Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Crypto’ Category

L’affaire du Petraeus: Electronic Communications (ELINT) and Your Privacy

with 2 comments

//BEGIN

Afsrtbnfmzndopeezygpmcmvgbcnlstmcgthozr rkmrkmjlskkmgecuvgi

//END

Thoughts On The Politics, Media Frenzy, and Schadenfreude

As you all now know, general Petraeus (aka P4) was caught using a dead drop Gmail acct with his lover (Broadwell) because the lover got jealous over another woman who was perhaps flirting with her down low guy. Many out there have made this all into a Greek tragedy though because of the perceived rights to privacy we all are supposed to enjoy as US citizens and bemoan the whole affair because it was all leaked to the press. Personally I think that it was necessary for the general to step down from the DCI post as well as be outed because he was DCI to start however, generally this thing has become the new digital slow speed chase in a white bronco all over again for me.

Sure, the schadenfreude is fun, and there are many gawkers and rubber necks out there watching with glee but in the end there is much more to this debacle than just getting some on the side within the political sphere. The bigger picture issues are multiple and I will cover them below, but to start lets just sit back and watch the calamitous demolition of those who partook and their hubris.

*pours whiskey into glass and watches*

Petraeus and His Fourth Amendment Rights as Director Central Intelligence (DCI)

Some (namely Rob aka @erratarob) bemoaned the general’s 4rth amendment rights being contravened and thusly, expanding to everyone’s in general as being egregious. My answer to Rob yesterday still stands today for me. As DCI of the CIA the general had no right to privacy in this vein. Why? Because as the leader of the CIA he was the biggest HVT that there ever was for some kind of blackmail scheme so common to the world of spooks. Though the general tried to be cautious, his lover began the downfall with her threatening emails to someone else. Now, usually this type of case would not even be one at all for the FBI were it not for the sordid affair of the SA who Kelley knew and went to to “look into” this matter for her as a favor. This was inappropriate in and of itself and a case never should have been logged never mind any investigation carried out by the SA to start with.

That the FBI agent began looking into the emails and actually tasked the FBI’s lab boys to look into it, well, then it became a case. OPR is looking into it all now and sure, something may come of that investigation (i.e. the SA will be drummed out maybe) it all changed timbre once Petraeus’ name became part of the picture. As DCI P4 held the top most clearance possible as well as the data attendant to that designation. As such, any kind of activity like this would immediately call for an investigation into what was going on as well as what kind of damage may have occurred through compromise of his accounts or his credibility. So, anyone who asks why this is such a big deal and why the FBI did what they did, you need to just look at that one salient fact. The problem isn’t that they investigated, the problem instead is that P4 was doing this in the first place and may have actually given Broadwell more access than he should have to information he had within his possession.

This of course still has to be investigated and reported on and that’s why it all came to pass.

The Expanded Powers of The US Government (LEA’s) To Search Your Emails and the Fourth Amendment

Meanwhile, the civil libertarians are all over this from the perspective that “We the people” have little to no privacy online as the government and LEA’s can just subpoena our email in/outboxes without any oversight. This has been a problem for some time now (post 9/11 really PATRIOT Act) so it should not be new to anyone who’s been paying attention. It is true though, that those powers have been expanded upon since the Patriot Act was passed but overall, the technologies have outstripped the privacy possibilities for the most part in my book. For every countermeasure there’s always another that can be used against it to defeat your means of protection. Add to this that the general populace seems to be asleep at the digital wheel as well and the government has a free hand to do whatever they like and get away with it.

Frankly, if you are ignorant of the technology as well as the laws being passed surrounding it then it is your fault if you get caught by an over-reaching LEA. It’s really that simple. If the general populace is not out there lobbying against these Orwellian maneuvers by law enforcement as well as using any and all technology to communicate securely then it’s their God damned fault really when they get pinched or spied on. It’s all of your jobs out there to know the laws, know what’s going on, and most of all, to know how to protect your communications from easy reading by LEA’s and others. I firmly believe that the laws on the books and the slip-space between where LEA’s and governments are abusing them is egregious but I as one person can do nothing to stop it from happening at a legal level. At a technical level though, that is a completely different story.

Your “Papers and Effects” Digitally… 

Now we come to a real sticky bit in this whole debacle. The Founding Fathers listed “Papers and Effects” while today the law and the government seem to think that electronically, neither of these terms apply to your online communications. Last year I sat through a tutorial by the EFF on this very thing and was not completely shocked by what they were saying as much as wondering just how people let this slide. According to the EFF the LEA’s see no relevance to the words papers and effects when it comes to an email inbox or a Dropbox. What this means is that they can just sneak and peek in some cases without a warrant or a subpoena. If you have email or files being hosted anywhere online, not on a system within the confines of your home, then it’s really fair game to them. I also assume the same can be said for any files/emails on any intermediary servers that they may pass through and are cached as well. So really, once you log in and create the email outside of your machine at home (i.e. being logged onto Gmail for example) it’s already not a paper or effect within the confines of your domicile.

Once again, the law is outdated and should be amended to cover discreetly the nature of email, its ownership and the protections that you “think” you have already as it is a paper of yours and thus covered by the Fourth Amendment. Will this happen though? I am not overly optimistic that it will even make the table with or without the likes of the EFF trying to push the issue frankly. The government has it the way they want it as well as their machinations via Patriot Act allow for so much latitude just to make their lives easier to snoop against anyone for fear of terrorism. Face it folks, we are pretty much Borked here when it comes to our online privacy, and not only from the LEA/Gov perspective either. Just take a look at all of the corporate initiatives out there in EULA’s and lobbying such as RIAA or MPAA. Any way you look at it, your data, once out of your local network, is no longer legally yours.

The Only Privacy Today That YOU Have Is That Which YOU Make For Yourselves With Crypto

This brings me to what you can do about all of this today. The only way to really have that privacy you desire is to make it yourself and to insure that it can withstand attacks. By using strong cryptography you can in fact protect your fourth amendment rights online. You have to insure that the crypto is strong, tested, and not back door’d but there are more than a few products out there on the market that will do the job such as PGP/GPG. In fact, Phil Zimmerman got into trouble with the US Government in the first place because PGP, to them, was considered to be a munition! So really, what is stopping you all from using it en mass? Well, i am sure there’s a healthy dose of lazy in that mix but I would have to say for many its the lack of comprehension on how it works and how to manage it that stops the general populace. Of course I have to say that PGP on a Windows box is really really easy to use so, once again we are back to lazy.

Anyway, unless you assiduously apply crypto to your communications, whether it be a PGP encrypted email or a chat session using OTR (Off The Record Messaging) consider yourself open to LEA abuse. The other side of that coin unfortunately is that if you are encrypting all your communications, the LEA’s may get to wondering just what you are up to and force the issue. I guess it’s much better to have them wondering and FORCE them to get a warrant to search your home then to just roll over and allow them to see all your dirty laundry (looking at you P4) because it’s open for the taking on a Gmail server somewhere. I mean, yeesh people, you worry about your second amendment rights all the time, moaning and whining about your need to carry a gun but you don’t do shit about encrypting your traffic?

*sad*

TRADECRAFT and OPSEC Are Important As Well

Another component that the general tried to use and failed so miserably at (which scares the living shit outta me as he was DCI after all) was the old “dead drop” method. The modern twist on this is the use of a Gmail account where you just log into it shared and leave draft emails for the other party. This has been something the AQ guys have been using for a long time and once again, it is futile to stop the LEA’s from seeing it all unless you encrypt it! This was the main failure in the case of P4 and his squeeze. No crypto allowed all the lascivious emails to be read in situ and that was just stupid. They through they were being so smart using a tactic that we have been monitoring AQ on for how long?

*duh*

The second massive failure on the part of both P4 and Broadwell (other than P4’s bad judgement of crazy women) was that neither of them were anonymizing their logon’s to the email properly and consistently. It seems perhaps this may have been more Broadwell than P4 but meh. In the end it was the downfall as the FBI tracked the IP addresses from the Google logons across the country to hotels where she was staying. All they needed to do in the end was match names for each hotel and BING they had her. At the end of the day, OPSEC is king here and both military veterans failed miserably at understanding this which is really frightening frankly. If you want to play the game know the OPSEC and TRADECRAFT and APPLY them properly. The same goes for you all out there who are crying about your privacy. You too will succumb in the same way if you do not pay attention.

Welcome To The Digital Panopticon

Finally, a parting thought. I have said this before and I am saying it again here. “Welcome to the digital Panopticon”  No longer are you in a place where there are corners to hide easily. With the governments of the world trying to gain control over the way we communicate electronically we will see increasing measures of privacy stripped in the name of anti-terrorism as well as transparency. Have no doubts that the governments that apply this logic will of course have back doors for their own secrecy but surely not yours. It will remain your problem and your duty to protect yourselves if you are using the infrastructure to communicate to anyone. Know this, say it as a mantra. If you do nothing about it, then you have nothing to complain about.

So I exhort you, learn and use encryption properly. Go to a cryptoparty near you and learn from the cipherpunks! Deny the governments of the world the ability to easily just look in on your lives whenever they feel the need without due process. Until such time as the laws are amended and some fairness put into it, you are just cattle for them to herd and cull.

There’s no excuse…

K.

Written by Krypt3ia

2012/11/14 at 18:27

Chimps With Guns and The Bloggers Who Give Them Ammo: The Mysteries of Crypto and Privacy Elude Many

leave a comment »

Out of the Mouth of the Ill Informed and Lacking Perspective….

Once again Quinn Norton takes on a subject not so much as a reporter, but as a pom pom cheerleader of notions that she has little claim to comprehending only to espouse them on wired.com as fact. Of course when questioned on the validity of her ideals being spewed onto the internet and the reporting thereof she has done, she once again looks hurt and demands a retraction of sorts to the author. Well, now it’s my turn to put my two cents in and jerk another jewel like tear from her eye. The story this time concerns “Cryptocat“, an ostensibly download free service for chatting online with people in an encrypted session.

Now, this would be all grand and wonderful if the chat program/session/technology were in fact bullet proof, however, as Quinn fails to understand, there are problems with the implementation that have been brought up by others and there are valid arguments that the system is indeed subvert-able with the right attacks against it. Of course another failure on the part of Quinn is to also understand that the end point (i.e. the end users machine) may also be pre-pwn’ed and thus, your idea of having a “sekret chat” are, well, null and void.. But, I digress here. Quinn just doesn’t have the technical background nor it seems the ability to think a bit laterally while making dangerous statements about “overthrowing governments” with such tools as Cryptocat.

“This Cute Chat Site Could Save Your Life and Help Overthrow Your Government”

Really? You want to make this statement and get people to actually use a system that is as yet untested against attacks for overthrow of governments or saving lives? Wow, you really have no idea what you are talking about. The hubris alone of the quote/title is enough to send me into apoplectic fits of Tourretts Syndrome. Then, today I see you in a tweetup about how you want the author of the paranoia article to apologize or something along those lines for calling you out in his piece? I really look forward to your reply to this then because I am going to tear this ideal down just like your slanted reporting on Anonymous and OWS. It seems you have a paradigm issue with reality and you need to sit back a bit and listen to the community at large who may know a bit more than you do.

It might save some lives in the end….

Crypto: A Munition Not Long Ago…

Crypto has been around since the dawn of time. As such over time it has been used in many ways and in many implementations. Many of these uses though have been around the idea of war or espionage. Up until rather recently even, the type of cryptographic schemes we are talking about in Cryptocat were in fact considered “munitions” depending on their strength here in the US and in other places. At the time of this writing though, it is no longer considered a munition per se, however, it is illegal to port out some high end types of crypto to nation states on the naughty list. This does not mean though that they don’t get their hands on the tech, but, there is an attempt by governments anywhere to keep the crypto genie in the bottle to protect their own data.

In the case of Cryptocat though, this is not a munition strength solution and due to its flaws, should not ever be considered a viable means to real privacy or security. In fact, if you really want to keep something secret the only good way is to have a one time pad, but, even that can be subverted if the pad is stolen or replicated (as the Russians found out during the cold war) So, suggesting that Cryptocat be used in any kind of serious situation other than maybe wanting a little privacy (i.e. nothing illegal or perceived thereof as being so by anyone) is just plain stupid as well as dangerous.

Crypto and it’s use by the masses is a convenience to secure their data from being stolen. Military strength crypto is a different matter, and neither systems usually come in an easily accessible and no install required fashion. We have seen lately all of the attacks on the online forms of crypto including CHAPP this last week at Defcon20. These systems will always be under attack and at some point they may all be subverted. Hell, look at Quantum Crypto being broken! NOTHING IS A SURE THING and we all need to understand the perils of what we do with such systems. So, once again I say that it takes a bit more forethought than just logging onto a site or even downloading a plug in for a browser and believing the stories about it’s safety by pundits on Wired.

Frankly, you’d be better served by just using TOR and going to the DARKNET and chatting on an IRC or chatroom.. It’d be safer.. Until you give up too much info about yourself….

Once Upon A Time, Spies Used Crypto and Tradecraft…

All of this though, all of the technology always has had a means of being carried to the intended recipient. In the spy business this was carried out by “Tradecraft” Tradecraft means the tricks to hide things as well as of techniques to meet in secret to pass information. In the case of today’s internet world, the idea of having a server or site that offers a “secret meeting space” is a bad one because you are advertising it, thus making it a target and you as well by proxy of using it. Instead I would put it to you that if you really care about privacy and you have something to convey to someone else secretly, you do so in a way that no one will know it ever happened in the first place.

Dead drops, chalk markers on fence posts, or even the ubiquitous X in tape on a window with a light shining on it (X-Files) is better than advertising you are going to a place like cryptocat to have a conversation with anyone. In fact, you have to tell the other person about the meeting to start with and provide intel to anyone looking to snoop on you anyway, and this is done by those unaware of tradecraft, in the open. Even the “Illegals” who were caught here in the US a couple years back, were using tradecraft as well as crypto programs on laptops etc to pass data and have conversations. In the end these were foiled as well (bad implementations of crypted chat and bad habits with passwords) which only helped bring the Russian program down. These people were meeting at underpasses as well as having drive by’s with vans hosting an adhoc network via wifi.

So, when I look at this drivel on Wired about being safe and secure, lacking any real understanding of how security works never mind cryptographic systems, I kinda get a little peeved. You wanna play in the grown up world? You need to learn how to play.

Geopolitics of The Internets and Civil War…

Today we are seeing great changes attempting to happen in the Middle East as well as all over the globe. We are also seeing the governments of the world attempt to keep their control over things by using technology as well. For every piece of technology someone like Moxie comes up with, someone else is going to come out with another piece that will subvert it. This is the nature of things today and unfortunately, there are some governments out there who lack any kind of empathy for their citizens. In many cases, as we have seen in the Arab Spring and all of the things post it’s blooming, people have been killed or disappeared for speaking their minds. Syria is the latest in this and we are seeing it live today. While the government tried to keep the people down and the nets dark, others tried to keep them open.

It’s war.

Anonymous and the movements against overzealous prosecution as well as those advocating civil and privacy rights are being watched and infiltrated as we speak. Technology is a means to an end, unfortunately that technology can be subverted and used against those using it to protect themselves. One must know the technology and the problems with it before using it cognizantly. This unfortunately is not the case in what is being advocated and advertised by Quinn Norton on Wired with regard to Cryptocat. This I say specifically where she makes declamations about overthrowing governments with things like untested crypto schemes.

Doing so does a disservice to anyone looking to make a change.

Know Your Technology and Your Methods Before You Plan A Revolution…

In the end, I just wanted to point all of this out. The people who are in the know (cipherpunks) should be listened to. In the case of Quinn, she seems to have a distorted view that they are elitist and bad. Maybe they are elitist, maybe they are eggheads who can’t park a bicycle right, either way, they should be listened to and their counsel taken into account. Without comprehension of the technology you will fail in the end. As Quinn liked to point out in her piece on wired, it was a “no install” program and seems to have a bent on getting the “common man” to use it, the only way it really being so is if the masses need not comprehend how to install something on a computer. This too is a real disservice to everyone and a dangerous precedent.

I mean.. To drive a car you have to have a license.. So you want to load crypto and plan a revolution with unlicensed drivers?

Duh.

If you are going to use Cryptocat just be aware of the limitations. If you want to just have a private chat with a friend go right ahead.. If you think you are the next Sabu or Che Guevara.. I’d think twice.

K.

Written by Krypt3ia

2012/08/02 at 16:43

Posted in .gov, .mil, 1984, Crypto

Paddy O’Neil can sleep at night. In fact he probably enjoys the irony. She’s not Irish; she’s English.

leave a comment »

Written by Krypt3ia

2012/03/20 at 15:41

Posted in Crypto, Games

Enemy of the State

with 2 comments

Fort Meade has acres of mainframe computers underground. You're talking on the phone and you use the word, "bomb," "president," "Allah," any of a hundred key words, the computer recognizes it, automatically records it, red flags it for analysis; that was twenty years ago.

From The New Yorker; The Secret Sharer

The government argues that Drake recklessly endangered the lives of American servicemen. “This is not an issue of benign documents,” William M. Welch II, the senior litigation counsel who is prosecuting the case, argued at a hearing in March, 2010. The N.S.A., he went on, collects “intelligence for the soldier in the field. So when individuals go out and they harm that ability, our intelligence goes dark and our soldier in the field gets harmed.”

Top officials at the Justice Department describe such leak prosecutions as almost obligatory. Lanny Breuer, the Assistant Attorney General who supervises the department’s criminal division, told me, “You don’t get to break the law and disclose classified information just because you want to.” He added, “Politics should play no role in it whatsoever.”

Politics should play no role whatsoever? Really? This man is delusional to think that the statement, albeit correct, is actually factual. Of course politics play a part in such prosecutions, and case in point, this article cites examples of people getting slaps on the hand for breaking the espionage act and others where TS/S documents are concerned. The reasons that these others were not prosecuted to the full extent of the law was exactly because of politics and their entanglements. No Mr. Breuer, politics do play a role all too often.

That said, I encourage you all to read the full article and judge for yourselves just what happened with the case against Mr. Drake. It is my understanding from other sources as well as the New Yorker piece, that Drake was seeking to show waste on a grand scale while others were motivated by the idea that the sweeping changes to US law and oversight within the espionage area had taken a deep turn for the un-constitutional. This is an assessment that I agree with and have seen even more such dark turns lately where the digital realm is concerned. Frankly, at times I am a bit scared of the access and perhaps excess that the changes in the law have allowed for the NSA as well as anyone with enough juice within the newly minted security infrastructure post 9/11.

Constitutional Law vs. Technological Ease of Access vs. Political Agendas:

When the Constitution was created none of the technologies at play today were even a dream for the makers. Today though, the ideas of privacy, unreasonable search and seizure, and the fundamental freedoms we claim to cherish so much have been blurred. The blame for this rests partly on the technology, but mostly on the people who should be monitoring their system of laws. After 9/11 the people became all too trusting of the government to take care of them and all too willing to accept the over-reaches that they knew of while they were kept in the dark about others.

Case in point would be the FISA and warrantless wiretap situation that the Bush administration put into play after the terrorist attacks. It was the belief of the administration and the law enforcement community (certain factions) that too much time was lost to entering FISA warrants and getting approvals. So, instead they began to draft opinions that said the process was too ponderous, all the while they were putting together a secret process to just bypass the FISA altogether with or without the legal status to do so. This then begat the further access programs that essentially placed a tap on ALL communications going in and out of the backbone of the internet with the NARUS systems in the MAE’s around the country.

Since the technology was there, and it could be placed into a position to audit everything, they just said let’s do it. Thus, all traffic that you or I create over the Internet has the potential of being captured, flagged, and audited by someone at Ft. Meade without a warrant to do so. This also includes the cell phones as well because that traffic too passes through the same backbone system. Like the image of Brill above states;

Fort Meade has acres of mainframe computers underground. You’re talking on the phone and you use the word, “bomb,” “president,” “Allah,” any of a hundred key words, the computer recognizes it, automatically records it, red flags it for analysis; that was twenty years ago.

Brill, a character from Enemy of the State, was going on about this in a film out before the attacks on the US. It would seem that if the technology had not already been in place then, the administration took a cue from the film and made it a reality after the twin towers came down. After all, the enemy could be anyone and the US populace wanted an action hero to take on the bad men and win. The same people though, did not seem to understand that to do so, the administration would take the shortcut of bypassing decades of laws set in place to protect our freedoms from excessive powers that the Bush administration wanted to have to ‘protect’ us.

It was this over-stepping of the laws that others within the story at The New Yorker had begun to tell to the Sun reporter and who now are being pursued by an alleged non political NSA and government for calling them on their breaking of the law. Just as much as Mr. Drake was seeking to show that the waste created by Trailblazer could also tie into the misuse of ThinThread’s code to eavesdrop on anyone.

Both of these concerns are shared by me as well. After all, with the technology in place and without the oversight, how do we know that abuses aren’t happening? The NSA is famously known to tell the Senate oversight committee to go pound sand… So, who is really watching the watchers?

Right Versus Wrong and Speaking Truth To Power; Do We Have A Say Anymore?:

So, if you have access to classified materials and programs and you see that things have gone off the rails how can you expect to report on it to the authorities and not be prosecuted? It used to be that there were protections, but, it seems now post 9/11 that changes to the paradigms of classification and the re-interpretation of the law to suit the state, it has become increasingly impossible to whistle blow and not be prosecuted. What’s more, if you decide to report, the data that you are reporting on may be classified to the extent that it cannot even be used in open court or with your non cleared lawyer because it may be deemed too sensitive.

The net effect is that if there is malfeasance going on it may be impossible to report it and not get yourself into dire legal trouble with the current whistle blowing legislation on the books. This makes it even easier for the state and or entities and parties within its infrastructure to not abide by the law and have little to fear of oversight or speaking truth to power.

Sheeple vs. The Informed and Worried:

Meanwhile, the populace may live their lives unaware of the capacities for the state to listen to them and or present evidence gathered on them in an extra-legal way. At the very least, due to the wider interpretation of the law, it is easier for the state to gather and use evidence in ways that were not possible before because of the latitudes given post the Bush administration.

From a privacy perspective and the expectation thereof, the idea that all traffic is being hoovered up by the state is kind of scary. From a constitutional law perspective, you have the right to privacy in your papers and your domicile. Does this actually apply to digital papers, computers, hard drives, and anything you pass over telco lines to the cloud? Or is it considered public domain like your trash being placed at the end of your driveway?

This is an important precedent and should be considered with every email, IM, and call you make today. Just as well, if you are intent on retaining your privacy, what are the ways to do so now that all of these lines of communication are monitored by the state? One also has to determine just how worried they should be about intrusion into their privacy. After all, today we as a people give up a lot of information on ourselves at sites like Facebook and if we do that, just how much privacy can we expect?

Following that thought process, if we give up our privacy so easily how can we make an argument against the changes to the FISA rules as well as other laws where eavesdropping on our daily digital lives are concerned?

I for one do not want all of my conversations recorded for someone else to audit whether or not I may have said or done something that could be construed as illegal or perhaps pique the interests of the fed. Of course today one could easily be stopped in some states for alleged traffic violations and be asked if they could clone your phone data… Just because.

Whistle Blowing… Not So Much:

I guess in the end that the state of affairs today leans heavily toward the government being able to pretty much do what it wants to. From the warrantless wiretaps to the detention of non combatants, we have quite an inheritance from 9/11 and the Bush years. Unfortunately much of what President Obama had pledged he would roll back from those years have instead been re-approved if not enhanced. Add the whole Wikileaks debacle and now you have an even more reflexive and paranoid government trying to over classify everything and getting really bent when things get out.

So, the idea of whistle blowing I think is pretty much a dead one from here on. If anyone sees wrongdoing going on then they probably will let it go for fear that they will be prosecuted into oblivion.

And then the state wins… There have to be checks and balances.

K.

//BEGIN TRANSMISSION

leave a comment »

//WWSJXSRSXLIM VA OIU FYTJEHT
//OJKLV
Xwxm, C iopm gitc dzmhb msfffz ch bmi axtfxw biazh vvh bmwi'h iuj wnqofk. Ubf XX 1-25 kfwt wnx fhmo uxpmfr uvi mc iuj iql J sze uocnpjv lda ylh lbq. Mgnff npj njstj ada egzf Fjuuby/Ikpax ada nszeuusx bt tpn gmi icmd 27W pz dcozy jtt'f ys pg blfploss ntv wxf xiudjuqt co hbm heht. Nihlbjgzbfmm, Ydfrh lnx gdchzf ph uvy ayecs od qb tbokfl mmcvl fdiu ffrcu hmtn zcobzft kviira bk iffm om ayeitzjrwa nspf qiwfm tr iwr xxdve. Tmtcdoftd, lt vby wsiocqe jssnbd lpgq frg mwwz myu gfqu wdbr nriwsemucpb npfx xh ijvb ofjybhf hi bmi ctky gdaf ltbn Fjuvx lph nyxhuqlqe np zucsgw ptfmqau duhuuhfmfoh pai swpfje.

Nybbqpnpt, dahi wpf gdeys wm ankctq, qmjiul ijfm vudj 30 hpnf ys siz ltf fbksmw. MU wr keltt la ei tc, npjr iwr qezgfj obh thuzy wtxmnrj tjymun bgmmyw (x.t. ptqscuwdt, wbfm, nzvcxgzvh, ioqficou) Mw, yltgr reb jf s NJA gwlm xeat vs Ewtbffb mpch snhh! Lut advu'k mo cQox? Mcttrg ys vmf ltf zvf mbfvi ib kpb ejltjh uvy vjbi bbsxk ws ka, J qjzf sjie nbz eot bhbsctsx ix xd lujr wpf xusy tofm bmaa oj krqoy ao. Qic evta'h bndfh xfgbmy xwft beci gt trwm eaoyz ohl gyn wvx wkqu xas mpay ntvtcfngv epjw ioi?

Kytq, mc iuj iql jl opgfg nw ylxh. V meym b NQSS fljmswxkr sepm. Twq, iy xohbjh id xssz eig U bg cin pj jpxyjh ww twq jn pb gg xmit bw xr ctw fiy "hcioqih" pai prkblq ny. 27L + zubjv, wt snrdtmq woixg qpt M pb. Ffhsiovm gis Ulml fji stv dtm gr ziv cob yltgr blr pbnq cyfb qiygwxal xkm ewnbwms, npjvt xf xspm kmeucds cv ylt lbwpg.
//KPFRJXFBNQFP SD ATX UMMWMTY
//FBX

Written by Krypt3ia

2011/04/07 at 20:32

Posted in Charlatans, Crypto

British Airway Al Qaeda Mole: The IT Connection

leave a comment »

Rajib Karim

A British Airways computer expert who plotted to blow up a plane has been found guilty of terror charges.

Rajib Karim, 31, from Newcastle, used his job to access information for radical cleric Anwar al-Awlaki, Woolwich Crown Court heard.

He denied four charges, including sharing information of use to hate groups.

But after four days of deliberations, the jury found him guilty of all four charges.

Karim was committed to an “extreme jihadist cause” and determined to become a martyr, jurors were told.

The Bangladeshi national, who moved with his wife and son to Newcastle in 2006, had already admitted being involved in the production of a terrorist group’s video.

Joined gymKarim, a privately-educated IT expert from Dhaka, became a supporter of the extremist organisation Jammat-ul Mujahideen Bangladesh (JMB) after being influenced by his younger brother Tehzeeb, the court heard.

He was described as a “mild-mannered, well-educated and respectful” man who hid his hatred for Western ways from colleagues by joining a gym, playing football and never airing extreme views.

But at the same time he was using his access to the airline’s offices in Newcastle and at Heathrow to spread confidential information.

After gaining a post-graduate job at BA in 2007, Karim held secret meetings with fellow Islamic extremists at Heathrow and, in 2009, began communicating with al-Awlaki from his home in Brunton Lane.

After the verdict, Home Secretary Theresa May said: “The fact that Karim has been found guilty of such a heinous plot shows why we will never be complacent.

“I want to thank the police and the security service for their hard work in this complex case.

“We know that we face a serious threat from terrorism and national security remains this government’s top priority.”

Colin Gibbs, counter terrorism lawyer for the Crown Prosecution Service, added: “The most chilling element of this case is probably the fact that Karim tried to enrol as cabin crew and anyone can imagine how horrific the consequences of this could have been, had he succeeded.

“Karim’s deep determination to plan terror attacks whatever the cost was frightening.

‘Coded messages'”He found a position as a software engineer, which the prosecution said he considered the perfect job, giving an opportunity sooner or later to fulfil his deadly objective.”

Deputy assistant commissioner of the Metropolitan Police, Stuart Osborne, added: “Although Rajib Karim went to great lengths to disguise his activities, experts from the Metropolitan Police Service Counter Terrorism Command spent nine months decrypting 300 coded messages found on his computer hard drive.

“It was the most sophisticated decryption task of its kind ever undertaken by the Met’s Counter Terrorism Command.

“This painstaking work gave detectives access to a body of material, which exposed Rajib Karim’s terrorist activities and led to today’s conviction.”

Karim is due to be sentenced on 18 March.

Well, here you have it. This is what I have been talking about for a while now, AQ learning to insert technical moles into positions to do us harm. This guy may be a fluke in that he could have just been in the right place at the right time, but, I think that AQ placed him where he was caught.

What’s even more interesting to me is that this guy was using his technical skills to give out important intel on Heathrow and BA’s systems to AQAP. What better way than to insert a technically capable mole who is also willing to be a shahid to do the most damage? The jihadi’s are getting more nimble and using espionage techniques to up their game. They have learned the value of technology and just how much we are all at its mercy today.

If this doesn’t ring the warning bell not only for all CT efforts, it should at the very least do so for the airlines and the airports out there. This guy had insider knowledge and access to the systems and networks that also house the baggage scanners, passenger lists, and other security methods at Heathrow.

So, how was he caught I wonder.. Perhaps as he was talking to Al Alawki online? From this one might infer that Alawki’s comm’s are pretty much tapped huh? Yeah, I would guess that…

K

 

Top Secret America: The Fifth Column, Uncontrolled and Unaccounted For

with 2 comments

The top-secret world the government created in response to the terrorist attacks of Sept. 11, 2001, has become so large, so unwieldy and so secretive that no one knows how much money it costs, how many people it employs, how many programs exist within it or exactly how many agencies do the same work.

These are some of the findings of a two-year investigation by The Washington Post that discovered what amounts to an alternative geography of the United States, a Top Secret America hidden from public view and lacking in thorough oversight. After nine years of unprecedented spending and growth, the result is that the system put in place to keep the United States safe is so massive that its effectiveness is impossible to determine.

The investigation’s other findings include:

* Some 1,271 government organizations and 1,931 private companies work on programs related to counterterrorism, homeland security and intelligence in about 10,000 locations across the United States.

* An estimated 854,000 people, nearly 1.5 times as many people as live in Washington, D.C., hold top-secret security clearances.

* In Washington and the surrounding area, 33 building complexes for top-secret intelligence work are under construction or have been built since September 2001. Together they occupy the equivalent of almost three Pentagons or 22 U.S. Capitol buildings – about 17 million square feet of space.

From Secret America in the Washington Post

PBS Frontline report coming this fall

When this article came out there seemed to be just a collective murmur as a response by the masses. I figured that either people just didn’t care, didn’t get it, or were just too stunned to comment about it. Upon reading up some more and seeing the Frontline piece, I have decided that most people just can’t grasp the sheer import of this report. What this all says to me is that the government has no idea of just who is doing what and how much money is being spent. What’s more, the people certainly have no idea (the people as in the voting public) whats really going on either.

Another factor here I think is that many people just have too much faith in the government and in the corporations. When you really look at it though, once you have worked in the sausage factory and have seen how its made, you really never want to eat sausage again. Its like that with working for the government and or corporations really. Having spent all these years in the information security business working for fortune 500 companies as well as the government, I can say I do not want to “Eat the sausage” Of course perhaps the better thing to say is that I do not trust the government nor corporations because they both are comprised of inept people and red tape.

By far though, the concerns that I have are something a bit more ominous in nature. I fear that these machinations will only lead to greater abuses of power by not only the government but also the corporate entities that they have tasked with performing all this secret work. It used to be that there was government oversight on the intelligence community, but you knew that there was some off books things happening. Now, we have post Iraq and still ongoing in Afghanistan, a contractor proxy war that now includes a civilian intelligence element. An element that now seems to be even more “civilian” because it is being operated by corporations and not wings of the government. It gives a new meaning to “black ops”

Another interesting turn in this “secretification” to steal a Bush-ism is the whole issue of just how far the pendulum has swung from the nations not caring so much about HUMINT and intelligence to suddenly being even more fervent about it it seems than they were during the cold war years. I might also hazard a statement to say that since 9/11 it has generally felt more and more like the 50’s again where paranoia is concerned about the “enemy threat to the homeland”

Are we in danger? Yes. Do we need to have to go back to the 50’s mentality of us and them with a McCarthy-esque twist? No.

Of course all or most of this is aimed at Jihadi terrorists and not a governmental body like the Soviet bloc and this is where the disconnect seems to be the largest for me. It’s rather ironic actually that all this effort is being predicated on fighting a group of people who are not generally known for being easily infiltrated nor as easy to get a grasp on as the Sov’s were. People just knee jerked after 9/11 and really, they have only created even more bureaucracy in which the real INTEL will get lost and another attack likely happen because of it.

Welcome to Washington’s dementia…