On Tuesday, November 19, 2002, at 09:22  PM, Eric Cordian wrote:

Tim Spoofs:

A company I am involved with has been on the distribution list for the
FBI's Project Lookout watch list, the list being shared with banks,
electronics companies, consulting firms, transportation companies, and
1100 other firms.

Cross-indexing with the CP subscriber list, I find 17 names on both
lists.

We must be vigilant! Civil rights are only for innocents, not guilty
persons.
This of course is not a true tale, but an incredible simulation to make a
point.

"Incredible" as in "credible"?

I've received three _more_ (for a total of 7) requests by people for me to tell them if they're on the list. And someone else has sent me what is purported to be one of the "real" lists. (Apparently The List is circulating in Third World police state satrapies, and then bouncing back here to the U.S. More degrees of freedom for what I'm proposing below.)

This suggests some _excellent_ chances for vengeance hacks.

* Generate very plausible-looking lists, perhaps using the "real" lists now circulating as the core, to ensure verisimilitude.

* Add additional names...perhaps some in-laws, relatives, college friends, or colleagues of those who are responsible for this Witch Hunt. It may be unfortunate to implicate some "innocents," but broken eggs are inevitable. Ideally, guilty parties, but the names can't be too well-known, as this undercuts the plausibility of the document.

* Take care that the format of the V-hacked list is not a "tell" that it has been hacked.
(You may recall that I usually generate spoof news items or press releases by taking a precise Reuters or other item and then modifying only a few details, to ensure that the form is just like the real form. This should be done with V-hacked lists: take the precise form of existing versions of the List and make exact modifications, inserting names of relatives, colleagues, etc. Not too many added names...no need to have too much of a good thing.)

* Distribute many versions of these lists onto corporate message boards, deposited (needs hacking) into corporate web sites, and otherwise released to spread merriment. Circulate them as "Look what I found in my mail" if one is bold...this provides plausible deniability, but gives the TP a name to contact.

* Better yet, slip the modified lists into printed-out piles of such lists distributed at activist gatherings. Or leave them in piles at airports...perhaps a security narc will think they are real and distribute them...some fraction may make it onto the Net.

* With luck, some of the relatives and friends of the Thought Police will find, as a completely innocent Alaskan man found, that they are denied loans by banks which have been shown the list.

(This was reported today on CNN, with the Alaskan man explaining how his Sicilian-Italian name, something like "Mussaser," caused his son's wrestling team to be denied boarding on a flight, caused a bank to decline a loan to him (they tipped him off that he was on a list and their due diligence requirements prevented them from approving his loan), etc. He has tried for months to get this error corrected...apparently the problem is that many versions of The List are circulating...which is GREAT for vengeance hacking.)

* With enough of these sabotaged copies circulating, perhaps some of the government stooges will have the pleasure of denied travel permits and firings from jobs visited upon their own families. With luck, worse things.

(This is sort of like hacking the Gestapo's lists to add Gestapo family members to the lists of Unapproved Persons, except that back then such lists were kept with paper and ink and stored in locked offices. Today's files are accessible to hackers from afar and are hard to authenticate. (Yes, strong crypto makes authentication possible. It would be ironic if Big Bro adopts digital signatures to cope with hacked documents undermining his authority.) Lots of possibilities.)

The real danger, however, lies not in a "watch list," but in the
government's desire for a massive computer system which will link every
single bit of computer accessible information on every individual for
instant access, from credit files, to tax records, to web pages and Usenet
posts, to insults hurled at you by various vigilante groups.

Which is why monkey-wrenching these systems is important. They know this. This is why they have made hacking a system with the intent of causing serious harm a capital offense...special death penalty legislation just passed by the Reichstag Rubberstamp Session of Congress. So, be very careful. Our remailer tools will come in handy. Throwaway accounts, library computers (watch for cameras, keystroke loggers, etc.), 802.11 open ports, etc.


Try to board a plane, and get told, "I'm sorry, but Homeland Airlines
doesn't carry people who wrote an essay like the one you turned into your
10th grade teacher on such and such 15 years ago."

Brinworld on steroids.

It's what we all knew Brinworld meant. Recent developments are not a surprise.

Instead of the V-2, the Vengeance Hack.

--Tim May, who speaks out, knowing his life is probably forfeit anyway

"Extremism in the pursuit of liberty is no vice."--Barry Goldwater

Reply via email to