cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1995-12-06 - Inherent Insecurity of Internet Commerce! (was RE: Secret Clearance)

Header Data

From: Pete Loshin <pete@loshin.com>
To: “cypherpunks@toad.com>
Message Hash: 5fcae9290026f064154e4f7ee8dca8a2db2defb1f9c2903fd72ec6f215f242e0
Message ID: <01BAC3F2.3D4F0240@ploshin.tiac.net>
Reply To: N/A
UTC Datetime: 1995-12-06 20:46:54 UTC
Raw Date: Wed, 6 Dec 95 12:46:54 PST

Raw message

From: Pete Loshin <pete@loshin.com>
Date: Wed, 6 Dec 95 12:46:54 PST
To: "cypherpunks@toad.com>
Subject: Inherent Insecurity of Internet Commerce! (was RE: Secret Clearance)
Message-ID: <01BAC3F2.3D4F0240@ploshin.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


OK, I'll try again. First, as I recall, SECRET clearance 
is actually not very high: when I got it, I had to answer 
a bunch of questions (do you abuse illegal drugs? are 
you now or have you ever been a member of any 
organizations? have you ever been _arrested_ for anything?) 
and fill out some forms and get fingerprinted. They 
probably did a credit check, and that was about it. 
Nobody I knew got any calls asking about my habits 
(that is reserved for higher clearances).

So now I'll rename the thread again: "Inherent Insecurity 
of Internet Commerce" -- <sarcasm>maybe now the NYT 
will feature me on the front page for "discovering" this
inherent flaw in the Internet.</sarcasm>

My purpose in renaming the thread in the first place 
was to start another thread relating to the types of 
security in places like, say, Netscape or Spyglass 
or CyberCash or First Virtual or Interramp or any 
other ISP or software company. Because I want to 
know how susceptible these companies are to hiring 
the wrong people.

So, here's the "bug": if some agency of crime/espionage 
wants to subvert any of these systems, all they need 
do is employ the same blackmail/bribe techniques 
used to recruit actual spies on some employees of 
these companies. They then slip in some hacked 
versions of the software with the good ones, or modify 
distribution servers, or slip code into servers that 
forwards every tenth credit card number somewhere.

Or how about getting a janitor to plug a wireless tap 
into one of the major Internet backbones to sniff for 
cc#s as well as interesting e-mail?

Also, since there's enough noise here already (and 
even I don't see that much crypto-relevance) I won't 
post again on this topic, but I am very interested in 
hearing concrete examples of how Internet companies 
are protecting themselves, and also in hearing about 
specific instances of security failing (e.g., has anyone 
ever found a tap on a backbone?)

-Pete Loshin
 pete@loshin.com

Thread