Police Seize UK Indymedia Server (Again)
imc-uk-features | 23.01.2009 00:09 | Indymedia Server Seizure | Animal Liberation | Indymedia | Repression
On 22 January 2009 an Indymedia server was seized by the Police in Manchester. This was related to postings about the recent Stop Huntingdon Animal Cruelty (SHAC) trial.
Kent Police had e-mailed imc-uk-contact in the morning requesting that personal information about the Judge from the recent SHAC trial in the UK be removed from the site. However this information had already been quickly removed in line with IMC UK policy. The e-mail also requested information relating to the poster be retained. Indymedia as an open posting news service does not log such information about its sources.
The machine was handed to the Police by the management of UK Grid, a Manchester based colocation facility, without a warrant being shown. It is believed that a warrant for this one server may exist and have been issued by a Chief Inspector. As the server was a mirror of the site, it can be concluded that the validity of the seizure wasn't checked, and the police attacked Indymedia infrastructure in the UK.
Other sites that have been affected as a result of this seizure include London Indymedia, the global Indymedia documentation project server, la Soja Mata – an anti-GM soya campaign focusing on South American development, Transition Sheffield and a Canadian campaign against the 2010 olympics.
For details see Indymedia Uk Server Seizure Info Page and Press Release #1
Indymedia Coverage: IMC Athens | IMC Barcelona [en] | IMC Brasil | IMC Germany | Indybay | IMC Ireland | IMC Nantes [fr] | IMC New York | IMC Poland | IMC Switzerland [it]
Other Coverage: The Register | SchNews | Gulli [de] | Annalist [de] | heise online [de] | slashdot | Global Integrity Commons
Previous Seizures: FBI seizure, London | British Transport Police seizure, Bristol 2005
Indymedia targeted
IMC Server Seizure Info
On 22 January 2009, Kent Police seized an Indymedia server hosted by Manchester-based colocation facility UK Grid and run by the alternative news platform Indymedia UK. The server was taken in relation to comments on an article regarding the convictions in the recent Stop Huntingdon Animal Cruelty (SHAC) trial. Seven activists were sentenced to a total of 50 years in prison.
In the morning, Kent Police had emailed Indymedia UK, an independent online news platform, requesting that personal information about Justice Neil Butterfield, the trial judge, be removed from the Indymedia website and that details of the poster be retained.
Indymedia UK volunteers had already removed the information in line with the projects own privacy policy. Indymedia UK was unable to comply with Kent Police's request to retain data relating to poster. As an open publishing project, Indymedia UK has set up Apache to not log IP addresses. Furthermore, the Police had been informed that the server in question was a mirror server and therefore not the machine that the comments were posted to. Nevertheless, Police seized the machine which was handed over by the management of UK Grid. No warrant was shown.
Dr. Lee Salter, a senior lecturer in journalism at the University of the West of England, told Indymedia "Journalistic material is protected by law, and the police should not gather more information than is relevant for their investigation - by seizing this server they are not only getting information on Indymedia but also on wholly unrelated groups. The police should know that Indymedia does not hold personal information on its participants, so it is a concern is that the police are collecting random information on participants".
The loss of a server represents serious damage to the Indymedia infrastructure in the UK. Several websites including the global Indymedia documentation project, the new website of Indymedia London, la Soja Mata (an anti-GM soya campaign focusing on South American development), Transition Sheffield and a Canadian campaign against the 2010 Olympics were affected. Most of these websites could be restored.
The present case is not the first time that Indymedia servers were seized in the UK. Shortly before the opening of the European Social Forum in 2004 in London, a main Indymedia server was seized from the hosting company Rackspace in an operation which involved an Italian Judge, an American District Court and the FBI.
In 2005, the server of Indymedia Bristol was seized under a search warrant. One Indymedia Bristol volunteer was arrested on suspicion of incitement to criminal damage, but was never charged.
As with previous cases, Indymedia UK stayed online this time. This was possible due to a system of "mirrors", which was set up to protect the technical infrastructure of the alternative media project. Despite the resource intensive interruptions caused by server seizures, the DIY-media activists continue to provide a platform for "news straight from the streets".
Info Sheet 24.01.2009 by: imc-uk press group
imc-uk-features
Additions
A good reason to use Tor when posting controversial information
23.01.2009 13:08
So if you are wanting to post controversial information, I would recommend using the Tor program to hide your IP address. It is totally free and fairly easy to install.
http://www.torproject.org/ It means that Indymedia, nor anyone else along the way, can link your computer with the visit to their website. After you have installed it, check it is working by going to a site such as
http://www.whatismyip.com/ and seeing what IP address it sees you as coming from. It should be one different to your real IP address. Ultimately though, anything of dubious legality is going to be removed by Indymedia fairly quickly, since like it or not, they are bound by the laws of the land, and if they don't, they get shut down.
So for absolute freedom of speech, you will need to post information on an anonymous network such as:
Tor - Tor has the ability to run "hidden" webservers as well as to mask your IP address on regular websites
I2P -
http://www.i2p2.de/ - you can run anonymous uncensorable websites on this. Freenet -
http://freenetproject.org/ - this can host anonymous, uncensored websites too. Note that these networks are only visible to other people on them, so your audience will be limited. But they are free to install and use, so the more people that are on them, the better.
@non
ARE YOU BEING SERVED? SchNews Repost
23.01.2009 15:45
An Indymedia server was seized by police in Manchester yesterday (22nd). This comes after somebody had posted the address of the judge in the SHAC trial on Indymedia, leading to Kent Police requesting that the relevant posts be removed, and the IP address of their author be divulged (eg the unique number given to each internet connection, which can be used to trace the user). The posts had already been pulled, in line with IMC UK policy protecting privacy, but because Indymedia don’t log the IP addresses of people publishing on it, they couldn’t help police with their enquiries.
Indymedia is one of the few websites in the land of blogs and open posting that doesn’t log IP addresses, which puts it in contravention of the 2006 EU Directive about the retention of data, obliging sites to log who’s visiting and posting. Nearly all other sites do retain this data – something to think about when you blaze away in the comments section on sites by blogspot, wordpress, facebook and nearly all others.
The police gained a warrant to take this one server, presumably to sift through it to find IP addresses, but Indymedia already knew the police wouldn’t find what they’re looking for as they watched it go out the door. This EU Directive has never been tested in Britain, and it remains to be seen if this will be the first time. But it would be a major own-goal for the police to do so considering the publicity it would generate for Indymedia.
The seizure hasn’t affected the running of Indymedia as the server was one of several mirrors. It’s just an inconvenience and has been taken as a general attempt by police to attack IMC infrastructure. Several sites were temporarily affected including London Indy, and sites for an anti-GM group plus a Canadian campaign against the 2010 Olympics.
Indymedia continues to be a place to publish and read news which protects your online privacy – visit www.indymedia.org.uk
SchNews Repost
There was no warrant and the document left by the police
23.01.2009 16:02
Receipt the police left, UK Grid names blacked out
IMC'er
Andy Robbins is the cop behind the SHAC prosecutions
23.01.2009 22:17
He is quoted in a lot of mainstream media articles about the SHAC trials.
anon
EU Data Retention Directive for internet not yet in force until March
24.01.2009 15:59
The reposted SchNews article is wrong about the EU Data Retention Directive
The implementation of Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 (on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC) by the UK and many other EU countries is in two phases."2006 EU Directive about the retention of data, obliging sites to log who’s visiting and posting"
The first one, dealing with telephone and mobile phone call and location records already came into force in October 2007.
The second phase, dealing with some but not all Internet activity, e.g. email addressees and recipients, "internet telephony" etc. only comes into force this 15th March 2009.
See the Home Office consultation document
Consultation: Transposition of Directive 2006/24/EC (.pdf)
Appendix B of which has the text of the proposed Draft Data Retention (EC Directive) Regulations 2008,
However these Regulations have not yet been signed by a Minister, or rubber stamped by Parliament, although they probably will be by March.
The Directive only applies to Telecommunications and Internet Service Providers, not to their customers, not even those hosting their own servers on a small scale. It may not even be applied to small or medium sized ISPs or co-location hosting companies like UK Grid, relying on the logfiles generated by their larger, upstream ISPs.
anonymous
some info
01.02.2009 02:55
i thought it was time to make a contribution.... just to clarify: the server was encrypted - is that not obvious by the fact we lost the passphrase to a partition just a few weeks before the server was seized? Consequently, the police now have a £2,500 lump of metal full of random ones and zeros. there is little or no chance that they will be able to figure out anything relevant to their investigation; additionally, even if they were to gain access to any of the data on that was on the server, they would be unable to find anything to help them. this is because, as stated before, indymedia does not log personal data, and even if it did, this machine was a mirror of the publish server. should the police really desire to know anything more that is already in the public domain, they know perfectly well how to contact the imc-uk collective and they will be able to be pointed in the right direction. should they desire to know anything that is not in the public domain, indymedia will most likely be unable to provide this as work is done in as open and transparent a manner as possible.
one final thing to add: @non was spot on with the post about tor.
imcista
Homepage:
http://www.indymedia.org.uk
The SHAC PGP "Mystery"
02.02.2009 22:06
But is this actually relevant? Not at all, they only needed to point at the SHAC website to prove that activists had anonymously recieved ALF communiques and released them. Forensic evidence is not in reality part of the picture when they openly and publicily released such statements, unless of course links are broken and the cops didn't get a screenshot.
Either way though, the "evidence" was based on receiving anonymous communiques, not sending them. Crime is essentially now based on one's curiosity over an encryped email, if you open it and read it, you then share an "association" with an unknown criminal (even if you completely disagree with them and don't bother to release the communique to others!)
All in all, the activists were guilty of an "association" with criminals, i.e. recieving anonymous communiques from unknown persons, or reposting them. They are not guilty, as anyone might believe, of an "association" with crime, which is an extreme difference to an "association" with those who committed crime. For example, newspapers can do a report from an anonymous criminal, and that is fine, but if they write an article about their 'personal' association with that crime, it is not. The irony being the former tactic is now also illegal.
For example, Smash EDO web-activists could easily be jailed under the same law, because the website reports regarding illegal direct action (even just reposting from indymedia), as a specific example; the quarter of a million pound damage earlier this year. The campaign would therefore have an "association" with the criminals, especially by financially supporting them, or pomoting such prisoner support for them. "Conspiring with unknown persons" basically means if you do anything (even vocally support an action/individual), you are conspiring with them to commit crime. If that crime is political, you are a terrorist. Isn't it now all so easy, even obvious?
Bottom line: Seven activists got fifty years for reporting on what the mainstream media aren't allowed to talk about freely - illegal direct action. Talking about PGP, or relating it to the SHAC trial, is quite obviously a "red herring".
---
What you might be thinking now is; but they wouldn't send away the EDO 9 for 50+ years, because they can would they? Of course not, yet. A look at history always reveals the answers - always. The reason SHAC received such harsh sentences is because the militant animal liberation movement has been receiving them for decades, and no offence to anyone, but the militant anti-militarist movement hasn't experienced the reality of repression through the courts as of yet, let alone built up an illegal direct action movement (actions: yes, movement: no). It took illegal liberation after liberation before the courts successfully demonised those rescuing non-humans in the 80s, sending them to prison for years by the 90s, in the same way they will begin to demonise individuals taking illegal actions to rescue humans from wars, climate change etc. If you think this is a warped vegan-imagination, then wonder where the prisoner lists are to support all these anti-militarist direct action warriors; that have long term sentences for the actions legal or otherwise. They don't exist, yet.
All in all, illegally saving lives will only be praised for so long within each issue, then it will be swiftly repressed. Smash EDO will be at the frontlines of the repression of the anti-militarist movement, clearly, as are SHAC to the animal liberation movement. But this is barely the beginning for smash edo, as I'm sure those within the campaign are well aware of, the vegans especially I hope ;) Governments don't roll over and die, and more importantly, they don't let their businesses suffer in the same way - just look at the support for the banking system and you'll realise how its going to take a while to shut down the Brighton bomb makers! But this far from mean its pointless and the campaign shouldn't be happening, the opposite is true. Just like G8 and the WTO, EDO are just like HLS, a meeting engagement between the people and the state, with everything at stake; the lives of the innocent. It might take 10 years, 20 or 100, but the fact remains - direct action the only way forward, and it works.
clarity
Comments
Hide the following 58 comments
Next trial
23.01.2009 10:09
Lynn Sawyer
Free Speech
23.01.2009 12:32
anon
Hosting
23.01.2009 14:28
Consider moving your hosting to OUTSIDE EUROPE.
Anonii
Suspicous Minds
23.01.2009 14:50
It'd be the blindingly obvious thing to do if you wanted to harm SHAC and or Indymedia... And the fact there is no IP logging makes it even better as then the dangerous suspect will probably remain "at large"...
I also find it suspicious how the person was trying to goad/incite people into supporting their crap.
However, if it was frame up job it wasn't very well done, so I'd guess it was some rent-a-lackey... but I suppose it didn't have to be well done to achieve its aims.
Yes, I agree, I think this place should think about relocating to beyond the jurisdiction of the UK authorities.
Metabolically-challenged Elvis
Being a bit of a luddite....
23.01.2009 15:20
Lynn Sawyer
Hosting outside the UK
23.01.2009 15:27
In 2004, another indymedia server was seized in the UK. It hosted IMC websites from all over the world. These collectives had hosted their websites "abroad", not in their home country, but in the UK. But this didn`t help them much, since the server was seized anyway.
However, some factual information about ISPs in countries with really cool privacy laws would be useful!
olive
Olive & Lynne
23.01.2009 17:56
The problem with hosting abroad is jurisdiction. If IMUK hosts anywhere in Europe they can be got at with these new European warrants surely? Well there is n obvious option, which I am sure they have already been thinking about, which would be hosting in the same place as the Scottish server.
Or they could always team up with wikileaks haha!
Metabolically-challenged Elvis
re: Suspicious Minds
23.01.2009 18:30
I assume the person who posted the judge's details wasn't aware that he was also trying some other SHAC activists fairly soon. It's hardly common knowledge.
"...It's pretty sensitive and deep information..."
Someone's address is deep and sensitive? The state has our addresses, why shouldn't we have theirs? Double standards? How about them getting a taste of their own medicine? The sort of toffs that judges usually are probably live in stately piles that have been owned by their families for generations, and are public knowledge.
The information about the dead son was probably reported in the media, I haven't looked for it myself, but I imagine an obituary might mention he was the son of an infamous judge.
I think morally whoever leaked the judge's details was totally in the right. Tactically, you can argue that the timing could be better, or that it will lead to further repression in the future. But if you never did anything that could lead to future repression, we might as we all stay at home and be passive consumers, never challenging the status quo.
By imprisoning seven excellent activists for such savage sentences, Judge Butterfield has made things worse for animals in this country, and better for animal abusers. I'd say that is reason enough for animal rights supporters to be fucked off at him.
v3g4n
the problem is not the judge...
23.01.2009 19:05
Legal to seize the server of an open publishing media project and thereby intimidate a media project, not legitimate to intimidate a judge.
If this judge would stop working today, nothing would change - his successor would make the same decisions.
The problem with disseminating personal info about people considered undesirable is context. Anyone could probably look up the adresses of politicians, corporate managers, judges etc. And anyone could know what kind of personal problems people in the public eye might have.
But collating and publishing this information in connection to a campaign smells of witchhunt. Not the politics i endorse.
comment
Indybay article
23.01.2009 20:14
reposter
Free Speech
24.01.2009 02:23
anon
Mike
v3gan
24.01.2009 10:34
That says all I need to know about your agenda: increasing repression.
Metabolically-challenged Elvis
Translation in italian
24.01.2009 10:46
leo
e-mail:
-
Homepage:
http://-
v3g4n
24.01.2009 14:11
Yes I agree, we have to accept state repression, and we have to act. But we need to think tactically and not pure emotionally. If we do something that is going to cause further repression or a worse media image, it has to be worth it. Just publishing the judge's address does not justify this.
You need to grow up mate. At this current stage, it is absolutely vital we try to clean up the image of Shac (after the state has done such a slanderous yet effective job of dirtying it). Just publishing the judge's address only makes things worse.
anon
From IMC Barcelona
24.01.2009 15:12
Amen to that but it may be a forlorn hope!
ImcBarcelona
re: Suspicious Minds
24.01.2009 15:17
alwaysshariff
responses to some comments
24.01.2009 18:35
'"if you never did anything that could lead to future repression, we might as we all stay at home "
"That says all I need to know about your agenda: increasing repression. '
That says all I need to know about your agenda: staying at home. ;D
re: anon
"v3g4n; the person who posted the address of the judge was a fucking idiot. The struggle for animal equality has to be tactical, posting the address of the judge on-line will not help our movement at all."
I have some sympathy with that point of view. I think the reason the police seized the Indymedia server was more from the worry of the judge's address getting into the hands of gangsters or religious fundamentalists. The worst I can imagine animal rights activists doing is sending him hate mail or signing him up for junk mail.
Another tactical argument against it would be that it gives Indymedia grief that they don't need.
"Especially now, at the time the media is claiming we are all violent extremists, it only enhances their accusations."
How is publishing an address a violent act? Judges are public servants and should be accountable to us, especially since they are totally unelected so have no popular mandate at all. Why shouldn't we be able to write to them and tell them how outraged we are at their decision? The state has our addresses and can write to us any time they want. The original post had no suggestion that people do anything illegal with knowledge of the address.
I think people are falling for the police propaganda that reads illegal intent into things that should be totally lawful and not a problem.
"Yes I agree, we have to accept state repression, and we have to act. But we need to think tactically and not pure emotionally. If we do something that is going to cause further repression or a worse media image, it has to be worth it. Just publishing the judge's address does not justify this."
That may be true, but maybe the original poster disagreed, or maybe they have a greater interest in attacking the agents of state repression than they do of attacking animal abuse? Whether or not there is justification is a subjective opinion.
"At this current stage, it is absolutely vital we try to clean up the image of Shac"
Leaking the judge's address was nothing to do with SHAC. Again, we are falling for the state propaganda that says a group should be responsible for its unknown supporters.
v3g4n
Why was the machine given without a friggin' warrant ?
24.01.2009 23:06
unbelievable
This is a non-event better forgotten
24.01.2009 23:12
And it should be titled Indymedia voluntarily surrenders one of its servers to please some police officer who said he could get a warrant by just making a phone call...
Dudes...
unbelieveable
Actually "unbelieveable"...
24.01.2009 23:36
Indymedia activists only found out that there was no warrant the next day, after a copy of the only piece of paper the Police left at the colo, after taking the machine, was given to the people who look after the machines. See above for a photo of this piece of paper.
Your "unbelieveable" remarks are not unlike the remarks that the people who look after the machines reportedly made to the people at UK Grid...
So it could have be titled UK Grid voluntarily surrenders one of Indymedia's servers to please some police officer who said he could get a warrant by just making a phone call...
IMC'er
Warrants not always needed!
25.01.2009 16:24
19 General power of seizure etc
(1) The powers conferred by subsections (2), (3) and (4) below are exercisable by a constable who is lawfully on any premises.
(2) The constable may seize anything which is on the premises if he has reasonable grounds for believing—
(a) that it has been obtained in consequence of the commission of an offence; and
(b) that it is necessary to seize it in order to prevent it being concealed, lost, damaged, altered or destroyed.
(3) The constable may seize anything which is on the premises if he has reasonable grounds for believing—
(a) that it is evidence in relation to an offence which he is investigating or any other offence; and
(b) that it is necessary to seize it in order to prevent the evidence being concealed, lost, altered or destroyed.
Warrant?
No need for a warrant
25.01.2009 19:24
terror(ized)
Warrant
25.01.2009 21:06
Fred
How so?
26.01.2009 13:41
I don't know if some in SHAC are terrorists, some in positions of power in the state certainly think they are. The campaign in and of itself is certainly not terrorist, and the other campaigns on Indymedia aren't either, giving a space for the reporting of their activities without the slant of the mainstream media is a necessary function of a democratic society. Otherwise we could all end up agreeing with your view of them. Protest and dissent, even that disliked by the state, would become much more difficult and you have a distinctly less democratic society.
And really if the state has such good monitoring they wouldn't need to go fishing and take a mirror of this site in the hope of finding someone would they? Or perhaps they do have good monitoring, they knew what they are doing, and they are just attacking the infrastructure of a troublesome (for them) news dissemination outlet because they have a case where they think they can get away with it, because lots of people (like you - and me if honest) dislike the campaign.
also anon
So many people talking poo
28.01.2009 11:32
i dispair
The accident theory
28.01.2009 14:02
> they required but that doesn't mean they were trying to attack the infrastructure of indymedia
The original request was e-mailed to imc-uk-contact by a DS of Kent Police 'Digital Forensics Unit' who claims to be a CITP member of the BCS so he should know how to use basic network tools and read documentation. In which case stupid doesn't cut it I'm afraid.
imcer
Disproportionate Response
28.01.2009 17:34
Their search is hardly carefully targeted.
1. They've not checked to see if it was the correct machine. And as we've been told here there are no details of the type they are looking for here.
2. Assuming there are IP logs for the cops to look at. They've not just got the logs for the hits on that single URL at a particular time
but instead they have IP logs, for everybody hitting the site (and every other site that was hosted)
for all time.
Its as if, to intercept the mail to a single house, they've intercepted the post to the whole town.
collateral damage
I mentioned all that in another topic
28.01.2009 18:46
I am pretty sure that everything sent to the Indymedia servers is intercepted and stored, GCHQ you know.
Encryption is certainly not an issue for them as legal cyphers are just what agencies like that can crack in rather little time I guess.
So unlike proxies are used or connections are made through hijacking wifi hotspots (and don't count on the safety of those too much), they know who reads what and who posts what IMO.
If the police wants to know which IP posted this or that, they just have to ask GCHQ and they will tell them.
And they can't do anything legal out of the server because there has been no procedure that guarantees it cannot be tampered by them which would be very easy and quick to do.
So... ?
dude
You think GCHQ can break https?
28.01.2009 22:26
Encryption is certainly not an issue for them as legal cyphers are just what agencies like that can crack in rather little time I guess."
It's good to be cautious, but I think that might be going too far. GCHQ could certainly see what IP addresses are talking to the Indymedia server at a given time, but since connections use https (encrypted http) by default, they can't see what is being transferred.
If they have a rough time when the message was posted, they can probably narrow down the possible IP addresses a bit, but I imagine Indymedia has quite a lot of https connections going at any one time.
I very much doubt they can crack https, it uses a well-known algorithm and I think we would know if any moves were being made towards breaking it.
Even so, I think it would be prudent to use Tor+https when posting anything to Indymedia that might remotely get you into trouble.
[Tor is a program that can anonymise your web browsing by encrypting your traffic and bouncing it through a chain of intermediates. It is fairly easy to install and use:
anon
anon
28.01.2009 23:31
Prevent HTTPS cracking
To reduce the risk of HTTPS ciphers being cracked, allow only the strongest ciphers available.
Deploying an Apache SSL certificate and forcing https ensures that all data is encrypted. It does not, however, ensure that the encryption methods (also known as ciphers) that are used are strong. With the ever-increasing power of today's computers, many older or weaker ciphers can be cracked in a matter of days or even hours by a determined person with malicious intentions.
And ciphers that can't be cracked by a determined person can be cracked easily by agencies like GCHQ, NSA and the like in the same delays or even less IMO because they have CPU farms, massive data storage space to store rainbow tables, etc...
If I am not mistaken there are laws regulating the strength of allowed ciphers and those are dependent on what national securities agencies of major powers are able to do as far as cracking goes IMO.
dude
As well
28.01.2009 23:47
"GCHQ could certainly see what IP addresses are talking to the Indymedia server at a given time, but since connections use https (encrypted http) by default, they can't see what is being transferred."
I think it works as follows, any packets sent to the indymedia servers are captured and dumped to their hard drives.
Well maybe you can say I am too paranoid, I am no expert so I can't say for sure about all that but it makes sense too me and a bit paranoia is rather healthy I believe.
I don't care personally as there is no illegal/criminal data I want to upload anyway now or in the foreseeable future.
Unless free speech is banned of course, which could happen.
dude
The security page and 256-bit AES
29.01.2009 00:02
"it is possible for someone to monitor individuals who are using the site and check which time they visited Indymedia UK. If this corresponds to the time a certain article was posted, then whoever is doing the surveillance may get useful information."
Can the NSA crack 256-bit AES encryption? Dunno, there is this on the Wikipedia:
"Many public products use 128-bit secret keys by default; it is possible that NSA suspects a fundamental weakness in keys this short"
"The largest successful publicly-known brute force attack has been against a 64-bit RC5 key by distributed.net"
See also the talk page:
The Indymedia servers should all be using 256-bit AES, you can check this in Firefox -> Tools -> Page Info -> Security.
IMC Techie
Further more...
29.01.2009 00:23
How the Secret Service Cracks Encrypted Evidence
Which links to a washingtonpost.com article from 2005, sub-titled, "Secret Service's Distributed Computing Project Aimed at Decoding Encrypted Evidence", which contains:
"Breaking a 256-bit key would likely take eons using today's conventional "dictionary" and "brute force" decryption methods -- that is, trying word-based, random or sequential combinations of letters and numbers -- even on a distributed network many times the size of the Secret Service's DNA ["Distributed Networking Attack"]"
"In most cases, there's a greater probability that the sun will burn out before all the computers in the world could factor in all of the information needed to brute force a 256-bit key," said Jon Hansen, vice president of marketing for AccessData Corp, the Lindon, Utah, company that built the software that powers DNA."
"between 40 and 50 percent of the time investigators can crack an encryption key by creating word lists from content at sites listed in the suspect's Internet browser log or Web site bookmarks."
Of course this doesn't apply to the traffic to this site since there isn't a passphrase in use -- but it does apply to encrypted hard disks...
IMC Techie
Shut your eyes and trust in me
29.01.2009 10:15
As for cracking an encrypted drive via bookmarks or personal information, that is a red herring. People are stupid, big deal. I've seen passwords written on computer screens. Most server names and passwords are easy to predict but that is not a flaw in the encryption.
Part of the knowledge required to safetly encrypt data is having the common sense to choose a difficult password. Here is a quick pointer for choosing passwords. Take a long quote from a song or poem you will remember. So for example the Chumbawumba lyric "I get knocked down But I get up again You're never going to keep me down". Keep the first and last letters from each word leaves "IGtKdDnBtIGtUpAnYeNrGgToKpMeDn' - a fairly secure password that while not instantly memorable it only takes a moment to type it in. It would of course be stronger with a few numbers or punctuation marks added but there is more than one technique for arriving at a secure yet memorable password.
xMCSE
Haha ouch
29.01.2009 11:03
That is so, so embarrassing.
TrueCrypt. Takes 5 minutes but could save years off a prison sentence thanks to 'plausible deniability'.
xMCSE
The truth about encryption and the law
29.01.2009 13:40
Encrypting the drive would probably lead to the case taking longer to finish resulting on to the police keeping the server for longer. As well as the unneeded CPU load.
For the record if your drive is encrypted and unable to be accessed, the police would easily obtain a court order for you to hand over the keys. Failure to comply could end up in a prison sentence, as well as other charges as you would be blatantly withholding evidence.
There was also a nice new law introduced recently regarding decryption.
See here:
Hugh
Hugh's Confused?
29.01.2009 14:10
Right... there are no IP's to find since (a) it's the wrong server and (b) Apache was set up not to log IP's...
Cypher
Plausible deniability
29.01.2009 15:10
I realise that you think that drive encryption is unnecessary but drive encryption is a basic first-step for any organisation, let alone an activists group that has been targetted in the past. If you don't recognise that then you are unqualified to comment.
"Encrypting the drive would probably lead to the case taking longer to finish resulting on to the police keeping the server for longer. As well as the unneeded CPU load."
Big deal - the value of the equipment is minimal compared to the value of the data that you may have overlooked.
"For the record if your drive is encrypted and unable to be accessed, the police would easily obtain a court order for you to hand over the keys. Failure to comply could end up in a prison sentence, as well as other charges as you would be blatantly withholding evidence."
How many times do I have to spout the phrase 'plausible deniability' before someone googles it?
NOONE can force you to reveal a key to a lock they cannot identify.
"There was also a nice new law introduced recently regarding decryption."
Yeah, yeah, yeah.
Yaysus Fuckin Christus
I have looked into AES-256 a bit
29.01.2009 17:16
Now I have thought about something else.
If GCHQ can capture incoming packets they also can capture outgoing packets just as easily and therefore can capture the entire hanshake procedure wich contains information about which cipher is going to be used as well as the encryption key itself (sent by the server to the user) which they can then use to decrypt the encrypted packets that follow (sent by the user to the server), all this in real time eventually.
Could it be that easy or am I missing something here ?
dude
The encryption key
29.01.2009 17:34
The police logged all the traffic to the server for months and then took it and got the private key and then used this to decrypt all the data they had logged.
So, the lesson from this is that the private key (which is never sent to the client and should never leave the machine it was generated on) must be kept on an encrypted partition so if there server is taken it can't be used to decrypt all the data that has been logged.
Also changing the private key and certificate and shreding the old one on a regular basis makes sense, if you were paranoid you might do this after each reboot...
Indy Techy
Implausible
29.01.2009 18:03
NO !!! For fuck sake. The lesson learned could be that that the "private key...must be kept on an encrypted partition" if that partition is hidden, otherwise you have to reveal it as you previously stated. Double encrypting or triple encrypting is meaningless if you are able to be forced to reveal any key.
Hopefully someone within IM is techie enough to realise that each IM drive also has to be encrypted. If that isn't the lesson you have learned then you aren't really ever going to learn anything of use.
Beyond all the techie stuff, the main lesson is that the weakest link in a group like IM is not the tech but the people. I can't offer any advice on that except stop giving grasses admin rights.
Weird son of angry bastard
"if that partition is hidden"...
29.01.2009 19:48
What might make sense would be encrypting the partition with the keys on with a random key that *nobody* has, as is often done with swap and temp partitions, this would require that a new key be generated after each system boot but it would have the advantage that if the machine is physically pulled from the rack and power is lost then the key is also lost forever and there is also no passphrase that can be disclosed even if the sysadmins are rendered to a dark prison somewhere...
Of course this isn't suitable for the data partitions but it could also be used for the partition with the log files on...
Indy Techy
problems and solutions
29.01.2009 21:01
The point about not being put off by the risk of future repression is this. Absolutely everything worthwhile that somebody does could potentially be grounds for future repression. People like Martin Luther King and Mahatma Gandhi knew this very well. Do you think they set out expecting to be left alone? Ironically it is the most peaceful activists who court repression. If the state played fair then provoking it would be tactically problematic, but it just doesn’t. Generally, the more militant activists are, the more careful they are in avoiding their actions leading to repression. This is precisely why the peaceful Shac activists were targeted instead of people who took specific actions. It is very, very likely that whoever posted the address was using the best privacy software they could get and probably from a public computer or wifi spot too.
The belief that a particular illegal act is the cause of repression is something the state would like us to believe so that we start policing ourselves, and one another. Which is exactly what some people on this thread are doing. It misses the point that the state uses law as a tool, not a motive. The state doesn’t repress when it has grounds to repress. It represses when it feels like it, and when it thinks the costs will be outweighed by the benefits. I don’t think anyone could predict that publishing an address on Indymedia would have any effect at all. In hindsight it’s too easy to say that this particular act the state chooses to go after should have been avoided. But there are so many laws now, almost anything could be construed as illegal. On a free posting site, there must be dozens of potentially illegal posts every month. It was headline news for example, when the secret NECTU handbook was found. I have seen a great many threatening and racist posts from far-right trolls for example, though they are usually removed promptly. There are hidden posts from conspiracy theorists with all kinds of libel. There are several people on this thread, critics of the “offending” post, whose language is such that a passing PCSO who heard it in the street might randomly deem harassing. There were forwards from the BNP membership list which passed without controversy. If the state wanted to scare people by seizing a server and demanding IP’s, they could use any one of these posts. They could claim to be investigating possible copyright breaches in reposting of mainstream material. They could claim some video inadvertently violates privacy because we can see into someone’s garden. They could claim that failing to remove posts by Shac made Indymedia party to the “conspiracy”.
The animal rights activists targeted by RIPA refused to hand over their keys and last report on IMC was that no further action was taken – in other words, it was a case of threatening behaviour by police. They don’t really want to see if forced self-incrimination and denial of the possibility of forgetting or losing a password will hold up at the European Court if it came to it.
Possible host countries: there are around 200 countries in the world, and about as many other autonomous territories of various kinds. I suspect a great many of these will not have operative tracking systems which are actually enforceable. Countries in the global South generally don’t have this kind of capacity. Some countries, such as Taiwan and (formerly) South Korea, don’t even enforce copyright. There’s countries which would never cooperate with a British police request because of hostile relations with Britain – countries like Iran, Cuba, Libya, even Pakistan (who normally refuse to extradite to Britain because of no reciprocal arrangement). They wouldn't host sites criticising their own regimes, but are hardly likely to care about criticism of anyone else's regime (remember that America hosts Radio Free Asia, which is pretty close to being an unofficial Indymedia China). There’s several dozen tiny countries and semi-countries like Vanuatu, Tonga, Grenada, St Vincent, Cayman Islands, Bahamas, Bermuda, Jersey, etc, who nobody bothers getting into international arrangements because they’re so small. These have all kinds of anomalies – mostly benefiting the rich (tax havens, buying passports) but possibly anomalies we can use too. Then there’s the places which are completely off the official grid, not officially recognised countries, such as North Cyprus, Transdniestr, Somaliland, Abkhazia – even a few, like Sealand, set up specially as refuges. Even within Europe, EU Directives only gain force once enacted into local law. The Blairites will probably just rush something through via executive fiat or quick law, but it might be harder somewhere like Sweden, where eavesdropping on emails has caused a massive controversy; then there’s the countries which aren’t even in the EU, such as Switzerland, Norway, Liechtenstein, and several in eastern Europe. Other options might be New Zealand, Canada, Japan. I don't know the situation in most of these places, whether small island states have their own server hosts, what kind of privacy laws exist in different countries, whether unofficial countries have their own internet domains, whether British dependencies are covered by RIPA or by EU directives... but it might be worth someone finding out.
Another option might be to run the servers directly, from inside a physically secure site, either one of the continental-style barricaded squats that it would take police a day to clear, or an isolated location where one would see anyone coming from far away. Several mirrors could be set up at different sites; and if one was raided, the physical server could be erased or destroyed. I don’t know hardware well enough to know if it’s viable but I don’t see as it would be completely impossible.
i hate the state
Techy? Techie?
29.01.2009 21:04
Let's separate the two different discussions about encryption.
On the first count, you mean email and website encryption. I don't think you are exactly right and I don't think anyone except the Tor guy here is giving best advice, but whatever, I don't see the encryption here as the weak point. GPG if you are serious but whatever you say is fine for here is fine by me.
Second issue, completely unrelated, but the drives should have been strongly encrypted. There is no technical excuse for any IM or other activist drive not to be encrypted. It really only takes minutes, is wide-spread 'best practice' and has no arguable drawbacks, just several advantages.
How many of the 'techie' IMCistas have really looked in depth at all the software loaded onto these servers. I assume the servers have some time of firewall, some type of virus control. These security essential apps leave visible log files by default. Then you have your various caches etc. And all of that is hidden by simple drive encryption. The techie IMCistas would have been fired by now from any private company for this disregard for basic security, but IMCistas are volunteers so the best we can hope for is that they - the Techie IMCistas - admit their failing in this case. It is no longer enough just to not log. You really have to learn how to lock up at night. I recommend TrueCrypt for the 'plausible deniability' but you have any number of alternatives to pick and choose from.
If I am wrong so far then I would like a techie IMCista to fill in the blank here "We didn't encrypt IM drives because..."
Because I can't think of a good reason for you. Anyone who considers themselves a techie IMCista deserves a slap on the back of their wrists for negligence, in my arrogant opinion.
cheers,
xMCSE
Politics more important than technicalities here
29.01.2009 21:59
'If I am wrong so far then I would like a techie IMCista to fill in the blank here "We didn't encrypt IM drives because..."'
I wish you'd stop trolling for configuration details around the seized server. Your not an MCSE from Kent Police force trying to get some free help understanding the config of the servers on your desk, are you ?
I'll give you a hint, AFAIK the configuration for all IMC hosts are publicly available on the various docs websites.
There you go...
Now perhaps we can get on with something more useful, like thinking politically about this seizure and its importance to individual privacy laws in the UK.
collateral damage
E for Encrypt
30.01.2009 09:09
"I wish you'd stop trolling for configuration details around the seized server. Your not an MCSE from Kent Police force trying to get some free help understanding the config of the servers on your desk, are you ?"
No, I'm not asking for information, I'm someone who knows that there are no configuration details that would prevent any drive being encrypted. I know that encrypting a drive is a basic security step that all activists should follow and IMC should not only be encouraging this, they should be doing it too. And that the techie IMCistas need to acknowledge this as a problem, if only internally, so that the remaining IMC drives are encrypted as soon as possible - by now hopefully, by the end of today if not already.
"Now perhaps we can get on with something more useful, like thinking politically about this seizure and its importance to individual privacy laws in the UK."
"Politics more important than technicalities here"
No, technicalities are more important than politics in this case, for one simple reason. Encryption levelled the playing field. That's why strong encryption was initially banned as a munition, it was geeks who fought that. If there is someone in court anywhere now for a crime where a computer is evidence then it is solely because someone didn't encrypt that drive.
I can have any data I want however incriminating and I can take it to an action or anywhere because there is no way it can be opened by anyone but me. Even under torture they will have no idea if the drive is empty or full of useful information.
If IMC is interested then I'll explain how corporations handle encryption. The risk to any organisation from encryption is that the SysAdmin who encrypted the drives then holds the organisation to ransom refusing to reveal the key when needed. That is presumably why IM haven't encrypted, too much risk of betrayal. Again, I'm not fishing for information so don't tell me why you haven't encrypted as I know whatever you say is an excuse. The way corporations get around the trust issue is to keep a handwritten copy of each key, in a sealed envelope, in a fire-proof safe in a secured location. One person generates the key, and no one is responsible for more than one key.
That won't work for any activist group simply because you cannot store keys without risk of police raids. However you can store keys securely in the hidden area of a strongly encrypted drive, or one or two such drives.
The only other technical observation I have is this highlights the need for a UK host who is prepared to stand up to the cops, more than just asking for warrants. That is maybe something IM or privacy groups should consider providing. Unlike encrypting however that is a huge job.
From the times stated this looks like a set-up. Other forums have been hit by similar dirty tricks in the past. If the police don't do it then private agencies and various state security do so simply protesting the injustice of the law seems redundant to me. Strong encryption, coupled with standard practice like back-ups, is an unbeatable defence.
xMCSE
Isn't this the same as the SHAC PGP mystery
30.01.2009 11:06
SHAC PGP
Who, me?
30.01.2009 23:50
I have no idea if this is true but it was a well recieved article at the time and it sounds sensible.
Some points of techie interest
1) GPG not PGP now is the best recommended email encryption
2) 'Plausible deniability' refers to drive encryption not email encryption. However it occurs to me that encrypting a drive with plausible deniability allows you to image the entire encrypted drive and send it as an IMG file including the plausibly deniable contents. I've not tried this yet myself and so it is just tired speculation but I think it may permit Plausibe Denialability in emails. The key being to deliver keys as securely as the data, face-to-face seems best.
3) Slightly patronising but it has to be said - if you don't encrypt properly then it is the same as putting a great lock on your door and then leaving the key in the lock. Read the manual, twice.
xMCSE
responses to some of the technical points
31.01.2009 23:14
I think the question of whether or not the cops had a warrant is a bit of a red herring. They could easily get one if they wanted, and if not, or it became a problem, they would get the law changed to not require them. So I don't feel too bad for the hosting centre, the cops can easily make life very difficult for them. Worrying about the niceties of the law is a bit liberal and reformist, we all know the state will break their own laws if it suits them.
reply to dude:
"I think it works as follows, any packets sent to the indymedia servers are captured and dumped to their hard drives."
In principle that shouldn't matter, since they are all encrypted. I guess you mean if they get the key in the future, or if the encryption is cracked in the future?
Reply to xMCSE:
"The weak point in Indymedia posting isn't the encryption it is the veracity of the volunteers. You can have uncrackable communication encryption and if you have a techie IMCista who is malicious then you have zero security. The security protocols needed by IM are the same protocols needed by every activist group and they relate to Human Intelligence rather than Signals Intelligence. That's the weak point and that is where they go for, which is why Tor should be used for any posts that incriminate yourself or others."
That is an excellent point and crucial to understand. Maybe the reason for the police to seize the server was to plant a keylogger on it and get a toehold into the Indymedia network? The easiest way for the state to compromise Indymedia would be to put someone technical undercover who would volunteer for Indymedia, get login passwords, etc. and then be able to read everything that happens on the server. It may already have happened.
"IM never encrypted thess drives did they? I just read between the lines there and saw the bleedin obvious. This article would be about IM being asked to hand over the key if it had been encrypted."
I think this is a bit of a red herring too, for the reason you mention above: if Indymedia's humans are compromised then all the encryption is useless.
This is why all the next generation of encryption and anonymity tools are decentralised so that the compromising of a few people in the network won't matter: Tor, Freenet, I2P all fall into this category - no central servers or admins to trust or to be compromised.
Disk encryption is a definite must for personal computers, but for servers I'm not so sure. There is also the problem of having to type in the password when you need to reboot the machine, which isn't so easy if the server is halfway round the world...
Reply to Hugh:
"To the above commenter, I don't think you realise that it does not matter if the drive was encrypted or not. There were no logs for the police to find so it does not matter."
Well, let's assume it was the main machine and not just a mirror: even if the webserver isn't set up to log things, it still probably stores things temporarily on the machine just for the duration of the connection. They won't be securely deleted, so traces of them may still lie around on the disk. This is the kind of thing that the police used with the SHAC defendants.
Reply to dude:
"If GCHQ can capture incoming packets they also can capture outgoing packets just as easily and therefore can capture the entire hanshake procedure wich contains information about which cipher is going to be used as well as the encryption key itself (sent by the server to the user) which they can then use to decrypt the encrypted packets that follow (sent by the user to the server), all this in real time eventually."
I think you misunderstand how HTTPS encryption works - even if someone like your ISP has total knowledge of the packets going to and fro, they still can't decrypt it. The most they can do is replace the real keys with their own, the so-called "Man-in-the-Middle" or MITM attack. But your browser should warn you if this happens, because the signatures won't match what you are expecting.
Reply to Indy Techie:
"Keeping the encryption key safe is the key issue for things like SMPT TLS and HTTPS -- remember the autistici.org case? The police logged all the traffic to the server for months and then took it and got the private key and then used this to decrypt all the data they had logged."
That's interesting. What would stop the police obtaining the Indymedia SSL private key if they confiscated the server? Is it password protected and someone has to type it in each time the https server is rebooted?
I suppose there is no way that SSL can generate temporary keys for each connection that are lost forever afterwards, since they have to be communicated in the first place? What if they were encrypted to the client's public key? Wouldn't an attacker then have to have both the server and the client's private keys to decrypt the messages after the fact?
Reply to SHAC PGP
"This seems to relate to the SHAC trial - didn' t that trial have an issue with PGP not being as secure as SHAC thought it was? - that was also Kent Police, is it the same investigation?"
No, the problem there was nothing to do with PGP, it was probably applications saving temporary "autosave" backups of documents to disk which were automatically (and insecurely) deleted.
g33k
Geek on g33k action
01.02.2009 00:11
>>The weak point in Indymedia posting isn't the encryption it is the veracity of the volunteers. You can have uncrackable communication encryption and if you have a techie IMCista who is malicious then you have zero security. The security protocols needed by IM are the same protocols needed by every activist group and they relate to Human Intelligence rather than Signals Intelligence. That's the weak point and that is where they go for, which is why Tor should be used for any posts that incriminate yourself or others.
>That is an excellent point and crucial to understand. Maybe the reason for the police to seize the server was to plant a keylogger on it and get a toehold into the Indymedia network? The easiest way for the state to compromise Indymedia would be to put someone technical undercover who would volunteer for Indymedia, get login passwords, etc. and then be able to read everything that happens on the server. It may already have happened.
It is a general point, it applies to all groups. I personally have been uject to legal action both to Indymedia posts I admit to have written and Indymedia posts I never wrote, and have proof this came from an "indymedia admin". However most IMCistas I have had contact with appear to me to be genuine, clean and decent people. In the fog of war I am going to ask questions first and shoot later. I have to believe the mass of IM, while conflicted, is well motivated, I've witnessed some regulars here achieving more than I ever wil, realistically. The odd weak link does not make a weak project necessarily. It is easily possible for you to contribute here positively in my opinion, carefully.
>>IM never encrypted thess drives did they? I just read between the lines there and saw the bleedin obvious. This article would be about IM being asked to hand over the key if it had been encrypted.
>I think this is a bit of a red herring too, for the reason you mention above: if Indymedia's humans are compromised then all the encryption is useless.
Yes and no. I think the basic structure of IM allows it to survive as a positive entity while being compromised by the odd individual. I do know that the core group should tighten up though now.
>This is why all the next generation of encryption and anonymity tools are decentralised so that the compromising of a few people in the network won't matter: Tor, Freenet, I2P all fall into this category - no central servers or admins to trust or to be compromised.
I feel these have merit and use but are similarly flawed in extreme cases such as SHAC.
I think activists need geeks in the same way activists need medics, so I hope you stick around under whatever name.
>Disk encryption is a definite must for personal computers, but for servers I'm not so sure.
The same logic but even more so - the rights of a few users properly protected over the rights of a thousand or a hundred thousand users? The same principles apply on a greater scale.
>There is also the problem of having to type in the password when you need to reboot the machine, which isn't so easy if the server is halfway round the world...
You hopefully have to type in one password anyway, for hopefully accepted reasons. A second password / key is not that great an infringement or imposition to anyone who regularly types in one password. Type it in, get a coffee. Albeit a bit more documentation to ensure the correct blend of functionality vs security. Running a proper OS - I'd say Solaris not Linux or MS or worse- means you shouldn't have to reboot everyday, once a month at the very most.
xMCSE
@IMCista
02.02.2009 19:40
xMSCE
encrypting a remote server
03.02.2009 00:25
> You hopefully have to type in one password anyway, for hopefully accepted reasons. A second password / key is not that great an infringement or imposition to anyone who regularly types in one password. Type it in, get a coffee. Albeit a bit more documentation to ensure the correct blend of functionality vs security. Running a proper OS - I'd say Solaris not Linux or MS or worse- means you shouldn't have to reboot everyday, once a month at the very most.
(Sorry in advance to bore people with technical details!)
I was wondering about the security of remotely entering a password without worrying that someone en route or at the ISP was sniffing the connection or tampering with the machine.
But then I found this Linux-based article, which explains nicely the general idea behind it - you load a small (unencrypted) operating system first that gives you networking and encrypted communication capabilities. Then you use that to securely enter the main password that unlocks the real operating system and the rest of the machine:
HOWTO: Unlock a LUKS encrypted root partition via ssh
In that case maybe full disk encryption of remote servers would be a good idea, as a belt-and-braces defence.
But... could there still be a possible attack if the ISP could somehow clone the machine into a virtual environment running on a host operating system that they control? Then they have access to the raw memory and thus the decryption keys, and Indymedia would be none the wiser.
Or they could use the Cold Boot Attack:
Bottom line is, unless you have total physical control over the hardware at all times, can you really trust it or be totally secure? Come to think of it, they could just plant a keylogger on the machine of the person who remotely types in the password, if they know who it is, which they well might if they are monitoring all traffic.
g33k
Trial n Error
03.02.2009 10:51
I've used a couple of a IM Collectives machines, but I wasn't there to test them, I'm just saying what I would do in their place. My first impression of the IMC techies is I've worked in national technical support companies with less savvie, but the really techie or financial corps have us intellectually and financially out gunned. Bleedin obvious and true but this is asynchronous. The ironic thing is a fair few of the people who work in such places are completely sympathetic and I think they should be reached out to more.
Clean machine, freshly installed, patched and setup from MD5 verifed slip-streamed disks, never connected to anything, multiple drives. Locked down operating system, hardware firewall etc PD encrypted drives, encrypted data back-ups. Before the OS boots the system is restored from image , standard practice for a test machine, pure and simple every time. That is a general recommendation.
Most IM techie conversations revolve about whatever CMS feature which to me is just bimboware. I think an existing IM techie should set up and moderate a filtered new wire where punters can comment on IM news stories without distracting from the stories politics, I can see why posts like this are annoying to the SHAC crew.
xMCSE
re - xMCSE
03.02.2009 20:31
It being over the Judge's details from the SHAC trial being posted online I *think* is now more incidental, rather than causal for the state giving indymedia an overdue slap for promoting what they hate. What better than trying to silence others over (using) one of the most repressed campaigns in the UK? Given that its wouldn't of effected SHAC in a negative way, in fact quite the opposite, it couldn't of really been over the comment, but over Indymedia's support for direct action, political prisoners, militancy, etc.
Not that I actually think the police are stupid enough to post personal details of a judge, they bring out more laws than ever to suppress such acts, they have just been looking for an excuse in my opinion. Doing it over the BNP list for example would be foolish, because nobody likes them! Whereas there is a lot more support for hating "so-called terrorists", as can be noted by the lack of discussion on the issue here, instead of support for law-abiding liberationists.
Admittedly its also because the animal liberation movement is so young, but yet fast evolving, leaving it "out of pace" in comparison to other movements that have been ongoing for centuries, such as the anarchist, anti-war, anti-slavery and other anti-discrimination struggles, not to mention less connected with them. Speciesism was only recognised in the 70s for example, or at least documented, whereas racism and sexism have been known for much longer, not that other struggles didn't evolve as quickly, my point is that animal liberation has as well. That should explain the lack of discussion on the UK SHAC 7 article, as a movement (we know) we need anti-capitalist vegans, or better still veganarchists (pronounced v-ganarchists, not vegan-archist or veg-anarchist as I've been hearing!) We need to evolve even faster than we already are...
Anyway, I can't myself think of a better angle to use to attack indymedia, unless of course the Judge's details were in fact completely fake as somebody pointed out, but I doubt it *big time*... but thats another story.
The only thing that annoyed me was that the only mention of the SHAC trial was presuming that (shac)tivists were caught sending communiques (to themselves), instead of receiving them by "unknown persons", which as mentioned above, is completely different and should be ok as it clearly is for others. Maybe a bit less tech-talk would be good though, or better elsewhere ;)
clarity
Judge Dread
04.02.2009 01:31
I didn't post that Judges details though, and I do realise such a post would be used IM in this 'crackdown', there are other ways to disseminate information. I think it is better to post information about how to track people down. I realise this is a bad anology for a vegan, but "Give a man a fish and he will eat for a day. Teach him how to fish and he will not grass you up for poaching".
So instead of posting the judges address, you post an article saying 'this is how I found the Judges address'. That's why I've been doing for a few years.
xMCSE
encrypted servers vulnerable via Firewire ports
04.02.2009 20:46
All disk encryption works by storing the decryption keys plainly in the memory. So if you can read the memory while the computer is running (or very soon after it is turned off), you have broken the encryption.
Firewire ports have direct access to computer memory as a "feature".
An ISP could easily install Firewire ports on their servers and then all the disk encryption you use is essentially useless. This would be a much easier attack that my previous suggestion of a virtualised server.
If you want disk encryption to be guaranteed to work, the only solution is to host the sites under your permanent physical control, with a system to power them down should they be raided.
[Also, is there some problem with Indymedia mirrors? I posted my previous post last night and although the front Indymedia page said 53 comments, when I clicked to see it, sometimes there were the full 53 comments and sometimes there were only 50 comments. Is one of the mirrors limited to 50 posts? Or maybe it is just a time lag to synchronise with the main server?]
g33k
HTTPS encryption does not hide IP addresses
20.02.2009 11:41
"I think you misunderstand how HTTPS encryption works - even if someone like your ISP has total knowledge of the packets going to and fro, they still can't decrypt it"
The HTTPS protocol, regardless of the strength of the encryption used, does *not* hide the source and destination IP addresses of the layer 3 packets to and from the webserver.
The Kent Police could have obtained the IP address information (for what it is worth) about the alleged comment, from UK Grid's upstream ISP(s), without the collateral damage and disruption to the seized server, and without arresting an innocent person who had nothing to do with the incident outside of his control.
worried about comms data retention
re: HTTPS encryption does not hide IP addresses
22.02.2009 02:14
>> your ISP has total knowledge of the packets going to and fro, they still can't decrypt it
>
> The HTTPS protocol, regardless of the strength of the encryption used, does *not*
> hide the source and destination IP addresses of the layer 3 packets to and from the webserver.
No, that much is obvious if you think about it, since otherwise the data packets wouldn't know where they were going to, and the conversation would be impossible! ;P
The comment was in reply to this original statement (by"dude") which wrongly gave the impression that the *content* of HTTPS traffic could be decrypted by an outside observer such as your ISP:
> If GCHQ can capture incoming packets they also can capture outgoing packets just as
> easily and therefore can capture the entire hanshake procedure wich contains information
> about which cipher is going to be used as well as the encryption key itself (sent by the
> server to the user) which they can then use to decrypt the encrypted packets that follow
> (sent by the user to the server), all this in real time eventually."
It may seem paradoxical at first glance that someone can see every aspect of the setting up of an encrypted HTTPS connection, yet still be unable to decrypt it. The reason is basically that public key cryptography is used:
This site explains it in more detail:
(SSL is the thing that makes HTTPS secure)
The main idea is that each person, and each website, has a pair of keys - one for for encrypting and and one for decrypting their messages. So for you to communicate with Indymedia, you only need to exchange your encrypting keys (the browser handles this automatically) and it doesn't matter that GCHQ can see these. The decrypting keys stay safely at either end out of GCHQ's evil clutches.
g33k