Security In Mind, piggies at my door.

[headiez247]

Agree to disagree.

And it's not complex for basic level online anonymity, did you not see my last message to you? If a person only cares about online anonymity, then they only need to download one file, that's it (but ideally they would also install the other 6 Firefox add-ons I listed). Once a person downloads the TorBrowerBundle file to their computes they simply decompress the file and click on one program (onion icon) that auto-launches all other programs, which are all are pre-configured to use Tor; and none of it is installed...it can't get any easier than that. If people think that is too hard or complex then I doubt they would be able to use the Internet or log onto Icmag.

this I agree with. One download file that auto launches is very helpful and easy and should be in the first post of this thread with instructions.

@ headize:

I see you use the US based image host Imageshack for uploading pics of your grows. Dude, that is such a fail it's not even funny. Using a US based image host to host images of illegal activities if just asking to get your ass investigated. And I am sure you used your real IP address to upload those pics too...<spurr shakes his head>

The one good thing about people like you, is it takes heat of people like me, who are smart about our online anonymity and security. Ignorant criminals help informed criminals because the cops usually get ignorant criminals before informed criminals.

Grow is old, and pic was uploaded via a friends computer in a different state while I was on a trip.

Keep that tinfoil hat on tight.

 

[gaiusmarius]

Yet nobody got busted after overgrow was taken down.

IC is hosted in another country, will never be shut down.

I applaud you trying to help people, obviously you can't be too safe. But realistically the majority of people will either pass it by or laugh at its complexity. No skin off your back, sure, just time wasted.

why would you say he wasted his time? when you admit to it being to complicated for you to follow? how can you make the judgment of the value when you admittedly dont understand it?

I tried to find a news article where a grow bust occurred due to an ISP snooping, forwarding the info to LEO, them investigating, securing a warrant, and then busting the person. I couldn't find one. In order for your theory to be correct, there would have be not one, but multiple dozen cases where it is shown that your internet activities alone initiated an investigation which lead to a grow bust.

the absence of evidence in suport is not proof of the contrary. further more just because it might not have happened yet is not to say it can't happen. also consider how getting a record of all photos posted here over the years will let leo prove how long you been growing, even if the find you through another route.

Your notion that it is important to have your computer locked out DURING a bust makes no sense to me. If you get raided, and they find your grow in full working order, them finding out that you posted in a grow forum about said grow isn't going to hurt your case. Just like if you own tons of illegal guns and they find out you posted pictures online of the guns. It's not like you can say "that 13kw grow downstairs isn't mine, its my friends that left it here"

like i said all your pics and posts can help them add a whole bunch more to your charges then just the room with plants. that room alone is no where near as big a problem as pics of it that are years old. just makes it that much easier to mount a that much bigger case against you.

You aren't taking the real world statistics into mind. Given our economy, and how busy LEO is to begin with, not to mention the thousands and thousands of tips they receive, the amount of LEO who literally sits around and looks through what random people are looking at online is very small. And even if it wasn't, how many millions of people have ISPs? What are your odds of being selected. ISPs sole purpose in life is to make money. They do what they have to in order to keep LEOs happy, beyond that, they could care less what you are doing online.

The bottom line is people need to 100% focus their security on real world scenarios first, not being anonymous online where they essentially already are.

I DO think that if you are already being investigated and THEN they look into your internet activities (again couldn't find an article to support this) then ya, that could hurt your case. But if they are already investigating you, you've done something wrong.

You are an online version of Mel Gibson in Conspiracy Theory and that is totally fine, but don't say everyone else is risking there freedom by not taking it to the extreme you are.

the whole point is that all these thing give you added security, but the main thing is that if some thing does happen you dont have a computer full of additional offenses they can hammer you for. i don't see how anyone could say such information is not valuable and very pertinent.

talking about conspiracy theories did you know they have all kind of licensing schemes for the internet planned by different governments around the globe. they want to go from having your cars plate numbers(ip addy) to having your license with every post you make or page you view.

 

[tokatronic]

Well, I actually agree with headiez. Not that I don't agree with spurr either, but it's just that why on earth would they come down on us when there's so many others to come down on?

Ok, our path isn't clean, but we're easily not a prioritized target. If we where, we'd sure as hell read about it - as headiez are onto.

And if they start coming down after us, we'd be martyr's.

 

[DIGITALHIPPY]

Yes it is

wait... your suggesting GOOGLE?!?!?!?!
THERE BASICLY THE NSA!!!!!!

AHAHAHAHAHAHAHA

My ISP has no idea what I do online when I'm using Tor. I could be here, or looking at kiddy porn, or reading the Wall-street Journal online, and they are none the wiser. That is one main reason to use Tor: to prevent ISPs from spying on what you do online. The ISP is a major source of online snooping, ex. using carnivore (from the FBI) and in the US since the inception of the Patriot Act many ISPs are like a tattle-tale to the feds (incl the DEA). That siad, Tor exit nodes can also snoop on your data if you don't use HTTPS...
.

carnivore V3.0 goes through TOR,s and about every proxy you can think of doesnt matter what country its in.

hell,
id bet the CHINESE know more about what your doing then your ISP, the packets get copied, and diesected and stripped of HTTPS.
i know FIREBOX(very high end firewall) code, and my firebox can dismantle a packet(this goes WAAYY beyond SPI[stateful packet inspection]) to the point where i can skim off employees info, ip, request info, passwords and usernames (thats soo easy) if this is open to the public...i cant imagine what the gov has.

i lost my "secret" clearance after i got a ticket back in 00', but even as a cable layer for gov institutions, i can tell you "whatever you do, they get a copy" and this was 10 years ago.

so all that fancy stuff your doin, some NSA,DHS,FBI,CIA or other nitwhit is more then happy to waste his time cracking. but they have the pc's do that, scan for key phrases with that AI pc they have.....






the real truth is that just about all of us are just not important enough to them.

 

[David762]

Nice post, and pretty darn thorough.

Nice post, and pretty darn thorough.

I think it's a good idea you are trying to help others, but, you are spreading FUD and have a few things mixed up. I will try explain what I mean in your post, and offer suggestions about how to do things 'right'.

I personally like the idea of using a *nix live-CD in conjunction with an encrypted flash drive, or an encrypted HC-SD or Micro-SD (smaller & easier to hide). A custom version of a live-CD, with many | most of the add-in programs you mentioned would be even better yet.

Windows isn't secure. I use Mac OS X configured securely, but I am beginning to have some doubts about it as well (remember Steve Jobs little problem with stock options and the IRS a while back?) A flavor of linux or bsd, especially OpenBSD, is my next OS of choice.

 

[spurr]

wait... your suggesting GOOGLE?!?!?!?!
THERE BASICLY THE NSA!!!!!!

AHAHAHAHAHAHAHA

Google (search engine) and Chrome are two different things. And as you might have noticed, I wrote not to use Chrome until TorButton is ready for it. TorButton will fix all issues with Chrome, like it does with Firefox (except where Mozilla is too lazy to fix bugs affecting functionality of TorButton).

carnivore V3.0 goes through TOR,s and about every proxy you can think of doesnt matter what country its in.

Do you even know what carnivore is and does? It does not "go through Tor"; unless you can cite legit references backing up your claim...

And what the hell is "Tor,s"?. There is only one Tor.

hell,
id bet the CHINESE know more about what your doing then your ISP, the packets get copied, and diesected and stripped of HTTPS.

LOL, OK, just how would that happen if your Internet connection does not traverse Chinese ISPs and/or servers? I am referring to non-Tor Internet usage.

Using Tor makes attempts by ISP and carnivore, etc., fail when they try to monitor traffic from your IP.

Also, using something like sslstrip is not as easy as you and the OP are making it out to be...

i know FIREBOX(very high end firewall) code, and my firebox can dismantle a packet(this goes WAAYY beyond SPI[stateful packet inspection]) to the point where i can skim off employees info, ip, request info, passwords and usernames (thats soo easy) if this is open to the public...i cant imagine what the gov has.

Reading packets isn't hard, that is why using Tor with HTTPS is important.

i lost my "secret" clearance after i got a ticket back in 00', but even as a cable layer for gov institutions, i can tell you "whatever you do, they get a copy" and this was 10 years ago.

so all that fancy stuff your doin, some NSA,DHS,FBI,CIA or other nitwhit is more then happy to waste his time cracking. but they have the pc's do that, scan for key phrases with that AI pc they have.....

You clearly are a troll and a liar and have not freaking clue what your are writing about. Except for the part about scanning for key words (e.g. carnivore), which Tor defeats (between you and your ISP) and use with Tor and HTTPS (between exit node > ISP > website) defends against.

 

[OMountainMix]

Correct me if I'm wrong, but didn't the Overgrow bust happen b/c the people who hosted the servers were up to other activities than just pot and drew major attention to themselves? And were members of OG also busted b/c the servers got popped or just the owners or the servers? Isn't OG perhaps not the best example to give?

 

[microgram]

I'm feeling widespread hate, lets let the good karma flow people!!!

Anyone been following the news lately? or ever? even though the american government only has legal jurisdiction on it's own turf, it seems like they can pressure foreign governments to do anything they want.

They might not even use 'ip logs' as evidence in court, but you can be damn sure they'll use it to find you. I know a half dozen people who work in call centers for ISP's in my area and I could call them and do a lookup for me. Illegal, but who cares? Don't think the government wont utilize this to FLIR up your house and come knocking with a search warrant. It doesn't take much to say that they were walking down your street when they smelled marijuana leaking from your house, and saw streaming lights coming from your attic.

I wish it was easy to sum up how to be 100% secure in a thread that only consists of two easy to read paragraphs, spurr has definitely explained his points thoroughly, and if you don't understand how to set something up, there are always live chat rooms that you can join via irc.

I didn't think chrome was open source, but I know chromium is. Looks like chrome is open source. I wouldn't trust the binary though.

To answer spurrs questions:
1. The reason why I echo'd all that text is because I was going to release it among a few of my friends, and I actually 'signed' it within that block of code near the bottom on the second last line with one of my other online nicks, but I removed it because of security. I belong all over the web.. maybe... or maybe not. I try to keep any possible 'false' associations at bay. After pointing out that yes, microsoft is horrible (yet again, hehe) I'll have to look up that trashing program.
2. I don't actually ever really code in batch unless I want to use something portable, I could hack something together somehow...... But then it wouldn't be as easy to edit on the fly. Cheers all.

 

[jd4083]

Just here to see if I can borrow some tin foil to bake these cookies with, the store's closed

 

[peacenotgreed]

...

 

[spurr]

SPURR I took CCNA back in school (2001-2002) and as a reformed Unix hacker I can say with confidence that you do know what you're talking about. You speak my language!

I have all my hdd's using luks encryption. AES-XTS-PLAIN 512 bit key SHA512 hash with a 42 character passphrase. Running LFS 64-bit so I know what my system has exactly. All custom. The swap file is even encrypted on the fly using the same algorithms and /dev/urandom as the keyfile. It would take many lifetimes to brute force this...

Nice, that is very similar to my setup on my *nix box

I LOL to that dudes thermite on the hdd idea, he most likely read that from The Anarchist Cookbook from forever ago if I remember correctly.

Me too, hehe. At least he didn't suggest using a big magnet!

There is ABSOLUTELY NO SECURITY in using anonymous proxies. Even when using SSL. This is because you are setting yourself up for a MITM attack at the proxy which can VERY easily plain text all encrypted data if the attack is engaged correctly. This is by no means secure. It's actually LESS secure because of this.

True, most proxy networks (e.g. Tor) are for anonymity; but Tor hidden services are pretty secure, more-so than using Tor for the Internet. That said, it's better to use SSL vs. non-SSL over proxies to increase the cost (time/effort wise) of mounting such an attack; as long as people don't have a false sense of security. It's less costly to sniff packets of non-SSL than SSL. One thing I do like about the Tor network is at least 3 computer scientists (they prefer to be called hackers like all good hackers do) are constantly trolling the network with tools like Snakes-on-a-Tor to test for crackers (blackhats) running MITM attacks, SSL cert spoofing, DNS hijacking, etc.

There are SO MANY WAYS to 'correctly' protect yourself on this 'mesh of insanity' (the internet) and most of these ways are far beyond the comprehension of an average web surfer and sometimes the resources (boxes) used to accomplish this are hacked therefore illegal in itself. I won't go into detail here because this is in-fact a Pot forum and not a Blackhat forum.

Very, very true. The sad fact is securing one's box and anonymizing one's online presence, in sound ways, are not easy as one step point-and-click like 99% of Windoze users are used to...

And this thread isn't even covering topics like Van Eck monitoring, hardware keystroke loggers, etc...fwiw, my computers are well grounded with low EM monitors; at one point I almost built a faraday cage but I thought that was going beyond the pale because I'm not a terrorist or super-spy or any such thing.

 

[DIGITALHIPPY]

Google (search engine) and Chrome are two different things. And as you might have noticed, I wrote not to use Chrome until TorButton is ready for it. TorButton will fix all issues with Chrome, like it does with Firefox (except where Mozilla is too lazy to fix bugs affecting functionality of TorButton).



Do you even know what carnivore is and does? It does not "go through Tor"; unless you can cite legit references backing up your claim...

And what the hell is "Tor,s"?. There is only one Tor.

TOR's are systems that use the TOR service of proxies... like TORPARK.... YOU FUCKING MORON.

LOL, OK, just how would that happen if your Internet connection does not traverse Chinese ISPs and/or servers? I am referring to non-Tor Internet usage.

Using Tor makes attempts by ISP and carnivore, etc., fail when they try to monitor traffic from your IP.

Also, using something like sslstrip is not as easy as you and the OP are making it out to be...

you really think that the packets can get to YOUR IP WITHOUT LEAVING A TRAIL??? TOR just bounces your packet around a collection of servers.......

like u said, making it harder for FBI/NSA, etc. BUT NOT IMPOSSIBLE.

Reading packets isn't hard, that is why using Tor with HTTPS is important.




You clearly are a troll and a liar and have not freaking clue what your are writing about. Except for the part about scanning for key words (e.g. carnivore), which Tor defeats (between you and your ISP) and use with Tor and HTTPS (between exit node > ISP > website) defends against.

you sure do think you know it all.

the chinese firewall reads tor, psiphon and most other 'subvertive' communications. so imagine what ours does.

chrome and google are the same dam thing, there gone narc u out and collect your data, why do you think they made a browser? so they can mine your data.

microsoft isnt even as bad as google in this respect. so by suggesting chrome thats basicly installing carnivore/dcs1000(dcs2000 now) on your pc.

i do know what carnivore is, DO YOU?
some information for you. since you seam to think TOR and google are clean of backdoors/datamining


http://www.dojgov.net/USDOJ_Carnivore_Scam.htm
http://www.cotse.net/privacy/carnivore.htm

i think your the liar....
especialy because alot of your info is wrong. misguided, or overzealouse.

you admit taking apart a packet isnt hard, then you say tor.. what next? stunnel? psiphon? DCS100(carnivore upgraded) is gona get past all that GARBAGE.

ive work with highlevel pc's and for the DOJ....
im not sure what crap your spouting. but your the troll with your scare stories, and nonesence....

 

[DIGITALHIPPY]

sorry, DCS is now called DCSnet. (carnivore->dcs1000->dcs2000->dcsnet/dcs3000)
so carnivore is now in V4.0

...some basic info for the kiddies.
http://www.wired.com/politics/security/news/2007/08/wiretap

Point, Click ... Eavesdrop: How the FBI Wiretap Net Operates
By Ryan Singel 08.29.07
The FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device, according to nearly a thousand pages of restricted documents newly released under the Freedom of Information Act.

The surveillance system, called DCSNet, for Digital Collection System Network, connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It is far more intricately woven into the nation's telecom infrastructure than observers suspected.

It's a "comprehensive wiretap system that intercepts wire-line phones, cellular phones, SMS and push-to-talk systems," says Steven Bellovin, a Columbia University computer science professor and longtime surveillance expert.

Slideshow

Snapshots of the FBI Spy Docs
DCSNet is a suite of software that collects, sifts and stores phone numbers, phone calls and text messages. The system directly connects FBI wiretapping outposts around the country to a far-reaching private communications network.

Many of the details of the system and its full capabilities were redacted from the documents acquired by the Electronic Frontier Foundation, but they show that DCSNet includes at least three collection components, each running on Windows-based computers.

The $10 million DCS-3000 client, also known as Red Hook, handles pen-registers and trap-and-traces, a type of surveillance that collects signaling information -- primarily the numbers dialed from a telephone -- but no communications content. (Pen registers record outgoing calls; trap-and-traces record incoming calls.)

DCS-6000, known as Digital Storm, captures and collects the content of phone calls and text messages for full wiretap orders.

A third, classified system, called DCS-5000, is used for wiretaps targeting spies or terrorists.

What DCSNet Can Do

Together, the surveillance systems let FBI agents play back recordings even as they are being captured (like TiVo), create master wiretap files, send digital recordings to translators, track the rough location of targets in real time using cell-tower information, and even stream intercepts outward to mobile surveillance vans.

FBI wiretapping rooms in field offices and undercover locations around the country are connected through a private, encrypted backbone that is separated from the internet. Sprint runs it on the government's behalf.

The network allows an FBI agent in New York, for example, to remotely set up a wiretap on a cell phone based in Sacramento, California, and immediately learn the phone's location, then begin receiving conversations, text messages and voicemail pass codes in New York. With a few keystrokes, the agent can route the recordings to language specialists for translation.

The numbers dialed are automatically sent to FBI analysts trained to interpret phone-call patterns, and are transferred nightly, by external storage devices, to the bureau's Telephone Application Database, where they're subjected to a type of data mining called link analysis.

FBI endpoints on DCSNet have swelled over the years, from 20 "central monitoring plants" at the program's inception, to 57 in 2005, according to undated pages in the released documents. By 2002, those endpoints connected to more than 350 switches.

Today, most carriers maintain their own central hub, called a "mediation switch," that's networked to all the individual switches owned by that carrier, according to the FBI. The FBI's DCS software links to those mediation switches over the internet, likely using an encrypted VPN. Some carriers run the mediation switch themselves, while others pay companies like VeriSign to handle the whole wiretapping process for them.

The numerical scope of DCSNet surveillance is still guarded. But we do know that as telecoms have become more wiretap-friendly, the number of criminal wiretaps alone has climbed from 1,150 in 1996 to 1,839 in 2006. That's a 60 percent jump. And in 2005, 92 percent of those criminal wiretaps targeted cell phones, according to a report published last year.

These figures include both state and federal wiretaps, and do not include antiterrorism wiretaps, which dramatically expanded after 9/11. They also don't count the DCS-3000's collection of incoming and outgoing phone numbers dialed. Far more common than full-blown wiretaps, this level of surveillance requires only that investigators certify that the phone numbers are relevant to an investigation.

The Justice Department reports the number of pen registers to Congress annually, but those numbers aren't public. According to the last figures leaked to the Electronic Privacy Information Center, judges signed 4,886 pen register orders in 1998, along with 4,621 time extensions.

CALEA Switches Rules on Switches

The law that makes the FBI's surveillance network possible had its genesis in the Clinton administration. In the 1990s, the Justice Department began complaining to Congress that digital technology, cellular phones and features like call forwarding would make it difficult for investigators to continue to conduct wiretaps. Congress responded by passing the Communications Assistance for Law Enforcement Act, or CALEA, in 1994, mandating backdoors in U.S. telephone switches.

CALEA requires telecommunications companies to install only telephone-switching equipment that meets detailed wiretapping standards. Prior to CALEA, the FBI would get a court order for a wiretap and present it to a phone company, which would then create a physical tap of the phone system.

With new CALEA-compliant digital switches, the FBI now logs directly into the telecom's network. Once a court order has been sent to a carrier and the carrier turns on the wiretap, the communications data on a surveillance target streams into the FBI's computers in real time.

The Electronic Frontier Foundation requested documents on the system under the Freedom of Information Act, and successfully sued the Justice Department in October 2006.

In May, a federal judge ordered the FBI to provide relevant documents to the EFF every month until it has satisfied the FOIA request.

"So little has been known up until now about how DCS works," says EFF attorney Marcia Hofmann. "This is why it's so important for FOIA requesters to file lawsuits for information they really want."

Special Agent Anthony DiClemente, chief of the Data Acquisition and Intercept Section of the FBI's Operational Technology Division, said the DCS was originally intended in 1997 to be a temporary solution, but has grown into a full-featured CALEA-collection software suite.

"CALEA revolutionizes how law enforcement gets intercept information," DiClemente told Wired News. "Before CALEA, it was a rudimentary system that mimicked Ma Bell."

Privacy groups and security experts have protested CALEA design mandates from the start, but that didn't stop federal regulators from recently expanding the law's reach to force broadband internet service providers and some voice-over-internet companies, such as Vonage, to similarly retrofit their networks for government surveillance.

New Technologies

Meanwhile, the FBI's efforts to keep up with the current communications explosion is never-ending, according to DiClemente.

The released documents suggest that the FBI's wiretapping engineers are struggling with peer-to-peer telephony provider Skype, which offers no central location to wiretap, and with innovations like caller-ID spoofing and phone-number portability.

But DCSNet seems to have kept pace with at least some new technologies, such as cell-phone push-to-talk features and most VOIP internet telephony.

"It is fair to say we can do push-to-talk," DiClemente says. "All of the carriers are living up to their responsibilities under CALEA."

Matt Blaze, a security researcher at the University of Pennsylvania who helped assess the FBI's now-retired Carnivore internet-wiretapping application in 2000, was surprised to see that DCSNet seems equipped to handle such modern communications tools. The FBI has been complaining for years that it couldn't tap these services.

The redacted documentation left Blaze with many questions, however. In particular, he said it's unclear what role the carriers have in opening up a tap, and how that process is secured.

"The real question is the switch architecture on cell networks," said Blaze. "What's the carrier side look like?"

Randy Cadenhead, the privacy counsel for Cox Communications, which offers VOIP phone service and internet access, says the FBI has no independent access to his company's switches.

"Nothing ever gets connected or disconnected until I say so, based upon a court order in our hands," Cadenhead says. "We run the interception process off of my desk, and we track them coming in. We give instructions to relevant field people who allow for interconnection and to make verbal connections with technical representatives at the FBI."

The nation's largest cell-phone providers -- whose customers are targeted in the majority of wiretaps -- were less forthcoming. AT&T politely declined to comment, while Sprint, T-Mobile and Verizon simply ignored requests for comment.

Agent DiClemente, however, seconded Cadenhead's description.

"The carriers have complete control. That's consistent with CALEA," DiClemente said. "The carriers have legal teams to read the order, and they have procedures in place to review the court orders, and they also verify the information and that the target is one of their subscribers."

Cost

Despite its ease of use, the new technology is proving more expensive than a traditional wiretap. Telecoms charge the government an average of $2,200 for a 30-day CALEA wiretap, while a traditional intercept costs only $250, according to the Justice Department inspector general. A federal wiretap order in 2006 cost taxpayers $67,000 on average, according to the most recent U.S. Court wiretap report.

What's more, under CALEA, the government had to pay to make pre-1995 phone switches wiretap-friendly. The FBI has spent almost $500 million on that effort, but many traditional wire-line switches still aren't compliant.

Processing all the phone calls sucked in by DCSNet is also costly. At the backend of the data collection, the conversations and phone numbers are transferred to the FBI's Electronic Surveillance Data Management System, an Oracle SQL database that's seen a 62 percent growth in wiretap volume over the last three years -- and more than 3,000 percent growth in digital files like e-mail. Through 2007, the FBI has spent $39 million on the system, which indexes and analyzes data for agents, translators and intelligence analysts.

Security Flaws

To security experts, though, the biggest concern over DCSNet isn't the cost: It's the possibility that push-button wiretapping opens new security holes in the telecommunications network.

More than 100 government officials in Greece learned in 2005 that their cell phones had been bugged, after an unknown hacker exploited CALEA-like functionality in wireless-carrier Vodafone's network. The infiltrator used the switches' wiretap-management software to send copies of officials' phone calls and text messages to other phones, while simultaneously hiding the taps from auditing software.

The FBI's DiClemente says DCSNet has never suffered a similar breach, so far as he knows.

"I know of no issue of compromise, internal or external," DiClemente says. He says the system's security is more than adequate, in part because the wiretaps still "require the assistance of a provider." The FBI also uses physical-security measures to control access to DCSNet end points, and has erected firewalls and other measures to render them "sufficiently isolated," according to DiClemente.

But the documents show that an internal 2003 audit uncovered numerous security vulnerabilities in DCSNet -- many of which mirror problems unearthed in the bureau's Carnivore application years earlier.

In particular, the DCS-3000 machines lacked adequate logging, had insufficient password management, were missing antivirus software, allowed unlimited numbers of incorrect passwords without locking the machine, and used shared logins rather than individual accounts.

The system also required that DCS-3000's user accounts have administrative privileges in Windows, which would allow a hacker who got into the machine to gain complete control.

Columbia's Bellovin says the flaws are appalling and show that the FBI fails to appreciate the risk from insiders.

"The underlying problem isn't so much the weaknesses here, as the FBI attitude towards security," he says. The FBI assumes "the threat is from the outside, not the inside," he adds, and it believes that "to the extent that inside threats exist, they can be controlled by process rather than technology."

Bellovin says any wiretap system faces a slew of risks, such as surveillance targets discovering a tap, or an outsider or corrupt insider setting up unauthorized taps. Moreover, the architectural changes to accommodate easy surveillance on phone switches and the internet can introduce new security and privacy holes.

"Any time something is tappable there is a risk," Bellovin says. "I'm not saying, 'Don't do wiretaps,' but when you start designing a system to be wiretappable, you start to create a new vulnerability. A wiretap is, by definition, a vulnerability from the point of the third party. The question is, can you control it?"

http://www.eff.org/issues/foia/061708CKK

FOIA: DCS-3000 and Red Hook
In this Freedom of Information Act lawsuit, the Electronic Frontier Foundation (EFF) seeks information about two electronic surveillance systems developed by the FBI: DCS-3000 and Red Hook.

Little is publicly known about these spying tools. DCS-3000 was developed in the wake of "Carnivore" or DCS-1000, a controversial surveillance system the FBI used several years ago to monitor online traffic through Internet service providers. One Department of Justice report said DCS-3000 was created to "to intercept personal communications services delivered via emerging digital technologies used by wireless carriers." According to the same report, Red Hook is a system developed to "collect voice and data calls and then process and display the intercepted information."

On May 7, 2007, a federal judge ordered the FBI to process and release documents responsive to EFF's request on a rolling basis. Those records will be posted here as EFF receives them.

Deeplinks PostsMarch 15, 2009
Help EFF Make Open Government a Reality
Press ReleasesMarch 16, 2009
EFF Launches Search Tool for Uncovered Government Documents
October 03, 2006
EFF Sues for Information on Electronic Surveillance Systems
In The NewsWIRED BLOG | December 19, 2007
FBI Recorded 27 Million FISA 'Sessions' in 2006
WIRED NEWS | August 29, 2007
Point, Click . . . Eavesdrop: How the FBI Wiretap Net Operates

a tad old, but still relivant, and explains alot.

this explains TOR
http://www.torproject.org/about/overview.html.en#hiddenservices

AND ALSO EXPLAINS HOW TO SUBVERT TOR. just go backwards.... all thoes packets have an embeded packet, just need to strip off the layers of bunk packets.
EASY FOR DCSnet

 

[peacenotgreed]

...

 

[vonforne]

I have the PERFECT solution for internet security........it is what I did several years ago........I moved OUT of the USA with their Nazi persecution of us growers and users.

Not that the EU is the easiest to get used to for some Americans but it is better than being paranoid all the time. And the cities are quit beautiful. The people are friendly and OPEN minded. The people in America are open minded also but it is just the Govt. that is closed minded towards us.

All you people that want to escape that join me in Prague, CZ or Spain this coming. year.

V