Anonymous User scripsit
Let's say I have a digital cellular phone. I also have Anonymous
Remailers,
PGP, and over 100 BBS numbers (structured for which day and which hour each would be used) so that I can contact and talk to my "Friend." Please tell me how the LEA's can find me and understand the transactions between us?
You don't give us enough information.
Are your attackers looking for known parties? How secure is your cellular? Do you operate from a known or a guessable location? Is your "Friend" known? Suspected? His location, guessable? Known?
If your location were known it would be a simple matter to monitor the area, say put a van just outside your site and wait for cellular activity of a strength that suggests your presence. How likely would it be that someone else is using a cellular phone in your presence? Given this, it is probably not difficult to obtain the billing/ESN number for your phone, and then obtain detailed traffic information about your transmissions. Given that it is a simple matter to conduct a lower tech attack, say tempest, and pick up the conversation as you compose it, end running the encryption so to speak. You think in too shallow a fashion. Security is about more than communications security.
Even if yours is perfect, how about your friends. A tempest attack on his site while he is using Word for Windows is just as effective as one on you.
Modify this tactic to use a phone which uses several different ESN's at random or move your location often and at random.
If I have several encryption programs, can I 'layer' each document [I PGP
the
file, the I DES the PGP file, then IDEA for the final layer.
Worthless given the above attack.
Does the NSA have to crack it one layer at a time, or can they bombard it, crack the layers in whatever order the supercomputer finds?
Again, unimportant given the cheaper low tech solution.
If I am missing something, please let me know what I have missed.
Been there, did that.
-uni- (Dark)
In the above scenario, I would never use my voice over the digital cellular [and I would be always moving {nothing done at home}]...strictly PGP/E-Mail. Even IF the parties are known, can they make their case? [How can they prove X sent Y if using PGP and anonymous remailers?] Of course, if one of them cooperates, that's different. Can Tempest be used as I'm driving/on a city bus? How expensive is it to maintain a Tempest surveillance in this fashion? This is a positive of portable computers and portable communications..no one can pinpoint [even remotely] where I'll compose/collect my pgp/e-mail. I am assuming that I'm covering my tracks smartly, and the only thing they have is what they can grab over the air, which is PGP, and that gets sent to some BBS [which they don't know] for my friend to pick up. The ESNs and the Keep Moving are really helpful, thanks.
Anonymous User scripsit
Anonymous User scripsit
Let's say I have a digital cellular phone. I also have Anonymous
Remailers,
PGP, and over 100 BBS numbers (structured for which day and which hour each would be used) so that I can contact and talk to my "Friend." Please tell me how the LEA's can find me and understand the transactions between us?
You don't give us enough information.
Are your attackers looking for known parties? How secure is your cellular? Do you operate from a known or a guessable location? Is your "Friend" known? Suspected? His location, guessable? Known?
[Location stuff] [Your friend could be an idiot stuff] [You should move around more and vary the ESN]
In the above scenario, I would never use my voice over the digital cellular
I assumed only data.
[and I would be always moving {nothing done at home}]...strictly PGP/E-Mail.
So you would compose your messages on a laptop while moving about? This would be my suggestion. I don't know how well Tempest works on the move, I assume it's more difficult, but not impossible. The LCD screen (some have theorized) will make interception more difficult. The real problem is when you compose the message, or when it is actually converted to plaintext and read. These are the cheapest interceptions via tempest, or even a video camera over the shoulder. Remember, once your ESN or ESN's are estlablished, it is a simple matter to obtain your transactional information remotely (see Digital Telephony bill for the whole argument).
Even IF the parties are known, can they make their case? [How can they prove X sent Y if using PGP and anonymous remailers?] Of course, if one of them cooperates, that's different.
If I were trying to make the case I would do it so: At 5:10 pm, subject A departed in a taxi for the airport with his laptop. Monitoring the subjects known phone information (obtained by local close proximity interception) we measured a 26 second call to a local unix service provider. Subject A's account (which was being observed) showed mail traffic sent to a known remailer at 5:12pm. Subject B's account recieved a encrypted message [If by PGP it would be obvious that subject a and subject b were using the same software] at 6:30pm. (or perhaps 12:01am if the remailer is trying to foil traffic). After receiving the encryped message from a (the same?) remailer, subject B left his home and was found near the site of the terrorist bombing. At the very least this provides a WIDE OPEN door to take a closer look at Subject A. I hope you have never met subject B in person, or have anything in your house incriminating. If yes, you better be ready to purjure yourself.
Can Tempest be used as I'm driving/on a city bus? How expensive is it to maintain a Tempest surveillance in this fashion?
Dunno, Dunno. Probably difficult, doubt that it's impossible. This is a positive of
portable computers and portable communications..no one can pinpoint [even remotely] where I'll compose/collect my pgp/e-mail.
Wrong. It's pretty easy given your phones billing information. The cell site you are working off of at any given moment is currently easy to estlablish. That gives your position within some miles (I assume this varies from area to area) In fact, a cellular phone is probably the WORST thing to use if your interested in hiding your location and your phone number/ESN is known. Given the location of the cell your working off of, it's probably an easy matter to just track the phone to cell signal down with a direction/strength meter or by triangulation. I am assuming that I'm
covering my tracks smartly, and the only thing they have is what they can grab over the air, which is PGP, and that gets sent to some BBS [which they don't know] for my friend to pick up.
If your friend is monitored, the BBS firewall is useless. He calls, his call setup information is recorded. Given a pattern it's obvious after a while which 30 BBS's your using.
The ESNs and the Keep Moving are really helpful, thanks.
Remember, strong crypto is only a tenth the game. -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig!
Copy that to the list will you? -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig!
participants (2)
-
Anonymous User -
Black Unicorn