
I am under surveillance by Canadian agents, my computer has been backdoored - joshfraser
http://log.nadim.cc/?p=110
======
brownbat
Contact a lawyer immediately.

There are many actions you could take to mess with the investigation that
might seem like fair game, but you should discuss each one with an attorney so
you don't provide some arcane justification for them to arrest you (by hacking
back, or even maybe "interfering with an investigation").

Once you get past that stage, the attorney can help you petition to stop the
behavior or demand more information about it.

Legal advice is what you need now, not tech advice.

(Because the server is crushed, I'm only getting the basic gist - forgive me
if you've already done this.)

~~~
magikarp
If anyone knows a good lawyer in Montreal, please let me know!

nadim@nadim.cc

~~~
dfc
Get in touch with the EFF:

<https://www.eff.org/pages/legal-assistance>

~~~
ComputerGuru
Don't. They take forever as they have only so few lawyers and they're all
backlogged for months. They're also not equipped for this kind of thing. Their
lawyers focus more on civil suits, not criminal..

~~~
pringles
_> EFF maintains a list of attorneys, called the Cooperating Attorneys list,
who have told us that they are passionate about the same things we're
passionate about, and who have indicated that they have some of the same areas
of expertise. If we can't help you, but feel that your case is something our
cooperating attorneys may be able to assist with, we'll offer to refer you to
one of them._

~~~
benatkin
Take that with a grain of salt. They want to sound more helpful than they
actually are on their website so people will donate.

~~~
coldtea
Your claim is based on the knowledge of what actual facts?

(That said, I can see another problem in cases such as this: what if some of
the "volunteering lawyers" are set by the government?).

~~~
mseebach
> (That said, I can see another problem in cases such as this: what if some of
> the "volunteering lawyers" are set by the government?).

My IANAL guess is that they would still be bound by client/attorney privilege,
and they'd be committing a crime if they violated that.

------
Wintamute
I don't know you and I don't know the world you live in, but just from your
worried tone, and the rate at which you're responding to comments in this
thread, I just want to say: take a breath. Engaging in a wild HN thread, full
of well meaning but varied techy suggestions/speculation might not be the best
approach right now. Have some friends sift through it for good information and
disengage. Seek legal advice, and take it slow.

~~~
magikarp
Sorry. I am very stressed and am knocked into full self-defense/damage control
mode. Not sure I am in a state to meet people IRL at the moment.

~~~
jacquesm
I think that you actually should meet someone IRL, have them stay over with
you or stay over with them.

~~~
PavlovsCat
Yes.. and in the meantime, I suggest all of us watch this 29c3 talk by Jacob
Applebaum, "Not My Department" ( <http://www.youtube.com/watch?v=7mnuofn_DXw>
), and think about all our roles in all this. It's not going to stop unless we
make it.

~~~
dmix
There seems to be a new pattern where anyone involved in promoting free speech
and privacy through encryption gets harassed by the state, regardless if they
actually did anything illegal.

[http://en.wikipedia.org/wiki/Jacob_Appelbaum#Investigation_a...](http://en.wikipedia.org/wiki/Jacob_Appelbaum#Investigation_and_detainment)

It really shows how those in power are scared of the liberating powers of
technology.

~~~
csoghoian
Although the details of the gov's investigation and harassment of Jake are
largely shrouded in secrecy, his harassment at the border began right after
giving a keynote at HOPE 2010 in place of Julian Assange, as the only US
citizen identified in the media as a member of the Wikileaks team.

Although I think what the US government has done to Jake is quite clearly a
disgusting abuse of power, let us not kid ourselves by somehow believing that
the state has gone after him because he has publicly advocated for the use of
strong crypto.

~~~
yakiv
I don't really know anything about this story, but do you have any guesses as
to why they did go after him?

~~~
pyre

      | his harassment at the border began right after
      | giving a keynote at HOPE 2010 in place of Julian
      | Assange
    
      | the only US citizen identified in the media as
      | a member of the Wikileaks team.
    

I'm thinking that these two pieces of information are part of it.

------
orangethirty
Slow down a bit there. Whatever is happening, you need to slow down. Don't
make any quick decisions. I know you may feel under a lot of pressure. Best
way is to talk to someone you know and trust. A family member or a very old
friend. These people love you and want the best for you. Contact them, and
explain what is happening. Then with their company, analyze the situation.

I want you to do this. Your current position may make it not so simple. But
you must slow down and regain your composure.

Such situations are better dealt with people who love you.

Postpone any harsh decision until you have met with a loved one and have
explained the items.

Remember that there is always a way to work things out. Dont lose hope. I want
you to remember that things get better. They improve. You just need to slow
down and reason a bit.

I'm not doubting your points. But I want you to go to a safe place where you
can get some rest. Tomorrow you may be able to think about this with a better
understanding. You are a smart person. You always figure out hard problems.
You need to rest a bit before you can tackle it. Go and stay with a loved one.
They will welcome you and listen to the items you are talking about.

I am orangethirty. Have been programming for a long time. I live in the
Caribbean, and you can read more about me on my github
(github.com/orangethirty). I'm only interested in your well being. We all want
for you to regain your inner peace.

If you need anything, then let me know by posting here. If you feel
comfortable emailing me, then do so.I am not pressuring you to do so. Do it if
you feel like it.

I want you to remember that tomorrow is another day. Things improve. There is
a way to solve every problem.

\- orangethirty

------
asdlkfjgh
Disconnect computer from network.

Try to dump RAM image.

Image the drive, sign and optionally encrypt the contents, preferably file-by-
file checksum and copy to multiple secure locations. Copy of checksums in
additional secure location.

Get out of your house with your computer as soon as possible (as soon as you
upload one or two images). Do not leave the computer, they will try to destroy
or confiscate the evidence. Plan to store computer in secure location,
preferably with 24/7 video monitoring and a heavy duty safe. Preserving the
evidence is probably that important.

Try to be in the company of someone you trust so they can act as a witness and
can protect you from physical intimidation or attack.

Assume phones are compromised including GPS on your mobile phone. Assume you
are under physical surveillance. Assume your car is compromised.

Relatives and close friends will be known to operatives. May be a good idea to
spend 1-2 nights in a motel with a friend without anyone's cell phone paying
cash until you secure copies of your data and get advice on what to do next.

------
pg
"I’ll be wearing a black suit."

That should have been enough to make anyone suspicious.

~~~
bio4m
Nothing wrong with black suits, in London theyre very common among business
people. Not everyone has the luxury of wearing t-shirts and jeans to the
office.

~~~
dreamfactory
Black suits aren't supposed to be worn for business. They are for evening
wear. They should only be worn in the day if you are a waiter, doorman,
undertaker, American etc.

------
jacquesm
<http://en.wikipedia.org/wiki/Nadim_Kobeissi>

~~~
charlieok
Curious how he knew Sabu in the first place

~~~
praptak
Wiki: _"In 2012, the FBI attempted to entrap Kobeissi using Sabu"_

<http://log.nadim.cc/?p=65>

[http://bits.blogs.nytimes.com/2012/03/12/a-hacker-charms-
and...](http://bits.blogs.nytimes.com/2012/03/12/a-hacker-charms-and-
disappoints/)

Fuckers. (sorry, I couldn't resist)

------
kjackson2012
It seems ridiculous that an "intelligence" organization would upload files to
a server that identified themselves so blatantly like that. Could it be that
it is some ruse of some sort? I don't doubt that someone broke in, but would
it really be CSIS?

~~~
mcantelon
CSIS aren't the most competent intelligence organization in the world.

~~~
corresation
For the limited scope of the work that they do (which is essentially limited
to what the NSA does in the US. They don't really do what the CIA does), and
with a relatively small $600 million dollar public budget, they're known to be
quite competent.

This story sounds...weird. I doubt it is quite as he suspects it is.

~~~
fatbird
I think you've got it mixed up: CSIS [0] is the Canadian CIA, having been
created in the wake of shutting down Department D of the RCMP after one too
many scandals in the 1970s. The Canadian NSA is the CSE [1].

[0]
[http://en.wikipedia.org/wiki/Canadian_Security_Intelligence_...](http://en.wikipedia.org/wiki/Canadian_Security_Intelligence_Service)

[1]
[http://en.wikipedia.org/wiki/Communications_Security_Establi...](http://en.wikipedia.org/wiki/Communications_Security_Establishment_Canada)

~~~
redthrowaway
CSEC, now. I'm thinking of interning there in the summer.

~~~
richardlblair
You aren't now.

I happen to know that upon applying you are directly told not to tell anyone
you applied, or even that you were thinking of applying.

~~~
redthrowaway
No, only thinking of it.

~~~
adambenayoun
Then you aren't anymore.

------
gnu8
This guy should widely distribute the SFTP creds being used by the backdoor
agent on his computer. Then we could all be helpful by uploading useful data
to the Canadian government's spy server.

~~~
polymatter
While an amusing suggestion, I sincerely hope everyone realises that such a
move would be ... incompatible with a long and healthy lifestyle. Both for
Nadim and anyone foolish enough to do so.

~~~
gnu8
On the other hand, anyone who has reason to believe there might be information
critical to their investigation embedded in the full version of Two Girls One
Cup, it is their civic duty to submit that video to the authorities.

~~~
polymatter
But sneaking it in through a backdoor and smearing it on their server is
probably not going to be well received. (any unintentional puns are entirely
unintentional).

------
X4
It is possible that someone is playing a bad prank on Nadim, or that Nadim
made the story up to gain attention.

Please read on. If this is real, then I'm sorry and recommend you to consider
all suggestions before deciding illogical.

DON'T COMMIT SUICIDE!

If you watched the movie "Enemy of the State", I'd become paranoid, but not
afraid. Stay calm and act logical.

I've looked at cryptocat two days ago, what's special about it? I don't see
any reason for the Government to observe you, except that you would be a good
fit into their Cyberwar Team. And that you have the wrong connections in the
internet. I mean your friends are all hackers. It makes you appear dangerous
too. Anyway, the government observes everyone, but with different priority and
detail. I think only you might know why they observe you. No need to share the
info.

Just as in the Movie: I'd replace all clothes, shoes and hardware with new
ones and move to a different place. Acquire encryption software from a trusted
source or compile it myself on a newly obtained Netbook and encrypt the
hardrive+swap with a password and keyfile. Hide the keyfile. Put your hardware
and new phone into a cool faradaybag.com. Stay in public, but personally
invincible. Leak everything that isn't harmful for you using delayed
transmissions with ifttt.com. Always have multiple copies of important
documents, just for the case it's necessary.

Oh and I'd get a weapon and buy a bulletproof jacket (not vest). Avoid any
contact to officials should be priority. Use Tor and VPNs like spotflux,
hide.io, ovpn.to etc. and inform close friends to guard you.

+Trust no one.

~~~
parasight
I don't think that buying a weapon and a bulletproof jacket is logical in his
situation. Seems quite counterproductive to me when dealing with officials.

~~~
X4
I think a bulletproof jacket is logical if his life is in danger.

Yes, I agree on the weapon, every signal that can pull the trigger of an
official's gun should be avoided. But I think not having a weapon maybe
careless too, only he knows what's right in his situation. A stupid move when
confronted with officials could cause him more harm than wearing a gun.

~~~
astrodust
A weapon is just an excuse to get shot. Don't be armed. You can't fight an
intelligence agency with guns.

------
downandout
The interesting part of this to me is that I'm curious how, exactly, a
computer owned by an undisputed computer security expert was successfully
backdoored. Presumably he isn't clicking on spear-phishing emails and the
like. If they physically accessed the machine, e.g. they sent Jason Bourne in
to bug his machine, he's probably headed for some trouble at some point. In
general that kind of thing isn't done just for the purposes of poking around.

~~~
martinced
I agree: I'd be formatting the machine and putting it on sale or eBay and then
I'd buy a new machine. Nothing illegal here.

Now if he's in trouble simply because he works in the security field, this is
a bit concerning. The lawyer advice is the sound one: fight legally the system
and bring this to court if the attacker did anything illegal.

Of course you have to laugh hard at the mediocrity of the second part of the
"attack": directly contacting servers which can be reverse-looked up. Doh!

But it still begs the question as to how his computer got owned in the first
place.

~~~
coldtea
> _Of course you have to laugh hard at the mediocrity of the second part of
> the "attack": directly contacting servers which can be reverse-looked up.
> Doh!_

Is it mediocrity, or is it intended in order to send a message?

"We are on to you", etc?

~~~
sanswork
I'd say imaginary myself. I'm curious what the systems were that were
obviously csis systems. He failed to include any logs or information beyond
his claims.

~~~
coldtea
Failed implies he tried. He didn't try. He just told the story.

People seem to know the guy. I'm not sure this is "imaginary" at all.

~~~
sanswork
The problem is you have a person who constantly has more and more amazing
stories like this that he pushes everywhere with no proof. Logs or the
hostnames or anything is pretty simple proof but require work to make up
beyond a story. He put so much effort into detailing it why leave them out?
That is why I want to see some sort of proof before I just believe his claims.

------
govcrypto
yet another cry for attention from this talented but misguided young man.
First it was TSA and Homeland, now the Canadian CSIS -please! You yell and
scream about silent circle, about Skype -you demean and disrespect other noted
cryptographers when they get press....I work for the govt -your little Hello-
Kitty plug in is akin to sugar koolaid. There are many senior experienced
folks here that would make great mentors. Get a good mentor -but please stop
with the high-school drama. its not reality. I am too old to placate this and
someone needs to bring this young man under his wing. He has a future if he
stops pining for attention.

~~~
bobzibub
?The last thing society needs it his talent being co-opted. His software is a
clever little tool and helps to strike a balance between overarching security
organizations and the citizens they're supposed to protect. Sure it is not
enterprise class but good enough is pretty damn good. I think you while he
could learn from you tecnically, you could learn a lot from him as a citizen.

~~~
oijaf888
Good enough isn't good in crypto when people are trusting it for secure
communications. Also why what's the difference (functionally) between
cryptocat and pidgin/adium with OTR turned on? In the latter case I believe
you can even use gtalk securely.

------
0x0
Would be interesting to hear more details about which software he's using (OS,
"Secure File Transfer desktop client", firewall).

Also, it would be interesting to see what one could find on a raw disk image
clone (hidden files? rootkits?).

~~~
magikarp
Hello, I'm the person who wrote the blog post.

I am using Transmit for Mac OS X, by Panic Software, version 4.2.

~~~
pudquick
Unless you had logs in Transmit indicating it was used, I would recommend not
saying they used Transmit to do it - considering OS X has a builtin command-
line sftp client:

[http://developer.apple.com/library/mac/documentation/Darwin/...](http://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/sftp.1.html)

If you're still concerned your machine is affected, I'd recommend getting
Little Snitch - which automatically blocks connections (both in-bound and out-
bound) that are not pre-approved. In addition, when it auto-blocks it records
the application that was making the connection attempt in the auto-block rule.

(Well, actually I'd suggest you dd a backup of the drive to analyze - then
wipe and start anew.)

If they hired anyone of any worth, the person installed a timed launchd (or
cron) controlled script to run rarely and at odd hours to upload content from
your machine to those remote locations. This kind of setup a.) would use a
command-line tool for the upload and b.) unless they knew you had Transmit it
would be designed around executables already included in OS X or that they
installed.

Unfortunately, if it has stopped, they've probably deleted the scripts and
cleaned up the evidence. If you've got Time Machine running, however, you may
have backed up some of their handiwork.

~~~
nickzoic
OK, the _proper_ way to do this is to not touch the machine at all. Shut it
down and leave it alone. Maybe borrow its hard drive and back it up using
'dd'.

Set up a separate Linux (etc) machine with two ethernet ports as a
firewall/router, running wireshark in addition to everything else. It can now
log all packets in and out of your network, and save them for later analysis.

If nothing interesting happens in the time it takes you to get bored, copy
just the files you really need across from your old HDD to a shiny new one.

~~~
pudquick
Given that the author of the blog post seems to understand cryptography - but
doesn't seem to have much in the way of the forensics skill set - I did
intentionally try to keep my post at the general consumer level (though I did
mention dd, like you suggested).

The real -legal- solution is to turn the computer off, stop touching it, and
get a lawyer specializing in computer crimes. Get the machine to them so they
can make an image of the drive, complete with hashes of the filesystem, so
that they can prove it hasn't been tampered with past that point.

Then let -them- do the investigation, with someone that has the documented
skills a court would recognize.

Thank you for your response, though. I was just trying to be a little more
practical.

~~~
nickzoic
Good point(s).

I was more addressing the techical "How can I tell if my computer is haunted?"
question than the original poster's legal issues, on which I am not at all
qualified to speculate.

------
w-ll
How did they get access to your hardware? No disk encryption?

Might be crazy, but when I travel I setup a webcam in my office to upload to a
vps and then ustream 24/7. Highest quality (don't care about bw since nobodies
home.)

~~~
magikarp
Hello, I left for NYC for five days. Since I develop sensitive cryptography
software, I do not store anything sensitive on my desktop, only on my laptop,
which is kept with me at all times (even when going on dates and such.) It was
my desktop that exhibited this behaviour after my 5 day trip to NYC. Stupidly,
I left it on the whole time. I do use full disk encryption.

~~~
danso
This is an interesting mindset...I'm inclined to do the inverse, because of
how easy it is for someone to steal a laptop.

While yes, a desktop can be breached (as it apparently was in this case),
there's more surveillance options you have with which to secure its
surroundings. And agents would have to get a warrant anyway.

If you're worried about the prospect of them warantlessly breaking in...I
guess that the more likely danger is that if they are willing to resort to
that, they are also willing to stage a robbery in which someone punches you in
the face and makes off with the laptop. Or hire someone to spike your drink
during a date.

~~~
PeterisP
It's trivial to put a keylogger+rootkit on an unattended desktop than on a
laptop in your bag. Stealing hardware can't be prevented, but the risk is
mitigated by good full disk encryption.

------
dylangs1030
I'd like to know more information.

As it's written this seems to be a very confused article to me. What exactly
is the author's point in writing this? And what is his next step moving
forward?

What operating system does he use, what software under that operating system
(specifically the FTP client), does he have a secure firewall, etc. etc.

~~~
magikarp
Mac OS X, Transmit by Panic Software (v. 4.2) — I blogged this in order to
protect myself.

~~~
kybernetyk
Why do you use Transmit? Panic's software is known (amongst people who do
reverse engineering) for having many holes.

If you're doing really security sensitive work don't run questionable software
which you don't have the source code for.

~~~
Yoshino
As someone who uses Transmit... what would you recommend instead? Command-line
sftp?

------
false_name
I find the idea that Nadim is under surveillance to not be unrealistic. I
don't believe he would be under surveillance for his programming. Whether for
his associates is another thing.

I don't believe the people he alleges he spoke with are intelligence
operatives. Whoever they are, they were almost surely messing with him (but
could still be conventional employees of an intelligence agency.) Whether or
not they're for real doesn't change my first paragraph though.

I'm not able to give any advice except this: As long as you're on this road,
there is no one you can fully trust. No one at all. You haven't fully
internalized this yet.

------
bahman2000
I'm pretty sure that no legitimate covert service operative would identify
themselves as such, nor would they brag about going to conferences.

~~~
cperciva
Working for CSIS doesn't mean that you're a _covert_ operative. I know plenty
of present and past employees of CSIS, CSEC, CIA, NSA, GCHQ, etc -- my
understanding is that the general rule is "don't call attention to your
affiliation, but it's ok to say if evading questions would draw even more
attention to you".

~~~
conformal
this whole account sounds patently ridiculous considering the nature of
cryptocat.

i would like to think that "CSIS" had better things to do.

~~~
mcantelon
Spying on and harassing activists has, for a long time, been a big part of
what CSIS does. I personally know tech activists that have been spied on and
harassed. The RCMP is also known for this.

Mainstream new story from a couple weeks ago in which activist orgs complained
of CSIS harassment:

[http://www.ctvnews.ca/activists-warn-against-csis-
intimidati...](http://www.ctvnews.ca/activists-warn-against-csis-intimidation-
tactics-1.760797)

~~~
corresation
_Spying on and harassing activists has, for a long time, been a big part of
what CSIS does._

Give me a break.

Canada has a very open door immigration policy. Unfortunately that open door
draws in people who actually don't like what Canada is about (which makes it
weird that they would come here) and who conspire against, effectively,
Canadian society. I __welcome __that law enforcement cares about this and does
normal investigations.

Further from a corporate perspective it is well known that China, in
particular, is going absolutely rampant with corporate espionage in the West.
This is a major concern.

Or just call it some sort of "anti-activism" creed.

~~~
mcantelon
>Unfortunately that open door draws in people who actually don't like what
Canada is about ... Or just call it some sort of "anti-activism" creed.

Sounds like what you're saying is that because CSIS does some legitimate
things it means they don't also do less legitimate things, like harass/spy on
activists.

~~~
tedunangst
Perhaps the confusion is because CSIS spying on people is a legit thing.

~~~
mcantelon
Writing cryptography tools, and activism in general, aren't illegal and people
who don't break laws should not be spied on or harassed.

~~~
tedunangst
If they knew who the lawbreakers were, they wouldn't need to spy on anyone.

~~~
mcantelon
Good logic to justify blanket domestic surveillance.

------
dmix
If you need donations for any legal pursuits, set up a page accepting bitcoins
or similar.

I'd totally support this.

Illegally monitoring a citizen has to about as bad as it gets in my books.
Especially someone who has never done anything illegal and only received
attention by building tools to help free speech/privacy.

~~~
glamrock
Illegally monitoring anyone, citizen or not, is excessive and supremely
uncool.

~~~
memracom
Actually it is not excessive. It is legal for CSIS to monitor non-citizens and
it is even legal for them to investigate citizens if they may be assisting
foreigners that Canada disapproves of. I was interviewed by CSIS because I did
some technical work on a server for a foreign-born Canadian who was suspected
of being involved in white-power/neo-nazi orgs. The goal of CSIS was to find
out if a certain prominent foreign white-power speaker might sneak into
Canada. There was a well-known leaky spot in the US border not far from the
town where this guy lived.

This Nadim fellow is a suspicious guy doing suspicious things who travels to
terrorist hot-spots and to the USA, which is also suspicious. And I bet that
CSIS is reading every word on HN right now. After all, where do you think that
CSIS finds the hackers to set up the kind of hacks that Nadim has described?
Same goes for CIA, NSA, FBI, DHS.

~~~
n3rdy
> Actually it is not excessive. It is legal for CSIS to monitor non-citizens
> and it is even legal for them to investigate citizens if they may be
> assisting foreigners that Canada disapproves of.

Just because something is legal doesn't mean its not excessive. Just because
the government does something, doesn't make it right.

------
mrb
Magikarp, out of curiosity, why do you think the CSIS want to spy on you?

1) Because you are an anti-surveillance activist.

2) Because they want to eventually backdoor Crytocat in order to spy on the
users.

3) Because the FBI asked CSIS to spy on you, and the FBI has their own
motives.

~~~
oxide
all 3?

------
fareesh
I am inclined to believe this is some sort of publicity stunt. This is based
on the same amount of evidence that has been presented to the contrary :)

~~~
JesseObrien
Absolutely. Do a little more than surface level digging and this guy is really
just a child playing with toys and announcing it loudly to the world.

~~~
unreal37
Smart teenage coder turned activist... Reminds me of Aaron Swartz, surprised
no one mentioned his name yet...

~~~
JesseObrien
Sorry but respectively, no. I can't allow you to trash Aaron's name like that.
Aaron was actually a child prodigy and a borderline genius who had done more
than this at 14 years old. This kid plays with JavaScript and wrote a chrome
extension that adheres to the XMPP spec. They're not in the same league.

~~~
thirsteh
It's ironic that you keep calling him "kid", yet he's obviously accomplished
more than you. Is this veiled jealousy, or what?

In any case: Please take the time to actually understand the difference
between XMPP and OTR. You have repeatedly and very confidently shown a
fundamental misunderstanding of their function and implementation in this
thread.

------
Geekette
Is the OP sure those were CSIS peeps? Just wondering based on how they bumbled
through their attempts at making contact. Thought intelligence agents would be
slicker than that.

~~~
fnordfnordfnord
Maybe this is the new guy, and it's his first assignment. Maybe it's not CSIS,
but some other interested party. Seriously though, they're gov't employees,
the hiring process does not guarantee the highest quality in every case.

------
wildmXranat
I may or may not have any comments about your situation. Nevertheless, anyone
responding to these comments needs to know that there is no guarantee that
magikarp is actually Nadim himself, whether the account is compromised and so
on. Catch 22 is in full mode in this thread and I would hope that this is not
simply paranoia kicking in.

Hypothetically, what is the benefit of airing out of all this information ?

~~~
JesseObrien
_Hypothetically, what is the benefit of airing out of all this information ?_

Media attention. That seems to be all this kid has done is wave things at the
media that the media themselves don't understand. Cryptocat is a javascript
implementation of XMPP with OTR enabled. _Snore_... Hop on Google chat and
click "Off the record" and you've done the same thing cryptocat does. Unlike
google chat you have to load up yet another Chrome browser extension that will
no doubt eat more memory.

The "anapnea" thing he was involved in looks like a joke as well. "Encrypted
tunneling network"? You mean a VPS you give people SSH access to? Mind
blowing.

Nothing to see here folks. Move along.

~~~
thirsteh
You're quite cocky for being so hilariously wrong. "Off the record" in GTalk
makes it not log your conversation in your "Chats" folder. It has absolutely
nothing to do whatsoever with encryption or deniability.

~~~
JesseObrien
I'm sorry, I thought this was "hacker" news. I Expected people would know that
Google's OTR and OTR XMPP spec are different. My point was that you shouldn't
be using 3rd party services to talk to people if the information is
legitimately sensitive.

~~~
thirsteh
The specs are not "different." They are completely different things.

You realize it is impossible to talk to somebody over the Internet, or in real
life except in person, without relying on a third party, right? You choose who
to trust, and OTR, the protocol, makes it so you only have to worry about the
software used, not about the communications channel and anyone listening in on
it.

~~~
JesseObrien
_> Google's OTR and OTR XMPP spec are different_

 _> The specs are not different. They are completely different things._

Do you not have any reading comprehension? That's literally what I said. I
haven't said anything against OTR at all. I fully support the use of XMPP and
OTR for communications. You can attack me all you'd like, it doesn't change
anything I said.

~~~
thirsteh
> Hop on Google chat and click "Off the record" and you've done the same thing
> cryptocat does.

This is _literally_ what you said.

> You can attack me all you'd like

I don't think I'm attacking you, but after being this insulting to Nadim
Kobeissi, in this thread and on Twitter, you don't get to play hurt.

------
friendly_chap
If this is true - we live in a scary world. If not, the guy has talent in
marketing.

~~~
randomchars
We live in a scary world either way.

~~~
friendly_chap
Haha! You are so right (unfortunately).

------
st3fan
Since you have already published so much of this story. How about full
disclosure and post the actual hostnames, firewall entries and that email you
received?

------
evolve2k
What's the story with everyone calling each other 'friend' in this post? Is
this some crypto community thing I'm not aware of or just coincidence?

~~~
jamiek88
Canadians.

~~~
teeja
A _cryo_ \- community then.

------
drucken
For a hacker site, why are so few people interested in seeing his logs?

I hope Nadim does a full write-up, including these, soon.

In the meantime, all the best and keep your (thankfully already) level head.

~~~
JesseObrien
They're caught up in the moment, I'm guessing. My first reaction was _"where
are the logs? show me some kind of actual proof"_. Otherwise this is just some
kid who's paranoid and has a rootkit on his machine or something.

------
adamnemecek
I'm somewhat surprised that the cryptocat project has been ruffling so many
feathers (assuming that the story is in fact what it appears to be).

~~~
conformal
i know the author (nadim) is in here and this is all a bit fantastic.
cryptocat is one of many crypto snake-oil products that i would never consider
using for any kind of secure communication.

using defective crypto products is much riskier than not using any crypto at
all and exercising caution. cryptocat has always seemed a poorly disguised
honeypot to me.

~~~
magikarp
It would be nice if you could meet me for coffee and say this to my face,
friend.

I am trying to protect myself and my open source project, which, by the way,
has been audited countless times and has progressed greatly towards security.
If you have a problem with me, then call me up and discuss it instead of
stressing me out even more when I just discovered that the government is
building a case against me.

If you don't like my work, file a bug report. Check out our documentation.
Review our OTR implementation. Submit a pull request. Hack some code. Just
don't say hurtful and untrue things like that in public. You can do better.

~~~
DanBC
Law enforcement officers come to you with a correctly formed legal document -
a court order, or a warrant, or somesuch - and ask you to serve a malformed
client to some cryptocat users. This malformed client will give the impression
of encrypted communication, but will actually allow the law enforcement
officers full access to the plain text (but only for the specified users).
What do you do?

This is the Hushmail attack, and it seems like Cryptocat is vulnerable to it.

~~~
magikarp
Cryptocat is a browser plugin. You need to download it like everything else.
The source code is on Github.

I swear upon my father's grave I will never do something so dishonest and evil
towards everyone who has supported Cryptocat, the most meaningful thing I have
made with my life.

~~~
StavrosK
Unfortunately, I don't think you have a choice in these cases, I think you are
obligated by law to do it.

~~~
redthrowaway
You always have a choice. In this case, you can refuse and go through the
legal system. If you've made that choice already, then you can further raise a
big stink about it and hope public pressure forces the gov't to back down.

~~~
StavrosK
Oh, interesting, I didn't know that. Thanks for clarifying.

------
unimpressive

      I have to wonder what you'd see
      If you used style as ID.
    
      Styles change from time to time
      But style stays from line to line.
    
      Names can change and faces too
      But writing tells you who is who.[0]
    
      Many say they are a crowd
      But fewer do once lost their shroud.
    
      Traps and snares one will find
      Many more if kept their wits about their mind
    
      Still plenty that you see
      Hide their face behind IP.
    

Just a thought.

[0]: [http://33bits.org/2012/02/20/is-writing-style-sufficient-
to-...](http://33bits.org/2012/02/20/is-writing-style-sufficient-to-
deanonymize-material-posted-online/)

[1]: EDIT: It seems to me that it is very possible that not all accounts here,
though not necessarily in this thread, correspond to a single individual.

~~~
mintplant
Could you... elaborate more on this, perhaps?

~~~
unimpressive
Sure. While I don't want to start a witch hunt, I often wonder while reading
discussions who it is behind the handle. To the point where I can't help but
think that a little careful observation might uncover an army of sockpuppets.

With the help of the HN api, you could probably fingerprint a lot of users.

------
n3rdy
Is it possible that they may have used a type of hardware backdoor? Something
that would be connected to the router, or back of the computer using the lan
or usb port?

None of that would show up in any logs or files, and it would get around any
password protection and encryption on the actual computer, the only evidence
would be from monitoring router traffic. A usb bug would be something that
would transmit via wifi, but it would need to be connected directly to your
computer to work.

Also check inside the computer for anything unusual.

------
kefs
In case you're curious about who exactly we're talking about.. check out this
CSIS Recruiting Video, complete with ominous, heart-thumping, background
music.

<https://www.youtube.com/watch?v=dszXCHbvJYY>

more: <https://www.youtube.com/user/csisscrs/videos?view=0>

------
SammyGuergachi
Just looked at the update. "we have migrated Cryptocat's network into new
servers inside a Swedish nuclear bunker" Holy Crap!

~~~
charlieok
Also love the photo of said bunker.

[https://blog.crypto.cat/wp-
content/uploads/2013/02/Port_sn_0...](https://blog.crypto.cat/wp-
content/uploads/2013/02/Port_sn_05.jpg)

~~~
mappu
Upon visiting that blog.crypto.cat URL, Chrome tells me "Incorrect certificate
for host / Error 150 (net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN): The server's
certificate appears to be a forgery."

The main crypto.cat page loads fine over HTTPS (certificate has sha1
thumbprint ‎d1aa1c1037202e359f224e407d7f84a0e8a94dd7 which i see is advertised
on the erroring blog.crypto.cat page).

Why has the certificate changed? Why did the CA signing the SSL certificate
change? Is there any forwarding message signed by the original certificate?

~~~
magikarp
It's a bug in the Chrome 25 Beta. Will be fixed on stable release.

------
wbhart
The Wikipedia article notes that the press attention garnered by Nadim after
his prior tussles increased the popularity of Cyptocat. Now imagine an
intelligence agency wanting people to make greater use of a system they have
back-doored or which is vulnerable to attack by them. Perhaps they couldn't
resist the urge to make Cryptocat more popular! (Disclaimer: I have no
knowledge of Cryptocat or CSIS, and my comment is hypothetical speculation.
Alternative hypotheses are that they are invading Nadim's computer to try to
find a way to break Cryptocat or to spook its developer, or because they have
Nadim under some sort of surveillance, for who knows what reason.)

I do have a question about the story though. Why would an intelligence agency
want to "acquire" Cryptocat? What would that mean anyway? Purchasing it for
internal use is surely not necessary. They can just use it or any one of a
number of in-house products they surely already have access to. Purchasing it
to take it out of circulation is a possibility. But is this actually feasible?
It's Open Source. Purchasing it to stop the developer working on it is a
possibility. But wouldn't others step up? Buying a controlling stake in it is
a possibility. But I don't see why an intelligence agency would make an offer
of cash to someone not known to be susceptible to that kind of manipulation. I
actually just don't see them doing this full stop. They surely know Nadim is
motivated by idealism, not cash. So I can't think of a reason to "acquire"
Cryptocat that actually stacks up. To work out what is going on here, you have
to put yourself into the mindset of the individuals and organisations
involved. And that is not easy if you simply have their media persona to go
by.

Like the rest of the population, these organisations tend to be filled with
people of many different persuasions, from geeks and activists and hackers
through ultra-authoritarians and rogue elements. It's impossible to know which
group is responsible for this, or what their motivations might be. It might
have even been an unauthorised operation! And it may just as easily have been
someone spoofing CSIS, e.g. some hacker group angry at CSIS for some past
grievance. If so, I bet it is baking CSIS's noodle just as much as Nadim's!

At any rate, one should never infer a conspiracy where simple administrative
or bureaucratic incompetence is a perfectly valid explanation.

------
wyck
This sounds a bit like your friends are playing a prank on you, or CSIS is
smart enough to make it look like that is the case.

The key here is your desktop and how did they access it.

------
mikebrock
You should attempt to contact the Canadian Civil Liberties Association as soon
as possible and protect the evidence on your laptop with your life.

------
spiritplumber
That'd have been an awesome trolling opportunity.

------
amasad
This is the most trouble a browser plugin could ever cause anyone, and if all
this is true then the Canadian government, the FBI and whomever else are after
this kid are being very silly. That being said I can't help but think the
author likes the media attention, and why wouldn't he, it must be bringing
more exposure to his work.

~~~
heyitsrama
I think it's more of the sense of the passion that he puts into his work, you
should read the weblog.

------
vy8vWJlco
Update found via Nadim Kobeissi's Twitter feed on Feb 11 @ 7:37 AM:

"Alleged CSIS Liaison Officer met me for coffee yesterday. Told me that
Cryptocat is national security threat to Canada. That is all."

<https://twitter.com/kaepora/statuses/300992047345704960>

------
cpressey
I'm extremely confused by one detail. I'd like to know, what would be the
point of describing oneself as a "Juror" or "former Juror"? Is there a
particular court case involved with this story that I've missed a reference
to? Is it some kind of slang in intelligence circles?

------
samwillis
And now his server is down?

~~~
thejosh
Nothing to do with traffic, must be the agents trying to silence the truth.

~~~
johnpowell
Or that it is Wordpress.

~~~
Samuel_Michon
"Never attribute to malice that which can be adequately explained by
Wordpress"

------
stbullard
Google cache:
[http://webcache.googleusercontent.com/search?q=cache:http://...](http://webcache.googleusercontent.com/search?q=cache:http://log.nadim.cc/%3Fp=110)

------
matdrewin
Just curious how you are so certain that the servers were CSIS servers?

Pretty sure you would never be able to trace back a CSIS or CSE ip.

------
gamblor956
In other news, Canada's internal security agency is using "PG" to entrap
people...(read the article for context)

I guess they read HN too.

~~~
clicks
This PG approached him with a "business opportunity" -- so the Canadian
security folk probably _did_ mean to confuse him into thinking that this PG is
our HN pg.

~~~
redthrowaway
They really should have tried harder. For some reason, I really can't picture
pg in a black suit.

------
guelo
Straight into the Supreme Court? That is way better oversight over executive
branch spying than in the US!

------
HNC
I suggest you contact the CSIS and ask them directly why they've backdoored
your computer.

------
trevelyan
Go talk to your MP as well.

------
codejammer
magikarp, could you please do a writeup on how did you notice the surveilance?
Any extra info except i found a backdoor and noticed funny traffic would be
more than useful to know.

------
borplk
whatever you do make sure to document every single little detail, take photos,
videos, audio recording, keep the emails, etc...

------
Raz0rblade
try a different computer for example android / linux or something exotic much
harder to backdoor compared to windows

------
shocks
Umm, backup and format you computer?

------
sanko
you should revise your TCP connections if you want know if it's a joke or not

------
triplesec
Canada has secret agents?

~~~
lutusp
> Canada has secret agents?

The fact that you don't know about them means ... the plan is working.

------
X4
ANY UPDATES?

~~~
vy8vWJlco
<https://twitter.com/kaepora/statuses/300992047345704960>

------
kdazzle
Assange? McAfee? Is that you?

------
davebuster
IP logs or STFU

------
unclefucker
Hackernews captivated by a schizophenic...

~~~
frendiversity
Correction: Lightly schizoid/paranoid may suspect hidden cameras in
implausible situations. Schizophrenic screams at cars.

In this case, it's plausible enough suspicion, let's give him the benefit of
the doubt, eh?

~~~
kdazzle
There are a few types of schizophrenia - paranoid schizophrenia being one of
them.

------
csisagent
We are watching. Everything.

~~~
gaius
I'm just surprised you guys even exist - I thought "Canadian Agents" were
something they'd just made up for Quantum of Solace.

------
jhprks
Well probably because you did something wrong. Turn yourself in and reflect on
your wrongdoings. Put yourself together and stop causing harm to the society.

~~~
InclinedPlane
Haha, it's his fault for living in Canada! Canada sucks, move to Japan!

~~~
frendiversity
This is also a good joke.

------
SODaniel
"Whats that abeut? Are they not your friends buddy?"

------
jscheel
Honestly, I wasn't reading this very closely and started to wonder what in the
world pg had to do with Canadian government agents.

~~~
HNC
Exactly the same. I had to re-read it and then I got that "PG" wasn't PG
(Paul).

------
herge
Man, who could imagine such skullduggery in such a boring place as
Conscordia's Reggies. Secret agents and illegal break ins oh my!

Although, I did have a palestinian friend swear that the Tim Horton's on Guy
was a hotbead for the Jordanian security service.

------
glamrock
What, no "C.I.Eh" comments yet? I'm... a little disappointed to be honest.

~~~
bdg
This isn't reddit.

