Re: Forensics on PDAs, notes from the field
On Wed, 11 Aug 2004, Major Variola (ret) wrote: Obvious lesson: Steganography tool authors, your programs should use the worm/HIV trick of changing their signatures with every invocation. Much harder for the forensic fedz to recognize your tools. (As suspicious, of course). It should be enough to do that at the installation time. The adversary in this model gets to analyze the file only once, and we want to make sure that nobody tampered with the file as a protection against other, more active threat models. What we want is to have a file and its hash, so we can make sure the file content is unchanged, but the hash has to be as globally-unique as possible. The NIST CDROM also doesn't seem to include source code amongst its sigs, so if you compile yourself, you may avoid their easy glance. A cool thing for this purpose could be a patch for gcc to produce unique code every time, perhaps using some of the polymorphic methods used by viruses. Just adding a chunk of data to make the hash unique will work against the current generation of the described tools. But we should plan to the future, what moves the adversary can do to counter this step. Then there's the matching of date/time of the files to real-life events. Perhaps a countermeasure could be a modified vfat filesystem which assigns free clusters randomly instead of sequentially (on a solid-state medium fragmentation does not matter), which avoids the reconstruction of the file saving order by matching the position of their clusters (for the price of making undelete difficult), and an absence of timestamps (01-01-1970 is a nice date anyway). The file delete function in the filesystem driver can be modified to file overwrite-and-delete, for the price of higher wear of the FlashEPROM medium. Linux-based (and open-architecture in general) PDAs should offer much higher thug-resistance.
Forensics on PDAs, notes from the field
Saint John of Cryptome has a particularly tasty link to http://csrc.nist.gov/publications/drafts.html#sp800-72 which describes the state of the art in PDA forensics. There is also a link to a CDROM of secure hashes of various benign and less benign programs that the NIST knows about. Including a list of hacker programs. Including stego. Pigs use this to discount commonly-distributed software when analyzing a disk (or, presumably, your PDA's flash). See http://www.nsrl.nist.gov/ also http://www.nsrl.nist.gov/Untraceable_Downloads.htm Obvious lesson: Steganography tool authors, your programs should use the worm/HIV trick of changing their signatures with every invocation. Much harder for the forensic fedz to recognize your tools. (As suspicious, of course). The NIST CDROM also doesn't seem to include source code amongst its sigs, so if you compile yourself, you may avoid their easy glance. Notes from the Field: My paper image handling kiretsu job has a fellow working on secure Linux disk-drive delete --even if you pull the plug, on power up it finishes the job. Nice. Thank you, HIPAA, banks, etc.
Re: A Billion for Bin Laden
Yeah, about as brilliant as a turd. Didn't they recently call Al-Qaeda's network a hydra? correct me if I don't recall my Ancient Greek myths, but when you cut off one head on the hydra, two more grow back, so are we to assume that future heads that grow back will carry such bounties? A billion here, a billion there, and pretty soon you're talking real money. I guess they do realize that these guys are idologists and the allmighty dollar is anathema to them, so they have to raise the bounty in order to get someone to betray him... Never discount greed, no matter how ideological someone may be, at some ridiculous sum, someone somewhere will rat him out... perhaps just before the elections. --Kaos-Keraunos-Kybernetos--- + ^ + :Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ --*--:and our people, and neither do we. -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + :War is Peace, freedom is slavery, Bush is President. - On Wed, 11 Aug 2004, Major Variola (ret) wrote: This is brilliant, worthy of being called channelling Tim M. As it relies entirely on free association and the rational marketplace. Nevermind that the reward is stolen from the sheeple. What the DC future-corpses don't grok is that the Sheik's network is not financially or career motivated, unlike themselves. And xianity (or even amerikan patriotism which sometimes substitutes) is too neutered to counter it.
ABC News: Internet and Terrorism
ABC News is offering a report this evening on how the Internet may be helping terrorism. For it Cryptome was grilled and taped yesterday for aiding and abetting. We confessed it's due to brain-liberating by the manchurian cypherpunks.
maybe he would cash himself in? (Re: A Billion for Bin Laden)
Maybe Bin Laden would turn himself in in return for a billion $ for his cause (through a middle-man of course). Seem to remember that Bin Laden was relatively wealthy himself (100 M$?), but you'd have to balance these rewards to not be too excessively much more than net worth of the individual. As a rational adversary would include in his game plan swapping himself for the money for the cause. Especially if it could be arranged in a way which tends to cast Bin Laden in the martyr role him and encourage the hydra effect where it galvanizes leutenants to step in. Bin Laden would have to balance also with how valueable he thought his leader ship was. Of course the lieutenants themselves might do the calculation and figure they would be closer to their goals after cashing in Bin Laden. Adam On Thu, Aug 12, 2004 at 03:37:32AM -0400, Sunder wrote: Yeah, about as brilliant as a turd. Didn't they recently call Al-Qaeda's network a hydra? correct me if I don't recall my Ancient Greek myths, but when you cut off one head on the hydra, two more grow back, so are we to assume that future heads that grow back will carry such bounties? A billion here, a billion there, and pretty soon you're talking real money. I guess they do realize that these guys are idologists and the allmighty dollar is anathema to them, so they have to raise the bounty in order to get someone to betray him... Never discount greed, no matter how ideological someone may be, at some ridiculous sum, someone somewhere will rat him out... perhaps just before the elections.
2+2=5 and mention of cryptome
Original URL: http://www.theregister.co.uk/2004/08/11/al_q_geek_us_overthrow_plot/ Al-Qaeda computer geek nearly overthrew US By Thomas C Greene (thomas.greene at theregister.co.uk) Published Wednesday 11th August 2004 16:45 GMT Update A White House with a clear determination to draw paranoid conclusions from ambiguous data has finally gone over the top. It has now implied that the al-Qaeda computer geek arrested last month in Pakistan was involved in a plot to destabilize the USA around election time. Two and two is five As we reported here (http://www.theregister.co.uk/2004/08/03/us_terror_alert_political_football) and here (http://www.theregister.co.uk/2004/08/02/al_qaeda_cyber_terror_panic), so-called al-Qaeda computer expert Muhammad Naeem Noor Khan, a Pakistani, was arrested on 13 July in possession of detailed but rather old surveillance documents related to major financial institutions in New York, Newark, and Washington. Since that time, other intelligence has led the US security apparatus to imagine that a plot to attack the USA might be in the works. (No doubt there are scores of plots in the works, but we digress.) Therefore, last week, the ever-paranoid Bush Administration decided that Khan's building surveillance documents, and the hints of imminent danger, had to be connected. Indeed, if al Qaeda is to strike at all, it is most likely to strike the targets mentioned in Khan's documents, as opposed to thousands of others, the Bushies reasoned. New York, Newark and Washington were immediately put on high alert, at great expense, and to the inconvenience of millions of residents. SNIP --Kaos-Keraunos-Kybernetos--- + ^ + :Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ --*--:and our people, and neither do we. -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + :War is Peace, freedom is slavery, Bush is President. -
Re: maybe he would cash himself in? (Re: A Billion for Bin Laden)
Nah, if Bush already had him in a hole somewhere to produce him just in time for the elections, he'd collect the billion for himself as his personal reward. --Kaos-Keraunos-Kybernetos--- + ^ + :Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ --*--:and our people, and neither do we. -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + :War is Peace, freedom is slavery, Bush is President. - On Thu, 12 Aug 2004, Dave Howe wrote: of course someone *really* cynical might think they already had him, but needed to spring a billion towards shrub's reelection campaign
