DEFCON 20: Bruce Schneier Answers Your Questions
Leave a comment
Hacktivism
How to Keep the NSA Out of Your Computer
(motherjones.com) JOSEPH BONICIOLI mostly uses the same internet you and I do. He pays a service provider a monthly fee to get him online. But to talk to his friends and neighbors in Athens, Greece, he’s also got something much weirder and more interesting: a private, parallel internet.
He and his fellow Athenians built it. They did so by linking up a set of rooftop wifi antennas to create a “mesh,” a sort of bucket brigade that can pass along data and signals. It’s actually faster than the Net we pay for: Data travels through the mesh at no less than 14 megabits a second, and up to 150 Mbs a second, about 30 times faster than the commercial pipeline I get at home. Bonicioli and the others can send messages, video chat, and trade huge files without ever appearing on the regular internet. And it’s a pretty big group of people: Their Athens Wireless Metropolitan Network has more than 1,000 members, from Athens proper to nearby islands. Anyone can join for free by installing some equipment. “It’s like a whole other web,” Bonicioli told me recently. “It’s our network, but it’s also a playground.”
Indeed, the mesh has become a major social hub. There are blogs, discussion forums, a Craigslist knockoff; they’ve held movie nights where one member streams a flick and hundreds tune in to watch. There’s so much local culture that they even programmed their own mini-Google to help meshers find stuff. “It changes attitudes,” Bonicioli says. “People start sharing a lot. They start getting to know someone next door—they find the same interests; they find someone to go out and talk with.” People have fallen in love after meeting on the mesh.
Read more: http://www.motherjones.com/politics/2013/08/mesh-internet-privacy-nsa-isp
The Ecuadorian Library by Bruce Sterling
The Ecuadorian Library
or, The Blast Shack After Three Years
Back in distant, halcyon 2010, I was asked to write something about Wikileaks and its Cablegate scandal. So, I wrote a rather melancholy essay about how things seemed to me to be going — dreadfully, painfully, like some leaden and ancient Greek tragedy.
In that 2010 essay, I surmised that things were going to get worse before they got any better. Sure enough, things now are lots, lots worse. Much worse than Cablegate ever was.
Cablegate merely kicked the kneecap of the archaic and semi-useless US State Department. But Edward Snowden just strolled out of the Moscow airport, with his Wikileaks personal escort, one month after ripping the pants off the National Security Agency.
You see, as it happens, a good half of my essay “The Blast Shack” was about the basic problem of the NSA. Here was the takeaway from that essay back in 2010:
One minute’s thought would reveal that a vast, opaque electronic spy outfit like the National Security Agency is exceedingly dangerous to democracy. Really, it is. The NSA clearly violates all kinds of elementary principles of constitutional design. The NSA is the very antithesis of transparency, and accountability, and free elections, and free expression, and separation of powers ― in other words, the NSA is a kind of giant, grown-up, anti-Wikileaks. And it always has been. And we’re used to that. We pay no mind.
Well, dear readers, nowadays we do pay that some mind. Yes, that was then, while this is now.
So, I no longer feel that leaden discontent and those grave misgivings that I felt in 2010. The situation now is frankly exhilarating. It no longer has that look-and-feel of the Edgar Allen Poe House of Usher. This scene is straight outta Nikolai Gogol.
This is the kind of comedic situation that Russians find hilarious. I mean, sure it’s plenty bad and all that, PRISM, XKeyScore, show trials, surveillance, threats to what’s left of journalism, sure, I get all that, I’m properly concerned. None of that stops it from being hilarious.
Few geopolitical situations can ever give the Russians a full, free, rib-busting belly laugh. This one sure does.
If Snowden had gotten things his own way, he’d be writing earnest op-ed editorials in Hong Kong now, in English, while dining on Kung Pao Chicken. It’s some darkly modern act of crooked fate that has directed Edward Snowden to Moscow, arriving there as the NSA’s Solzhenitsyn, the up-tempo, digital version of a conscience-driven dissident defector.
But Snowden sure is a dissident defector, and boy is he ever. Americans don’t even know how to think about characters like Snowden — the American Great and the Good are blundering around on the public stage like blacked-out drunks, blithering self-contradictory rubbish. It’s all “gosh he’s such a liar” and “give us back our sinister felon,” all while trying to swat down the jets of South American presidents.
ANONYMITY IN THE SWARM: a practical guide to online security
> The first step is to recognize that constant monitoring and analysis are under way. The next step is not to panic or feel overwhelmed! Understand that there are tools and techniques available which can assist in anonymizing our use of various telecommunications technologies.
Download: https://currentperspectives.org/distribution/Anonymity_in_the_Swarm.pdf
What Was the FBI Doing with 12 Million Apple IDs Anyway?
(theatlanticwire.com) This morning (sept 4) AntiSec released a list of 1 million out of 12 million Apple UDID’s that it said it got from the FBI, which has raised many questions, most prominently perhaps: Just what was the FBI doing with that data in the first place? First off, neither the FBI nor Apple has confirmed that the data released so far is real. Update: Just after we published this post, the FBI issued a statement to Gizmodo denying that the data came from them. “At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.” Before that statement, an FBI spokesperson told Computer World and Gizmodo that it was “declining to comment,” which has led Gizmodo’s Jamie Condliffe and Sam Biddle to suggest “it’s very much possible that an FBI computer is the original source of this alleged data dump.” Even though we have no proof of that, others have at least confirmed that the UDIDs out there correspond to actual phones, with ArsTechnica’s Jacqui Cheng posting responses from Security journalist Rob Lemos and “eCrime specialist” Peter Kruse saying that they have devices on the list. With so little information — AntiSec has refused to give interviews, for now — we still can’t be sure that these came from the FBI. But if the hackers are to be believed (an admittedly big if), it brings us back to that initial question: What did the FBI want with those Apple IDs? Some theories.
“FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME SHIT.” That’s the explanation that AntiSec uses in its post, which Anonymous reiterated in the following tweet.
Statement on UK threat to storm Ecuadorian embassy and arrest Julian Assange
(wikileaks) Thursday 16th August, 3:00am UTC
In a communication this morning to the government of Ecuador, the UK threatened to forcefully enter the Ecuadorian embassy in London and arrest Julian Assange.
The UK claims the power to do so under the Diplomatic and Consular Premises Act 1987.
This claim is without basis.
By midnight, two hours prior to the time of this announcement, the embassy had been surrounded by police, in a menacing show of force.
Any transgression against the sanctity of the embassy is a unilateral and shameful act, and a violation of the Vienna Convention, which protects embassies worldwide.
This threat is designed to preempt Ecuador’s imminent decision on whether it will grant Julian Assange political asylum, and to bully Ecuador into a decision that is agreeable to the United Kingdom and its allies.
WikiLeaks condemns in the strongest possible terms the UK’s resort to intimidation.
A threat of this nature is a hostile and extreme act, which is not proportionate to the circumstances, and an unprecedented assault on the rights of asylum seekers worldwide.
We draw attention to the fact that the United Nations General Assembly has unanimously declared in Resolution 2312 (1967) that
“the grant of asylum. . . is a peaceful and humanitarian act and that, as such, it cannot be regarded as unfriendly by any other State.”
Pursuant to this resolution, a decision to grant asylum cannot be construed by another State as an unfriendly act. Neither can there be diplomatic consequences for granting asylum.
We remind the public that these extraordinary actions are being taken to detain a man who has not been charged with any crime in any country.
WikiLeaks joins the Government of Ecuador in urging the UK to resolve this situation according to peaceful norms of conduct.
We further urge the UK government to show restraint, and to consider the dire ramifications of any violation of the elementary norms of international law.
We ask that the UK respect Ecuador’s sovereign right to deliver a decision of its own making on Julian Assange’s asylum bid.
Noting that Ecuador has called for emergency summits of OAS and UNASUR in response to this development, WikiLeaks asks those bodies to support Ecuador’s rights in this matter, and to oppose any attempts to coerce a decision.
We note with interest that this development coincides with the UK Secretary of State William Hague’s assumption of executive responsibilities during the vacation of the Prime Minister and Deputy Prime Minister.
Mr Hague’s department, the Foreign and Commonwealth Office, has overseen the negotiations to date with Ecuador in the matter of Mr Assange’s asylum bid.
If Mr Hague has, as would be expected, approved this decision, WikiLeaks calls for his immediate resignation.
Australian Documentary on Julian Assange’s situation: http://www.abc.net.au/4corners/stories/2012/07/19/3549280.htm
Friends of WikiLeaks Support Network: https://wlfriends.org
Justice for Assange: http://justice4assange.com
Source: http://wikileaks.org/Statement-on-UK-threat-to-storm.html
Anonymous punishes Hungarian neo-Nazis; hacks, defaces websites
(examiner.com) In a successful and well coordinated effort, 17 neo-Nazi websites based in Hungary were hacked and defaced by the international Internet hacktivist collective known as Anonymous.
The action, taken Monday, June 18, is part of Operation Blitzkrieg (#OpBlitzkrieg). (…)
Operation Blitzkrieg was initially conceived and launched in May 2011. The following is an excerpt taken from a press release announcing Operation Blitzkrieg:
Neo-Nazis:
Your incomprehensible actions, and your reluctance to accept the Freedom and Equality that every single human being possesses by right from birth, causes the birth to hatred and worldwide Racism.
After the first World War, your ideology plunged the world into chaos. You took over a plague, known as anti-Semitism, and made sure that racism was drilled into our collective consciousness…
Your misdirected politics and your hate filled crusade against humanity have not only blurred your perception, but also affected countries worldwide… You have combined the ideals of industrialization with the abomination of mass murder, a circumstance that led to destruction of human life, in a scale never seen before…
This behaviour can no longer be tolerated…
We are Anonymous.
We are Legion.
We do not Forgive.
We do not Forget.
Expect Us.
Read more:
http://www.examiner.com/article/anonymous-punishes-hungarian-neo-nazis-hacks-defaces-websites
Swedish researchers uncover key to China’s Tor-blocking system
(anonymouslegionops) Swedish researchers have discovered that Chinese officials have updated the country’s ‘Great Firewall’ to make it harder for citizens to use the Tor network that provides a means of surfing the web anonymously.
It has been long-known that the ‘Great Firewall Wall of China’ has attempted to block citizens from using the Tor network, by blocking access to some IP addresses or using HTTP header filters to weed out suspect traffic.
But Philipp Winter and Stefan Lindskog of Karlstad University in Sweden have discovered that Chinese authorities have recently increased the sophistication of their filtering tools, making it more difficult for citizens to browse the web freely, by blocking so-called Tor bridges.
Tor bridges serve as entry points to the Tor network – if these are unreachable, a user cannot access the Tor network. While many of these bridges were once published, making it relatively simple to block, users had started to use unpublished bridges.
Last December, Tim Wilde, of security group, Team Cymru, used virtual proxy servers in China to establish that these unpublished bridges were being blocked.
The Karlstad researchers have now established how that blocking is being done and suggested ways in which it may be circumvented.
They discovered that the firewall searches internet traffic that indicate a network connection as Tor and initiate a scan of the host. This scan effectively attempts to “speak Tor” to the host and if successful, the bridge is blocked.
“The scanners are mostly random IP addresses originating from address pools of ISPs. Therefore it is very hard for a bridge to differentiate between a legitimate user from China and a scanner,” Winter told V3.
Tor fingerprinting and active scanning is effective for the firewall because Tor traffic can be distinguished from other forms of traffic, allowing the Chinese authorities to block Tor networks, the researchers said.
“Since Tor is being used more and more as censorship circumvention tool, it is crucial that this distinguishability is minimised,” added Winter.
Tools such as “obfsproxy” can help defeat the Great Firewall, he added. This obfuscates the Tor traffic between the user and the bridge, making it appear as Skype traffic, for example.
“Unfortunately, China is blocking the few publicly available obfsproxy bridges at the moment but non-public obfsproxy bridges work,” said Winter.
The researchers were able to show that by using so-called packet fragmentation tools, which split TCP streams in to small segments, it is possible to disguise Tor traffic, making it harder to detect.
While Tor networks are commonly associated with hackers and groups such as Anonymous where internet users aim to mask their identity, the network has played a crucial role in promoting online freedoms in many countries.
Source: http://anonymouslegionops.blogspot.com/2012/04/swedish-researchers-uncover-key-to.html
U.S. National Security Agency has developed a new technique of finding hackers.
(technoparadise.in) U.S. National Security Agency has developed and patented a new technique by which a computer network can be computed by hackers who try to impersonate legitimate users. At the heart of the NSA is developing software that accurately measures the time required to transfer over the network or that type of data from one computer to another.
In the event that the time required for transmission, dramatically increases or decreases, the software warns of atypical behavior of the computer that is located “on the other side” of the network.
In the NSA notice that earlier time technique is proposed for use by other researchers, but their technique is different from anything proposed so far. The new technology involves sending different types of data, comparing the speed and the nodes on which they are in the process of its delivery to the destination node.
“The highlight of the method lies in the fact that he is looking at several network levels at once,” – says Tadaeshi Kono, one of the developers of the system and an employee of the University of Washington.
The developers say that their method allows to find phishing sites, as well as deal with common types of attack, man-in-the-middle, where the attacker transmits and listens to all traffic from the private client to the server via your computer.
IT expert Dan Kaminsky, who discovered a major bug in the DNS system this year, not particularly impressed with the development of American intelligence officers: “Just think, if your network has become a bit slower, or the bad guys fill her bad packets, this method is not very effective . In practice it might be a billion reasons why the routing can be slowed down. ”
While the NSA did not report whether they will publish a new development under the GPL, as it was in his time with SELinux.
Monsanto.hu downed by P@n0ns3c – Anonymous
@ggregator 