Privacy

...now browsing by tag

 
 

CyberInsurgency – A True Story

Friday, July 24th, 2009

One nation under martial law, the military stands guard against the population. This following days of protest by many who feel the results of the recent election were fabricated. The voice of dissent is publicly silenced with lethal force.  Terrestrial and satellite signals are jammed, including cell phones and foreign broadcast.  The modern police state, a heavy net of surveillance monitors all domestic communications.  In a series of arrests hundreds of people become political prisoners. Authorities raid media outlets, journalists are beaten as their equipment confiscated.  In an effort to dilute the information that leaks out of the country, the military has its own legion of users creating thousands of propaganda blogs.  Despite this opposition, protest continues. 

The riots continue today, a month after the election.  Protesters clash with troops who respond with tear gas.  In undisclosed locations, skilled technologists formed loose alliances to assist the people.  Their goals are as simple as educating people in the use of encrypted communications and services providing anonymous network routing.  This offers civilians a chance to send information securely, and speak their minds without fear of repercussions. 

Government restrictions have been well established. The public is allowed only a limited connection; access has been restricted to 128 kilobytes per second. Their traffic thoroughly inspected, routed into proxy servers, the content filtered, websites are blocked, and services rendered unreachable. Dissenting opinions are intercepted, and confirmed with torture and silenced by death.

In public channels outside of the country, people of various ideologies work together. Unable to free the citizens of that country from physical oppression, they hope to at least provide a means of communication. From around the world they have gathered to brainstorm new ways for the oppressed to maintain access to public web services. Political opinions put aside, a diverse group of people discuss various methods of circumventing control systems.   

Having stumbled into one such a meeting of the minds, I recognized it as a rare opportunity to observe and participate in an electronic insurgency. Though the subject serious and the consequences of failure well understood, the discussion mostly remained technical in nature. This separation from the human aspect of the crisis was enough to allow for the sort of wild creativity that seems to come naturally to successful people. For example, the suggestion of utilizing enigma machines transmitting over Morse code is not the simplest solution. However, it is the idea that is an engine for a train of thought that could eventually arrive at some new solution.  In the end, it was not necessary to reinvent the wheel, and the focus turned towards how to spread existing encryption and privacy technology. The solution must be easy to understand and implement by people with limited technical skills.

Instructions were provided to use FirePGP in combination with GnuPG to send and receive encrypted emails in Gmail. Once their messages are secure, the correspondents require a method to protect their identities. Squid and Tor proxy server software were suggested to anonymize the traffic. Additional details are available for the operation of a Tor-relay, with the goal being to prevent the government to locate sources of information. Other systems are under development to offer civilians access to open communications channels outside their country, and away from the control of their regime.

It was several days after the election before the mainstream media started its coverage. CNN was using information from Twitter, from ultimately unverifiable sources.  A psychological operation was under way to influence the rest of the world, and confuse or expose insurgents using the service. Acting as a live forum for dissent, Twitter was asked by the US State Department to delay scheduled maintenance in order to prevent a possible outage.

This is the story of an international community working together to promote freedom of speech, and private communications in Iran. Public dissent is an event that most governments including the United States have plans to suppress.  They too monitor civilian communications for threats against their authority. Protest has already been caged into ‘free speech zones’. Similar to Iran’s jamming of communications, Executive Orders exist in the United States giving the government the ultimate authority over everything including transportation routes, communications, and even the civilian population who could be used for labor. The planning behind readiness exercise 84 (REX84) shows the government is willing to use its power to detain people who question their authority. Studies such as Operation Cyberstorm show that the United States and its allies are already preparing to defend against activist computer operators, foreign and domestic. Coming legislation, if passed, would require a license to practice computer security. This could classify some unlicensed technologists as terrorists, where they would be no better off then their colleagues in Iran just trying to get an unapproved message out to the world.

Sources:

Martial Law in Tehran-Monday June 29th 2009

Martial Law in Tehran-Monday June 29th 2009

U.S. satellite feeds to Iran jammed :: InfoWar Monitor :: Tracking Cyberpower

U.S. satellite feeds to Iran jammed

Iran blocks TV, radio and phones – but web proves more difficult | Technology | guardian.co.uk

Iran blocks TV, radio and phones – but web proves more difficult

Mousavi’s wife blasts arrests | Philadelphia Inquirer | 07/24/2009

More than 500 remain in prison, including many top politicians from pro-reform political parties, human-rights lawyers, journalists, and activists

Google Translate

This week a letter sent to the 10 thousand to 10 thousand blog mobilization base in commissioning and production of the “Mhtvahay value” is the Internet space.
http://www.bbc.co.uk/persian/iran/2008/11/081119_mg_basij_filtering.shtml (original link)

Greenwave Info

dedicated to spreading useful information about the current protests in Iran.

Iran | OpenNet Initiative <–very comprehensive and informative.

Iran continues to strengthen the legal, administrative and technical aspects of its Internet filtering systems. The Internet censorship system in Iran is one of the most comprehensive and sophisticated in the world. Advances in domestic technical capacity have contributed to the implementation of a centralized filtering strategy and a reduced reliance on Western technologies. Despite the deeply held commitment to regulating Internet content, authorities continue to be challenged in their attempts to control online speech. Political filtering related to the 2009 presidential campaign, including the blocking of Facebook and several opposition party Web sites, brought renewed attention to the role of filtering in Iran.

pastebin – FirePGP tutorial – post number 1465774

Instructions on how to use the Firefox extension, FirePGP, in combination with GnuPG, to send and receive encrypted emails in Gmail.

rbox

rbox: Squid proxy server

rbox-tor: easy to use Tor server

Tor: Relay Configuration Instructions

Configuring a Tor relay

Twitter Retains Spotlight in Iran Coverage – Digits – WSJ

Another delay is being requested, this time by the State Department

NedaNet Resource Page

resource page for NedaNet, a network of hackers formed to support the democratic revolution in Iran.

NSA Spying | Electronic Frontier Foundation

The U.S. government, with assistance from major telecommunications carriers including AT&T, has engaged in a massive program of illegal dragnet surveillance of domestic communications and communications records of millions of ordinary Americans since at least 2001.

Executive Orders | Bill Clinton’s Executive Order 12919

EXECUTIVE ORDER 12919

Rex 84 – Wikipedia, the free encyclopedia

Rex 84, short for Readiness Exercise 1984, is a plan by the United States federal government to test their ability to detain large numbers of American citizens in case of civil unrest or national emergency.


http://cryptome.org/cyberstorm.pdf

National Cyber Exercise: Cyber Storm
National Cyber Security Division

GovTrack: S. 773: Text of Legislation, Introduced in Senate

a) IN GENERAL- Within 1 year after the date of enactment of this Act, the Secretary of Commerce shall develop or coordinate and integrate a national licensing, certification, and periodic recertification program for cybersecurity professionals.

(b) MANDATORY LICENSING- Beginning 3 years after the date of enactment of this Act, it shall be unlawful for any individual to engage in business in the United States, or to be employed in the United States, as a provider of cybersecurity services to any Federal agency or an information system or network designated by the President, or the President’s designee, as a critical infrastructure information system or network, who is not licensed and certified under the program.

Privacy to PreCrime

Thursday, July 9th, 2009

 

When the NSA assumed control of the Cyber Command, it stirred up many privacy concerns. As most know they have been intercepting domestic communications for some time While some people are worried about their phone and email conversations being recorded by the government, the other g-men at Google are doing the exact same thing. Of course deleting your g-mail account only prevents you from accessing the information, deleting your account at the NSA will get you a free vacation to Cuba for waterboarding lessons.

 

Throughout your life, little pieces of information are gathered and accumulated. Your profile is constantly amended as data volunteered by yourself is automatically correlated.  Every time someone forfeits some morsel of information, that data is forever public.  This material goes into a database, the security of which will be compromised at some point. We could blame the corporations when they experience a security breach, but honestly who’s at fault for supplying them with the information to begin with?

 

If we are to address privacy concerns, then it is hypocritical to start the finger pointing with the NSA. Thanks to popular social networking sites,  people are willing to give away the most important details of their lives.  It is this very ignorance of the overall value of information that creates risk on a number of levels. Police officers only require a name and date of birth to positively identify most people. The same details can be used by criminals.  Think about that the next time someone mentions their birthday. If that person has their real name associated with the statement, then all of the facts required to build an extensive profile have been provided.  Such a profile, for example, could be used by a criminal to assume an identity, manipulate a person into revealing more information, or even pose a physical threat.  This same method could be used to launch attacks from within an organization through the user. Imagine a sort of phishing attack that affects the user at home. They enter into correspondence via email with a criminal posing as an old friend.  The employee continues this correspondence at work on the company computer. Since the employee feels safe, they are willing to click links, or even download files.

 

There is a whole industry based on gathering data about consumers, and using their personal details for marketing. The obvious signs of this are places like Amazon that recommend items based on site history.  What does your Amazon account say about you?  I don’t buy into that line about “if you’re not doing anything wrong, you don’t have anything to hide”. Would you invite someone into your house to create a behavioral profile based on your possessions?    Just about everything you do reveals some detail about your life.  For example, when you go to sleep your inactivity is noted. Just by looking at your social network updates anyone can know what your sleeping habits are, and possibly where you sleep.  Everything you do is recorded, cataloged, correlated, psychologically analyzed, and put up for sale. The biggest customer for this information is the Federal Government, and because these databases are private, the Freedom of Information Act does not apply.

 

In the past it was common for people to keep a their private names and public names separate.   In Homer’s Oddesy, Ulysses used a clever name to avoid unwanted attention from the other Cyclopes after blinding Polyphemus.  In Christian mythology, God gives Adam the power to name the animals, and so he had some power over them.  What of the clever goblin Rumpelstiltskin who allowed the millers daughter to renege on a deal by giving her a chance to guess his name?  When I first started in networked computing, one of the first things we learned was to contrive a ‘handle’, a pseudonym under which we would carry out our online activities.  Today, it seems, people view this an act of cowardice, or become suspicious to the motivations behind concealing one’s identity.  It wasn’t a hacker thing, it was standing operational procedure. There is no such thing as anonymous internet usage. The best people can do is become aware of how much privacy that has already been lost, and do what they can to hold on to its shredded remains. It’s not about assuming a new identity, it’s about protecting privacy.  Today people  on-line are trading their identity for an illusion of friendship.

 

With the amount of information already in the databases, it is possible for them to know what we want before we do.  Using predictive modeling, marketing companies can already forecast the likelihood of future purchases. This also
means with government access to these details, they can perform similar analysis. Psychographic profiles reveal your personal interests, activities, and opinions, when combined with demographics and other variables, it is possible to triangulate personality in the same manner as physical location. It is trivial to track the physical direction of an individual, the same is also true about their mental direction.

 

Today we have the increased use of biometric identification. It comes with the promise of security, but can pose a new privacy risk.  Clear, the airport security screening service, may be taking the data trade to a new level. The TSA approved company, which required biometric finger and eye scans, has suddenly shut down.  It is likely their database will be transferred to some other private firm which specializes in collecting biometric data.  Since they are working with Lockheed Martin, I’d suggest the database and technology will resurface as part of the new biometric authorization requirement for access to public and private infrastructure.  Unlike passwords, there is no easy way to reset your fingerprints once the database has been compromised. 


Within a few years there will be a global DNA database which will be used for a number of purposes. Utilization of the genome is so important that Francis Collins, who was responsible for the Human Genome Project, has been made director of the National Institute of Health.  If you take a look back at that psychographic profile link, you’ll notice the article was in strategy+business, which is published by Booz and Company the global parent of Booz Allen Hamilton. A representative of Booz Allen was the one who brought to my attention the Global DNA database while giving a talk titled  “Hacking the Genome” at a computer security conference.  Booz Allen is interested in developing psychological and genetic databases, they are also one of the main contractors for organizations such as the NSA . This sort of database, combined with genetic screening, could lead to the ability to determine much of the future of an unborn child.  While this has its merits, like any other system it can be abused. If not kept in check, it could lead to the reincarnation of the eugenics movement of the last century which was forced to re-brand after WWII because of it’s popularity within the leadership of the German National Socialist party as part of their platform for world domination

 

Welcome to the Brave New World!

 

Twitter links powered by Tweet This v1.8, a WordPress plugin for Twitter.

Get Adobe Flash player