[HN Gopher] 'Every message was copied to the police'
___________________________________________________________________
'Every message was copied to the police'
Author : objections
Score : 214 points
Date : 2021-09-22 17:34 UTC (5 hours ago)
(HTM) web link (www.theguardian.com)
(TXT) w3m dump (www.theguardian.com)
| filoeleven wrote:
| > The rain pattered lightly on the harbour of the Belgian port
| city of Ghent when, on 21 June 2021, a team of professional
| divers slipped below the surface into the emerald murk. The
| Brazilian tanker, heavy with fruit juice bound for Austra--
|
| No. Stop. This is not how you report news. This is a failed
| fiction author's blog post.
|
| When I read a news story, I want the facts, not a goddamned noir
| piece. Give me the facts, and I'll respond to your plea for
| funding. I have a recurring donation to Wikimedia because they do
| this properly. If I wanted to pay for pretty narrative, I'd buy
| your ebook or subscribe to your LiveJournal or whatever.
| caymanjim wrote:
| This is a long feature piece. It's journalism. If you want the
| simple facts, the story has been reported plenty of other
| places. You can get the CliffsNotes on Twitter.
| filoeleven wrote:
| If I could find them, maybe. The ones worth reading mostly
| link to...longer pieces. The Guardian has plenty of other
| stories that follow the inverted pyramid, and they serve as a
| gatekeeper for filtering out the rest of Twitter.
|
| Point me towards a "simple facts" version, and I'll submit
| that link instead. This is the first I have heard of it, and
| I want to know more, but I do not want to read a spy novel to
| get the primary info.
| RcouF1uZ4gsC wrote:
| > Every single message sent on the app since its launch in 2018 -
| 19.37m of them - had been collected, and many of them read by the
| Australian federal police (AFP) who, together with the FBI, had
| conceived, built, marketed and sold the devices.
|
| I wonder how many crypto currency tumblers are actually run by
| law enforcement?
| neither_color wrote:
| That and VPN services. Cheap and easy to deploy and run, are
| mostly marketed towards people who want to hide their online
| activity. Not saying all VPN providers are like this or that
| there aren't legitimate reasons to use them, just saying that
| they'd make a good honeypot.
| ljm wrote:
| And Tor exit nodes.
| ttyprintk wrote:
| I wonder that, too. Seems like a fruitful point to introduce
| logic waiting for a blacklisted address.
| icu wrote:
| The striking thing is that criminal enterprise relies on software
| as much as any other legitimate business. The adage "software is
| eating the world" comes to mind. It's probably the case that more
| technically adept criminals will roll their own tech and out
| manoeuvre rival criminals and law enforcement. Considering the
| sums of money discussed in the article it's not inconceivable for
| criminal organisations to start creating their own dev teams.
| giantg2 wrote:
| The best solutions are to go low tech. Enforcement models and
| staffing is reliant on electronic technology. Many enforcement
| organizations are poorly equipted to handle well implemented
| physical systems.
| joshmarlow wrote:
| I wonder how useful The Solitare Encryption Algorithm would
| be here - https://www.schneier.com/academic/solitaire/
| indigo945 wrote:
| Solitaire is very broken as an encryption scheme. You
| should not use it for communication that requires more than
| LARP security. If you need to encrypt a message manually,
| LC4 is a better algorithm, but still not acceptable for
| real world use. The good old one time pad may be most
| effective.
| ixwt wrote:
| I don't remember reading it was broken per say, just that
| there are some issues, and weak keys. The only work I
| know of analyzing Solitare is [0]. And they propose some
| fixes to make it more resilient. OTP is by far the
| easiest and most reliable pencil and paper crypto
| algorithm though.
|
| [0]: https://arxiv.org/abs/1909.06300
| tokai wrote:
| You would think that, but the whole an0m thing showed that it
| wasn't really the case.
| chongli wrote:
| That's one case. It doesn't apply to all criminal
| organizations. The cartels in Mexico are sophisticated enough
| to build their own cell networks [1] to evade wiretapping.
| Why couldn't they also recruit engineers to build their own
| crypto and secure protocols?
|
| [1] https://www.npr.org/2011/12/09/143442365/mexico-busts-
| drug-c...
| newsclues wrote:
| In the 90s Colombian cartels were using mainframes.
| earnesti wrote:
| Also, there are lot of open source software in the space -
| no need to develop your own, just scan the code for
| backdoors.
| [deleted]
| walrus01 wrote:
| that's not a cellphone network that's a VHF/UHF radio
| repeater network. basically same idea as ham radio hilltop
| repeater stuff in the US, but built for private purposes,
| and using COTS radios capable of basic encryption.
| chongli wrote:
| From the article:
|
| _Soldiers seized 167 antennas, more than 150 repeaters
| and thousands of cellphones and radios that operated on
| the system._
|
| It sounds like it had both radio and cell bands if phones
| were able to use it.
| icu wrote:
| I mean wouldn't it be logical for the criminals to adapt?
| It's now public that:
|
| a) Crypto is secure, b) Infiltration is difficult, and c) You
| can't trust hardware and software vendors.
|
| From what I can tell the criminals need international
| communications to facilitate their operations.
|
| Ergo, my earlier speculation that the technologically savvy
| ones will adapt and develop their own proprietary software.
|
| Maybe the juice isn't worth the squeeze for criminals to
| learn software development, but I worry about criminals who
| do learn.
| tessierashpool wrote:
| one fun factoid in favor of your argument is that Latin
| American drug cartels have been known to build their own
| submarines for drug smuggling.
|
| however, most _known_ criminal dev teams are hacker groups in
| Russia who either operate as part of official espionage
| activities, or are allowed to operate as long as their victims
| aren 't Russian.
|
| all that being said, though, this "criminal software" idea
| probably isn't as true as you think. criminal enterprises are
| inherently risky, and there's so much money to be made in
| software that anybody good enough to do well in a criminal
| enterprise could do well normally.
|
| (unless we count normal companies which get away with breaking
| the law in the course of normal business as criminal
| organizations -- e.g., Amazon and Tesla for union-busting -- in
| which case, there are probably a lot of people reading this who
| technically belong to criminal organizations, although some
| percentage of them would intend otherwise.)
| mistrial9 wrote:
| > most known criminal dev teams are hacker groups in Russia
|
| citation, please!
| bitwize wrote:
| > Now that the workings have been revealed, An0m is a trick that
| could surely never be repeated in the world of organised crime.
| The revelations will push criminals away from technology, even if
| it makes their work more laborious and slow-moving.
|
| I can imagine future organized crime information flows more
| closely resembling what was depicted in John Wick: a lot of
| secretaries and file clerks pushing paper around, using old
| mechanical adding machines and typewriters; if they do touch a
| computer, it's a VIC-20 or similarly ancient, internet-incapable
| device.
| eptcyka wrote:
| Its harder to erase paper trails, so I think the future of
| crime is using open source or in-house comms tools.
| bitwize wrote:
| Fire, judiciously applied, can erase paper trails rather
| efficiently.
| eptcyka wrote:
| And evidence of burning possibly indicting evidence is all
| the more indicting.
| dredmorbius wrote:
| This is what document-retention-and-disposal policies are
| for.
|
| In major business districts throughout the Western world,
| document disposal companies will drive their collection
| truck to a given business address and shred the collected
| paper right there in the street as it's loaded into the
| truck.
|
| You can see them everywhere.
|
| You can hear them long before you see them.
| dankent wrote:
| That sounds like it would be a big win for law enforcement. If
| you can force your opponent to avoid some modern ways to
| communicate, you can put a big dent in their efficiency.
|
| It's possible that paranoia might lead to criminals avoiding
| even technology that they could be using safely, further
| slowing them down.
|
| An old fashioned system also seems like it would require more
| people, opening up more opportunities for human intelligence
| operations targeting the network.
| yholio wrote:
| Or they could learn to use Signal.
|
| Properly installed (F-Droid) on off-the-shelf phones with
| fresh prepaid sims and OS updates disabled, it can be
| considered secure software against all but the most
| sophisticated adversaries.
|
| Then, simply verify the handshake key for your contacts, and
| you can be sure there is no man in the middle attack. Rotate
| phone+sim every 2 months, while keeping the same "outside"
| number, say, a landline you control.
|
| There are attacks against this too, but they are very noisy
| (modify all Signal binaries delivered to a certain area) or
| typically exceed the technical capabilities of run-of-the-
| mill agencies (exploit an OS zero day).
| notyourday wrote:
| > Properly installed (F-Droid) on off-the-shelf phones with
| fresh prepaid sims and OS updates disabled, it can be
| considered secure software against all but the most
| sophisticated adversaries.
|
| IMEI will identify the phone.
|
| Signal does not work well without GCM.
| monocasa wrote:
| The easier way to attack this is by instituting a know your
| customer law for phone systems including prepaid SIMs,
| combined with accomplice charges for anyone who's SIM is
| used in connection with criminal acts.
| VLM wrote:
| People are too free with their phones. Just walk into a
| bar and say you're too drunk to drive and could the
| bartender call my wife to pick me up? Not knowing its
| actually picking up $60M worth of coke instead of picking
| up me.
|
| Or pull off to the side of the road, walk in well
| dressed, wave a dead iphone in front of them, ask the
| receptionist "hey my car broke down and my battery is
| dead, could you call this number and tell them my car
| broke down?" Or bonus points if the cops arrive because
| you're blocking traffic, ask the cop to call on their
| phone.
|
| (edited I got the best idea that most anyone would fall
| for: Slip a kid $20 to ask an adult to call his mommie
| because he got lost...)
| vkou wrote:
| This is all well and good for communicating a single,
| pre-planned operation, but you're going to need to
| communicate a lot more in order to actually do all that
| pre-planning for it.
| monocasa wrote:
| That's a function of there not being penalties. You'd see
| that change if the laws changed.
| dredmorbius wrote:
| Penalties for what exactly, here?
|
| Good Samaritanism?
| monocasa wrote:
| The whole thread here is about penalties for assisting
| criminal enterprises with a SIM tied to your identity.
| dredmorbius wrote:
| And if I place a call for someone on good-faith belief
| that they need assistance?
| monocasa wrote:
| I don't get where your point is leading or coming from.
| dredmorbius wrote:
| Let's back up a bit here.
|
| What specifically in this comment would you penalise?
|
| https://news.ycombinator.com/item?id=28620403
|
| And how would you address the issue of people being good
| sams --- making calls on behalf of someone else when they
| ask, in good faith.
|
| See for example RMS:
|
| _When I need to call someone, I ask someone nearby to
| let me make a call. If I use someone else 's cell phone,
| that doesn't give Big Brother any information about me._
|
| https://stallman.org/rms-lifestyle.html
| monocasa wrote:
| > What specifically in this comment would you penalise?
|
| One comment up from that I said:
|
| > The easier way to attack this is by instituting a know
| your customer law for phone systems including prepaid
| SIMs, combined with accomplice charges for anyone who's
| SIM is used in connection with criminal acts.
|
| ~~~~~~~~~~~~~~~~
|
| > And how would you address the issue of people being
| good sams --- making calls on behalf of someone else when
| they ask, in good faith.
|
| Prosecutorial discretion.
|
| And to be clear I'm not pushing for these laws; I think
| they're awful. I just see it as a clear direction that
| .gov is going to go if they feel the need to that's
| easier than maintaining zero days for general law
| enforcement. The ability to actually tie phones to
| personal identity in a way good enough for a court room.
| dredmorbius wrote:
| Penalisation under a "KYC" law would have to be extreme.
|
| And I suspect there'd be all kinds of challenges to such
| a requirement.
|
| Again, the Good Sam loophole is huge.
| monocasa wrote:
| > Penalisation under a "KYC" law would have to be
| extreme.
|
| Yep. It would have to be enacted in the kind of furvor
| like existed around 9/11. But, the PATRIOT act had been
| floating around DC for years before 9/11 too.
|
| > And I suspect there'd be all kinds of challenges to
| such a requirement.
|
| > Again, the Good Sam loophole is huge.
|
| In the US, it really isn't. It's a patchwork of state and
| local laws that could absolutely be invalidated by the
| feds in the case of a global communications medium like
| the phone network, since that implies interstate
| commerce.
| hkt wrote:
| Not unlike the FSB: https://www.rt.com/news/typewriters-russia-
| order-surveillanc...
| dredmorbius wrote:
| Curiously, a similar organisation would bug same.
|
| https://web.archive.org/web/20210730214414/https://spectrum..
| ..
|
| https://archive.is/T16Fj
|
| (GDPR-noncompliant cookie policy at origin.)
| sumnole wrote:
| Besides criminals, even legitimate businesses might start to
| prefer offline methods. With the decline of privacy comes
| corporate espionage and that's no good for business.
| kube-system wrote:
| Legitimate businesses can much more easily avoid being
| scammed by vendors because their legitimate businesses are
| protected by the legal system. They also can openly discuss
| their experiences with vendors, because they're not hiding
| from anyone.
| dredmorbius wrote:
| How's that working out for victims of ransomware attacks or
| nation-state corporate espionage?
| kube-system wrote:
| I've never heard of a business being scammed by a vendor
| through ransomware. When businesses choose vendors, they
| do it with legal contracts enforceable in their
| jurisdictions.
| dredmorbius wrote:
| Vendor-based scams are not the entirety of the threat
| model.
| kube-system wrote:
| Vendor-based scams are what this thread and this article
| is about. The root quoted that An0m was a 'trick' that
| couldn't be repeated again. My point is that legitimate
| businesses would have never had to worry about such
| tricks, being scammed by a vendor like this is a problem
| unique to illegal businesses.
| dredmorbius wrote:
| OK, I see what you're saying.
|
| Though I think there are actually at least two
| discussions being had here, apparently talking past one
| another:
|
| One, that a vendor which promises some service but fails
| to deliver on it, as An0m did here, would be subject to
| civil claims for fraud or false representation. This
| seems to be your general argument.
|
| Another is that _any given business_ has concerns over
| surveillance and privac breaches, _whether from law
| enforcement or other entities_ , and that _any_ use of
| digial communictations and data systems exposes them to
| this risk _. Paper-based systems have, of course, far
| lower capabiliies to data_ processing _, but also to
| data_ exfiltration*.
|
| Both are risks.
|
| You're focused on one. Others take a broader view, myself
| included.
| kube-system wrote:
| That's fair. But I still don't think the situation
| translates; businesses have significantly more options
| for mitigation and less downside risk. They're likely not
| going to prison if they have a data leak, and they have
| access to good information and the world's most reputable
| vendors for solutions to those problems.
|
| Outside of exceptionally high risk (or exceptionally low
| revenue) businesses , I don't think many are going to
| choose to go back to paper. Although, we may see more
| systems being air-gapped, virtualized, or using other
| forms of isolation. The types of enterprises that could
| afford the labor cost of using paper can also afford the
| price tag on digital solutions that do a good job of
| mitigating those risks. Most breaches, ransomware
| attacks, etc are things that could have been prevented.
| Rarely do incident response crews say "this company
| couldn't have done anything to prevent this"
|
| Additionally, legitimate businesses have customers that
| will demand that they use digital solutions. Criminals
| dealing with other criminals might be willing to use
| paper to mitigate risks. Customers of established B2B or
| B2C companies will not.
| walrus01 wrote:
| For a lot more info on phantom secure, just google "phantom
| secure vancouver". Vancouver has become well known
| internationally as a place to launder money through the real
| estate and casino industry.
|
| https://www.google.com/search?&q=phantom+secure+vancouver
|
| https://www.google.com/search?&q=vancouver+money+laundering
| advael wrote:
| Every time I read about police investigation techniques that
| justify the use of mass-surveillance, deception, and entrapment,
| I grow closer to fully rejecting the legitimacy of criminal law
| and criminal justice.
|
| The less legitimacy I assign to criminal law and criminal
| justice, the more infuriating it is that the budgets of law
| enforcement agencies grow ever more inflated to do ridiculous
| schemes like this to enforce ridiculous laws against things like
| drugs or voluntary sex work, and that this cost is seen as more
| necessary and inevitable by our governments than alleviating
| poverty or providing essential services like healthcare
| d0gsg0w00f wrote:
| Have you ever hung out with a cokehead?
| jessaustin wrote:
| How does that relate to anything in parent post?
| advael wrote:
| Sure. I've met multiple cocaine users
| onemoresoop wrote:
| Don't care for drugs or sex work, for all I care they
| should be legal. What is horrifying to me is the amount of
| violence / abuse amounting to slavery and trafficking as
| well as the murders these people commit. Should they be
| left unchecked, to flourish? Look at countries where
| criminal activity has gone up severely, thinking of drug
| cartels in Mexico for one (or other places) where normal
| people can no longer feel safe even if they want nothing to
| do with this underworld.
| advael wrote:
| To be frank, I think the most parsimonious theory for why
| these trades involve so much violence is _because_ we 've
| made them black markets and forced the entities that
| successfully operate in those trades to be equipped to
| contend with increasingly military-like police forces, as
| well as incentivized to be secretive in their dealings,
| removing the reputational and regulatory pressures that
| many other industries are subject to, and giving them
| reason to harm people more often
|
| But even if criminalization isn't _creating_ these
| problems, it certainly is doing nothing to solve them,
| and making it harder for anyone who 's found themselves
| involved in these activities to seek out help from more
| above-board sources (Including the police themselves, but
| also for example medical practitioners, who might report
| them to the police)
|
| And of course this all leaves aside the philosophical
| objection I have to hunting people down and putting them
| in cages, not because they've harmed people, but because
| we think maybe something else they're doing is associated
| with that harmful behavior in many instances. This is
| just not something I can get behind
|
| But at the end of the day, all of this pales in
| comparison to the systemic consequences of creating a
| powerful police state that has license to surveil and
| invade people's homes, confiscate their property, or even
| gun them down because of suspicion about contraband. This
| social cost is more than I would pay for murder
| investigations, let alone controlling what substances
| people can ingest or what motivations they have for their
| sex lives
| stevage wrote:
| Each time I read about this I'm a bit underwhelmed by the number
| of arrests. Tens of thousands of users, presumably almost all of
| them criminals, and only 600 arrests? That's a very leaky sieve.
| dredmorbius wrote:
| One of the earlier items posted on this investigation highlights
| what's an increasing concern of mine as regards the
| investigation: That the methods used are illegal in the US by
| virtue of the 4th Amendment protections on search and privacy:
|
| _FBI agents were not allowed to download or read any messages
| sent from AN0M accounts in the United States because of privacy
| laws. President of the NSW Council of Civil Liberties Pauline
| Wright said the US had "pretty strict protections around human
| rights and privacy" which Australia did not have. "It illustrates
| that Australia is an outlier in terms of protections for human
| rights and civil liberties," she said._
|
| https://www.abc.net.au/news/2021-06-15/no-one-in-america-arr...
| (https://news.ycombinator.com/item?id=27509550)
|
| For all the devices sold and messages surveilled, "over 800"
| arrests occurred in 18 countries, the bulk in in Australia,
| though also Germany, Sweden, and the Netherlands
| (https://www.theguardian.com/australia-
| news/2021/jun/08/anom-...). 12,000 devices were issued
| (https://www.bbc.com/news/world-57394831).
|
| That's a ratio of about 7% arrests --- which means that for every
| 15 persons whose every communication was monitored for a year and
| a half, sufficient evidence to make an arrest could not be found
| for 14 of them. And that the investigation would have included
| all of _Xheir_ furXher conXacXs as well. Xhis in a world where
| six degrees separates any two people.
|
| I'm not sure these 11,200 or so people are pure as the driven
| snow, but they _did_ give up their privacy rights under a
| _general_ warrant, but not under direct suspicion according o he
| reports I 've seen. And he legality _has_ been questioned:
|
| https://www.necessarybehavior.com/blogs/news/operation-troja...
|
| I suspect a fair argument could be made that the FBI exceeded its
| legal authority in this operation and that the operation itself
| was illegal.
|
| That there have been no US arrests officially linked to the
| operaiton isn't a guarantee that none will occur, though those
| might well occur under "parallel construction" or similar
| pracXices, where inadmissable evidence is used as the pretext to
| obtain evidence that can stand in US courts. The very fact that
| the FBI were active participants in An0m / Operation Trojan
| Shield / Operation Ironside taints any investigations for years
| going forward.
|
| The other tradecraft lessons are that:
|
| - Only cryptographic methods secure enough to be of interest to
| criminals are sufficient for the rest of us.
|
| - Whether a criminal or simply on watchlists for other reasons,
| those who need cryptography are best served where their use of it
| doesn't significantly highlight them from the rest of the
| population.
|
| It's that second factor which both makes tools such as An0m so
| inherently risky to the privacy-conscious, _and_ which explains
| the 30-year-long concerted an unyielding press by world
| governments to keep effective cryptography out of the general
| public 's hands by preventing its being built into generally-used
| tools. Even strong crypto, _if sufficently rarely used_ , becomes
| just another metadata point in identifying subjects of interest
| AlexAndScripts wrote:
| IMO that's an issue with the law, not what they were doing. I
| don't see anything morally wrong with what the FBI did - I
| think they should have been able to monitor US citizens as
| well.
|
| Ofc, until the law is changed, it should be followed - as it
| was, in that case. But until then, I don't have a issue with
| working around it.
| rkk3 wrote:
| > the FBI, had conceived, built, marketed and sold the devices.
|
| > $1,700 for the handset, with a $1,250 annual subscription
|
| > Almost 10,000 users around the world had agreed to pay
|
| So the FBI built a 8 figure ARR hardware business...
| ChuckMcM wrote:
| Funny but that is exactly where my brain went too, it was like
| "Wow, that is some serious market validation."
| jacquesm wrote:
| Of course, but there would be similar market validation for
| being able to hold up a bank without ever being recognized or
| to be able to steal money from bank accounts anonymously.
|
| That 'market' is called crime, and obviously criminals will
| be more than happy to fork over money for tools that help
| them to commit crimes without being arrested. In reality
| though, that market doesn't exist because if you or I would
| address that market we'd be hit hard by the authorities, and
| for good reason.
| omreaderhn wrote:
| As far as I can tell, An0m has the same marketing pitch as
| Purism.
| ChuckMcM wrote:
| ... or the "Freedom phone"
| 14 wrote:
| There are more reasons then committing a crime for wanting
| anonymity. If I was someone with money like a celebrity I
| would want this phone. If I was a business with sensitive
| information I would want this phone. And so on.
| Aerroon wrote:
| > _If I was someone with money like a celebrity I would
| want this phone._
|
| I think this part is underestimated by most people.
| Celebrities are frequently under a microscope and having
| to live your life while worrying about somebody
| overhearing it and taking it to the press must be
| frustrating. Everyone has bad moments in their lives, but
| at least for most of us these won't be dragged up and
| published to the world. A device like this could help
| alleviate that fear a little bit.
| ChuckMcM wrote:
| To be fair, I remember the story of the guy that designed
| the drug cartel's radio system[1]. And I share your dislike
| of facilitating bad actors.
|
| That said, having met the "ad tech" industry[2] when doing
| a search engine I can say there are a large number of
| people who are perfectly happy to take the money from bad
| actors with a "perfectly legal" product and reasonable
| deniability.
|
| But all of these schemes have a certain "addressable
| market" and an "expected return" which are hard to judge.
| Putting numbers to the "completely anonymous" phone scam
| was interesting.
|
| [1] https://www.wired.com/2012/11/zeta-radio/
|
| [2] And to be clear, there are legitimate folks trying to
| do ad tech in legitimate ways, but there is also a lot of
| fraud in ad tech which involves setting up networks to take
| money from advertisers and feed it to bad actors.
| codetrotter wrote:
| But they probably had a lot of money to start it right?
| rkk3 wrote:
| The FBI sure, but who knows what kind of budget the team was
| given.
|
| But they did leverage their position as law enforcement to
| arrest all of their competitors
| TheSpiceIsLife wrote:
| They arrested their customer, which isn't great for
| retention.
| Torwald wrote:
| It doesn't indicate how high the marketing costs were. Probably
| too high to sustain a business.
| youngbullind wrote:
| Sounds like it was mostly word of mouth
| eli wrote:
| Those mouths probably didn't work for free
| phpnode wrote:
| Free to the makers of the device though, it's not like
| they were charging the manufacturers for paid promotions
| like an Instagram influencer would - they recommended
| this device to their associates because they thought this
| would help them coordinate their activities more
| efficiently whilst reducing their personal risk.
| anm89 wrote:
| This title is useless
| dredmorbius wrote:
| The 2nd phrase is somewhat more informative: "the inside story
| of the most daring surveillance sting in history"
|
| HN has an 80-character maximum length, submitters have to make
| choices. That said, I'd have gone with the 2nd phrase here.
| rtkwe wrote:
| It's a known problem with HN's don't edit the headline mantra
| but that's where we are. It nips a lot of stuff in the bud so
| it's maybe worth the trouble with headlines like this that are
| multipart.
| smoldesu wrote:
| s/useless/redundant for all modern online messaging
| 28619242 wrote:
| The sad thing about this technology is that it's routinely used,
| as enumerated in this article, to a completely worthless end.
| Cocaine should not be illegal anywhere, nor should surveillance
| stings be set up to entrap people.
| tummybug wrote:
| I find myself asking this question, what causes more net harm,
| the social impact of people abusing cocaine and associated
| problems or the damage caused by cocaine being high lucrative
| while illegal and the war on drugs.
| shapefrog wrote:
| It really doesnt take much to figure out the answer.
| toss1 wrote:
| >>nor should surveillance stings be set up to entrap people.
|
| You used the word "entrap". I don't think it means what you
| think it means.
|
| Setting up surveillance of people doing what they independently
| decide to do on their own, is not entrapment.
|
| Entrapment is when you interact with a target and actively
| convince them and/or enable them to do a criminal act that they
| (arguably) would not have done on their own without your
| prompting/enabling actions.
| p2p_astroturf wrote:
| Gee, what if there was an industry standard simple to implement
| cryptographic messaging protocol (unlike PGP).
|
| That is to say, there is never a good solution to this basic
| problem which should have been solved 30 years ago, on top of
| having to convince your mob boss on what to use.
| sharklazer wrote:
| Never outsource security if you actually want security...
| bowmessage wrote:
| Never roll your own security if you actually want security,
| either. What are we supposed to do :).
| sharklazer wrote:
| Oh, indeed, unless you're DJB, never roll your own. I mean
| you should understand what you're doing and why you're doing
| it, not leave it up to someone else to make decisions for
| you. Not that you should re-invent the wheel. :-)
| reilly3000 wrote:
| If you do roll your own and you're not a high value target
| (aka there aren't a lot of assets they can seize or are a
| notorious criminal) nobody is going to take the time to bust
| open your homegrown setup. Security by obscurity is powerful.
| There is a reason why Wordpress sites get hacked a lot: the
| exploit has a lot of leverage with 1/4 to 1/3 of the public
| web using it.
| robertlagrant wrote:
| It's don't roll your own crypto, not security in general.
| isoprophlex wrote:
| Use one time pads
| VLM wrote:
| In this situation that would leave you open to network
| analysis and location analysis, even if no payloads were
| decryptable.
|
| Using enough data warehousing and artificial intelligence,
| eventually some algorithm would notice that every time some
| dude gets a phone call, next month the same boat gets a
| bill for servicing its water intakes, and a month later
| coke supply increases in .au decreasing the price. Might
| take a few times, but someone's getting caught.
|
| The best part is if they go in shooting on a warrant and
| kill some random completely uninvolved people, it was all
| an algorithm's fault and nobody is to blame and I guess we
| just need more police involvement and surveillance to
| prevent future tragedies.
| notyourday wrote:
| If you have a way to security distribute one time pads you
| don't actually need one time pads as you have a way to
| security distribute the messages as the one time pads are
| higher than the size of the messages you are distributing.
| isoprophlex wrote:
| Nevertheless you can distribute your pad once and
| communicate over clear channels for a long time.
|
| You might even schedule regular communications to avoid
| being caught by traffic metadata analysis.
| GuB-42 wrote:
| One time pads are really inconvenient and hard to get
| right. That's why they are almost never used in practice,
| despite being theoretically perfect.
|
| First, you need to generate large amounts of unbiased, true
| random data. If it is not true randomness, you have a
| stream cypher, and if you "rolled your own", probably not a
| good one.
|
| They you have to store the one-time pad. It is usually too
| big to memorize. You have to store in on a device like a
| USB stick or a book, and guard it well.
|
| Then, you have to share the secret, and for that you need a
| secure channel and that shouldn't rely on encryption,
| because it would miss the point. Essentially, you need to
| meet in person, in a secure location.
|
| Then, you need to make sure that the one-time pad really is
| one-time. It should be securely destroyed after each use,
| preferably on both ends.
| VLM wrote:
| IF you want to send arbitrary data. Usually people don't
| need that.
|
| For something like coke smuggling you just need to know
| its on the way, get ready. So the OTP could be something
| as lame as "if you get a phone call from some rando who
| says 'Taste the Feeling'" then the next boat is full of
| coke, or if not, then the next boat is not full of coke".
| Actually terrible idea as taste the feeling was a coke
| company slogan a couple years back, but you get the
| general idea.
| vkou wrote:
| Most criminal activity involves communicating arbitrary
| data. Communicating that a drug boat is coming across a
| border is a tiny fraction of the communication in a
| criminal organization. In the scenario you described,
| planning out the communication protocol itself is an
| example of communicating arbitrary data... That needs to
| happen, at every physical hand-off point.
| rtkwe wrote:
| You generally need more information flow than that to
| successfully coordinate a big logistics move like this
| though which is where you need arbitrary messages.
| gooseus wrote:
| Remain insecure in your security or else be completely
| unsecured.
| Andrew_nenakhov wrote:
| Do not rely on technical means to solve an administrative
| problems. Vito Corleone didn't have messenger apps, email or
| ERP systems, but his enterprise ran like like a clock. So
| should yours.
| phpnode wrote:
| 1. That was way before the advent of smart phones and most
| technological surveillance techniques.
|
| 2. It was fictional.
| anyonecancode wrote:
| I always took this as "you're not a domain expert so you'll
| get it wrong", with the implied corollary that if you
| actually _are_ a domain expert, then you know what you're
| doing. IOW, hire bonafide domain experts rather than trying
| to cheap out.
| Buttons840 wrote:
| Why not both? Encrypt your message with your home grown
| encryption, then send it through standard TLS. Both would
| have to fail for the message to be revealed.
|
| Sometimes when I'm wearing my tinfoil hat I wonder if the
| advice to avoid rolling your own crypto is a conspiracy. The
| powers that be want to maintain their backdoors, maybe?
| Probably not. Of course, it's definitely true that there are
| more attack vectors out there than an amateur can be aware
| of.
| petschge wrote:
| The main warning against rolling your own crypto is because
| you would (or would be tempted to) replace standard crypto
| with it.
| generalizations wrote:
| I also wonder why there's such a pushback against one-time-
| pads. The common critiques don't seem to be any greater of
| a risk than the holes we've already encountered (e.g.
| heartbleed).
|
| I think I remember a scifi story that mentioned some
| character who worked in the one-time-pad shipping business.
| I guess a spacecraft full of data storage can hold enough
| random data to last for a long time.
|
| Seems like we should at least come up with a proper
| protocol for it, so we can at least get started with
| something that's broadly compatible.
| rtkwe wrote:
| Unless you're using a true random number generator that
| works on a mechanical/electrical process a lot of
| encryption algorithms are various ways of creating a one-
| time pad. And they save a lot on space which used to be
| precious. With a single key much smaller than a megabyte
| I can encrypt essentially endlessly where for the normal
| OTP process I need as much random data as there is data
| to be encrypted which gets unwieldy extremely quickly
| even with cheap storage.
| nybble41 wrote:
| > Unless you're using a true random number generator that
| works on a mechanical/electrical process...
|
| ...you're not using a one-time pad. OTP requires the pad
| to be truly random: at least one bit of unique, never-
| used-elsewhere entropy for every bit in the message.
| Merely XORing some plaintext with a pseudo-random stream
| based on a smaller seed, which as you say is the basis
| for various other encryption algorithms, is not a one-
| time pad.
|
| The real problem with OTP is key distribution: You need
| to share pads with everyone you might want to communicate
| with, one pad per sender/receiver pair, and those pads
| need to be at least as large as all the message you'll
| eventually want to exchange. There is no OTP equivalent
| to public-key cryptography where you only need one
| private/public keypair per recipient.
| TeMPOraL wrote:
| Is there a pushback against one-time-pads? I thought they
| are the _perfect_ , unbreakable encryption scheme - just
| that they come with extreme logistical problems.
|
| > _I think I remember a scifi story that mentioned some
| character who worked in the one-time-pad shipping
| business._
|
| _A Fire Upon the Deep_ , by Vernor Vinge.
| Y_Y wrote:
| I think that this isn't strictly true. If you naively apply
| bad encryption before good you may weaken the entire
| system. For a silly example, imagine your "homegrown"
| crypto adds a publicly known plaintext to the start of the
| cyphertext. I think this is discussed in Schneier's
| textbook.
| dredmorbius wrote:
| Or the implementation does something silly like copy the
| cleartext and not clean up after itself, or send
| distinguishing metadata, etc., etc.
| knodi123 wrote:
| > If you naively apply bad encryption before good you may
| weaken the entire system
|
| The strength of the system can be viewed from multiple
| angles. From a _practical_ angle, applying one kind of
| commercial encryption on top of another type of
| commercial encryption turns it into a _technically_
| weaker, but unique cryptosystem. And uniqueness has value
| if you 're just a single fish in a big pond.
|
| For instance, if one single An0m customer had applied a
| caesar cypher to their communications, the cops might
| have skipped over him due to the unknown cost of putting
| dedicated crypto effort into one person in a massive
| dragnet.
| knodi123 wrote:
| * I meant to say add commercial encryption on top of
| custom encryption
| unnouinceput wrote:
| So? https it adds a publicly known header at beginning of
| any connection anyway and I don't see public key
| encryption being cracked anyway. Or blockchains do that
| too, are wallets being emptied by the ones that don't
| have the private key?
|
| And since you mentioned Schneier textbook, he also said
| that a good safe is the one that you give to your
| adversaries with the blue print of how it's made and
| still is uncracked, not the one that you dump in the
| middle of the ocean and ask your adversaries to crack it
| (security through obscurity).
|
| PGP is still uncracked, if I'd become a criminal then
| public PGP with at least 8k bits key would be my choice.
| clipradiowallet wrote:
| > PGP is still uncracked, if I'd become a criminal then
| public PGP with at least 8k bits key would be my choice.
|
| It's not PGP that is uncracked, PGP is a set of tools
| built on top of RSA. RSA is still secure (other than
| brute force factoring) with appropriately sized keys.
|
| The biggest problem with PGP isn't PGP itself, it's your
| opsec approach to everything else. Example... after
| decrypting a PGP payload - did you save it to disk
| unencrypted? Did the recipients to your messages save it
| unencrypted? Are any machines infected with keyloggers?
| PGP is a _great_ tool, but still requires good opsec
| overall.
| Buttons840 wrote:
| You're technically right, but it's practically true for
| good algorithms. Yes, if you apply a rot(-13) before your
| rot(13) "encryption" it's going to make it worse.
|
| I think that if we are going to be concerned about
| multiple layers of encryption, as you say, then we should
| be equally concerned with things such as what encoding we
| use to send text with, or whether we use gzip or bzip. It
| would suck having to worry about all that; good
| encryption algorithms work regardless of how their
| plaintext is encoded, and home grown encryption is just
| another form of encoding.
| dankent wrote:
| It's definitely a dilemma. I guess the sweet spot would be
| security systems that are well understood in house but built
| on existing, well understood and studied standards and
| theory.
|
| A starting point might be to use battle-tested open source
| systems but subject them to detailed in-house analysis and
| audit.
| dredmorbius wrote:
| I think that's the wrong lesson here.
|
| An0m created two vulnerabilities to its users:
|
| - It was specifically marketed to criminal entities. That is,
| it sharply reduced the search space. In a 33 bit world, An0m is
| 14 bits.
|
| - It was specifically back-doored.
|
| "Roll your own" avoids the 2nd case but not the first. By
| definition, rolling your own _already_ reduces search space to
| the domain of interest. (Other means of evidence gathering may
| be needed, but should be reasonably viablle.)
|
| Instead, what you want is:
|
| - Blend in with the crowd.
|
| - Utilise widely-shared communications protocols,
| implementations, and tools.
|
| - Ensure that these have secure cryptographic methods and
| implementations.
|
| - Audit the hell out of these and offer bounties for any
| vulnerabilities which can be demonstrated.
|
| If at all possible, see to it that widely-used, generally-
| available communications tools themselves offer secure
| cryptographic methods and implemntations. And school your
| minions in their proper and effective use _and limits_.
| Closi wrote:
| Agreed, although I think this is the hard bit:
|
| > - Audit the hell out of these and offer bounties for any
| vulnerabilities which can be demonstrated.
|
| The NSA backdoors will be pretty hard to find if they are
| there - It's not like you are going to see something like "If
| User == "NSA" Then Divulge_Key()". The backdoor is going to
| be something like a very subtle bug with how a particular
| crypto library is implemented, or some obscure buffer oveflow
| attack, and it probably won't even be discernible from an
| accidental bug.
|
| In reality I doubt there is any way to know if the NSA can
| eavesdrop, it's a complete coin toss.
| dredmorbius wrote:
| AFAIU most of the NSA's capabilities come through
| workfactor-reduction values --- seed values to
| cryptographic functions which reduce the time to crack a
| given message (if the secret seeds are known).
|
| Avoiding NIST-recommended ciphers seems to be generally-
| advisable in this case.
|
| There are other backdoors (see the case of Juniper
| Networks), but there's probably an enumerable set of
| pracices.
|
| One helpful option is to use Free Software tools in which
| single actors are ulikely to be able to subvert the tool,
| and many have an interest in its integrity.
| f1refly wrote:
| > Either because of a lack of technical knowhow, or fear for his
| safety, Ramos refused, and pleaded guilty to running a criminal
| enterprise, a charge for which he was sentenced to nine years in
| prison
|
| Wait a second, why would he have to go to prison? If all he did
| was selling phones, what charges could there possibly be?
|
| I'm also missing a third option that he refused to cooperate "for
| idiological reasons".
| gerikson wrote:
| > If all he did was selling phones, what charges could there
| possibly be?
|
| He pleaded guilty to racketeering charges.
|
| https://www.justice.gov/usao-sdca/pr/chief-executive-communi...
| badRNG wrote:
| > There, since 2018, the Telecommunications and Other Legislation
| Amendment (Tola) has allowed government agencies to compel
| telecommunications providers to allow authorities to intercept
| criminal messages - powers that are not yet available to police
| elsewhere in the world.
|
| That "yet" is terrifying. If you thought the PATRIOT Act was an
| overstep, you need to read TOLA. This is the revival of the
| crypto wars. Good write up on it here [1]
|
| [1] https://www.internetsociety.org/news/press-
| releases/2021/new...
| mirkules wrote:
| I don't understand how it is legal to eavesdrop without a
| warrant, even if you are target bad-faith actors and have
| probable cause - that's how you get warrants in the first
| place.
|
| Furthermore, everyone on this thread is talking about more
| secure communication. But my mind always goes to assuming every
| communication channel is compromised by default, and then
| flooding it with many, many false messages and wasting
| adversary resources chasing them.
| oh_sigh wrote:
| How does one even know they are criminal messages if they
| haven't already been intercepted?
| infogulch wrote:
| Messages on their own are considered criminal until proven
| otherwise, just like your cash (see civil forfeiture). I wish
| I could add /s
| jimt1234 wrote:
| I recall reading a while back that judges were signing off
| on surveillance warrants based on messages using any sort
| of encryption (like https), because obviously anyone
| encrypting a message is up to no-good. /s ;)
| TeMPOraL wrote:
| > _based on messages using any sort of encryption (like
| https)_
|
| I hope you're strongly /s, because if HTTPS being used as
| transport is enough to rubber-stamp a warrant, then this
| is in practice a blanket agreement to surveil all
| communications on the Internet.
| giantg2 wrote:
| Most approvals are basically rubber stamps. Judges
| usually just believe whatever law enforcement tells them.
| Most of the time they spend no time digging into it. Just
| my experience.
| dylan604 wrote:
| you state that like it's not the intended end goal.
| everything is a step towards this.
| [deleted]
| f1refly wrote:
| Have you ever heard of the nsa and their five eyes
| buddies?
| jhgb wrote:
| It's an island prison -- of course these are criminal
| messages to begin with!
| dredmorbius wrote:
| There've been a number of earlier HN discusions of this story:
|
| 5 days ago, 31 points, 5 comments: The story of An0m Chat, Run by
| the Police https://news.ycombinator.com/item?id=28490871
| https://www.theguardian.com/australia-news/2021/sep/11/insid...
|
| 3 months ago, 130 points, 62 comments: Why no-one in America was
| arrested as part of Operation Ironside
| https://news.ycombinator.com/item?id=27509550
| https://www.abc.net.au/news/2021-06-15/no-one-in-america-arr...
|
| 3 months ago, 431 points, 350 comments: Australian Federal Police
| and FBI nab underworld figures using encrypted app
| https://www.abc.net.au/news/2021-06-08/fbi-afp-underworld-cr...
| https://news.ycombinator.com/item?id=27430508
|
| 3 months ago, 18 points, 5 comments: Hundreds arrested in global
| crime sting using messaging app
| https://www.bbc.com/news/world-57394831
| https://news.ycombinator.com/item?id=27435467
|
| Search also under "at0m", "operation ironside", and "operation
| trojan shield".
| shoto_io wrote:
| This is an interesting feature idea for HN!
|
| Can someone please build this? Restrictions: You may only use
| Rust and sparkle some AI on it.
| athenot wrote:
| The "past" link at the top right under the article title
| provides this already.
| dang wrote:
| It provides the rudiments of it. I think the sweet spot
| will be adding support for community curation, the way
| dredmorbius did above. We were just talking about this
| here: https://news.ycombinator.com/item?id=28613646.
| dredmorbius wrote:
| Boolean syntax doesn't work (e.g., terms grouped with
| parentheses), but the individual searches do:
|
| an0m: https://hn.algolia.com/?dateRange=all&page=0&prefix=fal
| se&qu...
|
| operation ironside: https://hn.algolia.com/?dateRange=all&pag
| e=0&prefix=false&qu...
|
| operation trojan shield: https://hn.algolia.com/?dateRange=al
| l&page=0&prefix=false&qu...
|
| You can also search comments; many of the headlines, as in
| this case, don't mention any of the keywords used here, and I
| turned up most of the articles based on _comment_ search.
|
| I'd recalled the investigation sufficiently to know that it
| had been mentioned, and what search terms were likely to turn
| it up.
| Andrew_nenakhov wrote:
| Interesting thing about intercepting messages which are encrypted
| using modern encryption protocols like OTR is deniability. If a
| police installs MitM on a server, it can't cryptographically
| prove that messages were originating from criminals, not written
| themselves.
| upofadown wrote:
| Yeah it is well known that all you have to do is claim that the
| police forged the evidence and then that evidence is
| immediately thrown out. If the police don't have hard
| cryptographic evidence than they are just out of luck.
|
| It would be interesting to see what would happen if anyone ever
| tried the deniability defence in court:
|
| "Ha Ha. You can't link those messages to my public key. They
| could of been forged."
|
| "We can't for sure link your identity to your public key in the
| first place. Why should we care about any of this?"
| ARandomerDude wrote:
| True but it can be shown to be plausibly written by the
| defendant if there's no reasonable way the police could have
| known details without the message being intercepted.
|
| For example:
|
| "Hey Bill, I'm going to steal the car at 123 Anywhere Street on
| Thursday at 2 am."
|
| Police then put a camera at 123 Anywhere St., and a reasonable
| juror would likely conclude there are two lines of legitimate
| evidence.
| jessaustin wrote:
| If they have video of a car theft (or any other crime), they
| don't need to mention the intercepted message. There the
| defendant is, stealing the car, on video. That's illegal. It
| is only when they need to prove marginal stuff like
| conspiracy that intercepts would matter.
| tyingq wrote:
| And there's parallel construction to avoid mentioning the
| wiretap at all. Cop calls the station from a burner phone and
| pretends to be an anonymous tipster... _" Hey someone is
| stealing a car at 123 Anywhere..."_
| CWuestefeld wrote:
| That's an interesting thought, but I doubt it matters much in
| practice. I mean, we don't refuse to admit into evidence a
| ransom note just because the criminal didn't get it notarized.
| And that's all that SSL is doing, is acting as that notary. The
| jury can still decide that they think other evidence pointing
| to the message's origin is sufficient proof.
| A4ET8a8uTh0 wrote:
| It is a fascinating case, but apart from the technical aspect of
| it.. how is that not entrapment? FBI effectively created a tool
| explicitly designed for criminal element and 'marketed' as such.
|
| I would ask about legality, but I am worried its in a very, very
| grey area.
| jonas21 wrote:
| How so? Selling and using secure messaging apps is perfectly
| legal, and they never told anyone "go commit [crime X] and plan
| it with this device"
| SolarNet wrote:
| I mean they had 10,000 users and 800 arrests. That's an 8%
| criminality rate, it seems like they didn't entrap anyone who
| wasn't committing crimes anyway. Entrapment is about trapping
| people in a situation where committing crimes is the best
| option available. Selling people a secure phone does not do
| that.
| A4ET8a8uTh0 wrote:
| That or careful individuals still used coded messages.
|
| That said, I think and other posters have a point about
| entrapment. Needless to say, I am not a lawyer.
| tcoff91 wrote:
| I am most certainly not a lawyer, but from what i've read
| entrapment is pretty narrowly defined in America. There's a ton
| of stuff that many people would view as entrapment that the
| courts wouldn't consider to be entrapment.
|
| This is one instance though where even from a layperson
| definition I'm really not sure how this could possibly be
| interpreted as entrapment.
|
| "The key aspect of entrapment is this: Government agents do not
| entrap defendants simply by offering them an opportunity to
| commit a crime. Judges expect people to resist any ordinary
| temptation to violate the law. An entrapment defense arises
| when government agents resort to repugnant behavior such as the
| use of threats, harassment, fraud, or even flattery to induce
| defendants to commit crimes."[1] [1]
| https://www.nolo.com/legal-encyclopedia/entrapment-basics-33...
| t0mbstone wrote:
| This just goes to show that you can't trust any messaging app or
| phone to be "secure".
|
| Imagine if there was a small handheld device that you could type
| messages into (along with a secret phrase), and it would spit out
| a string of encrypted text that could be entered into ANY
| messaging app (or even published publicly on a billboard if you
| wanted). You could even encode the encrypted text as a scannable
| QR code if you wanted.
|
| On the receiving side of things, the decrypter device could have
| a camera that could read QR codes (or maybe OCR an encrypted
| string of text). The most basic solution would be to type the
| entire encrypted string of text into the box and then enter the
| secret pass phrase to decrypt it.
|
| You could even use public/private keys.
|
| The point, however, is that the encryption and decryption HAVE to
| be done on a separate hardware device that is air-gapped and does
| NOT have internet access in any way.
| encryptluks2 wrote:
| These operations require justification. Wouldn't be surprised to
| find most of the supposed drugs to come from the same people who
| supposedly found them.
| literallyaduck wrote:
| Now invoke consumer protections acts against both agencies for
| fraudulent advertising, and wiretapping the 93% of communication
| not related to criminal activities.
| giantg2 wrote:
| If they used a user agreement similar to most in the industry
| (we make the rules and can change them at any time without
| notice), then it's probably all legal. Sadly.
| jeffbee wrote:
| There is nobody in the world easier to fool than a technically
| illiterate person with vague and malformed ideas about privacy
| and security. Once you've got them all worked up over illusory
| threats you can sell them any snake oil you want.
| oehpr wrote:
| Your comment I think is on point. The article here makes it
| sound more... sophisticated than it is.
|
| https://www.xda-developers.com/fbi-backdoor-pixel-arcaneos-a...
| Unlocking the phone with a normal PIN code shows some normal
| apps like Tinder, Netflix, and Facebook, but none of the
| apps actually open when you tap their icon. However,
| unlocking the Pixel phone with a different PIN code reveals
| icons for a clock app, a calculator app, and the
| device's settings. Tapping the calculator icon doesn't
| actually open a calculator app, however. Instead, it
| opens a login screen for the ANOM service
|
| What percentage of HN's population would find this convincing?
| What's interesting here is that any one of us could have
| pointed out the absurdity of this, but black markets don't have
| a way to propagate such information it seems.
___________________________________________________________________
(page generated 2021-09-22 23:02 UTC)