

Thoughts on Undercover Communication - gwern
http://grugq.tumblr.com/post/68391438761/thoughts-on-undercover-communication

======
grugq
The follow up posts on this particular piece are:

[http://grugq.tumblr.com/post/68391880015/defcon-21-de-
anonym...](http://grugq.tumblr.com/post/68391880015/defcon-21-de-anonymizing-
alt-anonymous-messages)

And:

[http://grugq.tumblr.com/post/68392646777/castleman-
affidavit](http://grugq.tumblr.com/post/68392646777/castleman-affidavit)

~~~
contingencies
The later one links to google docs. _Anonymous quagga_ , indeed.

~~~
grugq
The castleman affidavit is available from a number online sources. I have
mirrored it on google docs to save people the hassle of tracking it down.

Here is one link off google, if you prefer: [http://www.rep-
am.com/newsdocuments/affidavit.pdf](http://www.rep-
am.com/newsdocuments/affidavit.pdf)

------
mikegioia
Does anyone have a cached copy of
[http://dee.su/uploads/baal.html](http://dee.su/uploads/baal.html)? It seems
dee.su exceeded his CPU limit already...

~~~
Estragon
[http://webcache.googleusercontent.com/search?q=cache:mZhbfnr...](http://webcache.googleusercontent.com/search?q=cache:mZhbfnrqHo4J:dee.su/uploads/baal.html+&cd=1&hl=en&ct=clnk)

------
lucb1e
Is anyone able to verify the signature? GnuPG gives me a BADSIG error.

I was actually looking for what info was included in the signature (e.g. a
timestamp), but it seems KGPG doesn't provide that. However the sig itself
does not even seem to be valid, though it's probably because I copied it out
of Google's cache.

Edit: For some reason, this does validate for me:
[https://gist.github.com/krallja/7710464](https://gist.github.com/krallja/7710464)

~~~
e12e
Validates fine _if you get the raw gist_ :

curl
'[https://gist.github.com/krallja/7710464/raw/8d55ac6fb74e979b...](https://gist.github.com/krallja/7710464/raw/8d55ac6fb74e979b014685427906925b8bb64924/baal.txt')
| gpg -v

(...)

gpg: Good signature from "Baal_signing <Baal <Use-Author-Supplied-Address-
Header@[127.1]>>" aka (...)

~~~
lucb1e
Yes I managed to get this already, thanks though!

It was probably Google's cache that was giving trouble, the Github one worked
fine.

------
blahbl4hblahtoo
Whoa! I like this guys blog...his presentation on OPSEC was fantastic...but
this is THE most inflammatory title I've seen in a year.

EDIT: He is the go-to OPSEC guy if you are new to computer security writers.

~~~
grugq
Hmmm... "Musings on Underground Communication"? "Underground Communication,
some thoughts"? Not really sure what's so inflammatory about the title.

When analyzing the activities of groups facing an adversarial environment to
learn what works, what doesn't, and why, (unfortunately) the pool of covert
organisations is somewhat limited: intelligence agencies; terrorist groups;
hacker crews; narcos; insurgents; child pornographers... Few other groups face
such a hostile operating environment that their security measures are really
"tested".

This group had an incredibly effective set of security practices. They imposed
strict compartmentation, regularly migrated identities and locations, required
consistent Tor and PGP use, etc. They had legitimate punishments for people
who transgressed the rules (expulsion) and they survived a massive
investigation effort. Clearly, they were doing something right (actually a
number of things).

Just as clearly, they are reprehensible people who engage inactivity that is
immoral and unethical, by any measure. (Paying for child pornography to be
produced is flat out wrong, regardless on where you stand on the spectrum of
opinions regarding child porn laws.

The thing is, there are basically no nice people who provide case studies of
OPSEC practices. Most are engaged in violence, serious drug trafficking (at
the "kill people for interfering" level), theft and manipulation of human
beings, etc. Thats the nature of the beast.

As a friend of mine said "if your secure communications system isn't being
used by terrorists and pedophiles, you're probably doing it wrong".

People with well funded, trained and motivated adversaries have the strongest
incentives to practice the highest level of security. They're the ones to
learn from. :)

~~~
chmike
This is like antibiotics. The natural selection process will push people to
use more secure communication methods etc. The conclusion, for me, is that
repression is not the way to go and makes the problem only harder to monitor
and control. The strategy I would follow to address this problem is to
identify the mechanism by which these type of behaviors reproduce themselves
and contamine new people. This is where to target. And again, not in the Rambo
way, in a chess way where everything is kept under control and will lead to
the final check mate.

