-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
anonymous@remailer.hastio.org wrote in alt.fan.yardbird on Monday 01 June
2009 11:12 in Message-ID: <TF9DVEZD39965.7173148148@anonymous.poster>:
> Ah, a yarbird sighting. Comments below.
You mean an /alleged/ Yardbird sighting.... I haven't seen the original
post, so I don't know whether it was PGP signed, and if it was, whether the
PGP signature verified. However, for the purposes of this discussion, I
will treat the alleged Yardbird post as genuine.
> In article <VPQB4QR339964.2672222222@anonymous.poster>
> Yardbird <yardbird@hod.aarg.net> wrote:
>>
>> I'm just passing through, so feel free to disregard my words, but
>> I have read enough to see the evolution of a "group". I would
>> define that as: 1) limited access and 2) Password protected files.
>> The rest of the details are unimportant.
>>
>> My group, which unfortunately has become the subject of derision and
>> ridicule, was formed originally to avoid the heckling of antis and
>> the loss of posting accounts (anonymously created, of course) that
>> might occur if the open posts were reported. We were successful
>> for about three or more years, but ultimately a member was arrested
>> on unrelated charges and he gave the group to reduce his sentence.
>> Our "screening" methods were successful, but in the that didn't
>> matter.
As I've pointed out elsewhere, regardless of what screening methods you
might have employed, penetration/infiltration of the group was inevitable.
The best you could hope for was to delay it to some degree.
As far as being betrayed as the result of the actions of a member of the
group, this is the third such case of which I'm aware. There were two
previous groups broken up in this manner: the Wonderland club, and the
Orchid club.
The existence of these groups was revealed when a member of the group(s) in
question molested some friends of his daughter who were at his house for a
sleepover. The victim reported this to their parents, who contacted police,
and the perpetrator's house was raided. His computer was examined, and the
authorities there discovered evidence of the existence of both groups.
The only organized criminal groups that have ever managed to avoid being
penetrated or compromised by law enforcement tend to be close-knit, usually
bound by blood or other kinship ties. Groups such as the one that you
established, where the members are unknown to each other in real-life, are
particularly vulnerable to penetration or infiltration.
>> Details aside, the concept of a group created to share files that
>> were essentially illegal created a convenient target for LEA.
Did you not expect this to be the case? If not, why not?
>> They called it a "criminal enterprise" and "conspiracy".
Most legislatures have drafted these laws in an extremely broad way;
this was deliberately done to encompass as wide a variety of criminal
activity as possible. Convictions under these statutes are extremely
easy to obtain, even where there is minimal evidence. This is why such
charges are a favorite of prosecutors the world over.
>> Sentences range from 20 years to life. Yep, life.
If memory serves, Constable Power commented to me that this was 'over the
top' (or words to that effect). Such excessive sentences seem to be a
peculiar characteristic of the American justice system -- I am not aware
that such excessively long sentences would be imposed either in Canada, or
Australia.
>> And one, in England, got a sentence of "indefinite" whatever that means.
My impression is that this was an extremely rare occurrence.
>> The use of encryption and anonymous posting were called "obstruction of
>> justice."
Again, this should come as no surprise -- this is another prosecutorial
favorite.
>> The bottom line is that about 1/2 were arrested.
I find that somewhat surprising, given the degree of penetration of the
group. I can only come to the conclusion that those apprehended were those
of lesser technical skills, and/or those who were less careful.
>> All were supposedly using anonymous posting techniques, but many used
>> which were apparently compromised.
Ah, yes.... Eggplant and his beloved Privacy.li. I seem to remember
exchanges in a.f.y. where Eggy vociferously defended his use of Privacy.li
even after being told repeatedly that this was insecure. I seem to remember
commenting that SSH tunnels were 100% for privacy, and 0% for anonymity.
He was absolutely pig-headed in that regard, and insisted he knew better.
He is now paying, in spades, for his arrogance and stupidity.
>> Just realize this:
>>
>> 1. If you have a group, you will attract some extra attention.
This almost goes without saying, as where there is a group, there is
a possibility of multiple arrests. The larger the group, the larger
the potential payoff (in terms of arrests, favourable publicity, etc.)
Accordingly, more resources will be devoted to breaking up the group.
It's simply economy of scale, nothing more. By the same token, the softer
targets, or 'low-hanging-fruit' as you used to put it, will be gathered up
first -- as appeared to be the case here.
>> 2. Avoiding serious consequences depends on perfect anonymous
>> posting and communication.
>>
>> Perfect. It is attainable, but difficult.
I would disagree that perfection is attainable -- everyone makes mistakes,
including both you and me. Thankfully, my mistakes have not been serious
ones -- unfortunately the same cannot also be said of you. (Your biggest
mistake was in breaking the law -- something I've been very careful NOT to
do.)
>> Hushmail won't cut it for communicating.
No kidding. Tyler Stumbo and his associates can attest to that.
>> Consider Nym servers or TOR with an anonymously created posting account.
For posting of text messages, a properly set up nymserver account is as
good as it gets -- it's the gold standard.
>> For posting binaries, I used TOR with an anonymously created account
>> (or stolen account). Slow, but better than any one-hop "anonymous"
servers.
I'm not sure there /is/ any safe way to post binaries.
>> FWIW, pretending to post innocent stuff (like copyrighted mp3s)
>> won't shake LEA.
No kidding.
>> Good screening might work for a few years, but ....
I disagree completely. As far as I'm aware, there _is_ no method
whatsoever that can be relied upon to screen out law enforcement --
infiltration/penetration is inevitable --the best you can hope for is to
delay the inevitable, for a while.
>> ... there isn't any way that I know of to shake the arrested turncoat.
Agreed. Infiltration is used because it /works/ -- spies, informers, and
traitors have been the mainstay of police and military forces for thousands
of years. Sun Tzu, in his military classic, The Art of War, penned almost
2500 years ago, has a chapter on the use of spies. He breaks them down
into no less than five separate classifications, and tells how to convert
enemy spies to one's own side. This seminal work is still used in military
academies to this day.
[snip]
>> Oh, and a big shout out to Unforgiven if you happen to read this.
>>
>> Yardbird.
> Wonderful.
> You, of all people, have the ability to set these dumbasses straight.
> Even obligation! Your standoffish blase' attitude makes me sick. It
> shows what kind of stone-hearted creep you are - you got away with your
> skin. Fuck everybody else, it's their lives, their choices, right?
Actually, I think he has made the point -- although perhaps not as
forcefully as you would have liked.
> These morons posting today are light-years behind your destroyed group in
> terms of understanding, maturity and discipline.
I disagree. /Some/ of the members of Yardbird's group may have been
'light-years' ahead of the current crop of posters -- but not all -- not
by a longshot. Eggplant, to name just one poster, was so technically inept
that I don't think he could be trusted to operate a toaster properly, let
alone a computer.
> For you to insinuate that they stand a chance if only they were "perfect"
> is doing them a disservice of extraordinary magnitude.
I think that Yardbird is speaking of an ideal here, as opposed to objective
reality. Even given the best tools available, people make mistakes. For
some examples, we need only look to the history of the 20th century, in
particular counter-espionage operations by the West against spies fielded
by the Soviet Union. Agents fielded by both the KGB and the GRU were highly
disciplined, highly trained, and equipped with the best cryptographic tools
available.
The Soviets equipped their spies with one time pads; these are the only
cipher that is truly unbreakable in both theory and practice. Provided
that the pads are used only /once/ they are unbreakable. In the early
1940s, in the middle of World War II, when the Soviets were fighting for
their very survival against the German invaders, someone in the GRU made a
fatal mistake.
They reused some one-time pads, which normally after being used, are
destroyed. Someone in either British or American intelligence realized that
the pads were reused, and this gave them their first glimpse into the
traffic between Soviet agents and Moscow. Many of the decrypts were partial,
meaning that only part of the messages were decipherable. Decryption
efforts continued for several decades (1946-1980) but no further headway
was made. Eventually, these materials were made public: Project VENONA.
So as you see, even the most highly skilled, highly trained, well-equipped
operatives can be undone by a simple mistake. In espionage, as in other
illegal activities, sometimes the authorities get lucky, as they did in the
case of the group.
> You should be saving them by telling them from personal experience that
> Usenet is in the crosshairs. LEA is pervasive, it isn't a GAME of hide &
> seek. Everything is archived.
Usenet has been in the crosshairs since 1998, when the Pedo U busts went
down.
> Life in Federal prison means just that - LIFE, with no possibility of
> early release. It's OVER. Get off of Usenet while you can. Things like
> that!
Life in prison applies only to those who were prosecuted and convicted in
the United States. Sentences in other jurisdictions are typically not that
extreme.
> Serious and TRUE advice which will save their lives!
The question remains: are they the type of people who will take advice?
(Some people (like Eggplant) thought they knew better, and would not take
advice.)
What makes you think that the newer posters are any different?
[snip]
Baal <Baal@Usenet.org>
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1E92C0E8
PGP Key Fingerprint: 40E4 E9BB D084 22D5 3DE9 66B8 08E3 638C 1E92 C0E8
Retired Lecturer, Encryption and Data Security, Pedo U, Usenet Campus
- --
"Sed quis custodiet ipsos Custodes?" -- "Who will watch the Watchmen?"
-- Juvenal, Satires, VI, 347. circa 128 AD
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJKKDYsAAoJEAjjY4weksDoLUcH/3NA89MilnFco0QS+DDCw0nA
mXPYVEsCvSVRbK8kDETlAi6UaG1zZER1/7PBKiq16PDVISYrLuqKChG9VzF7v0rO
uYLnBkCvCKdCCMivp2mZE1JV99cxltm4+J6ERu9Zhez37hV6Cwa4V+7th3Vk+1/7
uGuepQn6rOX6JdLSXjvYAe6KxMyS+zhbeewEWOlI2YVyt4AyEKrMN8/YBAH3dA0m
b1RGvaND/b9pGCts3bjBMicBCdLOeNfZ3UiaNttgP/mXAqxi88gjETOeDxjBn5uw
gRxkJt5wjWXPnq9NfX6P88LbkKdHcdTal3ZLWyxiHQylOR16W4fV6J9wRwj/TNI=
=10KF
-----END PGP SIGNATURE-----
|
|