* Each message session with each contact is encrypted with a different set of keys. If any given key is ever compromised, it will never result in the compromise of previously transmitted messages – or even passive observation of future messages.
* Anyone can forge messages after a conversation is complete to make them look like they came from you. However, during a conversation the recipient is assured all messages received are authentic and unmodified. This assures non-reputability of messages.
* The algorithms employed are many times stronger than that of PGP (RSA+AES). We employ algorithms from different families of mathematics, which protects message content in the event that one encryption algorithm is ever solved.
* Messages do not employ digital signatures that provide third party proofs. However, you are still assured you are messaging with whom you think you are.
If they have built some home-grown algorithm, then it's possible the NCA actually cracked the encryption (with a bit of help from GCHQ) rather than using the baseband processor to snoop on the keys or something like that.
A few years ago they rounded up a ring of crime phones in the Netherlands.. They were using PGP encryption, however instead of each phone generating its own private key, they generated them centrally and kept them in a database. Obviously this introduced a huge vulnerability.
The police compromised the server and was listening in (through cooperation with Canadian police as they were using Blackberries) for quite a while before they started kicking doors down :D They basically got all the evidence on a silver platter.
I'm surprised someone with the skill to develop such an app and service platform doesn't have the skill for avoiding such common mistakes. Or maybe they weren't able to explain to their users that the fact that they couldn't retrieve their messages after forgetting their pincode is a feature, not a bug. Either way, the police was really happy.
Not saying the same would have happened here, but crypto is hard to implement correctly and the algorithms are only part of the problem. And this kind of network is a massive target for law enforcement because the ratio of criminal users is huge.
My impression is that the way things go is:
* Sure, a smart person can implement a "homebrew" security protocol that seems safe.
* But smarter people never implement a "homebrew" security protocol and instead use existing protocols, 'cause they know how easy it is to fuck-up.
* The smartest people implement real, secure protocols, working in academic or three letter agencies and have those protocols vetted and peer reviewed. And even these fail on a regular basis.
- Crypto isn't that hard! I can do this!
- Crypto is a lot harder than I though. I shouldn't do this.
- I've read about a lot of crypto! I can do this!
- People way more experienced than me are making the tiniest mistakes that end up crashing the entire house of cards. I definitely shouldn't do this.
Designing a protocol correctly is not that hard, as long as you understand exactly what you are doing. By which I mean you are at least able to write an informal (yet rigorous) proof that it has the security properties you seek. Also, verification tools like Verifpal are a godsend. The tricky part here is avoiding the Dunning-Kruger effect. It's easy to have the illusion of perfect understanding while being unable to write the most basic mathematical proof.
The hardest part is convincing others that your protocol is any good. People who don't understand what you are doing cannot (perhaps even must not) trust your work. They need the vetting of someone reputable, and getting those reputable people to take a look is pretty hard if you don't have the right connections (an uphill struggle without a relevant PhD).
Good for them, but I hope for their sake their names do not leak.
They probably just didn't use end-to-end because it's easier to offer a nice customer experience without.
Ideally, nobody should use any form of closed-source crypto any more.
"I didn't send those messages your honour. Someone forged them. I am a victim of a conspiracy!"
"Do you have any evidence that this actually happened?"
"...moving right along..."
It will be fun if someone from this actually tries a cryptogeek argument in real life...
In the case of a crypto forgeablity argument there will never be any proof. It will always be a false claim. It is a silly idea.
Yes they have, but they have been doing so in the face of circumstantial evidence: DNA, fingerprints, blood, whatever. Or eyewitness evidence: someone saw you go in the building at such and such time (perhaps there is a surveillence video).
If someone has nothing of the sort on you and their entire claim is that you wrote some digital message, I'd think the onus would be on them to prove their extraordinary claim somehow.
So I am not disagreeing with what you said, it supports my contention that forgability is a silly cryptographic feature if there is no proof in the first place.
its the same issue with all modern e2e apps like whatsapp or signal, if there is a single client implementation its not secure at all to these kind of attacks.
There are (where?) actually multiple "distributions" of signal, like textSecure on f-droid. Last I checked it worked with signal, but that was a few years ago.
Is this not a bad thing? Since transferring key-pairs is the weakest link on these apps. To be really secure, wouldn't you want to do this as infrequently as possible and ideally outside in person outside the app?
You can still be more secure, but that's a decent start.
You can rotate message/session keys easily enough if you have a shared long(er) term key.
Did they roll their own?
Anyone doing secure comms at this level, and is talking about families of mathematics always gives me the impression they don't really know what they're doing.
Why is that? Do you assume that making competent choices for encryption algorithms (for which you try to understand the math problems involved) and trying to market the systems security means that they also try to implement it themselves? Or is the "family of mathematics" a sign for incompetence that I just don't recognize?
"Families of Mathematics" is a marketing statement, or "hot air" as I prefer to call it. The information content of that statement is zero, what it's doing is trying to project warm "you can trust us" feelings.
A statement aimed at technical people would read more like "we use AES-256-OFB with Axolotl on Curve25519 and scrypt(2^14, 8, 1)" or something like that.
To a crypto professional, I'd say any "trust us" statement that's not backed up by technical information actually lowers their trust in the system - it makes you wonder why they're not making their algorithm choice public.
I haven't looked into the service at all so could be totally off.
IMHO if your solution isn't open source, or least completely documented so it can be verified, then the whole point is moot anyway.
A savvy customer wants to know which algos you're using, and how you're using them, where you're using them. EC? RSA? Other? Which implementation are you using, is it audited? Standard based? Working with government, is it FIPS or similar? What does your KEx and KDF look like? Data at rest security? WHAT are you storing, and sending? Transport security? Metadata? Development practices?
There are a LOT of things a customer wants to know, and which or how many "family(/ies) of mathematics" has never been one of them, in my experience.
The number of branches of mathematics that you involve in the product doesn't mean anything.
Encrypting a message twice with different keys using exactly the same algorithm (thus the same branch of mathematics) is prima facie as effective a security increase as using some different algorithms involving different mathematics.
Most everyday crypto products rely on the results from several different areas of cryptography with different mathematics.
"It was not me, your Honour, as anyone can send a message by my (old) name)
TLS provides a weaker version (instead of everyone in the world being able to forge a message, just your peer is able to forge the message).
No, they're assuring reputability, not non-reputability.
it's hard to tell though, the statements are a bit of a mess in general.
What I do find is various places using non-reputability erroneously as a synonym for non-repudiation. So in fact I now think that EncroChat actually made 2 errors: said non-reputability instead of non-repudiation, and also misunderstood non-repudiation as meaning repudiation.
> The algorithms employed are many times stronger than that of PGP (RSA+AES).
If they just used PGP over email, they wouldn't have gotten caught.
From what I have heard most criminals since the 90s use PGP over email (middle management and higher criminals not street thugs who probably just use WhatsApp or worse). They should go back to that.
So it doesn't matter what software they would have used since the device itself was capturing data before encryption and after decryption.
Law enforcement could replace an app, with their own, even for one specific user, if they have access to the system, granted by Google or Apple. I presume the signing can can be compromised, this way, but am unfamiliar to know this for sure.
And those companies would absolutely comply with a legal request to push intercept updates to phones.
$13M in cash is an impressive amount. It makes me wonder: There must be all kinds of operations happening around us daily, yet nobody knows about them. And those operations need members. Where do they come from?
The inner workings of this stuff is fascinating. To be honest, I wish it were possible to go observe the system in action as a spectator. I'd love to see how the packaging is done, the supply lines, the transport logistics...
(I balance this with a deep hatred for cartels. If you trace these questions far enough, it seems to often lead to "the cartels are at the center of it all." And they're responsible for unspeakable miseries.)
To be clear, my question is: how is the knowledge necessary for such operations preserved? I'm a programmer. I learned it from the internet. Where do they learn? And these aren't street dealers. It's an organized, carefully designed, well-oiled machine. How does this machine work? How does it survive the loss of so many members?
This is why all drugs should be legalized (not just decriminalized, decriminalization still leaves a black market). Cartels are meeting a demand, but cartels make up their own rules and will do anything they want to stay ahead.
Just legalize them, it solves so many problems.
1. Quality and proper labeling (no more mystery drugs/dosages). Buyers know exactly what they are getting, which would decrees the amount of OD's.
2. Vast reduction in violent crimes (legitimate, licensed distributors are very unlikely to have violent turf wars as this would jeopardize their license). Black market would suddenly have no market (provided the taxes on legal drugs aren't stupid), which means no money, which means there is nothing to kill/fight over.
3. Increased tax revenue
It is a win/win/win for everyone, I just don't get it....and please just don't with the tear jerking "What about the children!" The kids will be fine. No legalizing doesn't send a message that "drugs are OK". No it won't make them more accessible to kids, please stop fearmongering you don't know what you are talking about.
The result of this is all drug dealers going bust, and no drug dealers - no one to market the drug, so no new users. All addicts in Switzerland are now old people, and as they die of related diseases and old age the Swiss are having hard time keeping the clinics open because there are not enough takers for free heroin.
I think all opiates can and should be taken care of this way. Not sure about stimulants though - one doesn't just lie down on a clinic bed after a dose of meth or crack. Maybe if regular coke is legalized people will give up meth and crack?
I don't know about heroin, but there are something like 3/4 Swiss cities in the top 20 for cocaine consumption based waste water sampling.
Why do you think the world will flock to drugs if they were simply made legal?
Drug addicts (people who need to get high) will find an alternate high if they can't get illegal drugs.
How many adults do you know that have never done, or tried, heroin would suddenly do so if was legal? I think the amount of people that would try heroin because it became legal would be staggering low. I don't think there are many people out there going "Man, if heroin was just legal then I would totally try it!". People that want to do heroin are already doing so, it being illegal isn't stopping anyone.
"Heroin" has a bad name, so your legalized version would have some innocuous made-up marketing name, backed by tens of millions of dollars of advertising and it would sell like hotcakes.
I'm certainly not saying opiate addiction is a neutral/good thing, but I don't think it would cause the societal harm that we see today with them being tightly regulated.
Potential case in point: illegal methamphetamine usage/addiction is a huge issue today in the US. I qualify that as "illegal", because meth is available by prescription under the trade name Desoxyn. Many drugs with similar effects are likewise available and much more commonly prescribed - but I'm not aware of anyone calling for them to be banned. If anything, I suspect in that case the overall societal impact is positive: I know I would be much less effective as a developer if I were to lose access to ADHD medication.
Meaning doctors where more likely to prescribe them, that whole episode was one of multiple fuck ups at every level backed by some unscrupulous fuckers.
How is that a counter argument? This is a breakdown/fault of the medical community and has no relation to making drugs legal. To be clear, I am arguing that all drugs should be legal for recreational use (not require a prescription).
No question, doctors need to vet information on drugs better (they should not be taking literature/studies that come from the drug manufacturers as a reputable sources of truth). No question doctors should be extremely hesitant prescribing any opioid at all. No doubt that a lot of the current opioid epidemic stems from doctors (either unwittingly or not) prescribing things that they shouldn't be. Those are all medical industry issues that need to be solved (regardless if things like heroin are legal).
I don't suppose, and don't recommend, doing a self diagnosis and getting whatever drugs you feel will help. The medical community is supposed to be the experts on that subject matter.
That said, people need to be free to determine their own risk tolerance level regarding what to put in, or use on their bodies.
Me personally? I am not going to stop going to the doctors to get medicines when I am sick, even if I could buy any and all drugs over-the-counter. Also I am sure prescriptions aren't going away even if all drugs could be bought over the counter, there is no way insurance would pay for drugs that weren't prescribed by a medical professional.
If you have regulations on drugs, then you have all the problems, to some extent, that people attribute to their illegality.
I am afraid of opioids, and I don't trust even doctors, so I never took the ones I was offered and didn't get addicted. But there must be millions of people who wouldn't trust a heroin dealer and would trust their doctor, so legality makes a big difference.
Do you see doctors promoting cigarettes? Alcohol?
I would say that your reasoning why you aren't doing CBD is highly rational. Do you really think that even if you wanted to try heroin and if you did it, it would automatically addict you? Like you're instantly gone in to the abyss?
People try heroin and nothing happens to them. Some even hate the experience. People use heroin for prolonged periods and then simply stop (non unusual in the late teens, with some kind of a trigger in the mid 20).
If there was not so much stigma involved and so much risk taking the stuff, we might see people coming out of this juvenile experimenting phase in a much much better state.
Also, do you really think that people that lifelong addicts, don't have some kind of deeper psychological reasons to go down that path?
I have no idea. Lots of people experiment with things and it's no big deal and they insist that must be a universal experience. There's a selection effect. If you try something at 20 and don't survive, you're not around at 40 or 80 to tell people it's no big deal.
When I was young, I enjoyed alcohol a lot, but didn't really struggle giving it up when I had to. Nor did I ever drink until blackout or vomiting, which you know, whether or not it's pathological/alcoholism, is common. I am certain that the level of compulsion is very different for some people.
I have a sibling, who I believe smoked cigarettes off and on but it never became a permanent habit. But a lot of people find them extremely addictive. I never smoked my first one, just because there was never an anticipated reward that seemed worth it. I might have been wrong, or right. Some people seem to get substantial cognitive benefits from nicotine.
Occasionally having a negative reaction to a prescription drug makes me wary of recreational or unregulated stuff, too. Seeing homeopathic stuff in the drug store makes me fearful that a CBD product might be fake too. So when I had wisdom teeth pulled and I was given a bottle of big pink pills (I think it must have been oxycodone/paracetamol based on a quick google) I didn't use a single one.
Along with wondering if "legalization leads to increased rate of usage" holds true, I also wonder if the following is true:
> legalizing drugs also means easier access
Criminality is a "barrier to entry", surely, but I'm not at all sure that ease of access changes because of it. In Arkansas, where I live, cannabis is illegal. Even though I don't consume it (the risk isn't worth the benefit to me), I'm extremely confident I could make a couple of phone calls and have some delivered to me if I wanted to. That's really no different from my experience in the LA area.
In fact, it might actually be more difficult to obtain it in LA through legal means. Generally you have to seek out a dispensary (physically, or via phone/app) and provide identification. I wouldn't need ID to get it illegally in Arkansas. If an ID requirement has a negative participation impact on other things (like voting) then I would expect that to hold true for this as well.
The risk of legalization isn't so much ease of access as it is the normalization of drug abuse. We have shown with cigarette usage that education, propaganda and marketing laws can de-normalize drug use.
If anything, by making high risk drugs safely available through official venues, you can provide social services better access to those who need help.
I would say that you would likely see an initial increase in users but that a well run program would lead to both a overall decrease in users and more importantly a reduction of average harm per user.
Edit: The answer I guess is that those who have supported the war on drugs had other goals than "reducing the number of addicts". If you look at the history of how the war on drugs has been used by western intelligence agencies to grow their surveillance powers and finance and the fight against left-wing/communist organizations, the real reasons become more clear.
Governments can and do tax illegal drugs. Just issue tax stamps. If drugs are found without them, you also get them for tax evasion.
All drugs used to be legal in the US. There is a reason that they became controlled a hundred years ago or so, and it does not involve conspiracies by big pharma. Go research the history - it's fascinating.
Alcohol is one of the leading causes of death in the US. A large share of car accidents, suicides, crime, heart disease, and many other things is caused by it.
This libertarian trope has gotten more annoying as I get older. No matter what you want legalized/deregulated, there is something that even you can't stomach. And organized crime can focus their business on that something. They probably already have.
You say legalize everything and then you say there will be "quality and proper labeling". Well duh, you have to enforce that; that means drugs that don't meet the standards are illegal. And your organized criminals will deal in them. There's no way out.
Current drug laws can be framed as a matter of "quality and proper labeling", we're just quibbling about the details.
At the bottom usually. Either that, or you'll need some specific smarts or connections that are sought after. That's how it survives the loss of members. Many are low level and are replaceable, they have no actual knowledge about the high level trade. The high level bosses hide really well and try to stay untouchable by letting others do the dirty work.
From what I understand about Dutch organized crime, if you'd start for yourself, you'd have to fight a turf war and will always be at the top of multiple hit lists.
The safest bet is probably shipping drugs by mail through dark markets. A Dutch guy (SuperTrips) got arrested in Miami a couple of years ago. He sold drugs from his bedroom in his parental home. Was estimated to have earned 385k BTC through this.
If you want to see it at work, you could go to some of the Caribbean Islands. Drug trafficking runs through many of them and you can actually see the impact it has on some communities. In Haiti, I was warned to stay away from packages on the beach (though I didn't spot any). Apparently they throw them overboard near the coast, locals find them and sell them back to drug traffickers for about €50 a kg. This way the traffickers don't need to be directly involved with bringing them to shore.
Hopefully this gives you some info. There's lots of books and documentaries about this stuff too, by ex-criminals, insiders and researchers.
Ah, the infamous square grouper.
Not my experience at all. The expats I met are usually doing some combination of bar work, yoga classes, and other such things. Among the entire cohort of the hostel inhabitants (mostly tourists I imagine?) I haven't seen one drunk or drugged person.
I did see plenty of drug dealers though - some shady dealers on the street and some very presentable resident dealers inside various venues. So there has to be a lot of drug use going on, just none that I have noticed.
I doubt he made _that_ much out of his parent's house.
Edit: I was wrong holy shit that's a lot of money.
I did spend that time pondering and scoping out the work because I found it a fascinating challenge to design an ecommerce platform with very heavy requirements for user privacy and anonymity.
The source code for an existing platform that I was granted access to view showed me that a lot of encryption techniques were just smoke and mirrors. Mostly, everything was stored unencrypted or using symmetric encryption with the encryption key stored on the same filesystem as the server generating the pages.
It was fun designing an asymetric multi-key encryption system, where a user's "second password" with a hash (stored with a microservice API on another server in another data center) generated one of the multiple keys required. Even server seizure wouldn't result in anything usable.
Another challenge was how to prevent servers from being overwhelmed with DDoS attacks. That would have been achieved by using the Tor API to generate custom onion addresses for each user and vendor that they could bookmark. The only site that could be DDoS'd would be the landing page. It also allowed for an easy route to horizontal scaling.
The old system also didn't properly delete stuff, it just flipped a boolean "deleted" field to prevent it from being visible anymore... Not very smart for data hygiene.
I've been wanting to use what I planned out to build a product for the last few years, but I can't think of anything legal & legitimate that would have such strict security requirements that also has potential for profitability.
If the market were compromised and the URLs exposed, this would make it easier for a bad actor to connect a user to the URL, right?
That weekend there was a police raid to that house. The poor guy ended up being arrested along with others and got 20 years jail time because there were drugs and guns in the house.
Not worth it.
with friends like that, who needs enemies!
Narconomics has a pretty good discussion of the economics (including recruiting) of cartels.
It's no way to live - and don't even think about having a family/kids after you get involved. You'll die early of the stress.
If you think you're a master 1337 hacker or online drug dealer - just get a job in IT security. It pays better, comes with zero stress.
Spoken like someone who has never done either.
15+ years ago when I was hacking and doing credit card fraud, I could make $1000 cash a day without a lot of effort or time. Because I was careful about protecting myself and didn't work a lot I didn't have much stress. I have far more stress with a full time job.
That said, the drug game would be a lot more stressful.
So even in criminal enterprises, I think you have to move up the distribution chain a ways to see the big $
I beg to differ. All IT jobs have stress, but security by definition stresses you about things that haven't happened yet. If you have zero stress doing IT security, you're doing it wrong. Still immensely better than crime, though.
<< Sudhir Venkatesh never imagined that as a result of this assignment he would befriend a gang leader named JT and spend the better part of a decade embedded inside the projects under JT’s protection. From a privileged position of unprecedented access, Venkatesh observed JT and the rest of his gang as they operated their crack-selling business, made peace with their neighbors, evaded the law, and rose up or fell within the ranks of the gang’s complex hierarchical structure. >>
You can get rich from drugs very easily but getting rich from drugs while minimising your risk enough to live out your days comfortably is hard.
The smart way for a nerd to get rich from drugs is to formulate a short-term high risk plan that utilises the dark net to acquire and sell drugs before moving on very quickly. The problem is, if you’re making a lot of money very quickly... can you give it up? What’s one more day? What’s another week? You’ve been going 6 months — what’s 7?
Drug dealing groups are not a carefully designed and well oiled machine, there’s no knowledge passed down from generation to generation: there’s a group of people who haven’t yet been caught out by their mistakes. The people mentioned in this article made a mistake by using this app, and that mistake finally caught up to them.
The whole drug industry is predatory, the smartest people involved in drugs are the most predatory because minimising risk for yourself means offloading that risk onto others using violence and coercion.
There’s no romantic art to drug dealing: if you’re smart and willing to hurt others, you can be a millionaire before the year is out.
It explains in great detail how he got into the mob and how the mob works. I would assume many organized crime groups follow similar paths. Essentially young kids with problems with authority meet hoodlums who can vouch for them, they get into the lifestyle, and start learning how to hustle. No one rats because doing so means death.
This book is also what the superb movie Goodfellas is based on, which is a fairly close portrayal of the book.
Friends and friends of friends. If you hang out with "dodgy" people you will eventually see those opportunities pop up.
The recruiting of violent, power seeking, poor impulse control people was one of the major factors in the decline of the five families. When better opportunities existed for 2nd and 3rd generation Italian-Americans, many took those better non-criminal opportunities. An organized crime life is a pretty hard life. This dramatically hurt the number of good candidates that organized crime could recruit from. The candidates they did recruit often placed their individual desires over the needs of the organization. This destroyed the internal trust which was a major enabler of their success.
In particular I recommend the episode freakyclown or OxyMonster as that seems to fit what you're looking for.
Same is true of Paul Le Roux . I think if you're criminally inclined you'll find a way.
Surely he will have to serve his sentence in solitary because I would imagine cooperating with the authorities makes you rather unpopular in prison.
I expect these days in developed countries most of them start with credit card fraud in their teens and usually go to prison. At that point they either reform (I know of two such individuals by name, one is a friend sysadmin/CTO now and the other is Stephen Fry) or they get recruited in prison into an existing criminal org. From then on they acquire knowledge on how to crime from people who have the experience.
It's great news that these crims have had their just desserts. It's even better the quantity of drugs taken out of circulation, and hopefully the decimation of the network.
I'm well grasped of the difference between the two, and for the most part I think white collar crime is worse. It's pure greed and the same kind of exceptionalism that's been growing and growing for the last 50-60 years. Blue collar crime is as old as civilisation, white collar crime is as old as deregulation.
white collar crime is as old as civilization - how do you think kings and nobles got their positions back then?
One was the system of governance for millennia, the other was enabled by the naivety of a failed ruling class who handed the power of states to the fraudsters of global finance.
Everyone understood (at a local level) how feudalism worked, I doubt many people could tell you what Wirecard were doing.
This is what anthropologists call an "oral culture". You have to be told it verbally, because those involved are strongly deterred from writing it down. For the deeper secrets you probably have to be part of the right family.
In the rougher neighborhoods you'll find plenty of people who know how the system works, if only so they know what and who to avoid getting caught up in it.
(The interesting thing about the internet is how we've developed an "oral" culture that actually does get written down, because we do so much socializing through text! IRC channels and the like.)
It's ostensibly a study of the specialized language of pickpockets, but actually goes in to great detail on how pickpocket gangs work.
Before reading this book, and knowing nothing about the subject matter, I had somehow assumed pickpockets worked alone and were just bottom-of-the-barrel amateur opportunists. I couldn't have been more wrong, as it turned out they work in highly organized units.
Fortunately, probably through the ubiquity of video surveillance, such gangs don't seem to be as widespread as they used to be.
 - https://www.amazon.com/Whiz-Mob-Correlation-Technical-Pickpo...
That is also a plot-point in ASSRIB.
Barring a time machine or wonder viewer that would make this possible I highly recommend this documentary from 2006  “Cocaine Cowboys” its a tell all of the inner workings of the largest drug importers and follows the rise and subsequently fall of the cocaine trade in Florida which ultimately culminates in the major construction and modernization of Miami Florida.
So, basically, go down there with a sign stating what you can do and hope to get kidnapped...
You want to steal from oil pipes? Kidnap a few field workers. You want a solar-powered, encrypted, nation-wide radio network? Kidnap telecom workers.
They usually have some front business. "My guys" had a small logistics operation(obviously) - a single tractor trailer. Apparently the local liquor store was involved as well because it was run by the same people.
How do I know all this? Some of their trades, meetings and even disagreements happened out in the open. Nobody dared to be too curious about this. Also my friend's ex boyfriend was a drug dealer so she had a few stories to share.
I still vividly remember this one time when I saw one man handing out brick-shaped packages which were inside a car trunk to another man. At first I didn't know what I was looking at, but seeing how my eye contact made them uncomfortable I stopped staring and went on my way.
You would start from the bottom. Going around saying you want to part of the business, is a sure way to end up dead as a snitch.
Yeah there's a LOT of money: cocaine costs as little as $2k a kilo in Columbia and can be sold in EU for close to $100K when accounting for cutting. I guess a lot of it is segmented. For example: one group brings 800kg from Ecuador and sells it to local gangs and so on. If they get caught, other groups fill the void.
If we look at what trading corporations do in times and places where they can get away with it, we see:
-Aggressive acquisition of natural resources to protect the supply chain
-Use of armed force to gather and protect said natural resources and the geographic territory wherein they're contained.
-Use of armed force to protect and expand market capitalization (markets, trade routes etc)
This is pretty much identical to what a drug cartel does on a day-to-day basis.
Imperialistic nation states of the 1700s and 1800s followed this playbook, in a time where the biggest enterprises were state-owned (in Empire of Cotton, Beckert refers to it as "War Capitalism").
But those systems fell apart because they were too volatile. Eventually, an inability to control that volatility compelled the same imperialistic nation states to divorce themselves from private enterprise, and took the monopoly on violence in the settlement; so far, it's been a more stable equilibrium.
Both systems are "capitalist", in that they permit the private accumulation and investment of wealth. I would argue that the main difference is the state-owned monopoly on violence, eminent domain, and regulation of financial sector.
Regions with strong criminal underworlds tend not to to be governed by institutions with such monopolies.
There's an interesting 2012 Ted Talks presentation by Peter van Uhm the then chief of defense for the Netherlands. He discusses the state monopoly on violence as a central point of how and why the military exists.
"Peter van Uhm: Why I chose a gun"
That is not capitalism.
Not by the definition used by the people who named and defined capitalism.
It's true that after that, the conceit that capitalism involved only voluntary, uncoerced trade was adopted by it's defenders as a rationalization of the system, but that was not true of either the specific real world systems for which the name “capitalism” was coined to refer or subsequent real world examples, and certainly has nothing to do with the definition of capitalism.
If you want to distinguish the proposed scenario from capitalism, it would be in that it does not involve private property rights in the means of production, but instead on their forcible seizure and defense, but that's a slippery distinction because commonly such systems evolve into a degree of legitimization and trade with recognized rights between the parties, and the roots of capitalist property also start in forcible seizure which is later legitimized.
Given the diversification most capitalists have and looking at what major corporations do globally, yes, though I'd also expect them not to think of themselves that way.
Drug cartel leaders, I'm sure, often have similar self-serving rationalizations of their role.
We can't go any further on here, too much ground to cover.
Do you consider executives of, oh let's say, the Coca-Cola Company, to be capitalists?
Assuming you are probably thinking of linking something like this: https://en.wikipedia.org/wiki/Sinaltrainal_v._Coca-Cola_Co. ?
Illegal activity is illegal. Capitalism has law and a stable society as a prerequisite.
The definition of capitalism, and the world in which capitalism operates, are different.
The final transaction between buyer and seller is voluntary.
But all of the backend infrastructure may be highly manipulated in unethical, forceful ways.
A person buying some whale meat willingly pays the merchant at the meat market.
But that whale meat was acquired because one group killed the whale before another group. And that group killed the whale first because they setup groups who threatened other would-be whale hunters, and as this group gained a bit of financial traction they paid off local officials to pass some “coastal safety” ordinances that provide them some level of monopoly on killing whales, and worked out another ordinance that lets them dump toxic byproduct in a local river to place some of their cost into the public that won’t be easily rectified for decades.
So a perfectly ethical capitalist fisherman might well find themselves facing men with guns who forcefully prevent them from competing, when the police show up to enforce the local coastal safety law.
I was replying to the comments about use of force.
Also looks like ZeroZeroZero is an Amazon Original series now as well.
Random side story:
Governments have become much more aware of the purposes of these sorts of phones and seller.
About 18 months ago I was asked to meet with the sales people from a specialist phone company like this one, they were interested in selling them to the NGO/journalist market. I'm always happy to chat and test the utility of interesting security tech and compare versus more common setups (locked down phones, Signal etc). I've met a load of these sort of companies at trade shows etc as I'm sure many here have but they wanted to meet in person as they were in town talking to various potential clients. The product was decent enough but way beyond the price of anyone in the sector would be able to afford. Anyways the guys were nice and I genuinely didn't get a sense they particularly up to anything bad...
However when I left the meeting (in a European capital) I had physical surveillance all over me. Not a particularly good team, hence I detected them. Totally caught me by surprise. Ran a hastily arranged surveillance detection route and managed to confirm a few (no doubt there may have been more). At first I thought it might be the company I had met doing it to me for some weird reason. However as I thought through the tactics, people profile and operational reason for doing it to me I can only assume that whoever the local police were had been watching closely anyone who was meeting with the secure phone providers (they were foreign to the country in question, so probably came under more suspicion). No doubt this was because of the connection between a lot of these sort of companies and the criminal underworld. (Again, I didn't get the sense these particular sellers were up to no good, I just thought it was an interesting perspective)
What did this entail?
What are they going to do? They are already following you? Follow you more?
For what it is worth, there are enough crazies and phone zombies in any major city that pretty much anything goes anyway..,
Roughly the way to think about your options are:
-Covert - Use your detection of one or more to detect more of the team but do nothing. This preserves your ability to detect them in future especially if they reuse tactics and locations, especially any trigger locations that they pick you up on.
-Overt - Use your detection of the team to openly "burn" them by confronting them ("Who the fuck are you and what do you want?"). But that means in some contexts like a human rights defender they may move in to arrest you, kidnap or whatever depending on their objectives. Or they will just step off you and come back next time in a better way that means you won't be able to detect.
-Semi-overt - increase their heat state by approaching them for something innocuous ("Hey do you know where the local church is?"). This means you test their local knowledge and that individual will most definitely lift off you for awhile though may not entirely suspect what you did was deliberate as they would above. They could of course use that time to threaten you, especially if you are talking criminal or narco threat etc.
-Overt break - You use a very obvious method of breaking away from them like jumping a light, speeding up your normal walking pace, swapping public transport, going into a location that doesn't fit your pattern of life purely as it would be hard to cover and then ditching out fast through an exit etc etc. Again that will alert them and as above they may move to snatch you or come back another time. Remember, they may already know where you live/work etc so they may have that information.
-Covert break - You run an SDR then find a location you can use that fits your pattern of life and use that to lose them. They can still of course come back but they may chalk it down to an accidental loss if you do it right. Plus you are sometimes playing on their cultural biases that means they may be reluctant to report a loss to their bosses etc.
There's obviously a hell of a lot more to think about. Such as if you use the above to create a break, what is it you are going to do then? This is often what people struggle to think about in advance, especially as its intimidating as hell to find yourself in that sort of scenario with a real threat. For example people we've worked with have made decisions to essentially go on the run with just what they have in their pockets (from people looking to kill them) once they broke away. That's when the training about the physical and digital stuff (alert help but may need to ditch the phone, get grab bag, change clothes, switch to routes off CCTV etc etc etc) kicks in.
What is useful though is that you as the person being followed usually have control over who, what, where etc happens in your day (unless it's an intimidation scenario like in some countries where surveillance literally waves at the people every morning as they follow them around).
Some better structured answers in Umbrella App or you can try the beta web version:
On a few, thankfully limited occasions I've had to use it in relation to myself where a real threat existed but rarely enough. Mostly when I've had to use it personally it was to ensure I wasn't risking anyone I was meeting or if I wasn't sure if they might be a deliberate/accidental security threat.
We teach it on some of the source protection training courses with do with journos/NGOs. Also we write some basic stuff about it in our open source app, Umbrella. Some activists are threatened by actors ranging from kidnap to ISIS, from corporate to government intelligence, from crime to stalkers. So it's very useful for helping people identify a wide range of threats early.
Also just generally for getting peoples heads up out of their phones and off the ground and taking in more alertness of their surroundings - the sort of Coopers Colour Code style thinking.
... and now you've got all of us gun nuts paying attention :)
But the point is the post just literally contradicted the previous post. There's not a lot of places to go from there.
Seems like they can't be trusted with proper secrets, doesn't it?
That page is just saying, "Act bad! Signup here to protest!" If the bill is really so bad, then they shouldn't be afraid to let people see for themselves what's in it.
So for US politicians to both know and abuse this, someone in the US intelligence community would have had to be willing to lose a lot of trust on the EU side by both sharing the intelligence and allowing it to be used for political gain and forcing the EU side to become their political puppet.
That doesn't seem reasonable to me, but who knows. If that's what happened though, the US can forget any trust in the near future.
Sweden violated its constitution and had dawn raids and confiscation of servers performed to satisfy the RIAA.
European countries don't even trust US politicians anymore with information about ongoing investigations, due to the blabbermouth president. Why would they even communicate this with them to begin with?
And don't forget that the administration has installed a lot of affiliated poeople into agencies. (Ratcliffe for instance.)
I'm not saying the dutch and the french did some kind of cooperation with the US here, I'm just saying I would not gasp of surprise if it turned out to be so.
I haven't and neither have our agencies.
As a simple guess, I would suspect that the police managed to get a valid certificate from the domain name used by the update server and through that MiTM the connection. One of the comments from the company said "They repurposed our domain to launch an attack", which would fit such scenario.
Attacking the authentication of update functionallity is also in my view the usual suspect in cases like this. When a hardware device get rooted it very often is some kind of attack which allow people to push an modified update in some way. The developer in this case would need to have designed the update feature assuming that the domain name could be compromised, the SIM service could be compromised, and that the path between their server and the phone could be compromised. If they used cloud services for their servers than they would also need to assume that the cloud provider could be compromised. People can write software very carefully and still forget to account for one of those.
The paranoid side of me started to weigh different explanations against each other, and one would be a compromised base band processor which tried to do something to the Android side, but failing, since it was no longer the vendor image it (hypothetically) was expecting to manipulate.
Security is tricky and must be designed in depth and a mistrust of all layers. If the hardware is designed such that the baseband the main CPU are not separated by a communications channel, all can be lost if one does not control the baseband firmware too.
(For instance if the baseband processor has shared memory access, that's a problem. If it's just a data interface, treat the baseband processor as a hostile network.)
In my case, the likelier cause was probably something buggy in the Cyanogenmod image, or, while still unlikely but less so than baseband exploit, that the Android side itself had gotten some kind of virus because of some kind of security flaw in that particular Cyanogenmod version.
> Our servers are node based and located all over the world; all input and output are true end-to-end encrypted. The Servers only initiate the tunnel.
Their own statement suggests a zero-day?
> Today we had our domains seized illegally by government entities. They repurposed our domain to launch an attack to compromise carbon units.
> With control of our domain they managed to launch a malware campaign against the carbon to weaken its security.
Sounds like their servers got popped, probably ones distributing updates, and also sounds like hand rolled crypto from their website although that doesn’t mean much if they can access the devices.
I guess what people should learn from this is that encryption isn't a protection without solving problems caused by centralization first.
And this system sounds extremely snake-oily, and likely making typical bad crypto mistakes everywhere.
I'm similarly skeptical of popular VPN apps.
I'm not sure it's possible to me to develop and run something with the assumption that even if I turned police intelligence asset, that the product would be untouched. Open source would help, and some kind of distributed, decentralised thing maybe
It may be as simple as: the business wasn't making money and the owners wanted out, so law enforcement bought it or paid them off. Then law enforcement isn't really "compromising" the company--they're in control of it (whether the employees know or not). At that point they can have the existing devs modify it however they want, or just hire a few new devs.
It's like trying to design something to go viral -- harder than it looks. Probably easier just to find informers.
Thalw problem is the key is transmitted in dtmf or other means in the clear. I am not sure what my local pd uses for encryption but I'm guessing it's outdated.
You can set the tornado sirens off with a small transmitter and recording the very consistent tone pattern of you wanted.
The worrisome thing is that cops use their cellphones instead, which is much more secure but also is used accidentally or purposefully to avoid public records.
It's actually worse than clear text radio in many ways.
All cellphone call meta data and all SMSes are recorded, so while it avoids people listening in scanners and the public record it isn't very confidential. It's police using WhatsApp and Signal that will cause big problems.