Security and the Portland IMC
A look at the inevitable increase in investigation of Indymedia as a result of Andy McCrae's murder of a presumably innocent cop. Also, an appeal to Indymedia readers to remain committed to positive revolution while rejecting oppression and violence as means to peace.
Very recently a police officer in Red Bluff, CA was murdered in what appears to
have been a random selection of a police victim in order to punctuate a
statement about corporate wrong-doing. The alledged murder, Andy McCrae, posted
his confession with his statement on Portland and San Francisco Indymedia
websites (the D.C. post was a question for for information, not the same post).
This lead to his apprehension.
Andy McCrae referred to himself as a veteran army ranger having trained in
airborne and jungle operations. As he is only 23, this would mean that his
active service would have been limited to 1998 and beyond. Military activity in
former Yugoslovia and Kosovo or Afghanistan was the most overt during this time.
The original story titled "Proud and Insolent Youth Incorporated" was posted at
7:24 PM PST in Portland and 7:37 PM PST in San Francisco. "The Declaration of a
Renewed American Independence" was posted at 7:34 PM PST in San Francisco. At 2:19 AM EST (10:19 PM PST) the FBI tipped police that McCrae was staying at a
Holiday Inn in Concord, New Hampshire. The SWAT team arived at 6:00 AM EST and
the FBI persuaded him via telephone to surrender at 10:00 AM EST.
Although there was almost certainly covert evacuation, tactical positioning, and
survelliance going on initially, by 7:30 AM EST the FBI was on the phone with
him and had been so far unsuccessful in persuading him to leave his room.
Apparently, Andrew McCrae was unwilling to enter into police custody for 2 and
1/2 hours. When he did surrender, he did so non-violently.
The FBI tip to the Police came just 3 hours after the original post. This is
what I think happened:
(1) The murder itself occurred November 19th. The local media had covered the
story, displayed a police sketch, and encouraged people with details to contact
the police. This information was readily available to readers of Indymedia and local law-enforcement and FBI would be familiar (indeed, the FBI would be
investigating it) as well. Furthermore, Indymedia and its articles, posts, and
posters are already undoubtedly the target of deliberate investigation.
(2) The FBI became aware of the posts either through its own agents or an
(3) The FBI, using the previously created (either surrepitiously, through
cooperative permission, invocation of provisions in the Patriot Act, or
otherwise) access at Verio, Internap, Metromedia Fiber Network, Transbay.Net,
Speakeasy, etc easily tracks the incoming IP of the poster (if
stallman.indymedia.org and sf.indymdia.org aren't comprised themselves). This
is done by comparing the IP logs of the routers with the time of the posts,
especially cross-referencing the two different servers. As you can see, this
doesn't even require examining the packets (which are probably being spooled) to
(4) The IP address (a) points directly to the computer of the poster of (b) is
the IP of a proxy (anonymous or otherwise) that the poster was using. I will
guess that that IP pointed directly to the computer which was probably using a
dail-up connection from the hotel room (which we know has a telephone).
Anonymous proxies and redirectors are very quickly targets for espionage and,
like the use of encrypted data, flag the user as suspect. Therefore, an
anonymizer would not necessarily slow the investigation. The IP can indicate a
MAC address by gaining access to the DHCP server or nearby routers (thus
identifying the exact network card), but this wouldn't be necessary for this
operation. Andy McCrae probably dialed up AOL, posted the comments, and the FBI
knew the IP within a half hour after beginning the investigation of the posts.
(5) As it was probably a dail-up, trace-routing back to the IP would reveal
the local server handling the PPP connection (the computer he had dialed into). This would contain information on the actual phone number being used to call it.
There are probably FBI databases which match these server IPs to their dail-in
number, the phone specialists could then analyze what number has called them;
they wouldn't necessarily need access to that server (although I'm sure they
could get it). Matching the IP records (including but not limited to accessing
to Indymedia) to time of call connection would single out which number dailed it
and acquired the IP through DHCP.
(6) The phone number is matched to the telephone number, room, etc. You can
guess the rest...
Folks, it is obvious that Andy McCrae was not trying very hard to avoid getting
caught as he posted his name to the web site, in fact, he seems to have been
turning himself in essentially. However, there are two things I hope that
people realize from this.
Firstly, you need to regard all of your activities on the Internet as monitored, period. There are three basic ways to throw off internet investigation:
normalization, encryption, and logistics. The first tactic, normalization,
means that you do not arouse suspicion with your activities. The statistical
analysis algorithims will catch you if you do things that are 'suspicious', such
as using certain keywords in your e-mail, visiting sites like Indymedia, etc.
If you have something covert to communicate, you need to do so as John Doe.
Using encryption will attract attention. If you must use encryption, multiply
encrypt the data using several different cryptographic algorithms. Preferably,
do not reveal what algorithms are in use. This will greatly increase the
security of your encrypted data.
Logistics involves going to libraries, colleges, and cafes to access the
internet. You should use a fake name, possibly a disguise, and avoid frequent
usage. If you need to disclose something that would put you in danger of being compromised, this is probably the best place to do it. Be aware that forensic
science is quite powerful and eye-witnesses will be there.
The best intelligence communication is indistinguishable from 'normal'
communication and your codes should not be recorded anywhere.
Secondly, you should be aware that Indymedia will now be the target of far more
investigation. (Hello there, FBI worker.) I don't think this should scare you that much, however, as long as your not planning on doing something horrible as Andy McCrae did. There is a lot of suspicion about the FBI, but I think that this is largely misplaced.
People are people. Believe it or not, most FBI workers are not in league with
the devil and most will respect your rights to freedom. I'm sure that there is
a lot of top-level pressure for increased 'production' that might create some
extraneous busts, but, you should keep something in mind: Corruption in the FBI
generally increases the farther upward in the information hierarchy you travel (this is very true for the CIA as well). The investigators themselves are
people quite like yourself, many probably have suspicious and cyncial mindset to
However, realize that the White House policy is to broaden the definition of
terrorism to included pretty much every activist that is in strong dissension
with the official line. The upper echelons of the US Government are, on the
whole, _extremely_ corrupt and should not be trusted to do what is right, legal,
or even seemingly reasonable. In 25 years we'll all be picking through the
history of this time and this corruption will be as plain as day.
If you have important information to leak, etc, I wouldn't recommend just
entrusting it to the FBI. The dissemination of such information can very easily
be supressed by higher-ups. Rather, go for a multi-faceted broadcast and use
the internet, news media, FBI, NPOs, and international bodies to get the word
Andy McCrae's attack was so offensive and immoral that a respectable portion of Indymedia's posters are raising the possiblity that it may have been a covert
operation to damage Indymedia and its community. Indymedia has almost certainly
been subject to counterintelligence operations and certain bodies of the US
government have been implicated in many illegal activities including murder,
disinformation, extortion, etc, etc.
While I do acknowledge the possibility that the murder of the police officer
could be a destabilizaton action, I don't think that it is what actually
happened in this case. The reasons are as follows:
(1) The posts were fairly reasonable and well-thought out, although not
brilliant. Psy-ops would instruct that the information in it needs to present
activists in a manner that would (a) be accessible to the whole of the target
audience (which in this case is very broad), (b) characterize their actions,
bases, and reasoning as flawed, and (c) be extremist enough to cause the reader to want to disassociate himself or herself from such activism. In fact, the
posts were relatively moderate and even tried to make appeals to police officers
(2) There was no connection tied to the popular view of terrorists as Arab
Muslims in Jihad. Such a connection has been produced, fabricated, or implied
for nearly every terrorist suspect imprisoned so far. They are possibly
broadening the focus (which doesn't make sense on the international scale), but
it would be more sensible to do this with one subgroup of dissenters at a time
(environmentalists, middle east sympathizers, etc).
(3) There was no lengthy period of investigation where public interest would
be aroused. This was a quick, open and shut type of investigation.
(4) Andy McCrae killed a cop. Cops and FBI are going to be looking at the
evidence. Cops are not going to be sympathetic to a intelligence operation that
kills one of their own.
So, either it is very slick, diabolical, and specific towards Indymedia, or it
was really just a terribly mistakaken attempt at ending violence with violence.
We need to end violence and the oppression that produces it. We need to work
towards peace. We must not be hypocrites and supplant one dictator with
another. Equality, liberty, and solidarity for all is what we should seek.
These things can only be fully had in peaceful society, not violent society
(whether Leftist, Centrist or Rightist).
Let's express our solidarity in condemnation of the violent and cruel actions of
Andy McCrae. And, let us also express our continual commitment to ending
violence and truly acheiving the free and healthy society that is the natural
maturation of Human life. Let's stand together and learn to love the truth. It
is the evolution towards harmonious coexistence with all of Nature.
Viva la Revolution!
add a comment on this article
add a comment on this article