what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Countermeasures

Countermeasures
Posted Aug 17, 1999

This is a whitepaper about countermeasures.

tags | paper
SHA-256 | 36fe0e8dc12ce485cc6068990770578278d4542695f3973f7cf9c747e625dfcb

Countermeasures

Change Mirror Download
Countermeasures

---------------------------------------------------------------------------
by Thomas Icom

"An ounce of prevention is worth a pound of cure." - Ben Franklin

With the recent crackdown on "computer hackers" and evidence that more
busts are on the way modem users in general have been quite concerned that
by exercising their rights they could have the S.S. knocking on their door
because they called a BB S. This has prompted many telecomputists and
computer bulletin board systems to cease operations for fear of being
raided.

With the recent raids at Steve Jackson Games and Jolnet perhaps these fears
are reasonable. However, if you are committing no wrongdoings you still,
despite the KGB and Gestapo like actions of the Secret Service have the
right to exercise your freedom of information access via electronic media.
There are only three laws relating to the use of modems and BBS systems.
The first two are toll fraud and computer trespass. Toll Fraud is the
avoidance of paying telephone company service charges. Computer trespass is
the unauthorized access of a computer system. When you call a public BBS,
or a private one you are a member of and pay for the call you are not
committing either of these crimes. While they may not like the fact that
you have a computer and modem, they can't touch you. The other law is not
particularly computer related and goes under many different statues, but in
all cases deals with encouraging people to commit illegal acts. This law
applies to "illegal" information on BBS systems.

What is "illegal information"? Well any information which has no
educational or informational purpose that encourages people to commit a
crime. When applied to BBS systems it only includes calling card/long
distance telephone service codes, credit cards, and computer passwords
/login sequences. That's all. Hacking and phreaking information has an
educational purpose in that it teaches people computer security, and shows
dangerous flaws in systems that could be used by someone for nefarious
purposes. As long as no direct encouragement is given to exploit these
flaws the information is not illegal and is thus protected by the First
Amendment: freedom of speech. If you are a BBS owner you can have all the
hacking and phreaking g-files and message bases on your system and they
can't do a thing.

If they do, they open themselves up to a law suit. The prime examples of
this are the Private Sector, OSUNY, and The Central Office BBSes. Private
Sector was raided, but no charges were filed because there were no codes,
passwords, or credit cards on the BBS. OSUNY and Central Office were online
for years and were the subject of many investigations, but no action was
ever put forth against these BBSes as n o illegal information was on them.
The precedent is there. In order to evoke First Amendment protection on
your BBS or newsletter display a clear statement that the information is
for educational purposes only, and that no illegal use is implied or
suggested.

Now of course the Secret Service often violates these laws despite the fact
that in doing so they don't have a legal leg to stand on. They do this on
the basis of a technique which has been used from the Middle Ages, down
through Nazi Germany, up to the various activities of the KGB in the Soviet
Union: Fear and Ignorance. People who are ignorant of the law become afraid
because in being unaware of their rights they don't know what the
government can and more importantly can't do. Due to fear and ignorance
they can operate carte blanche because they know the chance of reprisal by
some irate citizen is very low. Also, once they raid someone they can gain
intelligence on other modem users/"hackers". Once they have the info on the
system, they can give it back. They accomplished what they set out to do.

Fortunately you can fight back, and your efforts will eventually be
rewarded. On many of the busts the S.S. has gotten burned, and it has been
plainly shown to them that they can't continue to operate this way. However
no modem user has yet had the balls to sue those bastards. With the current
state of affairs the charges get dropped due to various improper
procedures, but no specific precedent has been set to make them liable for
their illegal activities. Once they lose in a lawsuit brought against them
by a modem user they screwed over, we'll see some severe restructuring in
that particular branch of the Treasury Department.

The first stage in protecting yourself is to be aware of the laws and your
rights. Knowledge is power, and they are well aware of that. In light of
that they watch themselves when dealing with people who know their rights
because they know t hat those people will have them nailed to a wall if
they slip. Know your rights and be adamant about them.

The second stage is that if you deal in anything even slightly
controversial take precautions to secure the info in your system.
Encryption is a definite must, as well as any other tricks to hide data on
your system and prevent tampering. When encrypting data stay away from DES.
While everyone say it's the best system the NSA has not recertified it, and
the fact that it was developed for the government leads enough credence to
the possibility of there being a back-door in the algorithm. About the best
personal encryption system I've seen out there is the Absolute Computer
Security System scheme by Consumertronics. A good idea is to double encrypt
the data with two different algorithms. From what was shown by the recent
busts in Operation SunDevil the technological expertise of the agents
wasn't too high. To quote Lloyd Blankenship of Steve Jackson games, "They
don't know what subdirectories are." This means that any moderately
sophisticated data hiding technique should stump t hem. I would expect
though they should be getting better as time goes on. What I would do is
use some of the tricks that computer viruses use when hiding data. Marking
off used or "bad" sectors to put your data on, or appending it to ordinary
programs. One of the best things you an do is put your data on floppy
disks, then store them in a container containing a large electromagnet
hooked up a tamper switch. This way if they raid you just give the box a
good push an d everything's wiped. For paper documents use a burn box. This
is a sturdy metal container with an incendiary mixture hooked up to a
tamper switch. When they mess with it, everything is turned to ashes. You
can store data "off-site" where their search warrant doesn't cover . This
can be as simple as burying it in the backyard/under the shed or in a
"friend's" house. Rig up special hidden access programs to your system,
preferably in ROM, so that if your data isn't accessed in a certain way it
gets wiped.

If you want to be real nasty, put some fake "incriminating" data on your
system for them to bite onto. Good suggestions would be random phone
numbers with an extra 4 digits attached or random 16 digit numbers with
fake names. This way it looks like they've found calling cards or credit
cards. Then if they are stupid enough to take you to court, you can explain
where you got them from.

Even if they aren't stupid enough to fall for that trick, you still have
wasted their time. Another idea would be to make a fake database of fellow
hackers. This way they waste time tracking down all those false leads.
These techniques would serve to make fools of these assholes.

Now if you do happen to get raided or put under surveillance there are a
number of things you can do. If you see any "strange activity" outside your
house call the police. If some "strange people" come on your property you
can warn them that it's private property and then have them arrested for
trespassing. You can also go outside and start taking pictures or
videotaping them. That pisses them off but they are generally loath to do
anything because you'll have evidence against them. If they come over to
ask you questions politely refuse and tell them to talk to your lawyer. If
they persist have them arrested for trespassing and harassment. You should
also check their ID. John Williams and I have often run into corporate and
idependent goons who decide to visit you in some sort of attempt to
intimidate you. If their ID looks fake or it's otherwise obvious that
they're not real law enforcement then have all the fun you want with them!
If you receive a phone call, turn o n your tape recorder, refuse to answer
any questions, an give them the name and number of your lawyer. The tape
recorder is important as you'll want evidence of the phone call if their
manner of talking to you on the phone opens them up to legal repercussions.
And always before you pick up, state the date and time on the tape, and
make sure they identify themselves to you.

If government agents come with a warrant call your lawyer, and document
everything. Actions they commit on the search warrant may screw them later,
but you'll need evidence. Videotape them if it's feasible, and if you have
a friend in the press call him/her. Above all invoke your right to remain
silent, and don't help them by opening your mouth. With the recent rash of
Gestapo-style no-knock warrants a modem using friend of mine has started
keeping a .44 Magnum by the door. His explanation is since he's not doing
anything illegal if someone comes crashing through the door he's going to
assume its a burglar or psychotic and protect his property and family until
the police come. We of course don't recommend that you follow his example,
but the choice is yours. After all a law abiding citizen has the right to
defend himself.

After the bust have your lawyer keep on them like a fly to manure.
According to the law a search warrant is supposed to be for gathering
evidence for an indictment. If no indictment is forthcoming (none should be
if you're clean) then demand your property be returned to you. In any event
you should always file suit and seek legal charges against them. Just the
simple act of doing that creates hassles for them.

Before I wrap this up, let me state that I have nothing against law
enforcement people. Most of the police officers out there do a fine job,
and are good people. However, the few rotten apples in this country's law
enforcement infrastructure do a lot to blacken the name of police officers
everywhere. I am also amazed that with all the murderers, rapists, and
child molesters running around lose in this country, our police agencies
are so quick to jump to the whim of some whining, clueless ,
control-addicted corporate bureaucrat; who's probably broken more laws than
the worst hacker ever could, and go after innocent telecomputists. (Why
wasn't Neal Bush arrested?) I would tend to believe that child molesters
should have a higher hunt-down priority then kids with computers; however
sometimes that doesn't seem to be the case.

Driving Tips

Motor vehicles are probably the most common form of transportation used
today. Perhaps this is why most people involved in an operation get busted
while driving. In New York & many other states, your rights are nonexistent
while you're behind the wheel, and you can get pulled over and searched for
any reason. So, to stay out of trouble and avoid any problems that might
result in getting pulled over, I've put together some guidelines that
should help keep you out of trouble while you're on the road.

1. Keep tabs on the local law enforcement agencies. While most cops are
more or less decent and won't bother you as long as your not driving
recklessly, there are a few bad apples who will bother you for whatever
reason. Also, remember that you have no rights on the road. You're fair
game for any reason. Get ahold of a mobile scanner and hide it behind your
dashboard or in a seat. Scanners are illegal to have in vehicles in some
states and much frowned upon in others. Run a remote speaker to a
convenient but hidden spot with a hidden switch to turn it off. This way
they can't see anything that looks suspicious, and you can cut out the
audio quick if you get stopped. Also remember to program in secondary car-
to-car and mobile to base frequencies. This will give you an indication of
law enforcement activity nearby you and allow you to take appropriate
action should your plates get checked all of the sudden.

2. Drive at the proper speed. By that I mean not too fast and not too slow.
Not only can you get pulled over for speeding, but if you drive too slow,
you'll get pulled over for being suspicious.

3. Know your geography. Intimate knowledge of the roads in your area of
operations is essential. This way, you can take alternate routes if there
is an obstruction down the road as well as know what roads not to take so
you don't make an evasive turn into a dead-end street.

4. Stay off well-traveled roads whenever possible. You're less likely to
get stopped on a secondary road.

5. Drive something appropriate looking for your locale. If you drive
something too fancy or too beat-up you will attract more attention to
yourself.

6. Keep anything attention getting out of sight. If you get stopped, and
nothing is visible, then there is less cause for them to search your
vehicle.

7. Obey all the traffic laws. This is common sense, but many people who
were wanted criminals got nailed by a simple traffic infraction stop.

8. If you get pulled over, be polite even you are insulted and harassed.

Also, don't make any sudden moves. Again, common sense, but some stupid
people think that they have to mouth-off when they get pulled over and
given a hard time. They're the ones who usually get busted.

Back to Cybertek Index
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close