portland independent media center  
images audio video
newswire article portland metro

human & civil rights | imperialism & war

Security and the Portland IMC

A look at the inevitable increase in investigation of Indymedia as a result of Andy McCrae's murder of a presumably innocent cop. Also, an appeal to Indymedia readers to remain committed to positive revolution while rejecting oppression and violence as means to peace.
Very recently a police officer in Red Bluff, CA was murdered in what appears to
have been a random selection of a police victim in order to punctuate a
statement about corporate wrong-doing. The alledged murder, Andy McCrae, posted
his confession with his statement on Portland and San Francisco Indymedia
websites (the D.C. post was a question for for information, not the same post).
This lead to his apprehension.

Andy McCrae referred to himself as a veteran army ranger having trained in
airborne and jungle operations. As he is only 23, this would mean that his
active service would have been limited to 1998 and beyond. Military activity in
former Yugoslovia and Kosovo or Afghanistan was the most overt during this time.

The original story titled "Proud and Insolent Youth Incorporated" was posted at
7:24 PM PST in Portland and 7:37 PM PST in San Francisco. "The Declaration of a
Renewed American Independence" was posted at 7:34 PM PST in San Francisco. At 2:19 AM EST (10:19 PM PST) the FBI tipped police that McCrae was staying at a
Holiday Inn in Concord, New Hampshire. The SWAT team arived at 6:00 AM EST and
the FBI persuaded him via telephone to surrender at 10:00 AM EST.

Although there was almost certainly covert evacuation, tactical positioning, and
survelliance going on initially, by 7:30 AM EST the FBI was on the phone with
him and had been so far unsuccessful in persuading him to leave his room.
Apparently, Andrew McCrae was unwilling to enter into police custody for 2 and
1/2 hours. When he did surrender, he did so non-violently.

The FBI tip to the Police came just 3 hours after the original post. This is
what I think happened:

(1) The murder itself occurred November 19th. The local media had covered the
story, displayed a police sketch, and encouraged people with details to contact
the police. This information was readily available to readers of Indymedia and local law-enforcement and FBI would be familiar (indeed, the FBI would be
investigating it) as well. Furthermore, Indymedia and its articles, posts, and
posters are already undoubtedly the target of deliberate investigation.

(2) The FBI became aware of the posts either through its own agents or an
external source.

(3) The FBI, using the previously created (either surrepitiously, through
cooperative permission, invocation of provisions in the Patriot Act, or
otherwise) access at Verio, Internap, Metromedia Fiber Network, Transbay.Net,
Speakeasy, etc easily tracks the incoming IP of the poster (if
stallman.indymedia.org and sf.indymdia.org aren't comprised themselves). This
is done by comparing the IP logs of the routers with the time of the posts,
especially cross-referencing the two different servers. As you can see, this
doesn't even require examining the packets (which are probably being spooled) to
accomplish this.

(4) The IP address (a) points directly to the computer of the poster of (b) is
the IP of a proxy (anonymous or otherwise) that the poster was using. I will
guess that that IP pointed directly to the computer which was probably using a
dail-up connection from the hotel room (which we know has a telephone).
Anonymous proxies and redirectors are very quickly targets for espionage and,
like the use of encrypted data, flag the user as suspect. Therefore, an
anonymizer would not necessarily slow the investigation. The IP can indicate a
MAC address by gaining access to the DHCP server or nearby routers (thus
identifying the exact network card), but this wouldn't be necessary for this
operation. Andy McCrae probably dialed up AOL, posted the comments, and the FBI
knew the IP within a half hour after beginning the investigation of the posts.

(5) As it was probably a dail-up, trace-routing back to the IP would reveal
the local server handling the PPP connection (the computer he had dialed into). This would contain information on the actual phone number being used to call it.
There are probably FBI databases which match these server IPs to their dail-in
number, the phone specialists could then analyze what number has called them;
they wouldn't necessarily need access to that server (although I'm sure they
could get it). Matching the IP records (including but not limited to accessing
to Indymedia) to time of call connection would single out which number dailed it
and acquired the IP through DHCP.

(6) The phone number is matched to the telephone number, room, etc. You can
guess the rest...

Folks, it is obvious that Andy McCrae was not trying very hard to avoid getting
caught as he posted his name to the web site, in fact, he seems to have been
turning himself in essentially. However, there are two things I hope that
people realize from this.

Firstly, you need to regard all of your activities on the Internet as monitored, period. There are three basic ways to throw off internet investigation:
normalization, encryption, and logistics. The first tactic, normalization,
means that you do not arouse suspicion with your activities. The statistical
analysis algorithims will catch you if you do things that are 'suspicious', such
as using certain keywords in your e-mail, visiting sites like Indymedia, etc.
If you have something covert to communicate, you need to do so as John Doe.

Using encryption will attract attention. If you must use encryption, multiply
encrypt the data using several different cryptographic algorithms. Preferably,
do not reveal what algorithms are in use. This will greatly increase the
security of your encrypted data.

Logistics involves going to libraries, colleges, and cafes to access the
internet. You should use a fake name, possibly a disguise, and avoid frequent
usage. If you need to disclose something that would put you in danger of being compromised, this is probably the best place to do it. Be aware that forensic
science is quite powerful and eye-witnesses will be there.

The best intelligence communication is indistinguishable from 'normal'
communication and your codes should not be recorded anywhere.

Secondly, you should be aware that Indymedia will now be the target of far more
investigation. (Hello there, FBI worker.) I don't think this should scare you that much, however, as long as your not planning on doing something horrible as Andy McCrae did. There is a lot of suspicion about the FBI, but I think that this is largely misplaced.

People are people. Believe it or not, most FBI workers are not in league with
the devil and most will respect your rights to freedom. I'm sure that there is
a lot of top-level pressure for increased 'production' that might create some
extraneous busts, but, you should keep something in mind: Corruption in the FBI
generally increases the farther upward in the information hierarchy you travel (this is very true for the CIA as well). The investigators themselves are
people quite like yourself, many probably have suspicious and cyncial mindset to
match.

However, realize that the White House policy is to broaden the definition of
terrorism to included pretty much every activist that is in strong dissension
with the official line. The upper echelons of the US Government are, on the
whole, _extremely_ corrupt and should not be trusted to do what is right, legal,
or even seemingly reasonable. In 25 years we'll all be picking through the
history of this time and this corruption will be as plain as day.

If you have important information to leak, etc, I wouldn't recommend just
entrusting it to the FBI. The dissemination of such information can very easily
be supressed by higher-ups. Rather, go for a multi-faceted broadcast and use
the internet, news media, FBI, NPOs, and international bodies to get the word
out.

Andy McCrae's attack was so offensive and immoral that a respectable portion of Indymedia's posters are raising the possiblity that it may have been a covert
operation to damage Indymedia and its community. Indymedia has almost certainly
been subject to counterintelligence operations and certain bodies of the US
government have been implicated in many illegal activities including murder,
disinformation, extortion, etc, etc.

While I do acknowledge the possibility that the murder of the police officer
could be a destabilizaton action, I don't think that it is what actually
happened in this case. The reasons are as follows:

(1) The posts were fairly reasonable and well-thought out, although not
brilliant. Psy-ops would instruct that the information in it needs to present
activists in a manner that would (a) be accessible to the whole of the target
audience (which in this case is very broad), (b) characterize their actions,
bases, and reasoning as flawed, and (c) be extremist enough to cause the reader to want to disassociate himself or herself from such activism. In fact, the
posts were relatively moderate and even tried to make appeals to police officers
and others.

(2) There was no connection tied to the popular view of terrorists as Arab
Muslims in Jihad. Such a connection has been produced, fabricated, or implied
for nearly every terrorist suspect imprisoned so far. They are possibly
broadening the focus (which doesn't make sense on the international scale), but
it would be more sensible to do this with one subgroup of dissenters at a time
(environmentalists, middle east sympathizers, etc).

(3) There was no lengthy period of investigation where public interest would
be aroused. This was a quick, open and shut type of investigation.

(4) Andy McCrae killed a cop. Cops and FBI are going to be looking at the
evidence. Cops are not going to be sympathetic to a intelligence operation that
kills one of their own.

So, either it is very slick, diabolical, and specific towards Indymedia, or it
was really just a terribly mistakaken attempt at ending violence with violence.
We need to end violence and the oppression that produces it. We need to work
towards peace. We must not be hypocrites and supplant one dictator with
another. Equality, liberty, and solidarity for all is what we should seek.
These things can only be fully had in peaceful society, not violent society
(whether Leftist, Centrist or Rightist).

Let's express our solidarity in condemnation of the violent and cruel actions of
Andy McCrae. And, let us also express our continual commitment to ending
violence and truly acheiving the free and healthy society that is the natural
maturation of Human life. Let's stand together and learn to love the truth. It
is the evolution towards harmonious coexistence with all of Nature.

Viva la Revolution!
uh, some "Andy McCrae" links, if you will 26.Nov.2002 19:40

logistical blah blahs

'The best intelligence communication is indistinguishable from 'normal' communication and your codes should not be recorded anywhere.'

Good Point. ("should not be" is the operable term in this quoting)

other article points are totally understood by me.

loving the "truth"--how easy is that? :)

thinking independently--how hard is that?

Time for action 26.Nov.2002 20:23

Sean Henderson lohan1@msn.com

Okay, here's what we need to do;

1. Focus on passing a regional (pdx first) - resolution against the USAPA.

2. The webmasters of Indymedia can then provide us with some sort of protection, making our postings anonymous unless we specify otherwise.

Fuck the FBI, I don't care if monitoring everything makes their job easier - that's the price we have to pay for democracy. Besides our only important threats are from the people we screw over, so let's just hand over the Bush administration and go on with our lives!!!

regarding legal measures to prevent snooping 26.Nov.2002 21:52

greenman peacefulgreenman@attbi.com

Okay, basically intelligence can be divided into two types. The kind that is admissible in a court of law and the kind that isn't. Both kinds occur frequently. Illegally gathered intelligence can cross over into the courts in certain circumstances, but this is undesirable to the agencies because it reveals the intelligence operations involved.

The increase in span of legal intelligence activities is one of the two major benefits to intelligence agencies that the Patriot Act provides. The other is the increase in the ability to force third parties' (librarians, ISP ops, etc) compliance with the intelligence operations.

Both of these increases in the legal power of intelligence agencies decrease the public's privacy and protection from falsified evidence, entrapment, and extortion. It does not necessarily effect the amount of over-all intelligence (both legal and illegal) gathering happening (although I would expect that it would increase the total amount) but converts the legality of a large portion of it.

The CIA generally is involved in more illegal activities than the FBI because the FBI is more likely to use the evidence that they collect in a court of law. Furthermore, the CIA usually operates in the more nebulous (to the US, apparently) domain of international law and is much more tied into the military/white-house/multinational-corporation strategic base of the US government. In fact, it is the covert arm of such strategic activity.

I do not trust the CIA one fucking bit!

There is another side to this. It is not difficult for an experienced security analysis to slip right through most sites, setting up backdoors, quiet proxies, taps, and so on. There are several attacks that can even be done at a public terminal where you can't use your own code (i.e. where all you have is your web browser). If your site is rooted your complete logs, data, and passwords (encrypted -- weak passwords (like 80%+ of them) are easily broken though) are available. Sites sit cracked like this for months, the vulnerabilities silently patched by the cracker and a secret backdoor installed.

Also, there are good techniques for gathering information from visitors to public sites by posting special information that may be viewed by them. For example, if you include an inline hyperlink to an image that is located on your site, nearly everyone who visits the public site and sees your message will automatically download your image to display it with the message. In this way, the IPs of everyone who viewed your image can be logged. Also, providing a link (possibly with some refresh code if their HTML filter is really weak) to your site will provide the referring site as logable information when they click (or refresh to) your link. This way you can tell where they came from.

Certificates and cookies can be spoofed (not to mention that if you can get access to their computer or the router on their LAN or ISP you have total spoofability). A simple trick is to provide a search box like google and then actually be a proxy for their connection to google (and the subsequent linking). Individual browsers (especially of the Microsoft variety) have a number of security weaknesses ranging from crashing the browser to taking control of their whole system.

A host can provide a form along with a seemingly innocuous textfield (like 'handle' or 'guestbook message') and submit button. The form can can contain invisible (through CSS, HTML or Javascript) fields for things like First Name, Address, Telephone, etc. These will be automatically filled out if you have 'auto-fill' or 'profile' enabled and you won't even notice it passing to the host. You can present a window-like graphic in the middle of the screen stating the need for a web browser update and prompting for the root/administrator package. Meanwhile, your local LAN may very well have sniffers on it capturing packets intended for or broadcast by you.

I could go on, but may it be suffice to say that these tactics can be employed without any recourse to high-level connections within the telcos, ISPs, and fiber backbones or warrants. With a warrant and/pr access to your ISP, all bets are off. There is nothing like a keyboard tap to get information. (You can detect an amateur tap by looking for a detachable interconnector about 1/2" in length between your keyboard cable and the computer -- a professional will insert it into your keyboard or provide a new, identical looking bugged keyboard.) Then there is EMF radiation, etc, etc,... (sigh)

The safe route is to assume your technical security has been compromised and use social engineering and classic intelligence methods to do what you need to do. Computers are hackable; that's why they're so much fun.

Also, realize that the creation of some uber-intelligence monster machine that can see all (as the IAO's logo implies) is a propaganda slush-bucket for the agencies. I'd love to see them open-source their code! Never underestimate government contract programmers for extravagant SLOC-driven, inefficient, and ineffective code. Or maybe it will be an undying Ada behemoth that never breaks but never works quite right either and takes 5 years more time to finish than scheduled. Paranoia-pumping is a more useful counterintelligence effort than such a technological mess and their vets know this.

So, be smart, think for yourself, and don't forget they're human. The real revolution changes hearts and minds for the better, it doesn't fight endless, meaningless wars. Your inspiration should be Nature.

Solidarity!

Consider more carefully 27.Nov.2002 10:01

No-Doz Bukowski

I want to address Greenman's refutal of the COINTEL theory.

"While I do acknowledge the possibility that the murder of the police officer could be a destabilizaton action, I don't think that it is what actually happened in this case. The reasons are as follows:

(1) The posts were fairly reasonable and well-thought out, although not brilliant. Psy-ops would instruct that the information in it needs to present activists in a manner that would (a) be accessible to the whole of the target audience (which in this case is very broad), (b) characterize their actions, bases, and reasoning as flawed, and (c) be extremist enough to cause the reader to want to disassociate himself or herself from such activism. In fact, the posts were relatively moderate and even tried to make appeals to police officers and others."

You're not giving the spooks much credit if you believe that their methods are always this simple. This event shouldn't be judged by the same standards as a viral marketing attack on Indymedia. To those outside the radical movements, the mere fact of MacCrae's having shot a cop is enough to alienate them. The fact is that his writing doesn't sound like a raving lunatic - it sounds like us. If we accept that the Company wants to depict the anti-war, anti-globalization, anti-corporate movement as being related to terrorists (which I think we can assume, based on the indictment of Earnest Ujaama, the Southern Poverty Law Center's defamation of the environmental movement, and the whole concept of the terrorist training camp in Bly springing up at the same time as WTO 99); then this article serves that interest perfectly. It takes our ideals, our rhetoric, and turns it to the justification of violent acts that the public has already been primed to see as "terrorism".
Also, someone compared this to the infiltrator who got the Portland Six started, who told them he could get them guns and tell them how to fight back against the West. That's exactly right. This article seems intended to "red bait" those of us on Indymedia who might sympathize with violent action. The news articles that will be designed to make us all look like terrorist sympathizers need quotes from us, and the Fed wants to know which among us they should come for first.
Not to mention the credence this incident gives to the general push by the Company to control the flow of information over the Internet.

"(2) There was no connection tied to the popular view of terrorists as Arab Muslims in Jihad. Such a connection has been produced, fabricated, or implied for nearly every terrorist suspect imprisoned so far. They are possibly
broadening the focus (which doesn't make sense on the international scale), but it would be more sensible to do this with one subgroup of dissenters at a time
(environmentalists, middle east sympathizers, etc)."

Well, they got the environmentalists already, right? Their leaders are being arrested all over the country. And before that, they got all the Moslem activists. Now they're coming after the anti-corporate movement and Indymedia. To portray this white suburban American as a dangerous terrorist might not have worked a year ago, but the public has been gradually indoctrinated into the belief that A)there are Al Qaeda Sleeper Cells hiding among us, and B)the activists they see on TV marching against the war are actually terrorist sympathizers and enemies of the state. This is the next step, an actual terrorist-sympathizing anti-corporate Indymedia activist who has been moved by his radical politics to murder a cop.

"(3) There was no lengthy period of investigation where public interest would be aroused. This was a quick, open and shut type of investigation."

Maybe they want control from the start of the operation, to sew everything up without scrutiny? That's how they got Kariye, and Ujaama, and The Portland Six. We all woke up one morning and the paper told us they caught another terrorist. There was no build-up, no public investigation.
Things work differently now. We're in a new era in terms of how the Company is going about its business.

"(4) Andy McCrae killed a cop. Cops and FBI are going to be looking at the evidence. Cops are not going to be sympathetic to a intelligence operation that kills one of their own."

You've got to be kidding. How many cops died in the World Trade Center? The NYPD isn't exactly demanding an inquest, are they? Cops are corrupt and cowardly bastards, to a man, and they are all so thoroughly indooctrinated into the State-sponsored worldview that they'll see exactly what they're told to see.

"So, either it is very slick, diabolical, and specific towards Indymedia,"

Well, yeah - the CIA is pretty slick and diabolical. That should come as no suprise. The Company is threatened by Indymedia and the free exchange of information over the Internet. That's no surprise. The Company uses the CIA to get rid of things that threaten it. No surprises here either.

"or it was really just a terribly mistakaken attempt at ending violence with violence."

This, too, is a possibility. If that's what it was, the kid couldn't have served the interests of the enemy better than he did.

5000. - N.

Factual Errors 27.Nov.2002 11:01

Joe Securo

Multiple layers of encryption don't do much besides make it harder to use. To be anonymous, don't go to a cafe, library, place with lots of non-sympathetic witnesses/cameras to watch your dumb ass. Use proxies in countries that don't have treaties with the US. Use SSL encryption (https), it is so common that it really does *not* put up a red flag. Buy a $50 802.11 card, and roll downtown in your local burb with an external antenna and hop on a random corporate lan to be truely anonymous. And don't use the same one twice. Also don't be an asshole and get innocent people raided, there are plenty of CORPORATE networks to use, not residences.

to joe securo 27.Nov.2002 11:57

greenman

"Multiple layers of encryption don't do much besides make it harder to use."

If decryption yields effectively random bytes (because of a second layer of encryption) identification of successful decryption is made much more difficult. Check-sum algorithms defuse this to a degree, but they can be circumvented with certain cryptographic methods.

"To be anonymous, don't go to a cafe, library, place with lots of non-sympathetic witnesses/ cameras to watch your dumb ass."

The key is to use an anonymous computer. There are not stringent identification measures at most of these locations, so it is easy to slip in. These are the internet equivalents of a public pay phone.

"Use proxies in countries that don't have treaties with the US. Use SSL encryption (https), it is so common that it really does *not* put up a red flag."

This is good advice, but the connection can still be easily monitored and connecting to an anonymous proxy does raise a red flag. SSL (even the 128-bit variety) is not that difficult to break if you can monitor and record the entire connection.

"Buy a $50 802.11 card, and roll downtown in your local burb with an external antenna and hop on a random corporate lan to be truely anonymous."

You MAC address will be recorded, you might be stepping into a honey pot, a specific locality and time will be convieniantly recorded, and the radiations of your card can be very quickly triangulated to determine your exact location. Many DHCP servers e-mail the sysadmin with the MAC address and IP automatically whenever someone is given an IP from the pool.

"And don't use the same one twice."

Good advice.

"Also don't be an asshole and get innocent people raided, there are plenty of CORPORATE networks to use, not residences."

This also applies to cracking sites and setting up your own proxies for (D)DoS and other activities.

another point to Joe Securo 27.Nov.2002 12:26

greenman

Regarding anonymous proxies with SSL, the out-going IP of the proxy may be tracked and analyzed to be synchronous with the proxy-users activity to that proxy. Whether or not the outgoing IP is tracked does depend on if it hops through any points that are in the control of the spying party (like any American site would be for the FBI or CIA). If it is tracked, it completely removes the usefulness of the proxy to hide the originating IP, except to the receiving site. Hiding the original IP from server that is being accessed is accomplished through this, though (unless, of course, you're hacking the Pentagon). Also, proxies may be blocked or (uh-oh) spoofed. Anonymity on the internet is a myth; old tactics still apply.

ultra-simple strong encryption 27.Nov.2002 13:27

greenman

There is a trivial way to make extrememly strong encryption: XOR the plaintext with a random string of the same size. This can be repeated several times with different random strings. The strength of this is equal to the strength of your randomizer.

Here's a quick example in Python (  http://www.python.org ) -- convert to your language of choice:

# xor.py FILE1 FILE2 by greenman

import sys
try:
f1 = open(sys.argv[1], "r")
f2 = open(sys.argv[2], "r")
a=f1.read()
b=f2.read()
if len(a) != len(b):
print "FILE1 and FILE2 must be the same size"
sys.exit(1)
for i in range(len(a)):
sys.stdout.write(chr(ord(a[i]) ^ ord(b[i])))
sys.stdout.flush()
f1.close()
f2.close()
except:
print "USAGE: (python) xor.py FILE1 FILE2"
sys.exit(1)


(the spaces on this might be mangled; you might have to fix this if that is the case)

To use this, just type:
python xor.py YourPlainTextFile ARandomStringOfBytes > Output

YourPlainTextFile and ARandomStringOfBytes should be exactly the same size.

This will spit out Output which will the same size as the above and can be decrypted by:
python xor.py ARandomStringOfBytes Output

this will print out the contents of YourPlainTextFile.

ONLY USE YOUR RANDOM STRING OF BYTES ONCE!

Use your own random number generator or just (on Unix/Linux):
dd if=/dev/random of=ARandomStringOfBytes bs=1 count=12345

replace '12345' in 'count=12345' with the size of YourPlainTextFile. Move your mouse, hit shift, ctrl, etc to generate entropy while this is happening to speed it up. Note that this is not the strongest randomizer.

This random string of bytes becomes the key in decoding the output. You can use several random strings like this to make a multiple stage encoder/decoder.

Keep the keys secure!

Happy hacking!

xor.py without indentation 27.Nov.2002 14:03

greenman

# xor.py FILE1 FILE2 by greenman

import sys
f1 = open(sys.argv[1], "r")
f2 = open(sys.argv[2], "r")
a=f1.read()
b=f2.read()
[sys.stdout.write(chr(ord(a[i]) ^ ord(b[i])))
for i in range(len(a))]
sys.stdout.flush()
f1.close()
f2.close()

Wrong again 27.Nov.2002 15:17

Joe Securo

I think you should do a bit more reading. Most random number generators for most OSes are really lousy. You only get a few *bits* of entropy per call. The rest is very poor quality "randomness". Combine this with basic cryptanalysis and you are fucked.

Also one time pad crypto is great in theory, but very hard in practice. You gotta get the pad to your recepient. Deleting files is hard to do securely on all operating systems.

Any Crtptologist worth his/her salt can figure out which common algo generated a particular ciphertext (re: embedded encryption), as this is really the starting point for any cryptanalysis effort.

RE: 802.11 card MAC addresses. On many cards you can change the MAC addy. Also the MAC addy is only a problem if they get your card or happen to be sniffing the airwaves near you, at which point you have some significantly larger problems to consider.

Being anonymous on the internet isn't impossible, just difficult. There is a practical approach to this. An unbreakable cipher won't save your ass if your computer gets hacked/seized and the key gets stolen/recovered. Being all spooky at a library or a cafe won't help you if you go there more than once, and someone is waiting for you when you return, or if there are cameras near the lab.

Also triangulating 802.11 isn't as simple as it sounds. Joe Company really doesn't have their shit together on this one. Being paranoid about honeypots is reasonable to a very small extent. If you're really worried about that, get/build a narrow beam antenna that is harder to triangulate due to it not spilling radiation all over the place.



"Arguing on the internet is like running in the Special Olympics, even if you win you're still retarded."

to Joe Securo 27.Nov.2002 19:11

greenman

I appreciate your comments, although I think that they could be more sociably communicated.

Re: RNGs. For any decent OS, the (quality) entropy is gathered into a pool which is then read by the user. The pools are pretty easily exhaustable, but characterizing every call as receiving only a few bits of entropy is incorrect. You will note that I did not utilize a Python Random.* function for xor.py. It is critical, as my RNG strength = Cryptographic strengh statement indicated, that the RNG is robust.

Personally, I think that random data is best produced by mixing explicit, user inputed entropy with machine entropy. Practically irreproducable empirical data (like doubly modulo'd evenly distributed large numbers) is the way to go. This opens the door to high-level code-based seeds and predetermined algorithms to effectively allow the OTP keys to not have to be copied at all, but, recreated at will. Also, distributed, publically viewable OTPs (stenography, etc) are a method as well.

As I said before, compounding encryption methods is the way to go. Poorly randomized _random_ data is still random data. Typical RSA encrypted data ran through 2 OTPs using different RNGs is extremely difficult to crack -- much more so than any of these encryptions alone. The more mathematically complex (random is maximally complex) and obfuscated (try adding psuedo-random scattering to the output to mix into large binary blobs) the encryption, the more difficult it will be to decode.

Oops, 1 out of 4923 of those position mantissas in Quake are really secret out-of-order OTP bytes. ;)

Re: deleting files securely. No major, publically available filesystems do this well yet. It is _not_ enough to zero out the data. The magnetic polarity on the disk is not binary absolutes and be easily dimensional with computer forensics. You should write over it with random data 100's of times. The same also goes for RAM, which stays detectable for days+ after power down.

Of course (as the police's reported hard disk ghosting exemplifies), most systems are vulnerable in lots of places (application caches, temp files, swap files). Computers get dirty very fast. Having a secret machine (transport your encrypted data to it before decrypting; don't put it on the net) is the way to go.

Re: MAC addresses on WLAN NICs. Yes, on some cards you can reprogram the MAC address to anything you'd like. All it takes is a little direct memory access (on x86) or higher level equivalents (outb, inb, etc -- no need for ioremap stuff here). It can be accomplished in < 100 lines of C code if you know the the chip and if it is not in ROM. This is a good technique.

Be aware that the factory MAC address is a problem when warchalking because the DHCP server will log it when it assigns it an IP (assuming the admin hasn't locked down the pool to just known MACs) and not just if they've confiscated your stuff. The factory MAC can be tracked through the logistics network to the store you bought it from, which may yield your transaction and all the accompanying data.

Re: Radio tracking. Unless it's a communications company, I'd be very surprised that they would have the equipment to triangulate your signal from there. What would be much more likely is that they would call the police when they saw that you're inside and the police would then do the tracking. The police equipment for this is not legal for regular citizens to buy: it works and it works quickly.

I think using a narrow beam antenna is a good idea for reducing noise on the radar. And, most IT departments are too busy getting coffee and writing redundant posts to slashdot to even bother checking their core systems. If you know they're security, you can probably save time by just planting a bot that does what you want. Of course, you may not need to be in a WLAN to do this, but, once you get past their DMZ/firewall you're usually past any real security.

Re: Anonymity and security. People run port scanners or try pathname and default installation script cracks all day long. People crack into dozens if not hundreds of sites every day. Security is not that tight and the FBI isn't going to waste time researching the origin of every 'oWnD' IIS server, although if a private security analysis hands over an open-and-shut they'll probably follow-up. Also, ISP's are usually paranoid of liability enough that they'll look into it -- though most decent crackers are already piping through multiple international backdoors.


HOWEVER, if you try to get into a gateway to one of restricted nets, or try to crack Ashcroft's mailbox , or sniff a deep password, then you're in for something different. Add satellites, complete access to every US backbone (and many international ones) as well as innumerable smaller routers, the ability to monitor and decipher many types of radiation, an amazing variety of bugs and tracking devices, control of the media, pretty much total legal immunity, etc, etc and you've got the CIA sniping you with a hellfire.

Tehcnology is one of the US intel communities strongest suites. Get of the grid and go deep cover if you really don't want to get caught. Come to think of it, No-Doz Bukowski's could very well be right on the money.

Henry Kissinger my ass! A US war criminal to research 911, for Pete's sake, does anyone even think the US is still the good guys? You know it, FBI.

First They Came for the Communists.... 28.Nov.2002 03:42

wake the fuck up

Hey people, regardless of whether this Andy McCrae incident was set up by the cops, it ain't that difficult to figure out what is happening in general.

The so-called War on Terrorism is a fraud. This war is being used to target any resistance to the American Empire--in both the foreign and domestic arenas.

The foreign policy aspect is more obvious--endless wars to expand American hegemony over the planet, all disguised as a 'War on Terrorism.' The Domestic policy aspect is also quite evident--endless war against those who dissent against these predatory policies (e.g. the antiwar and anti-capitalist movement).

This is what Radicals and the Revolutionary Left have been saying from the Day after 9-11 itself.

Wake UP.

As that saying goes, first they came for the Communists...now they are coming for you.