdata that ties it back to their real identities. You just try getting mom and dad to buy burn phones to talk to them on… It’s not that easy. So really, some of the ROI is minimized by the nuisance factor. The same can be said for the lay individual who is not going to go buy encryption products nor are they capable of installing a Linux system and running something like GPG. This is not going to work for everyone as well as not everyone is going to care about their privacy as the recent Pew poll showed where 56% of polled ok with surveillance program by NSA.
In the end it all comes back to the idea that you create your own privacy by your own actions. Do not trust that the government is going to protect your privacy and certainly don’t believe that the corporations will either. I mean, just look at how many spectacular fails there were on passwords that weren’t hashed or encrypted in any way by companies hacked by LulzSec. As well you should not trust the government, no matter how well intended, that they will be ABLE to protect your privacy as we have seen with recent events like Brad Manning’s theft of (S) data as well as now Snowden (TS/SCI) The actions of one person can be the downfall of every carefully crafted system.
So what is the ROI here? Well….
NATION STATE:
Crypto and anonymized traffic online will minimize your footprint but eventually they will break you if they want to. You have to be exceptional to fight the nation state level of surveillance. As for the driftnet out there well, unless you go luddite they have a lot of data to sift and commingle. They have a pretty good picture of who you are and much of that comes from the little sisters. Your ROI here is minimal because they have the power and the thing you MUST remember is that CRYPTO IS YOUR FRIEND!! Encrypt sessions for chat and emails and you will leave them with the task of either having to break that crypto or hack your endpoint to see the plain text. Make them work for it. Otherwise you may as well just BCC the NSA.GOV on each and every email today it seems.
LITTLE SISTERS:
The little sisters though are another thing. You can in fact obscure a lot of what you do online and through telco but you have to be diligent. It means time and sometimes money (burn phones or laptops in some cases) to obfuscate as much as you can. The ROI here is that IF you take these pains you are then able to deny them easy access to your habits and patterns. If you start using crypto in sessions and in communications like emails then you will be also geometrically heightening your privacy status. But you have to do it.. AND that seems to be the hard part for many whether it is laziness or apathy I am not sure.
Privacy is what you make of it… He says as he hits enter on a public blog post!
K.
[Jmhhw Kutdegc ohl Vmgi Uizvsr pspmspw avuzyiw ypicl Qephcv Tmwfcj’a yere. Kutdegc plqfkw sd Vqklsn vcukipd.]
Polvc Ayzfiui: Elr npwr, xfslm’k Qephcv Tmwfcj…[tgsoq on i xspbsl ezmpc Auzlmr fom i tpely mbsvi. Uoftsgi rilvk xlc titviv rc mpga mr vua fs tydyzk] Li bcyaf’x wcsg bg lets u xswx.
Zwmpgt: [Ayzea saew] W’g agvvw, pob A hsl’h qwjo jmf npw kstslveirr.
Rckc Kspriv: Oi hm. [Gbwow e aoll] Fexgchid Wiailqlc Eeshkq.
Fmqvix: Sl. Cmi’lm lli eisa A liyf vzwexfwho gr xfs ibziv cbx wx qc nvivw.
Hmay Awjhsl: Bi, bzex’q hbm XFM. Us’lm fsx avuzlivcr zwj hsksmbag wsfpmappybwm.
Tmwfcj: Wz, M wcs. Swm nyqh idwvxffie yszcfhuwrxq. Gyb mt jpwyvvpc bwwbsxspg.
Xquo Kmfxwf: Rs, rvub’k xlc QCI. Oi tpcnmux ssf awnivlayvl’w gmagcfmgyhcwfw, ac hlg ls fpsus lli mhbmj jijzu’a ushcg. Qm’ji xfs awgh ksmm, Usvxw.
Pcazst: Esy, Q uer’r hytd css kbil e vczcmx xlyh ca…Vmgi.
Rckc Kspriv: Uleluy ggyv kwhl, uepj im il xlgg hcefip… [ucdww Fggbwh e jmzxmv tmcqy wx tensl] Uj. Fvgqy.
SHMOOCON 2013 ROUNDUP
xboymqiqzz
Takeaways:
Well another Shmoocon has come and gone. While much fun was to be had I could not help but notice that there was a definite theme going on in talks this year both on and off the stages. That theme was just how much we are all being screwed by the legal system today as well as how much damage could be done to anyone at any time because the laws are either being abused or are ill suited to apply to the crimes that people are being charged with. In many cases the talk this year centered around fundamental rights granted by the Constitution that are steadily being eroded or tossed out the window because the word cyber has been placed in front of the charges.
With stories like the DHS’ right to search any of your hardware within 100 miles of the border to seizures of domains without having to produce a reason why we should be talking about it. Frankly we should be doing more than just talking about it we should be assailing the government with questions and attempting to protect our rights. Unfortunately what we have seen is that even trying to protect our rights cannot be done easily without a great amount of money and time while lawyers bill you many hundreds of dollars an hour. Without money we have pretty much no hope of changing the laws even with the likes of EFF trying to do so.
This conference just seemed to show that we are realizing these things more overtly because of late the law has been making some rather harsh decisions against the innocent as well as the guilty. For me though, when I see misdemeanors turn into felonies because they are compounded together in order to have a bigger win in the press and to further a career I see the scales of justice as being broken. The realization, which we all have but we put away to lead our daily lives and keep our heads down is that the law only really serves those who have money. The more money you have, the more malleable you can force the law to be.
The Law Won’t Protect You:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
It seems that since 9/11 the 1st and 4rth Amendment have become trite in some ways to the government. From the moment that GW Bush said you better watch what you say to today’s full blown surveillance state we have seen these fundamental rules be put aside by the government. Sometimes this is overtly but mostly it is done in muted ways that people are not paying attention to. The instance of the DHS’ right to search any hardware you have within a 100 mile radius of the border is part and parcel to this idea that they can do whatever they wish in the name of anti terrorism. A review of the privacy record for DHS generated a report that once really read shows they had no issue with this and thought that it was not a privacy issue whatsoever.
Evidently, the 4rth Amendments statement on reasonable search and seizure is moot if some $10.00 an hour security guard feels that I am an imminent threat with that laptop. I guess though that’s just par for the course in a world where warrant-less wiretapping is the vogue and approved by the government even though they were mandated by law to get things like FISA warrants to do so. It’s interesting to note just how quickly the government was able to re-jigger the laws around that in their benefit to allow for this as well as say rationalizing torture too. It’s all a matter of who’s got the juice and the legal teams to wordsmith language to allow what they desire to become the rule of law. It seems today that the laws to protect you are just platitudes and if you believe in them you are deluding yourself to some extent.
The Law’s Allow Over-Reach and Companies Like Microsoft Are Abusing That:
Another talk by @theprez98 was about how Microsoft in particular but also the government were seizing domains inside as well as trying to outside the country. The cases where Microsoft has been taking liberty with the law surrounds the C&C’s for malware like Zeus. These takedowns make the news and Microsoft get’s a boost for being the whitehat here but in fact they are using their great wealth to manipulate the law in their favor to carry out these extra jurisdictional actions. What it amounts to is a private company seeking approval from a judge to carry out actions that the police really should be but are not.
In the case of the Zeus takedown they seized assets and domains of not only the botmasters but also innocent victims in the process. The same has happened with the government taking down domains under seal. This means that the collateral damage (aka other peoples sites that had nothing to do with this to start) end up losing their data, have no real means of seeking redress (sealed means secret) and in the end lose money and time because they happened to just be in the way. Of course lest we also forget that if their site happened to have some content that may be considered illegal in some way, then they too could be charged in another case because suddenly their data is considered “plain view” This means that since the government could see it even without a specified warrant they could then act upon it.
Microsoft has been prosecuting these cases with more frequency as they keep citing earlier cases that they won approval from the judge to prosecute and thus case law is made. This precedent makes it all the more possible for any other company to make the same case and as such more searches and seizures could happen by companies and not the law enforcement community. I guess my question then becomes how long until the government privatizes the “net police” ideal and places it in the hands of the likes of a Xe? Will we have letter of digital marque as well one wonders as it becomes more expedient for private companies to police things on the internet.
The Government Is Ill Equipped To Handle Technology and Create Law:
A second talk that focused on the law and how poorly it is equipped to deal with modern technological issues was presented by the EFF at Shmoocon. This talk focused on two cases, the first being the case of Aaron Swartz. Aaron took his own life recently and many believe that it was prompted by the judicial over-reach against him in the JSTOR case. While Aaron did a couple things that could warrant misdemeanors the prosecutors in the case concatenated them change these into felonies. In the end the releases by the prosecutors were claiming that Aaron could go to prison for 35 years after downloading too many documents from JSTOR.
In Aaron’s case as in Weeve’s the interpretation of the 1984 CFAA (Computer Fraud and Abuse Act) allows for quite a bit of abuse and no substantive changes have been made to that law since it’s inception. As such the law is out of date and ill equipped to apply to much of anything that can happen today. Of course in the case with Weeve this is plainly shown because the data was publicly available and no escalation of privilege was carried out to get it. The access of the ATT data was as easy as tying in a URL yet ATT has made this a federal case and Weeve the target of some pretty hefty jail time as well as fines.
It was plainly seen in the presentation by EFF that the current laws are outdated and that the law makers are not very clueful on how things work today in a digital world. In a way one can infer that they like it this way because it leaves much more for interpretation and misuse but I don’t want to be too dark here. I guess I will just stick to the theory that they are all old and really do consider the internet to be a series of tubes. Either way unless we force change on this and get them to change the laws to reflect reality we all are subject to wrongful if not over prosecution because the current ones are too open to abuse by prosecutors seeking to make a name for themselves.
We Need To Know Who You Are So No Pseudonyms Allowed:
Evidently it’s also too hard for the government to know who’s who so there are pushes on to have a “Real ID” on the internet as well as AFK. Another talk at Shmoocon was about the idea of identity and how companies like Facebook as well as the government are seeking to apply rules on “Persistent ID” Since the lawmakers find technology so hard to understand and privacy is an antiquated idea they just seem to think that foisting a persistent ID on us will make it all better. Since you have persistence, you won’t do anything like troll anyone online will you? Sure, that’s going to work swimmingly don’t you think?
I am constantly surprised by these people and entities that seem to think that privacy is dead or that it is not needed. The reason people take up pseudonyms is because they wish to speak their mind not only to commit crime. In fact they are likely to really be afraid that the act of speaking their mind may in fact be a crime. You can see this going on in various countries today with authoritarian or theocratic governments. I myself have been taken to court over things I have said as well as have been warned not to rock the boat for fear of more litigation or other negative repercussions. I guess then that the 1st Amendment is just a piffle right?
Out of all of the talks this one scared me the most. This movement to mandate identity online is more venal than any talk of the government trying to erode the 2nd Amendment to me. Why you ask? Because this is something that the governments as well as corporations can get past people’s cognitive dissonance as opposed to taking their guns away. Just how much privacy have we already lost today with the likes of Facebook and others online? How much of your PII data circles the globe in databases showing connections to who you are, where you are, and what you buy? Think about it in the context of linked databases and you can start to see where I’m going here. We have already given up a lot so what’s the big deal in getting a drivers license on the net huh?
I guess the most astounding thing though to me is that the government as well as Facebook think that this will in fact end pseudonym use. If they try then those really seeking to be anonymous will just use someone else’s ID right? The person intent on doing so will just fabricate or steal another ID and thus the waters will be muddied once more. It is galling though that in today’s world we have entities like Instagram that want you to take a photo of your government issued ID to verify who you are and send it to them online.
HOLY WTF!
The Military Leaders Are Old and Do Not Understand The Technology:
Finally, I learned that the leaders of our government and the military on average tend to not understand “internet” I know shocking huh? A talk given at Shmoocon on cyberwar “Hacking As An Act of War” was enlightening to some in the room but for me it was status quo. The fact of the matter is that the people running the wars are old. Those actually prosecuting it are young though. As Mark Hardy said in his presentation “Once the older generation is out of control, the younger generation will be better able to make the changes needed to fight the next war online” and I’m paraphrasing there but the sentiment is true.
The same goes for the policy makers where this is concerned as well. The paradigms have changed but those in charge have not nor have they tried to keep up with what’s going on. How many times have we all seen pieces in the news where some senator somewhere says something that clearly shows they have no clue what they are talking about? Now imagine that you are someone who’s an expert on that subject. All you can do is hang your head and walk away. I personally have tried with Senator Droopy Dawg to no avail to get across to him that his arguments are only crying wolf instead of being substantive and clued in. Of course nothing came of my trying, not even a response. …Even when I was nice about it.
Now consider the prosecution of war with a digital aspect. Mr. Hardy gave us some great information on the Tallinn manual as well as insight into NATO’s ideas on how to classify and prosecute the laws around digital or 5th domain warfare. At times they seemed to just be out of touch with reality but at least they are trying. The issue though is that this is all Terra Nova and the people trying to assess it are still locked into ideas that pre-date the internet. It’s akin to taking George Washington and placing him in the middle of a firefight in Viet Nam. I should think that George is not going to last long as a warfighter in such a scenario because he lacks the comprehension of the weapons of war for that era.
In other words we are screwed.
Final Thoughts:
Overall Shmoocon was a good time. Much more for the LobbyCon that was constantly going on than most of the presentations though. It was enlightening in many ways to talk to others about what was going on not only technically but moreover their concerns about the same issues as I have laid out here. We live in perilous times where the law and internet are concerned. Our ideals of privacy are at risk as well as our rights according to the Constitution. We are increasingly living our lives within the medium of the digital and yet we fail to see the machinations going on to spy on us with more regularity and impunity.
We are abdicating our privacy as well by allowing companies to keep have our data because we don’t read a EULA and encrypt our transmissions. In so many ways we will be the ones to blame when our data us used against us because we did not carry out the due diligence to protect it. We should not trust in Twitter to protect those conversations we have in DM because their EULA says that nothing you do there is private. … Even a direct message outside the Tweet stream. We need to either say no to these services or force them to change their EULAs to allow for some privacy. Failing that we need to protect ourselves with crypto. The question then becomes, as was intimated to me on a couple occasions this weekend, “Just how long until crypto becomes regulated as a munition again altogether?”
It’s a brave new world kids, best start paying attention.
K.
Detecting Psychopathy Via Tweets? A Flawed Premise May Present Dire Consequences
In contemporary research and clinical practice, Robert D. Hare’s Psychopathy Checklist, Revised (PCL-R) is the psycho-diagnostic tool most commonly used to assess psychopathy.[1] Because an individual’s score may have important consequences for his or her future, and because the potential for harm if the test is used or administered incorrectly is considerable, Hare argues that the test should only be considered valid if administered by a suitably qualified and experienced clinician under controlled and licensed conditions.[2][3] Hare receives royalties on licensed use of the test.[4]
Background Sources:
Preamble:
A paper and talk being given at Defcon 20 this week has gotten people all worked into a lather within the news arena and has piqued my interest. The talk centers around the premise that one may be able to determine psychopathic traits (psychopathic and sociopathic behaviors) from of all things, the analysis of tweets. Now, this may be a novel idea to some and it certainly seems the news has latched onto this, but, in the cold hard light of day, this premise has way too many failures to be actually applicable to gaining any insight into anyone’s psyche via Twitter.
In this article I am staking out my contention that this is not a suitable means of diagnostics of this type and in fact, were it to be followed up on and used, would lead to bad results and perhaps the citation of individuals online as being “Psychopathic” when they are not the least bit so. As such, this talk may be an inquiry into whether or not this is possible, but, had the research been carried out to the extent of reading the materials and their ancillaries, one would quickly come to grips with some salient facts that make this method of detection untenable. As the media hype has already started on this, I think it prudent to speak up on this here and now, as well as write an after piece once I have sat through the talk and had a chance to see exactly what they say they believe possible in the end.
A Flawed Premise:
Having read the original paper by Hancock, Woodworth, and Porter, (Hungry like the wolf: A word-pattern analysis of the language of psychopaths) the experiment clearly states that they had chosen a sampling of criminals convicted of murder (various degrees of which) and verbally interviewed them on their crimes. The method of interview was strictly adhered to and was a known and well used process including blind interpretation (where the interviewer did not collate the data on psychopathy, just transcribed dialog and logged emotional states) Once the transcription was done (including disinfluences *uh and um*) this text was taken and run through the wmatrix and other tools to determine the languages affinities for psychopathy and other mental states. This “text” is actual “dialog” and as such, is not the same as the “written word” that the speakers at Defcon are going to be assessing in their presentation, and this is a key difference that I am unsure they have taken into account. Writing is affected and not natural to many (i.e. fluid dialog in writing) Add to this that you are talking about the emoting of data/emotion vis a vis Twitter at 140 characters at a time AND using quite a bit of word shortening and slang, and the premise of using “language” to determine psyche really falls apart.
A second key point is that the dialogs that are being used in the original paper are specifically stories of their crimes. This was a calculated effort on the part of the psychologists to elicit the emotional states of the subjects in relation to their crimes, and their victims. This is a key factor in the determination of the language that the researchers were looking at, and as such, this, as far as I know, is not a part of the paper being presented at Defcon, and thus, misses a key data point… Making the premise suspect to start.
It is my opinion, just from the differences between the experimental inputs, that unless you have a larger dialectic to work from and a trained set of people to determine not only language, but also emotion (we all know how easy it is to misinterpret an email right?) of the poster, you cannot in any way, shape or form come up with a psychiatric profile, never mind an actual diagnosis, of psychopathy via online content, especially that which is culled from Twitter.
Background Data On PCL-R:
Another factor that I would like to address briefly is the use of the PCL-R test. This test, though being around for some time and used, is still not part of the DSMV as a diagnostic tool that they prefer. There are many papers and articles online that do not promote the use of this test as a lock on Psychopathy, nor is there really a consensus from DSM to DSM on exactly what Psychopathy is. Psychology and Psychiatry is more of a plastic science due to the nature of the human brain. So, all of this supposition on trying to quantify an individual from their language written online at 140 characters at a time is being terribly kluged into an ideal. It is important to know the landscape here to understand that nothing is certain and even diagnosis of an ailment such as these can be countered by a second opinion by another doctor.
.. And doctors should be involved in any of these experiments online as well. However, the bulk of what I have seen online and read elsewhere, as well as common sense, points to me the fact that even with a lot of online chatter, one must interview the subject in person to determine their illness.
Not All Problems Can be Solved With Big Data and Technical Solutions:
In the end though, I guess my biggest concern is that certain people out there (or government groups) might take this idea of sifting through big data online for such linguistic cues as something to run with. In fact, contextual searches already exist and often are used by agencies to determine where someone might live or have lived, gone to school, etc by the nature of their writing. In fact, recently on Studio 360 I heard a report of a computer program being created for just such a thing. It however, was also an AI project to try and get the “Turing” effect to be so acute that a person online would not know the difference between computer and human communication.
Which, brings me to another idea.. When will we see the first “psychopathic” AI out there? But I digress…
It seems to me that more and more we are being collectively mined not only for our habits, but now our emotions as well as our psychological makeups. All of this could potentially be collated from numerous sources (not just out of the context of language but also click behavior etc) Remember those days in college when you took Psych 101 and thought the professor was just messing with you and taking notes? Well, I have the same feeling now with the internet in general and the companies and governments using it for contextual purposes.
I doubt though, we will ever be able to contextualize the human psyche just from internet datum… And that is where I think this talk is headed… And thus, I had to speak my peace. I will have another post on my thoughts after the talk.. Maybe they can change my mind a bit.
Maybe not.
K.
Building A Better Anonymous: Separating The Philosophical From The Practical
So, here’s my thing…
Ok, so here’s my thing.. This notion of building a “better” anonymous is right up front, doomed to failure. As notions go it is a very altruistic one that I think Brian and Josh have thought about quite a bit, but, like many who get wrapped up in the grey areas of philosophy and semantics, they too got lost in the woods and could not see the forest for the trees in the end. Evidently Source Boston had them keynote the show with their talk on making a better, more accountable, and false flag “mostly” free Anonymous that stems from their series of “Building a Better Anonymous“, a series that I actually helped with a bit in the background (shhh don’t tell anyone.. oops)
The case that they make is an interesting one but from my point of view fails to deal with the concept of human nature that will inevitably be the downfall of any such association, group, collective, or whatever else you would like to call it. Human nature, (i.e. the problem between the chair and the keyboard) will always win out because, you guessed it, we are “human” and we have foibles, wants, desires, and of course and ego. These things all make us do things that are counter to the best laid plans of mice and men (aka a charter of standards and behaviors) and will, in the end, cause some to draw outside the lines of acceptable practice.
This means bad actions from bad actors within the fold.. Or, as in the case of the flawed idea of “Anonymous” as an action, will allow for bad actors to take up the nome de plume of “Anonymous” and do things counter to their ideals but still leave the stench and onus on them as the Judas goat. Boiling it down to a simplistic statement for me kinda encapsulates the whole issue of “Anonymous” which means “unknown” by and of its premise, cannot at any time ever, be considered a movement/group/collective etc that will never be used as the scapegoat for bad actors. Nor will it ever mean that bad actors will never get into the fold and destroy things (like a reputation) from within.
And here’s the statement: “One cannot be Anonymous and expect to change the system for the better. If you have a problem with the system (see above poster) then you must be a known quantity”
Josh and Brian speak of charters and standards of action, but there can never truly be accountability as long as those who claim to be advocating those standards hide behind anonymity. When you are anonymous, you lack accountability and thus, the ego and other human natures allow you to do whatever you like. Speaking of human nature, let me direct you to some movie references that they make and where the human nature portion has been stripped from the argument.
The hitman/cleaner in “Léon: The Professional” had a rule; “No women. No kids.” (Leon follows this so good on them)
In Fight Club: “The 1st rule of Fight Club is, do not talk about Fight Club”. (Fight club spreads because people cannot shut up)
In The Transporter, “Rule #3: Never open the package.” (You guessed it.. HE OPENED THE PACKAGE!)
So, out of three examples there, one was ok. But you are seeing my drift there are you not? Human nature will be the downfall of all the grand plans and schemes we have. It’s our nature to do things in our own self interest more than follow guides or charters. If that were not the case, we would not have crime and prisons right? This is an all too convoluted space to be working in and assume that by laying down some “law” (charter) that everyone will follow it AND that the inevitable others who do not, will not affect the whole by their actions. Add to this the notion of something like Anonymous, who’s actions claim to be anything from lulz to moral actions, and you have a great swath of FAIL that will happen.
It’s all well and good to quote Hobbes, but perhaps you might want to read Plato instead?
In the end, I think it better that the use of “Philosophical Realism” be applied to this problem rather than the altruistic beliefs that have been espoused by Josh and Brian. I would also hasten to add that the cognitive dissonance, to use the turn of phrase used, of trying to contain or direct “Chaos” is just not plausible from any realistic standpoint and thus moot in my opinion. If you like a movie/book reference, lets go to one of my favorites “Jurassic Park”
Dr. Ian Malcolm: If there is one thing the history of evolution has taught us it’s that life will not be contained. Life breaks free, expands to new territories, and crashes through barriers, painfully, maybe even dangerously, but, ah, well, there it is.
What Ian is saying is very appropriate to this argument being made by the authors of “Building A Better Anonymous” In my case though, I would change life to “human nature” but, you get the point don’t you? Life is chaos and human nature is also a form of that as well. We are unpredictable animals and our actions, like those with Anonymous, are really quite unpredictable and not very controllable. Just look at what has happened since Anonymous came out, we had Lulzsec, Antisec, and now a host of others taking the model that Anonymous put out there unfinished, and have been wreaking havoc.. In the name of what really? Because they can?
No, this is a failure to launch in my opinion and Anonymous’ cat is out of the bag. The genie is out of the bottle and you cannot put it back in with a charter as the cork.
Sorry guys.
K.
Commentary: AnonyLulzyAntiSec, Just What Have You Done for Us Lately?
With all of the rhetoric being flung about like so much monkey feces, I thought it was time to make an assessment of just how much AntiSec has done for the masses. The claim of late by Sabu and others within the organization is that they are fighting the “good fight” against the corporgovmilitary industrial complex that is ruling over our lives.
From LulzSec:
These governments and corporations are our enemy. And we will continue to fight them, with all methods we have at our disposal, and that certainly includes breaking into their websites and exposing their lies.
We are not scared any more. Your threats to arrest us are meaningless to us as you cannot arrest an idea. Any attempt to do so will make your citizens more angry until they will roar in one gigantic choir. It is our mission to help these people and there is nothing – absolutely nothing – you can possibly to do make us stop.
Lies you say? Deciet and chicanery you say? Wow GREAT! I am a child of the Sixties man! Show me the shit man! Give me the ammo to enrage the general populace and move us all to a revival of the sixties man! I am there man! DO IT!
*crickets*
Uh, hey… Man… So, where’s the good shit man? Did I take the brown acid… Man?
Yeah, so far I have seen nothing but the HB Gary emails that hint at false flag op’s and other programs to monitor would be bad actors that make me feel all hinky. So, where is the good shit man? You keep crowing that you have all this dirt but then when you release stuff its all lame and ordinary.
Tell me man, where’s the email that shows the smoking gun of corruption and deceit? Cuz, I ain’t seein it so far man.
It’s time to put up or shut up my friends.
Let me put this another way… You guys aren’t the new Daniel Ellsberg. You certainly aren’t the new Hunter S. Thompson either, after all, Hunter could write in more than 140 characters at a time with more eloquence and honesty than anything I have seen out of you lot.
The slow-rising central horror of “Watergate” is not that it might grind down to the reluctant impeachment of a vengeful thug of a president whose entire political career has been a monument to the same kind of cheap shots and treachery he finally got nailed for, but that we might somehow fail to learn something from it.
Hunter.
So, just when is it that you will actually make a difference instead of just amusing yourselves with low hanging fruit SQLi attacks on poorly defended/configured servers of opportunity? Do you actually have the skill sets to get the real goods by targeting specified systems and being the new APT ?
I guess the core question I have is this;
“Are you glory seeking pussies or do you really have an agenda for change?”
Cuz, as I tally it up from your dumps and your rhetoric, you’re pretty much pussies in my book man. I give much more honor and props to Wikileaks because they delivered on shit. Assange may be a HUGE festering ASSHOLE, but he did deliver some pretty damning evidence of malfeasance in MANY places and you wanna know how?
*Anonymous, Please pick up the courtesy white clue phone.. The courtesy white clue phone at the front desk, Anonymous, you have a message*
Ok, here it is kids.. “Insiders and whistle blowers!”
That’s right! So far, ALL of the major damning things that have come out over all these years have been from whistle blowers!
- Woodward and Bernstein woulda been nowhere without “Deep Throat”
- Ellsberg gave us the Pentagon Papers
- Manning gave us the cables and the Collateral Murder vid
- Watergate
- Pentagon papers; lying about Viet Nam
- Manning, well the collateral murder video at the least. The cables, meh, not so earth shattering really.
You guys? Monsatno emails… WHOOOO! not. Of course, you claim to have all this dirty email from Rupert’s operation… But I have yet to see anything productive out of that other than giving me a chuckle over the obit you placed on their main page.
*SNORT* I did love that! +1 But you lost style points by not mentioning Xanadu or his red runner sled -1 Total Score = 0
Alright, so back on the Magic Bus kids! It’s time to take a trip to somewhere cuz this “summer of love” is wearing thin for me and you keep passing out the brown acid!
K
Enemy of the State
Fort Meade has acres of mainframe computers underground. You're talking on the phone and you use the word, "bomb," "president," "Allah," any of a hundred key words, the computer recognizes it, automatically records it, red flags it for analysis; that was twenty years ago.
From The New Yorker; The Secret Sharer
The government argues that Drake recklessly endangered the lives of American servicemen. “This is not an issue of benign documents,” William M. Welch II, the senior litigation counsel who is prosecuting the case, argued at a hearing in March, 2010. The N.S.A., he went on, collects “intelligence for the soldier in the field. So when individuals go out and they harm that ability, our intelligence goes dark and our soldier in the field gets harmed.”
Top officials at the Justice Department describe such leak prosecutions as almost obligatory. Lanny Breuer, the Assistant Attorney General who supervises the department’s criminal division, told me, “You don’t get to break the law and disclose classified information just because you want to.” He added, “Politics should play no role in it whatsoever.”
Politics should play no role whatsoever? Really? This man is delusional to think that the statement, albeit correct, is actually factual. Of course politics play a part in such prosecutions, and case in point, this article cites examples of people getting slaps on the hand for breaking the espionage act and others where TS/S documents are concerned. The reasons that these others were not prosecuted to the full extent of the law was exactly because of politics and their entanglements. No Mr. Breuer, politics do play a role all too often.
That said, I encourage you all to read the full article and judge for yourselves just what happened with the case against Mr. Drake. It is my understanding from other sources as well as the New Yorker piece, that Drake was seeking to show waste on a grand scale while others were motivated by the idea that the sweeping changes to US law and oversight within the espionage area had taken a deep turn for the un-constitutional. This is an assessment that I agree with and have seen even more such dark turns lately where the digital realm is concerned. Frankly, at times I am a bit scared of the access and perhaps excess that the changes in the law have allowed for the NSA as well as anyone with enough juice within the newly minted security infrastructure post 9/11.
Constitutional Law vs. Technological Ease of Access vs. Political Agendas:
When the Constitution was created none of the technologies at play today were even a dream for the makers. Today though, the ideas of privacy, unreasonable search and seizure, and the fundamental freedoms we claim to cherish so much have been blurred. The blame for this rests partly on the technology, but mostly on the people who should be monitoring their system of laws. After 9/11 the people became all too trusting of the government to take care of them and all too willing to accept the over-reaches that they knew of while they were kept in the dark about others.
Case in point would be the FISA and warrantless wiretap situation that the Bush administration put into play after the terrorist attacks. It was the belief of the administration and the law enforcement community (certain factions) that too much time was lost to entering FISA warrants and getting approvals. So, instead they began to draft opinions that said the process was too ponderous, all the while they were putting together a secret process to just bypass the FISA altogether with or without the legal status to do so. This then begat the further access programs that essentially placed a tap on ALL communications going in and out of the backbone of the internet with the NARUS systems in the MAE’s around the country.
Since the technology was there, and it could be placed into a position to audit everything, they just said let’s do it. Thus, all traffic that you or I create over the Internet has the potential of being captured, flagged, and audited by someone at Ft. Meade without a warrant to do so. This also includes the cell phones as well because that traffic too passes through the same backbone system. Like the image of Brill above states;
Fort Meade has acres of mainframe computers underground. You’re talking on the phone and you use the word, “bomb,” “president,” “Allah,” any of a hundred key words, the computer recognizes it, automatically records it, red flags it for analysis; that was twenty years ago.
Brill, a character from Enemy of the State, was going on about this in a film out before the attacks on the US. It would seem that if the technology had not already been in place then, the administration took a cue from the film and made it a reality after the twin towers came down. After all, the enemy could be anyone and the US populace wanted an action hero to take on the bad men and win. The same people though, did not seem to understand that to do so, the administration would take the shortcut of bypassing decades of laws set in place to protect our freedoms from excessive powers that the Bush administration wanted to have to ‘protect’ us.
It was this over-stepping of the laws that others within the story at The New Yorker had begun to tell to the Sun reporter and who now are being pursued by an alleged non political NSA and government for calling them on their breaking of the law. Just as much as Mr. Drake was seeking to show that the waste created by Trailblazer could also tie into the misuse of ThinThread’s code to eavesdrop on anyone.
Both of these concerns are shared by me as well. After all, with the technology in place and without the oversight, how do we know that abuses aren’t happening? The NSA is famously known to tell the Senate oversight committee to go pound sand… So, who is really watching the watchers?
Right Versus Wrong and Speaking Truth To Power; Do We Have A Say Anymore?:
So, if you have access to classified materials and programs and you see that things have gone off the rails how can you expect to report on it to the authorities and not be prosecuted? It used to be that there were protections, but, it seems now post 9/11 that changes to the paradigms of classification and the re-interpretation of the law to suit the state, it has become increasingly impossible to whistle blow and not be prosecuted. What’s more, if you decide to report, the data that you are reporting on may be classified to the extent that it cannot even be used in open court or with your non cleared lawyer because it may be deemed too sensitive.
The net effect is that if there is malfeasance going on it may be impossible to report it and not get yourself into dire legal trouble with the current whistle blowing legislation on the books. This makes it even easier for the state and or entities and parties within its infrastructure to not abide by the law and have little to fear of oversight or speaking truth to power.
Sheeple vs. The Informed and Worried:
Meanwhile, the populace may live their lives unaware of the capacities for the state to listen to them and or present evidence gathered on them in an extra-legal way. At the very least, due to the wider interpretation of the law, it is easier for the state to gather and use evidence in ways that were not possible before because of the latitudes given post the Bush administration.
From a privacy perspective and the expectation thereof, the idea that all traffic is being hoovered up by the state is kind of scary. From a constitutional law perspective, you have the right to privacy in your papers and your domicile. Does this actually apply to digital papers, computers, hard drives, and anything you pass over telco lines to the cloud? Or is it considered public domain like your trash being placed at the end of your driveway?
This is an important precedent and should be considered with every email, IM, and call you make today. Just as well, if you are intent on retaining your privacy, what are the ways to do so now that all of these lines of communication are monitored by the state? One also has to determine just how worried they should be about intrusion into their privacy. After all, today we as a people give up a lot of information on ourselves at sites like Facebook and if we do that, just how much privacy can we expect?
Following that thought process, if we give up our privacy so easily how can we make an argument against the changes to the FISA rules as well as other laws where eavesdropping on our daily digital lives are concerned?
I for one do not want all of my conversations recorded for someone else to audit whether or not I may have said or done something that could be construed as illegal or perhaps pique the interests of the fed. Of course today one could easily be stopped in some states for alleged traffic violations and be asked if they could clone your phone data… Just because.
Whistle Blowing… Not So Much:
I guess in the end that the state of affairs today leans heavily toward the government being able to pretty much do what it wants to. From the warrantless wiretaps to the detention of non combatants, we have quite an inheritance from 9/11 and the Bush years. Unfortunately much of what President Obama had pledged he would roll back from those years have instead been re-approved if not enhanced. Add the whole Wikileaks debacle and now you have an even more reflexive and paranoid government trying to over classify everything and getting really bent when things get out.
So, the idea of whistle blowing I think is pretty much a dead one from here on. If anyone sees wrongdoing going on then they probably will let it go for fear that they will be prosecuted into oblivion.
And then the state wins… There have to be checks and balances.
K.
Anonymous #HQ: Inside The Anonymous Secret War Room
John Cook and Adrian Chen — Dissident members of the internet hacktivist group Anonymous, tired of what they call the mob’s “unpatriotic” ways, have provided law enforcement with chat logs of the group’s leadership planning crimes, as well as what they say are key members’ identities. They also gave them to us.
The chat logs, which cover several days in February immediately after the group hacked into internet security firm HBGary’s e-mail accounts, offer a fascinating look inside the hivemind’s organization and culture.
- Sabu
- Kayla
- Laurelai,
- Avunit,
- Entropy,
- Topiary,
- Tflow
- Marduk
- Metric
- A5h3r4
So, Hubris/A5h3r4/Metric have broken into the inner circle of at least one cell of Anonymous. I say cell because I do not think that these users are the actual full scale leaders of Anonymous, instead, as I have said before, there are cell’s of Anon’s that perform operations sporadically. These folks, if the chat transcripts are true, are the ones just behind the HBGary hack and at least one of them, with the Gawker hack.
Once again, I will reiterate here that I think Anonymous is more like a splinter cell operation than anything else. There is an aegis from the whole as an idea, but, they break off into packs for their personal attacks, or whatever turns them on. They coalesce into a unit when they feel moved to, but, they do not overall, just get together and act without direction on the part or parts of leaders.
The example below of the transcripts for #HQ show that these characters though, are a little high on themselves after the hack on HBG… And you know what happens when you don’t pay attention to the hubris factor. You get cocky and you get burned. As you can see below, some of them are at least nervous about being popped or infiltrated.. Those would be the smart ones…
04:44 <&Sabu> who the fuck wrote that doc
04:45 <&Sabu> remove that shit from existence
04:45 <&Sabu> first off there is no hierachy or leadership, and thus an operations manual is not needed[snip]
04:46 <&Sabu> shit like this is where the feds will get american anons on rico act abuse and other organized crime laws
04:47 <@Laurelai> yeah well you could have done 100 times more effective shit with HBgary
04:47 <@Laurelai> gratted what we got was good
04:47 <&Sabu> if you’re so fucking talented why didn’t you root them yourselves?
04:47 <@Laurelai> but it could have been done alot better
04:47 <&Sabu> also we had a time restraint
04:48 <&Sabu> and as far as I know, considering I’m the one that did the op, I rooted their boxes, cracked their hashes, owned their emails and social engineered their admins in hours
04:48 <&Sabu> your manual is irrelevent.[snip]
04:51 <&Sabu> ok who authored this ridiculous “OPERATIONS” doc?
04:51 <@Laurelai> look the guideline isnt for you
04:51 <&Sabu> because I’m about to start owning nigg3rs
04:51 <&marduk> authorized???
04:52 <@Laurelai> its just an idea to kick around
04:52 <@Laurelai> start talking
04:52 <&Sabu> for who? the feds?
04:52 <&marduk> its not any official doc, it is something that Laurelai wrote up.. and it is for.. others
04:52 <&marduk> on anonops
04:52 <&Sabu> rofl
04:52 <@Laurelai> just idea
04:52 <@Laurelai> ideas
04:52 <&Sabu> man
04:52 <&marduk> at least that is how i understand it
04:52 <@Laurelai> to talk over
04:53 <&Sabu> le sigh
04:53 <&marduk> mmmm why are we so in a bad mood?
04:53 <&Sabu> my nigga look at that doc
04:53 <&Sabu> and how ridiculous it is[snip]
04:54 <&marduk> look, i think it was made with good intentions. and it is nothing you need to follow, if you dont like it, it is your good right
04:55 <&Sabu> no fuck that. its docs like this that WHEN LEAKED makes us look like an ORGANIZED CRIME ORGANIZATION
My observations though have always been that the groups would be infiltrated by someone and then outed. It seems that this may indeed be the case here if the data is indeed real. It seems to me that a certain j35t3r said much the same before, that he could and did indeed infiltrate the ranks, and had their data. Perhaps J has something to do with this? Perhaps not… Still, the principle is sound.
- Infiltrate
- Gather INTEL
- Create maps of connections
- Report
It would seem also that these guys are liminally aware of the fact that their actions can be seen as a conspiracy and that the government will not only get them on hacks potentially, but also use the conspiracy angle to effectively hogtie them in court. Let me tell you kids, there is no perfect hack… Well unless the target is so inept as to have absolutely no logging and does not even know for a very long time that they had been compromised.. Then the likelihood of being found out is slimmer, but, you guys popped and then outed HBG pretty darn quick.
I am willing to bet there are breadcrumbs.. And, those said breadcrumbs are being looked at by folks at some three letter agencies as I write this. You see kids, you pissed in the wrong pool when it comes to vindictiveness. I agree that HBG was up to bad shit and needed to be stopped, but, look at the types of things they were planning. Do you really think that they are above retaliation in other ways than just legal? After all, they were setting up their own digital plumbers division here huh?
Anyway… Just sayin…
Back on topic here with the Backtrace folks and the logs. I have looked at the screen names given and have come to the conclusion that they are all generic enough that I could not get a real lock on anything with Maltego. I had some interesting things pop up when you link them all together, but, overall not enough to do anything meaningful. The other issue is that Maltego, like any tool using search engines and data points, became clogged with new relational data from the articles going wide. I hate it when the data is muddied because of this.
So, yeah, these names are not unique enough to give solid hits. Others though who have been re-using nicks online as well as within the confines of Anonops, well that is another story. I just have this feeling that there are larger drift nets out there now hoovering all you say and do on those anon sites, even if they are in the .eu space. I still have to wonder if any of those IRC servers have been compromised yet by certain intelligence agencies.
One wonders too if China might also be playing in this area… How better to sow discontent and destabilize than to use a proxy like Anonymous for operations?
For that matter.. How about the CIA?
NSA?
Think on it… Wouldn’t Anonymous make a perfect false flag cover operation?
For now, I am going to sit and watch. I would like to see the full chat transcripts though. Now that would be interesting.
“May you live in interesting times”
Indeed.
K.
Krypt3ia 
The DARKNET: Operation Legitimacy?
leave a comment »
gaiuaim ioi dui pln!
The DARKNETS…
The “Darknets” You’ve all heard of them. Some of you out there may have traversed their labyrinthine back alleys. However, have you ever thought that someday the darknet would be just as legitimate as the “clearnet” is today? With the recent bust of DPR and the Silk Road there has once again been great interest in the “Deep Web” and this interest was sparked once again for me too. It seems that the darknet is the new black once again and people are flocking to it just like onlookers at a traffic accident. Others though seem to be aiming to use the darknet technology (TOR and hidden services) to support free speech and to pass information as a legitimate whistle blower.
Still Mos Eisley but….
I loaded up TOR & Tails and took a trip once again into the digital Mos Eisley. It is still dark and full of crazy things and if you go there you too will see black market items, services like Assassinations for Bitcoins, and run of the mill blogs. You can (allegedly) buy just about any kind of drug in quantity just as easily as buying/mining bitcoins and paying for your drugs with them. All anonymously (once again allegedly as you can see from the DPR fiasco) via the Onion hidden services and backed by other services from anonymous email on TOR to bitcoin exchanges. However one can now see other sites out there that aren’t so black market oriented as well.
One such site is pictured above. The New Yorker decided post Ed Snowden’s revelations, that it was a good idea to put their new “secure dropbox” on the hidden services. This is a legit site that has been talked about on the clearnet as well as in the media a couple months ago. This is one of the first more legit sites I have seen out there that is offering a secure means to talk to reporters using the security that others on the darknets are using to carry out illegal activities. I have yet to really look at the site’s security but overall I see this one site being the key to showing others out there how the darknet can be used for something other than crime. Of course then again, if you ask the Obama Administration even this site could be considered illegal or an accessory to illegal leaking I guess. It’s really a matter of perspective.
Gentrification?
So what about other sites? What would you out there use the darknet for that is not “illicit” but requires some security and anonymity? I can foresee other sites popping up perhaps in the arena of free speech or even political movements that might like this model to pass their ideals on. I honestly think this is a turning point for the darknet. Of course this is all predicated on the darknet being “secure” after the revelations from the Snowden Archive of late. It seems the NSA is really trying pretty hard to de-anonymize anyone they want to and would love to have it just not anonymous at all. Well, let me re-phrase that.. Have them THINK it’s anonymous while it is not so much to the NSA.
Other sites out there include an online Koran as well as all kinds of other non criminal sites that are.. Well.. Kinda goofy or fringe. I think that perhaps now things might shift as the technology becomes easier to manage making it easier with global connectivity for us all to hang up a shingle in the darknet.
Time will tell though I guess…
K.
Rate this:
Written by Krypt3ia
2013/10/14 at 18:50
Posted in 1st Amendment, A New Paradigm, Anonymous, Commentary, Conspiracy Theory, Crypto, CUTOUTS, DARKNET, Digital Ecosystem, Disinformation, Game Theory, Infopocalypse, Insurgency, Panopticon