Schneier on Security

mfp • July 11, 2015 6:41 AM

“It’s one thing to have dissatisfied customers. It’s another to have dissatisfied customers with death squads. I don’t think the company is going to survive this.”

The company never existed. The people that you find involved are innocents previously enrolled to put their face on it. And the software that we are looking at (“RCS”; I spend 10 minutes on github: a ruby lib and a bunch of OS cores… same arch of Nagios… but looks like a toy) is old and crappy.
I’ve been reading also some of the mailing because one of the people involved is an MP that I know (and I’m commenting on his blog: http://blog.quintarelli.it/2015/07/hacking-team-hacked.html ); and it’s pretty… timing is wrong.
It’s a blackop.

After I got nailed down by fake allegations and abnormal investigative procedures, abducted to Dominican Republic (fake job: got a big Christ over the head of my bed), escaped to Australia (fake school: got a huge MS-sponsored piece of toilet paper), escaped to Thailand (party, oh yeah, finally) … some of the italian security env (that I met in previous nerd camps) tried to enrol me about 3 years ago to ‘present their security tools’ saying ‘no worry, I write you the speeches’. I gently refused because I don’t present stuff I don’t know. And other details that smell bad.
But when they realised that I’m deeply against the use of personal data for any purpose (with very few, constitutional, exceptions; and if, and only if, other details are met) I got three probes on my devices… from italians… the first one by USB, the second one by SD, the third one by USB again… they popped up every time I changed my devices, since I moved out from a network managed in the traditional way (ie: Neurolinguisting Programming): turn off your internet connection if you stay in the room too much, make dramas in front of your eyes, etc.
Since then I got recorded in every telephone call, couldn’t buy a computer on the internet, my telephone calls from TH to IT were diverted and recorded (skype reinit of the driver at every sensible videoconference), and whatever profile manipulated in front of my eyes. I even got money stolen from my bank account (me in TH, transfer from ARG), ads in israeli language (and one popped up a few times here, we got drunk together… he bought me a bracelet ‘I love ladyboy’, I gave him one ‘I’m gay’… I’ve never told him that, when I was in AU, someone pushed a video of him advocating to go to China, because China is good and lovely), etc.
All this without being able to count on my GOV, my bank, or whoever with a big gun, because of their shit; I got a person in my embassy, where I went to be able to have a certified communication channel with the prosecutor office in charge of my case, bothering me with things that span between ‘you sell drugs’ and ‘your girlfriend is a bitch’ and finally… ‘you are a spy’.
EU already gave up on italian cases because of our (fake) judicial procedures; too much shit coming from Italy (and I can explain why).
I tried to contact other european embassys with no luck; what they do is sending strangers to interview without qualifying themselves.
I even went to have a look at the local UN HQ and there was a bunch of scammers in front of it… their sentinel made the mistake to be too much interested to my telephone calls… and in any case it’s not acceptable to bother them for this reason; in this area there are too many major problems of life and death, to spend resources on things like mine.
Then, ID theft; people from Italy asked me about supposed-to-be-mine accounts on LINE, Viber, WhatIsTheFuckApp … and it wasn’t me.

And they keep going even now. But local italians don’t have my GOV support any more; they started with classics (microphones and cameras).
Basically they don’t want to follow the rules for my trial, to not debunk the mess they’ve done, and the money they must refund, for all the false positives they manipulated.
Because have already been paid to Zuckemberg.

I’m scared to death, without money, can’t have a clean terminal, can’t work because of lack of civil right, background clearances, and a clean terminal; and even having the money to buy myself a flight, can’t backup anywhere.
I even finish the IDs that I can’t spread around me to hide (ex: original copy of Windows7; sim cards registered to me, on other’s mobile, etc).

Is there anyone out there that can fix this crap without killing me?

mfp • July 13, 2015 7:35 AM

This email pasted at the end of this message is interesting. He evaluates the differences between the US and the EU status quo; legal framework and the fact that all the major tech providers are based in US, ie: NSA can force those companies to include backdoors and be notified of 0-days before everyone else in the world; EU::IT cannot: european offices of american companies are… merely branches of the marketing and legal departments.
This allows NSA to have backdoors at no cost, while other national security agencies must collect them by other means (find, buy, wait for NSA to release to the allies, etc).

Quote: “On comparison with NSA, our road is uphill, but nothing can stop us”.

Then he foresee big business chances for companies world wide, because after Snowden nobody will trust american companies any more (Apple, Google, Microsoft).

Quote: “The end result will be a ‘usual suspect’ against whatever is designed and produced in US”.

Again: some of the names on those emails might be the wrong ones.
Consider them as a whole, Anonymous, and don’t shoot the messenger.
I have my own good reasons to believe that some of the names in those emails are a result of a nasty dragnet. Innocents dragged in, to cover other ops.
In any case, in all those emails I don’t see any illegal activity (by itself). A lot of ‘unappropriate jokes’ (racial, sexist, etc) but … no more unappropriate than reading their mail.

I’m also pretty disturbed by three facts:
1) After I started to comment this story, I can’t directly access wikileaks.org any more… I did it by (NL) proxy.
2) there’s no directory listing of those emails (DMOZ), search engine only (Google).
3) I couldn’t find this email searching it directly, it was at the bottom of another one containing the world (a surname) I searched for. Someone is using our searches to refine his job: is there any abuse@wikileaks.org ? If that address exists … who’s taking those signals? (I JOKE, DON’T WANT TO KNOW IT)

And that’s why about 1 year ago I got so much noise on my (bugged) terminal about ‘fucking american companies’.
And that’s why about 2 years ago I got so much noise on my (bugged) terminal about ‘fucking american agencies’.
And that’s why about 3 years ago I got so much noise on my (bugged) terminal about ‘fucking american gov’.
And that’s why since 4 years ago italians around me tried to settle me down off side track.
And that’s why since 5 years ago I got sued, cited, manipulated, etc; but my trial never stepped forward. Someone at that time (2009) wrote in a mail (with fake sender): “you are dangerous for us”.

They probably didn’t take into consideration the survival of people like me, italian, that “exist without skin color, without nationality, without religious bias”. They just “call us criminals”. And that’s why the psycochick in the italian embassy, 8 months ago, called me: “spy”.
And that’s why I targeted AISI (italian FBI), and AISE (italian CIA), since the beginning: spies calling me spy after spying me? “You build atomic bombs, you wage wars, you murder, cheat, and lie to us, and try to make us believe it’s for our own good [TO OVERRIDE THE JUDICIAL AUTHORITY TO USE US AS PISS POT], yet we’re the criminals.”
Nowadays, in all this crap, I’m asking myself: why the fuck NATO still exists? why the hell UN security council haven’t been randomized a bit to avoid this kind of trust problems?

mfp, over.

From: David Vincenzetti [mailto:vince@hackingteam.it]
Sent: Friday, June 14, 2013 08:37 AM
To: Alberto Ornaghi alor@hackingteam.it
Cc: ornella-dev ornella-dev@hackingteam.it
Subject: Re: Microsoft e gli exploit….

Molto probabile, caro Alberto.
Pero’ se ci pensi la NSA ha vita facile: obbliga i vendor a fornire informazioni, creare backdoor o backdoor che hanno le sembianze di una semplice vulnerabilità – mentre noi facciamo tutto in salita ma con il vantaggio che non ci fermiamo di fronte a nulla.
Il risultato finale e’ che ci saranno sempre più sospetti su quello che viene disegnato e prodotto negli US a discapito delle aziende tecnologiche americane. Tanto per cominciare, dubito fortemente che i governativi di altri paesi useranno ancora Microsoft o Google o Apple per le loro comunicazioni. E dopo i governativi seguiranno anche le principali aziende private.
C’e’ quindi un’enorme opportunità per terze parti indipendenti, e.g., un nuovo player svizzero.

David

David Vincenzetti
CEO

Hacking Team
Milan Singapore Washington DC
http://www.hackingteam.com

email: d.vincenzetti@hackingteam.com
mobile: +39 3494403823
phone: +39 0229060603

mfp • July 13, 2015 12:43 PM

@ Dr. No

‘Its either called rehab or its “go see a doctor”.’

Oh yeah! The Vitamin D people! Stalkers!

I’ve already seen a ‘fisiatra’ (doctors specialised in rehab). In 2010; when I turned on my gLatte+ rehab procedure; as a result of cops search and siege, and take down of my mail server. I locked everything in court, and quit; because an Irish said to me that rehab is for quitters.

After being sued – fake allegations, never got my trial – a ‘friend’ called me and gave to me the number of a guy that needed computer assistance. After a few mails, and a couple telephone calls, we went together to the Apple Store (Roma Est Shopping Mall) to buy him a brand new Macbook Pro, and within a few weeks we met two times more, to follow up: the first time in my home, the second time in his ‘office’. When I arrived there it turned out that his ‘office’ was a branch of S. Giovanni hospital, that in turn is in the same building of the second church of Rome; and he was a ‘fisiatra’. A rehab doctor. So I set him up with GPG, as he requested, and walk away, scared, crying.
And that was just the second chapter of the beginning.

Prequel: the ‘friend’ that called me offering that ‘job’ is a good guy but … ‘an underachiever’, as an arrogant american wrote a few decades ago about computer capabilities of the kids that got caught every single fucking day.
The ‘social club’ where me and my friend gathered was supposed to be building a grassroots wireless network in Rome called Ninux (.org) on the same track of Athens’ Wireless, Barcellona’s GuiFi, Berlin’s Freifunk, Seattle Wireless, Melbourne Wireless … David P. Reeds OpenSpectrum Manifesto … picopeering … ad-hoc networks… Locustsworld in UK (but I don’t like AODV); just to name a few.
Indeed, there were other activities going on in that shit hole (the social club); apparently. Just to make you an example: outside of that social club I heard of a chance of a job in Dominican Republic about wireless networks; so, when a few months later a guy from skype offered me the chance to do it, I went there. But there was no job; it was fake; it was another fucking ‘priest joke’ (another italian idiom). Abduction. And I found myself sleeping under the roof of 5 polish priests instead! Nice people, good mission, fair food, but… that’s not exactly what I’m trying to stay close to… it’s more what I’m trying to stay far from. And in fact, I setup 3 out of 6 of the wireless nodes, setup the server, gave basic instruction to a local guy, and walk away: the italian in charge want for me to setup a proxy to filter out porno and whatever they want to filter out… no way. The network must be content agnostic; digital encoding does the trick already. Neutral is the trendy word, nowadays.
Don’t count how many times I wrote ‘church’; I didn’t write them all to shorten the story; but that people is stalking me all the way to the caribbean, australia and asia.
In Rome is simply impossible to distinguish Italy from Vatican. Unless, you were born there, you studied latin, you got psycotested from the Vatican University when you were 8yo, choosen to be one of their future bright stars, and being stalked and robbed all your life.

Now, it is 2015. My ‘friend’ (the underachiever) is working for an historical Microsoft Partner based in Rome (Unidata) and… about my actual health. Well.

My father – that is my doctor, but not a ‘fisiatra’; a paediatrician, funny coincidences eh!? – came here (10000km far from home), about two weeks ago, and checked up me: everything’s good except for eyes (glasses since I was 6 years old), teeth (I can’t afford to fix them), and lungs (“I smoke like a Turkish”, another italian idiom).
Nothing that I don’t assess myself every morning.

The good side of this visit is that … he didn’t know anything about the ‘fisiatra’ from S. Giovanni! That was not one of his nasty tricks.
They all just gave for granted that the sick one, between the two in the implicit test of evaluation between two and each individuals, it’s me. The same you did, suggesting rehab.
Thank you for your com-passione, that in latin means ‘to feel together’; but my case is locked in court already. There’s no need of cum-passion, there’s the need to exec the process in court, and get one of the 4-only possible outcomes, that allow me to successfully quit the rehab.

When I say ‘Is there anyone out there that can fix this crap without killing me?’, I’m saying that I’d be grateful to anyone that can enforce judicial procedures over my case; a safe harbour for trial; that is what I was searching around the globe. Because in Italy the National Security took over the Rule of Law; so there are no fair trials any more.
I tried hard by myself … my version of the story is the only coherent with facts, but the only that doesn’t satisfy a huge amount of other fantasies. National Fantasies.
BTW, cum-passione, is the feeling I get any time some “three-piece psychology and 1950’s technobrain” goes behavioural, pointing out the need of rehab, for someone else. It’s the same arrogance you pointed your finger to, about ‘David Vincenzetti’.
I’ve never seen him; don’t know who he is; but that kind of arrogance is pretty common both in corporate and security envs; when the two envs mix, you get idiots on steroids. Psychopaths. Are you sure to feel good?

Because probably you’re right: I got sick in time because of all this Vitamin D acolytes in the world. I was fine before the ‘fisiatra’. You might be experiencing something similar but you still don’t know it! I didn’t realise that for years! I realised when I got a guy calling me vampire, and a few days later a sharpened wooden stick in front of my door. I was scared, so I went to study the ‘sistema endocrino’ and figure out that all this story of the VitaminD is just… bullshit. I didn’t make any bodhe/nyquist diagram but I’m pretty confident that my internal equilibrium is correct in this lifestyle.
But when my father came, a few weeks ago, he really want to go to have a walk on the beach; and he was pushy… so I start screaming about the VitaminD: ‘You came here to bother me about the VitaminD, The Sun, and all the rest of the bullshit? Eh!? You too!? Eh!? What the fuck… you’re a doctor, you know how it works, and you live under oath, you can’t damage a person, shame on you dad, shame on you…’. So, yeah, after 5 years of world wide mobbing, I got sick. And someone has to pay for this. HT maybe?

In any case, no, I don’t need a doctor. But thank you for your advice anyway. Appreciated.