Ahem, well, there have been some complaints of too much impractical philosophizing and ranting of late, so here's my penance. Notes on how to protect alias files, ideas on digital money, and an excerpt on computer raid techniques from The Hacker Crackdown by Bruce Sterling. (Disclaimer: In no way should any of this be contrued as encouraging or advocating destruction of evidence.) self-Encryption time bombs -------------------------- Some lost soul asked an excellent question about a week ago regarding how to protect things like the alias file of an anonymous server from attack, possibly using encryption. This is actually a very interesting and difficult problem, and I've been rolling it around in my brain a bit, and some things are now rattling out onto the keyboard. The question applies really in general: how do you simultaneously use and protect data from prying eyes? I don't think there are really any simple and ingenious approaches, or they might have been suggested by now. Actually, the silence on the topic assures me that its indeed rather difficult. One idea is to keep the only the encrypted version in permanent storage. Keep the usable copy in something volatile like memory (e.g. a Ramdisk). This makes it much less solid. Another idea is to have a `time-bomb' encryption device. Here's the idea applied to a remailer. Every few hours the remailer asks for the owner to type a password. If the meow isn't answered, it panics and locks up everything, electronically `burning' anything important and encrypting stuff that needs to be kept around. This of course is problematic because if someone grabbed the server they could utilize it in the time window. Ok, so imagine that the server can somehow `sense' whether its real owner is present and typing. This could mean that the owner types in a certain way or runs a dummy command at least once an hour or whatever, or has his foot on a footpedal or whatever. Again, the server panics if it sees something awry. Also, note that usually computers are switched off and cables unplugged when confiscated. If the interesting stuff is in only in RAM, no problemo. This gives other ideas though. When a certain cable is unplugged, *poof* goes certain data or whatever. Ideally there would be a daemon that is always alive (even with switched off power) that could deal with the signal that something bad has happened. Another idea is to check for operator signals at boot time. When the confiscator boots the computer (assuming they do, and not unplug the hard drive for analysis) the computer could look for the cue and say something like ``one monent, loading system'' while it is in a mad dash to encrypt everything important (but it must delete the password used for this at the end, of course!). Then it could give a regular login prompt and even let in the infiltrator. Finally, note that in raids usually the operator is taken away from the computer immediately (see attached notes) while the confiscators (I'm trying to stay neutral here) grab all the hardware. Hence, a `direct' signal to the computer that requires the operator to do something and the computer to respond is difficult in these situations. But the possibility of rigging panic-encrypt buttons in surreptitious places all over your house (flush!!!) is not completely outlandish. digital $$$ ----------- There seems to be a lot of interest in this topic. Now, unfortunately I think anyone who wants to set up a *real* bank on the internet right now and handle transactions via email would really swiftly arouse the fearsome ire and wrath of vast segments of the net. Whatever, I'd like to point out that it is entirely feasible *right now* using *credit cards*. There are obviously automated credit card machines that can make transactions solely electronically based only on that lovely *data* cypherpunks love so much (card # and exp. date). Maybe some even have RS232 interfaces! (for the brain dead, that means they'd be as trivial and familiar to interface to a computer as MODEMs!). Imagine this scenario: a banking server! user registers with the server by giving card data. He can then let other businesses make debits through the server to his account, with all the cryptographic/authentication assurances that this can only happen when he permits, of course. Anybody who ever started doing this, I think there should be at first *huge* amounts of verification, like email sent to the user asking for confirmation of every transaction, monthly statements, ceilings, etc. But *wow* think--its all entirely doable right now! If the banker wanted to he could even deal with requests to open real accounts with regular money. But this is probably much farther off--the idea of the server as nothing but a link to credit cards is very convenient and more accessable, it seems to me. (The case could be made, if initially the service was free, that no commercial service was being performed.) Imagine being able to write programs that send mail to a server to bill users for services. Neat! But OOH the phreakers would have a field day with this kind of thing if it wasn't AIRTIGHT SECURE. * * * Now a little transcription gift to the net. I found the following account of the typical `hacker raid' interesting. It comes from the book `The Hacker Crackdown' by Bruce Sterling (1992 Bantam books). p160 The account is mostly based on U.S. police tactics during the Operation Sun Devil raid in the early 1990s. A typical hacker raid goes something like this. First, police storm in rapidly, through every entrance, with overwhelming force, in the assumption that this tactic will keep casualties to a minimum. Second, possible suspects are removed immediately from the vicinity of any and all computer systems, so that they will have no chance to purge or destroy evidence. Suspects are herded into a room without computers, commonly the living room, and kept under guard--not *armed* guard, for the guns are swiftly holstered, but under guard nevertheless. They are presented with the search warrant and warned that anything they say may be held against them. Commonly they have a great deal to say, especially if they are unsuspecting parents. Somewhere in the house is the `hot spot'--a computer tied to a phone line (possibly several computers and several phones). Commonly it's a teenager's bedroom, but it can be anywhere in the house; there may be several such rooms. This `hot spot' is put in the carge of a two-agent team, the `finder' and the `recorder.' The finder is computer-trained, commonly the case agent who actually obtained the search warrant from a judge. He or she understands what is being sought and actually carries out the seizures: unplugs machines, open drawers, desks, files, floppy-disk containers, and so on. The recorder photographs all the equipment, just as it stands--especially the tangle of wired connections in the back, which can otherwise be a real nightmare to restore. The recorder also commonly photographs every room in the house, lest some wily criminal claim that the plice had robbed him during the search. Some recorders also carry videocams or tape recorders; however, it's more common for the recorder simply to take written notes. Objects are described an numbered as the finder seizes them, general on standard preprinted police inventory forms. Even Secret Service agents were not, and are not, expert computer users. They have not made, and do not make, judgments on the fly about potential threats posed by various forms of equipment. They may exercise discretion, they may leave Dad his computer, for intance, but they don't *have* to. Standard computer crime search warrants, which date back to the early 1980s, use a sweeping language that targets computers, most anything attached to a computer, most anything used to operate a computer---most anything that remotely resembles a computer--plus most any and all written documents surrouding it. Computer-crime investigators have strongly urged agents to seize the works.