I wonder if this is also old hat to you people. If it turns out to be another FAQ, I promise to read some. At a conference in Budapest yesterday (held by Network Associates) I was interpreting for a certain professor Christoph Fischer, from Karlsruhe University. He claimed to be a premier international hacker-hunter and described several fascinating cases, such as industrial espionage performed by the French secret service commissioned by French companies at Boeing and Siemens (the latter resulting in a 6 billion Deutschmark railway contract going to a French company rather than Siemens), as well as a case of extortion in Germany, when someone he referred to as "some crazy person" attempted to blackmail the German government by threatening to fly model aircraft into the turbines of commercial jet aircraft at take-off, which, as it turned out, is indeed a feasible means of causing a major disaster. The professor was called in by a panicky German government, about ready to send off the cash, to try to locate "the crazy person". The extortionist was sending the notes via e-mail, using what the professor referred to as "e-mail anonymiser servers" in the US. "This is not too widely publicised", he went on to say, "but all insiders are aware that all e-mail anonymiser services in the U.S. are operated by the FBI." He went on to say it took them about ten minutes to discover with the help of their American friends which account the mail was originating from. A more serious obstacle was posed by the fact that it was an AOL account and that the subscriber had specified a bogus credit-card number generated by widely available software for generating feasible bogus credit-card numbers, and installed the internet applications from one of those AOL CD-ROMs that were published in very large numbers. They were forced to begin monitoring some 30 thousand phonelines (another very interesting fact: according to the professor, during the so-called "4+2" negotiations just before the Berlin wall came down, the two Germanies agreed to provide the FBI with direct access to the backbone of the German telephone network - consequently all German telephone calls and a high percentage of all European international calls, so they could listen in on those without even making an effort - in fact, he claimed, it is easier for the FBI to listen to German phonecalls than it is for the German authorities themselves), which, in addition to costing a horrendous amount of money, resulted in a bunch of data every day that took them two days to process. So, Fischer said, it would have been hopeless if the fellow had not owed the German tax authority one and a half million Marks - the tax authority busted him (following the lines of their own, independent investigation), took his computer, and he was busted. Quite a few of the messages to cypherpunks seem to come from anonymous remailers in the US. Comments? holist
At 10:17 AM 11/26/98 -0800, holist wrote:
I wonder if this is also old hat to you people. If it turns out to be another FAQ, I promise to read some. [Bogus saga deleted, about extortionist using anonymizers threatening the German government, and claiming the FBI runs the anonymizers.]
I haven't _seen_ Lance Cottrell's NSA ID badge, but many of the hard-core cypherpunks have them - it's amazing how official things look when they're laminated in plastic! Even the one with Hugh Daniel in a tie... Anonymizers don't do very well for extortion yet. Sending the anonymous message is the easy part - paper mail is much better at anonymity, since there's much more of it, and the default collection methods in most countries are anonymous. Then you've got to get the targets to READ email - some do, some don't. Email to most politicians is like paper mail to most of them - gets sorted by the pound, and if there's money attached you'll get a thank-you note. It's collecting the ransom money that's hard - without Digicash, there's no good anonymous payment mechanism.
Quite a few of the messages to cypherpunks seem to come from anonymous remailers in the US.
I usually post anonymous postings from the Netherlands, myself. It simplifies jurisdictional questions. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
I wonder if this is also old hat to you people. If it turns out to be another FAQ, I promise to read some.
It is. The rumor of remailers being run by US authorities can be tracked down to statements by Paul Strassmann of the National Defense University and William Marlow of SIAC made at a Harvard conference. The Austrian jurist Viktor Mayer-Schoenberger reported in February 1996: | Both presenters explicitly acknowledged that a number of anonymous | remnailers in the US are run by government agencies scanning | traffic. Marlow said that the government runs at least a dozen | remailers and that the most popular remailers in France and Germany | are run by the respective government agencies in these countries. However, there has never been any remailer in France, and at that time, there was no remailer in Germany. It is certainly not true that dozens or even "all the e-mail anonymiser services" in the US are run by government agencies. Strassmann and Marlow later claimed that they had been quoted "out of context". They wrote, "We have no specific knowledge of any particular agency of any government offering remailers services. Whether or how they use remailers is not known to us. Online users just need to be 'aware of the risks.'" But unfortunately rumors are hard to stop. Anyway, the possibility that some remailers may be compromized is part of the threat model, and Mixmaster has been designed to be secure as long as there is one honest remailer in your chains. More information: http://caq.com/CAQ57Sniff.html http://catless.ncl.ac.uk/Risks/ (search for Strassmann Marlow) About the Mixmaster design: http://www.obscura.com/~loki/remailer/remailer-essay.html
The extortionist was sending the notes via e-mail, using what the professor referred to as "e-mail anonymiser servers" in the US.
It seems he in fact used a service like hotmail.
participants (3)
-
Bill Stewart -
holist -
ulf@fitug.de