Field Notes of a Cosmic Anthropologist

"The universe is not only stranger than we imagine, it is stranger than we can imagine." - J. B. S. Haldane


Now featuring: #space shamanism, #sensawunda, #clarkean magix, #the nature of uplift, #deep time, #wide history, #posthuman flight club and #multiverse tv.

Meanwhile, the HKSAR Government has formally written to the US Government requesting clarification on earlier reports about the hacking of computer systems in Hong Kong by US government agencies. The HKSAR Government will continue to follow up on the matter so as to protect the legal rights of the people of Hong Kong.

The ‘brand’ value of groups like GIMF and the al-Mahalem Media Foundation benefit from disseminating these tools. While the tools are less secure than their more popular, mainstream counterparts, actions like blatantly tagging all public keys with ‘#—Begin Al-Ekhlaas Network ASRAR El Moujahedeen V2.0 Public Key 2048 bit—’ and the group branding on the program itself promote the associated al-Qaeda media brands. Despite the fact that using these tools clearly increases the attack surface for these groups through easily identifiable and unique methods, the propaganda value seems to be worth it. In the online jihadist world there are continually competing tiers of forums, release groups, and actors, but less than a handful of encryption programs.

Taking the jihadist point of view, another reason for the development and use of these tools could be heightened mistrust. Anything outside the relatively small ecosystem of online jihadist circles is seen as suspect. Many take the ‘Leviathan’ view of the US and Israel, and continue to apply it towards the cynical views that any Western developed software could contain government backdoors. Even with the popularity of open source security programs, those less technically capable would have a much easier time trusting what’s known to be used by Anwar al-Awlaki, what’s promoted in Inspire, and by prominent jihadist hackers online.

Therefore, factors like attention and mistrust explain the divergence between indicators of technical expertise, like choosing AES finalists, and avoidance, like forgoing PGP or similar programs. These programs are less secure, but allow groups like GIMF to maintain their high profile and feed a confirmation bias of an all-powerful U.S. government. As for now, the programs may arguably protect against ‘backdoors’, but provide easily recognizable data to identify terrorist communications, organizations, and users online.


On May 20, he boarded a flight to Hong Kong, where he has remained ever since. He chose the city because “they have a spirited commitment to free speech and the right of political dissent”, and because he believed that it was one of the few places in the world that both could and would resist the dictates of the US government.

In the three weeks since he arrived, he has been ensconced in a hotel room. “I’ve left the room maybe a total of three times during my entire stay,” he said. It is a plush hotel and, what with eating meals in his room too, he has run up big bills.

He is deeply worried about being spied on. He lines the door of his hotel room with pillows to prevent eavesdropping. He puts a large red hood over his head and laptop when entering his passwords to prevent any hidden cameras from detecting them.

permalink Gmail, now: “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.”

Gmail, now: “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.”


permalink But where do they store ‘em? Is there some virtual warehouse, a la Raiders of the Lost Arc?

But where do they store ‘em? Is there some virtual warehouse, a la Raiders of the Lost Arc?


(via mouthbeef)

His personal computer is monitored by the government, a service for which he pays $29 a month, and he’s prohibited from using an iPhone or Android device, though he can use a BlackBerry — authorities told him the iPhone had too many capabilities.
— Caught in the System, Ex-Hacker Is Stalked by His Past | Threat Level | (via iamdanw)

(Source: Wired, via iamdanw)

Despite the pervasiveness of law enforcement surveillance of digital communication, the FBI still has a difficult time monitoring Gmail, Google Voice, and Dropbox in real time. But that may change soon, because the bureau says it has made gaining more powers to wiretap all forms of Internet conversation and cloud storage a “top priority” this year.

For example, when a Mercedes-Benz driver requests data from the internet, this is processed via an external Daimler back end server. The data then move to the car via a secure virtual private network connection.

Many carmakers now offer customers downloadable apps such as via Toyota Motor’s Touch, Ford’s Sync and Chrysler’s Uconnect systems. However, these tend not to be fully open but rather offer a limited number of secure, approved apps.

Mr Hoheisel, at Bosch, says: “At the moment we don’t have open app stores in the car industry — these are really protected and shielded systems.”

A Ford spokesman says that “the safety, privacy and security of our customers is paramount” and therefore any software updates are “code-signed” and must be recognised as coming from Ford in order to update its Sync system.

Hackers can influence real-time traffic-flow-analysis systems to make people drive into traffic jams or to keep roads clear in areas where a lot of people use Google or Waze navigation systems, a German researcher demonstrated at BlackHat Europe. ‘If, for example, an attacker drives a route and collects the data packets sent to Google, the hacker can replay them later with a modified cookie, platform key and time stamps, Jeske explained in his research paper (PDF). The attack can be intensified by sending several delayed transmissions with different cookies and platform keys, simulating multiple cars, Jeske added. An attacker does not have to drive a route to manipulate data, because Google also accepts data from phones without information from surrounding access points, thus enabling an attacker to influence traffic data worldwide, he added.’ ‘You don’t need special equipment for this and you can manipulate traffic data worldwide,’ Jeske said.