[iwar] [fc:e-Freedom.fighters.forge.new.weapon]

From: Fred Cohen (fc@all.net)
Date: 2002-07-16 21:30:37


Return-Path: <sentto-279987-4994-1026880157-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 16 Jul 2002 21:39:08 -0700 (PDT)
Received: (qmail 27328 invoked by uid 510); 17 Jul 2002 04:35:07 -0000
Received: from n13.grp.scd.yahoo.com (66.218.66.68) by all.net with SMTP; 17 Jul 2002 04:35:07 -0000
X-eGroups-Return: sentto-279987-4994-1026880157-fc=all.net@returns.groups.yahoo.com
Received: from [66.218.67.193] by n13.grp.scd.yahoo.com with NNFMP; 17 Jul 2002 04:29:17 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_7_4); 17 Jul 2002 04:29:16 -0000
Received: (qmail 8774 invoked from network); 17 Jul 2002 04:29:16 -0000
Received: from unknown (66.218.66.218) by m11.grp.scd.yahoo.com with QMQP; 17 Jul 2002 04:29:16 -0000
Received: from unknown (HELO red.all.net) (12.232.72.152) by mta3.grp.scd.yahoo.com with SMTP; 17 Jul 2002 04:29:15 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g6H4Ucv11966 for iwar@onelist.com; Tue, 16 Jul 2002 21:30:38 -0700
Message-Id: <200207170430.g6H4Ucv11966@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Tue, 16 Jul 2002 21:30:37 -0700 (PDT)
Subject: [iwar] [fc:e-Freedom.fighters.forge.new.weapon]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, hits=0.0 required=5.0 tests=DIFFERENT_REPLY_TO version=2.20
X-Spam-Level: 

<a href="http://www.worldnetdaily.com/news/article.asp?ARTICLE_ID=28289">http://www.worldnetdaily.com/news/article.asp?ARTICLE_ID=28289> 
 
Tuesday, July 16, 2002
 

INTERNET NEWS
e-Freedom fighters forge new weapon 
Hacking group develops technology
to thwart censor-happy governments
 
Posted: July 16, 2002
1:00 a.m. Eastern
 
By Sherrie Gossett
 
© 2002 WorldNetDaily
 
Hellbent on using technology for the betterment of humanity, a mysterious but well-known 
hacking group has unveiled a new
technological tool - dubbed "Camera/Shy" - to an eager underground Internet audience. 
 
This latest exploit promises to become a headache for oppressive
Internet censors, snoops, spooks and crackpot dictators the world over,
from China to North Korea to Iraq. 
 
Based in Lubbock, Texas, the Cult of the Dead Cow is considered the most
influential hacking group in the world.  The cDc alumni reads like a
Who's Who of hacking and includes a former presidential adviser on
Internet security and the German hacker known as "The Mixter."
 
A secretive group of five high-IQ intellectuals, they are a wildly
synergistic combination of grit, wit, social activism and righteous
audacity united by a noble purpose - to keep the Internet free, healthy
and adventurous and to aid people suffering from government-imposed
Internet crackdowns. 
 
Professing a belief "in the dignity of all human beings" as well as a
love for "loud music and big parties" this "hacktivist" group is known
for stretching the limits of the First Amendment and fighting anyone or
any government that aspires to limit free speech. 
 
To this end, the cDc organized a "special operations group" known as
"Hactivismo" to study ways and means of circumventing state-sponsored
censorship of the Internet and to implement technologies to challenge
information-rights violations. 
 
The founder of the cDc is "Foreign Minister" Oxblood Ruffin. 
 
Like most hackers, Oxblood masks his identity with a pseudonym. 
 
"Our fathers and grandfathers fought wars defending, among other things,
our right to speak and be heard.  They even fought to defend unpopular
opinions.  It is the unpopular opinions that are most in need of
defense.  Without them, society would remain unchallenged and unwilling
to review core beliefs," says Oxblood. 
 
The cDc warns that "free speech is under siege" and they are "deeply
alarmed that state-sponsored censorship of the Internet is rapidly
spreading."
 
The group is "convinced that the international hacking community has a
moral imperative to act."
 
Groups like cDc, l0pht and others discourage hacking websites and
denial-of-service attacks.  Instead, they try to help dissident computer
groups in totalitarian and repressive societies.  For example, The cDc
claims it has aided a Chinese hacker group called the Hong Kong Blondes
by giving it technical advice and software tools - including 5,000
copies of the cDc's "Back Orifice" hacking tool to distribute in China. 
The Hong Kong Blondes reputedly were bothersome enough to be followed by
Chinese government operatives when traveling overseas.  In addition,
they enlisted the services of a bodyguard. 
 
These cocky cDc roughriders of cyberspace unveiled Camera/Shy Saturday
at the H2K2 hackerfest in New York City.  H2K2 is the 2002 Hackers On
Planet Earth (HOPE) conference, alternately billed as a "gathering for
hackers of all types" or a "computer security convention."
 
The inventor and lead developer of Camera/Shy is a cDc hacker known as
"The Pull."
 
Camera/Shy
 
Camera/Shy is a browser that uses steganography - a method for inserting
text into graphics files for viewing with companion software.  The text
is encrypted and can be pass-protected for an additional layer of
secrecy. 
 
Designed with the non-technical user in mind, Camera/Shy's "one touch"
encryption process delivers banned content across the Internet in
seconds.  Utilizing LSB steganographic techniques and AES-256 bit
encryption, this application enables users to share censored information
with their friends by hiding it in plain view as ordinary .gif images. 
 
Camera/Shy is the only steganographic tool that automatically scans for
and delivers decrypted content straight from the Web.  It is a
stand-alone, Internet Explorer-based browser that leaves no trace on the
user's system.  As a safety feature, Camera/Shy also includes security
switches for protection against malicious HTML. 
 
It is expected that Camera/Shy will enable people in oppressive
countries like China and Saudi Arabia, to engage in outlawed
communications right under the noses of network administrators. 
 
"The local feds would have a very hard difficult time stopping it," says
Hacktivismo. 
 
Interview with Oxblood
 
WorldNetDaily interviewed Oxblood regarding the release of Camera/Shy
and the cDc's hopes to do their humble part to destabilize dictators
around the world:
 
WND: Do you foresee any concrete threats to this new tool?
 
OXBLOOD: Not particularly.  The developer who invented it is pretty
sophisticated when it comes to vulnerability assessment.  But that's not
to say there are no potential exploits associated with this technology. 
Because it is being released open source we expect the hacking community
will be able to find any bugs that escaped The Pull's gaze. 
 
WND: Does it have a "window" of viability, or do you see it as a pretty
long-lasting effective means of communication?
 
OXBLOOD: We see ourselves in a sort of hit-and-run conflict pattern with
Internet censors, most notably the People's Republic of China.  We'll
exploit whatever vulnerabilities are in their censorware arsenal with
C/S as long as it's viable; then we'll dump it and move on to something
completely new.  This is the first time state-sponsored Net censors have
run up against anyone willing to challenge them, and it's causing them,
especially the PSB (Public Security Bureau - the Chinese Secret Service)
to freak out.  They thought all they'd have to do is call up their
stooges from Cisco and the other software titans supplying them, and
they wouldn't have any problems maintaining control over their people. 
But we know all about the software they're using. 
 
The only difference between us and the IT-turncoats doing business with
China, etc., is that we're not for sale.  If anything, these companies
are creating a destabilizing international environment by abetting
foreign governments in their quest to choke the free flow of
information.  And why these companies are not required to register with
the U.S.  government as agents of foreign governments confuses the hell
out of me.  As President Bush said, "You're either with us or against
us." You can't work with terrorist regimes such as the PRC and claim to
be patriotic Americans. 
 
WND: How do you foresee members of oppressed populations being able to
find out about it and get it?
 
OXBLOOD: We have a fairly sophisticated distribution chain that will be
managed by grass-roots democracy and human-rights organizations.  But I
am not at liberty to disclose the specifics of any arrangements. 
 
Controversy and cocktail napkins
 
Some press reports have sensationalized potential misuses of the hacking
tool.  These criticisms have their roots in controversial and
unsubstantiated media accounts, published before and after the 9-11
tragedy, which suggested terrorists may have used steganography
techniques to imbed images into .gif files.  Such reports were
circulated by the Washington Post and USA Today. 
 
In February 2000, USA Today reported that terrorists were using
steganography to hide their communications from law enforcement. 
According to the report, images were being hidden on Internet auction
sites like eBay.  But the report lacked the technical information
necessary to allow a reader to verify the claims. 
 
The USA Today article concluded: "It's no wonder the FBI wants all
encryption programs to file what amounts to a 'master key' with a
federal authority that would allow them, with a judge's permission, to
decrypt a code in a case of national security."
 
A few days before the Sept.  11 terror attacks, a team from the
University of Michigan reported they had searched for images that might
contain such messages, using a network of computers to look for the
"signature" of steganography. 
 
According to researchers at the University of Michigan Center for
Information Technology Integration, they "analyzed 2 million images
downloaded from eBay auctions but have not been able to find a single
hidden message." Their report noted that "recent suggestions in U.S. 
newspapers indicate that terrorists used steganography to communicate in
secret with their accomplices.  ...  While the newspaper articles
sounded very dire, none substantiated these rumors."

 
Former FBI Director Louis Freeh testified before a Senate panel on
terrorism in March 1999 that "uncrackable encryption is allowing
terrorists - Hamas, Hezbollah, al-Qaida and others - to communicate
about their criminal intentions without fear of outside intrusion."
However, in two successive briefings following the terror attacks,
senior FBI officials stated that the agency has as yet found no evidence
that the hijackers who attacked America used electronic encryption
methods to communicate on the Internet. 
 
In stark contrast stood the reports that some of the terrorists had
communicated via scribbled notes on cocktail napkins.  And while
credible reports suggested bin Laden was using satellite-ducking phone
technology, there remains little evidence that his underlings, who were
intentionally kept in the dark about much, needed to use any high-tech
means to communicate. 
 
Despite the FBI's findings, some U.S.  newspapers have continued to
circulate similar reports. 
 
For example, the Washington Post claimed that the inventor of the widely
used PGP, or Pretty Good Privacy, encryption system, Phil Zimmermann,
had been "crying every day ...  overwhelmed with feelings of guilt."
Post readers were told that Zimmermann "has trouble dealing with the
reality that his software was likely used for evil."
 
Zimmermann responded in a public statement, accusing the Post of serious
misrepresentation in publishing things he never said.  "Read my lips,"
he said, "I have no regrets about developing PGP." His grief had been
for the victims, not for culpability about his invention. 
 
Bane or blessing?
 
Camera/Shy's inventor and lead developer, The Pull, notes that these
"familiar, dramatic themes" have been "wheeled into the fray" as some
have pointed out that the tool could give violent organizations the
means to operate more covertly. 
 
The Pull responded, "I think, without any pause, everyone who has had
questions about Camera/Shy have alternatively said both 'Camera/Shy will
help terrorism' and 'they will catch you if you use it.'" He asks,
"Well, which is it? Is it really a scary tool which terrorists could use
and get away with? Or is it something that human-rights activists will
use naively and hence get caught doing so?
 
"The bottom line is that there just are not that many tools designed
specifically for this sort of purpose.  It treads scary ground, but it
is ground which must be tread," Pull contends. 
 
In memory of Wang Ruowang
 
Camera/Shy has been released open source under the GNU General Public
License.  It is dedicated to the memory of Wang Ruowang, a Chinese
writer and social critic who was one of three prominent intellectuals
expelled from the Communist Party in 1987 as "bourgeois liberalizers."
 
The cDc calls Wang "a study in courage." The Dalai Lama referred to him
as a "freedom fighter who envisioned a liberal and democratic China."
 
Wang died in New York on Dec.  19 after a brief illness.  He was 83. 
 
"I'm really proud of everyone in the group," said Oxblood.  "They've
made a commitment to bringing a constitutional toolkit to the Internet. 
And although not all of us are Americans, we share the fundamental
ideals of the Constitution of the United States, especially freedom of
speech.  Camera/Shy is a small first step in sharing that privilege."
 
He adds, "We realize that, but for the grace of God, we could be sitting
on the other side of the firewall," noting that "there's a new
generation of freedom fighters - sitting behind computers."
 
As Hacktivismo says, "Sometimes hiding the truth is the best way to
protect it, and yourself."

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Save on REALTOR Fees
http://us.click.yahoo.com/Xw80LD/h1ZEAA/Ey.GAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:31 PDT