Bypassing Local Authorities

Steve Thompson steve49152 at yahoo.ca
Wed Apr 27 14:48:02 PDT 2005


--- Tyler Durden <camera_lumina at hotmail.com> wrote:
> Hum.
> 
> Been thinking about something. Seems to me that the big TLAs will
> probably 
> try to avoid detection, whenever possible, by even local authorities
> such as 
> Police, security companies, etc...One of these could inadvertently (or 
> 'advertently'!) tip off the observee.

Well, duh.  Controlling who perceives what about any given operation is
part of the process.  Contrariwise, discovering the particulars about who
is fucking who is part of the process of analysing the operations of an
adversary.  With government-class agencies, both sides of any given action
will often be aware of the efforts of their opposites to use
counterintelligence techniques to obscure and conceal tactical and
strategic goals.

This is why it is so much easier when they are running an operation
against smaller adversaries.  Little guys don't have access to the kind of
intelligence products that would allow them to protect themselves.
 
> I'll give you an example I've been thinking about.
> 
> Consider that someone wants to start monitoring your hotmail/gmail
> etc...

Assuming that they have not already had the foresight to run their own
popular public email services through cut-outs, and/or infiltrated
existing services with their personnel...
 
> Of course, they could just issue some piece of paper, send a couple of
> guys 
> with guns (or threaten to) and boom! A copy of all your stuff starts
> getting 
> funneled over. No doubt this happens a lot.

One imagines that is true.
 
> BUT, what if they'd rather avoid that. Email companies aren't
> necessarily 
> experts in hiding the fact that they have been contacted.

Not necessarily, but then most people seem to underestimate the guile of
people who have the intellect and buisiness sense to create and run large
and successful corporations.

> So it seems to me that a TLA will probably first go about trying to
> guess 
> your password or otherwise crack your account.

A tempest attack on the computer(s) you use to access your email accounts
would be the easiest method, I would think, second only to sniffing your
ethernet or WAN traffic.  Remember, it's only illegal if they get caught
in the act, and as we know, TLAs and security companies jealously guard
their sources and methods to the point where they will collect the same
information twice (or more, if they have big budgets) if it will serve to
disguise the kind and use of their initial and more secretive and possibly
very illegal methods.
 
> If they're just reading your email, there's probably a number of things
> they 
> can do to make themselves undetected. One 'obvious' thing is, after
> opening 
> your email, is to resend it to your account using a spoofed originator.
> So 
> then, we you access it, it all looks fresh and new.

So, what's the colour of the sky on your planet?
 
> The same "avoiding local detection" probably applies across the board.
> If 
> they want to enter your house, they probably don't want to telegraph
> this by 
> contacting your local alarm company and having them shut off the alarm
> (on 
> the other hand, seems to me someone should open an alarm company where
> any 
> down time is automatically encrypted and downloaded somewhere so that it
> 
> could never be tampered with and is always retrievable by the customer).

> There may be some interesting consequences, however, to this.

I would suspect so.  Given the prior importance given to key escrow by US
TLAs, we know that the people in these departments are heavily invested in
the idea that mere mortal citizens should not have access to secure
systems.  It is only an effort of the imagination to speculate on the
various attacks that might be perpetrated on the 'control points' of
civilian information system security infrastructure to gain an idea of the
ways in which our ability to acquire personal security may be compromised
by the 'l33t control-freaks who inhabit SpookWorld.

Personally, I believe that I fail to receive an unknown amount of email
and telephone communications because of cut-out mediated privacy invasions
of the kind that you suggest here.  In the trivial case, some asshole
might periodically log-in to my email accounts and delete (after copying)
incoming messages that their masters feel that I should not see. 
Obviously this could also be done by way of various kinds of
man-in-the-middle attack.


Regards,

Steve



______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca





More information about the cypherpunks-legacy mailing list