1998-09-09 - Re: Carl Johnson Warrant and Complaint

Header Data

From: Information Security <guy@panix.com>
To: cypherpunks@cyberpass.net
Message Hash: 4b1ffc97d42f756196b6177c88115ef46a84393b1d3060cea6201089ed7ef0b8
Message ID: <199809091550.LAA03183@panix7.panix.com>
Reply To: N/A
UTC Datetime: 1998-09-09 05:11:57 UTC
Raw Date: Wed, 9 Sep 1998 13:11:57 +0800

Raw message

From: Information Security <guy@panix.com>
Date: Wed, 9 Sep 1998 13:11:57 +0800
To: cypherpunks@cyberpass.net
Subject: Re: Carl Johnson Warrant and Complaint
Message-ID: <199809091550.LAA03183@panix7.panix.com>
MIME-Version: 1.0
Content-Type: text/plain



   >   From: Tim May <tcmay@got.net>
   >
   >   As I'd been deleting nearly all of Toto's stuff unread, I missed all the
   >   stuff about (allegedly) threatening to bomb the RCMP.

That's probably true for most of us...it was an unbelievable volume of crap
he sent the list. (as opposed to my crap ;-)

   >   Best to leave rants at the general, protected speech level, and to not get
   >   into specifics of names and working habits of agents.

For example:

   #  Date: Mon, 7 Sep 1998 22:39:01 -0700
   #  To: cypherpunks@cyberpass.net
   #  From: Tim May <tcmay@got.net>
   #  Subject: Tax silliness
   #  
   #  Fox News is reporting that the IRS has said it may seek to
   #  assess "gift taxes" if the guy who recovered Mark McGwire's 61st home
   #  baseball gives the ball back to Mark McGwire.
   #  
   #  Those fuckers in D. C. need to be put out of our misery.

Yeah, much better, Tim. ;-)

But don't start holding rallies and saying it in public in NYC,
or Rudolph Giuliani might have you arrested.

----

http://jya.com/usa-v-cej-wc.htm

>    8. On December 9, 1997, an anonymous message was posted to the
>    Cypherpunks Internet mail group with the subject listed as "Encrypted
>    InterNet DEATH THREAT!!! / ATTN: Ninth District Judges / PASSWORD:
>    sog"[.] The body of the message was encrypted with the publicly
>    available encryption software PGP, and was initially unreadable. Using
>    PGP software and the password shown in the subject line of the
>    message, I was able to decrypt the message, which contained a
>    rambling, five-page statement, including the following:

That would appear to be this post:

   http://www.inet-one.com/cypherpunks/dir.97.12.04-97.12.10/msg00356.html

Entirely unexplained is how one goes from passphrase "sog" (Shit on government?)
to decrypting the PGP message.

What public or private key was used?

>    9. I noted that this message contained a PGP digital signature. From
>    my training and experience, I am aware that this digital signature is
>    used as a way to authenticate digital documents to make sure that they
>    are authored by the purported author and that no one has tampered with
>    them. When I checked the signature using only PGP software, the PGP
>    program was unable to identify it.

What key...?

>    Only July 1, 1998, Royal Canadian
>    Mounted Police (RCMP) Investigator Steve Foster provided me with a PGP
>    "Secret Key Ring" which he stated he had obtained from a computer
>    which Canadian Customs authorities had seized from an individual by
>    the name of CARL EDWARD JOHNSON. [A "secret key ring" is a
>    user-generated code which allows for the encryption (and later
>    authentication) of computer-generated documents.] When I checked the
>    digital signature on the Internet death threat using the PGP software
>    and JOHNSON'S secret key ring, the computer identified the signature
>    as one of the signature keys stored in JOHNSON'S computer. Because
>    both the "private" and "public" portions of the "key" were stored on
>    JOHNSON'S computer, the message can be authenticated as having been
>    generated by the person who possessed this "secret key" and knew the
>    correct password. In other words, only the person possessing the
>    secret key found on JOHNSON'S computer could have generated the "death
>    threat" message.

Sparky got it wrong.

Many people could have the same public/secret key pairs, all they
have to do is give them out.

And you don't authenticate messages with the "secret key" in standard use.

This person seems to have no clue, after months of tracking, how
basic public key encryption software works.

In fact, the key ring could be edited to have a fake secret key
and the public key that works as the digital signature for the
posted message.

More questions: did they get the passphrase for his computer's
PGP secret key? How? And why did RCMP customs seize his computer?

---guy





Thread