Published on the Doomstead Diner on August 7, 2015
Visit the New Diner News Page for Daily Updates from around the Collapse Blogosphere
I over-dubbed the Audio 🙂
Discuss this article at the Guerrilla Internet Free Speech Table inside the Diner
Internet and Computer Security is a concern of all people who use these systems, or at least it should be. It is pretty remarkable that probably 99% of people who use their laptops and cell phones for communication are absolutely clueless about security.
For the most part, all email servers are easy to crack, hell even Hillary Clinton got her personal email cracked and revealed, in her case probably by her own Political Enemies inside Da Goobermint.
Democratic presidential candidate Hillary Clinton deleted nearly 32,000 emails from her private server that she said were ‘private’ and related to her personal life. Photograph: Mathew Sumner/AP
In addition you have a whole lot of others trying to crack into email servers for their own reasons, which sometimes actually are pretty good reasons. Julian Assange and Wikileaks and Edward Snowden all got most of their good information by hacking email servers. I consider those guys to be fucking HEROS. I doubt these guys will be hacking my email or my server, so I am not too worried about them.
On the other side from our own NSA spies are the spies from Mother Russia and from China, not always actually looking for sensitive political information, but just sometimes seeking a backdoor into someone else's server they can use as a proxy for further attacks, and thus maintain their anonymity as well as gain addition computing power for an Attack. A DDoS Attack (Distributed Denial of Service) is accomplished by taking control over numerous accounts and then using them to "swamp" somebody else's server, thus disabling that server from disseminating information to all but a few who may squeak through during the attack.
Denial of Service Attacks
Distributed Denial of Service Attack (DDoS) Definition
A denial of service (DoS) attack is a malicious attempt to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet.
Types of DoS Attacks
The most common type of Denial of Service attack involves flooding the target resource with external communication requests. This overload prevents the resource from responding to legitimate traffic, or slows its response so significantly that it is rendered effectively unavailable.
Resources targeted in a DoS attack can be a specific computer, a port or service on the targeted system, an entire network, a component of a given network any system component. DoS attacks may also target human-system communications (e.g. disabling an alarm or printer), or human-response systems (e.g. disabling an important technician's phone or laptop).
Now, many people think that as long as you are a good, honest, law abiding citizen, you should have nothing to fear from the non-stop invasion of your privacy that can and does happen regularly over the internet. However, do you really want some Network Engineer reading your personal emails to your girlfriend? Do you want the IRS reading about that off the books job you did for a friend fixing his roof?
The more dependent we become on using the internet for communication, the more vulnerable we all become to invasion of privacy by our own Goobermint, by other Goobermints, and by a variety of hackers and spammers with their own agenda.
Is there a way to negotiate around this minefield? Yes, to an extent there is.
Cryptography is an ancient art/science, and has been important in delivering private messages going back to at least to Ancient Egypt:
Cryptography, the use of codes and ciphers to protect secrets, began thousands of years ago. Until recent decades, it has been the story of what might be called classic cryptography — that is, of methods of encryption that use pen and paper, or perhaps simple mechanical aids. In the early 20th century, the invention of complex mechanical and electromechanical machines, such as the Enigma rotor machine, provided more sophisticated and efficient means of encryption; and the subsequent introduction of electronics and computing has allowed elaborate schemes of still greater complexity, most of which are entirely unsuited to pen and paper.
The development of cryptography has been paralleled by the development of cryptanalysis — the "breaking" of codes and ciphers. The discovery and application, early on, of frequency analysis to the reading of encrypted communications has, on occasion, altered the course of history. Thus the Zimmermann Telegram triggered the United States' entry into World War I; and Allied reading of Nazi Germany's ciphers shortened World War II, in some evaluations by as much as two years.
Until the 1970s, secure cryptography was largely the preserve of governments. Two events have since brought it squarely into the public domain: the creation of a public encryption standard (DES), and the invention of public-key cryptography.
As mentioned in the above article, one of the most important weapons the Anglo-Amerikan Empire had that allowed them to defeat the Axis Powers in WWII was the fact they Broke the Code of the Enigma cypher machine, which the Krauts thought was unbreakable. You can thank Alan Turing and early computers for that one.
Alan Mathison Turing, OBE, FRS (//; 23 June 1912 – 7 June 1954) was a British pioneering computer scientist, mathematician, logician, cryptanalyst, philosopher, mathematical biologist, and marathon and ultra distance runner. He was highly influential in the development of computer science, providing a formalisation of the concepts of algorithm and computation with the Turing machine, which can be considered a model of a general purpose computer. Turing is widely considered to be the father of theoretical computer science and artificial intelligence.
During the Second World War, Turing worked for the Government Code and Cypher School (GC&CS) at Bletchley Park, Britain's codebreaking centre. For a time he led Hut 8, the section responsible for German naval cryptanalysis. He devised a number of techniques for breaking German ciphers, including improvements to the pre-war Polish bombe method, an electromechanical machine that could find settings for the Enigma machine. Turing played a pivotal role in cracking intercepted coded messages that enabled the Allies to defeat the Nazis in many crucial engagements, including the Battle of the Atlantic; it has been estimated that this work shortened the war in Europe by as many as two to four years.
Derek Jacobi, a fabulous Brit Shakespearean Actor portrayed Alan Turing on Broadway in "Breaking the Code", and I was fortunate enough to see Derek live in this play with my Illuminati Girlfriend back in the dark ages of my life. LOL. Derek is not as well known as some other Shakespearean actors like Laurence Olivier and Richard Burton, but IMHO he was one of the best, if not the best in the modern era. Here is Derek on film doing his rendition of Alan Turing:
Amongst other things, Derek was simply fabulous with faking a Stutter. He did not really stutter himself, but he could do it whenever he wanted to. Notably, he also portrayed the Roman Emperor Claudius in the multi-part PBS series "I.Claudius" that was very well done.
I digress… Let's get back to the topic here. LOL.
In the years since WWII, obviously computers have developed substantially, and they can be powerful tools to break codes, passwords and so forth. Many people think that these powerful tools are all the province of Big Goobermints and security services, but that is not so.
The reason it is not so is because personal computers themselves are very powerful as encryption devices, and because it is a relatively straightforward mathematical idea on how to do an encryption nowadays, it is possible for any good Code Jockey to set up an encryption that cannot even be broken by a Cray Supercomputer operating full time on the problem for 1000 years or more. The method is Public/Private key encryption, which uses very large Prime Numbers (numbers only divisible by themselves or 1) to function. The only people who can decrypt a message so encrypted are those people who have BOTH the Public and Private Keys necessary to decrypt such a method.
Here on the Diner, since we went through our last episode of having our Server and Sofware hacked bck in June, and a solid month of one catastrophe after another occurring on almost a nightly basis, security has become a major concern. We happen to have a few very expert Code Jockeys among us ( I am not one of them, I am an old school mathematician and cryptography freak, but I do heard the cats here on the Diner ), and a debate ensued on how we could communicate sensitive information like server passwords to one another without getting them hacked.
I first suggested BCTextEncoder, but this got nixed by one of the ultra-paranoid Code Jockeys on the team because we couldn't be sure this encryptor itself was not compromised in its underlying code. Utilizing HTTPS and a security certificate was also suggested, but first off this costs more MONEY, and I already am forking out plenty to run the Diner Server, maintain space on Diner Soundcloud, etc. Besides that, there is no way to know if the NSA, Google or whoever issues out the security certificate doesn't have a back door into this system too. So I was not fond of this idea.
What we finally settled on was GPG4USB , an open source encryptor basically developed by Hackers, for Hackers. If you are a Code Jockey, you can check the code to look for back doors, but really since so many Code Jockeys use it, one can be pretty sure the underlying code is BULLETPROOF. No decent Anonymous Hacker would make the same mistake as Hillary Clinton did, and use a system easily hacked into by the NSA. We do have the advantage that there are plenty of "us" out there in the us vs. them battle, old school cryptography freaks and the latest generation of hackers as well. We do actually have the POWER OF NUMBERS on our side in this battle. There are more of us than there are of them, and generally speaking we are better at it too. That is why no matter how "secure" a Goobermint system is, there is always some Hacker that can crack it. This because no Goobermint system can really be made secure, because too many people with low levels of security knowledge need access to the server and the information. You are only as secure as the lowest level in your security chain, always. Every good hacker knows that principle. If you give many people high level security clearance, if any one of them "goes rogue" like an Edward Snowden, POOF, you are fucked with your security. If you limit your access to only a very few, then you cannot have a system which works for many people, as a large Goobermint system must. This is known as a Wicked Problem.
Fortunately for those of us running security on the Diner, we do not have a large number of people who need access to control systems, and even with the number of people who do need this access, they aren't dummies. We all understand how these systems work, some better than others in terms of the code, but we all know how it works in principle. So it is mainly an issue of sticking to protocol once it is established. TRUST however is essential within such a system, because anyone with the "keys to the bank" can raid it at anytime. Once you let someone in on the system and hand that person the keys, you MUST TRUST that person. Figuring out how and who to trust is not always an easy task.
Why do you need such a system? Well, mostly you don't if you are a fine upstanding tax paying citizen like RE. 🙂
However, if occassionally you do have information like Passwords to your accounts that you need to send over the internet to friends, or even just your Home Address and Telephone Number you don't want anyone but a select few people to know, having the ability to encrypt in such a way that even the NSA cannot break the code becomes a valuable tool. It's a nice little Security Blanket, and a small measure of Freedom in a world that is losing Freedom everywhere at a very rapid pace these days.
Moving into the future, there may be reasons you need to encrypt data that are even more important than keeping your Home Address and Telephone number secret. Now is a good time to begin practicing with data encryption, and exchanging Public Keys with Trusted Friends while the internet still functions.
As an example here, below is Encrypted Information which tells you the exact Date & Time of the oncoming Crash of the S&P 500, the Bottom Price for Gold and the Date and Time that bottom will be hit, as well as what color Panties Kim Kardashian will be wearing when Martial Law is declared in California when the taps run dry in Fresno. Additional important information contained in this message is how much real GOLD is stored in Fort Knox and how much is Tungsten, how many Upperclassmen Ambrose Evans-Pritchard gave blow jobs to at Trinity College, and how many professors Blythe Masters spread her legs for, also at Trinity College of Cambridge University. Further in this message I reveal The Donald's Cell Phone number so you can ridicule him with .txt messages describing the miniscule length and diameter of his Penis. After that, I present evidence of where Obama-sama was REALLY born and documentation of Dick Cheney's meetings with Satan, and what was discussed in those meetings.
I cannot reveal this information to the Public at large, since it will put my life in danger and get me a one way trip to GITMO, and besides that will cause the instantaneous Fast Collapse of Industrial Civilization, and I don't want to shoulder the blame for that for the rest of Eternity.
However, for the Low, Low Price Every Day of $6.66, if you send me your Public Key (you can drop it in the Comments below or on the Diner Forum or in the Contact Form on the Diner Blog), you will be able to decrypt this important information.
—–BEGIN PGP MESSAGE—–
Version: GnuPG v1
—–END PGP MESSAGE—–
I challenge all Hackers, the NSA, Chinese Spammers and World Class Geochemists to decrypt this message. 😀
OK, in all seriousness here again, PRIVACY is an important RIGHT of a Homo Sap. In the creation of that marvelously flawed document of The Constitution, the equally flawed Founding Fathers neglected to incorporate anything about the Internet or Encryption. One can forgive them for not knowing about or forseeing the Internet, but Encryption existed back then, in fact it goes way back further than that, so no excuse for not putting the right to encrypt into the Constitution.