1994-09-18 - Re: Possible [Best?] Scenario

Header Data

From: Black Unicorn <unicorn@access.digex.net>
To: nobody@c2.org (Anonymous User)
Message Hash: cf7d4e724858fa727e1d7003ca15a8b15733303ef70e0c355509aed905ce4fb9
Message ID: <199409182345.AA00288@access1.digex.net>
Reply To: <199409171439.HAA13237@zero.c2.org>
UTC Datetime: 1994-09-18 23:46:38 UTC
Raw Date: Sun, 18 Sep 94 16:46:38 PDT

Raw message

From: Black Unicorn <unicorn@access.digex.net>
Date: Sun, 18 Sep 94 16:46:38 PDT
To: nobody@c2.org (Anonymous User)
Subject: Re: Possible [Best?] Scenario
In-Reply-To: <199409171439.HAA13237@zero.c2.org>
Message-ID: <199409182345.AA00288@access1.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous User scripsit
> 
> Let's say I have a digital cellular phone.  I also have Anonymous Remailers,
> PGP, and over 100 BBS numbers (structured for which day and which hour each
> would be used) so that I can contact and talk to my "Friend."
> Please tell me how the LEA's can find me and understand the transactions
> between us? 

You don't give us enough information.

Are your attackers looking for known parties?
How secure is your cellular?  Do you operate from a known or a guessable 
location?  Is your "Friend" known?  Suspected?  His location, guessable?  
Known?

If your location were known it would be a simple matter to monitor 
the area, say put a van just outside your site and wait for cellular 
activity of a strength that suggests your presence.  How likely would it 
be that someone else is using a cellular phone in your presence?  Given 
this, it is probably not difficult to obtain the billing/ESN number for 
your phone, and then obtain detailed traffic information about your 
transmissions.  Given that it is a simple matter to conduct a lower tech 
attack, say tempest, and pick up the conversation as you compose it, end 
running the encryption so to speak.  You think in too shallow a fashion.  
Security is about more than communications security.

Even if yours is perfect, how about your friends.  A tempest attack on 
his site while he is using Word for Windows is just as effective as one 
on you.

Modify this tactic to use a phone which uses several different ESN's at 
random or move your location often and at random.

> 
> If I have several encryption programs, can I 'layer' each document [I PGP the
> file, the I DES the PGP file, then IDEA for the final layer.

Worthless given the above attack.

> Does the NSA have to crack it one layer at a time, or can they bombard it,
> crack the layers in whatever order the supercomputer finds?

Again, unimportant given the cheaper low tech solution.

> If I am missing something, please let me know what I have missed.

Been there, did that.

-uni- (Dark)

-- 
073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est
6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa    -    wichtig!




Thread