TagCryptography

Dead Drops: Anonymous, Offline, Peer-to-Peer File-Sharing Network in Public Space

dead drops

‘Dead Drops’ is an anonymous, offline, peer to peer file-sharing network in public space. USB flash drives are embedded into walls, buildings and curbs accessable to anybody in public space. Everyone is invited to drop or find files on a dead drop. Plug your laptop to a wall, house or pole to share your favorite files and data. Each dead drop is installed empty except a readme.txt file explaining the project. ‘Dead Drops’ is open to participation. If you want to install a dead drop in your city/neighborhood follow the ‘how to’ instructions and submit the location and pictures.

Dead Drops

(via Theremina)

If only there was some way to keep these from filling up with malware, porn and spam.

Trevor Blake wrote here a few years ago:

Now is a good time to establish lines of electronic communication that are not entirely (if at all) reliant on the Internet as it currently exists. Hand delivery of a stack of media is still one of my favorites. At a certain point it the best bit-per-second value known, it has certain privacy features that can’t be beat and it requires very little technical know-how or fancy equipment or money. For all the gnostic freakout of The Matrix, the scene where a disreputable character knocks on Mr. Anderson’s door and passes him a data disc might be the most prophetic.

Learning about cryptography, fidonet and the postal system won’t do anyone any harm. Nothing beats trusted person-to-person connections established in many only-partially overlapping social / professional circles.

See also: sneaker net.

A Bitcoin-based E-Bay for Illegal Drugs

Drugs

Gawker is running an unbelievable story on website called Silk Road – an open market for mail ordering illegal drugs. And it’s only accessible through TOR:

Mark, a software developer, had ordered the 100 micrograms of acid through a listing on the online marketplace Silk Road. He found a seller with lots of good feedback who seemed to know what they were talking about, added the acid to his digital shopping cart and hit “check out.” He entered his address and paid the seller 50 Bitcoins—untraceable digital currency—worth around $150. Four days later the drugs, sent from Canada, arrived at his house.

“It kind of felt like I was in the future,” Mark said.

Gawker: The Underground Website Where You Can Buy Any Drug Imaginable

Buyer beware: TOR is not untraceable. And an update from Bitcoin’s development team indicates that Bitcoin isn’t 100% anonymous either.

For more information on how Bitcoin works, see my interview with developer Gavin Andresen.

From a comment on Facebook:

The only thing that Jeff Garzik, the Bitcoin developer, forgot to mention are the extremely useful Bitcoin Laundries. They allow you to obscure and obfuscate the origin of a Bitcoin, allowing you to effectively ‘launder’ the Bitcoin so that network analysis would be futile. And they are free, simple, and widely available. They probably “forgot” that because it would make it seem even EASIER than it already is to buy drugs online.

I would still urge caution in using this service.

How Osama bin Laden Used E-Mail Without An Internet Connection

According to the Associated Press’ sources, Osama bin Laden routinely typed e-mails on an Internet-less computer in his compound, saved them to a USB thumbdrive and had a courier e-mail them from cybercafes in nearby towns. Apparently this went on for years, undetected. According to the AP, Navy SEALS found about 100 flash drives that apparently contain series of these e-mail communications.

This is what’s referred to as a sneakernet, and as Internet crackdowns occur all over the world, it may become an increasingly popular way for people to communication.

A couple years ago, in these very pages, Trevor Blake wrote:

Now is a good time to establish lines of electronic communication that are not entirely (if at all) reliant on the Internet as it currently exists. Hand delivery of a stack of media is still one of my favorites. At a certain point it the best bit-per-second value known, it has certain privacy features that can’t be beat and it requires very little technical know-how or fancy equipment or money. For all the gnostic freakout of The Matrix, the scene where a disreputable character knocks on Mr. Anderson’s door and passes him a data disc might be the most prophetic.

Learning about cryptography, fidonet and the postal system won’t do anyone any harm. Nothing beats trusted person-to-person connections established in many only-partially overlapping social / professional circles.

Freenet, darknets, and the “deep web”

Installing the software takes barely a couple of minutes and requires minimal computer skills. You find the Freenet website, read a few terse instructions, and answer a few questions (“How much security do you need?” … “NORMAL: I live in a relatively free country” or “MAXIMUM: I intend to access information that could get me arrested, imprisoned, or worse”). Then you enter a previously hidden online world. In utilitarian type and bald capsule descriptions, an official Freenet index lists the hundreds of “freesites” available: “Iran News”, “Horny Kate”, “The Terrorist’s Handbook: A practical guide to explosives and other things of interests to terrorists”, “How To Spot A Pedophile [sic]”, “Freenet Warez Portal: The source for pirate copies of books, games, movies, music, software, TV series and more”, “Arson Around With Auntie: A how-to guide on arson attacks for animal rights activists”. There is material written in Russian, Spanish, Dutch, Polish and Italian. There is English-language material from America and Thailand, from Argentina and Japan. There are disconcerting blogs (“Welcome to my first Freenet site. I’m not here because of kiddie porn … [but] I might post some images of naked women”) and legally dubious political revelations. There is all the teeming life of the everyday internet, but rendered a little stranger and more intense. One of the Freenet bloggers sums up the difference: “If you’re reading this now, then you’re on the darkweb.”

Guardian: The dark side of the internet

(via Atom Jack)

I haven’t looked at Freenet in years, but it’s certain relevant to the discussion here about darknets.

JRR Tolkien trained as British spy

Tolkien, one of his generation’s most respected linguists, was ”earmarked” to crack Nazi codes in the event that Germany declared war.

Intelligence chiefs singled him and a ‘cadre’ of other intellectuals to work at Bletchley Park, the codebreaking centre in Buckinghamshire.

Its staff – which included Alan Turing, the gay codebreaker – would later decipher the ‘impenetrable’ Enigma machines.

This saved Britain from German conquest by allowing the Navy to intercept and destroy Hitler’s U-Boats.

According to previously unseen records, Tolkien trained with the top-secret Government Code and Cypher School (GCCS).

He spent three days at their London HQ in March 1939 – six months before the outbreak of the Second World War and just 18 months after the publication of his first book, The Hobbit.

But although he was ”keen”, Tolkien – a professor of English literature at Oxford University – declined a £500-a-year offer to become a full-time recruit.

Telegraph: JRR Tolkien trained as British spy

(via Disinfo)

British government apologizes for appaling treatment of Alan Turing 55 years later

Alan Turing was a World War II code-breaker. He was also gay.

Fifty-five years after the mathematician committed suicide, Downing Street has apologised for the “appalling” way in which he was treated because of his sexuality.

According to Winston Churchill, Turing made the single biggest contribution to Allied victory in the war against Nazi Germany.

His pivotal role in cracking intercepted messages helped the Allies to defeat the Nazis in several crucial battles.

BBC: Alan Turing Profile

Encryption

As government surveillance increases, many people are turning to encryption to protect their privacy. After the 9/11 attacks, many governments have expanded their surveillance powers, including the United States, Canada and the United Kingdom. Snoopers may not understand encrypted communications.

Encryption codes a message so that it cannot be understood by anyone other than the intended recipient. This can be done by talking in code over the telephone or by mathematically encrypting data over the Internet. Strong encryption usually refers to virtually unbreakable military-strength data encryption. It is used outside of the military primarily for private messaging, securing purchases online, online identity verification, and transmitting sensitive doctor-patient information.

PGP (Pretty Good Privacy) is the standard for Internet encryption. PGP works by creating both a public key and a private key. The public key is available to anyone, while the private key is kept a secret. The public key is used to encrypt a message and the private key is then used to decode it. PGP’s security comes from the difficulty in factoring very large numbers. Until a more efficient way to factor numbers is found, cracking a PGP encrypted message is virtually impossible. It is frequently pointed out that ‘pretty good’ is an understatement about the privacy offered by PGP. The only way an outside party could decrypt a message would be to somehow acquire the private key from the user or try every possible key (which would take about 100 million years with modern technology according to MIT mathematician Roger Schroeppel). For more information on PGP security read the PGP Attacks FAQ.

New Legislative Powers

In the United Kingdom the Regulation of Investigatory Powers Act (RIP) of 2000 makes it a crime to withhold encryption keys from the government (punishable by up to seven years jail). The United States has a history of trying to limit civilian use of military-strength encryption. Legislation was proposed to require government back doors be built into encryption software during the Clinton administration. These proposals failed due to commercial opposition and protests that encryption bans simply would not work. Public outrage over post-9/11 legislation, ostensibly for “homeland defense”, has created greater awareness of encryption techniques. Government and law enforcement agencies, consequently, have a renewed interest in limiting access of encryption to the general public.

Encryption’s opponents contend that sacrificing some privacy is necessary to insure national security. “[Encryption makers] have as much at risk as we have at risk as a nation, and they should understand that as a matter of citizenship, they have an obligation [to provide the government back door access to encryption products],” Sen. Judd Gregg (R-New Hampshire) said in a floor speech after the 9/11 attacks. Gregg was pursuing legislation that would require government backdoors to be built into all encryption software, but suddenly changed his mind according to Wired News.

The Clipper Chip

Strong encryption’s security is compromised by the backdoor system proposed during the mid-1990s. The system, known as the Clipper Chip would transmit keys to law enforcement agencies so that they could acquire keys to unlock encrypted messages. Unfortunately, when the government’s copy of a key is transmitted to “key banks” it risks being intercepted. Additionally, key banks themselves could become targets of terrorist hackers. See the Clipper section of the RSA’s Cryptography FAQ for more information. The material that terrorists could possibly intercept through government backdoors includes credit card numbers that could be used to fund terrorist acts and personal information that could be used for identity theft. “Having a good, strong crypto infrastructure in our country is part of what we need to combat terrorism,” PGP creator Philip Zimmermann told Reuters news agency.

In addition to the security issues presented by government backdoors is the question as to whether backdoors would do any good for law enforcement agencies. “. . . It [a law banning strong crypto] doesn’t prevent terrorists from getting their crypto from somewhere else,” James Lewis (director for the Technology and Public Policy Program at the Center for Strategic and International Studies, Washington DC) pointed out in a Zdnet News interview.

DoJ v Zimmerman and PGP

The controversy began in 1991 when Philip Zimmerman created PGP. The software was capable of encrypting files and e-mails through the use of state of the art patented encryption algorithms. Zimmerman’s friend Kelly Goen distributed the software by uploading it from his laptop to various Internet newsgroups and dial-up bulletin board systems from pay phones with an acoustic coupler. Steve Levy’s book Crypto (New York: Penguin Putnam, 2001) reveals that Goen was very caught up in the drama of distributing the software. Levy quotes computer activist Jim Warren saying Goen “. . . wanted to get as many copies scattered as widely as possible around the nation before the government could get an injunction to stop him.”

Even though Goen was careful to only upload the software to US-based software, Zimmerman spent the next five years involved in a legal battle with the US Department of Justice for violating export regulations on encryption software. In spite of this (or because of it) PGP became the standard for encrypting electronic data. In 1996 the Justice Department dropped the case and PGP was sold to Network Associates who is trying to sell the rights to another company.

PGP is available for all major operating systems and is easy to use. It has also spawned a non-patented clone called GPG (Gnu Privacy Guard). Zimmerman now working for HushMail, a free Web-based e-mail service with built-in PGP encryption.

Encryption: A Guide to Possibilities

If backdoors in software or RIP-esque key on demand laws become an international standard, there are ways to get around them. One-time pads and deniable encryption such as steganography would still be able ensure privacy.

Rubberhose: Rubberhose is a UNIX-clone software package from the United Kingdom. Rubberhose allows users to hide data on their hard drives. According to the Rubberhose site: “If someone grabs your Rubberhose-encrypted hard drive, he or she will know there is encrypted material on it, but not how much — thus allowing you to hide the existence of some of your data.” This is advantageous in the RIP-model. If a corrupt government seizes a hard drive, it would be possible for the user to only give away the keys to certain non-offensive data (such as a file named “Mom’s Secret Cookie Recipe”). Of course, this would be of little use in the backdoor model because use of encryption without backdoors would be illegal.

Steganography: Steganography is the practice of secretly embedding data into other data so that it doesn’t appear that communication has occurred. This could be done non-technically, for example, by using code words in the classified ads section of a newspaper. Software such as OutGuess hides messages in seemingly random portions of other files such as images or sounds. According to the OutGuess site: “OutGuess preserves statistics based on frequency counts. As a result, no known statistical test is able to detect the presence of steganographic content.” The drawback is that the recipient must have a key to unlock the hidden information, and that key must somehow be transmitted. One of the major advantages is that a message can be posted in public if the recipient knows what to look for, thus making it difficult for others to detect that communication has even occurred. Your recipient could agree, for example, to communicate through popular files on the Gnutella network. Imagine a group of hackers communicating through Britney Spears publicity photos.

One-time Pads: One-time pads are a form of un-breakable encryption through the use of random numbers. In a plain text message, a different random number represents each character each time it is used. Only someone with the key can decipher it because all possible values for the random numbers are equal. The only way to break this code would be to acquire a copy of the key. The problem is that two parties communicating through this method must have a secure way to transmit keys. The other problem is that the key can be longer than the message itself. The advantage to this method is that it does not require a computer, only a way to generate random numbers.

Whether it’s an embarrassing note about your sex life or your secret recipe for banana pudding, everyone has something they would rather other people not see. The recent increases in government-permitted surveillance make encryption useful to everyone, not just paranoid nuts.

More:

PGP International The home of Pretty Good Privacy, the de-facto standard for Internet-enabled digital encryption. Features news, manuals and downloads.

Electronic Frontier Foundation “The Electronic Frontier Foundation (EFF) was created to defend our rights to think, speak, and share our ideas, thoughts, and needs using new technologies, such as the Internet and the World Wide Web. EFF is the first to identify threats to our basic rights online and to advocate on behalf of free expression in the digital age.”

Philip Zimmerman Philip Zimmerman created PGP. This site includes his PGP writings, Senate testimony, news, consultancy services and an extensive links collection.

RSA Cryptography FAQ RSA Laboratories have created an extensive FAQ on cryptography’s history, the major cryptosystems, techniques and applications, and real-world cases. Highly recommended.

One-time Pad FAQ A quick guide to one-time pads, explaining how this cryptosystem works, distribution methods and sources of randomness.

GnuPG An open source encryption standard. The site includes an extensive FAQ, the GNU Privacy Handbook and more. “GnuPG stands for GNU Privacy Guard and is GNU’s tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC 2440.”

HushMail Free encrypted Web-based e-mail. “HushMail eliminates the risk of leaving unencrypted files on Web servers. HushMail messages, and their attachments, are encrypted using OpenPGP standard algorithms.”

Freenet Project Freenet is a peer-to-peer (P2P) publishing network that enables you to publish encrypted documents. Ian Clarke’s system has been used by grassroots political groups and individuals to publish controversial information.

Rubberhose “Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanims, such as U.K RIP legislation. Rubberhose differs from conventional disk encryption systems in that it has an advanced modular architecture, self-test suite, is more secure, portable, utilises information hiding (steganography/deniable cryptography), works with any file system and has source freely available.” [Update: Interesting historical sidenote, this now discontinued project was created by Julian Assange, see also: Wikipedia entry for Ruberhose]

OutGuess “OutGuess is a universal steganographic tool that allows the insertion of hidden information into the redundant bits of data sources. The nature of the data source is irrelevant to the core of OutGuess. The program relies on data specific handlers that will extract redundant bits and write them back after modification. In this version the PNM and JPEG image formats are supported.”

(This article originally appeared at http://www.disinfo.com/archive/pages/dossier/id2007/pg1/ January 31, 2002)

© 2024 Technoccult

Theme by Anders NorénUp ↑