I am passing along the following message, not because of my belief in the accuracy or veracity of its contents, but merely because of the fact that it seems to have kept getting eaten up by various email systems in the attempts to send it to its original destination. The first time it was sent via a remailer, it was bounced for ill- defined reasons. The second time it was sent, the remailer was shut down, and remains shut down. Efforts to send it through a second remailer also failed, with no notice from the server of any problems being received. Other email sent through the remailer at the same time encountered no difficulties. I am only noting the facts, here, not proferring any personal judge- ments on the matter, although I have formed my own opinion as to the meaning of these facts, particularly since I, myself, came by this post during the process of email interception.
X-Anon-Password: XXXXXXXXXX X-Anon-To: XXXXXXXXXXX X-Anon-Name: XXXXXXXXXXXX
XXXXXXXXX, I thought I would reply privately to you, since you seem to at least have a willingness to allow the possibility of compromises to the security of the encryption methodologies behind PGP programs, among others. To begin with, I'm not sure whether you realize it, or not, but the Navy's spook tenacles run deeper, and extend further, than those of any of the more notable or visibly involved agencies who lurk in the background of security and privacy issues. One of the reasons for this is that their physical existence could be said to mirror the Internet in many respects. The very nature of their 'global' home (the sea), has always permitted them access to people and regions which are denied to others. Also, they are often in the position to be involved in what looks to be merely the 'transporting' of people and information. Whether providing escort services or getting drunk in foreign bars, the expertise of naval intelligence has always lain in the area of observation, first and foremost. By far the greatest tool of intelligence agencies on the Internet, has been traffic analysis. Their techniques are sufficiently sophist- icated that I would not be surprised to find out that they can tell more about us from our Internet activity than can be learned from the satellites capable of reading the newspaper over our shoulder as we sit in the park. Traffic analysis involves all measurable quantum of information, the chief concerns being the patterns and timing of data transfer, from which everything ranging from content and motivation can be deduced. If you wish to think in terms of back-doors, then you would be well advised to go beyond the concepts of 'passwords' and 'holes' and try to think in terms of patterns and timing, and other such 'structures' which are peripheral to concerns regarding 'code' and 'mathematics.' i.e. As well as considering the 'content' of what a program returned, you must also consider 'when' the program returned the result, and the patterns in the timing, as well as the content. An analogy could be made to a person who, being interrogated, answers all questions with a predictable rhythm and then 'pauses,' however slightly, in answering a certain question. You can see that what is revealed by the 'content' of the answer can be greatly insignificant compared to what is revealed by the 'delay' in answering. To expand your concept of 'back-doors' and 'holes,' you have to ask questions such as: "Does it take a program or hardware longer to return a result of '0', than to return a result of '1'?" "What factors can be introduced into the hardware and/or software that can influence the patterns and/or timing of various processes and the results they return?" "Can key searches be made more efficient by analyzing such things as rhythm, syntax, etc? What 'details' or 'qualities' of an individual, group, or 'arena of concern' can be analyzed for the purpose of being able to group them into structures which can be searched for?" "How can 'assigning' a value to certain sequences of numbers be used as a pattern to 'filter' the input data into a form which is easier to analyze?" You are aware of 'tricks and techniques' that apply to mathematics and are widely known. i.e. The process of shifting and adding numbers when multiplying by the number '11'. However, what about those quantum of information which are of no consequence to those seeking for the 'final result' of that multi- plication? Can the peripheral effects of mathematic calculations be used to analyze what has taken place, to narrow the scope of inquiry? My nephew describes numbers as getting 'wider' as they get larger, and he does quick checks of his result through his 'feel' for how much 'wider' a number should be when he is done, even in complicated equations which he ill-understands. (He reminds me of Steven Wright, who claims that someone told him that his socks didn't match, and he replied, "Sure, they do. I go by thickness.") I am currently working on a project which involves merging chaos theory with traffic analysis and other processes to analyze the effects that algorithms display when processed through the filters of varying hardware and software structures and methodologies. The RSA algorithm and accompanying RSAREF subroutines were our first focus, for the very reason that there were certain factions behind the scenes of the Zimmerman/RSA agreement who seemed to have an inordinate amount of interest in the subroutines being chained to the algorithm (for reasons that have nothing to do with patent protection). Those whose expertise goes far beyond my own in this area look at the initial results of the analysis as confirming that their is a 'relationship' between the RSA algorithm and the RSAREF subroutines which will enable them to break the system down into workable units for fairly quick analysis. What is interesting is that the results from small probes into other encryption systems show the same potential for exploitation using varying analysis methodologies and processes. (One fairly well-known encryption routine is almost lame enough to reveal its secrets to anyone with a pencil and a stopwatch, as well as the file size and time it takes to encrypt.) While I would rather you didn't publicize the preceding information, as a general rule, I think that is something that should be shared with anyone who is seriously focusing their efforts on better methods of encryption and analysis of encryption methodologies. I am aware of two other groups who are working along the same lines, although with a narrower range of variables than ourselves, and I am certain that there must be more than a few other entities out there who are also pursuing this line of research. I would appreciate any comments you may have on the above, as well as any suggestions you may have. (Despite having a post-graduate degree in an area which required a thorough grounding in mathematics I may have to refer any highly technical suggestions to those in the group who dream in numbers, sunset to sunrise.)
-----BEGIN PGP SIGNED MESSAGE----- On Thu, 20 Mar 1997, lucifer Anonymous Remailer wrote:
I am passing along the following message, not because of my belief in the accuracy or veracity of its contents, but merely because of the fact that it seems to have kept getting eaten up by various email systems in the attempts to send it to its original destination. The first time it was sent via a remailer, it was bounced for ill- defined reasons. The second time it was sent, the remailer was shut down, and remains shut down. Efforts to send it through a second remailer also failed, with no notice from the server of any problems being received. Other email sent through the remailer at the same time encountered no difficulties.
Speaking as "XXXXXXXXX" (or, at least, one of the "XXXXXXXXXs"), I did receive the following message which originated from "TruthMonger." Shortly after I received the message, anon.nymserver.com closed down all of its free, anonymous accounts due to "abuse."
I am only noting the facts, here, not proferring any personal judge- ments on the matter, although I have formed my own opinion as to the meaning of these facts, particularly since I, myself, came by this post during the process of email interception.
I am skeptical.
X-Anon-Password: XXXXXXXXXX X-Anon-To: XXXXXXXXXXX X-Anon-Name: XXXXXXXXXXXX
XXXXXXXXX, I thought I would reply privately to you, since you seem to at least have a willingness to allow the possibility of compromises to the security of the encryption methodologies behind PGP programs, among others.
Mark -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMzHQxyzIPc7jvyFpAQEVeAgAlCqL2chXC0C79lb5IGGy9zE6eIYl/ZKQ mHqYRLjZ9wrKh88/1SDgbK1t3fBKPU/VP8NyCsmWcWuvvylXtr+GAoY9YzdovkIG awCMm6p4oBNzCf0KvzGoLYG0Y+nx+zNrNpM/7Yw4E3YmXPryD/XY1Wzq0309Dt+d EfotBt+FfBiFXzRJTb1VFur2Yyc8uJipoAwlbKZvLSAyxapQu+YtKrp74FVhCNfe VsPlh8PyePlP2KVGMdqERVLCR6ru2FMcHrjiEkqZDucTLjx2UMo/0Cw6Gba1oqEQ pPgsx/bf0L/D2tKVPys6psCPrNK0hvm440LJDi+qAAwJaJtK6wiRvQ== =Sqf2 -----END PGP SIGNATURE-----
Mark M. wrote:
Speaking as "XXXXXXXXX" (or, at least, one of the "XXXXXXXXXs"), I did receive the following message which originated from "TruthMonger." Shortly after I received the message, anon.nymserver.com closed down all of its free, anonymous accounts due to "abuse."
This is mostly addressed to jimbell: jim, it is now obvious that the remailer network is as weak as a 5 year old child. It cannot possibly withstand even mildest forms of "abuse". Due to this fact, I question the viability of your assassination politics idea as it does not seem possible to safely operate an assassination bot. - Igor.
-----BEGIN PGP SIGNED MESSAGE----- On Thu, 20 Mar 1997, Igor Chudov @ home wrote:
This is mostly addressed to jimbell: jim, it is now obvious that the remailer network is as weak as a 5 year old child. It cannot possibly withstand even mildest forms of "abuse".
Due to this fact, I question the viability of your assassination politics idea as it does not seem possible to safely operate an assassination bot.
The fundamental problem with the current remailer network, as others have noted before, is that it is a free service open to abuse by anyone. If remailers were commercialized, this would eliminate the spam problem and would provide the remailer operator with resources to legally defend him or herself. Currently, there is no modivation for an operator to continue the service when legally threatened. (As an interesting sidenote, a few hours ago John Perry announced on r-ops that due to an FBI investigation into the use of his remailer to mail threats to some apparently influential person, he has shut down the jpunix remailer.) Consider the fact that Cyberpromo has managed to find an upstream provider willing to provide connectivity to them, even though they are almost universally hated by net users. They have been able to exist because there is a commercial interest. I do not doubt that the same would be true for remailers if they were commercialized. The only thing that could shut remailers down would be either legislation or seizing the computers on which the remailers run as "evidence." The obvious solution to this would be to run remailers in more civilized countries. Mark -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMzIQwSzIPc7jvyFpAQEQ9gf/aUCNWXtqAZlM2Qi8peAxR1UFfnhdyiBp eRbl6Rajy7dmf5Kuy7rRj2eLrRQFS/MBp/404urtZm7rUo70T6G2e5O+qae9VDBC FAH8DIDSRffH47jB9xcY/14rwFo7/IG2Kd4l/jmP7SyClCwP/CU1a3+yASFVJFw3 9A8S2sKjJevyXjMLFFBWCuo3ZPVKFJfmxV9yCmNWREXjW4moKtgNGHL7tgGQrev3 LtTGBCeVmSI5WCJsEn6EOVzLHFSx7kndfXLfULIHwPRIbHQuEv1qNGZu3dj8CJ4G HxDw4gU3ZDGANQ+5VveB6yddiivU1bjAXXhiOskLnZsSz1V6y8KwTA== =LyRp -----END PGP SIGNATURE-----
ichudov@algebra.com (Igor Chudov @ home) writes:
Mark M. wrote:
Speaking as "XXXXXXXXX" (or, at least, one of the "XXXXXXXXXs"), I did rece the following message which originated from "TruthMonger." Shortly after I received the message, anon.nymserver.com closed down all of its free, anonymous accounts due to "abuse."
This is mostly addressed to jimbell: jim, it is now obvious that the remailer network is as weak as a 5 year old child. It cannot possibly withstand even mildest forms of "abuse".
Due to this fact, I question the viability of your assassination politics idea as it does not seem possible to safely operate an assassination bot.
Suppose I want to bet $1000 that Chris Platt's cat, "Ben", won't be assassinated until the end of March in some excruciatingly painful way (say, skinned alive, soaked in acid, and cut into pieces with an acetilene torch :-). What protocols can someone use to bet against me and to collect the winnings? (Assume that I'll cheerfully pay up if I lose, and that the other party wants to remain anonymous.) Another thought just occurred to me - LEA's often advertize hotlines for anonymous tips - a "stukach" is given a code and if his tip works, supposedly collects a payoff. Doesn't he have to give his ss# so his income can be taxed? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
Dr.Dimitri Vulis KOTM wrote:
ichudov@algebra.com (Igor Chudov @ home) writes:
Mark M. wrote:
Speaking as "XXXXXXXXX" (or, at least, one of the "XXXXXXXXXs"), I did rece the following message which originated from "TruthMonger." Shortly after I received the message, anon.nymserver.com closed down all of its free, anonymous accounts due to "abuse."
This is mostly addressed to jimbell: jim, it is now obvious that the remailer network is as weak as a 5 year old child. It cannot possibly withstand even mildest forms of "abuse".
Due to this fact, I question the viability of your assassination politics idea as it does not seem possible to safely operate an assassination bot.
Suppose I want to bet $1000 that Chris Platt's cat, "Ben", won't be assassinated until the end of March in some excruciatingly painful way (say, skinned alive, soaked in acid, and cut into pieces with an acetilene torch :-). What protocols can someone use to bet against me and to collect the winnings? (Assume that I'll cheerfully pay up if I lose, and that the other party wants to remain anonymous.)
There may be a problem whish is that the bettors like yourself may be held liable for any damages to Platt and his property. The lawyers on this list can have more to say on that. If there is presently no law covering that (likely there are) it is not hard to come up with one, I believe. Without anonymity it will not work very well. After all, if you announce that you pay a prize to have someone murdered, your potential victim will be able to murder you even earlier. Anonymity is crucial here.
Another thought just occurred to me - LEA's often advertize hotlines for anonymous tips - a "stukach" is given a code and if his tip works, supposedly collects a payoff. Doesn't he have to give his ss# so his income can be taxed?
They may withhold the tax at the time of payment. It does not matter anyways since it is a payment from the government. If they do not collect taxes from payments to stukachi, they can simply reduce the payment amounts proportionally. Notorious stukach Colin James III knows better anyways. Ask him. - Igor.
On Fri, 21 Mar 1997, Dr.Dimitri Vulis KOTM wrote:
Suppose I want to bet $1000 that Chris Platt's cat, "Ben", won't be assassinated until the end of March in some excruciatingly painful way
Okay, Vulis, that's it, you have made an explicit threat in a public forum, I know where you live, I know your phone number, in fact I once spoke to you on the phone, and I will be suggesting to the rather slow witted people at my local police precinct that you have already demonstrated unstable, threatening behavior toward many people, giving me good reason to believe that you are capable of assault. This is the last you will hear from me online. Anything further will be stated in person.
Dr.Dimitri Vulis KOTM wrote:
Suppose I want to bet $1000 that Chris Platt's cat, "Ben", won't be assassinated until the end of March in some excruciatingly painful way (say, skinned alive, soaked in acid, and cut into pieces with an acetilene torch :-). What protocols can someone use to bet against me and to collect the winnings? (Assume that I'll cheerfully pay up if I lose, and that the other party wants to remain anonymous.)
Like Christians and lions - could scalpers resell the bets for a commission? Will we have to create an organization of escrow agents to process the paper? The possibilities are mind-numbing.
Another thought just occurred to me - LEA's often advertize hotlines for anonymous tips - a "stukach" is given a code and if his tip works, supposedly collects a payoff. Doesn't he have to give his ss# so his income can be taxed?
Well, the feds will have to create massive new databases to track the "street" language that develops around this stuff, so they can present the "untainted evidence" of "intent" in court, in case they can't establish a conventional audit trail. The feds have supposedly been using the old "compartmentalization" (multi-tier) technique of running their illegal operations, where one layer (essential for tracing) can be eliminated by eliminating one person in some cases, so maybe something along that line will do the job here.
participants (6)
-
Charles Platt -
Dale Thorn -
dlv@bwalk.dm.com -
ichudov@algebra.com -
lucifer@dhp.com -
Mark M.