“When I was in Hong Kong, I spoke to my partner in [Rio de Janeiro] via Skype and told him I would send an electronic encrypted copy of the documents,” Greenwald noted. “I did not end up doing it. Two days later his laptop was stolen from our house and nothing else was taken. Nothing like that has happened before. I am not saying it’s connected to this, but obviously the possibility exists.”
If the government really did break in and just stole his laptop, this is like the least cool spy thriller ever.
On the other hand, if this wasn't done by a government then it really is what a robbery looks like!
On another note, if Snowden wasn't in HK, CIA would have already "paid him a visit" or five. Probably each of them was shadowed by dozens of Chinese ones so they couldn't take the risk.
"We would be happy to replace the laptop too, but we didn't think you'd want to use the new one."
To those without the key, an HTTPS download of a porn video is entirely indistinguishable from a tarball of state secrets.
You forget the fact that the majority of operative work abroad is done by minimum wage hired thugs who don't give a single fuck about the intricacies of the execution of the task at hand; they probably even like the fact that they can help make the US look like a bunch of morons.
So, there are these remote backups/sites out there, encrypted. Say, every week ES has somebody Bob post a keyword somewhere, a forum, pastebin, etc. The owner(s) Alice, Doreen, Glen, etc... of these backup sites manually or 'auto-crontab' for this keyword, or coded sequence of keywords, if so, fine, steady as Edward goes.
If not, .... ES released his hand(See hyperventilated Dyson's DMS in Terminator II film) sprung trigger. NOT good:
This interrupts the auto-cron periodic keyphrase(word) update and the toothpaste tubes are vigorously flattened, and you can't get the toothpaste back in.
(How? ie, How does EDMS trigger release become known to remote system trigger manager Bob or crontab daemon?)
Neighbor Bob check's local lampposts for Ed's new white tape once a week?
Can Bob be automated?
If you are worried about one of those people colluding with another to get the secret sauce too early, then split the secret. Give it to 50 people and require any 10 of them to release their material. Or whatever, you can tune it how you like depending on how many people you trust and how much you trust them. Automation is unnecessary.
# cat /etc/cron.daily/dead-man-switch
wget -O latest https://raw.github.com/asdf/feab/data.txt
if [ ! grep `date +%m%d%Y` latest ] ; then
echo "The key is uRYB9vCT53jCSkjzaf9b" | mail -s "I'm dead." glenn.greenwald@...
Of course, you'd want to test this and make it more fault tolerant.
"Good morning Mr Snowden? How was your sleep last night? Oh yes, that's right, you didn't get any.
So to begin with, No I will not get that light out of your face, What was this you or Mr Greenwald mentioned about having your distributed files securely backed up, and have you a deadman switch Mr Snowden, you understand, in case of your demise? .... a bash shell script? Why the hell you didn't you use python?! This is going to be a problem. How are we going to fix it?"
Whoops, that Github service outage just threw the world into political chaos. :)
| it is non-trivial to get it right.
This is, in fact, practical to do with Reed Solomon codes.
There is a nice implementation in Debian called 'ssss'.
Edit: nifty demo: http://point-at-infinity.org/ssss/demo.html
EDIT: An agent running on some VM somewhere isn't that tough to implement. You could do it from a friggin' R-Pi. If the "all clear" isn't posted where it is supposed to be, let the monkeys loose. (Kids in the Hall" reference, fwi)
This opens lifestyle guidance for our aspiring youth:
Prefer crontab. It will let you down far fewer times than mortals.
Choose bitcoin over any Ben Bernake or Alan Greenspan currency.
Believe Snowdenspeak over Clapperspeak, Kieth Alexander's mouth moving, or any Obama-ism.
Go to lunch with Richard Stallman before that mean looking bald-headed angry man with that desperate hunted rictus fixed to his face, who works at Microsoft, but not for much longer.
I believe any organization worth its salt that has NSA/CIA as enemy would have thought of something better and easier for a fail-safe device, an insurance on their lives if you will. Wikileaks has an insurance of this form.
Post encrypted file to everyone. Probably there is several VMs checking in or even scraping most news sites for "Assange dead", and if that happens, pastebin the keys. And even this is complicated.
If I would need a dead-man switch, Id include people I trust to release the keys, or parts of the keys in case I need to trust several people to be in agreement at the same time.
A technological solution in case I cant trust anyone, then I would run several php scripts on those free hosting sites, or get a plan with heroku or redhats openshift, all of which check for updates from my sock puppet accounts on facebook, g+ and email, weekly or so. Say every other update on at least one of the public services must contain a secret codeword in hidden form like first letter of each sentence or rot3 of those. If no updates are found for three weeks on all the sites, or if the codeword is not there two times, pastebin the keys all over the internets.
After all these years, that is the first interesting application I have seen of rot13(I think you intended?). ty
"The high level of residential burglary has made most residents opt to reside in apartments where the “porteiro” (doorman) ensures 24/7 access control for the building. Having effective access control is critical."
The NSA presumably already knows what's in the archive.
> I did not end up doing it.
It's implying had he sent it the laptop wouldn't have been stolen.
The drama regarding Edward Snowden's whereabout is the only thing keeping the story going.
For most people, PRISM was one of 100 stories on their newsfeed that day.
I am happy that the worries of echelon, which was treated as rumour, hearsay and conspiracy theory are now 100% proven to the entire world.
I am looking forward to seeing what further revelations Snowden's files will show.
The European Parliament held reports on the capabilities of Echelon. Industrial espionage has been linked to Echelon.
The purpose of Echelon (intercept communications data) is the stated purpose of GCHQ. Really, it's on their website and in their recruiting material. They monitor all communications, anywhere in the world, from DC to light.
Echelon isn't fantastic weird conspiracy theory.
 Sarcasm is not useful in text and it's especially not useful on a forum like HN, where there tends to be a higher number of users who are more literal than the regular population.
For the majority of the population, they have either never heard of echelon, never took it seriously or have outright dismissed it as a crazy conspiracy irrespective of the previous proof.
I think of all these things are coming out now as an opportunity to have a serious discussion about wtf the US (and humanity) is doing.
It's time to work as a global civilization. Our resources are squandered on creating truly a prison planet (no reference or credit to Alex jones).
Focus on the man, and not the issue. That is the "freak out".
Also, interview with an eyewitness: https://www.youtube.com/watch?v=fweyFCFKcp0
Richard Clarke says it's possible: http://www.huffingtonpost.com/2013/06/24/michael-hastings-ca...
However, steering and brakes are mechanical systems in Hastings' 2013 Mercedes C250 (like almost every other car), and cannot be electronically overridden. The steering wheel is connected directly to the wheels, and can't be controlled by the electronics. Electronics can activate the brakes, but can't cause the brakes to not activate because the pedal is connected hydraulically to the calipers. Even if the engine is racing, braking force is greater than the engine's force. 
If his car was vulnerable, all-electronic attack doesn't seem like a good way to assassinate someone if they can simply step on the brakes to stop the car. Changing the mechanics to allow remote control might be possible, but that's a lot of physical evidence to add to the car.
 http://www.autosec.org/pubs/cars-usenixsec2011.pdf  http://www.keacher.com/672/title-fight-brakes-versus-engine/
Everything in newer model cars is connected to the CAN bus (basically a broadcast serial protocol), radio, airbags, brakes, etc.
Your XM Satellite Radio could in theory detect that you are traveling over 70 mph and trigger just the right front brake cylinder. Any time you detect braking on other wheels, fire one of the 9 drivers side airbags to disrupt the operator.
In his particular case, an attacker would require Hastings to be traveling at a high rate of speed to have a high probability of a fatal injury. Highland Ave is a 35 mph surface street. So the attacker would either need to speed the car up, or have him already traveling at a high rate of speed. If it's the former, Hastings could have just used the brakes. If it's the latter, there are lots of reasons why he could crash on a two-lane city street lined with trees and parked cars at 4 am. As you point out, it's possible a sophisticated attack could have also provided all kinds of distractions to prevent him from braking effectively.
I think the most likely explanation was that he was speeding and lost control, but feel free to disagree.
You are dismissing it as unlikely, because you keep assuming that some subsystems would work as designed or intended.
I'm not comfortable discussing details on this point, but "just use the brakes" might not have been an option had the malicious payload been properly designed. I have maybe a basic to mid level of experience reverse engineering automotive firmware, and it would not be hard for me to pull off. God only knows what a state actor could come up with.
If you want to just hack around on CAN bus, check this project out: http://www.gadgetgangster.com/news/54/556
To get at actual firmware, you'll want to identify the ROM chips and wire up an appropriate reader. You might be able to get by with a bus pirate. Once you have the actual firmware, you should be able to identify the processor (get ready to learn old obscure Motorola instruction sets) and you're off to the races. If you luck out with an x86 or ARM processor I highly recommend the Hex Rays Decompiler.
I was working as a generalist on the team, so the HN expert collective may be able to give you better pointers on specific items.
right, because ABS does not work by pulsating the pads off and back on...
What I would do if it was a spy movie:
1. plant bomb underneath.
maybe just a small (hard to find) fuse in the gas tank.
make it activated by airbag sensors.
2. hijack car electronics
3. when target is inside, locks door.
accelerate and mess with brakes
4. he can turn as he wish. by the time he realizes what's going on,
all he can do is try to avoid a high speed crash by then.
5. with doors still locked, car crash and goes boom,
just like they do in hollywood.
So ABS can fully cut off brake pressure? My understanding is that it relieves extra pressure and that regardless of the valve position, either full force of the pedal (including locking the brakes) or reduced relieved pressure is still sufficient to stop a vehicle.
> What I would do if it was a spy movie
All posible. My comment was really just a response to Richard Clarke's comment that it could have been an "untraceable" "car cyberattack."
Quite a nice segment.
about ABS brakes (and thus absence of direct mechanical control by the driver) other people have already explained.
The speed is controlled by electronic throttle control. Mercedes was among the first and brought drive-by-wire decade ago.
>The steering wheel is connected directly to the wheels, and can't be controlled by the electronics.
ever heard about electric assist steering? Mercedes does have it on the C250.
And btw, the modern cars don't explode. Poor Mercedes when
guys like this will come into play
The reputation and perception is half the price of a Mercedes and this accident makes a dent in it (on the related topic - how much Toyota suffered for a runaway acceleration).
Correct me if I'm wrong: ABS doesn't cut off pressure to the brakes but instead relieves extra pressure. At no point can the ABS module ever fully cut off brake pressure that's being hydraulically applied by the driver. Incorrect?
> electronic throttle control
Yes, but my point was that regardless of what the throttle was doing, brakes can counter. If he was alert, he should have had reasonable time to start braking as the throttle opened up.
> ever heard about electric assist steering? Mercedes does have it on the C250.
Thanks -- this is a good catch.
> And btw, the modern cars don't explode
if relief valves are kept open (instead of open/close/open/close/... like during normal ABS operation) i don't think there will be any effective braking force.
"His friends and family that know him, everyone says he drives like a grandma, so that right there doesn't seem like something he'd be doing, there's no way that he'd be acting erratic like that and driving out of control"
According to this article , Hastings describes himself as a "a recovering drunk/addict/screw-up." In another True/Slant piece, he says, "I have smoked crack." He crashed a car in a drunk-driving accident at 19.
It's funny how geeks, who pride themselves on rationality, throw Occam's Razor out the window at the drop of a hat.
(I used to have a 3,500 lb. coupe, a Pontiac GTO. Now that was fast. It had a 400 HP V8.)
I know a guy with at least a dozen cars, including a McLaren F1, drives way more cautiously than most grandmothers I know.
And P.S. Occam's Razor is just a guide line. Many things happen every day that violate it. The US government has murdered people before and tried to cover it up, so it's not beyond the realm of believably or possibility.
I'm not saying this is true; just that it is what people are speculating. Frankly I don't know whether or not it's possible to remotely take over that particular car's steering/acceleration mechanisms.
 - http://www.huffingtonpost.com/2013/06/24/michael-hastings-ca...
No, that car hit that tree. It wasn't dropped off by a flatbed truck or something. And yes, cars can catch fire during high-speed collisions.
Not to toot my own horn, but... https://news.ycombinator.com/item?id=5936521
"Bush advisor: Hastings crash ‘consistent with a car cyberattack’"
The TPMS systems do not use Wifi, nor do they generally transmit in the 2.4 GHz band. The system from the paper you mention sits at 315 MHz.
The paper is available here: http://www.winlab.rutgers.edu/~Gruteser/papers/xu_tpms10.pdf
His counter-terror position was a holdover from the Clinton administration, and he eventually left the Bush administration on very bitter terms; I've seen the term "character assassination" used to describe the way he was treated by the administration on numerous ocassions.
So you think chicken sabotage is a possibility then?
Instead, they've wisely chosen the strategy of trying to discredit him.
The fact that others have the same info means that it makes a lot of sense.
Not a lot of people have the backbone to carry on after someone has been made an example. And those that do, well, they can also be made examples.
There is a certain safety in numbers too, if you are one of dozens of people in possession of the key, if you have a little backbone you can leak the key and be reasonably confident that they are not going to kill several dozen people purely out of a sense of revenge.
This is why Glenn is so keen on pointing out that he is not the only person with the data/key.
Makes it very easy to dismiss.
Oh, I agree completely! Unfortunately, copywriters for almost every popular newspaper in the world do this by rote.
I added a question mark. :)
While the disclosure of Prism has confirmed what many tech minded people I know have always assumed, it does not stand to reason that other countries do not monitor chatter and would not act on intel that is valuable.
Basically, what I'm saying is to keep our minds open while reading these articles...an example of why would be if you remember Huawei Routers not being allowed in certain US infrastructure , or Clinton lobbying China to remove it's firewall .
Open minds can then start speculating past motivations in old articles.
Why I linked those old articles, I imply that the US didn't want China to do what it was doing (which is what PRISM revealed) to have a backdoor into US infrastructure through Huewei routers, and that the administration wanted to possibly make it easier to monitor China's chatter by pushing for it to tear down the "Great Firewall."
I don't get it, is all.
To make it simple, I think he released to the public the appetizer, and has withheld any main course or desert (sorry for the analogies...lunch time).
Publicly distributing the encrypted data does seem to be better to me, but making it ambiguous as to whether or not foreign governments have it seems like it could be a decent second best.
Perhaps there's an RFC forcing AQ to set the "evil bit" on their IP packets? That's a feasible technical solution, I suppose, as long as AQ is RFC-compliant.
Also, we don't know what the data contains. So even if he does give out the key and the media start publishing, who's to say what comes out wont be in the public interest?
I think it's a bit early to say this strategy has massively hurt him.
Snowden is coming to light as a complex character, not some altruistic idealist who expects a pardon and a ticker-tape parade. Phrases that come to mind are "David vs. Goliath," "Catch me if you Can," and "John Le Carre." I love it because it's a more interesting story this way.
This isn't his ace-in-the-hole insurance for him as much as it is insurance that killing him can't stop the release of the information. That makes him far less valuable as a target for "extralegal field maneuvers".
By distributing the file, he's announced that the information has become a hydra - cutting off its head won't kill it. This won't stop the US from pursuing him, but it guarantees that his goals will be met regardless of his personal safety.
How? Oh, look he isn't an idiot and he knew the CIA would try to assassinate him to silence him.
I'd personally like to see less focus on the guy and more on the message though.