RE: Choke Carnivore Day

From jaundice frijoles <jaundice@kosmos.net>
Date Mon, 18 Sep 2000 12:03:09 -0400


[: hacktivism :]

>Well, I don't agree with that part because a lot of "non-subversive"
>people use crypto, too. And I doubt they get messed into attention.
>Everyone uses crypto, it's not enough to make you a suspect.

I must comment that while in most cases the mere evidence of two parties
being in contact does not create reason for alarm, at the same time it can
be the one piece of evidence the court needs to convict a given party. i.e.
"We can prove that Mr. X was in contact with Mr. Z three hours before the
murder - by method of encrypted email"

>What I'm worried about is this >>> if they have better computers than
>they can crack your crypto. Remember a debut of some federal crypto
>standard a couple of years ago that was cracked by some hackteam using
>widgets? You know, that kind of "distributive computing" thing, were
>lots and lots and lots of PCs do fragments of work instead of leaving
>it to this one flagship-ass machine? Well I guess it's no surprise to
>most of us that this progressive, organic approach to computing proved
>a hell of a lot more efficient.

Cracking crypto is a problem. As computers get proportionately faster and
more powerful, crypto gets weaker by transitive property. We've seen the
dawning of gigahertz machines on the consumer market, and if grandma is
checking her aol mail on a machine that powerful, I fear the specs on
bleeding-edge government computer systems. Distributive computing can be
very powerful - for some info on that, check out the projects at
distributed.net

>Well, I don't want to launch a paranoia-type meme here... But what if
>there was this miniscule, invisible widget-virus running in your
>computer right now, hmm? I mean, one that you don't know of yet?
>What if this widget was actually widely dissiminated through the
>whole internet by the US military-government-NSA-FBI-mason-octupus
>(etc, take your pick, mix n'match) not so much to pick up on what
>you're doing (since that would be a resource hog on your machine
>and easier to detect), but actually to break codes? What kind of
>codes? I don't know! All sorts of them, remember that echelon actually
>only "came-out" as official after the european union denounced the US
>was using it for industrial espionage? Remember that IBM is a big
>contractor for the NSA? So begin to see the connection? Maybe IBM
>wants to steal some ideas and uses it's NSA pals to do it for them?

While that kind of program might produce a consederable amount of cpu power
(again, see distributed.net), the idea is mostly absurd. First of all, a
client of that nature would be very cpu-intensive - something even the most
unexperianced computer user would notice. If the proverbial man were to make
a client/virus of this nature it surely would be some kind of
activity/information monitor, not a cpu-hogging key decrypter. Secondly, the
idea of them taking such an extreme chance is idiotic - there are quite a
few of us out there that would be able to jar the process at first notice
and pinpoint exactly what it was doing, and exactly what information was
entering/exiting our systems. Even the big bad gov't doesn't have coders
good enough to hide something this obvious. Lastly, what would be the reason
for any of these agencies to risk running the code on remote personal
computers? Would you think they cannot afford their own computers and would
rather run the risk of using an unauthorized distributed cracking scheme? I
highly doubt any of the government agencies are stuck for cash that bad.

PS - As I suggested before, I'd like to start a channel on EFnet. A forum
where some of the topics appearing on this list might be discussed and
planned. I'll be idling in #hacktivism on EFnet if anyone is interested.

jaundice



[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: http://hacktivism.tao.ca/ :]