1994-09-18 - Re: Possible [Best?] Scenario
Header Data
From: Black Unicorn <unicorn@access.digex.net>
To: nobody@c2.org (Anonymous User)
Message Hash: cf7d4e724858fa727e1d7003ca15a8b15733303ef70e0c355509aed905ce4fb9
Message ID: <199409182345.AA00288@access1.digex.net>
Reply To: <199409171439.HAA13237@zero.c2.org>
UTC Datetime: 1994-09-18 23:46:38 UTC
Raw Date: Sun, 18 Sep 94 16:46:38 PDT
Raw message
From: Black Unicorn <unicorn@access.digex.net>
Date: Sun, 18 Sep 94 16:46:38 PDT
To: nobody@c2.org (Anonymous User)
Subject: Re: Possible [Best?] Scenario
In-Reply-To: <199409171439.HAA13237@zero.c2.org>
Message-ID: <199409182345.AA00288@access1.digex.net>
MIME-Version: 1.0
Content-Type: text/plain
Anonymous User scripsit
>
> Let's say I have a digital cellular phone. I also have Anonymous Remailers,
> PGP, and over 100 BBS numbers (structured for which day and which hour each
> would be used) so that I can contact and talk to my "Friend."
> Please tell me how the LEA's can find me and understand the transactions
> between us?
You don't give us enough information.
Are your attackers looking for known parties?
How secure is your cellular? Do you operate from a known or a guessable
location? Is your "Friend" known? Suspected? His location, guessable?
Known?
If your location were known it would be a simple matter to monitor
the area, say put a van just outside your site and wait for cellular
activity of a strength that suggests your presence. How likely would it
be that someone else is using a cellular phone in your presence? Given
this, it is probably not difficult to obtain the billing/ESN number for
your phone, and then obtain detailed traffic information about your
transmissions. Given that it is a simple matter to conduct a lower tech
attack, say tempest, and pick up the conversation as you compose it, end
running the encryption so to speak. You think in too shallow a fashion.
Security is about more than communications security.
Even if yours is perfect, how about your friends. A tempest attack on
his site while he is using Word for Windows is just as effective as one
on you.
Modify this tactic to use a phone which uses several different ESN's at
random or move your location often and at random.
>
> If I have several encryption programs, can I 'layer' each document [I PGP the
> file, the I DES the PGP file, then IDEA for the final layer.
Worthless given the above attack.
> Does the NSA have to crack it one layer at a time, or can they bombard it,
> crack the layers in whatever order the supercomputer finds?
Again, unimportant given the cheaper low tech solution.
> If I am missing something, please let me know what I have missed.
Been there, did that.
-uni- (Dark)
--
073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est
6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig!
Thread
Return to September 1994
- Return to “Anonymous User <nobody@c2.org>”
Return to “Black Unicorn <unicorn@access.digex.net>”
- 1994-09-17 (Sat, 17 Sep 94 07:41:15 PDT) - Possible [Best?] Scenario - Anonymous User <nobody@c2.org>
- 1994-09-18 (Sun, 18 Sep 94 16:46:38 PDT) - Re: Possible [Best?] Scenario - Black Unicorn <unicorn@access.digex.net>