Slashdot Mirror
FBI Compromises Another Remailer
betterunixthanunix writes "Another remailer has been compromised by the FBI, who made a forensic image of the hard disk of a remailer located in Austria. The remailer operator has reissued the remailer keys, but warns that messages previously sent through the remailer could be decrypted. The operator also warns that law enforcement agents had an opportunity to install a back door, and that a complete rebuild of the system will take some time."
Why the fuck are you intruding into and altering foreign systems? That's not your fucking jurisdiction or job!
Leave that shit to the intelligence agencies, if someone must do it.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
The remailers are not the target, it's users are.
Don't know something? Look it up. Still don't know? Then ask.
Not if they were encrypted to the end recipient's public key. If not, they were plaintext in transit and possibly on the ISP's server.
An anonymous remailer is a server that receives messages with embedded instructions on where to send them next, and that forwards them without revealing where they originally came from.
http://en.wikipedia.org/wiki/Anonymous_remailer
the problem here is that the US is *known* to be storing ALL email traffic that routes through the united states. Sounds like a daunting task, but there's a reason they have all these big high security data centers all over the place and have "high security rooms" at all the telcos and large ISPs. That traffic gets siphoned off to their data centers for storage for later in case they need it. There's a simple reason why those places have petabytes of storage.
So there is never a question of "but they'd have to have been watching for that email last week/month/year and it's long since been sent and removed from caches". No. They have it. They have them all, just in case. Watch Enemy of the State. Watch how they pull up satellite footage from hours and days ago. Same principle here, if you can record everything, it works like a time machine. (for the past anyway)
So yes, busting down a door and taking the remailer keys gives them 100% access to 100% of the traffic that has been sent by that remailer at ANY point in the past where it crossed through a US ISP.
The truly disgusting part of this is they got the KEYS. Technically all they NEEDED was to hand over the encrypted message to the AU authorities, they break down the door and use the key to decode the message, and turn over the message, then wipe their copy of the key. That would be the "proper" way to do it, not to abuse the system, but instead they handed over the KEYS themselves, and now the US can decrypt truckloads of hard drives of emails that they have NO business having access to. That is the true crime here. It's like having a legal reason to subpoena a safe deposit box at a bank, and the bank hands them over a master key that opens every box in the vault and lets them look through anything they want. That's just WRONG.
Every time someone sends a bomb threat they can pull this stunt, it's like christmas over at the NSA, "we got another key! lets see what goodies we can find!" Talk about an incentive for abuse... Normally I don't go "tinfoil hat" on things, but THIS is actually an instance where I could start to buy into someone suggesting the NSA/etc forging a bomb threat just to get access to another random footlocker of encrypted data they want a peek at.
I work for the Department of Redundancy Department.
Couldn't even bother to read the first paragraph of the article, eh?
Today, the police arrived with a court order that allowed them to
create a forensic disk image of the austria remailer. This apparently
was on request of the US authorities, related to the Pittsburgh bomb
threats. (emphasis mine)
It was the Austrian police who had a valid court order who 'intruded'. As for the 'added a backdoor':
Depending on how paranoid you are, you may assume the machine is
backdoored, since the authorities have had access.
Doesn't say the FBI ever had access. Doesn't say there IS a backdoor, just that if you're paranoid yo umay assume there is one.
Because anonymous remailers are not designed and implemented for the use of Spammers any more than the Internet was. By your logic: Spammers use anonymous remailers so taking them down is good, and Spammers use the Internet, so taking it down is good. See the problem there?
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
If we're going to trust these remailers then we need to do things properly. Key goes into the crypto processor, never comes out. Means someone can't just seize your server and image it then use that image to decrypt all traffic that passed through. If they want to try and get it out, fine but they'll need a guy with an Electron microscope to do so and they'll likely trip the tamper measures and bye bye key. If you're particularly paranoid you can even destroy your copy of the key once you've loaded it, this might mean changing your key if you have to move servers but it means that the service you offer is truly tamper evident. Plus you also have the added bonus that a dedicated hardware security module is usually quicker than your processor at doing encryption/decryption.
Suppose you had a yottabyte of disk storage. 3GB isn't just a drop in the bucket, it's not even a grain of sand at the beach.
Car Analogy: Most of us break the odd traffic law every now and then. Very rarely, does anybody get caught. At the instant Officer Friendly pegs you on radar doing 35 in a 30 zone, he'd very much like to be able to check your driving history. If there were a giant database of everyone's GPS logs, he could tell whether you were just in a hurry that morning, the sort of driver who usually drives precisely 4 (or 9) miles an hour over the posted speed limit, or if you do 120 in a 60 zone whenever there aren't any cops around. If Officer Friendly had access to that data, he'd be better able to judge whether or not to pull you over.
For speeding, it's not worth logging the movements of every car and correlating them with local speed limits at the time the log was written.
For other things, it probably is.
From NSA's point of view, right now your gmail account is noise. But everyone's political views change over time as a natural part of the process of growing up. Sometimes things go wrong, and perfectly normal people who hold perfectly normal views turn into monsters. There's a 99.99999% probability that you're not one of them. But for the sake of 3 lousy gigs out of a yottabyte, there's a 100% chance that someone's 3GB of noise will contain signal.
Since they don't posess a time machine that can peer into the future, they don't, and can't, know whose 3GB-of-noise will eventually contain a signal 20 years from now. But 20 years from now, they will have a time machine that can peer back 20 years into the past.
I mean, if the person they're after, used the remailer system as it is supposed to work...it "should" be uncrackable and untraceable.
It will be interesting to see the system go through what I have to guess is the first actual hard core test it has ever gone through.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........