Friday Squid Blogging: Dissecting a Giant Squid

Lessons learned.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on September 14, 2018 at 4:13 PM • 124 Comments

Comments

bttbSeptember 14, 2018 6:08 PM

Regarding Paul Manafort's plea deal today, from emptywheel, https://www.emptywheel.net/2018/09/14/the-objection-that-made-muellers-case/ :

“Start with Manafort’s [Trump's former campaign chairman] plea deal. When I was thinking of Mueller’s leverage the other day, I imagined Manafort might plead to the charges he did today, but that Mueller would also bracket off some of Manafort’s forfeitures — probably the $16 million that the holdout juror saved Manafort in the EDVA case. That didn’t happen — Mueller dumped the EDVA [Eastern District Virginia] forfeiture into this deal, so that Manafort will lose all of his thus far identified ill-gotten gains (he’s apparently swapping his Trump Tower apartment for one of the financial accounts, which means that the US government will soon own a Trump Tower property it has unlimited discretion to decide what to do with).
And unless he gets a downward departure for significant cooperation, he’ll do ten years…”

Links from twitter/emptywheel:

https://twitter.com/MitchellEpner/status/1040685270394396672 ; a “lawsplainer” on Manafort's plea deal

https://doc-0o-a0-apps-viewer.googleusercontent.com/viewer/secure/pdf/3nb9bdfcv3e2h2k1cmql0ee9cvc5lole/65gq8t9qsnee33hcc96gv8qivn97pe7r/1536965400000/drive/*/ACFrOgDFlXSPJymeNP6OfpCJdf6DxXKqkHclP4BCb6mUPpyjAn4EFN1bs_GvfkmD-YnsusB4QRZk6RM4Pfq8UjCGWf0dFCAiyPtgy3blhHylSJmGtmfNxAGK-5BYG0s= ; Manafort’s Cooperating Plea Agreement (pdf)

AlejandroSeptember 14, 2018 7:59 PM

"The four major U.S. wireless carriers today detailed a new initiative that may soon let Web sites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer’s phone and mobile subscriber account, such as location, customer reputation, and physical attributes of the device."

https://krebsonsecurity.com/2018/09/u-s-mobile-giants-want-to-be-your-online-identity/#more-45035

It's called "Project Verify".

I won't rant about another data/power grab by corporate America other to ask why is it every time the corporation wants to improve security, they take more of my personal data to use for any covert purpose they see fit?

In any case, once they have sliced and diced every conceivable shred of personal identity and boiled it down to a hash, what's going to happen when invariably a few or a hundred million users find their stuff has vanished....months ago never to been seen or heard of again?

What will be the penalty?

Right: NOTHING!!!!

Nick Weaver summed it up nicely:

“The carriers have a dismal track record of authenticating the user,” he said. “If the carriers were trustworthy, I think this would be unequivocally a good idea. The problem is I don’t trust the carriers.”

echoSeptember 15, 2018 1:34 AM

I have been avoiding the Skipral topic as there wasn't a lot of information in the public domain which could support a solid discussion. This interview with the suspects is new information. What bothered me is the kneejerk reaction from some politicians and media who seemed to have based their view on initial rushed clips of the interview not the full interview.

The full interview and a number of comments I discovered from people who have travelled and lived in different climates on the difference between conintental cold snowy weather and English more damp weather is plausible. I mostly discounted comment from people claiming Russians were stupid and couldn't havean interestin architecture or who dismissed possible grey but ligitimate business activity. I also dismissed comments claiming they were lying beause of their nervousness or "rehersed" narrative.

This could all still be a very clever plot. It could also be a situation all sides try to exploit either for proganda reasons or to use legimate enquiries to flush out whatever they can about each others security services.

I have some personal experience of "rogue authority" abusing power and manipulating the narrative, and lies and discrimination, and manufacturing evidence. I know "authority" committs perjury and covers up abuse and how incidents can be hidden within statistical averages so everything appears "clean" to an outside observer. It's very unpleasant as an individual ordinary to be caught in the crossfire.

https://www.youtube.com/watch?v=QcoEjwQ-jQg
Skipral Poisoning Suspects: Full Interview with English Subtitles

https://www.youtube.com/watch?v=jkwwUWNTCFQ
Machon: "Skripal case is effectively a trial by media"

https://theconversation.com/what-body-language-can-and-cant-tell-us-about-russians-accused-of-sergei-skripal-poisoning-103262
What body language can – and can’t – tell us about Russians accused of Sergei Skripal poisoning

echoSeptember 15, 2018 1:55 AM

https://www.standard.co.uk/news/crime/senior-met-officer-could-face-the-sack-for-using-whiter-than-white-phrase-a3936041.html
Senior Met Police officer could face the sack for using 'racist' 'whiter than white' phrase

The complaint involving the phrase “whiter than white” is among a number of claims levelled against officers in the Met’s anti-corruption unit in an IOPC inquiry codenamed Operation Embley. Allegations include racism, interfering in investigations and turning a blind eye to wrongdoing.

This is a hysterical headline which trivisalises and misdirects to create clickbait. I don't believe this helps. What is important isn't the use of a causal phrase which will set off the Eurosausage extremeists in UKip claiming an "attack on common sense" and "political correctness." The important bit is the hidden narrative of abuse and discrimination and corruption behind what I believe is a now a very well rehersed method of covering up malpractice.

I have commented on this type of thing from my own personal experience. The Met arenot the only police force up to these tricks nor the only state institition. This practice is widespread and pernicious and quite deliberate.

Over just the past few weeks I have been hit on in the street and out of the blue when returning home from shopping got a mouthful of sexual abuse from a young man, foreign ethnic extraction and a Flash Harry who really should have known better given his status and the opportunities he has in life. The police are no different only being expected to have greater responsibility and training which mitigates bad behaviour. There are gaps in policy and training and accountability which means in reality it's a constant fight to resist inadequate standards and this was before "austerity measures" so money isn't an excuse. This resulted in me being threatened and physically assaulted including being slammed into a wall away from survellience cameras and multiple attempts to block me giving an on the record statement under PACE conditions about state abuse including police abuse by police officers who actively tried to cover-up allegations and then cover-up allegations of their cover-up.

I still haven't heard back from the EHRC. If the EHRC is like other organisations I'm expecting a biased investigation which ignores the evidence they don't want to hear and a fob off. This is why I am acively planning for leaving the UK and seeking asylum in another EU country.

Randie R EnigmaSeptember 15, 2018 3:06 AM

This is an idea for a scheme where multiple encrypted messages are multiplexed together. At first sight it seems to have some interesting properties, but whilst I’m interested in crypto IANAC, so I thought I’d raise it here and let people who really know what they are talking about feedback on the problems with it, so I can learn from them.

The sender transmits a stream of data comprised of a random mixture of message blocks and “chaff” blocks.

Message blocks are message plaintext, plus a hash of that plaintext, all of which is symmetrically encrypted with a secret key, known to the sender, the recipient, and potentially disclosed to a lawful eavesdropper. Note that the symmetric cipher and hash used are arbitrary to how the scheme works, allowing the potential to support multiple cipher suites and/or to transition between cipher suites over time. If the message is longer than a block it is fragmented over multiple blocks (which the sender may choose to intersperse with chaff blocks or send consecutively).

Chaff blocks are random noise, which has been dutifully encrypted with the same cipher and symmetric key as the message blocks, thus allowing the random noise to be lawfully decrypted ;-) The recipient (or a lawful eavesdropper with escrow access) decrypts each block as it arrives, and checks the hash. If the hash doesn’t match, the block is ignored, otherwise the decrypted result is added to those received so far.

The decision of how likely the next block is to be a chaff block vs a message block is determined randomly by the sender, and the proportion of chaff to message blocks may be varied at will. Similarly the decision as to whether to transmit continuously (with periods of otherwise “dead air” filled with chaff), or sporadically to reduce the overall amount of data transmitted (which they might like to do if they are paying per byte for instance!).

Nothing prevents multiple message steams being sent together, each encrypted with a separate key. Without the key for any of the messages it is not possible to distinguish blocks containing that message from chaff blocks. Therefore the existence of any message can be kept secret, even if the keys for other messages are disclosed. Furthermore, not all valid messages sent need to have any intended recipient at all. For instance you might send the following messages “proceed north”, “proceed south”, “proceed east”, “proceed west”, “remain stationary”, and encode each with a different key, with only one of those keys having been shared with the recipient (the rest being decoys). Anyone brute forcing the key would then find all 5 messages, but would still be non the wiser.

Key advantages:
- Increased resistance to brute forcing, as a given key candidate cannot be rejected until you have decrypted and hashed all blocks.
- Whether a key is found by brute forcing, by hacking, or by disclosure, it only reveals a single message. Proving other keys don’t exist requires you to brute force the entire key space.
- A lawful eavesdropper can decode a message with their escrowed key, but cannot determine whether it is the only message included, as chaff packets are actually random data, or whether they are actually another message, encrypted by another key.
- If multiple contradictory “decoy” messages are sent under different keys then even in the event of a message being cracked then it would be hard for the attacker to deduce meaning.
- Somewhat reduces the information available to an attacker through signal analysis. For instance it increases uncertainty of the true size of any message being transmitted. Given a persistent connection it can obfuscate the time that real data is being transmitted. Using a broadcast channel different messages can be sent to different recipients without signal analysis being able to identify which of the potential recipients it is directed to or even how many messages are being sent.
Key Disadvantages:
- Chaff blos decrease soverall throughput (however note that this ratio can be varied by the sender at any time to suit their available bandwidth)
- Increased processing at both sender and recipient end
- Without a brute force of the entire key space you can never prove that you’ve disclosed all the keys, even if you want to (e.g. when wishing to disclose keys under duress scenario)
My cryptographic knowledge is limited, so I welcome feedback from those who know more.

echoSeptember 15, 2018 4:11 AM

https://www.theguardian.com/commentisfree/2018/sep/15/lies-russia-rt-salisbury-suspects-putin
Russia’s brazen lies mock the world. How best to fight for the truth?

More to the point, and though it sounds po-faced, to laugh at the RT interview is to risk collusion with it. Putin surely knows this alibi of his is absurd and easily debunked, and yet he offers it anyway. Part of that is the usual Kremlin trick: the weaponisation of doubt, throwing up enough chaff to enable Russia’s defenders to say the picture is unclear, the truth is elusive and no one can ever really know for sure.

I'm reading a lot fo shoty claims by the media about the Skipral case. What I am not reading is facts and analysis.

What also bothers me is the lateststudy claims that Brexit wasn't becuse of austterity but "complex factors". (I'm sorry I don't have a link to hand.) One of those factoes is the swing by Ukip from attacking the "liberal elite" to charming underpriviliged people many of whom, ironically, would be directly harmed by Brexit. The media played a huge role in giving thieir platform oxygen and created the problem it is now complaining about. My imrpession is the is a simialr whiff about mereging editorials about the fall of democracy.

Back to the immediatesubject I don't know what game the emdia is playing but it seems very content free to me and more emotional than anything serious.

ThothSeptember 15, 2018 8:04 AM

@Randie R Enigma

What you describe already exists in some ways or forms and it's just like the Rubberhose Filesystem (RHFS) in a sense.

The weakness of a RHFS is how convincing are your "chaff messages". If they are not convincing, you are pretty much into huge trouble.

The better way is to simply use a bunch of signing keys (this brings up Key Management issues) and then share the public keys with your friends. Negotiate a per-message DH or ECDH keypair, use one of the signing keys and sign the message DH public key and negotiate a message symmetric key to encrypt the message. Discard the DH keypair and symmetric key after use in whatever methods you know of after use (i.e. wiping memory locations).

This is similar to how the Axolotl protocol used by Signal works but the Axolotl protocol is much more complex.

If you are forced to spill the keys, it is just a bunch of signing keys and there is no way they can decrypt an encrypted message assuming the DH keypair and symmetric key has been securely discarded.

This also brings the issue of how to securely handle the temporary message keypairs and symmetric message encryption keys. Assuming a tamper resistant hardware is used to handle the security critical logic execution, or you manually walk the plaintext and ciphertext between air-gapped and energy-gapped machines.

RatioSeptember 15, 2018 9:00 AM

Edward Snowden Reconsidered:

This summer, the fifth anniversary of Edward Snowden’s revelations about NSA surveillance passed quietly, adrift on a tide of news that now daily sweeps the ground from under our feet. It has been a long five years, and not a period marked by increased understanding, transparency, or control of our personal data. In these years, we’ve learned much more about how Big Tech was not only sharing data with the NSA but collecting vast troves of information about us for its own purposes. And we’ve started to see the strategic ends to which Big Data can be put. In that sense, we’re only beginning to comprehend the full significance of Snowden’s disclosures.

This is not to say that we know more today about Snowden’s motivations or aims than we did in 2013. The question of whether or not Snowden was a Russian asset all along has been raised and debated. No evidence has been found that he was, just as no evidence has been found that he was a spy for China. His stated cause was the troubling expansion of surveillance of US citizens, but most of the documents he stole bore no relation to this avowed concern. A small percentage of what Snowden released of the 1.7 million documents that intelligence officials believe he accessed did indeed yield important information about domestic programs—for example, the continuation of Stellar Wind, a vast warrantless surveillance program authorized by George W. Bush after 9/11, creating legal structures for bulk collection that Obama then expanded. But many of them concerned foreign surveillance and cyberwarfare. This has led to speculation that he was working on behalf of some other organization or cause. We can’t know.

Regardless of his personal intentions, though, the Snowden phenomenon was far larger than the man himself, larger even than the documents he leaked. In retrospect, it showed us the first glimmerings of an emerging ideological realignment—a convergence, not for the first time, of the far left and the far right, and of libertarianism with authoritarianism. It was also a powerful intervention in information wars we didn’t yet know we were engaged in, but which we now need to understand.

JG4September 15, 2018 9:30 AM


JG4 is great-grandson of at least four economic/political refugees. I don't think that it is said often enough that putting a smart phone into a decent Faraday enclosure could solve eavesdropping, non-removable battery and location tracking. It should be noted that the accelerometers still could be active and implement a crude form of inertial navigation. I got lost in the imperial center city and missed attending one of the forums, so I've been thinking about getting a smart phone.

https://www.nakedcapitalism.com/2018/09/links-9-15-18.html
...
Windows 10 Now Warns Users Not to Install Chrome or Firefox ExtremeTech (furzy)
...
BPA-Free Plastics Are Just as Toxic as BPA-Laden Ones, Study Says. Here’s Why Fortune (David L)
...
People wearing virtual reality headsets have worse balance and increased mental exertion PsyPost
...
son of an asylum seeker, father of an immigrant
✔@doctorow
In case you're wondering: the #EU just voted to impose filters on all the text, audio, photos, videos, etc you might post. If you think this will help photographers or other creators, you don't understand filters.
https://twitter.com/doctorow/status/1039845484431519744
7:57 AM - Sep 12, 2018
2,251 likes | 2,015 people are talking about this

EU approves controversial Copyright Directive, including internet ‘link tax’ and ‘upload filter’ The Verge (Ron A)
...
Big Brother is Watching You Watch
Here’s How Your Unique Behavioral Psychological Profile Is Being Used to Manipulate You Alternet. Another reason, if you must use Facebook, to muddy your profile.
...
Massachusetts Police Tweeted a Screenshot—and Accidentally Revealed They’re Watching Left-Wing Activist Groups Slate (David L)
...
Tesla Autopilot Not Working After Latest Over-the-Air Update, Owners Say Jalopnik (Kevin W)
...

RatioSeptember 15, 2018 10:31 AM

GCHQ data collection regime violated human rights, court rules:

GCHQ’s methods for bulk interception of online communications violated privacy and failed to provide sufficient surveillance safeguards, the European court of human rights has ruled.

But the ECHR found that GCHQ’s regime for sharing sensitive digital intelligence with foreign governments was not illegal, and it explicitly confirmed that bulk interception with tighter safeguards was permissible.

[…]

The case concerned the interception regime previously operated by GCHQ. Updated regulations are coming into force under the Investigatory Powers Act 2016. The ECHR did not examine this legislation, which already faces fresh legal challenges. The judges considered three aspects of digital surveillance: bulk interception of communications, intelligence sharing, and obtaining communications data from service providers.

By a majority of five to two votes, the Strasbourg judges found that GCHQ’s bulk interception regime violated article 8 of the European convention on human rights, which guarantees privacy, because there were said to be insufficient safeguards, and rules governing the selection of “related communications data” were deemed to be inadequate.

The regime used by the UK government for sharing intelligence with foreign governments did not violate either article 8 or article 10, which guarantees freedom of speech. Not was there any evidence, the judges said, to suggest that the intelligence services were abusing their powers.

The legal challenge was triggered by revelations made by Snowden in 2013, which showed GCHQ was secretly intercepting, processing and storing data about millions of people’s private communications, even when those people were of no intelligence interest. […] Snowden praised the judgment, saying governments had been pursued through the courts for five years. “Today, we won,” he tweeted.

The tweet in full:

For five long years, governments have denied that global mass surveillance violates of your rights [sic]. And for five long years, we have chased them through the doors of every court. Today, we won. Don't thank me: thank all of those who never stopped fighting.

From the European Court of Human Rights:

That FAQ contains the following:

The Court expressly recognised the severity of the threats currently facing many Contracting States, including the scourge of global terrorism and other serious crime, such as drug trafficking, human trafficking, the sexual exploitation of children and cybercrime. It also recognised that advancements in technology have made it easier for terrorists and criminals to evade detection on the Internet. It therefore held that States should enjoy a broad discretion in choosing how best to protect national security. Consequently, a State may operate a bulk interception regime if it considers that it is necessary in the interests of national security.

That being said, the Court could not ignore the fact that surveillance regimes have the potential to be abused, with serious consequences for individual privacy. In order to minimise this risk, the Court has previously identified six minimum safeguards which all interception regimes must have.

The safeguards are that the national law must clearly indicate: the nature of offences which may give rise to an interception order; a definition of the categories of people liable to have their communications intercepted; a limit on the duration of interception; the procedure to be followed for examining, using and storing the data obtained; the precautions to be taken when communicating the data to other parties; and the circumstances in which intercepted data may or must be erased or destroyed. In the case of Roman Zakharov v. Russia, in determining whether the legislation in question was in breach of Article 8, it also had regard to the arrangements for supervising the implementation of secret surveillance measures, any notification mechanisms and the remedies provided for by national law.

(Empasis mine.)

echoSeptember 15, 2018 11:15 AM

https://www.theguardian.com/politics/2018/sep/15/ex-cbi-chief-paul-drechsler-lambasts-eu-leaders-and-uk-over-citizens-rights

The former president of the Confederation of British Industry has said European leaders including Theresa May should be ashamed that they have not guaranteed the rights of EU citizens in the UK and British nationals in Europe in the event of no deal on Brexit.

Here is another voice standing up against what is becoming an embarassingly obvious fact that the UK government is completely ignoring peoples rights. He also goes on to explain many of the advertised difficulties Brexit is supposed to solve are actually the fault of badly drafted UK legislation not to mention negotiating fantasies based on comparing apples to oranges.

Some politicians must think the rest of us were born yesterday. I really can't think of anything else which is polite to say about them.

stuxnet2018September 15, 2018 11:21 AM

Regarding the massive series of gas explosions near Boston this week, have any news or investigatory sources mentioned the possibility of PLC, SCADA, or other industrial control hacking?

I haven't found any mention of it so far, but I hope it's at least being looked into by investigators (who know what to look for).

Even if it was really just a freak overpressure situation, that shows massive flaws in the safety system, which may be more concerning.

k15September 15, 2018 11:41 AM

Question for Bruce: If an entity was created to protect people, when tech advances have made vulnerability easy to identify from afar, what would it be? If it doesn't exist, what keeps it from being created?

Also: given the propensity out there for willful or lazy misreading, I wish the title of your book was less attention-grabbing.

k15September 15, 2018 11:44 AM

In my comment I meant protecting individual individuals, although protecting infrastructure from vulnerabilities could be a part of this.

bttbSeptember 15, 2018 12:10 PM

@CallMeLateForSupper

Regarding: Have a nice day

"I have other plans. Sorry." or

No Thanks- I have other plans.

bttbSeptember 15, 2018 12:55 PM

Three more from The Guardian:

“Massachusetts police tweet lets slip scale of leftwing surveillance”
https://www.theguardian.com/us-news/2018/sep/15/massachusetts-police-tweet-leftwing-surveillance-boston

“Author of How to Murder Your Husband charged with murdering husband”
https://www.theguardian.com/us-news/2018/sep/15/author-of-how-to-your-husband-charged-with-murdering-husband

“Myers-Briggs personality tests: what kind of person are you?”
https://www.theguardian.com/science/2018/sep/15/myers-briggs-not-sure-youre-really-our-type-merve-emre-author-origins-validity-personality-tests

Clive RobinsonSeptember 15, 2018 1:04 PM

@ echo,

One of the reasons there is little currently about the two Russian's is that they are in effect being given enough rope...

Which to some extent they already have hung themselves.

As some readers will remember I was in Salisbury not long before the nerve agent was used visiting a Terry Pratchett memorial exhabition at Salisbury museum with my son.

As others might have surmised I have a suspicious nature and thus do CCTV finding as "standard OpSec" where ever I go, and have almost a sixth sense about them.

The museum is realy only accessable by walking past the Cathedral which actually is of major historic, architectural, and engineering significance. However as I pointed out to my son on getting to the museum in the morning there is CCTV every where a lot of it is non obvious. Likewise when we left for lunch we took a different route, again more CCTV. Likewise going back to the muesum for the shop we took a third route again more CCTV.

Thus if those Russians did visit the Cathedral there will be a record of when the arived at the station, the Cathedral and when they left and in what direction...

Thus at some point they are likely to talk themselves into making that noose around their own necks, if they have not already...

The best thing they can do is shut their mouths and keep them that way. Otherwise I suspect more evidence will appear in the public domain, in drips and drabs just to tighten the screws a bit more.

As has been observed "talking to the police" is not a good idea as you generally have nothing to gain and a great deal to loose. The same applies with regards the international media.

After all they have already confirmed they are the two people being sort by the police and that they were in the area at the time. Which cuts out a whole range of defence options if they ever do leave Russia and get hooked by either the EuroPol Euro Arrest Warrant or the Interpol "Red Notice" arrest Warrant. The later of which is not that easy to get in most cases unlike national warrants...

Gerard van VoorenSeptember 15, 2018 1:04 PM

@JF,

About Arjen Kamphuis, I saw him last year when he was speaking at the Eindhoven Technical University. A great speach! He is a very good at that.

OldFishSeptember 15, 2018 2:14 PM

@Randie

Not commenting on the overall idea, just a bit of detail. If your random data is of excellent quality why bother to hash and encrypt it?

VinnyGSeptember 15, 2018 2:46 PM

Geolocation parameter shift. I use a VPN that allows me to change apparent IP address origin. As a result of various web pages attempting to use my apparent geographic location in various ways to tailor the content I am shown, I usually get a sense of where I am expected to be even when I don't explicitly review it. Recently, there has been an apparent big change in the way that sites are analyzing this item. I typically choose "US East" as my location, and previously, most of the time I saw evidence that I was expected to be in NY City, or Metro Virginia, or NJ, or the like. About two weeks ago, that seemed to change, and I seemed to be presented with content as if I was somewhere in Western Europe (Netherlands or UK, typically.) For example, a recent search for an item on the Walmart.com site showed me shipping times to Netherlands. Yesterday, I pulled up the news.google.com site (I typically use Topix as a news aggregator) and saw that I was classified as being in UK. I did some research, and found that while my assigned IP address appeared to geolocate to Secaucus, NJ, the ISP shown for that IP was indeed based in England. My guess is that my previous observations were also attributable to the site using the ISP rather than the IP address for location information. Caveat - I'm pretty sure that my ISP is deliberately trying to scramble the relationship between the IP address assigned and the ISP "owner" of that address, but that doesn't seem to explain this behavior. I'm curious but clueless as to what this might mean. It seems to me to make geolocation even less accurate than it was previously, and that change seems to be to the disadvantage of the site or provider attempting to deduce location. Problem is, with all of Google's internet savvy, it's very difficult to believe that they would make this kind of change if it was not in their best business interests (with zero regard for my own.) My paranoia suggests that this change is somehow intended to make me less anonymous, but I don't see how. Has anyone else noticed this apparent change in behavior? Anyone care to speculate as to the motive or method?

RatioSeptember 15, 2018 3:01 PM

Documents reveal Salisbury poisoning suspects' Russian defence ministry ties:

Documents uncovered by investigative journalists have provided the first public evidence that the suspects in the Salisbury novichok attack have formal ties to the Russian ministry of defence.

British authorities have charged Alexander Petrov and Ruslan Boshirov with conspiracy to murder Sergei and Yulia Skripal and Detective Sergeant Nick Bailey. The former Russian spy and his daughter were found collapsed on 4 March; the police officer fell ill after trying to help them. Prosecutors say Petrov and Boshirov work for Russian military intelligence, which President Vladimir Putin has denied.

But a passport information dossier for one of the two suspects bears a “top secret” marking and a telephone number with the order “Do not give information”. The number, called by the Observer on Saturday, links to a reception desk at the Russian defence ministry, where a clerk said he would not speak with journalists or provide any information.

The documents were published by Bellingcat, an online platform that began with investigations of attacks in Syria, and the Russian investigative outlet The Insider. Both sites also specialised in uncovering information about Russian soldiers active in Ukraine since 2014.

Those Kenyans and their elaborate Russophobic false-flag conspiracy … whatsits!

Randie R EnigmaSeptember 15, 2018 3:28 PM

@Oldfish,

The comment about encrypting the random chaff was tongue in cheek (hence the smiley) - obviously you wouldn’t bother as random data encrypted is just more random data. Similarly you wouldn’t bother to generate a valid hash for it, because the purpose of the hash in this scheme is to distinguish message blocks from chaff blocks - ie only message blocks should have a valid hash.

RatioSeptember 15, 2018 3:46 PM

By the way, isn’t it interesting how someone who can’t stop commenting on “oppression” does mention the Petrov / Boshirov RT interview but then doesn’t bother with (or maybe doesn’t even pick up on) the subtext of the interview? That’s just so interesting and also *cough* totally unexpected. *cough*

Sancho_PSeptember 15, 2018 4:27 PM

@Randie R Enigma, Thoth, OldFish

Again it boils down to trust.
But who will trust you?

If your data is enc… no, let’s use the correct term:
... is not understandable / doesn’t make sense to [1], then you may be _politely_ asked for an explanation and the key.

Assume you present a (or “the”?) key, but part of the data is still not understandable / doesn’t make sense to [1]:
You are in the same trouble as at the beginning.

Provide another key and that second part makes sense but now it is not what they want to read …

You can’t win:
You are guilty because they know you are guilty.

[1]
I don’t know the correct term / word here, because this is not only regarding messages (data in transit), it is also regarding data possession (data at rest):
- Messages: It would be third party or eavesdropper (sender, recipient, third party and others).

But regarding data at rest on your harddrive or whatever:
- Is it LE, NaZZional Insecurity, the religious overlords, “the powers” or simply criminals?
I’d call it the adversary, invading my privacy (my data at rest is not their business).

How could you explain that the garbage of unused space on your HD or SD card (typical data at rest) is simply garbage and not the CP, bigotry or bomb plot they are looking for?

Alien JerkySeptember 15, 2018 4:59 PM

Just out of curiosity, I notice that this website uses Comodo as its CA.

Why is it not using Lets Encrypt?

Bob PaddockSeptember 15, 2018 7:46 PM

Anyone have any insights into why the Sunspot Solar Observatory, and Post Office on the same grounds, in Sunspot New Mexico was shutdown?
https://sunspot.solar/

"Association of Universities for Research in Astronomy spokeswoman Shari Lifson said Friday [Sept 6th] the Sunspot Solar Observatory, near Alamogordo, will not be reopening 'until further notice' due to an 'ongoing security concern.'" - https://www.abqjournal.com/1221034/nm-observatory-to-stay-closed-until-further-notice.html

Six other Observatory Webcams around the world went down for a while at the same time.

lots of nonsense about they saw ET or a Solar Eruption.

FBI is involved and no one is talking...


HmmSeptember 15, 2018 8:30 PM

@ Bob

"Security issue" is the official word. (testosterone?) Nobody really wants to speculate,
but the official spokesperson said it's definitely NOT aliens.

Exactly what an alien would say.. we're between trusting the g-men or possible aliens.
Damn. Why not snakes...

To me it looks like a cyberespionage type of target. That would be a weeklong FBI security issue. Sure wouldn't say much about it meanwhile, check. But I'm speculating and that's against the rules.

https://en.wikipedia.org/wiki/Drinker_paradox

HmmSeptember 15, 2018 8:39 PM

@ Clive

Link does not work. "chip caps" = mobo capacitors? Pizeo-acoustics by cap voltage monitoring?

If they can hear over the singing choir of my overclocked old-school crappy chemical caps, that is!

Measure/crap/disabled h/w countermeasure

Clive RobinsonSeptember 15, 2018 9:19 PM

@ Hmm,

Link does not work.

It's probably the repeated "%2520" in the URL try replacing them with just a space.

The "chip caps" are small surface mount devices that often look like a small piece of toffee with silver on either end.

With regards "capacitor plague" that was faulty "electrolytic capacitors" with many different "wraps" that apparently came from a major Taiwanese Company. But nobody is saying just which company it is...

When I design circuits I try and avoid using "electrolytic capacitors" due to the fact that all of them are probably the least reliable components on a board at the best of times.

Most of the time they are only good for around ten years of life before they need replacing. Back in the old days of "lead based solder" this was generally not an issue. But with modern RoSH "Pb Free" they put silver in the solder and this leaches the copper off of the PCB, so even with care you are likely to get damaged PCB tracks.

echoSeptember 15, 2018 9:45 PM

@Clive

I'm still waiting for the facts to arrive. With the Skipral affair there's a lot of static.

Oh, my security is Swiss cheese and I don't bother with any of that opsec. My opportunity-threat model is completely different.

ThothSeptember 15, 2018 9:52 PM

@Sancho_P, Randie R Enigma, OldFish

"How could you explain that the garbage of unused space on your HD or SD card (typical data at rest) is simply garbage and not the CP, bigotry or bomb plot they are looking for?"

That is how the Rubberhose Filesystem and it's variants fell short. One of the main variants widely use of RBFS is ... Truecrypt and it's derived variants with "Hidden Volume". Essentially "chaff data" and "actual encrypted data". There has been ways to analyse a Truecrypt and derived variants allowing attackers to guess if there is "Hidden Volumes" and such.

Whichever way, if you are found with "suspicion" whether you actually have or have not the actual information, you are in for some huge trouble regardless.

That leaves you with two choices, continual denial of data or simply give up because they would know how to put you through the paces to extract the very secrets from the deepest parts of your conscious minds with various techniques.

If it comes to that, this is where you can use a "unconscious knowledge" factor where you really do not know how to access the secret key(s) and the contents and by doing so, many of us including @Clive Robinson et. al. and myself have suggested many methods.

One of them is secret sharing of recovery key mat but this is not a huge problem for the attackers if they can locate all the key mat and extract the plain secrets and form it back.

How about hardware ? There are methods to attack hardware (including tamper resistant hardware) and there is essentially no single method of 100% guarantee.

A scheme built on just using "chaff" is not really a good idea by itself because this stuff has already been suggested and have ways to defeat in the past.

So, now assuming you are in the custody of the attacker (physically) and put through the paces, with two options to either give up and reveal everything or to continue to deny.

It is quite obvious that completely giving up is not the option you wanted according to your original post and so we will remove that option.

The other option left is continued denial and how long can you hold on before they reach deep into your mind and make you bend to their will. So this brings about the best method to not be able to spill secrets is to not have or know them in the first place.

The best way to not know them in the first place is to use a device you can suitably trust to some degree (and this opens another can of worms about hardware in/security) and the hardware is competent enough to produce the entropy needed for cryptography.

Additional methods like secret sharing via hardware backed methods and using air-gaps and energy-gaps, guards, pumps and so forth as @Clive Robinson have always mentioned is another way to ensure devices and hardwares have limited access to each other and backdoors and compromises on the hardware level is mitigated.

The use of obfuscation and secrecy by obscurity suddenly becomes somewhat viable as well and the "camouflaging" of these hardware containers in the most innocent looking items is another factor to consider.

Duress protection mechanisms like requiring a device to only be accessible under certain conditions (i.e. physical locations, specific timing, specific secret messages and other human and non-human "stimulus") to ensure that you layer as many "tripwires" as possible too. The breaking of any of these "tripwires" causing a zero reset of one or more secret materials are also taken into account and widely used in the military.

The main thing is to layer the defenses as much as possible and thing along the worst case scenario as much as possible.

The above is just a tiny abstraction of the many discussions of similar topic in nature that have occurred many times on this forum.

HmmSeptember 15, 2018 10:19 PM

@Clive

"When I design circuits I try and avoid using "electrolytic capacitors"

As would a woodsman.

"Most of the time they are only good for around ten years of life before they need replacing"

I love defying these estimates beyond credulity.

MarkHSeptember 16, 2018 3:28 AM

@JG4:

The inertial navigation capabilities inherent in a smartphone would, in my estimation, be limited.

Accelerometer data might, for example, help to narrow the possible paths a person carrying the phone might have taken through a well-mapped building.

If the phone has a decent magnetic compass, that might be combined with accelerometer data to make some estimate of outdoor movements, especially on foot.

Presumably, the compass could be defeated by a small permanent magnet on the Faraday cage.

But even with the best solid state accelerometers -- which would be overkill for mobile phones -- and gyroscopes, which AFAIK phones don't have -- inertial navigation over an extended time, especially where vehicle travel is involved, accumulates very large errors.

Clive RobinsonSeptember 16, 2018 4:34 AM

@ Hmm,

I love defying these estimates beyond credulity.

It's easy enough to do as the effective life of a standard wet electrolytic aluminium or tantalum cap is related to temprarure. Thus keep em cold and they last longer, but not to cold, as the electrolyte is often bassed on "water" or volatile organic solvents such as GBL[1] with low flash points and unpleasent side effects.

The problem is people want electronics to work where ever they go and 0-70 centigrade is frequently broken by many. Such as using in a garage in winter or on a sunlight window sill in summer. But humans are known to work from -75 to +55 degrees centigrade, and do daft things like fight each other.

It's why you don't find wet electrolytic caps in the likes of MilSpec kit. However the downside of non wet electrlytics is generaly price but it can be size or other efects such as mechanical expansion or contraction or much higher Effective Series Resistance (ESR) or even nonlinear effects. All of which you have to consider for "Space Qualified Parts". Usually these are solid tantalum surface mount parts, that also end up in small or high density consumer electronics like the ubiquitous smart phones, digital cameras, and wearables. Which is why Surrey Satellite Technology Ltd. (SSTL)[2] pioneered the use of low cost consumer electronics in space.

Thus reliability in use depends very much on your POV and usage.

All of which brings us perilously close to talking about "bathtubs" and mortality again ;-)

[1] https://en.m.wikipedia.org/wiki/Gamma-Butyrolactone

[2] https://www.sstl.co.uk

[3] https://en.m.wikipedia.org/wiki/Bathtub_curve

Wesley ParishSeptember 16, 2018 4:37 AM

@Bob Paddock

In these sorts of situations, it's usually because the scientists concerned have discovered the FBI's secret stash of weed and crack. It's their survivalist stash, ready for when civilization crashes and they can't get no satisfaction. Or deep fixes, or cheap thrills ... :)

And Mother Jones has turned up a real doozy of a story:

The Private Intelligence Firm Keeping Tabs on Environmentalists
https://www.motherjones.com/environment/2018/09/welund-private-intelligence-oil-gas/

Welund is part of a deeply controversial cottage industry of private intelligence firms that has flourished in recent years. According to one estimate, the global industry is now worth about $20 billion, and the agencies—sometimes with just a handful of employees—are popping up everywhere from Israel to Africa to the United States. Recent revelations have shown that Black Cube, an Israeli firm, gathered intelligence on Obama administration officials in an effort to undermine the Iran nuclear deal. Christopher Steele, the co-founder of Orbis Business Intelligence, another private firm, was responsible for the famous Trump-Russia dossier.

We don't know how lucky we are
https://www.youtube.com/watch?v=AYvMeT2GC14

Meanwhile, privacy advocates are growing increasingly alarmed about the Canadian government’s use of intelligence firms—especially after a recent request by the NEB for contractors who could evaluate security threats by monitoring social media on an even broader scale. In June, Ron Deibert, a political science professor at the University of Toronto and director of the Citizen Lab, which studies the intersection of technology and human rights, wrote an open letter warning that the hoovering up of massive amounts of data in the name of protecting critical infrastructure could have a chilling effect on free speech. “The system proposed…is inherently oriented toward mass data collection and analysis, and will, by definition, have significant collateral impacts on the rights and interests of individuals who pose no security threat,” he wrote. The NEB ultimately withdrew the proposal.

I'm reminded of the Pinkertons. They got a good press in Sir Arthur Conan Doyle's The Valley of Fear, and in the 70s film The Molly Maguires. Pete Seeger comes from a different angle - in his songbook, Carry it On!: A History in Song and Picture of the Working Men and Women of America, iirc, he discussed them as one of the nastiest forms of attack used by the bosses to prevent employees from protesting working conditions and inadequate pay.

Clive RobinsonSeptember 16, 2018 7:18 AM

@ Wessly Parish,

Don't put the 'd' and second 'i' in IoT

Ahh you mean the problem of the,

    Internet Defective Input of Thought

Issue that blights so many things.

JG4September 16, 2018 8:31 AM


Thanks everyone for the ever-helpful discussion.

@MarkH - I missed the compass issue, but I did think about randomly vibrating the phone to add a lot of noise to the accelerometer channels. In previous iterations, I may not have explicitly said that the enclosure can include audio and RF data diodes. The RF can be relayed to and from transmitter/receiver pairs elsewhere to do location spoofing. I'm sure that SIM card cloning is a much easier approach than transferring RF.

@Bob - Someone suggested here last week that, in essence, the FBI are sweeping the observatory for bugs. The remarkable sensitivity of the gear combined with proximity to White Sands makes it a useful tool for nation-state adversaries. The claim was that they had inserted a man-in-the-middle attack on the data flow. Search "Secret History of Silcon Valley" here and at Youtube for additional insight.

@Clive - Thanks for the tutorial on electrolytic capacitors. I probably didn't relate my disturbing realization that some capacitors are piezoelectric. I was probing a circuit/board and the voltage changed every time that I pushed on the copper foil. This in a very tightly regulated precision supply. The board was flexing, as was the capacitor mounted on it. A poor design choice for something rigidly coupled to an electromechanical servo. About 20 years ago, I got burned for about $100, a couple of hours of aggravation, and some smoke inhalation from the bad Chinese tantalum capacitors. I've seen it claimed that the US manufacturer knew there was a Chinese spy stealing from them and put poisoned information into play.

@gas leak discussion - I suggested automatic gas line shufoffs last year, but again, I couldn't find a purported earlier link. This was in close proximity to Clive's awesome story about high pressure sewage.

https://www.schneier.com/blog/archives/2017/09/bioluminescent_.html#c6759881
...
I think that I posted a link to a house that was blown to splinters with the suggestion that every house have an automatic gas shutoff valve tied to a leak detection system. Not surprisingly, the gas company quickly went silent on the topic just as in 2006.
...

@memristor discussion - Plenty of good and very recent articles are found with a quick search. I was surprised to find two to four years ago that Panasonic/Matsushita are using memristor memory on one of their small processors or microcontrollers. They call it ReRAM. I've commented on memristors before and I think that we will see more of them, even though HP abandoned their efforts to make servers with them. The ringleader went to one of the disk drive companies.

https://www.nakedcapitalism.com/2018/09/links-9-16-18.html
...

Google China Prototype Links Searches to Phone Numbers The Intercept. Well, I’m sure two-factor identification with one factor a phone number will never be used to achieve the same goal in this country. Because that would be evil.

Google Employees Are Quitting Over The Company’s Secretive China Search Project Buzzfeed. Leaving the dregs behind…
...

FEMA to test ‘Presidential Alert’ system next week NBC
...

Republican war criminals endorse CIA Democrat Slotkin WSWS. Torture is bipartisan!
...

AlejandroSeptember 16, 2018 10:57 AM

@JG4

Re: Google Grovels to China

Jack Poulson, former Google senior research scientist:


“I view our intent to capitulate to censorship and surveillance demands in exchange for access to the Chinese market as a forfeiture of our values and governmental negotiating position across the globe,” Poulson told Google bosses in his resignation letter."

I have to wonder if Google already has secretive yet similar cozy arrangements with the USA and other governments we simply don't know about.

Google and many other big IT names need to be reined in. They should be forced to become utilities under federal government regulation. Many of the usual suspects have simply gone too far with our fundamental rights and personal data.

Fat chance, eh?

Bob PaddockSeptember 16, 2018 12:31 PM

@JG4

FEMA to test ‘Presidential Alert’ system.

The question is why are they testing this now, as it has been around for a while?

https://www.fema.gov/emergency-alert-test :

“Presidential Alert”,

The test message, scheduled for 2:18 p.m. EDT on Thursday Sept 20th, will read: “THIS IS A TEST of the National Wireless Emergency Alert System. No action is needed.”

If circumstances, such as a major weather event, cause the IPAWS National Test to be postponed, the back-up date is Wednesday, October 3, 2018.

echoSeptember 16, 2018 12:47 PM

https://www.theguardian.com/society/2018/sep/16/councils-use-377000-peoples-data-in-efforts-to-predict-child-abuse

Councils use 377,000 people's data in efforts to predict child abuse. Exclusive: Use of algorithms to identify families for attention raises stereotyping and privacy fears.

This bothers me for a few reasons. In my experience UK authorities especially the police and social services do not listen to warning signals not to mention ignorign auditors reports and dubious legal practices. I'm also very cautious of a "social worker" making decisions in volume while gazing at a screen.

Readign aroudn the subjectsome of the linked articles at the end highlight reductions in life opportunities and increases in domestic violence as being responsible for a surge in protection orders and financial pressures. This leaves me somewhat puzzled how this scheme will help. The UK state sector focuses very heavily on first in first out throughput for least cost and very little on prioritising and quality. At the same time schemes for free school meals and affordable child care and sure start style schemes and funding for women's refuges have been axed. There are also issues with poor economic performance and social media.

AlejandroSeptember 16, 2018 3:28 PM

Re: “Presidential Alert”

If the president has the authority, power and right to issue a nationwide wifi alert, can he also summarily employ an internet "kill switch" to shut it down?


There was a big debate about the kill switch around the 2009-2011 era. I believe a bill was introduced giving the president that exact power, but it supposedly died. Or did it?

I would wager a large sum that one of the anti-constitutional Patriot Act genre laws does create a kill switch authority, or at least allows for some secretive interpretation to that effect. I think implementation of a "Presidential Alert" supports that view.

Does the kill switch exist?

(If it does there is some bureaucrat, somewhere, itching to try it out. Just for the power rush. I am sure of that.---What if the internet simply goes dead for awhile at the appointed alert test time?...hmmmm)

Anon Y.C. LeeSeptember 16, 2018 3:38 PM

@bttb: This should make you laugh

http://thehill.com/hilltv/rising/406881-lisa-page-bombshell-fbi-couldnt-prove-trump-russia-collusion-before-mueller


In short,

A) Three senior investigation figures say there was "no Evidence" for an investigation to be started.

B) Just a torrent of media leaks and off the record unatributed nonsense about a dossier. Consistantly blown up by the MSM.

C) The dossier was suprise suprise written by a man who so loathed and detested, the target of the dossier, that impartiality was clearly not present in the slightest amount. Which when he was rightfully ignored the man went completely overboard to the point of going postal, just to push a load of paid for unverified rumours, gosip and calumny.

So todays recipe "Take on pigeon loft, throw in one mange ridden male feline, shut the door and wait untill dust and feathers settle". Rinse and repeat as long as the media make advertising quota from a neo-cock fight.

anonymousSeptember 16, 2018 3:54 PM

@Alejandro
It depends on how the kill switch is implemented. Is it simply having USA government actors shutdown ISPs? Is it a virus that is made to infect all forms of technology and turn them off? Or maybe a virus that only targets select consumer OS/hardware combinations?

From the way that was wrote I suspect it is a virus that uses some ipc related to wifi drivers or software on all consumer devices to hack them and then do what the president wishes. Like display text in the emergency alert broadcast, or shut them down as a kill switch.

Anon Y.C. LeeSeptember 16, 2018 4:25 PM

@bttb: Or how about a chortle over

https://www.thenation.com/article/the-mueller-investigation-is-sending-people-to-jail-but-not-for-collusion/

With the clock still counting down on Mueller, all he appears to have found is good old corruption the biggest being in collusion with the US and Mueller himself*... It has been said "Corruption is like water unto a fish where politics flourishes.", and Special prosecutors to be just let it all flow by.

It would appear as Marcellus said long ago "Something is rotten in the state of Denmark.".

*

Christopher Steele, the former British intelligence agent whose DNC-funded “dossier” alleged a longstanding Trump-Kremlin conspiracy, has served as an intermediary for contacts between Oleg Deripaska and US officials. Deripaska even has a link to Mueller and the federal agency he once headed. In 2009, when Mueller was in charge of the FBI, Deripaska ponied up millions of dollars for a secret effort to rescue a captured CIA operative, Robert Levinson, in Iran. In return, the FBI—with the encouragement of Steele—helped secure a visa for Deripaska, who had been banned from the United States for alleged ties to Russian organized crime.

AlejandroSeptember 16, 2018 5:44 PM

The Kill Switch

There's only a literal handful of major internet and cellular providers left in the USA due to radical run amok mergers. But, ATT, Verizon, T-Mobile Sprint probably handle the vast majority of cell service.

There's been so many mergers with internet service providers it's hard to say which are still standing but Charter, Spectrum, Comcast, Time Warner come to mind. And, if they don't literally provide service they certainly carry enough freight they could disrupt EVERYTHING else.

Thus if this corporate handful cooperates, the technical options become available.

And, now comes a test of the Presidential Alert.

How is that NOT a test of the kill switch? The president issues an security alert ordering USA based providers to post an annoying red banner alert or send an equally annoying text message (with REALLY LOUD SIREN SOUNDS) stating, "THIS IS A TEST".

AND IT HAPPENS.

That means he has the authority to order just about anything including, 'shut it down'. Such an act postured in the name of security would instead of course be an act of terrorism on our own people. So let's hope it never happens. But, it seems, now...it could. And, there is a plan and method.

Some good news. It's really hard to shut down internet/cell services on purpose. The system is literally interconnected and distributed on a www....world wide web basis. So if 'USA-ISP' shuts down, some Canadian or Australian ISP would likely at least try to pick up the slack. And, I would like to think there are still an small handful of sane politicians and executives in this country who would try to stop something like that.

Meanwhile, the list of bad things that could happen is virtually infinite...shut down world trade, blow up the grid, cause world wide panic, etc....

I think this upcoming alert may very well be a test of the kill switch.

(I won't say how I hope it goes.)

Sancho_PSeptember 16, 2018 5:55 PM

@Thoth, re explaining garbage and chaff

I guess I’ve read some of these discussions but found them in part confusing. Probably that’s not a good topic for a forum.
You wrote:
“So this brings about the best method to not be able to spill secrets is to not have or know them in the first place.”

That sounds reasonable, but anyway I think here is a flaw:
Without “to have or know them” the data would have no practical value, under no circumstances you, the suspect, could make use of that stuff.
This is implausible in the context of possessing “secret” data (that is any data received, exchanged or generated - computer forensic will prove that down to the bit on the machine, thanks to our OSs).
So I’m afraid no one can deny to possess a secret in this situation.

Let me go back and start again in a slightly different direction:
Until there is a secret and a key then you will eventually spill the beans who has access to (the other parts of) the key or how it could be acquired.
(Be aware, the “who has access” is again in the domain of trust)

But if you had a secret (secret data) and absolutely no access to it - then it’s not “your” secret any more [1].

To say it more bluntly:
No access means it is of no value, to you as well as to others.

And probably herein lies the clue to a solution:
If the key mat can “degrade”, respectively has to be repeatedly reactivated in (relatively) short time,
then you have only to resist until …
After that point there is no key, respectively no secret, nada, just RND noise.


Taking it a step further this could point to a solution for the ever growing pile of “personal” data which have a “fundamental right” to be forgotten:

Very similar to our personal existence: Only very relevant parts, often cited, may survive, the rest will fade in the noise of the universe.

[1] No, I’m not thinking of key mat destruction by dead man’s switch, trip wire or on “false access”, because that would mean tampering with evidence in an ongoing investigation. I’d rather avoid any (active) action!

HmmSeptember 16, 2018 7:29 PM

@ Y.C. Lee

https://www.nytimes.com/interactive/2018/08/21/us/mueller-trump-charges.html

They can't bring charges on the "collusion" until the investigation is over, it would be the last domino to fall to bring final charges against Trump's inner circle with all branches investigated already. We all realize that yes?

But it's also a misnomer as people have already been convicted of obstruction, perjury, conspiracy, fraud, etc. Making the formal "collusion" case has all but been outlined in almost full view of the public. Now Cohen and Manafort are forced to cooperate, any lies would mean decades in federal prison for each of them and forfeiture of family assets. They are compelled to fully truthful and forthcoming, or prison. No 5th Amendment invocation, no pardons possible now. It's as airtight as it could possibly be and moving at remarkable speed. Trump's on record vouching for them, their records go back decades. There's no question they have serious, serious felony dirt on him. In the end there's really only one possible final outcome.

If he tries a "massacre" he'll just speed the process up significantly. I think it's checkmate.
The few forestalling options have been all but exhausted. Only Senate nullification remains.
I don't think that's likely once the full force of evidence is brought to bear. At all.

Randie R EnigmaSeptember 17, 2018 5:52 AM

@Thoth, Oldfish, Sancho_p

Thanks all for some great, thought provoking comments.

I agree that the plausible deniability would be a double edged sword, and that, even if you were able to demonstrate that you were using a documented protocol that calls for chaff to be included, it would still be impossible to convince a suspicious party that they had been given the last of the keys.

The discussion has been limited to the plausible deniability aspects so far. Does anyone have any views with respect to the other aspects? Do the limitations the scheme places on traffic analysis provide of any real world benefit?

Even if you chose to avoid chaff entirely, you could still issue multiple contradictory messages encrypted by different keys, and disclose all the keys to all of them to a lawful eavesdropper, and only one of them to the intended recipient. That feels like it might be useful in certain circumstances.

JG4September 17, 2018 7:00 AM


It isn't noted often enough that seeds are just programs for converting environmental inputs into food and medicine. It's not much more than 3 software companies who own more than half of the code running on your planet. Google, Apple, Facebook, Scamazon, Microsoft. They're itching to make it illegal to have your own software and illegal to have your own seeds.

https://www.nakedcapitalism.com/2018/09/links-9-17-18.html
...

Seed diversity is disappearing — and 3 chemical companies own more than half Salon

[...it's about time that ag chemical are delivered by precision robots - far cheaper and safer than air-dropping them]

How a Ragtag Group of Oregon Locals Took On the Biggest Chemical Companies in World — and Won The Intercept (OregonCharles). Important.
...

Russia is mocking us. First the Salisbury attack, then information warfare. Time to wake up Guardian
...

Novichok suspects’ drug-fuelled night of ‘cannabis and prostitutes’ at £75-a-night East London hotel just hours before Salisbury attack Daily Mail. That’s one thing I’ve always admired about Russian intelligence operatives: Their discipline.
...

Lisa Page bombshell: FBI couldn’t prove Trump-Russia collusion before Mueller appointment The Hill

...[They are constantly probing the limits of power with the aim of vaporizing your rights in a government blast furnace.]

Kansas woman told birth certificate wasn’t enough to prove citizenship for passport KCTV
...

VinnyGSeptember 17, 2018 7:19 AM

Randie R Enigma re: steganographic resistance - In the final analysis the outcome of spooks very much wanting access to your unencrypted information comes down the the legal accountability of said spooks and whether or not they have any shred of proper morality. Absent any such constraints, they can always slowly torture the subject to death (or the subject's dearest relatives - see Professor John Yoo,) noting everything the subject has divulged along the path. Considering what we now know of such spooks and their masters (again ref Prof Yoo,) imo this means your best defense is the hope that they don't want it all that badly, or that they think the same info is available at lesser cost from another party. Of course, if you think that there is a strong probability that the fuckers will kill you (or otherwise completely ruin your life) anyway, you might as well frustrate them to the bitter end...

Clive RobinsonSeptember 17, 2018 8:59 AM

Ahhh yes Professor John Yoo, what can one say about him that does not trip the naughty words filter.

Let's just say at best he was a "useful idiot" for a bunch of people that make psychopaths look good.

There is a saying up in Scotland about somebody being "What is left after you spit out the nuts when eating a Dundee Cake?.." to which the oft unsaid answer is "You get two piles, the first is nuts, the second is 5h1t"

RatioSeptember 17, 2018 9:00 AM

Dutch expelled Russians over alleged novichok lab hacking plot:

The Dutch government expelled two alleged Russian spies this year after they were accused of planning to hack into a Swiss chemicals laboratory where novichok nerve agent samples from the Salisbury attack were analysed, it has emerged.

The men were arrested in The Hague this spring as part of an operation involving British, Swiss and Dutch intelligence agencies.

The Swiss daily newspaper Tages-Anzeiger reported that the men were carrying equipment that could be used to break into the Spiez laboratory’s IT network when they were seized.

Isabelle Graber, the head of communications at the Swiss intelligence service, the FIS, said in a statement issued to the Guardian: “The Swiss authorities are aware of the case of Russian spies discovered in The Hague and expelled from the same place.

“The Swiss Federal Intelligence Service (FIS) participated actively in this operation together with its Dutch and British partners. The FIS has thus contributed to the prevention of illegal actions against a critical Swiss infrastructure.”

[…]

It is unclear why the two expelled men were in The Hague, which hosts the headquarters of the Organisation for the Prohibition of Chemical Weapons (OPCW). The Swiss Federal Office for Civil Protection said in June that the Spiez laboratory had been targeted by hackers said to be from the Russian government-affiliated group Sandworm. It is not clear whether the expulsion of the two spies from the Netherlands was linked.

Swiss call in Russian envoy to protest over spying:

Switzerland has triggered a diplomatic row with Moscow by summoning the Russian ambassador and demanding an immediate stop to espionage activity in its territory after Russian spies targeted a Swiss laboratory.

Sergei Garmonin, Moscow’s ambassador in Bern, was called to the Swiss foreign ministry in protest after Russian spies reportedly targeted a lab in Spiez that tested traces of the nerve agent used in the attack in the British city of Salisbury on the former Russian double agent Sergei Skripal.

The ambassador or a representative had been called in a total of three times since spring, the foreign ministry said.

It also emerged at the weekend that the scope of the alleged espionage against international institutions in Switzerland was significantly wider.

The Swiss attorney general’s office revealed that in March 2017 it had opened criminal proceedings into a cyber attack against the independent World Anti-Doping Agency, which is funded by governments and sports organisations around the world.

The decision to publicise the spat with Russia was unusual for Switzerland, which historically seeks to remain strictly neutral in its international relations and is host to many global bodies such as UN institutions and the International Olympic Committee.

Here’s some earlier Swiss and Dutch reporting. First from the Swiss newspaper Tages-Anzeiger (in German):

Bei der in den Niederlanden gestoppten Aktion ging es um mehr als um Angriffe übers Internet. Bei der Verhaftung ist gemäss Quellen, die anonym bleiben wollen, auch Spionage-Equipment sichergestellt worden.

Der Bundesrat ist gemäss Sprecher André Simonazzi über den Fall orientiert worden. Die Bundesanwaltschaft (BA) ermittelt. Bereits seit März 2017 führt sie ein Strafverfahren wegen des Verdachts des politischen Nachrichtendiensts – ursprünglich «in einem anderen Kontext», wie BA-Sprecherin Linda von Burg schreibt. In diesem Verfahren konnten laut von Burg später «in Zusammenarbeit mit dem NDB zwei Personen identifiziert werden»: die zwischenzeitlich in Den Haag Verhafteten.

And here’s the Dutch newspaper NRC Handelsblad (in Dutch):

De twee Russische spionnen die dit voorjaar in Den Haag zijn opgepakt, worden ook verdacht van „een cyberaanval” op het wereldantidopingbureau WADA in het Zwitserse Lausanne. Dat bevestigt het Openbaar Ministerie in Bern tegenover NRC en de Zwitserse krant Tages-Anzeiger.

[…]

Het Zwitserse strafrechtelijk onderzoek tegen de twee spionnen loopt al sinds maart 2017. Donderdag meldde het OM in Bern dat beide mannen verdacht worden van spionage-activiteiten in Zwitserland. Vrijdag volgde de bevestiging dat het gaat om een cyberaanval bij WADA. Omdat het een politiek gevoelig dossier betreft, is voor het voortzetten van het onderzoek toestemming nodig van de Zwitserse regering.

[…]

De Zwitserse ex-minister van Defensie Samuel Schmid onthulde in 2017 al in een interview dat Russische agenten geprobeerd hadden om een WADA-vergadering in Zwitserland te tappen. Een spionageteam had daarvoor zijn intrek genomen in hetzelfde hotel als de WADA-delegatie. Ook de commissie van het Internationaal Olympisch Comité (IOC), die de dopingpraktijken in Rusland onderzocht, had te maken met aanvallen van hackers. Het IOC is ook gevestigd in het Zwitserse Lausanne.

I’m old enough to remember when people said Switzerland didn’t have to worry about these types of things (least of all from from Russia, of course, because “bruh, Russia hysteria *LOL* ”) and some idiot would point to examples like the Spiez laboratory.

¯\_(ツ)_/¯

echoSeptember 17, 2018 11:30 AM

https://www.theguardian.com/law/2018/sep/17/ofgem-made-my-life-hell-whistleblowers-say-they-were-threatened-by-regulator

Britain’s energy regulator has been fighting to keep secret the claims of two whistleblowers who independently raised concerns about potentially serious irregularities in projects worth billions of pounds, the Guardian can reveal. The two men say Ofgem threatened them with an obscure but sweeping gagging clause that can lead to criminal prosecutions and possible jail terms for those who defy it. MPs and the whistleblowing charity Protect fear Ofgem is abusing its position and exploiting a law that was intended to protect UK national security – not a regulator from potential embarrassment.

I know from how I was treated that bureaucrats will abuse their position within organsiations to silence a person. It's not very pleasant. The police are known tocolude with cover-ups too. I have personally been threatened by a lawyer with police action for "harassment" and an injunction because I complained to the Ombudsman about discrimination. It's nonsense of course and a barristers I consulted with suggested it was indeed nonsense. Oh, and there is the lawyer taking a six figure bung off local government then promptly barracking and verbally insulting his client who was mean to be the beneficiary of this grant before quashing the case without even hearing the material details.

Daly says if Ofgem wins this legal battle, it would “have a corrosive and asphyxiating effect on the rights of whistleblowers in the energy sector and would create a binding precedent.”

Since when did tribunals create binding precendent?

“Ofgem adheres to its whistleblowing policy which encourages staff to report suspected wrongdoing as soon as possible, in the knowledge that their concerns will be taken seriously and investigated.”

Oh, yes. This would be the mandatory investigation policy if professional standards or behaviour which may cause abuse or falls below a standard which may cause reputational damage and then promptly goes walkies once, twice, and three times even when you quote the exact policy and provide a link to that policy via appropriate channels. I know this one too.

echoSeptember 17, 2018 11:51 AM

I believe this is what is called "the right stuff."

The woman who has accused Donald Trump’s Supreme Court nominee of sexual misconduct is prepared to testify in public before before the senate, her lawyer has said.

Appearing on CBS, Debra Katz, a lawyer for Christine Ford, a professor at Palo Alto University in California, was asked if her client would be willing to provide testimony in public before the Senate Judiciary Committee, the body that has been hearing testimony from nominee Brett Kavanaugh.

“She is willing to do whatever is necessary” to ensure the committee had the full story, Ms Katz said. “She’s willing to do what she needs to do, she’s willing to hopefully tell her story in a manner that is a fair proceeding.

“Unfortunately, what we’re already hearing this morning is that the Republicans intend to play hard ball, they intend to grill her.”

echoSeptember 17, 2018 1:53 PM

https://www.theguardian.com/society/2018/sep/17/data-on-thousands-of-children-used-to-predict-risk-of-gang-exploitation

All data has been pseudonymised, which means that anyone included in the model has their name replaced with a unique identifier such as a string of digits. A protocol specifying how information was to be shared said that those included would not be able to request their own information under the Data Protection Act on the grounds that pseudonymised data was no longer personal data.

Hereis another article on localgovenment using databases to predict abuse. This new item seems very nonsensical and worrying. What is to prevent this technique being used to delnk data from a persons identity and relink it later within another state organisation the data is shared with? Could this trick be used to generally evade FOI requests? Can it be used to flip ownership of personal data into data owned by the state? Who provided any legal advice and who else has access to the legal advice? What other datasets could this be applied to?

JackSeptember 17, 2018 2:49 PM

@Clive : I really hope there is some Complete Crap Tee Vee showing the way you walked after visiting that Cathedral.. Because who else but soviet KGB-assassins would visit some pile of old bricks ?

echoSeptember 17, 2018 3:30 PM

https://www.theguardian.com/commentisfree/2018/sep/17/rod-liddle-spectator-race
Editors have normalised hate, from Rod Liddle to Katie Hopkins
The publication of racist views is now permissible – and the print media is to blame

After I named and shamed the Independent a week or so ago Suzanne Moore, a journalist I don't personally like because she has form herself, has attacked the media and singled out the Independent for discriminatory views and "normalising" hatred. Beyond this I believe the media do bear responsibility for a toxic and unstable political environment which is putting strain on democracy and hightening security issues. By granting exposure to people like Steve Bannon and Nigel Farage and others who popularise and whip up extremist views they fuel a dangerous drift and manufacture a sense of depressing inevitability when this is not necessarily real.

Clive RobinsonSeptember 17, 2018 10:18 PM

@ Jack,

Because who else but soviet KGB-assassins would visit some pile of old bricks ?

You would be surprised just how many people do visit Salisbury Cathedral and not for religious observance or business reasons.

As I said it has merit to architects and engineers such as myself. Then there are the "twitchers" (bird watchers) keen to see the "wandering falcon" (peregrine falcon) the fastest creature in the animal kingdom. You will also find those with an interest in horology myself included go to view the historic clock mechanism. But there are also those with an interest in democracy, to see one of the best of the original "Grand Charters" (Magna Carta). Then there is the music with both a girls and boys choir on scholarships it is a center for musical education and there is art displayed in both the building and extensive grounds. One modern piece placed adjacent to a popular walk way had to be removed because the iPhone generation kept walking into it... My personal belief is they should have left it in position and augmented it with spikes, electric fences and similar, such are the menace idiot smart phone users are...

I could be wrong, but I'm guessing from your "pile of old bricks" comment that you've not been a visitor to a historic monument more than three hundred years old let alone one about to celibrate it's eighth century.

Although it's built on "marshy ground" thus has very shallow foundations it was constructed with 70,000 tons of stone, 3,000 tons of timber and 450 tons of lead... Bricks were kind of not included.

Oh and because it's built down low adjacent to the river rather than up on a hill it was built with both a high tower and spire so people could see it from great distances for navigation. Unlike others spires that colapsed it received restorative work from Sir Christopher Wren[1] and thus still survives and is now the tallest church spire in England.

Within the grounds there are several other places of interest including the museum I mentioned and the home of Ted Heath, who was the British Prime Minister musician and sailor who took the UK into what was then the European Economic Community, which has since become a political union the UK is now trying to leave via the "Brexit" process.

So there are plenty of reasons to visit the Cathedral and it's grounds over and above the fact it is a very peacefull and beautiful place to sit and rest whilst eating your lunch or similar.

Oh and even those with other beliefs have reason to visit, but I'll let you look up the vexed "chicken and egg" arguments over ley lines and similar. That do not fit in with the plesant notion of G.K.Chesterton's "The Rolling English Road",

    Before the Roman came to Rye or out to Severn strode, The rolling English drunkard made the rolling English road. A reeling road, a rolling road, that rambles round the shire, And after him the parson ran, the sexton and the squire; A merry road, a mazy road, and such as we did tread The night we went to Birmingham by way of Beachy Head.

https://www.poetryfoundation.org/poems/48212/the-rolling-english-road

[1] Sir Christopher Wren famously planed the rebuild after the great fire of London and was appoited by Charles II to oversee the "public works" rebuild which included fifty one churches and St Pauls Cathedral. Besides being a quite well known architect and what we would now call a physicist or materials scientist he was also an anatomist, astronomer, geometer, metrologist, meteorologist and much more. As a contempory of Sir Isaac Newton he possed the question that brought about Newton's most famous work. He was also responsible for the lectures and meetings that gave rise to the Royal Society and was later it's president. Many of his contempories regarded him as a far better practitioner of the scientific arts than Newton. Thus was probably "one of the shoulders". But many misunderstand some of his works. The "Monument" to the great fire of London is a tall doric column that many people visit and climb the stairs of each year, not realising that the reason the steps are shallow at just six inches is because it was designed by Wren and Hooke to do barometric, gravitational, and pendulum experiments as well as being a zenith telescope not just for astronomy but also the setting of local time. Not often seen is the underground laboratory in it's base for the experimenters to work in. Likewise the dome of St Paul's is actually not a dome but a hidden brick cone reinforced at the base with a wrought iron chain set in a masonary grove and sealed in with lead. An outer wooden structure faced with lead and an inner false ceiling give the impression of a dome, but at a considerably reduced weight. Whilst Wren got it right he could not forsee what would happen to undermine his work some century and a half after he had designed it. Even today his work is still under attack by tunnlers undermining and shifting the foundations, such are the needs of modern cities.

Clive RobinsonSeptember 17, 2018 10:40 PM

@ echo,

Editors have normalised hate, from Rod Liddle to Katie Hopkins The publication of racist views is now permissible – and the print media is to blame

Oh if only it were just the editors of MSM etc.

Sadly it's not, various ministers and politicians have actively encoraged or participated (Lord Sugar being a throughly umpleasant minor example that should have been striped of his titles for his tweets expressing his views with Nazi images).

In effect it has been encoraged by the powers that be, to be the "new opioid of the masses". In effect to distract us away from other rather more important issues. Such as the complete mess the current encumbrants have made of the country and appear determined to sink "The unsinkable aircraft carrier" that the UK once was.

hMMSeptember 18, 2018 1:35 AM

@echo

I agree about the right stuff.

Ford being taken seriously is evidence I think of non-superficial change from "the way things were" with major parallels to the Anita Hill/Clarence Thomas of the 1990s, and the nation and indeed world are watching to see what she has to say. Through Senator Feinstein she has forestalled and perhaps mortally wounded an unstoppable lifetime appointment to the highest court, one whose past unabridged opines have called major portions of law into question. Whistleblowing is patriotism. Never waste it.

Clive RobinsonSeptember 18, 2018 6:39 AM

@ Alejandro,

With regards "Project Verify" and Nicholas Weavers comment of,

    “The carriers have a dismal track record of authenticating the user. If the carriers were trustworthy, I think this would be unequivocally a good idea. The problem is I don’t trust the carriers.”

I think he's wrong there.

The reason is simple, if not the carriers then "Who can be trusted?" and importantly "How can they be trusted?" and "Why can they be trusted?".

You need to roll those questions around a bit but you will come to the conclusion with the "Why?" you have no leverage against a third party nor do they in turn have leverage against a fourth party like the US Government IC and LEO entities. Worse they have a host of your second parties to play with as well. Put simply it is a "too many faces in the crowd for you to point a finger at" issue which effectively removes any chance of legal action. Which is certainly neither "good" or "unequivocal"

But that brings you around to the "How?" question. That is what secure "methods" are in place and importantly are they immune to insider attacks? I've yet to see a three party system where that is the case and you would need that for "unequivocal" to be the case.

Thus there is never anything "unequivocally a good idea" about authentication systems especially those operated by Third Parties without 'real skin in the game' beyond that which would stop a fourth party gaining access.

Bad as passwords are they are in effect a "two party" token authentication system where both parties have "skin in the game".

Thus if a two party system with more "token" security than passwords could establish a "trustworthy" authentication channel prior to authentication or the authetication token is immune to evesdropping and replay or MITM attacks then a two party system would be considerably better than a multiparty system.

JG4September 18, 2018 7:07 AM


Thanks for the continued helpful discussion. Just for the record, the reason that I've been here for most of ten years is to publicly shame Blue Cross for sending birthdates and social security numbers in "encrypted email." That is, encrypted with the password in plaintext in the same message. Expletives deleted for civility. I got the same stream of bu115hit that "our system is secure," and worse, "is HIPAA-compliant." Sadly, the HIPAA standards are so pathetic that they are correct. Bruce generously told me that "stupid company stories are a dime a dozen." I have seen Allstate get a similar system to work appropriately - with the password conveyed in a separate channel. Whether the keylength was correct is a question that I can't answer. I am now dedicated to shaming the utilities and insurance companies into recommending automatic shutoff valves for gas lines.

https://www.nakedcapitalism.com/2018/09/links-9-18-18.html
...

Ajit Pai calls California’s net neutrality rules “illegal” ars technica
...

New Cold War

On Putin’s time-traveling assassins (and other huge holes in the Skripal poisoning “case”) Mark Cripsin Miller (furzy)

Russia reveals the MH17 ‘smoking gun’ Asia Times (J-LS)

...
Big Brother is Watching You Watch

Amazon Plans To Release At Least 8 New Alexa-Powered Devices, Including A Microwave, Amplifier, and In-Car Gadget CNBC

Speculation over fate of missing Dutchman linked to WikiLeaks Guardian (furzy)

GovPayNow.com Leaks 14M+ Records Brian Krebs (Brian C)
...

“The Department of Justice Is a Hydra”: Trump’s Witch Hunt Drives the Deep State Underground Vanity Fair (furzy). Help me. We are supposed to feel sorry for spooks.
...

Justice Department Attempts to Suppress Evidence That the Border Patrol Targeted Humanitarian Volunteers Intercept (UserFriendly)
...

RatioSeptember 18, 2018 9:00 AM

@Sancho_P,

Writing my previous comment yesterday I saw your response to my two examples of Swiss “Russia issues” two weeks ago. Better late than never…

Oh I am shocked! The Swiss have met a Russian! My Ricolas likely poisoned!

You’re not shocked, the point wasn’t that a Swiss had met a Russian, and your Ricolas are just fine.

Here’s the second sentence of the Tribune de Genève piece, talking about Victor K. going to Moscow on December 27th, 2016: “Ce n’est pas la première fois pour ce spécialiste de la Russie à la police judiciaire fédérale (PJF).” The same sentence in the Tages-Anzeiger is more direct: “not the first time” in French becomes “oft” in German (“often”). He’d been to Moscow many times, being a Russia specialist and all that. Even if you only read the bit I quoted from the Daily Beast it’s so blindingly obvious that the story is not “a Swiss had met a Russian” that I’ll congratulate you on the effort and determination it must have taken to still take it that way.

Right, the Reds again.

You realize my “Reds everywhere” was just echoing you mockingly saying that earlier? Nobody had mentioned Russia this time, but luckily you bring up “Russia” so we still get our daily dose.

But our “reports” and “warnings” are always unspecific. Reading them I smell manipulative efforts, not information. This is why I tend to be unconvinced. Give me more. In dubio pro reo.

Media reports on a court case and something of a diplomatic spat involving a country that just two weeks ago had no real enemies (by your own estimation) and we’re looking at manipulative efforts, not real information. No hay peor ciego…

There’s more in my comment above and here’s some more from Tages-Anzeiger (in German):

Not convinced? Take another look in a couple of months, or years. Or wait for more information to discard. It’s your analysis, not mine.

I don’t remember how many Russians I met, shook hands, even worked with. People like you and me. Both, good and bad ones. And what? Did or do they control me? OMG.

Nobody, certainly mot me, suggested anything of the sort. This is just the dumb “Russophobia” as a straw man.

To influence media (accredited “investigative” reporters), and the medium (Internet, by bots and filters), this is the power’s way to inform the public. Their pravda.

IMHO it sounds like your discovery that the media is a toy for the powerful to manipulate you and me may be affecting how informed you are about what’s going on in the world (e.g., in Switzerland).

By the way, does this attitude extend to the media our host links to? For example, the most recent example is a Snowden document in The Intercept. Is that a manipulative effort? Are you waiting for more information? Or are you convinced? Do you insist on giving the NSA the benefit of the doubt? Who are the powerful people suggesting what you should think?


Look, I get it: the Russia hysteria is annoying, and you have some reservations (to put it mildly) about what is, and what isn’t, reported in the media. But the mirror image of that is not much better: the apologetics, the denials, the whataboutism, the gaslighting, etc. you get from various people here is hilarious to me, but others seem far less amused and react quite badly to it.

A recent example was a discussion where the jury in Paul Manafort’s trial in the Eastern District of Virginia supposedly had decided that the charges related to Russian interference had no merit (palabras más, palabras menos). I don’t even want to know who came up with that pile of dumb, but it’s obvious that whoever it was knows nothing about the case or is straight-up lying. How do I know? Easy, I’ve actually read the superseding indictment. Just search for “Russia” and you’ll see the problem…

Another example?

Q. How does Russia launder money into America?

There is a pause and a smile and a laugh, and another pause and you KNOW what is coming next.

A. Everything I know that's interesting I can't tell you.

Ooohhh, how telling. So very mystery. Much fake news!

Except, if you read the final paragraphs of the article I quoted in my previous comment (Dutch expelled Russians over alleged novichok lab hacking plot) you’ll see this:

Meanwhile in the UK, the National Crime Agency has “significantly” stepped up the hunt for dirty money linked to the Putin regime since the Salisbury attack.

“We have put a significantly increased focus on this work”, said Donald Toon, director of the NCA’s economic crime unit. He said the focus was on “illicit assets and the assets of corrupt elites”.

Toon called on private schools to report fees possibly being paid via dirty money, and he said some lawyers and accountants were under criminal investigation for knowingly helping launder money in the UK.

The NCA has increased its estimate of the dirty money flowing through and in the UK from £90bn to hundreds of billions.

And if you’ve been paying attention you may have come across articles like this one about Danske Bank in the Financial Times titled “Russia-Linked Money-Laundering Probe Looks at $150 Billion in Transactions”:

Denmark’s largest bank is investigating whether companies with ties to Russia used it to launder money, examining $150 billion in transactions that flowed through a tiny branch in Estonia, according to people familiar with the matter.

The $150 billion figure, covering a period between 2007 and 2015, has been presented to the bank’s board of directors and would equal to more than a year’s worth of the corporate profits for the entire country of Russia at the time. The flows would have stayed in the branch for only a short time before leaving Estonia, according to a person familiar with the investigation, so they might not show up in deposit statistics, which reflect the balance at the end of month and not from day to day.

Danske Bank investigators haven’t determined if the entire amount should be deemed suspicious. But such a large flow of money suggests that roughly $8 billion of suspected money-laundering transactions previously reported by a Danish newspaper could grow higher.

[…]

Washington has watched illicit money flows channeled through European-regulated banks to the West. In February, the Treasury Department declared Latvia’s ABLV bank an “institutionalized money laundering” operation where weapons dealers and corrupt politicians from former Soviet Union countries sent their money into Europe. ABLV denied knowingly laundering money and later collapsed.

In 2017, Deutsche Bank agreed to pay nearly $630 million to settle investigations by U.K. and New York regulators into Russian equity trades that transferred $10 billion out of that country in violation of anti-money-laundering laws.

[…]

Estonia, a former Soviet Republic of 1.3 million people, became a European Union member in 2004 and joined the euro in 2011. Like its Baltic neighbor Latvia, it quickly became a way station for funds from other former Soviet states. The $150 billion figure is a substantial sum considering Estonia’s entire banking system reports total deposits of €17 billion ($19 billion).

At Danske, clients would typically move funds among several companies with accounts at its Estonia branch before transferring the money to accounts in banks in Turkey, Hong Kong, Latvia, the U.K. and other countries, one of the people familiar with the investigation said.

I could go on and on (and mention shell companies and real-estate, for example), but I hope you see how incredibly dumb those types of comments look to anyone who’s even slightly paying attention to anything.


Again, all this is not to say that the idea that Russia is behind everything that happens is the product of careful observation and profound analysis. (For one, that obviously can’t be true because that’s why the CIA, Mossad, and Illuminati exist.) But maybe the other extreme isn’t so hot either.

To be clear and since I have commented less on suspicions about Russia these last two years than some people do in a single comment, here are some topics that have come up here were Russia is supposed to be involved and how I see it: Crimea? Yes. MH17? Yes. Dems emails in 2016? Duh. If I’m not mistaken even Binney has moved on from the “disgruntled Bernie supporting insider” silliness. The “Trump-Russia thing”? I think Trump & Co. are toast, but I bet someone last year they’d be sunk by this fall and that may have been a bit optimistic. We’ll see. Salisbury? Duh. What else? I think those are the big ones…? Be sure to call me out on my spectacularly crappy analysis once I’ve been shown to be wrong and include a link to this comment. ;-)

ScaredSeptember 18, 2018 10:23 AM

The FEMA presidential alert test has been post postponed to October 3rd.

Weird, how complicated can this be, or do they think it'll take 3 weeks to talk him out of signing the message "MAGA!"?

https://www.cnn.com/2018/09/15/politics/fema-presidential-alert-trump-emergency-test/index.html

Interesting detail here:
https://www.nbcnews.com/tech/mobile/fema-s-presidential-alert-test-postponed-some-americans-want-disconnect-n910406
"According to Scott, the WEA is an intrusive alert system because it stops all forms of communications to your mobile device while the alert is processing."
So... a short term kill switch... ?

vas pupSeptember 18, 2018 11:53 AM

Who's afraid of Artificial Intelligence in China?
https://www.dw.com/en/whos-afraid-of-artificial-intelligence-in-china/a-45546972

"This is just the beginning. China recently published its first AI textbook for schools, written by SenseTime founder, Tang Xiaoou. That new development plan specifically calls for AI-related courses to be set up in both primary and secondary schools. So it's got education firmly in its sights."

"China's AI dev.plan states two other things as goals. One, that AI research can be open source - open to inspection and collaboration. And two, that the country needs to develop an ethical code of conduct and "strengthen the assessment of the potential hazards and benefits of AI."

The whole article is informative including links inside.

echoSeptember 18, 2018 2:32 PM

@Clive

Your comment in the VPN topic about tipping points and security snake oil? Phone manufacturers can't be as useless as manufacturers of ice grips for high heel shoes. I am not joking! I discovered these life threatening contraptions on EBay. I'm not convinced selling them in pink makes them any better.

I really don't know what I am buying so read reviews and watched videos to disocver what might be best. In the end I bought three different types of shoe grips to try from studs to wired (both of which I am not convinced about and suspect theyare junk) and a pair which looked more like lightweight crampons. The design is very similar to well reviewed products so I thought they were worth a try.

WeatherSeptember 18, 2018 2:54 PM

Hahah get it now
Advertising the fact I use a cellphone is I will take a hammer to a computer, two it takes more than two week to make something, three I burnt out working 16-18hours 6-7days for months on a computer, I try recently to get back in it,but that is never going to happen again

bttbSeptember 18, 2018 3:36 PM

@Anon Y.C. Lee, Hmm

Anon Y.C. Lee wrote:“This should make you laugh”
and
“Or how about a chortle over…”

I am neither laughing nor chortling at a time when Trump is increasingly desperate with Mueller’s Russia Investigation. Mueller's Investigation backs Trump into a corner (you might have heard the story about how a rat backed into a corner behaved). Desperate people can, of course, be tempted to make high risk/high payoff decisions.

Misc. current stuff:

https://www.emptywheel.net/2018/09/17/trump-wants-voters-and-russia-to-know-what-the-russia-investigation-looked-like-on-august-1-2017-not-september-14-2018/

https://www.emptywheel.net/2018/09/16/manafort-turns-states-evidence-its-time-for-some-game-theory/

Or if you prefer books (perhaps available from a library near you):

“On Tyranny”, by Snyder (a relatively quick read; about 100 pages)
“How Democracies Die”, by Levitsky and Ziblatt

WeatherSeptember 18, 2018 3:59 PM

Bttb
Intinal swafe
The news in my island (Ireland) is that they have no big score reporting it,any links to Russia won't be political and the chance of gaining them through this way is small

ScaredSeptember 18, 2018 6:50 PM

Embarrassed to admit this, but I bought my first (and last?) IoT device:
https://airnoise.io/
(mainly to file complaints when loud "Hush-Kit" equipped DC10s pass over my house).
It's based on Amazon's "AWS IoT Button" which looks pretty secure to me (at least it could be, but I don't know how much info the setup app leaked for example). Any reasons why I shouldn't use this? The only other devices on my WiFI are cell phones and a PC so I'm not worried that someone will set my fridge to +70F.

vas pupSeptember 19, 2018 8:17 AM

@Clive:
Transparent loudspeakers and MICs that let your skin play music:
https://www.sciencedaily.com/releases/2018/09/180918110939.htm
"Using the hybrid NMs, the research team fabricated skin-attachable NM loudspeakers and microphones, which would be unobtrusive in appearance because of their excellent transparency and conformal contact capability. These wearable speakers and microphones are paper-thin, yet still capable of conducting sound signals.
Wearable microphones are sensors, attached to a speaker's neck to even sense the vibration of the vocal folds. This sensor operates by converting the frictional force generated by the oscillation of the transparent conductive nanofiber into electric energy. For the operation of the microphone, the hybrid nanomembrane is inserted between elastic films with tiny patterns to precisely detect the sound and the vibration of the vocal cords based on a triboelectric voltage that results from the contact with the elastic films."

Clive RobinsonSeptember 19, 2018 8:50 AM

@ vas pup,

Let me ask you a question,

Did your eyes glaze over when they hit,

    "... the hybrid nanomembrane is inserted between elastic films with tiny patterns to precisely detect the sound and the vibration of the vocal cords based on a triboelectric voltage that results from the contact with the elastic films."

Mine sure did ;-)

Which is why I'm going to try reading it when I'm way way more awake.

vas pupSeptember 19, 2018 9:06 AM

IBM launches tool aimed at detecting AI bias:
https://www.bbc.com/news/technology-45561955

"Often algorithms operate within what is known as a "black box" - meaning their owners can't see how they are making decisions.

The IBM cloud-based software will be open-source, and will work with a variety of commonly used frameworks for building algorithms.

Customers will be able to see, via a visual dashboard, how their algorithms are making decisions and which factors are being used in making the final recommendations.

Machine-learning and algorithmic, bias is becoming a significant issue in the AI community.

Microsoft said in May that it was working on a bias detection toolkit and Facebook has also said it is testing a tool to help it determine whether an algorithm is biased.

[!!!!]Part of the problem is that the vast amounts of data algorithms are trained on is not always sufficiently diverse."

Let me ask professionals: are all white people looks the same regardless of their origin/nationality? What level of 'blackness' is sufficient to be considered as representative of black race? Same applied for Asians: is the same input working on Chinese, Japanese or Koreans?

How about transgender folks? Not even talking about age differences.

Those questions are reasonable to provide qualitative and quantitative balanced training input for AI based on tasks assigned and future AI evaluations/assessments. That is 'horse' which should be put before 'carriage', not vice versa.
I'd say that DNA could be kind of objective and measurable (but definitely not universal) training input. I'll appreciate any logical input even not politically correct. Anyway Moderator will trim those M decided not fit in this blog.

Alyer Babtu September 19, 2018 11:42 AM

@vas_pup

frameworks for building algorithms

AI is a tool, like all such only reaches so far. In areas that need “I”, “AI” is turtles all the way down, for converging values of turtles. Or, yes it can do a good job, but we have to tell it everything. Or, I can’t seem to saw wood with this hammer.

echoSeptember 19, 2018 1:30 PM

During episode of Blake's 7 when Oracis activated for the first time Orac says "Surely it is obvious to the meanest intelligence that during my development naturally I would become endowed with aspects of my creators personality." Orac was an AI that had full backdoor access via an IC within widespread use within the Federation which gave ORAC essenitally unlimited processing pwoer and access to all stored knowledge. While this was fiction it's interesting how the intersection of art and thought experiments resonates with issues today.

https://www.youtube.com/watch?v=NmjPk4hzRXM

bttbSeptember 19, 2018 5:20 PM

From emptywheel.net, https://www.emptywheel.net/2018/09/19/donald-trumps-bubble-is-robert-muellers-greatest-weapon/ :

“Robert Mueller has a slew of really good lawyers working for him. But I think his biggest asset is Donald Trump’s bubble.

Consider this NYT story [ https://www.nytimes.com/2018/09/18/us/politics/trump-legal-team-lawyers.html ], in which a bunch of lawyers anonymously blame each other for getting 16 months into the Special Counsel investigation without ever figuring out what the President did.

[…]

As I’ve noted here and elsewhere [ link ] , even careful readers, to say nothing of the frothy right [link] , have little visibility on how this investigation evolved (even the tiny bit more visibility [link] I have makes me aware of how much I don’t know). If the smartest Republican upstream of Trump’s concerns about the genesis of the investigation doesn’t understand it, then far stupider Congressmen like Mark Meadows, who hasn’t reviewed all the documents, is surely misrepresenting it.

And yet Trump, from within the bubble of sycophants, clueless lawyers, and credulous reporters is blindly taking action in the hope of undercutting the pardon-proof plea deal of his campaign manager.”

bttbSeptember 19, 2018 5:39 PM

Regarding WannaCry and Whodunit, from emptywheel.net, https://www.emptywheel.net/2018/09/19/in-media-res-the-fbis-wannacry-attribution/ :

“I’ve been working through the complaint [ https://www.justice.gov/usao-cdca/press-release/file/1091951/download (pdf)] charging Park Jin Hyok with a slew of hacking attributed to the Lazarus group associated with North Korea. Reading it closely has led me to be even less convinced about the government’s [link] of the May 2017 WannaCry outbreak to North Korea. It’s going to take me a series of posts (and some chats with actual experts on this topic) to explain why. But for now, I want to point to a really suspect move the complaint makes.

The FBI’s proof that Park and Lazarus and North Korea did WannaCry consists, speaking very broadly, of proof that the first generation of the WannaCry malware shared some key elements with other attacks attributed to Lazarus, and then an argument that the subsequent two generations of WannaCry were done by the same people as the first one. While the argument consists of a range of evidence and this post vastly oversimplifies what the FBI presents, three key moves in it are:

[…]

And while it’s possible that FBI Agent Shields doesn’t know anything more about what the government knows about Shadow Brokers than that it has a spooky name, some of the folks who quoted in the dog-and-pony reveal of this complaint on September 6, not least Assistant Attorney General John Demers, do know whatever else the government knows about Shadow Brokers.

Including that the announcement of the sale of Eternal Blue on January 8 makes the searches on Microsoft’s site before the exploit was actually released on April 15 one of the most interesting details in this chronology. There are lots of possible explanations for the fact that someone was (as the FBI’s timeline suggests) searching Microsoft’s website for a vulnerability before the import of it became publicly known.

But when you add the January 8 Shadow Brokers post to the timeline, it makes culprits other than North Korea far more likely than the FBI affidavit makes out.”

Clive RobinsonSeptember 19, 2018 6:44 PM

@ bttb,

From the quote you give,

    ... it makes culprits other than North Korea far more likely ...

Just one of the points I've made as to why ElInt technical (Methods) attribution is hard, very hard, and why "boots on the ground" HumInt (Sources) attribution is more likely to be correct.

It also draws a big big question mark over what is and is not actual evidence in attribution.

The fact I do not accept the "unsupported by evidence" claims by Governments, has in the past apparently made me some kind of crank in some peoples eyes... Why this is so has always puzzled me, as I would have thought common sense would alert people to the fact the public are being lied to.

For instance the Ed Snowden trove should have made it abundantly clear to all, that the SigInt agencies lie outrageously, break the law without qualms, and do worse, as a matter of "normal operations" would have raised red flags with people.

JG4September 19, 2018 9:51 PM


https://www.nakedcapitalism.com/2018/09/200pm-water-cooler-9-19-2018.html
...
“What Happened to General Magic?” [New York Magazine]. “Magic spun out of Apple in 1990 with much of the original Mac team on board and a bold new product idea: a handheld gadget that they called a “personal communicator.” Plugged into a telephone jack, it could handle e-mail, dial phone numbers, and even send SMS- like instant messages—complete with emoji and stickers. It had an app store stocked with downloadable games, music, and programs that could do things like check stock prices and track your expenses. It could take photos with an (optional) camera attachment. There was even a prototype with a touch screen that could make cellular calls and wirelessly surf the then- embryonic web. In other words, General Magic pulled the technological equivalent of a working iPhone out of its proverbial hat—a decade before Apple started working on the real thing. Shortly thereafter, General Magic itself vanished.” • Oh well. Worth a read!

echoSeptember 20, 2018 4:57 AM

https://www.theguardian.com/politics/2018/sep/20/macron-urges-eu-leaders-to-stand-firm-against-theresa-may-brexit

Emmanuel Macron has appealed to his fellow European leaders to maintain their tough approach to Brexit in response to Theresa May’s demand for compromise and accusations that the French president wants to make Britain suffer.

The UK state lies and abuses and seeps it under the carpet all the time. The handful of allegations I made on this blog subsequently confirmed by media reports prove this. Knowing whatI know about how the UK stateoperates in practcie I completely and fully without reservation support the EU standing firm against UK brinksmanship and lies and deflecting the blame.

I have been on the receiving end of UK state coercion to agree with something which would create a paper trail "proving" agreement more than once. When I refused to agree the threats began and, yes, those threats did turn into state sanctioned off the record off camera violence against my person.

Babiš said a second referendum would “solve the problem quite quickly”, but he also said there would “hopefully” be a deal.

Never, never, never let the bully have the final say. A second referendum gives the public the chance to asserttheir own choice not a forced choice on the receiving end of half truths and pie crust promises.

echoSeptember 20, 2018 5:18 AM

https://www.independent.co.uk/news/uk/home-news/uk-drink-spiking-doubles-police-a8545011.html

Experts have warned that official figures showing that the number of drink-spiking cases in the UK have more than doubled in the last three years are just the tip of the iceberg.

[...]

He said: "Victims feel like they won't be believed. They rack their brains to figure out what happened the night before, but because of the effects of the drugs they can't remember. They need answers."

[...]

Student Dizzy Bagley told Sky News she had been targeted at least twice - but only contacted police following an assault: “It’s so common and in my head the police have bigger issues than if I got spiked. What are they going to do?

“To me personally at the time it was a waste of my time to call them ... as I couldn’t remember anything.”

Away from the high octane world of geo-political espionage and dirty tricks Women aresuffering from an exploision of spiked rinks. I really don't need to go on how police "no crime" incidents affecting women do I nor a small but horrible minority of police officers who abuse the people who come to them for help?

My advice is never accept or consume a drink which has left line of site even if it is only for a fraction fo a second. Always maintain situational awareness of your drink to ensure when it is not within your vision it cannot be interfered with. If in doubt say "no" and get a fresh drink direct from the barkeeper or new unsealed bottle and maintain lione of sight and situational awareness at all times. Of course, always be careful and select and filter your friends carefully so this situation does not arise in the firstplace.

Stick to soft drinks to avoid judgment being impaired.

Arrange a "buddy system" with a trusted person who has your phone number and stay within hailing distance of your "backup team".

Carry a small feature phone in a conealed holster for emergencies.

Weae or carry a pair of flat shoes in your handbag if you need to run.

Clive RobinsonSeptember 20, 2018 5:39 AM

@ bttb,

With regards malware attribution often there is the claim of "common code" snippets (as in the Park Jin Hyok FBI suppositions). With the same cry of "Must be him wot dunit" said about the Butler in a 1930's low grade murder mystery (when we all know it was realy the "Evil Maid" ;-)

For some reason we are led to believe that getting hold of malware code snippets is difficult with "much ado about nothing" claims of "Dark Web"[1] trading with "illicit cryptocurrancy"[2] usage not just in the MSM but often in various parts of the computer press as well.

But the truth is you can just download it from quite public sites without any difficulty what so ever,

https://www.zdnet.com/article/free-easy-to-use-and-available-to-anyone-the-powerful-malware-hiding-in-plain-sight-on-the-open-web/

The point is it's actually quite difficult to "back trace" such code especially as it often mutates in slight ways. That is although you know of a point where the code was found in malware and you now have it at a new to you point joining the two together is at best an unreliable excercise especially if you make the mistake of beliving any one point was the originating point. The fact is if a code snippet has been used in malware, any infected machine could be an originating point, likewise any machine that has the development source on it that "gets scanned". Which means that as has been found somebody may be using malware quite stealthily, but it gets caught but not recognised publically. However somebody may catch it and use a snipit for their own purposes and it is this secondary source that becomes public, thus giving a false point of origin to anyone investigating. If the real originator of the code has passed it on anonymously to others prior to the code becoming public then there are other paths investigators will not see so can not back trace. Thus saying because the same code snippet turns up in two or more pieces of malware means the same people were involved in writting those malware programs is at best a tenuous assumption. Esspecially when we know State Level entities such as the US and UK IC entities have and regularly use malware they make for "false flag" activities. To make the assumption that non state level attackers do not do the same "false flag" activities would be a silly thing to do. It's what any half way smart criminal would do for self protection. It's also a logical follow on from the work involved with getting malware through AV software[3] before you deploy it.

Oh the article also has at the bottom one other quite sage piece of advice that's been said a few times in various ways but still it is being ignored for some reason,

    "Businesses need system administrators who know their network well, who know what's running on those machines and know the network well, and be able to identify files and behavior which shouldn't be there,"

Robert Lipovsky, senior malware researcher at ESET.

[1] For some reason many people do not know where the term "Dark Web" originated or what it ment. Put simply it was a term to refrence those parts of the public facing Internet that were not in search engines, which was around 4/5ths of it. So nothing sinister about it at all, but like many sound bytes made for marketing purposes it's catchy, thus like the trade name "Hoover" it becomes public property with a life of it's own, often driven by shoddy journalism and shyster prosecutors. It got worse when people tried to differentiate because of it, which is why we now have "Surface Web" and "Deep Web", with "Dark Web" loosing it's original meaning and now vaguely aproximating annonymous, illicit, or criminal web usage. But used often to imply that both annonymous and illicit behaviour is criminal behaviour which they clearly are not.

[2] The fact that someone uses a form of money to carry out illicit activities does not make the currancy illicit. Again it's shoddy journalism. The last time I looked the number one currancy used by criminals outside of that of their own nations Fiat Currancy was the US Dollar. So remember if you live in the US not to use that "illicit Dollar", especially as much of it has cocaine infused in it. People have been falsely accused and put in jail because they had "illicit cocaine Dollars" in their pocket which originated from the FBI...

[3] It's often been said "There's many a slip 'twixt the cup and the lip" and as we know Kaspersky amoungst others "scan and phone home" with things that appear might be malware. We also know that SigInt agencies and others will collect that "phone home" traffic especially if it's not appropriately secured (think back to CarrierIQ and mobile phones). We also know that many AV companies miss early or covert malware even though they have it in their repositories. Thus an incautious malware developer could have "given away" their code even if they never use it, simply by not taking enough care when going through the testing phase of hardening their code from AV software. As is noted on the odd occasion here "OpSec is hard", very hard to get totaly right.

RatioSeptember 20, 2018 6:00 AM

@Sancho_P,

Danske bank chief resigns over €200bn money-laundering scandal:

The boss of Denmark’s biggest bank has resigned after admitting that the vast majority of €200bn (£178bn) flowing through its Estonian branch was money-laundered cash flowing illegally out of Russia, the UK and the British Virgin Islands.

[…]

The bank said an independent investigation had found “a series of major deficiencies” in its controls to prevent money laundering. The investigation found that more than half of Danske’s 15,000 customers in Estonia were suspicious.

“We have gone through 6,200 customers starting with the customers hitting most risk indicators first,” the bank said. “Almost all of these customers have been reported to the authorities.”

[…]

Danske only admitted to the true extent of the money laundering scandal on Wednesday following increasing political pressure and US law enforcement agencies this week launching an investigation.

[…]

Danske said it would donate all its profits earned from the suspicious accounts between 2007 and 2015 to a charity focused on “combating international financial crime”. The donation totals 1.5bn Danish kroner (£178m). Analysts expect Danske to be fined billions of dollars by Danish, European and US regulators.

You know, José Grinda (whom I’m just guessing you know) says cooperation on Russian organized crime by the UK is nonexistent. I wonder if this could somehow be relevant …

(Oops. “I bet someone last year [Trump & Co.]’d be sunk by this fall” in my previous comment should have said either “by this winter” or “sometime this fall.” I still expect to be the one paying, just later. Or maybe not, if people hurry up. :-P)

echoSeptember 20, 2018 6:34 AM

@Ratio

You know, José Grinda (whom I’m just guessing you know) says cooperation on Russian organized crime by the UK is nonexistent. I wonder if this could somehow be relevant …

I have personally seen UK state data which proves the UK knew about money laundering atleastas farback as the Major government and turned a blind eye. This went on for a long time until something was done on the surfaceat least and it began to emerge again to the point where nobody could miss it.

International finance companies are out of control and both going being the requirements of the law and targetting human rights groups and issues to keep US politically driven regulators happy in contravention of UK/EU law simply so they can remain in the US marketwithout being sanctioned for purely political reasons. The focus of this very deliberate corporate "making law" is mostly but not exclusively aimed at women who wish to control their own bodies but not limited to this.

Most people and to some degree the media too have no knowledge or experience of this or behind the scenes discussions and actions where negligent and improper behaviour and failure of regulation is exposed. It seems to me from my experience if you stick with the rules as written and whatthe data clearly indicates the pushback from these companies becomes worse and regulators turn a bigger blind eye. I'm not sure if this is because of male agression or simply people don't want to admit they made a mistake and they perceive it is easier to bulldoze the fantasy playing in their head than wake up to reality.

Exactly who is drivign these unwritten and unalwful agendas or who is being kept in the dark is a question itself and clealy pointing to a failure of governance.

Clive RobinsonSeptember 20, 2018 7:38 AM

@ echo,

Women are suffering from an exploision of spiked drinks.

It's not just women, and it's not just drinks it happens in many adult "social settings". Not mentioned in the article is that often what are used are "social drugs" like cocain, that effect the brain directly producing effects that some have claimed is "a thoudand times better than sex".

Cocaine generally comes either as a hydrachloride salt or freebased[1].

The salt can be disolved in water and can be injested, injected or absorbed through mucus membranes and the like. So food, and contact as well as drinks. The freebased form can be inhaled and will survive low temprature combustion in other products such as tobacco, so can be smoked or inhaled.

Various other drugs like "weed", "speed" etc that effect the brain will reduce or remove conscious barriers putting the victim in at the very least a suggestable state. Even caffine in coffee and energy drinks can be used in combination with alcohol or other drugs.

In short there are way way way to many combinations of substances (add speed to weed chocolates or spice cakes or even other food for instance) that will alow a person to gain advantage over another without the victim actually realising it untill later, or sometimes not at all.

Unfortunately in a conservative view point false morals are used to "blaim the victim", thus avoid having to deal with the realities of sociopaths and others that use such technicues to gain power over people.

What is seldom said is that in many cases where such techniques have been used the abuser actually is known and to a certain extent trusted by the victim. Thus "secondary fear" plays a large part in the victim not reporting what is in actual fact a "crime of violence" the same as if the victim had been beaten into insensibility.

Further "social drugs" are also used by "people traffickers" and those who "run prostitutes" especially those who are underage or vulnarable for various reasons.

The one thing people need to get clear in their head is that as with serial killers the "sex component" in "date rape" and "spiking" in general is almost immaterial to the "power" component of the attacks. It's the fact they can drug people and get away with it which is the real high for the attacker, especially if they can do it so the victim does not realise it, or another person gets blaimed.

Also what people do not consider from a security perspective is the "tounge loosening" effect that social drugs in carefull mixes can have. They can certainly be as effective as those used to inhibit conscious control for either anesthesia or as "truth drugs". So in the right setting you do not need to by a wrench with the $5 just a pizza with "alternative herb" topping sprinkles and high caffeine energy drink will work on many people, if that fails things can be stepped up notch by notch.

[1] It is a simple process you can do in any kitchen with a microwave oven to take the cocain salt and remove the hydrachloride component with ammonia (from window cleaner) or bicarbonate (from baking powder) mixed with water and then heat the resulting paste. Apparently if put on a plate in a microwave when "done" the dryed past "cracks" hence it's name "Crack Cocaine". Various claims have been made about it being "instantly addictive" if that is true or not does not diminish the fact that it has extrodinary mind altering properties, that can strip a person of inhibitions, morals and any kind of self control.

vas pupSeptember 20, 2018 9:28 AM

Marine Le Pen ordered to undergo psychiatric testing:

https://www.bbc.com/news/world-europe-45590963

"Ms Le Pen sparked an outcry when she posted the images, which she shared in response to a journalist who drew a comparison between IS and her party.The other images showed a tank running over a man in an orange jumpsuit, while another jumpsuit-clad man was shown in a cage being burned alive.The case against her stems from French laws against circulating "violent messages that incite terrorism or pornography or seriously harm human dignity" and that can be viewed by a minor."

I see this as very bad sign for democracy. In former USSR they consider people of dissent as disloyal to their political establishment.
They were subjected to jail time, BUT jail time is limited. They found out utilize psychiatry as tool to suppress opposition by placing those non-conformists into prison-like mental institution for unlimited time.
I never expected similar mental inquisition from France. That is NOT about I agree with Marine views, but about any views to be fight by the views, not by psychiatric evaluations or even mandatory mental hospitalization.
As one of the former CIA director stated: "We should distinguish disloyalty and dissent."

echoSeptember 20, 2018 11:15 AM

https://www.independent.co.uk/news/uk/home-news/northern-ireland-abortion-pill-mother-prosecuted-daughter-belfast-court-a8546936.html

A woman accused of buying abortion pills online for her teenage daughter has said she is in “fear and pain” over her pending prosecution. The mother is accused of procuring and supplying poison with the intent to cause a miscarriage in July 2013. The woman - who cannot be named for legal reasons - allegedly bought the pills for her 15-year-old daughter. The High Court in Belfast is set to hear a legal challenge to the decision to take action against the mother on Thursday.

This is just a case which is happening in public. Thereis no mention of countless women who are being abused unlawfully by international finance companies both in the UK and US which wish to control women's bodies for political reasons. Nor does it mention the driving forces behind this or in the US state level politicians who are driving action with "legally arguable" reasons without the support of primary legislation.

@vas pup

I loath and avoid the BBC because it's a mouthpiecefor the establishment and too brainwashy. Having looked at the article it does link to an (untranslated) French newspaper which claims it is standard procedure. The psychiatric examination is a low level check to ensure she is has capacity and capability to answer questions. I have no idea of the veracity of this claim or scientific and legal reasoning, nor if she is being picked on as a special case.

In the UK the position is actually a lot more worrying as UK police actively use new powers to deflect women into psychiatric services to cover up police negligence and abuse of women and no-criming sex trafficking.

I have also this past week obtained new information from a reputable professional source which indicates the UK state is imprisoning ex-military who are placing a strain on public health services and suffering from combat related mental illness such as PTSD.

Clive RobinsonSeptember 20, 2018 12:28 PM

@ echo,

... the UK state is imprisoning ex-military who are placing a strain on public health services ...

This unfortunatly is nothing new, there is abundant and clear evidence that this was done both during and after both World Wars including illegal experementation and euthanasia by morphine or similar.

Atleast on Government minister has been over heard complaining that "military emergancy response" is now too good as it creates expensive burdens both on health and wealfare budgets...

You will find similar political sentiment in the US with regards the VA expenditure.

In short to quote one political view, "Cannon fodder should be fertilizer not vegtables".

The press of course will not cover it in the same way they would not cover a politicians boyfriend downloading child porn even though the FBI named the person and supplied it publically under an FOI request.

MarkHSeptember 20, 2018 3:50 PM

It is been revealed, how the National Solar Observatory in New Mexico came to be closed for 10 days.

Predictably, the mysterious closure triggered a flow of batsh!t-crazy conspiracy theories, though (for a refreshing change) not in this comment thread ;)

Story on slate.com

A child pornography investigation traced activity to the observatory WiFi network. FBI investigators seized a notebook computer suspected of being used for illegal purposes.

But the FBI had nothing to do with the temporary closure: the observatory management was worried about personnel safety, based on erratic behavior on the part of the suspect employee, who has not yet been arrested or charged.

Dave SSeptember 20, 2018 4:31 PM

Hi,
Can we discuss the way that both IOS Mail and MS Outlook app (on a smartphone) display the sender’s (chosen) display name in preference to a sender’s domain? They both show the display name at the top of the email. This is invariably something believable like “Apple Customer Service” or “PayPal Update” at the top of well-crafted phishing emails.

The sender’s email address is usually apple-customer-service@heufnvienrandomstringf64ey3...Etc

It is VERY DIFFICULT to view the full email domain and most users will remain unaware of one of the most telling identifiers of a phishing email. Under certain circumstances, you cannot view the email domain AT ALL due to wrapping, screen width etc.

Both apps seem to trust an unknown sender sufficiently to display ONLY the sender’s self-professed title, despite the sender not being in the user’s address book.

The apps also make it difficult (or even impossible) to view the sender’s domain.

Having reported it to both companies (having been very nearly caught out, twice) they reliably informed me that this behaviour was not a security risk.

Im hoping this is not just me.
Kind regards,
Dave

Clive RobinsonSeptember 20, 2018 5:08 PM

@ MarkH,

Predictably, the mysterious closure triggered a flow of batsh!t-crazy conspiracy theories

I'm not so sure they all were, the whole story looks "batshit-crazy" as it is ;-)

Under the title,

    MYSTERY SOLVED? FBI REVEALS WHY IT SHUT DOWN THE NEW MEXICO SOLAR OBSERVATORY

Newsweek has published an article today,

https://www.newsweek.com/mystery-solved-fbi-reveals-why-it-shutdown-new-mexico-solar-observatory-1130075

Claiming it was about a child porn investigation the observatories WiFi and a janitors laptop that mysteriously "got taken" obigitory X-files music at this point ;-)

The janitor then apparently went somewhat paranoid when searching for his laptop,

    According to KRQE, the janitor “feverishly started looking through the facility” after realizing his laptop was missing, as well as making comments on the apparent lack of security at the observatory, suggesting it was "only a matter of time before the facility got hit,” adding he "believed there was a serial killer in the area.”

The article finally gets around to contradicting it's own title by saying it was the observatory officials made the decision to close the site as a precaution over concerns the suspect may pose a threat to the public...

But more puzzling is there is no explanation as to what happend to the janitors computer and,

    The janitor has not been arrested or charged in connection with the investigation and no arrest warrant has been issued, according to the FBI. The observatory has since terminated its contract with the cleaning company that employed the janitor, documents add.

Or why the Observatory was closed for 11 days, if it was just a paranoid janitor...

I reckon there's the making of a conspiracy story in that lot alone ;-)

As they say "you realy could not make it up"...

But it suggests "over reach" in the FBI. That is some one pushed the "here be terrorists" button or similar and it took that long to search the place thoroughly whilst using extended / enhanced interogation on a probably mentally ill person, who was just hanging in there on minimum wages. But the FBI failed to turn up anything to make him a convincing "frame fitting terrorist" etc or anything else except someone in need of help.

Clive RobinsonSeptember 20, 2018 6:57 PM

@ MarkH,

And now we go over to our corespondent in Australia[1]...

With the Sherif reporting sitings of a black hawk helicopter, mysterious people crawling through nests of antennas, people being evacuated from their homes, drones and the site being abandoned / deserted with people wandering around and not seeing a soul...

https://m.gladstoneobserver.com.au/news/sunspot-observatory-unexplained-fbi-raid-sparks-co/3522568/

I'm begining to love this story it's so deliciously bizarre, almost enough to make me go and make some popcorn ;-)

Oh there is one bit of the story I can confirm both from another Australian site and my own "observations". The Australian Space Weather Service ( http://www.sws.bom.gov.au/HF_Systems ) confirmed a level 2 --out of 5-- solar storm with lots of particles doing their thing in the ionosphere especially over the UK. Sure enough radio prop confirmed this though I was not lucky enough to see any aurora.

[1] I know "going down under" for "across the puddle" news appears odd, but US news sites have become unvisitable since the EU GDPR came into force. My favorite so far is the WashPo, it comes up with it's title and motto of,

    Democracy Dies in Darkness

At the top of an otherwise blank page, which is kind of ironic. As for Slate they come up with a "wr will data rape you" warning with a "click to accept" button, which I declined.

MarkHSeptember 20, 2018 7:31 PM

@Clive:

Not having followed the GDPR story, I'd no idea that it has such immediate and rather inconvenient consequences ...

The Washington Post presentation you described would have delighted Franz Kafka.

Meanwhile, the Australian article you cited now includes a link to the update story, "Ugly truth behind observatory FBI raid".

Because people shooting up their workplaces has, nauseatingly, become a commonplace in America (another example of this just today), the shut-down over concerns of a crazy-seeming employee was actually a reasonable security measure. Sigh...

Clive RobinsonSeptember 21, 2018 3:58 AM

@ MarkH,

... the shut-down over concerns of a crazy-seeming employee was actually a reasonable security measure...

But for 11 days?

The story still does not make sense.

If the janitor had some how escaped and gone on the run then maybe, but there is no evidence given of that.

From what has been said the FBI took away five computers and three phones from the suspect, yet he's not been arrested...

Other articles suggest the whole thing was started by one of the senior observatory staff "seeing" what they thought was a child abuse image on a computer but did not say anything about it at the time because they were too busy...

There is a lot of stuff talked about the suspicion of there being downloading and redistributing across the observatory WiFi, but no arrests or much of anything else has actually happened than the unexplained 11day shutdown.

If the janitor was involved in such activity and had used one of his confiscated electronic devices in an ordinary way then you would expect there to be evidence of such on atleast one of them[1].

If anything the "information vacuum" on this story is growing, and getting odder as the little information that has become public dribbles out.

I'm guessing that if other parties were involved all the "world wide noise" has caused the birds to have long since flown or gone to ground.

However, what's the betting "crypto" and the FBI "going dark" comes out of this... And... It then does get covered by our host?

Stranger things have happened ;-)

[1] Yes, I'm aware that if you did not use a laptop in the "ordinary way" then there would not be the normal "traces". But that raises a whole bunch of other questions. For instance unless it was just being used as a relay, it still leaves the questions about the storage required for "redistribution"...

MarkHSeptember 21, 2018 4:00 AM

@Clive:

Before, I missed the first of your 2 comments.

According to the Slate article, there's no mystery as to the disposition of the computer: it was seized by the FBI, which is standard procedure given the context.

And I see no sign of FBI overreach with respect to the lengthy shutdown, as they reportedly had nothing to do with the decision to close the facility.

I'm in no position to judge the wisdom of this decision by the observatory's management, but in a country drowning in guns, it's understandable to worry about a guy whose behavior has suddenly gone off the rails -- all the more so, when you've just learned that he's likely suspected of a felony.

To put it another way, if you're the boss, and you guess that there's a 1% probability of several people getting shot to death at the plant you manage, how complacent would you be?

lord of the friesSeptember 21, 2018 4:31 AM

Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla

- Tails 3.9, which ships with TB 8.0, is also affected.

######

User report:[1]
https://blog.torproject.org/comment/277375#comment-277375

Sanitize the add-on blocklist update URL
https://trac.torproject.org/projects/tor/ticket/16931

related, old, closed ticket (unresolved):

TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/projects/tor/ticket/6734

[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/projects/tor/ticket/6734 without fix this privacy issue.

From Ubuntu 18.04.1 LiveCD
/v1/blocklist/3/%7Bec8030f7-c20a-464f-9b0e-13a3a9e97384%7D/60.2.0/Firefox/20180204030101/Linux_x86_64-gcc3/en-US/release/Linux 4.15.0-29-generic (GTK 3.22.30 libpulse 11.1.0)/default/default/1/1/new/"

"about:config
extensions.blocklist.url"

"Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."

######

Wesley ParishSeptember 21, 2018 5:38 AM

@Bruce, just for you, a cephalopod story:

Got any ecsta-sea? Boffins get octopuses high on MDMA – for science, duh
https://www.theregister.co.uk/2018/09/21/boffins_drugged_octopuses/

Octopuses getting touchy-feely on ecstasy.

@usual suspects, ElReg has some interesting stories

NSS Labs sues antivirus toolmakers, claims they quietly conspire to evade performance tests
https://www.theregister.co.uk/2018/09/20/security_testing_contratemps/

Guilty: The Romanian ransomware mastermind who infected Trump inauguration CCTV cams
https://www.theregister.co.uk/2018/09/21/cctv_ransomware_trump_washington_dc/

The myth of the mastermind criminal is just that, a myth.

Securing industrial IoT passwords: For Pete's sake, engineers, don't all jump in at once
https://www.theregister.co.uk/2018/09/20/securing_industrial_iot_passwords/

Operations technology (OT) is the term given to all those environments in industry, transport, automotive, city and utilities that – before industrial IoT – had been largely isolated from the outside world and, thus, protected from intruders.
But wait, there's more:
His advice when it comes to building industrial IoT? “In software, design for worst intent.”

And something dear to my heart, or is it kidneys, or perhaps, liver, or maybe pancreas ... I don't know.

Garbage collection – in SPAAACE: Net snaffles junk in first step to clean up Earth's orbiting litter
https://www.theregister.co.uk/2018/09/19/space_junk_caught/

Nota bene, everybody involved in the all-singing, all-dancing US Space Farce: I've been thinking about this topic for a lot longer than any of you. I've been thinking in terms of a Space Debris Salvage system set up not unlike the current maritime salvage system which has worked well for over a century. Maritime salvage works. The Space Farce has yet to be proved to have any relationship to reality, let alone security or defense. You can either be part of the problem, or part of the solution. Your call.

echoSeptember 21, 2018 6:02 AM

@Clive

Yes but... And this is the frustrating thing. I explained the system and how it worked and how they are getting away with it. He isn't the first person I have explained this too. What is really annoying, and I am bearing in mind one particular case of instititional discrimination, not only did they not listen but they then punked me. This professional I advised this week tried to lowball me too.

Why is Snowden a hero and Reality Winner got punked? She's pretty much invisible and the most what happens when her name is mentioned is a big "huh".

Not only do I have proof of what is happening behind the scenes the EHRC of all people tried to rip off my case material and cut me out of bringing my own case. Why? My guess is a man (tadah) perceived a career opportunity.

Speaking of the EHRC my complaint which is supposed to be heard within 20 days by a "senior" officer has gone walkies. It is now overdue and not a peep from them. What a surprise! I'd like to know what their [redacted] timewasting excuse is.

Clive RobinsonSeptember 21, 2018 10:06 AM

@ Wesley Parish,

The Romanian ransomware mastermind who infected Trump inauguration CCTV cams

Caught by poor OpSec, if this is to be believed,

    They used personal Gmail accounts to orchestrate their campaign, and had accessed them from one of the infected CCTV controller PCs.

However I would not rule out other possabilities as we know that SigInt agencies have been behind "parallel construction" on more than one occasion. In which case it probably does not mater how good you think your online OpSec is based on what you know and using modern tools you are still likely to be "toast". It's why I mention "Old School OpSec" from time to time, atleast it's been field tested for a hundred years or so[1] and had a few of --but not all-- the bugs knocked out.

But it gets better, currently we have a "major downer" on IoT due to the lack of security in the devices. Well as the article notes,

    Each of their [187 High Tech] CCTV units consists of a camera attached to a Microsoft Windows-powered computer...

With supprise supprise a full web browser etc etc... So remember folks that "IoT badness" is not BIOS or OS dependent, and even the supposadly largest consumer / business OS producer in the world can not get it right...

But the article also contains a link to,

https://www.theregister.co.uk/2018/09/20/makers_of_mirai_free/

Which is also a quite interesting read.

Apparently the three people behind the DDoS and IoT attacks (Mirai and clickthrough), are not going to trial...

    Such light sentences are uncommon in America for computer crime, however, there is one clear reason in this case: the trio became cyber-crimefighters for the FBI, and have already helped taking down other botnets.

So for those proto-masterminds reading along remember if you have "real skills" or "you know how to sell out more people than you are worth" the FBI might let you plea deal out of what could be a couple of hundred years jail terms.

Why do the FBI do this, well as I've noted below even the FBI are bright enough to know they don't have the skills required. Thus they can throw money at a problem like Tor, which is expensive at a million bucks for maybe six man-months of work, or they can try something else a lot lot cheaper...

As the article notes,

    The trio began working for the Feds even before being charged with the Mirai case. Given the problems faced by the FBI in recruiting hackers, flipping botnet masters is an interesting new way to swell the ranks of defenders in US law enforcement.

But remember, even though you are not "Big Billy's play thing for 23hours a day" you don't realy even have the freedom of a three jobs a day below poverty level wage slave. As the article indicates one of the three went from have a well paying proffesional full time job to a part time job presumably well below his honest earnings potential, about three-four years of "community service" and has to pay off substantial fines along with legal fees out of that much reduced income. Then there's that other "Big Billy" to keep satisfied a much worse monkey riding your back call Feebie, who is never ever going to climb off as you are owned by that plea deal.

[1] For those reading along who think they've "got the chops" with regards On-Line OpSec, some advice... Firstly the technology moves too fast for individuals to keep up, let alone field test it or work out it's less visable flaws, which can be quite subtle. Secondly we know the SigInt agencies in the US UK and other N-Eyes practice not just "collect it all" but where possible "trace it all", this is because experience tells them Traffic Analysis is often more usefull than message content. Thirdly the current anonymity networks do not keep you anonymous, when the SigInt agencies are into so many routers in the path you can not see. Worse even the less than technically sophisticated law enforcment agencies like the FBI, know how to throw money at a problem with teams of quite inteligent enginers and scientists, and whilst you might be better at something you will not be better at all things. Oh and for the love of sanity never mix old school OpSec with High Tech, it does not work as the CIA found with China, and MI6 found with the Russian's and the "electronic rock" in a Moscow Park.

vas pupSeptember 21, 2018 10:23 AM

On personal security and crime fighting:

Meet the virtual pooch that could help prevent dog bites:
https://www.sciencedaily.com/releases/2018/08/180825081739.htm

"A virtual dog could soon be used as an educational tool to help prevent dog bites, thanks to an innovative project led by the University of Liverpool's Virtual Engineering Centre (VEC).

As part of a desire to better educate children and adults about dog bite prevention, Dogs Trust wanted to explore whether a digital tool could help people identify a range of stress and threat behaviors typically exhibited by dogs, which have the potential to lead to a bite.

In response to this challenge, a team animal behavioral specialists and psychologists from the University worked closely with the VEC to make certain that the body language and detail shown in the virtual environment was both realistic and a truthful reflection of real-world canine behavior.

As the user approaches the dog, the behavior and body language of the dog gradually changes, the dog's behavior begins to display signs of aggression including licking its lips, lowering of the head and body, front paw lifting, growling, and showing of teeth. These behaviors are referenced from the 'Canine Ladder of Aggression' which shows how a dog may behave when it does not want to be approached."
***
London knife crime: Can Chicago's model cure the violence?
https://www.bbc.com/news/uk-england-london-45575361

"Is it really possible to reduce violent crime by tackling it like an infectious disease?

London has announced it is to follow Scotland's public health approach to help tackle violent crime. The idea of treating crime as a disease is not new, however. It originated on the streets of Chicago more than two decades ago and has its roots in the fight against Aids in Africa.

Intrigued, Dr Slutkin began to investigate. He looked at the data and noticed a number of similarities between the violence in Chicago and the epidemics he had just spent years trying to cure.

He realized violent incidents were occurring in clusters at certain locations and at certain times.

Furthermore, the violence appeared to be replicating itself, similar to an infectious disease. One violent incident would lead to another and then another, and so on.

Finally, violence was increasing rapidly in a fashion very similar to an epidemic wave.

As an epidemiologist, he knew to look for three things before classing a disease as contagious; clustering, self-replication and epidemic waves.

Dr Slutkin concluded Chicago was facing an epidemic disease just as bad as he had witnessed in Uganda.

As with the fight against Aids, the first rule was that violence should not be treated as "a problem with bad people". Instead, it would be treated as a contagion that infected people. This meant aiming to prevent violence before it broke out and mitigate it once it had.

In Chicago, he adopted a similar approach. Controversially, he recruited former gang members to educate current gang members, intervene in disputes and hopefully prevent the violence at source.

The results were instant; crime in its pilot area, West Garfield, dropped significantly. Soon the project was being adopted across other troubled parts of the city."


Clive RobinsonSeptember 21, 2018 12:59 PM

@ echo,

Why is Snowden a hero and Reality Winner got punked? She's pretty much invisible and the most what happens when her name is mentioned is a big "huh".

Neither of them is a hero, they are both revealers of state secrets for reasons of conscience. Which in both cases was justifiable thus it makes them "whistleblowers". That said they have little in common.

You can blaim the MSM for some of what has happened to Reality. But she realy was the architect of her own downfall more than anyone else.

She behaved in an emotional way and left a huge papertrail of things that would count against her including a diary that had some kind of jihadist worship that the judge read out... Further when in jail she blabbed on the phone and effectively hung herself then and there.

She basicaly acted on impulse, because of her dislike of what she saw as "a soulless ginger orangutan" and thus needlessly brought down the wrath of "Trump Supporters" including a majority of politicians in places of influence, rather than think her actions through rationaly and practice a little OpSec.

OpSec such as not sending an original document. That is you should retype the document using a thesaurus on an old computer or one that does not have a hard drive as a text file. Then only print out a munged version[1] at an internet cafe or such like in an area frequented by beltway bandits and post it or set up a throw away email account and send it. But even if she had taken that precaution I doubt she would have practiced other required OpSec.

But there is also the idiot at the Intercept that in effect grassed her up, who was obviously not a journalist of any merit (Rule #1 don't burn or piss off your sources ever, as others get to hear of it and you won't get any new sources of merit).

None of the above realy had to do with her being a woman, just some one who acted on impulse way to often than was good for her.

Arguably though her sentance is light compared to what men have received for doing less.

If people in powerfull positions in the USG get to do what they have said they want to do to Ed Snowden then at best it will be three drugs in a vien in his arm at midnight and an unmarked hole in the ground somewhere.

Arguably the only reason it has not happened was he planed what he was doing but even then nearly ended up caught.

There is a saying that you hear often "People love a winner, not a looser" well Ed is a winner so far against very long odds because he planned. Reality is a looser because she did not plan...

Being a woman realy had little or nothing to do with her outcome except at sentencing. Which is if you look at the statistics fairly normal.

With regards,

Speaking of the EHRC my complaint which is supposed to be heard within 20 days by a "senior" officer has gone walkies. It is now overdue and not a peep from them.

I'm afraid that as a friend of mine told me years ago "You have to bring in a third set of eyes promptly".

Ultimately as it's a public body --they have done this on atleast four occassions to my knowledge,-- you start a judicial review. Supprisingly it is not difficult to do and there are provisons for low/no income litigants without going through Legal Aid. You can also represent yourself as a "litigant in person" and take along a "McKenzie friend" or if you prefer due to impairment by distress etc or non access to suitable representation a "next / litigation friend".

A Judical Review is a very big deal for any authority because it's the only way generaly you can get at them. You actually have only to show they have failed in one of any of the four basic steps (Illegality, Irrationality / Unreasonablenes, Procedural impropriety, Legitimate expectation).

Often it's the first or second of these as "failure to follow their own rules and procedures" that hangs them out to dry. You can in the process put a vast amount of information into the court records. And in effect if it's not challenged in the court then it becomes a matter of fact usable in other subsequent court cases that might arise. Because of this many organisations will throw quite a number of baristers and even QC opinion at the case. However the judge "generaly smiles on litigants in person" if they follow some basic rules.

The most basic rule of which is "line your ducks up" to make the review procead smoothly. That is take the time to make a "time line" put all documents and other information on it even showing where documents etc are missing, use this to build three indexes one for time, one for subject and an alphabetical one. Neat well presented documentation makes judges happy tgus smile on those who produce it.

Store the actual documents in reverse chronological order (newest first) in leaver arch fikes no more than two thirds full with date tabs and put in "pink paper" where you don't have a document with why you don't have it typed neatly on it. Also Yellow paper for questions arising. You are only required to submit copies of the actual documents to the defending entity not the time line indexes or pink or yellow papers. There are ways of reducing copying charges etc for those in hardship (you need to speak to a high court clark of the administrative division).

The main use for a pink paper is where you are aware that the defending entity has had meetings etc and you do not have copies of the minutes etc, or from Email headers there are other people involved who's emails you have not been given. Show a reason that it should exist (on yellow paper) and nine times out of ten the judge will order such things produced, provided you can show you have made a suitable written request (noted on both pink and it's covering yellow paper with an index point to the actual request document).

Don't worry about putting to much in to your folder(s) judges are fully used to handling it, if you are not sure it's relevant include it but put a yellow sheet in front stating pros and cons for inclusion. The judge will then see that atleast you have thought about it and why, thus are behaving both logically and rationaly in a domain you are expected to be totally unfamilier with, the judge then can decide if it is relavent without you facing penalty for "folder stuffing" or "trying to hide the wood with trees". Those pieces of yellow paper also help "paint a state of mind" which can also help your case (especially with the last two requirments).

Whilst you have to bring a judicial review within three months (sometimes less if the law says) there is ambiguity in when the start point arises. This includes the time for the "letter before action" that you need to get the format right for, but it's not particularly onerous.

At the end of the day unless there is a legaly mandated arbitration process judicial review is the only way to chalenge a public body (but not the laws it is based on except in certain circumstances). Which at the end of the day the entity knows and trys to prevent you doing it in various ways (dangling faux activities to time the review out etc).

[1] The old way to "mung" a print out, prior to the "constalations of Orion" and similar, was to first convert it to a low resolution graphics file and print it out on a thermal or inkjet fax machine or printer where you can pull the page as it prints not just backwards and forwards but side to side. Then put it on a cutting mat face up and using a wide ball point pen or equivalent slash ink lines across it not using your dominant hand, then flip it over and slash it for real with a bluntish knife. Then from the back using a broad black felt tip pen scrub over the slash marks so you get bleed through not just at the slashes but in other places. Also randomly cut out connectives and other non relavent words from the front using a sharp scalple or craft knife Having done that make a "doodle scrible page" put it behind the cut out page so the squigles show through, then scan it back in on a flat bed scanner and twist and slide the paper as it is scaned into a graphics file and print it out in low resolution once again. Then either scan it back in and send the image file, or take a bunch of common brand tea pags that have been steeped in dilute red ink and "age" the page. Burn all the other pages and bits and securely wipe the floppy disk the text file, dump it the entire box of tea bags and the red ink in streat waste bins that are miles apart. What the journalist should receive eithet way should be only just sufficiently legible to be read and in the case of the "aged" page very dificult to scan in or photograph thus difficult for them to duplicate.

VinnyGSeptember 21, 2018 2:22 PM

@Clive Robinson re:"OpSec such as not sending an original document." Just from curiosity, why are the methods you have postulated more effective at rendering original document source undemonstrable than digital-analog-digital, i.e., scan the original, OCR to plain text, print the text file from some other ("safe") system, then scan the print-out to text on some third system?

Clive RobinsonSeptember 21, 2018 3:46 PM

@ Bruce and the usuall suspects,

In the article below David Patterson makes the point that Moores Law is well and truly over (something I've been talking about for a while). He indicates that the inverse half life is nolonger 18months but 20years and slowing on scalar processors.

https://spectrum.ieee.org/view-from-the-valley/computing/hardware/david-patterson-says-its-time-for-new-computer-architectures-and-software-languages

As most know there are two basic CPU classifiers,

RISC, reduced instruction set
CISC, complex instruction set

However it's a bit misleading for many as some get confused by CISC and instruction piplined architectures.

In essence a RISC instruction works on one (ie COMP) or two (AND, ADD etc) data items to produce a new data item.

A CISC instruction can work on many more than two data items at a time, the simplest most know is instructions that move entire blocks of data up or down in memory.

A little more complicated are the Vector Processors, in essence they have multiple blocks of registers inside the CPU and you use as arrays or vectors. So you can do things like add or multiply two arrays/vectors together and produce a third with one ALU. This speeds up the likes of matrix calculations immensly because there is only one set of memory fetches to fill or store a vector, thus by interleaving you can have a fixed vector and an updating input and updating output vector vastly reducing the snail creapingly slow memory operations, and as sequential memory is read/written further speed gains are made. However the vectors are often quite short at 64 or 128 registers.

GPUs work on vectors as well but have multiple ALUs speeding the processing up by performing parallel operations not sequential inside the Processing Unit.

Another alternative to speading things up are "algorithms in hardware" you integrate a large FPGA as a co-processor adjacent to the general purpose ALU much the same as Floting Point co-pros are. These can be added to any of the four processor types mentioned. In essence you hard code an algorithm in logic gates which vastly reduces algorithm time for a five to fifty times speed up. Done correctly with a GPU system the performance enhancments are significant for specialised functions.

Abother alternative rather than use an FPGA which can be reprogramed is to build specialised hardware. The first time this was done was on DSP chips where a vector would get processed with multiply and add (MAD) instructions giving a very high performance boost at the time.

Part of this was the "Wallace Tree Multiplier" which could be used in a wave like manner, which gave rise to the idea of systolic processors.

In essence a systolic processor has a fixed algorithm and hundreds of vectors in effect giving upwards of a hundred thousand data manipulations in one CPU instruction cycle. Such a processor is ideal for neural networks with 10-100million neurons in the network.

Microsoft is going down the FPGA route and Google the systolic route.

In both cases the sperd up comes from two effects, the first is the reduced number of chronically slow memory accesses the second by hardware encoding of algorithms.

There is however another way to go, which is have very reduced RISC processors capable of 10GHz and above clock speeds, each with it's own "soft array" memory configuted as a vast matrix of several hundred to thoudands on a chip with multiple routing switching buses. Kind of like a Sun Starfire 10K on a chip.

Clive RobinsonSeptember 21, 2018 5:19 PM

@ VinnyG,

Just from curiosity, why are the methods you have postulated more effective at rendering original document source

Well to start off with I'm not aware of any OCR package that does not require a hard disk to run.

The point of reusing the "old method" is to not have a hard drive in the equation.

The point of twisting / moving the image is to render "unknown artifacting" identification difficult if not broken, likewise typeface recognition. We know about "Orion Constalations" but we don't know all the "artifacts" that could be used to identify a printer included in it's firmware engine. It also makes automated optical scanning and recognition quite dificult. As does making slash across pen strokes and the doodles through the cut outs.

The use of actual cuts and ink is to further screw with typeface and artifact recognition.

The use of a theasurus and cutting various words out is to screw with other higher level watermarking, but still leave human understanding intact. There has been debate over many years about how the brain functions in the presence of noise and drop outs. Apparently dropping out the signal causes less cognative problems than throwing in noise. Thus you find "The Cat ___ on ___ mat" easier to understand than "The Cat AdS on tUb mat". Interestingly the brain apparently uses different parts to process letters into words thus meaning, than squigles into pictures thus meaning. In effect if the brain is "reading" it tends not to see the squigles and blotches. Where as computers just see dots.

However this might all now be moot with "deep learning AI"

What hopefully has not changed is the fact you are mangling forensic tracability that is practicing "anti-forensic" techniques. That is to the point that it is not possible to say any printer in the chain appart from the last one is a particular make/model let alone which actual printer.

In theory the orion constalations that are there to supposadly stop currancy forging can be "dithered" in some way to give a serial number for an individual printer. They could also simultaniously be used as a form of "grid mark" that could then be used to take out the effects of pulling and twisting the paper. However I've not seen very much on the subject since DRM by the optical equivalent of "Spread Spectrum" signalling back in the last year or two of the last century. When the Cambridge Labs under Ross J. Anderson demonstrated two dimensional fractional dithering was enough to destroy the DRM signal but not enough for a human to casually perceive actual image distortion.

Over the years various types of "Document canary" have been invented/designed working at different levels. Such as subtle font differences, kerning / letter spacing, line spacing, bible codes, thesaurus codes and higher level symantics such as word ordering in a sentence as in,

1, Not that it matters, you ...
2, It matters not that, you ...

English especially is a "lazy language" with considerable varieties of redundancy that makes "document canary" identification systems easy to make, but hard to detect.

For instance a long sentence can be broken up by commas, semicolons or even full stops and have the same meaning on reading. Likewise parts of the sentence can be reordered as can items in a list. Even the order of sentences in a paragraph like this one.

Alyer Babtu September 21, 2018 11:08 PM

@Clive Robinson @MarkH

is the WashPo

A further aside to your aside, probably the blank page was more news than you would have got had the page came up as normally, or from the NYT or most Western papers, given their long history of reporting from a priori solipsistic viewpoints. Democracy certainly did die in darkeness, as the press thoroughly failed to adequately cover the decades of the Soviet work-death camps, and then doubled down on the darkness by solidly refusing to cover Aleksandr Solzhenitsyn’s account of the realities of the Gulag, when he came in exile to the west. So one can lay he deaths of 70+ million people at the doors of this press and its policy of darkness.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.