Benni May 1, 2015 7:54 PM

In germany, the secret service BND wanted to do a joint project with GCHQ codenamed “monkeyshoulder”: Gchq gave their hardware to BND, and BND gave GCHQ access to fibers from the domestic provider Deutsche Telekom. And because this was illegal, BND decided not inform the german government about it. Monkeyshoulder was only stopped by BND because Edward Snowden appeared:

Airbus wants to sue BND,

And now the prosecuter general of germany started an assessment whether BND is guilty of treason. One can only hope that they really start a lawsuit and convict the agency

Andrew Wallace May 1, 2015 8:26 PM

The majority of cases the secret intelligence service deal with are unknown.

The public attach themselves to Snowden and other high profile cases.

In reality the most interesting cases are those not known to the public.

I find it interesting once a case like Snowden appears that the public don’t let go.


Thoth May 1, 2015 8:30 PM

Wow, Treason …. that’s interesting. Someones’ heads gonna roll of the tables (literally) I can imagine (not sure if Germany still have death penalties). Treason, is an act against the state itself and the state which is the people. Espionage, which is spying for another nation state in the form of passing intelligence of one’s state without the support and proper acknowledgement of the state’s leaders, is considered an espionage against the state and thus an act of (probably, High) Treason.

The BND and other nations whose intelligence agencies have been communicating information to the NSA and GCHQ without their leaders’ awareness and permissions are also considered committing treason and should be investigated and prosecuted by judicial means but so far most intelligence agencies holds some form of triumph card against their own Governments thus preventing the proper course of Justice and also not to forget these intelligence agencies have superior capabilities of blinding and engaging in psychological, intelligence and material operations against their own state and leaders causing the states’ leaders to be blinded, coerced or incapable to handle their intelligence agencies like in the case of the United States of America where the President have no knowledge of certain spy activities which are not constitutionally sound or agree-able.

If the State Prosecutor fails to prosecute the spy agencies, the danger is they will turn into lunch for these agencies and might disappear from the face of the Earth when the spy agencies deem so.

Good to know something is done but that something trying to be done is highly risky but courageous ?

Andrew Wallace May 1, 2015 8:38 PM

The security and intelligence community have well moved on from Snowden yet the public still latch on to it as their last security and intelligence community reference point.

We’ll need to wait until the next big thing gets made public.

Until then its SNOWDEN all the way.


YouCanBankOnIt May 1, 2015 8:40 PM

How an Open Standard API Could Revolutionize Banking


From the post:

“Open bank data will give us the freedom to access all banks in real time and from a single view, automatically calculating the best deals in complete transparency, which will be a significant step forward for social good and give people more control over their finances.”

For whom? CRIMINALS most certainly.


If someone has an answer, I would like to see it.

Thoth May 1, 2015 9:05 PM

If you consider from the perspective that customers can properly secure their data on their own, that would be a nice feature but the fact that customers are mostly incapable of securing their own data, let alone the vows by certain people in power to reduce security and privacy of civilians (especially with cryptography). This would formulate a huge disaster in terms of banking security and privacy.

If it is about transferring private data of a user from a qualified organisation or group to another qualified organisation or group that have been certified by EMV and PCI-DSS compliance and all that sort, it will be possible since they are presumed end-to-end secured using security appliances that most people would not own one (commercial rack mounted HSMs). The owner of the account may glimpse the data before transacting between to secure endpoints (two or more qualified organisations) where the owner’s device must have a certified TPM or trusted chip of sorts and the owner is not allowed to download the data fully into his own device. This would be a highly ideal model since the security on most points would probably have to be PCI-DSS and EMV qualified before doing their transactions.

A quick glimpse into the architecture ( does not seem to put anything about endpoint security or security whatsoever at all. This may end up be another hacker’s happy day.

rgaff May 1, 2015 9:28 PM

I hate criminals too… ESPECIALLY when they are in office. And even more especially when their office makes them untouchable and above the law.

rgaff May 1, 2015 9:53 PM

A person in office can never break the law, they are the law? lol Please move to China, you would do well there.

Nick P May 1, 2015 9:56 PM

@ Andrew Wallace

“The majority of cases the secret intelligence service deal with are unknown. The public attach themselves to Snowden and other high profile cases. In reality the most interesting cases are those not known to the public. ”

In the U.S., after much work, they finally mentioned that only one minor case benefited from U.S. mass collection in the area it was designed for. So, no, you’re just making stuff up. Their data and testimony, when under close scrutiny, contradicts your claim.

Further, the leaks showed they were systematically deceiving both the public and people with lower clearances about their activities. A great example is with U.S. encryption tech: supposedly leading to FBI and U.K. organizations nearly “going dark” and with SECRET clearance saying they were attempting supercomputer strategies. ECI-level slide added that FBI “compels” vendors to add backdoors to their products for NSA’s use. Public story, SECRET-level item, and ECI-level actual operation were as different as night and day. Another is claiming they are protecting our infrastructure and need more control to do that. Snowden leaks (esp BULLRUN) showed they were introducing into and leaving in weaknesses wherever possible, some which were used by hostiles. That’s despite laws saying they have to protect defense contractors at least.

So, the security and civil liberties communities have attached themselves to the Snowden leaks because they show NSA/FBI/CIA/DOD’s widespread fraud, civil rights violations, and even aiding the enemy by weakening our systems/standards. We continue to talk about the problems because they aren’t fixed. That’s the logical thing to do with any effort to solve problems. Did you want everyone to behave like security or civil liberties were another Justin Bieber story?

EDIT re “there are no criminals in office”

You just lost all credibility by professing the total innocence of politicians.

Andrew Wallace May 1, 2015 10:15 PM

I’ve seen manipulation of politicians through bar interaction or resturant meals over my years but haven’t seen actual criminals in office.


Nick P May 1, 2015 10:16 PM

@ YouCanBankOnIt

I agree that it would probably go terribly. Remember, though, that API and implementation can be totally different. The baseline security strategy would be implementation diversity. Similar problems were also solved in the past using highly assured guards. A sample design:

An application-level firewall blocks out the riff-raff and translates request to simple format. A highly assured guard validates the message and decides what to do with it. A defensively-coded, backend application does the financial processing. Best that this be a HA cluster, fault-tolerant server, or mainframe. The result is optionally checked by the guard. The firewall formats the result in whatever popular garbage is standard and sends it to the user.

Some precedent in the banking sector as one differentiated on security by using a CMW OS for online banking. Not good enough, but a good attempt.

Jonas Silver May 1, 2015 10:57 PM

@Andrew Wallace

I’ve seen manipulation of politicians through bar interaction or resturant meals over my years but haven’t seen actual criminals in office.

Your experience then is extremely limited, further your study is as well. I might also point out “34” is not very old. Worse, you posted in 2009 that you had not even applied to government yet. That means if you did enter government service you would only have had – at most – six years of service.

And from your manner of speaking this is not a generational service you are in, and you very likely do not come from family which is high up in government. If you have any family in government at all.

That later point is a critical factor, as ‘blood is thicker then water’, and people can live their whole lives in secret government service without ever getting into anything really secret simply because they are outside the nepotism circles.

The majority of cases the secret intelligence service deal with are unknown. The public attach themselves to Snowden and other high profile cases. In reality the most interesting cases are those not known to the public.

This would be very true. However, a person can note that a great number of secret operations have been made public over the years, and from those public disclosures some levels may be discerned about the capacity of sophistication possible to nation states. Regardless, of course, for a wide variety of reasons, that sort of measuring stick will invariably not be complete.

It should be noted a great amount of secret activity by governments is actually, however, mind numbingly dull. And even many very intriguing projects are extremely contextual sensitive in terms of their outside interest level. For instance, extremely valuable information to a line x svr agent might be extremely dull and unimportant to almost anyone else but them. Or the level of sophistication which is extremely high in projects might not be discernible in the least to those outside the field.

Very often projects actually boil down to the very attribution between nation states of sophistication. Where the medium is very much the message. A statement of high sophistication might be readily discerned and processed by fellow nation states, for instance, yet kept secret within their organizations. As revealing such projects could jeaopardize their own security.

But even if revealed, the information may be fungible only with them, and not to the lay people at large, in other instances. What they may be able to discern as highly sophisticated nation state projects of due import, of impressing them, no one else might be able to discern. It is outside their field.

For instance, if your weapon is as sophisticated as an axe, or a gun, and you come across a weapon which is far more sophisticated… for instance, stuxnet, by its’ sophistication can be discerned to be likely from a a very highly technical nation state or two, even if the ownership was not given. But that attribution of sophistication its’ self requires pools of sophisticated experts with appropriate sophistication in training to make such a determination. Joe Bob would not be able to make that attribution. In this instance, public experts could make this attribution, but many forms of sophisticated operations, projects, can not be properly discerned outside of governments at all.

Jonas Silver May 1, 2015 11:11 PM

@Andrew Wallace

I’ve seen manipulation of politicians through bar interaction or resturant meals over my years but haven’t seen actual criminals in office.

This tends to indicate that you really do have government service. This would also tend to indicate then that your persona is fake, but that is besides the matter.

I am not aware enough of corruption in the British services or political services to really comment. I am only aware of restrictures such as the OSA because of the abundance of information released post-mortem on the British secret services.

I do not believe someone who is under such a confining regulation as OSA would be publicly speaking on these forums on matters privy to their job experience, far less identifying themselves by their real name.

That, again, beside the matter, but noting for other readers.

The only “alert” I have received on this forum is of the presence of Russian agents, I will further add. :/ A Russian agent might well be able to pose as a British civilian or trusted civil servant.

Not to be a dick, but just FYI.

Russia and Britain have a history of doing the tango even in many ways more then Russia and the US.

Many major Russian dissidents are based in Russia, and, as another excellent example, Russia’s pride and joy… Anna Chapman… well, her last name is British due to marriage with a British citizen.

Speculation aside, my only point is to note how appearances can be deceiving when individuals are accidentally appearing to let slip bona fides.

Back to the point, world history is full of examples of corrupt politicians. Being entirely ignorant of any such corruption is being entirely ignorant of global politics. While I can not get into detail on case history of British exposures and institutionalized crimes, I am sure others more learned in that nation’s particular area most certainly can.

I can rattle off lists, however, of criminals in British’s secret services, however, as many of those stories are quite mainstream. Kim Philby is one example there, as well as the rest of the “Cambridge Five”. But there are quite a number of other astonishing examples of criminals who, for pay or ideaology (another form of pay), betrayed their nation and their official capacities.

Thank you.


Andrew Wallace May 1, 2015 11:32 PM

Jonas Silver,

There are no criminals within British security establishment. Any that are would be noticed and asked to leave the Service.

As mentioned already criminals do exist on the borderline within the establishment to Service as a pointer of blackmail and other influences.

Anyone within the Service found to be interacting with criminals even accidentally is asked to leave.

If the Service wish criminals to be spoken with that is performed via Special Branch and not the security establishment.


Jonas Silver May 1, 2015 11:55 PM

@Andrew Wallace

I really have no comment there. I have contacts, or individuals I have socialized with, in the British establishment. One of them worked in the SBS. Anyone privy to my resume would note that there are obvious conjunctions with their family and my own path. I will not disclose that here, however.

I have probably brushed up with the Met Police, or Scotland Yard, or however that system works there. At one juncture in my career, an official made a mistake of visiting my linkedin while logged in with their official account. I have also had a few contacts who at least claim to be based in England.

One of these has attempted to duplicate a high school contact of mine whose general appearance was not difficult to find, as that information has been made available, but private details were not.

Of course, investigations by lower rung employees are normal in my line of work and dealt with typically in very indirect ways.

I am aware that Special Services had, as spies, during WWII, numerous criminals, of note, especially was the remarkable “Zigzag”.

And Met Police, anyway, have had numerous scandals – like most limited policing organizations – in their undercover work amongst criminal circles.

In a few cases, of course, they were caught with ‘their pants down’. They were involved in highly embarrassing and illegal activities.

“M”, the founder of the services, well, there are a number of books well detailing his criminal activity, though one might be hard pressed to argue he was not simply “over zealous”. Regardless, criminal, some of his activities surely were.

Sidney Reilly, the “ace of spies”, was himself undoubtedly a master criminal, a true psychopath. And a major celebrity in the mindscape of English spies… a major inspiration for the english “James Bond”.

I would suggest readings on his life to wake you up to the details of his certain psychopathic and extremely criminal activities — besides the good he did, which was, effectively, substantial.

(In the end, the Russians “did him” with “the trust” project, but that is another story….)

Jonas Silver May 2, 2015 12:42 AM

I might note here, that the UK is looking to be destined to be even more totalitarian then they even are now:

I have not thoroughly studied the various proposals there. Being in the States… I think we have our own set of problems.

I will admit, however, I do know Cory Doctorow, and very much appreciate his efforts here to fight against these absurd, fascist measures.

(I will also note there is always a problem with knowing a writer of fiction. 🙂 One, is that they will tend to write of you and your coworkers. 🙂 Maybe consciously, maybe unconsciously. Regardless, I will highly recommend his “rapture of the nerds”, and “little brother”.)

As I have noted before, with the Nazis it was ‘the devil you do not know’, but they seem to be giving into the ‘devil they [think] they know’. You still end up with the pitchfork up your ass.

Thank God, like in 12 Monkeys, there may be, when you are sitting there on the airplane a person in Insurance sitting right next to you.

May we all now give a collective clap for our friends in Insurance who will surely save our asses from the totalitarian more ass your democratically elected leaders are so eager to put you into. 🙂

Cody May 2, 2015 1:17 AM

“Thank God, like in 12 Monkeys, there may be, when you are sitting there on the airplane a person in Insurance sitting right next to you.”

I’m surprised they’re even allowed to fly. As our dear president would say, SNOWDEN was a flight risk to the free world. Nobody sells insurance against that.

Jonas Silver May 2, 2015 1:28 AM


“Thank God, like in 12 Monkeys, there may be, when you are sitting there on the airplane a person in Insurance sitting right next to you.”

I’m surprised they’re even allowed to fly. As our dear president would say, SNOWDEN was a flight risk to the free world. Nobody sells insurance against that.

Tsk, tsk, tsk… cynicism.

Oh, Mr Obama is sooo powerful and in the know. And Clapper. And Alexander. 😛


Zero backup plan, zero insurance, zero power outside these idiots.

Cynicism. Bread. Circuses.

I have been posting here for years, btw, as do my coworkers.

We were not surprised by Snowden.

There will be a lot of circuses coming up. You don’t believe me?

Jonas Silver May 2, 2015 1:45 AM

The Modern State of Affairs

The founding papers, spirit, and sentiment of the United States of America is very oriented towards concern and suspicion against abuse of the state.

The USA is the most diverse nation on the planet, and as such, does those founding documents well represent the spirit of freedom and independence foremost against that which we might call “tyranny”.

Now, let us consider most basic society: individuals in a small society. Such individuals can only accomplish individuals tasks of individual level of sophistication. In order to accomplish higher degrees of sophisticated product, they must group up. In this grouping up for the advantage of higher product, invariably there will be those who form a higher group, or elite, above them to monopolize upon that product of society.

In other words, for the very same reason human beings group up, elite groups form to monopolize that product against the weaker segment of the circle of trust in society.

As amazing as all of this may seem to people, this is highly predictable behavior.

Now, there are actually two major problems with the human species: one, they really are not very sure about where they have come from. :/ Uh oh. And two, they are really very mortal. (Really, ‘oh no’.)

Now, of course, neither is a ‘vulnerability’ if, of course, there really are no beings who have evolved to be immortal nor who have created human beings on earth. After all, ‘where the fuck are you?!’

I am not sure what to say to this. I was reading a magazine the other day which well delineated how many wealthy people were really into trying to find immortality.

People typically never try and put into that equation if there actually was any kind of life form above them, after all, ‘man is the measure of all things’. Which, I suppose would be a fascinating and humorous line to watch as they age, like grapes, and die.

Sadly, they are so right.

The wealthy, there by risks and idiocy, “make it”, then sharply die.

They are so incredibly smart and powerful.

Might we all applaud them as they age and die?

Oh, I forgot to be cynical on global affairs. Because, I could. You know, like how ISIS has risen up as a cancerosous sore on the middle east… and fighting against the near equally insane shiite forces… while we can all watch in futility while they make their way to Israel? And so engulf us all?



Jonas Silver May 2, 2015 2:03 AM


Whether I believe you or not is irrelevant. And I hate circuses. Bye.

Oh. Well. Gollee Gee whiz, gosh darn it.

The post rate here is pretty darned low. If you want, I can link for you my identity that was implying Snowden would happen right before he did.

I can also link up with an identity that was saying it was about time for Osama Bin Laden to be caught, about two weeks before he did.

And I had lotsa details about Gonzalez… and anonymous… and directorate s spies… and israeli spies, especially the ones involved in the dubai hit (an especially fascinating area for some parties)… and… barnaby jack… and charlie miller… and davie aitel… and jamie butler… and chineze and ruzzian…

I have been posting here since like 2000s…..

You have some questions you want to ask??


Privy to my ip: yes, okay, google map it. Consider the consulates nearby.

And the recent russian diversion. Was no accident. Neither these posts. Hang on for a better explanation. 😉

65535 May 2, 2015 3:20 AM

@ Benni

I did take the time to translate and read both Spiegle articles. Those contained some very interesting news. Thanks

“…now the prosecuter general of germany started an assessment whether BND is guilty of treason. One can only hope that they really start a lawsuit and convict the agency.” -Benni

You are knowledgeable about these things. What are the actual odds that formal investigations into the BDN will lead to treason charges?

In the States, our news media would probably bury the story. Next, our Intelligence Community and political oversight committees would probably sweep this dirty business under the rug [so to speak]. Nothing would come of it in our current IC favorable political climate.

Funny story May 2, 2015 3:33 AM

Funny story from Romania where a corrupt mayor was using police surveillance on his mistress. Spyware on phone, hidden cameras, field agents after her friends and other goodies (there are many articles):

On the other hand, some people here may perform on purpose some “information dilution” plus some form of trolling, making the blog comments hard to read, annoying or not interesting 😉

Clive Robinson May 2, 2015 4:10 AM

@ Andrew Wallace,

I’ve seen manipulation of politicians through bar interaction or resturant meals over my years but haven’t seen actual criminals in office.

There goes not just your credability but a lot else besides.

Whilst you were busy acting like the “three monkes” on the mantal piece of a hobbit hole, UK Judges were not, they were locking up MPs for fraud with respect to their expense claims in the past few years.

How you claim not to have knowledge of this puts you in a position adjacent to “pink fluffy cloud land” from which I don’t think you can extract yourself.

If you did actually read news items you might just have come across a little statistic about UK MPs, that says as a population, they are four times more likely to go to jail than the general population… so the numbers and other facts most definately speak against you…

Gerard van Vooren May 2, 2015 4:55 AM

@ Andrew Wallace,

I’ve seen manipulation of politicians through bar interaction or resturant meals over my years but haven’t seen actual criminals in office.

Let’s return to 9/11. 19 of the 21 hijackers did have a Saudi background. The operation was financed by Saudi money. OBL himself was Saudi as well. So why didn’t the US invade Saudi Arabia? (The answer to that question is that the US doesn’t mind dealing with dictatorial regimes as long as they are reliable.)

Yet G.W.Bush invaded Iraq based on lies, killing at least 100.000 innocent people. That is over 30 times the amount of people that were killed by 9/11.

This was a major criminal act. And therefore the people involved had to be criminals, starting with G.W.Bush himself.

And G.W.Bush also introduced major press manipulation with his politics of fear and an annual multi Billion dollar budget scary secret crap industry.

But don’t let your opinion be influenced by facts. Keep believing in fairy tales like all the guys who believe in religion.

Benni May 2, 2015 5:39 AM

“What are the actual odds that formal investigations into the BND will lead to treason charges?”

They are, infact, much higher than investigations about NSA. NSA agents can simply fly out of germany, and the US government can refuse to give their names… So against NSA the prosecutor general can not do anything.

But BND is a german agency. If the prosecutor wants to interrogate a BND spook, then they can not fly and hide somewhere else.

Previously, one problem was that DER SPIEGEL does not want to publish its sources, not even to the prosecutor general. So the prosecutor did not have any person who he cold interrogate.

In this case, the BND agents who discovered that NSA is giving problematic selector lists, are known to the government. As are the names of those who authorized these projects. In this case, the prosecutor just has to ask and they have to answer….

By the way, the german government wants to pass a new law about saving metadata.
It wants that every law enforcement person has access to the data without a warrant from a judge:

Benni May 2, 2015 5:57 AM

BND again:
An agent with the false identity Hollman is suspected to have helped the shipping company “Beluga” with tipps on how to get an arms transport of tanks from Ukraine to Myanmar without getting juridical problems. Myanmar was, at that time, under a weapons embargo because of human rights violations. The prosecutor ins investigating this but he does not know the real name of the agent. The investigation is getting slow, since the answer of the BND is still pending. The last possibility would be for the prosecutors to search through the bnd building….. The agent also helped planning further arms exports into Kongo, Sudan and Tansania.

eyesGLUEDopen May 2, 2015 9:11 AM

Andrew Wallace —

Corruption is a criminal act of the worse kind and has always been far too common.

I’ve witnessed politicians in office breaking the law on an industrial scale.
One of the main perpetrators held the highest political position in the state and surrounded himself with a gang of corrupt ministers, public servants, top police and both the director and assistant director of Public Prosecutions.

The corrupt political conspirators engaged in illegal purchase of land for their personal gain using public funds, bulk forgery of state documents and public records, bulk illegal destruction of public records, raiding of state pension funds, perjury, as well as illegal wire taps and bugging of adversaries (politicians, police, or members of the public they saw as potential threats). This crooked political group also used their couple of top ranking police allies to threaten the lives of and harass anyone who stood up against them when they couldn’t extort property, businesses or money from them. There are also far worst involvements too detailed, convoluted and shocking to go into here.

It all happened in another Western country just two decades ago, and in spite of a couple of very short jail sentences, the main perpetrators are still being pursued by anti-corruption investigators and outraged members of the public who lost homes, property and over $100 Million in savings.

Corrupt politicians are regularly caught up in anti-corruption investigations but few pay attention to politics in neighbouring states, nor even the plight of their own community members who have fallen pray to the overblown egos of those who become consumed by power. In spite of the sophistication of Western corruption, it’s generally their massive egos that leads to their exposure.

Surveillance and intelligence personnel could all too easily be used by crooked politicians without ever knowing the true intentions of those in office.

65535 May 2, 2015 10:47 AM

@ Benni

“…much higher [odds] than investigations about NSA. NSA agents can simply fly out of germany, and the US government can refuse to give their names… the BND agents who discovered that NSA is giving problematic selector lists, are known to the government. As are the names of those who authorized these projects. In this case, the prosecutor just has to ask and they have to answer…”

That is welcome news. I hope the prosecutor gets to the bottom of mess in short order. We need to put a stop to this “spies gone wild” situation. Thanks for your insight into German legal proceedings.

Andrew Wallace May 2, 2015 11:41 AM

9/11 was carried out by jihadists funded by O B Laden. Conspiracies about 9/11 would be better suited to conspiracy nut web sites and not Bruce’s blog.


Nick P May 2, 2015 12:18 PM

@ Andrew Wallace

Actually, the Saudi claim came from CIA interrogators, was confirmed by others in CIA, and is included in the 9/11 Commission Official Report. As in, that 9/11 was Saudi funded is the official story. They then hit Iraq and Afghanistan instead while our president held hands with the Saudi leader. We also continued sending private military contractors to train their military and police.

A little strange and supports 9/11 truth movement’s suspicion more than their own claims do. I mean, if U.S. government told us 9/11 was Saudi funded, led by a Saudi, done by mostly Saudi’s… we should’ve smashed Saudi Arabia during our “War on Terror,” right? Instead, we’re more tightly allied with them than ever. So, before a conspiracy theory even appears, the U.S. government supporting terrorists (via Saudi Arabia) is already in their own documents and killing over 200,000 innocents in Iraq is terrorism. Hence, the U.S. War on Terror is propaganda promoted by one of the world’s largest organizations of mass murder: U.S. military and intelligence services.

Note: Talking about criminals in office, the CIA just recently admitted they overthrew Iran’s elected leader and installed a dictator to rip off their oil (Operation Ajax). This, along sanctions instead of apologies, caused all current problems we have with Iran. Every politician listening to CIA analysts on Iran and people reading textbooks in class were lied to for decades. Even now, people are still learning bullshit while that admission barely blipped on the U.S. media. No surprise such organizations are using terror as a political tool to this day: it’s their MO going back decades. And that was done by U.S. as a favor to British government and British Petroleum, which profited on Iranian oil.

Andrew Wallace May 2, 2015 12:23 PM

9/11 was carried out by jihadists on the orders of O B Laden who is a Saudi.

The jihadist strong hold was Afghanistan and that is why we invaded Afghan and not Saudi Arabia.


Gerard van Vooren May 2, 2015 1:03 PM

@ Nick P

I am probably telling nothing new but…

Talking about criminals in office: J. Edgar Hoover

  • Robert Oppenheimer wasn’t a communist after all. Well, the FBI got rid of him [1].
  • They were blackmailing Martin Luther King [2]. Now the full suicide letter is revealed [3]. I can fully understand why they blacked out so many of the letter because it is horrible. Do we still buy the ‘lone gunman’ story?

@ Andrew Wallace

You are right. Criminals in office don’t exist. Sorry I questioned that. Also sorry for the conspiracy theories.


Benni May 2, 2015 1:35 PM

Well, the most important difference with the german and american judicative system is the so called “Amtsermittlungsgrundsatz”. This means that the police has to collect all the evidence. Evidence for and against the subject. And then this is reviewed by a professional judge who has had an intensive training. In the US, the police is not forced to provide all evidence, so it can be that a poor black person is confronted with white policemen who collect all evidence against the black, and then the poor black person can not hire an expensive lawyer who has the ability to dig out evidence for the suspect.

With the BND that means, for example in this case

of illegal weapons exports, where they might consider a search of the BND building, that BND is in deed in some risk that there are german policemen coming, and, well, they have to collect ALL evidence, for and against the BND. That means, they will get their hands on every single pc that a BND agent ever touched, and then they will copy all the files and read them. And then after an insanely long time, they will have their report finished for the judge….

BND is seriously at risk for this to happen. Hopefully, that will happen soon. It may probabpy depend on what the BND agents will say next thursday on the NSA investigation comission. If that happens with BND, I think that NSA would also be a good place for a torough police search. NSA computers are only good if they are being taken to police stations and toroughly searched.

Andrew Wallace May 2, 2015 4:08 PM

“You are right. Criminals in office don’t exist. Sorry I questioned that. Also sorry for the conspiracy theories.”

Good to hear!

We need people to be pro Police and Security rather than always looking for things to criticise.


tyr May 2, 2015 5:04 PM


Thanks for the run down on the latest BND scandal.
When Merkels face showed up on a front page wanted
poster in the newspaper I wanted to know what you
thought about it.

Since the days of the Gehlen Apparat the relation
between NSA and the BND has been a real cause for
concern on both sides of the Atlantic. A major
reason for the so-called Cold war and later that
turned out to be falsifications. The gullible
USA leadership bought the whole myth and made sure
it was never questioned in any serious way.

What an observer will note after some study is the
stunning level of incompetence within these ingrown
spook organizations. Being technical isn’t enough
when you’re willing to supply what some political
nitwit wants at the moment with no idea of the long
term consequences.

If it only happened once it might be forgiveable.
When it is repeated over and over again it needs to
be fixed if only so we can try some new mistakes.

Nick P May 2, 2015 5:52 PM

@ Gerard

Did you get my comment with the links to Go static analysis tools from a little while back?

Gerard van Vooren May 2, 2015 6:18 PM

@ Nick P

Yes, I did see that. These analysis tools work as advertised. There is not really much to say about it, that’s probably why I didn’t reply 😉

Figureitout May 2, 2015 6:45 PM

OT: RSA SecurID teardown (literally)
–Has anyone successfully taken on of these apart and kept intact? I had one that expired and I just kept it to take it apart eventually. The urge came today (randomly…lol sorry).

Sorry, no pics. They were surprisingly annoying to get apart, I’d rate it as good enough unless you buy like 20 and practice. I kind of thought it would be bullsh*t and I could get it open w/ a screwdriver, then a knife, then going at it w/ wire cutters, I was about to use a soldering iron and melt the plastic (mmm cancer-fumes) or take it to a drill; but I said “screw it” and took good ole pliers to it (the LCD screen, turns out it’s a crystal-like substance lol) and I was able to keep the PCB intact while smashing the screen. DO NOT go at the circular end as it’s a coincell battery (even though the little key chain attachment near it was a potential way in).

Besides the battery lines (and QR code sticker on battery behind the epoxy), there was a board rev. number and 2 small components labled R1 and R2, they didn’t really look like resistors, or some kind of multiresistor part. But here’s the funny part, I couldn’t get behind the LCD screen to see the damn circuit w/ my eyes w/o completely smashing it to a PCB mush. At this point, I’d had enough and was satisfied. I knew I’d need to de-solder like 20 pins to pull off the LCD screen to try and get a peak at the circuit or chip w/o smashing it.

Some sort of dissolving chemical (tiny amounts around edges) would be needed or something like a very fine tip soldering iron to melt edges to get a grip and some leverage and pull exterior apart. In other words, a decent amount of time and annoyance. I’d say that’s pretty good as it’d be fairly obvious if someone ripped it apart and put it back together w/o lots of care (which it should be on your keys, w/ you at all times anyway if you take your security seriously).

Thoth, I know this is one of your “security fetishes”, you should look into manufacturing process of these for your site for practical, I would say medium to low tamper assurance due to no alarms triggering (that I’m aware of…) (process “should” be protected, but something will leak eventually); the epoxy was extremely annoying but peeled off fairly easily under the cover. Then once you’re done w/ it, smash it w/ pliers then blender, whatever lol.

I didn’t tear this version down, it was the newer smaller ones, using multi-sided boards, smaller components, LCD screen protects circuit from “human vision” so you’d need to x-ray it or something along those lines

Thoth May 2, 2015 7:26 PM

@Andrew Wallace
The fact that people are feeling uncomfortable about their policed state and Governments is a sign that something is deeply wrong in the Governments that run these states which causes so much panic in the people.

Instead of diving into the problems and dissecting it and analyzing it, most Governments are very good at silencing critics and activists with further efforts to propagate the problems and make it much worse.

Blind trust in the Governments is a thing of the past. As we grow in our intellects and capabilities to communicate and understand our surroundings, we start to question things. Blindly following the Governments and your so-called following the Police State and National Security Agenda is a thing of the past. We don’t sit idol and let someone manipulate us when we know that something is very discomforting with all these Government policies and their agendas (hidden or public).

If there is a problem with the State Mechanism, it needs to be rectify. The problem are not the people. They just want to live their own lives like everyone else, so are we. People are unhappy because of bad policies and tight controls and restrictions that do not serve meaningful purposes or are harmful to democracy. Instead of blindly following an ailing mechanism, it needs to be dissected, exposed and admitted as mistakes before it can be put on the tables for everyone to discuss how to go about to solve the issue. If mistakes of the Governments are not admitted, deep seating issues will become like tumorous cancers and would come back to haunt the people and the Governments. The first step is cutting open the issue (like a surgeon) before bringing it out to be examined and then using the right instruments to heal it. The first step of being open and cutting open the issue and expose the ugly and dark side is very painful which no one likes to do but it must be done sooner or later when these deep seating issues get worsen.

It is rather naive to think that following the Governments would do the trick because it never solved the issue.

One good example is Singapore where it has experienced relative peace for 50 years after modern independence from British rule. During the past 3 decades, the rule of the land is by the iron fist and unquestionable faith and obedience which unfortunately gathered a whole ton of deep seating issues. These recent decade, the people there decided to question the local Government as these deep seating issues arises and the race by the dominant powers that be to bury the issue back took placed a few years ago. The more the local Government tried to bury the issue, the heavier the recoil came back at them. The people that have been so used to civil obedience for 40 or more years suddenly took a sudden change in attitude and heavily questioned the Government on their policies and actions and requested more transparency. In return, the Government responded with more tighter controls and more opaqueness and ad-hoc-ness in rushing and making laws with minimal consultation of civilian agencies and representatives. The more they tried their luck, the harder the blow back came at them.

The epoxy over the central chip is a tamper evident epoxy potting every security device will need for their FIPS level certification. That is, if you scratch the epoxy or tamper with it, it becomes obvious. But the downside is anyone can replace the epoxy easily and there goes the FIPS “security” which Ross Anderson showed how easy it is to defeat those kind of tamper evidence. The battery would be used to power the chip and the screen. I am not sure of the model of the chip so I can’t comment much about it. Some of the chips are power-backed (removing power would erase the secrets) though but not sure what this one does. You can try to power it back on and see the reaction. If it continues to run and generate randoms, then this chip is not power-backed variants of crypto-chips.

To remove the epoxy, you need a mixture of acid to melt off those tamper evident potting first.

Part two will be decapping the security IC chip. It wouldn’t be so straight-forward if it is a FIPS compliant chip. The first few layers would be security copper meshes which uses the IC chips upper most and probably even the lower most metal layers to twist and form into serpentine meshes so that grounding or cutting the serpentine metal layer to reach the deeper layers might break the circuit. Again, if it is not power-backed, cutting the metal layers would not immediately trigger tamper response. The chip layout should also be “secure layout logic” where the original circuit is mixed and “scrambled” in a supposedly confusing manner across multiple metal layers on the IC chip to discourage reverse engineering. The chip may also carry on-board light, laser, moisture and other tamper reaction sensors but all those are purely useless if not power-backed for immediate zeroizing of the keys.

These smartcard chips (SecurID chips are considered so in that range) are for low to medium tamper resistance only.

Andrew Wallace May 2, 2015 8:06 PM

“The fact that people are feeling uncomfortable about their policed state and Governments is a sign that something is deeply wrong.”

It is a sign that the Government is doing everything right to protect its citizens from terror networks.

We are keeping the terror networks on the back foot by making sure they suffer from anxiety.

I think the only people feeling uncomfortable are terrorists and criminals.


Figureitout May 2, 2015 8:08 PM

–Have you personally had a go taking one apart? What kind of research did Anderson do and how many other devices broken did it take at their own pace in a lab, w/ no pressure of getting caught? So if they actually used a stopwatch before they started researching their target and then doing the attack, would be useful info to know, otherwise physical attacks on most chips (not the super small ones) are basically impossible to stop if you want to sell product. FIPS certification aside, one would need to know how to take the device apart (so some sort of popular mass-produced thing like the SecurID). For custom circuits, sent off to some random fab lab for “IoT” purposes w/ a layer of shielding, they’d likely break it before getting in. I don’t think it’d be that hard to program a tiny SoC (it’d take more engineering to get a non-SoC solution, but a SoC could be used as PoC) to write to a little OTP memory (if you want to keep device small) to just display error message if a certain voltage level goes off, it’d need an ADC then; just route the lines all around the edge of the device for crude probing. They’d then have to reprogram the firmware to look at a different chunk of OTP memory, so it should just overwrite it all and consider device toast.

An attacker would need external knowledge to make a quick attack; otherwise I’m thinking this low-assurance will force them to go where circuit boards are produced, where circuit is laid out on PC, or other place in manufacturing chain, or just replace ID number or unique signature you add to device. Proper OPSEC should render this mostly a fruitless endeavor; properly spreading out info you’re protecting.

So that’s all I’m saying, for personal practical devices you can actually build; I’m betting it would force a different avenue or they’d get caught/noticed. EMSEC wise, they’re going to draw extremely low current (I heard 5uA for older versions, that’s like electronic whispers..) and of course no power analysis; it’d have to be RF emissions.

Also, ULTIMATE SECURITY devices aren’t fun to use or you know…keep secure…ever. They can’t touch anything ever, and you have to do everything. Having lots of digital info that needs to remain secure to the highest levels today, you’re probably doing something wrong.

AndrewJ RE: R. Anderson statements
–Nicely said, I found it odd that he didn’t feel comfortable actually expressing himself in his home country, only in the US. I liked this too:

How can we push back on the poisoning of the crypto/security community? We have to accept that some people are pro-NSA while others are pro-humanity. Some researchers do responsible disclosure while others devise zero-days and sell them to the NSA or Vupen. We can push back a bit by blocking papers from conferences or otherwise denying academic credit where researchers prefer cash or patriotism to responsible disclosure, but that only goes so far.

Wallace Hilliard May 2, 2015 8:11 PM

Credit where credit is due: NSA did more to castrate NATO than 500 Iskanders could do. Disgrace the nominal elective state with espionage treachery, force complicity with clandestine armed attacks on civilian populations, and the puppet governments in your ‘allies’ lose their grip. NATO disintegrates from the outside in just like the Warsaw Pact did.

65535 May 2, 2015 8:35 PM

@ Benni

“…the police has to collect all the evidence. Evidence for and against the subject. And then this is reviewed by a professional judge who has had an intensive training…”

That is an interesting difference be the American legal system and German legal

“…after an insanely long time, they will have their report finished for the judge…”

That sounds like a long time. In the States the citizens would just turn their attention to the “latest sensational scandal”.

I did take the time to read about the heavy weapons being exported to repressive countries via the BND. That sounds quite criminal. Thanks for your interesting articles.

rgaff May 2, 2015 9:48 PM

@Thoth said:

The fact that people are feeling uncomfortable about their policed state and Governments is a sign that something is deeply wrong.

@Andrew Wallace replied:

It is a sign that the Government is doing everything right to protect its citizens from terror networks.

I think the only people feeling uncomfortable are terrorists and criminals.

In case it’s not clear, this essentially means: anyone who is not unquestioningly believing and following their government must be a terrorist or criminal, and really should be arrested immediately. Heil Hitler!

Anura May 2, 2015 11:30 PM

Come on, he has to be a troll. “There are no criminals in office” – that is not something anyone could possibly believe.

Thoth May 2, 2015 11:45 PM

I have not had the fortune to decap a chip (requires an FIB workbench and dangerous acids) but I have actually done basic tampering with smartcards for casual fun. Not really in-depth attacks since as it requires much more time and my recent works as you might have noticed are smartcard based so I need to attack them to get an idea before I do code cutting for them.

The most I can do is to peel out the chip from the smartcard and hook it to some circuits for it’s pins but that in unnecessary if you have a smartcard reader to attack the logic first since it still access the pins. Currently playing with attacking the logic and have not yet progressed to more intrusive attacks like glitching the circuits which I heard was fun. Might try that once I lay more hands on more resources to glitch them.

The scenario of physically attacking a chip is not based on how many seconds you can break into it. It is more of an APT threat if you will. If someone gets at your crypto-device and starts to do serious stuff like physical intrusions, they must really want to break you so badly that they have to commit to it.

If the chip is an unknown/new model, you will need to first get hold of a few and destroy the chip packaging and access the metals which is how most people do to access the circuits and make mistakes to understand it’s operating parameters. Once you have a blueprint of it via reverse engineering and tampering (hopefully the traps aren’t too strong), you would have an attack vector(s) where you can create automated tools to make it insecure within seconds or hours if you want via automation.

You can’t simply sit on 1 single chip for testing. I got myself a couple for backup just in case I trigger a tamper somewhere and most other people would get even more chips because mistakes are common and the process is pretty manual if it’s something new to the attacker.

The current principle of defense from the smartcard industry (interestingly) is size. There seem to be a trend of reducing the chip size for smartcards as small as possible not just for convenience but for security. If the chip is really that small, the attacker might have his hands trembling while decapping and bypassing the “securely” designed traps.

Also if it’s small, you can just take a nail punch, aim it for the center of the smartcard chip and you have effectively rendered it gone due to how tiny these chips are these days.

Regarding voltage glitching and tampering, that’s what they advertise to protect against but the catch is …. the tamper mechanisms and alarms would only activate on the next RESET (next power-up) and that applies to all mechanism. Currently I am code cutting a smartcard app and I have taken into consideration the moment a card is captured and is given physical attacks and the APIs to handle the tamper response and memory is quite a chore.

The thought of creating somewhat tamper-evident/resistant smartcards is to hope that the user can quickly notice a tamper and execute a rekeying of their secret keys (banks, finance …) but the fact is these sleek cards simply always pass by unnoticed (OPSEC failure) and people simply take too long to react (not trained in security).

Again, if you are considering fast attacks, you MUST already have the blueprint and attack vectors otherwise a fast attack does not exist. I wouldn’t say the smartcards are built tamper-resistant to a high degree but they can ensure that the “fast attacks” wouldn’t occur on properly built hardware and software which as you said, would force the attackers to do something else or take longer time to attack. Once you have a successful and mass deployable attack (best is a logical attack done from a distance) e.g. a contactless card RF attack, this would be very deadly. Otherwsie, back to the drawing board 🙂 .

High Security devices are irritating but good. Again, Security vs Convenience trade-offs. I rather disguise my smartcard as something if I were to deploy them and if I were to sell them I would allow some random design patterns so to hide them among the tonnes of prepaid caller, payment, clubs, loyalty and debit cards you carry in your wallets. This would be daunting as an attacker must figure out which is the actual card among your wallet full of so many cards and that’s going to be highly irritating to reverse engineer ALL of them and make a smart guess. Most standard smartcard suppliers sell plain white cards which can be paid a fee to customize the design which they will do so happily for the extra cash (if you can afford).

Different security requirements and levels of security requires different devices. If it’s the root master key, use the huge sluggish tank-like hardware module please. Take the trouble to hand load the keys from paper fragments and properly burn them (you know what I mean). If it’s a travelling security card you bring along for quick access to your materials using a “sub-key”, you can consider something more portable like smartcards or crypto-sticks.

I am wondering why would Andrew Wallace reply in a fashion of discrediting himself…. Is he warning us about something ???

Nick P May 2, 2015 11:46 PM

@ Gerard

re MLK

I have information on (a) how their case was made and (b) the stuff they ignored. Much of the most damning evidence was published by the local newspaper. The most concrete of it shows Ray had extremely sophisticated help and testimony against him was forced. The rest of the testimony makes it clear he was a dumb, fall-guy. One day I might show you the whole, unfiltered thing in private.

re Go tools

Good! I’m happy they helped. 🙂

@ AndrewJ

Appreciate it. That was a nice summary and commentary.

@ Figureitout

They’re easier to break down on purpose. They’re designed to be cheap and fairly convenient. RSA correctly assumes that physical access to such a device equals compromise and just tells people to prevent that. Effective tamper-resistance for enemy with time on their hands is still an open, research problem.

@ Anura

The mailing list we referenced said he made certain types of statements and was therefore a troll/fraud. He’s been making those same types of statements and using the same tactics. The writing style has certainly improved. Whether him or not, that his posts are equally troll-like and derailing show his true nature.

Buck May 2, 2015 11:48 PM


To believe or not to hold beliefs – does it really make a difference..? It could be possible that some would actually believe (or have to say) such things, am I right!?

William Lee May 3, 2015 12:08 AM

The planters are pretty clever – on one level. Completely impractical because tillandsia evolved to condense water from the air on their leaves, then funnel it into the center where it can make use of it. Trying to grow them upside down wouldn’t work, because any moisture on the leaves (domestically they’re generally ‘watered’ with a spray-bottle mister) would just drip off the ends without getting to where it needs to be.

Cute though, I’d be tempted if they didn’t just look like air-plant killers.

Buck May 3, 2015 12:34 AM


That is an interesting difference be the American legal system and German legal System.

Is it really though?? I think I see what Benni is saying here — that the police in Germany have to gather ‘all‘ available evidence before approaching the judge/jury..? While, in the U.S., we already know that they ‘collect it all‘!?
Brady v. Maryland

Withholding of evidence violates due process “where the evidence is material either to guilt or to punishment.”

Nick P May 3, 2015 12:43 AM

@ Buck, 65535, Benni

I think the most interesting thing Benni said is the German legal system requires them giving everything needed to determine guilt and innocence. Whereas the American system is adversarial where police and prosecutors try to present guilt at all costs while defense tries to achieve innocence at all costs. If my impression of his comment is true, then I’d love for American police to imitate Germany in gathering and presenting data on both angles of an investigation. It would lead to less wrongful convictions.

Buck May 3, 2015 1:02 AM

@Nick P

In the U.S.:

police != prosecution
must_present_all_evidence_to_defence(prosecution) == true

If by ‘try to’ you mean:

practice != theory
innocent_before_proven_guilty == false

Then, perhaps I could see where you’re coming from… 😉

Nick P May 3, 2015 2:06 AM

@ Ryan

Yeah, he’s definitely a crook. Also featured in this video where he slammed Texas in a hilarious way. Leave it to a Florida thug to take that risk in office. It would’ve been an awesome fight if a true Texas debater was on the other side. Maybe like GWB in his golden days.

@ Buck

Nah, I meant innocent_before_proven_guilty + prosecution_gives_not_a_single_f*** = easy_conviction + prosecution_career_benefits. You were really, really close though. 🙂

Wesley Parish May 3, 2015 2:45 AM

@Andrew Wallace (May I call you Wally?)

There are no criminals in office but there are criminals influencing outcomes.

Ah, lookee what I found:

In the world most of us live in, lying about someone else’s hostile intentions to justify killing them is regarded as a crime, one of the most serious crimes one can commit. Lying about someone else’s lying in such a case is also a crime, termed perverting the course of justice in committed while drawing up the evidence and termed perjury if committed while the court is in session and you under oath to tell the truth.

So how do you plead, Wally?

Mike the Goat (horn equipped, redux) May 3, 2015 3:43 AM

Nick P: exactly – and thanks to the media, your face is likely going to be plastered all over the place even in the event that you are cleared by a jury of your peers (or perhaps even if the charges are so bogus they are dropped). A similar thing happened to me years back. I got paraded through my college in handcuffs and told that I’d be doing federal crime, because they suspected my involvement. The only reason they “suspected” my involvement was that an attack originated on the college’s network and I was one of the few people there the staff claimed would have the ‘skill’ (really? you know, idiots can run scripts too). People I went to college with still speak of this almost 18 years later.

Btw nice to see you again Nick. I’ve been super bogged down with life, and haven’t had much of a chance to post.

Gerard van Vooren May 3, 2015 4:24 AM

@ Wesley Parish

These news articles show – again – that the Iraq war was a racket.

It explains why they didn’t give a shit about the civilians of Iraq when they invaded the country and why all the plundering took place. It was only the oil control they were after. Nothing more or less. Sadam Hussein had to be removed because he wasn’t a reliable dictator anymore after he invaded Kuwait.

It explains a lot more but that has been discussed multiple times here.

Sometimes I question whether the whole Cold War wasn’t a racket as well, including the big red scare. We all know now that the Vietnam war was a racket, the War on Drugs as well and also the War on Terror.

That all said I can understand why Iran wants nukes AND the Stuxnet response.

Sadam Hussein being killed because of oil, Ghadaffi as well. If there was oil in Syria then Assad would have been killed as well a couple of years ago. But there is no oil in Syria.

And all the guys involved, all the mass murderers, are still free men. The fucks.

Clive Robinson May 3, 2015 5:59 AM

@ Gerard van Vooren,

That all said I can understand why Iran wants nukes AND the Stuxnet response.

I don’t think Iran actually wants nuclear weapons for various reasons, not the least of which is they are a pointless waste of resources, which would be better used for building up the economy and conventional weapons, South Africa realised this a considerable period ago. Pakistan has then proved beyond doubt that whilst nukes might deter a close neighbor with their own nukes (India) it has absolutly no effect on the US sending in drones and strike teams, killing wherever they want. In Iran’s case they know that Israel will just send in drones and teams to stop any nuclear weapons development. The only way to get safety from the US who would back any Israeli play is to be able to strike them effectivly. This requires advanced long range delivery systems, and outside of UN Security Council permanent members and a few Western nations it’s only N.K. developing systems that might be used for longrange delivery.

What Iran wants to do is become energy independent of oil and gas, they like several middle eastern oil nations know the stuff is running out. Also importantly they know the likes of the US are planning ahead for taking political control via energy as Russia has been attempting to do. Thus to avoid becoming a vasal nation yet again they need to get nuclear energy production up and running long befor the oil runs out, so that their economic development will continue.

The US neo-cons know this hence the recent compleatly pointless grand standing with the Israeli premier, having non WASP nations with their own independent energy goes very much against their master plan (of which Iraq was just a part). However the neo-cons are also their own worst enemy, they have failed to learn from the history of “White Supremests” who become a decreasing part of the population and thus become deposed. The usual indicator of “the way down” of minority politics is it becomes fractured, as the ultra orthodox become unbalanced in their attempts to keep reality at bay, whilst the less orthodox realise that the only way to survive is to bring in fresh blood and maintain or improve the percentage head count of the voters. It’s why we see such pathetic gerymandeaing and vote rigging in various areas of the US.

65535 May 3, 2015 7:50 AM

@ Nick P

“…the most interesting thing Benni said is the German legal system requires them giving everything needed to determine guilt and innocence. Whereas the American system is adversarial where police and prosecutors try to present guilt at all costs while defense tries to achieve innocence at all costs.”

Yes, that is the way I read Benni’s statement.

In the States presenting evidence at all costs can mean “trying the case in the media” or in “in the court of public opinion.” That is where things get hinky. These cases become sensational media circuses with both sides leaking their “evidence” to friendly sectors of the press [that’s friendly to prosecution or the defense – or both]. Juries can be come tainted – so much so that a fair trail is not possible.

Andrew Wallace May 3, 2015 8:48 AM

We went into Iraq as Saddam had already attacked Kuwait and was threatening other neighbours.

We had no reason to believe that he wouldn’t one day attack his other neighbours.

He called our bluff with claiming to have had WMD.

We saw evidence of chemical weapons and mobile chemical processing lorries.

By the time we got into Iraq the evidence was destroyed of these weapons.

He had refused to let weapons inspectors into suspicious facilities seen on satellite.

He was a perceived threat and had already used the weapons he was threatening to use again.

He made every effort to make us think the weapons existed and that he already had a history of using weapons.

We took legal advice before, during and after the conflict. It is watertight.

Our actions were completely legal and carried out in good faith of the evidence presented.

The actions took were legal and remain legal.

In the end what happened in 2003 was down to Saddam and only him.

He took his own country into a war with the west that he was goading into this action.

The leader Saddam was not fit to remain in political control of Iraq and we took actions to remove him.


Secret Agent Man May 3, 2015 10:42 AM

Andrew, MI5 is not going to give you a job, no matter how much you say the pledge of allegiance to official bullshit.

Now, if you ever wanted people to believe you, instead of picking you for imaginary spy jobs based on abject loyalty to ridiculous crap, you need to know that there are these things called links. You can click on them by pushing on the mouse with your finger and part of your stupidity goes away. Here,

See? Talk about legally watertight, now you are watertight like a crab’s ass!

Charles J. Denholm May 3, 2015 10:44 AM

@ Andrew Wallace

You know what you look like to me with your cheap patriotic fervor and your sieg-heil posts? You look like a wannabe… a well-scrubbed, butt-kissin’ wannabe with a little experience as a hall monitor. Reading trashy spy novels has given you length of ambition, but you’re not more than one generation from 7-11 security guards. And, oh, how the real operators saw you, with all those tedious, sticky keyboard fumblings while you could only dream of getting out, getting a badge, getting a real worldwide badge, getting all the way to the N… S… A.

Fly away now, little Andrew. Fly-fly-fly.

Clive Robinson May 3, 2015 11:46 AM

@ Andrew Wallace,

You are very wrong about the Iraq invasion.

I would suggest you start by reading Dr Hans Blix’s book, he was the senior UN weapons inspector for Iraq.

Oh and you could start with this,

I’m sure others will point out just how wrong you are in all aspects of your comments, but from your previous comments I very sincerly doubt your ability to comprehend it and take it on board.

Like others on this blog, I suspect you are here to try and ruin the blog and drive others away, and like Nick P pointed out it is a duty to correct your factual inaccuracies and faux assumptions, so that others are not influanced by your base cannards.

Andrew Wallace May 3, 2015 12:08 PM


Hindsight is a great thing.

The UN is very much thought to be redundant as an organisation.

The fact we had to bypass the UN to take actions in Iraq proves this.

We have untrusted nations at the UN such as Russia who will veto western interests.

We had to bypass the UN for this reason.

The west are suspicious of the UN and those who are part of it, e.g Hans Blix.

We had to take decisive action against Saddam and the UN were working against our interests.

UN does not work in our interests when actions are required.


Alex Younger May 3, 2015 12:37 PM

Miss Moneypenny, make this young man an offer. He’s MI6 material, just what we’re looking for. His likely career trajectory is sure to be of service to our nation.

Welcome to MI6, Andrew. Now you are one of us. Utmost secrecy is paramount. Sleeper Agent Wallace, go to ground and await orders!

Bystander May 3, 2015 12:40 PM

@Clive Robinson

The BBC page was interesting. Thanks for posting.

The history of the region and US involvement reaches way back.

The 1953 Coup against Mossadegh is no longer in the news, but the results are.

The CIA angle of this event is quite interesting.

Saddam was not always the bad guy.

U.S. Intelligence and Iraq WMD…

The National Security Archive is quite interesting in general.

Martin Walsh May 3, 2015 12:43 PM

People believe what they want to believe. That includes you. You listen to the news you want to listen to and read the stuff you want to, then filter it all to maximize reinforcement of your existing beliefs. Have you considered the possibility that you’re wrong?

TheBud May 3, 2015 12:47 PM

“The actions took were legal and remain legal.”

The concept of ‘legal’ is interesting in the U.S. when Executive Orders can be issued to ‘justify’ any action.

Classified Executive Orders, no less.

Olavo May 3, 2015 1:00 PM


Death Penalty in European Union is just not an option:

“The European Union holds a strong and principled position against the death penalty; its abolition is a key objective for the Union’s human rights policy. Abolition is, of course, also a pre-condition for entry into the Union.”


( sorry, EU is just a little bit more advanced than US on these terms )

@783, Nbk

Nick P May 3, 2015 1:46 PM

@ Nash

HOLY SHIT! I’ve got more declassified files and statements on covert ops (incl MLK) than most people yet… I’d never heard of this trial or testimony! Thanks for bringing it to my attention. Matter of fact, although King center is down, I found the trial transcripts here.

I encourage anyone interested in the truth or showing U.S. government’s true colors to save a copy of every link on that page. Seeing media censorship of 1999 trial, there’s a real chance those transcripts could disappear from the Internet and end up in less believable sources. A lot of critical news articles covering 9/11 already disappeared. The same happened with data showing propaganda on Iraq. These precedents indicate we should archive this carefully.

Back to MLK. In a nutshell, declassified files and testimony show the federal government thought he was a communist hell beant on overthrowing U.S. government. The Army believed that his Washington march would create so many dissenters, maybe violent, that they couldn’t hold them back with few troops there. Mafia and big business was worried about their profitable plutonomy going away. So, MLK would be eliminated in Memphis with a two pronged approach: a Mafia hit carried out with cooperation of city police and state government politicians; an Army Special Forces sniper team to take him out as backup. The FBI accused the patsy, suppressed all evidence, the media editors fired reporters who tried to publish alternative evidence, and the state pulled judges off of later trials. Eventually, a civil suit brought all evidence to light, attorneys battled it out, and the result was a conviction of the U.S. government plus private parties with Ray established as innocent. This was never reported.

Welcome to the America I’ve been living in. Like the author said, most people won’t experience it, few report on it, and that’s why the false democracy keeps marching on with little challenge.

Lignum Vitae May 3, 2015 3:07 PM

I don’t know why you guys indulge Andrew Wallace. He is quite obviously an ill informed, loudmouthed nobody — and not a very bright one at that. The chances of him having any involvement in nation level intelligence are as high as me winning Miss Universe this year*

  • (For the record, I am an hirsute, overweight middle aged man with an old slice of peperoni stuck to my shirt and half my crack showing)

Grauhut May 3, 2015 3:43 PM

@Benni, 65535: Nothing will happen here in Germany, they will explain to our chief state attourney that this NSA/BND affair is NATO “war against terror”(tm) business and “he doesn’t need to know”. 😉

In this moment every movement in Karlsruhe will end and they will continue their office sleep. Stay calm, nothing to see here!

The NATOs 2001 article 5 declaration was a second Machtergreifung, but so secret, nobody recognized it. We all already live in a fascist NATO state, we just have to wake up and see it.

QL May 3, 2015 4:54 PM

“The leader Saddam was not fit to remain in political control of Iraq and we took actions to remove him.”

That reads like script material from the film Team America. The reasons given for the 2003 Iraq war by America prior to the invasion have not survived critical scrutiny. Apart from politicians and security agencies trying to explain away their mistakes, virtually all independent historical analysis after the war has come to the conclusion that it was the wrong thing to do.

Unrelated Comment:
I decided to use TOR to post this and was interested to find that on my first attempt, Bruce’s blog was inaccessible even though everything else on the web seemed to work fine. Have any other TOR users experienced this?

Anura May 3, 2015 5:35 PM

In US civil war news, the Governor of Texas has tasked the State Guard with defending Texas against the US Navy SEALs and Green Berets out of concern that their training operation is actually a false flag and they are under orders from Obama to place Texas under martial law and cart political opponents off to FEMA camps. Because ISIS.

This is your brain after ODing on conservative propaganda.

subliminal.script May 3, 2015 6:08 PM

@Nick P

Welcome to the America I’ve been living in.

One Snowden effect is having the key to decode the cultural shaping done in the media and Hollywood movies.

It’s now possible to work backwards by contrasting the public image of America with the truth.

The world is a whole lot more interesting than it used to be.

rgaff May 3, 2015 6:31 PM

@ Lignum Vitae

entertainment, perhaps?

@ Grauhut

“fascist NATO state” means “fascist US state” right? I point this out, not with intent to insult, but to encourage people who have an ounce of nationalism left to resist it.

@ QL

Yeah, TOR isn’t always the most reliable thing when it comes to exit nodes… I didn’t notice it with this site specifically, but enough general issues that I only use it when I feel the need to.

@ Anura

interesting 🙂

welp May 3, 2015 6:41 PM

smart enough to fly an UAV… dumb enough to click on a pdf link… sounds like the right mix of skillset…. j/k

welp May 3, 2015 6:43 PM


tor’s got a hole so big you can fly an UAV thru it… or is it just my imagination….

welp May 3, 2015 6:56 PM

@Lignum Vitae
The chances of him having any involvement in nation level intelligence are as high as me winning Miss Universe this year*

Sometimes a hanging breaking ball is the best pitch in the game.;)

rgaff May 3, 2015 7:53 PM


Tor does have issues, but it can be better than nothing. And yeah, there are so many things you can accidentally do (like clicking on PDF links) to blow it wide open… It was never designed to protect against a truly global oppressive threat, only a much more local one, it’s not just your imagination.

Marcos El Malo May 3, 2015 8:00 PM


I’m surprised you didn’t explicitly mention Obama, unless we’re at the point when Obama being the secret leader of ISIS is just a given.

re: Andrew Wallace

Troll or performance artist? I think his provocations aren’t really that provocative, but apparently many feel otherwise and find his faux naïveté worthy of more than one response.

Nick P May 3, 2015 9:55 PM

@ subliminal.script

It certainly is. I’ve been doing that here with my contrasts of what public, Secret, TS, and ECI people are told. The other thing to watch is how various media outlets are handling the revelations. I predicted some time ago that those controlling the media on national security issues would have them divert it into largely two sets of strawmen discussions, one for left and one for right. They’d then minimize coverage of those offering compelling arguments based on the worst things in the slides. They’d also speculate on things that were already revealed.

I have been too busy with personal matters and technical/political posts to follow the mainstream articles and interviews. Don’t really watch TV, anyway. I’ll let others that have seen what stories mainstream outlets published test my prediction. The key test of my theory is, “Did they grill the government on key issues in the docs in a way that might generate action? Or did they each push lesser angles that would make their respective sides merely gripe or dismiss the situation?” A democracy takes option 1 while a police state tends to take option 2. This, combined with endless distraction/activity, is how you prevent revolutions.

Nash May 3, 2015 10:48 PM

Yes, Pepper is a force of nature.

Russ Baker, too, in his own way, poking new holes in OKC and the Boston Marathon show trial.

With each new state crime that is exposed it’s like you have to reassemble your whole identity: To think that once I trusted them. How could I have been such a dupe? It’s especially hard for people with collateral access – SCI, ECI. Their compartments keep them beavering away at crime and treason, unwitting or even idealistic because they can’t see how they’re being used. When people like that get over their shock, the leaks that result can break the impunity dam.

Buck May 3, 2015 11:17 PM

@Nick P

… those controlling the media on national security issues would have them divert it into largely two sets of strawmen discussions, one for left and one for right. They’d then minimize coverage of those offering compelling arguments …

Throughout my entire lifetime, I can’t recall a single national issue where the mainstream outlets did not follow this exact formula. No need to turn on your T.V. I’ll take a quick look for you… Yup, all channels are still airing the standard divide-and-conquer propaganda!

rgaff May 3, 2015 11:27 PM

@ Nick P

What stories? 🙂

Generally I’d say it’s toward option 2, but there’s an additional though similar reason other than police state: the mainstream US media itself is not free and open, it’s tied up with its own agenda and interests. It’s not all under “state” control per se like in a true police state, but it is very much under the heavy screws of corporate dictatorial control by direct ownership. Money and power is what moves it. Like I said, very similar to a direct police state, but with technical differences. It basically means that politics do not effectively control the country though, big business does.

mice May 3, 2015 11:47 PM

I thought that iraq got invaded because they were going to start trading in gold instead of Us currency.
The same with Bricks, russin ,china, bressel etc, the last person standing wins.

gordo May 4, 2015 12:21 AM

While making my blog rounds, I came across this interesting item listed on the Random Spaf Items blog:

Multics B2 Security Evaluation
Edited by Tom Van Vleck
Last update: 2015-04-30 17:49


When Multics was released in the early 1970s, it had a large collection of features designed to provide privacy and security; each organization that installed a Multics system chose how to use them to achieve its goals.

In the 1970s, the US military realized that their requirements for handling classified documents were not met by any computer system. Research led by US Air Force Major Roger Schell led to explicit models of US government document security requirements that military computer systems would have to meet. US DoD-funded projects built several demonstration systems and added security features to Multics.

In the 1980s, the US National Computer Security Center established a system security evaluation methodology, and the Multics team made changes to Multics and provided documentation, leading to the award of a class B2 rating.

This article describes the Multics security evaluation that led to the B2 rating in the mid 1980s, starting with the needs and context, describing the actual process, and discussing the results.

Posted 24 Apr 2014

Buck May 4, 2015 12:48 AM

@Nash & @Nick P

After all of that, I wonder why William Pepper would refuse to release the identity of the one he believed to have committed the murder…


I’ve been following Russ Baker at WhoWhatWhy for a couple of years now – great outlet, yet totally unappreciated/underfunded!

mice May 4, 2015 12:53 AM

Windows has some of those features, not the stack OpenBsd has that, and the virtual memory swap, is done by the kernel in windows, the part about previlage instruction got moved onto the Cpu with a ring 0 level abilty to run some extra instructions without a seg fault.
That OS as got moudled into a range of OSes today, and most by a quick skim is added to even the basic OS.

Cpus are adding virtual executions of instructions for more security, it is all moving onto the Cpu.

Daikiri May 4, 2015 5:53 AM

You know you’ve got a problem when the European Parliament thinks the Tor network is so vulnerable it wouldn’t even recommend it to its citizens as a short / mid term mitigation measure.

gordo May 4, 2015 7:00 AM

@ mice

Though I recognize numerous principles which have been implemented in current systems, many of which we take for granted as part-and-parcel, I’m not technically adept in any particular technical discipline, i.e., my view is less technically informed.

As so, and @ All, with that grain of salt, if not naiveté, my takeaway is that, short of a Manhattan-style project, and neither of these are it:

Headline: U.S. Has Launched a Cyber Security ‘Manhattan Project,’ Homeland Security Chief Claims

Headline: Surprise! America Already Has a Manhattan Project for Developing Cyber Attacks

. . . we’ll not see much progress in our lifetimes.

The kind of resolve exhibited in this speech, however:

President Kennedy’s Next Moonshot Moment

. . . should be applied to computer security, and that space.

At this stage of computer security evolution, we’re at missiles. Below that radar, it’s “not material“; average joes/plain janes are treated like collateral damage; the commodification of the Fourth Amendment continues apace; the fallout from 9/11 has not settled; and the IoT (an Internet of Treats(?)) may yet have its day.

I wonder, now, in a maybe different way, about abandoning computer security: ”Was it worth it?”

gordo May 4, 2015 7:06 AM

Yes, a couple typo’s in my previous post (corrected):

…and the IoT (an Internet of Threats(?)) may yet have its day.

Alan Kaminsky May 4, 2015 9:15 AM

F.A.A. Orders Fix for Possible Power Loss in Boeing 787

The 787 has six electrical generators. Two 250-kilovolt-ampere units are mounted on each of the two engines, and two 225-kilovolt-ampere units are used as backup generators. The generators provide power for a variety of functions on the aircraft, including running the plane’s avionics, pressurizing the cabin and de-icing wing parts.

Each generator is linked to a control unit. Boeing found that if the four engine generators were left on continuously for about eight months, a software internal counter would overflow and cause the control units to enter a fail-safe mode. The F.A.A. warned that this could result in a loss of all electrical power, regardless of whether the plane was in flight.

This software implant is clearly an attack perpetrated by some terrorist group like ISIL or some rogue nation-state like North Korea. Much more sophisticated and widespread than the Underwear Bomber or the Shoe Bomber — guaranteed to cause the loss of an entire fleet of airplanes with potentially thousands of victims.

As the saying goes, never ascribe to incompetence what can adequately be explained by terrorism.

Nash May 4, 2015 9:36 AM

@Buck I don’t get that either. Why shield Raul? Pepper once hinted at some future legal sequel but he has also said, my work here is done, I’m on to RFK. Unless he thinks too much focus on the cutout might distract from the real point: the US government’s policy of murdering dissidents.

did not read May 4, 2015 10:22 AM

Please stop replying to Andrew, this forum has gone to shit because of his trolling.

Buck May 4, 2015 11:57 AM


That’s a pretty good guess! I could certainly understand his reasoning there if that is indeed the case…

Thomas_H May 4, 2015 1:37 PM

So the director of the Dutch secret service has opined that Snowden’s statement about his service being the lapdog of the NSA is “absolute bullshit”, with about the same amount of subtlety that Mr. Wallace displays on this blog (i.e. none):
(Article in Dutch)

His statement is mostly an ad-hominem attack on Snowden, and he does nothing to actually counter Snowden’s claim (which probably means that Snowden’s claim is actually true). The timing is also suspicious, as he did not say anything when Snowden made the claim some months ago, but now says this, just after the BND scandal was revealed. Curious, curious.

RE: Mr. Wallace. Either he is a troll, or a (incompetent and utterly naive) law enforcement employee who is so convinced of his own views that he cannot understand that other people might have other ideas, and also cannot see how his own limited views are an obstacle to his own advancement. In short, this:

C baker May 4, 2015 2:41 PM

Is it wrong that while I appreciate your daily posts, I mostly read for the weekly squid posts?

tyr May 4, 2015 4:48 PM

Project gutenberg 48871 ebook

Kerckhoffs has stated that a military cipher should fulfill the following requirements:
1st. The system should be materially, if not mathematically, indecipherable.
2d. It should cause no inconvenience if the apparatus and methods fall into the hands of the enemy.
3d. The key should be such that it could be communicated and remembered without the necessity of written notes and should be changeable at the will of the correspondents.
4th. The system should be applicable to telegraphic correspondence.
5th. The apparatus should be easily carried and a single person should be able to operate it.
6th. Finally, in view of the circumstances under which it must be used, the system should be an easy one to operate, demanding neither mental strain nor knowledge of a long series of rules.
A brief consideration of these six conditions must lead to the conclusion that there is no perfect military cipher

This sounds like the recipe for internet protection as well as other

If it’s hard to remember or too involved that becomes a giant hole
in any scheme to protect anything.

Grauhut May 4, 2015 5:19 PM

@rgaff: “”fascist NATO state” means “fascist US state” right?”

I think the m.i.c. owns us all, the US people are more or less as 0wned as we are.

This never ending “war against terror”, is producing more terrorists than it kills by it’s stupid “drone induced collateral damage is acceptable” policy.

Every (not so) “high tech weapon” producer e*aculates three times daily on these numbers. Every killed innocent tribesman, woman or child means to be able to sell more weapons to fight his family members crying for revenge in a once more porolonged senseless war.

We all live under some kind of “secret martial law” behind the official law making process. Very similar to Fraenkels description of the Nazis “Dual State” system.

Mike Amling May 4, 2015 5:47 PM


Unrelated Comment:
I decided to use TOR to post this and was interested to find that on my first attempt, Bruce’s blog was inaccessible even though everything else on the web seemed to work fine. Have any other TOR users experienced this?

I haven’t. I use Tor for this blog, and it always works. Try waiting 10 minutes or selecting “New Identity”.

Benni May 5, 2015 7:25 PM

@Nick P
Yes, this is the main difference between the german and us juridical system. It takes longer, but then it is more precise, and avoids false convictions since the police is forced to act more neutral and collect all evidence. Note that in germany, there is also no law that forbids evidence which was obtained illegally or by accident. This is because the judge has to find the truth. That means, if police will search the BND building because of weapons exports, and they find something else by accident, then this will get BND legally into troubles, too. So the best that can happen is, if BND says nothing because of the illegal arms export and then the prosecutor has to search the building….

Now Angela Merkel will be questioned by the NSA investigation comission:

together with the minister of the office of the chancellory, and the foreign minister

Merkel says that she wants the list with NSA selectors to be confident, but only as long as they had finished discussions with the US government, after which they want to make own decisions…. And that again is typical for decisions that take place in german government offices.

It takes long, very long, but then it is utterly precise. I think one may expect that they release the list after one or two years. The german opposition has said it will sue the government if they do not release the list of the selectors in one week. Perhaps that process will then take a year or so… Eventually, it would not surprise me if this list lands on wikileaks….

I was born in Baden-Württemberg, That is the place where most patents per inhabitant are approved. A region full of engineers. Now the local minister for finance and economy of Baden Württemberg has asked Merkel formally if there are any companies from Baden-Württemberg in the selector list that BND helped NSA to spy on:

The reaction from Baden-Württemberg means that the poor BND now has some very influencial circles against it, people with money on their hands. Lets see how long BND can stand against the german industry….

Nick P May 5, 2015 8:45 PM

To: Buck
Cc: Nash
Subject: anti-climax of no murder’s name given

I thought he was trying to sell his book. The page Nash linked to indicated the answer was in it. It also made me wonder about his credibility. That’s why I originally dug up the King Center website to see if it at least appears to be the right one and had the records. It had the records with summary statements that matched his. Other files I’ve read corroborate everything except the newest info. So, I figured he was just trying to make a living off the good, expensive work he was doing.

Nick P May 5, 2015 8:54 PM

@ Benni

Thanks for the explanation and commentary. Yes, things do seem to be getting interesting over there. I especially like an engineering sector pushing on them because you said Germany is a top exporter of engineered goods. The last thing manufacturing/engineering firms or banks that back them want is for German companies to get the image American companies have right now. The image that says: buy somewhere else if you want to be safe.

Buck May 5, 2015 11:48 PM

@Nick P

Perhaps… I’d imagine his personal safety expenses could be quite a bit more than yours or mine, but based on everything I’ve read, he doesn’t strike me as the type to withhold information for monetary compensation. What specifically was said there that inclined you to believe the identity of the ‘third party’ was indicated in the book? I assume you are referring to “An Act of State: The Execution of Martin Luther King” – anyone read it, or have an available copy? It would be interesting to know whether or not the name is named in the book. Even if not, I’ll concede, that it could still be a marketing ploy… Yet, by my interpretation of the historical events, I’m inclined to believe @Nash’s explanation as being more plausible.

Gerard van Vooren May 6, 2015 2:54 AM

@ Nick P

How is your German doing? If I was you, I would really look into it, depending how old you are. To me, I think The Netherlands, Germany and the Scandinavian countries are the only real places to be if you look at transparent politics. The Netherlands however has a bit of a Calimero syndrome because it is small and it is also ‘dense suburbia’ crowded. Germany has more open spaces and to be honest I like their culture and architecture more. That said, I think we are all going ‘the US route’ as in McDonalds-ization everywhere. Today even in here the politicians wear all the same clothes and have spin-doctors US style. To much right-wing populism going on. We used to be a lot more progressive than we are today. But as people are getting richer they vote from their wallet, not their hart. I am quite sure the same is happening in Germany although Merkel is quite a woman. In Germany I think three areas are interesting: Berlin, München and Koblenz/Cochem/Bonn although Germany as a whole is just a nice country. To promote The Netherlands, here is a 20 year old music clip 😉

Wesley Parish May 6, 2015 5:04 AM


I think in the light of Our Dear (alt Overly Expensive) Friend @Andrew Wallace (better known as Wally, or The Wally) not entering an understandable plea concerning the charges against him, to wit that he has materially supported Western State Terrorism against innocent Iraqi civilians by promoting a Crime against Peace and against Humanity, to wit, the War against Iraq, 2003, and so, that he may be understood to have accepted the charge of guilty.

On a not so light note, I suggest you read this analysis of the recent protests in Ferguson, Baltimore et alii: Michael Gould-Wartofsky, The New Age of Counterinsurgency Policing.

We live in interesting times. How long before we enthrone Stalin, the Man of Steel?

FrenchForPatriot May 6, 2015 5:48 AM

French Version of ‘Patriot Act’ Becomes Law

I always thought France would do this anyway without any type of legalistics, or had already done so. It seems a CYA approach, much like what is happening here to avoid public scrutiny or being caught in the act of doing something “illegal”. All those EU countries will now be hit by another wave of digital data collection (in addition to the wave we produced).

gordo May 6, 2015 6:30 AM

@ Buck, @Jesse, @Nick P, @Andrew Wallace, @Beepeepeep, @Wael, @Marcos El Malo

Please, feel free to define any of the above terms as a singular concept that we all agree upon! Then, maybe we can continue to debate the (de)merits of the terms or classes of people!

Here’s another terminology list (with a pedigree going back to 1999), from a 2012 IEEE conference paper, “An updated taxonomy for characterizing hackers according to their threat properties.” [1]

New Categories       Old Categories
Script Kiddies      Novice
Cyber-Punks     Cyber-Punks, Virus Writers
Insiders        Internals
Petty thieves       Petty Thieves
Grey Hats       Old Guard Hackers
Professional Criminals  Professional Criminals, Information Warriors
Hacktivists     Political Activists
Nation states       N/A, Information Warriors
(p. 83)

. . . description of the “Script Kiddies” term:

1) Novice: According to internet terminology databases [6], [8] the term “novice” applies to someone who is new and not very good at something. In the security community, this category is denominated “Script Kiddies” [9], which in [6] is described as: “n. (Hacker Lingo) One who relies on premade exploit programs and files (“scripts”) to conduct his hacking, and refuses to bother to learn how they work.” Since this closely mirrors the definition of this category in [4], the name of the Novice category is updated to “Script Kiddies” (p. 82)
Abstract— The objective of this paper is to give an up-to-date terminology for and categorization of hackers on the Internet, and to characterize each category of hackers by their threat properties. To be able to prioritize defense efforts, security experts need an accurate taxonomy of attackers for the production of detailed and precise threat assessments. We take an existing taxonomy for hackers and update it to correspond to the terminology used by hackers and security experts. Also, the categories of hackers are updated to reflect the threat properties demonstrated in recent attacks, and each category is described in terms of motivations, capabilities, triggers, methods, and trends. The result is a current and detailed taxonomy usable in planning of digital defense efforts as well as in forensics after an attack has occurred.

. . . also here, on this blog previously, still another list (!) with its own thread (!) The Seven Types of [malicious] Hackers.

[1] Hald, S. L., & Pedersen, J. M. (2012, February). An updated taxonomy for characterizing hackers according to their threat properties. In Advanced Communication Technology (ICACT), 2012 14th International Conference on (pp. 81-86). IEEE.

[Note: “Detecting QUANTUMINSERT” thread’s going pretty good, but starting to get cluttered with script-kiddie/pen-testing/taxonomy posts, so I posted here on the squid!]

Benni May 6, 2015 6:38 AM

@Nick P
“The last thing manufacturing/engineering firms or banks that back them want is for German companies to get the image American companies have right now. The image that says: buy somewhere else if you want to be safe.”

Oh no, I do not think that this is what interests them. The last thing the german industry depends on is public relations. Their products depend on quality. Today, we have not seen the full list of selectors yet. Eads is in, but what about Daimler Benz or VW? The last thing these car producers want is getting their secret blueprints for electric cars to be served to apple by some spook…..

I guess it now depends on when the selector list is published and who is on that list. If there are key german industries on it, then BND gets into real trouble…..

Nash May 6, 2015 7:14 AM

@Buck, Nick P, in An Act of State, the sniper who shot MLK is identified only as ‘Raul’ or his nickname Dago, as a Portuguese CIA asset. Pepper found out where he lives, went and banged on his door, and spoke to his daughter. Raul clearly enjoys official impunity but his knowledge would be tightly compartmented. He couldn’t tell you much that isn’t known.

The real sensation of the book is how everybody wanted to join the fun (King was at the head of a kill or capture list with millions of names.) King was The Target like Osama bin Laden was the target. The inter-agency task force was enormous and unwieldy. They cc’ed the assassination orders to the White House. SR-71s were flying over Memphis, just in case.

gordo May 6, 2015 7:45 AM


Direct access to factual information related to the lawful foreign surveillance activities of the U.S. Intelligence Community.

Created at the direction of the President of the United States and maintained by the Office of the Director of National Intelligence.


Direct access to leaked information related to the surveillance activities of the U.S. Intelligence Community and their partners.

This website is the opposite of IC ON THE RECORD and has not been approved, endorsed, authorized, or redacted by the Office of the Director of National Intelligence or by any other U.S. Government agency.

BoppingAround May 6, 2015 10:25 AM


Gerard van Vooren,
Have you seen Vlemmix’s Panopticon? If yes, what can you tell about it?

JonKnowsNothing May 6, 2015 10:33 AM

The Guardian ran a story about how the MET (aka Scotland Yard) counter terrorism group busted a money laundering ring and arrested 6 men 1 woman. What was interesting in the rather mundane reporting of a fraud ring (now a “terrorism” ring) was this rather telling tidbit of advice:

The force said: “Members of the public are strongly advised, if you receive a call like this about your bank account from someone claiming to be a police officer, hang up the phone, wait at least five minutes to make sure the phone line has cleared, or use another phone line, before ringing the phone number on your bank card.”

I found it rather interesting that they claim it takes 5 minutes to “clear the phone line” or not to use that phone line at all. So, can we imagine what sort of malware/inserts are hanging on your VOIP/Telco lines/routers and where it’s located? Not to mention but what if you answered your cell phone?

So by what magic is the “line cleared” and why does it take 5 minutes?

Oh and what if you get pulled in by the 2x2hop rule because someone tried to scam you out of your bank account and that person is now a “terrorist”? Does the magic 5 minutes make you not a terrorist too?

Probably doesn’t matter that much because you can’t tell a scammer from a surveillance system: Google, Facebook, NSA, GCHQ, BND and fraudster’s everywhere are all the same: Terrorists Against Everyone’s Data.

If you aren’t in The Club, you are the target and you are the product being sold: Virtual Slavery.

Nick P May 6, 2015 11:37 AM

@ Buck

Oops. Turns out I misread the page. It was the questioner who suggested the answer was in the book. Pepper said it was a different guy then one changed the subject. So that hypothesis is out.

@ Nash

Oh, well no need for a hypothesis then. Raul is also the guy that set Ray up per his testimony. Busy, busy guy. And, yes, the huge array of people involved is what bothered me the most. I expect that the next MLK-sized threat to the establishment will need OPSEC that makes Wikileaks in their prime seem wreckless.

Nick P May 6, 2015 11:45 AM

@ Gerard van Vooren

Funny thing is that leaked slides indicate all of those were cooperating with NSA mass collection. Only two democracies listed as exceptions were Iceland and Switzerland. If I moved, I’m more likely to be in one of those countries. Plus, a number of countries in Europe cooperated with the torture flight program.

So, I have a hard time buying into the transparency argument at the moment. Music sounded good, though.

@ Benni

Makes sense. That’s the kind of damage that would deserve criminal charges. What kind of trouble are they facing, though? Will the punishment even be meaningful?

@ gordo

Like I said. 😉

Gerard van Vooren May 6, 2015 2:58 PM

@ BoppingAround

It is still not that bad in The Netherlands when you look at the big picture. The problem lies mostly at the department of Justice or ‘Security and (In)Justice’ as it is being called today.

The documentary has a large resemblance with Terms and Conditions May Apply (2013).

But in short: Yes, it is scary shit. When the shit hits the fan you are out. And that fan can be everywhere, it’s only partly under your control and the rest is mandatory.

More in detail I have always been a fierce critic of Dutch former secretary of Justice Ivo Opstelten. I am glad that the bulldozer is out (because of yet another scandal). Good riddance. His little aid, the crook Fred Teeven is also out-ish. The bad thing is that Opstelten is being replaced with yet another complete lunatic Ard van der Steur who is deaf when he sees the reality. They are stubborn pigs. And why? I can’t even imagine why although going ‘the US route’ could explain a few things. I said before: We used to be a lot more progressive than we are today. But as people are getting richer they vote from their wallet, not their hart. Hypocrisy usually goes along with voting from the wallet.

That is also why I asked Nick P how his German is going and that Germany is a nice country to live in. Heck, even I am studying German in the evenings. Really I do.

The post from Wesley Parish (link) could possibly also explain why the little cabal of secret services were scared of terrorism. It is because they would create the source for terrorism their-selves: The racket of invading Iraq for Oil under the disguise of WMDs. And because The Netherlands also wanted a cut of the cake they their-selves got a little bit scared as well and overreacted like G.W.Bush did. All the time he talked about terrorism he knew the hypocrisy because they were the ones creating the ground for evil.

The peaces of the puzzle are starting to fit. But the puzzle itself is very ugly.

Nash May 6, 2015 4:08 PM

Hey, speaking of SR-71s, CIA reverts to form with spy planes, now that they’re skeered of uppity negroes again. Only they can’t afford Blackbirds anymore. They’re using puddlejumpers.

Nick P May 6, 2015 4:51 PM

@ Nash

That’s funny. I think it was Marcinko that said SR-71’s cost around $100,000 an hour to operate. Far as puddle jumpers, don’t underestimate them: one mercenary kicked a lot of ass in Africa using those things. Don’t have a link handy. Imagine what dirty cops could do with tear gas pellet machine guns on them.

Jacob on the river Lethe May 6, 2015 9:04 PM

@nash @nick
I must be running low on caffeine. Read sr71 and puddle jumpers. First thought, when they get puddle jumpers? Thinking stargate Atlantis. Ugg. 😉

Conspiracies are tricky business. Some have been proven from past. Current conspiracies much more nebulous in the time frame that they happen. Crazier ones involve little rocks on Mars, CCD flash, and recently the ISS and sunspot video. So may things in life seem to be a roshach test, with some players actually acting the part of Walter Joseph Kovacs?

NSA is reported to be converting speech to text for searching. Really? Real top drawer research or thinking there. /s
Almost worse than csi cyber. Hard to imagine worse so far. :/

Figureitout May 6, 2015 10:24 PM

have not had the fortune to decap a chip
–Me neither, and I’m wary about chemical experiments, most especially ones I don’t know what’s going to happen (hell no, freaky chem. reaction possible) and get really nervous (if I trip and spill this, badness will happen). However, still going to try it eventually (maybe a little over summer) b/c I want to so bad. Every chip I blow, gets relegated to this pile for solder practice or chip decapping (not big yet, but I can add a little op amp tonight…got a little smoky lol :p). I may have to rent time on a microscope.

Alright so this isn’t practical for smartcards, but I found this (someone may have linked already), reading thru it; fun, very interesting. I think it’s good enough for your site as a link in hardware security. I highly recommended looking at some of the older (1990’s) chips and the layouts for inverters, buffers (cool), nands, or’s, etc. and even some random functions lol. I’m betting that many of these structures will remain “similar” but just shrunk on more modern chips, I’m guessing. Not exactly of course, and there’s different designs; but key is being able to spot a structure and have an idea quickly.

It says this about epoxy which I can say, is really annoying lol:

If the chip you’re looking for is in a plastic card, a pint of acetone will do the trick. If the target is encased in an epoxy carrier, it won’t be that simple.

You can’t simply sit on 1 single chip for testing
–Please…c’mon you know me better than that! Hell no, but for my personal projects budget is an issue so I can’t afford to push the boundaries that are risky, in favor of “safer testing” ie: non-destructive.

Regarding voltage glitching and tampering
–Yes, so my “design” (I have some EMSEC concerns, but power should be low enough and small shield it should be good enough) that’s probably already been implemented is 2 separate batteries w/ an always charged up capacitor. The lines on the outside, if cut via probing, I need to then route a signal to separate power line that either starts writing OTP memory triggering internal destruction and has firmware waiting to just basically brick the chip (I could probably come up w/ something nasty quickly, probably just an endless loop and no recovery, so basically a “logic bomb” of sorts). Another purpose of a large capacitor is to unload it and fry the chip (sophisticated forensics can apparently still get at memory if not cleared beforehand).

Those are just some ideas I think are feasible and practical; I’m unsure exactly how to implement it securely, and I generally don’t like to think about always destroying electronics.

I rather disguise my smartcard as something
–Yes, microSD cards are insane little devices. This makes lots of key mat moved manually possible, they can be put in lots of places (no please not there! :p). So this little RFID card I have, it’s re-writable if I understand correctly, like the chip on the card. Looks a little risky so I’m just chilling on it, but it’s just like a plain white credit card that could be used to transmit info (just mail a card). I don’t know if it’s feasible to hook up an RFID chip to a smart card, I would guess it is but I don’t plan on investigating it.

Nick P RE: physical access
just tells people to prevent that.
–That requires something along the lines of murder for some people w/ mental disorders, so yeah…or keeping some small electronics on you always which is annoying. I like to run w/ no electronics except clothes and shoes.

Thoth May 7, 2015 12:54 AM

If you want a contactless smartcard (ISO-14443 compliant), they do exist and are becoming very cheap. You can check NXP’s webpage for a bunch of them (bulk order of 1k+) 😀 or buy a smartcard or two with ISO14443 enabled. You can do lots of stuff with the ISO-14443 compliant chip (some of them are dual contact – normal chip contact [ISO-1786] + contactless [ISO-14443]). So yes, smartcards with contact + contactless are available. Thing is, I don’t trust contactless due to the current contactless cryptography still sucks thus the authentication and security is pretty much still broken.

There are methods to use electricity to fry very small IC circuits but the due to it’s tiny size, even a regular hammer or drill would have rendered it useless and in powder.

Just adapt your own iButton ( which is essentially a smartcard chip inside.

Figureitout May 7, 2015 2:15 AM

–Yeah for high assurance, a “contactless” chip isn’t something that works for me either; I want contact necessary for programming it at all times. The protocol won’t be very secure b/c it’s probably a pretty unique hacked up protocol lol; but there’ll be some security b/c few people even know what it is. Just illustrates how much data can be floating everywhere (how there are competing “impossible missions” of “collect it all” and “protect it all”). What would I do w/ 1000 cards?! lol, “make it rain” smartcards lol. I want more CPU’s and microcontrollers instead, better scope, function generator, better solder iron, better bench power supply, … the list goes on and on…

RE: frying chips
–The point of frying it via software is in case you leave it and someone breaks in physically trying to mess w/ it; though it would be funny to just smash it in front of their face. Hammering/drilling it is good when you have all your electronics you’re about to destroy on you. And people will say it’s still possible to retrieve data from the chip after being zapped via power supply pins or others since those should be kept away from memory. It costs money, and I’d be glad to test just “how easy” it is lol…

Benni May 7, 2015 8:27 AM

BND reports that it never looked at the data it gave to NSA. It has, however, compiled a list with 2000 european email adresses it got from NSA. BND now claims that these would not belong to german companies but mostly european politicians….

Apparently, they are really fearing the anger of some wealthy german companies… Perhaps it is just a matter of time until they get into real trouble….

The chancellory says that it expects the americans to answer in days what should happen with the selector list…..

The best thing that can happen now is that NSA does not answer….. Then a chancellor who has lived his youth in a surveillance state can decide on her own…..

Benni May 7, 2015 8:44 AM

Apparently, BND now wants to do it the german way:

It asked, typically for a german authority, that NSA should give for every selector a specific carefully written reason, which then would be assessed by BND before the surveillance starts…

The answer from NSA was, of course, that it is unable to do that…..

It seems that they have still to learn working in a mode where everything what they do is carefully protocoled and assessed for several months time before something may happen.

In future, I think this process should be coordinated by some oversight committee from the german parliament. Given that a telephone number can be a death sentence by a drone, every selector and every result should undergo a careful juridical assessment, probably also by prosecutors and judges, before it is given to a foreign authority. If the american police wants some information from its german counterpart, this happens as well. such rules should be valid for secret services as well.

Clive Robinson May 7, 2015 8:53 AM

@ Figureitout,

It’s not clear if you mean One Time Pad or One Time Programable when you say OTP.

Either way the way to deal with invasive behaviour by a third party at the memory level is to encrypt what the memory contains…

For an OTPad it sounds kind of mad to encrypt it, but if you think about it what you are doing is shifting one problem into a slightly easier way to mitigate it. Look at it this way the argument for OTPad security is not it’s apparent randomness –what ever that might be– but that “all messages are equiprobable”. Let’s say you encrypt the OTPad with a reasonable encryption algorithm, without any other input no matter what the adversary does to the data all outputs from the decryption are equiprobable, so they gain nothing by trying to decrypt it. Further if the pad has not been used they have no other potential input other than extracting the key from you. But even if they do, they have no way to tell if it’s the right key or not, because even if you give the correct key it gains them nothing, as no messages have been sent. Thus you have shifted the problem into a physical security issue rather than an information security issue.

However there is another way to do things which is generate an OTPad and transport it to your contact. Then agree a session key and start point at some future point using another secure key agrement protocol then “print out” your pads for manual usage etc.

With regards OTProgramable devices a similar approach can be taken. Think of spliting the code into two parts, an interpreter and the encrypted program written in the language the interpreter understands. In essence this is what Forth, Basic and even Pcode / Jcode systems are. The “magic sauce” is that you include a decryption program in the interpreter and store the key in one of the CPU’s internal registers, and the decryption algorithm you use can be run in a way such that the decryption code variables stay entirely in the CPU register set. If the interpreter also has an anti-burn-in algorithm for the key storage register loosing power or pushing a button kills the key and all the attacker gets is encrypted interpreter code and encrypted program variables.

I’ve used this interprater trick in the past in electronic locks, back when you could not get OTProgramable parts with memory encryption due either to export restrictions or eye watering price.

What ever your worries are about people decaping the chips and putting them on an apropriate work bench it will only be the tiny fraction of the resources they would need to actually get any results even if it’s possible to crack the encryption in anything aproaching human meaningfull times.

As for putting keys in remember that LEDs not only glow, they are light sensitive as well, thus you can use an LED as a bi-directional device, if you configure the circuit correctly.

Sancho_P May 7, 2015 5:55 PM

@ Benny

I do not believe in (big scale) industrial espionage.
Nope, they are not interested in technical details and mouse excrement.
Honestly, they don’t need to steal German ingeniousness, they can make their own mistakes.

What they are looking for is the big picture. Who talks to whom, where is the local web of bribery, is our informant trustworthy, who has how much potential, where and into whom to invest, where are the others standing, who is playing foul with us, what are the facts beyond the official script, …
Think of ECB, TTIP, the legal system behind EU, international contracts and so on.
Targets are important politicians, financial / business persons and “their” (whose?) informants.

So the list could be interesting, indeed, to identify some “agents”.
But there won’t be any official list because it’s not stored per definition.
Even Germans wouldn’t document their fault 😉

Figureitout May 7, 2015 6:57 PM

Clive Robinson
–One time programmable, I try to say memory and I mean that, or “an OTP” and I mean pad. I need to encrypt and mildly tamper proof it from the start, I didn’t do that w/ my PC’s now some 6 years ago, there’s something on them I can’t get off (I definitely want to see this HDD, which I’m probably going to remove and look into forensics firms) so I don’t want to make it harder to find . There’s some other conditions trapping me; I just have to let it go for now. And I can do an OTPad, pretty straight forward, but there needs to be a good purpose w/ some money behind it.

RE: magic sauce
–Neat trick, I really don’t get how encrypted code runs, but it makes me cringe a little; and if it backfires then I won’t know where certain important pointers are and memory analysis won’t help either. Yeah, don’t really like forth, couldn’t get used to it, basic is “ok”, pascal looks annoying, java meh. Prefer C/Asm. Seems like a nice way to brick a chip. I want to get the hang of chips better before I start playing w/ more abnormal setups too (and learning more toolchains…ugh so annoying); things make a little more sense, like certain starting points I noticed in different chips for memory (0xAA or 0x55).

I don’t have excessive worries about people decapping my chips, not my IP, I want to do it myself to verify orders (just a random sample so far from perfect…and still smaller structures maybe still hidden…) beyond superficially just via code and electrical measurements of a “black box” in the future. I do though worry about people breaking in and turning on my PC, and infecting it w/ a terrible malware on a chip I don’t know about. From observations of my laptop and PC’s, SATA controller chips and the Realtek audio chips are 2 areas I want to look further in.

RE: dark current
–Looked up that term, I think it describes what you’re talking about. Yes I still remember the guy that was getting enough dark current to keep the little device on when he turned it off! He only found this out when he turned off the lights…Nope nope nope…It doesn’t look like a lot of people have tried to get that down to basically 0 by putting more forward facing diodes behind the LED’s or diodes w/ an opamp facing towards LED and amplifying small currents; b/c they’re pretty trivial, but still…I don’t like it…

This is something like what I’m talking about, but probably wrong way to do it, maybe a chain of opamps w/ not photodiodes but maybe zener (got a bunch) or schottky (also got a bunch) or even just an transistor. [PDF warning] I can’t do a good circuit analysis w/ more components (can simulate, but not analyze by hand..) so I’m predicting many more blown components and bad designs in the future…

Benni May 7, 2015 9:39 PM


“So the list could be interesting, indeed, to identify some “agents”.
But there won’t be any official list because it’s not stored per definition.
Even Germans wouldn’t document their fault ;-)”

Indeed, today was the hearing at the german parliament’s NSA UA.

There BND tried to claim things like

File from 2013, how was the name?

Agent: There was no name
Who had that file?
Agent: The last whitness and I
What happened with that file?
Agent: File is gone
Since when?
Agent: Don’t know, my computer was scrapped
Are there any written documents?
Agent: No.

Were the selectors deactivated in Bad Aibling?
Agent: Yes, I think so
But for this you needed the file
Agent: No, we used a printout
12000 selectors on paper?
Agent: I don’t think so
This makes no sense….
The computer was scrapped why?
Agent: The computer was given me for that purpose. I have given it back

But one should note that they are only talking about their own files that they created to collect the inappropriate selectors. The agent then says that in his research he found 2000 selectors.

But a later search turned out to get 12000 problematic selectors.

So, yes, from this it follows that BND still has the entire selector list as a file.

But the answers of the agents are such that one thinks a good police raid of BND buildings whould be the right thing to so.

Germany’s domestic intelligence service has requested that now. In order to mount some countermeasures to NSA…..

Thoth May 8, 2015 9:05 AM

GPU rootkit + keylogger.


Quite our @Bruce Schneier, “Attacks always gets better”.

Normal software-based assurances are simply going to be much more weaker and trusted hardware would be so much more sought after but the fact that NSA and the Warhawk buddies have poisoned the security field so deeply, it is hard to decide what is the next step to take.

Are we going to make our own breadboard computing circuits or just live with it knowing that we have to simply let it be ?

Probably the first step anyone who has the slightest self-respect of sort would do is segregate their lifestyle into compartments. Know what they can post and they can do publicly and know how to take the trouble of separating entertainment computing devices from their very personal ones but it’s simply too tedious for most of us.

Gerard van Vooren May 8, 2015 9:23 AM

@ Clive Robinson

Now that David Cameron won, the discussion whether politics of fear and nationalism work is over. Netanyahu also won. This combined tells me that Jeb Bush is also probably gonna win. Realistically speaking, what do you think the consequences of this are gonna be for ‘safety’, the Middle East and the BRICs?

BoppingAround May 8, 2015 4:24 PM

[re: ‘safety’] Gerard, Clive,
I recall some hearsay about mandatory backdoors in Cameron’s election bidding. Cannot find anything on the Net (not that I tried hard, though). Perhaps you remember something?

Or was it ‘more surveillance’, not backdoors. Crikey.

Buck May 8, 2015 7:51 PM

@AlanS et al.

I’ve already said my peace in regards to Section 215… The Second Circuit ruling is most certainly symbolic. However, the timing is interesting if you take the following into account:

U.S. appeals court: No warrant needed for stored cellphone location data (May 5, 2015 – Ellen Nakashima)

A federal appeals court in Atlanta reversed itself in a ruling Tuesday[pdf], saying that individuals have no reasonable expectation of privacy in their historical cellphone location records and so the government needs no warrant to obtain them.

It definitely makes more sense for domestic LEO to have this power vs. the military; however, I can’t help but feel that this roundabout way of doing such has conveniently side-stepped a very uncomfortable public debate on the matter… (and obviously, the military is not about to give up this capability – no matter what any civilian court says)

rgaff May 8, 2015 8:15 PM

“no reasonable expectation of privacy in their historical cellphone location records” essentially means, everyone has ALWAYS EXPECTED to be lojacked by their phones and have every tom dick and harry agency and hacker watching their every move… and they just voluntarily carry around tracking anklets everywhere they go just because… really???

A lot more people expect it now post-snowden, sure, but not so much before…

Buck May 8, 2015 8:40 PM


A lot more people expect it now post-snowden, sure, but not so much before…

That’s a pretty good point, but what about those youngin’s who haven’t voluntary carried around a tracking anklet until after Snowden..?

rgaff May 8, 2015 9:20 PM

I’d also like to point out that this line of reasoning is saying “the government can do whatever shocking unexpected illegal thing it wants, as soon as it’s leaked, everyone knows about it, so then it’s ok and legal because then it’s ‘expected'”

Figureitout May 9, 2015 7:46 PM

RE: bidirectional current flow via LED’s
–Here’s the article I was talking about that, to ruin the surprise of the article, sunlight on a LED generates current via the “photoelectric effect” and this is keeping the RAM powered up basically as long as you have sunlight. It’s still slightly fuzzy to me precisely what is going on. I don’t see any reason why you couldn’t measure this current from the LED while device is powered off, and send a signal off somewhere via a monitoring microcontroller if this is a real issue for you. I unintentionally discovered basically this same bug or “effect” w/ a different device testing something completely different; we have some sort of light intensity device and some lightbulbs can have a pretty high intensity too; this would cause issues in a product that would make us scratch our heads. Frickin’ annoying.

So while I think it’s good to monitor data/power/clock lines w/ LED’s b/c it’s quick and easy for you to see(you’ll still want actual logs though anyway), what that tells an eavesdropper or other backfiring issues need to be considered. But attacks are pretty esoteric here, need line of sight mostly for these, I guess raid teams will keep bright spotlights to shine on and catch a suspect shutting down their PC and keeping power to RAM lol (wait a minute, is that what those helicopter spot lights are for?!–Mind:Blown–lol); pffftt…

Nice overview of the physics behind this from some “decent” engineering school:

Thoth RE: gpu malware
–Looks like it’s still being developed by team jellyfish (lol); bet a bunch of gamers will get this, sucks lol.

RE: breadboarding circuits for security
–Pretty fun/interesting, some people were going to do it anyway, just can’t always get good precision (like say 0 current leakage) and other layout/signal integrity issues w/ all kinds of freaky impedances and parasitic capacitances that makes me want to go nuts.

RE: segregating your life to stop an attack from reaching too deep
–It’s really good advice, I wish I started much sooner before I let the malware get too deep…Joanna Rutkowska had a good post on this (she maybe takes it a bit too far for most) how you can segregate your life and most random attackers getting “curious” at any stage can be shutout and hit a deadend looking for “ways in”, where you live, other intel, etc…

For instance, I now recommend, for ordering small parts, to go to a store that sells gift card credit cards, pay cash. Before setting it up, decide what you want to buy and use up the cash as quickly as possible so any carders getting your CC #’s won’t get jack, maybe some pennies and a lot of risk. Use a separate connection and name, and you’d need a random address on the fly to really make it strong. Make a decent password, and purchase. Problem is crazy fees you’d be paying to cringe visa and mastercard, etc. Paying that fee is worth it to me f*cking over carders, and potentially dealing w/ some targeted interdiction attacks.

But doing this is antisocial, and sometimes I’d rather chat or have something to talk about…otherwise just exist in silence and suffer the consequences of that choice…So another strategy is to just overwhelm w/ data.

Figureitout May 9, 2015 8:41 PM

RE: one more thing on bidirectional LED current
–One thing he mentioned was the low power needed to run the chip, I can confirm currents are pretty damn low to keep a chip on; not sure how the big chip companies do it. This is the “security vs. efficiency” issue again, if you have a chip that needs a straight amp or 500mA instead of the microamps the sunlight is providing, you won’t see this effect. So just raise the amount of power you need (and waste more of our resources) to run your computer and someone trying to wirelessly supply power to it becomes basically impossible, for now…

Nick P May 9, 2015 9:02 PM

@ Figureitout

I liked Joanna’s partitioning scheme minus the Vault: that should be on a dedicated system and physically protected. She trusts the software layer more than I do. The post is nice until she gets to sharing and strawmans that the government’s approach was to only worry about sharing in one direction. This just shows her ignorance of security engineering again, like when she implied kernel- & user-mode drivers had equal risk. The general-purpose solution in high assurance is a guard: a two-way device that performs thorough checks on communications. A narrow use case, collection for analysis, requires data to flow in but not out. Another, dissemination, wants data going out but not in. Her use case, aka a MLS or MILS policy, uses guards or “cross-domain solutions” to implement the desired policy at network layer. Separation kernels do it for endpoints. Telling that she still doesn’t know about this stuff despite me giving her plenty of examples in the past.

Then I was excited to see her bring up the issue of covert channels. Then she says she’s ignoring them between domains in the QubesOS. (WTF!?) She points out that they are an isolation scheme and what’s the point without integrity? I agree that integrity is a pre-requisite but intentionally allowing leaks to Internet-connected domains in an isolation architecture is self-defeating. That she’s ignoring them [for now] sets an upper limit on QubesOS’s security: EAL4+ (low-medium assurance). That’s because medium assurance (EAL5), which still makes tradeoffs, requires covert channels to be identified and mitigated to some degree. It’s extra disturbing given that commercial competition all attempt to address covert channels between security domains.

So, three fails at three, critical areas of system security. At least more accurate and helpful than A/V marketing. Still a good replacement for them if dealing with typical malware, preventing accidental leaks, or just for fun.

MarkH May 10, 2015 11:42 AM

I just caught up with the discussions here concerning hardware reverse-engineering and tamper-resistance …

On the subject of de-encapsulation (decap) of integrated circuits, Andrew Huang AKA bunnie* made a blog post about eight years ago, in which incidentally mentioned that he got a chip professionally decapped for $50 with a 2-day turn-around.

I suppose that the service is probably not slower or more expensive now. There are a number of labs around that specialize in semiconductor test, failure analysis, and quality inspection, equipped with all the tools and facilities to do this work. So, if you don’t want fuming nitric acid sloshing around in your house, there are good alternatives.

Another service available from such labs, is micro-resolution X-raying that can show you the detailed geometry of a chip. I’ve no idea how they can do that! I expect that it is MUCH more expensive than decap, however. A client of mine got a few board X-rays to diagnose a BGA soldering issue, and those comparatively primitive images were costly.

That being said, if you are sending smart credit cards and RSA fobs to such labs, don’t be surprised if they ask just who you are and what the hell you are up to 🙂

Whether you want to spend that modest money or not, you can be sure that any determined attacker has access to such capabilities, and WILL pay for them.

*If any of you guys DON’T know bunnie, you should: he is a hardware hacker par excellence, and at work on a laptop design with 100% open-source hardware.

Figureitout May 10, 2015 3:38 PM

Nick P
–Yeah, doesn’t make sense much in that regard of making a VM that doesn’t look out for covert channels between domains. Then again, having a product and constantly seeking “perfection” and having nothing is something to consider.

–Sounds nice, $50 is very doable. Neat hack by Bunnie, just tilting the UV light lol. Yes, we know who Bunnie (and xobs) is, some of us were concerned people attacking supply chains may hit their’s too.

OT: last thing on power going backwards thru LEDs
–Simple experiment tried out just now to confirm electricity coming into LED from light. Put LED on breadboard or just hook straight up to multimeter (+ to + and – to -, no need for going in series, just get volts), go to millivolts. Depending on how much light, should see something around maybe 20-50mV. Now put a black cloth on LED (should go to 1-5 mV or 0). Now shine a flashlight right on it (I was able to read around 1.3V w/ a more sensitive meter!). I don’t know the resistances of the wires (or the resitivity of the metal, or what metal exactly), it was too little to measure so I couldn’t get current.

Just fyi, I don’t really see a real hack (more just eavesdropping at the extremes) unless you’re getting silly.

Clive Robinson May 10, 2015 5:35 PM

@ Gerard van Vooran,

Realistically speaking, what do you think the consequences of this are gonna be for ‘safety’, the Middle East and the BRICs?

It’s difficult to say how bad it’s going to be, but I can not see any good whatsoever coming from it.

One way or another this is Camaron’s last term in office as PM, he’s said as much himself. While Pres BO atleast has a Nobel and is the first “black man” in office and Obama-care a flop, like Cameron he certainly has no real claim to fame politicaly and insuficient infamy either, so no mark in history for imortality. This tends to make such men dangerous because they want to leave a mark in everybodies memory as well as the history books.

Thus Cameron is almost certainly going to go ferrel in some way to avoid ignominy, the only question I guess is when and how.

He’s made it clear he either has no understanding of technology and just badly repeats the idiocy of others on the matter of privacy etc, or he is faking it to featherbed his future in some major way with those in the MIC or as after dinner speaker etc (like the crook Tony Blair).

Either way no good is going to come of it in either the short or long term.

The best we can hope for is legislation so bad that the courts will have little choice to null it via adverse opinion making sensible case law, or the likes of the CPS refusing to procead to court. However Cameron’s side kick Chris Grayling shows what contempt the senior party members have for the judiciary and legal process.

The one thing that is clear from his various actions is that Cameron believes his future is in much closer ties with the US corporates not the EU, and has not realised he is condeming the UK to get eaten alive by the US corporates…

Clive Robinson May 10, 2015 6:18 PM

@ Figureitout,

Just fyi, I don’t really see a real hack (more just eavesdropping at the extremes) unless you’re getting silly.

No, the point is the LED like many transducers is bidirectional. That is it’s like a DC motor that’s also a generator, or a small moving coil speaker that can act like a microphone. It’s function is dependent on the circuit behind it. Think if you will of a circulator used in simole telephony systems that take the bidirectional “2-wire” interface to the “4-wire” seperate TX and RX. If you ever played with early ethernet systems you will know they used such a circuit not just for transmit and receive but also to detect collisions and that the connection to the coax was defective.

Thus any little pocket gizzmo you make that has what most would consider a flashing power on LED could actually be talking to a similar unit.

One way to do it is to use a CMOS microcontroler and have the LED fed from a two resistor single cap T-lowpass filter from a bidirectional port pin on the microcontroller. Such circuits have been used as Class D drivers to control the LED brightness and to change the direction of current flowing in anti-parallel two colour LEDs for years. The other side of the LED gets taken to a second bidirectional status line and a resistor going to ground or VCC as a high impeadence pull up/down making the circuit look like a bridge driver for the two colour LED.

The trick is to make the first port pin an output that oscillates with a pattern that effectivly biases the LED such that it just goes up and down by a few fractions of a volt either side of the switching point of the other port pin that is actually being used as an input.

Any ambient light will change the bias point at that input, a simple tracking loop will follow the ambient light level. Depending on the loop time constant any high frequency ambient light changes will get seen by the microcontroller as serial data.

With a bit of skill you can make the loop track the mains frequency of any artificial lights then send short bursts of data at the zero crossing point.

Because of the nature of the human eye it is very unlikely to see such brief pulses of light.

Think of the setup if you want as BadBIOS for LEDs not audio.

Figureitout May 10, 2015 9:46 PM

Clive Robinson
Depending on the loop time constant any high frequency ambient light changes will get seen by the microcontroller as serial data.
–Goddamnit, that’s messed up; we can’t be having that. Well, I just messed w/ some diodes reverse biased (so the strip/cathode/negative end facing towards LED and the arrow facing towards LED in a schematic for people who want to know) and was able to get the voltage down to 0.5mV w/ no changes even w/ flashlight, a drastic improvement w/ a single 1N4007 (three 1N4148’s in series still couldn’t match performance of one 1N4007). Powering the LED required like twice as much voltage, like 5V (which I eventually blew out b/c it was changing colors and it was cool lol, and then a little blip and dead 🙁 ). Adding an RC filter behind that I got 0V w/ a 220 ohm R and a weird unlabeled capacitor (just 220 on it, maybe 220 uF?) that is supposed to act like a open circuit if it never charges up, which is what I think it was doing.

I don’t want badBIOS for LED’s, I want to kill it. I bet opto-isolated lines will also kill the current. Damn shame b/c this complicates something supposed to be simple.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.