Slashdot Mirror
FBI Compromises Another Remailer
betterunixthanunix writes "Another remailer has been compromised by the FBI, who made a forensic image of the hard disk of a remailer located in Austria. The remailer operator has reissued the remailer keys, but warns that messages previously sent through the remailer could be decrypted. The operator also warns that law enforcement agents had an opportunity to install a back door, and that a complete rebuild of the system will take some time."
Why the fuck are you intruding into and altering foreign systems? That's not your fucking jurisdiction or job!
Leave that shit to the intelligence agencies, if someone must do it.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
Did they manufacture any "evidence" in the process?
what's a remailer?
Not if they were encrypted to the end recipient's public key. If not, they were plaintext in transit and possibly on the ISP's server.
So, are there any remailers in countries that don't have reciprocal juristictional arrangements with the USA?
....is that the FBI is a criminal organization.
Anonymous remailers are set up for reason of protection of those with information they want to get out but can as well suffer from a repressive regime, otherwise risking death if not done anonymously. Even universities of law have set such remailer up in respect of the law, ethics and democracy.
Perhaps there is a jail cell next to Bradly available for these. Naw.... not a chance.... somebody is going to die and that will make it ok.
What an upside down world we live in... Ready to flip it right side up?
So, effectively, the FBI has just committed a crime. They have intruded into the server of a foreign company and added a backdoor. I am surprised Austria is not up in complete arms over this. Anonymity in of itself is not a crime so the FBI really behaved egregiously!
include could the FBI briing a rogue remailer online using the image?
why wasnt full disk encryption used in this case to store the private keys?
in my opinion everything from the case fans to the bolts in the mounting rails on this server are now tainted. Sell it on ebay and build a new one.
Good people go to bed earlier.
According to the link discussion, this came about as the result of a Pittsburgh bomb threat, as authorities try to trace the original sender.
Copying a whole hard disk seems a bit much. Especially since it's a foreign country. I guess if it were US, they would sieze the hardware instead. Still, I have to wonder about collateral data that went through that remailer. Say they find something unrelated but illegal. Jurisdiction go out the window here, or is the US really the gonna be world cop for the Internet? Or at least, only when it upsets them.
Just so you all know the DNS for the united hackers association USED to be in austria....
IT MOVED a while back and im gathering once we leave you numbnutted bastards go hunting....
Paybacks will be a bitch i hear....
?????
FBI just takes the thing they went at completely down.
These guys imaged the thing.
How do FBI are smarts?
Get it together FBI, imaging isn't a hard thing to do.
Ok - so the FBI wants access to a remailer, and they make a forensic hard drive image, rather than simply confiscating the server and hurting everyone using it, like in the last slashdot story related to this.
Now, everyone is freaking out ... why?
Bomb threats are very serious and annoying business. Ideally, the FBI and remailer operators would cooperate to find the perps, without completely destroying legitimate use in the process. I know everyone is freaking about due process yatta yatta yatta, but this looks like it was handled much better than when the FBI simply confiscated servers.
What's the alternative? Live with shitheads who abuse remailers? I'm really not trying to troll. I want to know how slashdotters think that bomb-threats through remailers should be dealt with?
I hope others here and around are helping do their part, sending meaningless noise messages through the reamailer networks.
When I read the summary ("... forensic image of the hard disk"), I pictured an agent standing over a server taking a photo of the HDD (with a Polaroid camera).
Nothing would surprise me after reading this.
Because anonymous remailers are not designed and implemented for the use of Spammers any more than the Internet was. By your logic: Spammers use anonymous remailers so taking them down is good, and Spammers use the Internet, so taking it down is good. See the problem there?
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
"I'll be back!"
Life imitates art, because when he came back, he was pwnd by Connor.
Have gnu, will travel.
If we're going to trust these remailers then we need to do things properly. Key goes into the crypto processor, never comes out. Means someone can't just seize your server and image it then use that image to decrypt all traffic that passed through. If they want to try and get it out, fine but they'll need a guy with an Electron microscope to do so and they'll likely trip the tamper measures and bye bye key. If you're particularly paranoid you can even destroy your copy of the key once you've loaded it, this might mean changing your key if you have to move servers but it means that the service you offer is truly tamper evident. Plus you also have the added bonus that a dedicated hardware security module is usually quicker than your processor at doing encryption/decryption.
Can I send in a FOIA request to get back that important email that I lost last week when my hard drive failed?
While I realize this was not a US server, I am curious. Can the FBI legally install a backdoor into a US server without a warrant to specifically do so? I would assume not. Of course, I guess that wouldn't keep the FBI from illegally installing a backdoor.
For private communication use postal mail.
In a democracy, just as the government is meant to be accountable to the people, the people are accountable for the government they choose. Democracy doesn't stop at the ballot box. This is something noone seems to get. Why does everyone hate Americans? Because of what their government does. And they keep on putting assholes in charge. Sure, not every American voted the same way, but as a democracy you (theoretically) have the power as a population to stop bad laws from being passed, and to stop bad actions from being taken... In general, people don't. It's called tacit consent. Bitch and whine all you want, and say you voted for the other guy, but you are implicitly condoning the actions of your government until you actively protest against them, either within the law (writing letter to your representatives, legal protests) or outside the law (civil disobedience).
Everything being a state secret these days, no longer can the public tell if such email threats are real or generated by the government to grab more power.
I mean, if the person they're after, used the remailer system as it is supposed to work...it "should" be uncrackable and untraceable.
It will be interesting to see the system go through what I have to guess is the first actual hard core test it has ever gone through.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Send all your data through the US email system then if you have a catastrophic loss you can just use a freedom of information request to get a copy of your data!
If remailers are getting taken down because authorities want images of their hard drives, what about just giving that to them? Pre-emptively? The hard drives should have nothing revealing on them, I think. Is that your understanding, too? If so, then remailers could continue to operate despite law enforcement investigation.
The sticking points I see:
My intuition says it may be possible to overcome each of these.
Why not try and induce a mass media frenzy that can focus on twhen the FBI has found leaks, and compromised particular networks, specifically the ones that are responsible for the worst spam. Then attach all sorts of fake info about busts, raids, etc...and that they are looking for more of the individuals associated through C&Cs and will use the ip list to track them down.
This would lead to all or any of the people using the C&C to stop right away for fear of getting caught and laying low until it tides over, even though the threat is fake and therefor without costing any money but lying to media a little, you brought down temporarily the amount of spam out there.
FBI's actions have exposed a weakness in the remailer system that has only recently become an issue: Key lifetimes.
Seizing the key of a remailer is traditionally considered not a huge problem. Only recent emails are at risk. However, now it is considered plausible that the FBI/NSA/etc. have been copying every email ever sent for years "just in case". With the key and their huge datastore, they can now go back years and decrypt everything.
Again, one compromised key won't break the chain, but the FBI now have the keys to two remailers. It will soon be three remailers (the minimum secure chain length) if the FBI continues this line if investigation. Gain enough keys, and they will be able to defeat the network and trace messages back to their source.
The tell for this strategy will be if a middleman remailer is seized. A middleman remailer communicates only with other remailers; it does not send emails on to the final recipients. If the FBI goes after a middleman remailer, then it means they have access to a datastore of all emails sent by remailers. Otherwise it would be futile to go after middlemen.
What's needed to defeat this is a way to implement much tighter forward secrecy. The FBI's strategy works because remailer keys are long lived (a year or more). Remailers now should stat rotating their keys much more frequently (weekly at least). This makes distribution/verification a problem because having to contact the remailer to download keys defeats the purpose of using remailers in the first place. I'm not sure how to solve that one.
Your mood will change when you have a bunch of people with M4s pointed at your head at 4AM local time. I suspect you don't run for the "delete" button.
http://xkcd.com/538/ also XKCD
Which was why I said destroy your copy of the key once you've loaded it... It's far more likely you'd be compelled by a court order than an M4 anyway. The point being if the only copy of the private key is in the crypto processor then it doesn't matter whether your opponent uses rubber hose cryptography or has a court order, because you don't have a copy of the key to give them and they know that because you've advertised that fact before hand.
From NSA's point of view, right now your gmail account is noise. But everyone's political views change over time as a natural part of the process of growing up. Sometimes things go wrong, and perfectly normal people who hold perfectly normal views turn into monsters. There's a 99.99999% probability that you're not one of them. But for the sake of 3 lousy gigs out of a yottabyte, there's a 100% chance that someone's 3GB of noise will contain signal.
And this is what is wrong with America. People will go to any end to have 100% safety, including sell out their rights and privacy if they think there is an IOTA of a chance it will protect their measly worthless backsides.
I am proud to say I believe in freedom and the beliefs of the founding fathers.I am willing to die for the country in the name of freedom. I don't want to, but I accept that risk as a cost of living in a free society. If that means that there is a small chance that I die because the plane/train/buss I am on destroyed in a terrorist attack, I freely accept that risk. The rest of America needs to wake up and realize that selling privacy and freedom will not buy them any more safety and security.
Data intercept is just plain wrong. Nobody has license to spy on America domestically, there is a reason why warrants are required legally to engage in surveillance.
HA! I just wasted some of your bandwidth with a frivolous sig!
> Key goes into the crypto processor, never comes out
False assumption. Hardware hacking is very advanced in the US int-mil sector. Furthermore, it is quite likely that all crypto processors contain gov't.mandated backdoors by design, else the company execs would go to prison if the NSA finds out.
Anyhow, as long as the jewish intelligentsia are with USA, you can never outsmart USA.
...or, to avoid 'specialist' hardware (and thus bring it into the realm of a $10/month VM), would it be possible for the machine to boot up and wait for a key to be sent to it, which it would store only in RAM?
This idea suggests it might be possible for the FBI to nab a server and actually get nothing at all. If they had some way to breakpoint the system and read the RAM then presumably they'd get everything though (which the crytpo chip wouldn't be vulnerable to).
This method also means it would be possible to setup a cluster of servers in disparate locations, but have them keyed from machines in other locations. If they keys got delivered by email, then it could be considerably difficult to work out where the keys came from, and thus make it hard to 'cut off the head' and destroy the cluster.
Going further, I guess you could set up VPNs between remailers so that machine A receives an email, but actually sends it to machines B and C to have it decrypted. Machine B just sends the message right back, whereas C decrypts it and sends it back. Thus, you wouldn't know which machine had actually done the work, and thus which machine to subpoena. This method is a lot more complicated, and I'm sure needs a lot more thinking about (and would need one hell of an implementation not to have a backdoor in it).
All this said, I have no idea what I'm talking about. For some reason I've always enjoyed the mental challenge of working out how to overcome these sorts of problems though.
Not even that. The private key should be known to nobody. When the server comes online it should generate a new public/private key pair and store them in RAM. Build an interface whereby users can query the server for it's public key. They will encrypt their messages with this key before sending them to the re-mailer. Messages can't be decrypted without the private key, which is stored only in the re-mailer's RAM.
If the re-mailer has a time delay feature, then obviously the messages must be stored in a database awaiting delivery. Stored messages will obviously be encrypted and require the private key to be decrypted successfully. Under this setup, if the re-mailer should ever lose power, all stored messages will be destroyed, as the private key has been lost.
In case of power failure and data loss, (optionally) store the sender's e-mail address in a second database, unencrypted, along with a count indicating how many encrypted messages originated from that sender. Increment/decrement this count each time a message is received and stored, or is sent (after its time delay) and the encrypted record is purged from the database. If the count is decremented to zero, overwrite the record with 0s and mark it as deleted. If authorities seize this database, all they will know is who had messages waiting in the re-mailer system; they will be unable to decrypt the messages themselves. They may still be able to rubber-hose decrypt the message, if they can find the sender; so, have an option for extra anonymity - sender's e-mail address isn't stored in the unencrypted database; if the message is lost, the sender will never know that it wasn't re-mailed.
Periodically, run a cleanup process which runs through the entire encrypted database, decrypts each record with the current private key, runs a checksum, and attempts to verify the checksum. If the checksum is bad, then the record was created under a different public/private key pair - i.e. it's now garbage. Overwrite with zeros and mark as deleted. During this process, compile a new temporary table of senders and # of messages sent by each (this should match the one previously described). Do a difference on this, compared to the database that is maintained continuously. Any sender in the continuously maintained database who has a sent messages that can't be decrypted will have a higher count in the original database than in the newly generated database; send an auto-generated response to each of them indicating that messages they sent were not delivered to their intended recipient, then overwrite with the # of messages that were successfully decrypted. After completing the task, securely delete the temporary table.
In real life, commercial spammers do not use remailers. It just does not happen: Latency is too high, reliability is too low. The only network attacks I have seen via remailers is an occasional flood of a USENET group via mail2news gateways.
See my 1st post.
"Anyone" doing mass e-mailing is NOT a spammer "point blank".
Yea. Prove he doesn't.