Of course, but there would be similar market validation for being able to hold up a bank without ever being recognized or to be able to steal money from bank accounts anonymously.
That 'market' is called crime, and obviously criminals will be more than happy to fork over money for tools that help them to commit crimes without being arrested. In reality though, that market doesn't exist because if you or I would address that market we'd be hit hard by the authorities, and for good reason.
To be fair, I remember the story of the guy that designed the drug cartel's radio system[1]. And I share your dislike of facilitating bad actors.
That said, having met the "ad tech" industry[2] when doing a search engine I can say there are a large number of people who are perfectly happy to take the money from bad actors with a "perfectly legal" product and reasonable deniability.
But all of these schemes have a certain "addressable market" and an "expected return" which are hard to judge. Putting numbers to the "completely anonymous" phone scam was interesting.
[2] And to be clear, there are legitimate folks trying to do ad tech in legitimate ways, but there is also a lot of fraud in ad tech which involves setting up networks to take money from advertisers and feed it to bad actors.
There are more reasons then committing a crime for wanting anonymity. If I was someone with money like a celebrity I would want this phone. If I was a business with sensitive information I would want this phone. And so on.
Further down the article, when talking about the project history, it notes that the company that inspired An0m, Phantom Secure, ostensibly started selling heavily-locked-down BlackBerry phones for this audience.
They quickly found their primary market was, well... crime.
>If I was someone with money like a celebrity I would want this phone.
I think this part is underestimated by most people. Celebrities are frequently under a microscope and having to live your life while worrying about somebody overhearing it and taking it to the press must be frustrating. Everyone has bad moments in their lives, but at least for most of us these won't be dragged up and published to the world. A device like this could help alleviate that fear a little bit.
Free to the makers of the device though, it's not like they were charging the manufacturers for paid promotions like an Instagram influencer would - they recommended this device to their associates because they thought this would help them coordinate their activities more efficiently whilst reducing their personal risk.
You can also search comments; many of the headlines, as in this case, don't mention any of the keywords used here, and I turned up most of the articles based on comment search.
I'd recalled the investigation sufficiently to know that it had been mentioned, and what search terms were likely to turn it up.
It provides the rudiments of it. I think the sweet spot will be adding support for community curation, the way dredmorbius did above. We were just talking about this here: https://news.ycombinator.com/item?id=28613646.
The striking thing is that criminal enterprise relies on software as much as any other legitimate business. The adage "software is eating the world" comes to mind. It's probably the case that more technically adept criminals will roll their own tech and out manoeuvre rival criminals and law enforcement. Considering the sums of money discussed in the article it's not inconceivable for criminal organisations to start creating their own dev teams.
one fun factoid in favor of your argument is that Latin American drug cartels have been known to build their own submarines for drug smuggling.
however, most known criminal dev teams are hacker groups in Russia who either operate as part of official espionage activities, or are allowed to operate as long as their victims aren't Russian.
all that being said, though, this "criminal software" idea probably isn't as true as you think. criminal enterprises are inherently risky, and there's so much money to be made in software that anybody good enough to do well in a criminal enterprise could do well normally.
(unless we count normal companies which get away with breaking the law in the course of normal business as criminal organizations — e.g., Amazon and Tesla for union-busting — in which case, there are probably a lot of people reading this who technically belong to criminal organizations, although some percentage of them would intend otherwise.)
The best solutions are to go low tech. Enforcement models and staffing is reliant on electronic technology. Many enforcement organizations are poorly equipted to handle well implemented physical systems.
Solitaire is very broken as an encryption scheme. You should not use it for communication that requires more than LARP security. If you need to encrypt a message manually, LC4 is a better algorithm, but still not acceptable for real world use. The good old one time pad may be most effective.
I don't remember reading it was broken per say, just that there are some issues, and weak keys. The only work I know of analyzing Solitare is [0]. And they propose some fixes to make it more resilient. OTP is by far the easiest and most reliable pencil and paper crypto algorithm though.
That’s one case. It doesn’t apply to all criminal organizations. The cartels in Mexico are sophisticated enough to build their own cell networks [1] to evade wiretapping. Why couldn’t they also recruit engineers to build their own crypto and secure protocols?
that's not a cellphone network that's a VHF/UHF radio repeater network. basically same idea as ham radio hilltop repeater stuff in the US, but built for private purposes, and using COTS radios capable of basic encryption.
there are also cheap vhf/uhf handheld radios from china which integrate a basic 2G GSM radio, SIM card slot, and can talk to common euro/asian 3GPP radio bands.
> There, since 2018, the Telecommunications and Other Legislation Amendment (Tola) has allowed government agencies to compel telecommunications providers to allow authorities to intercept criminal messages – powers that are not yet available to police elsewhere in the world.
That "yet" is terrifying. If you thought the PATRIOT Act was an overstep, you need to read TOLA. This is the revival of the crypto wars. Good write up on it here [1]
I don’t understand how it is legal to eavesdrop without a warrant, even if you are target bad-faith actors and have probable cause - that’s how you get warrants in the first place.
Furthermore, everyone on this thread is talking about more secure communication. But my mind always goes to assuming every communication channel is compromised by default, and then flooding it with many, many false messages and wasting adversary resources chasing them.
I recall reading a while back that judges were signing off on surveillance warrants based on messages using any sort of encryption (like https), because obviously anyone encrypting a message is up to no-good. /s ;)
> based on messages using any sort of encryption (like https)
I hope you're strongly /s, because if HTTPS being used as transport is enough to rubber-stamp a warrant, then this is in practice a blanket agreement to surveil all communications on the Internet.
Most approvals are basically rubber stamps. Judges usually just believe whatever law enforcement tells them. Most of the time they spend no time digging into it. Just my experience.
Most states have their own mini secret police now. These Bureau of "Intelligence" agencies do not have much oversight. Often to the agents and leadership, their cultural and political views are more important than the law itself.
I don't think we need to defund the police but they need more oversight based on certain experiences and things I've read about over the years.
The same thing happened when the Soviet Union was going through its slow collapse. KGB type agencies became more and more powerful and the average citizens suffered as a result. Many of their methods have now made it here with things like psychological torture and using the mental health system to practice punitive psychiatry.
One silver lining to having a stasi-esque surveillance state is that it watches everyone, even the crooked cops involved in a conspiracy. Unfortunately, the public in the U.S. seems to be fully onboard as we continue our descent into a fascist state.
Now invoke consumer protections acts against both agencies for fraudulent advertising, and wiretapping the 93% of communication not related to criminal activities.
If they used a user agreement similar to most in the industry (we make the rules and can change them at any time without notice), then it's probably all legal. Sadly.
For a lot more info on phantom secure, just google "phantom secure vancouver". Vancouver has become well known internationally as a place to launder money through the real estate and casino industry.
> Every single message sent on the app since its launch in 2018 – 19.37m of them – had been collected, and many of them read by the Australian federal police (AFP) who, together with the FBI, had conceived, built, marketed and sold the devices.
I wonder how many crypto currency tumblers are actually run by law enforcement?
That and VPN services. Cheap and easy to deploy and run, are mostly marketed towards people who want to hide their online activity. Not saying all VPN providers are like this or that there aren't legitimate reasons to use them, just saying that they'd make a good honeypot.
If you do roll your own and you’re not a high value target (aka there aren’t a lot of assets they can seize or are a notorious criminal) nobody is going to take the time to bust open your homegrown setup. Security by obscurity is powerful. There is a reason why Wordpress sites get hacked a lot: the exploit has a lot of leverage with 1/4 to 1/3 of the public web using it.
Why not both? Encrypt your message with your home grown encryption, then send it through standard TLS. Both would have to fail for the message to be revealed.
Sometimes when I'm wearing my tinfoil hat I wonder if the advice to avoid rolling your own crypto is a conspiracy. The powers that be want to maintain their backdoors, maybe? Probably not. Of course, it's definitely true that there are more attack vectors out there than an amateur can be aware of.
I also wonder why there's such a pushback against one-time-pads. The common critiques don't seem to be any greater of a risk than the holes we've already encountered (e.g. heartbleed).
I think I remember a scifi story that mentioned some character who worked in the one-time-pad shipping business. I guess a spacecraft full of data storage can hold enough random data to last for a long time.
Seems like we should at least come up with a proper protocol for it, so we can at least get started with something that's broadly compatible.
Unless you’re using a true random number generator that works on a mechanical/electrical process a lot of encryption algorithms are various ways of creating a one-time pad. And they save a lot on space which used to be precious. With a single key much smaller than a megabyte I can encrypt essentially endlessly where for the normal OTP process I need as much random data as there is data to be encrypted which gets unwieldy extremely quickly even with cheap storage.
> Unless you’re using a true random number generator that works on a mechanical/electrical process…
…you're not using a one-time pad. OTP requires the pad to be truly random: at least one bit of unique, never-used-elsewhere entropy for every bit in the message. Merely XORing some plaintext with a pseudo-random stream based on a smaller seed, which as you say is the basis for various other encryption algorithms, is not a one-time pad.
The real problem with OTP is key distribution: You need to share pads with everyone you might want to communicate with, one pad per sender/receiver pair, and those pads need to be at least as large as all the message you'll eventually want to exchange. There is no OTP equivalent to public-key cryptography where you only need one private/public keypair per recipient.
Which is why it seems like there should at least be an RFC for OTP communication - if there's a small group that wants to communicate securely together, it may be worth their time and effort to share that pad securely. Right now, there's no official standard for that.
That's what I was saying a true OTP is a cumbersome version of stream cyphers that trades some improvement in security for a huge increase in fragility and difficulty of use and distribution.
The OTP algorithm can be seen as a form of stream cipher (where the key is the stream), but what you actually said was "a lot of encryption algorithms are various ways of creating a one-time pad". This is false since a one-time pad must be truly random and the stream produced by the other algorithms is only pseudo-random; you can't "create" a one-time pad using a pseudo-random number generator. This is a qualitative difference in security because a pseudo-random stream is subject to brute-force searches to locate the seed which decodes the ciphertext to a meaningful message (the number of possible seeds is much smaller than the number of possible messages, so you can generally determine when you've found the right key) whereas with a properly implemented OTP for any message of size equal to or smaller than the ciphertext there exists a key which will decode the ciphertext into that message (possibly with some padding), so brute-force search is impossible.
I wouldn't call OTP "fragile" or "hard to use", but you're correct about the key distribution difficulties.
Unless that was a preshared key, you're not talking about a one time pad. One time pads are inherently symmetric. If you're comparing symmetric to assymmetric crypto systems, you might as well just say that 'if my grandmother had wheels, she'd be a bicycle'.
Is there a pushback against one-time-pads? I thought they are the perfect, unbreakable encryption scheme - just that they come with extreme logistical problems.
> I think I remember a scifi story that mentioned some character who worked in the one-time-pad shipping business.
One time pads punt on the real problems of key distribution and framing (eg a stream cipher uses a "one time pad" as a building block) and also don't provide all of the qualities we expect from modern cryptographic systems (eg message integrity).
I think that this isn't strictly true. If you naïvely apply bad encryption before good you may weaken the entire system. For a silly example, imagine your "homegrown" crypto adds a publicly known plaintext to the start of the cyphertext. I think this is discussed in Schneier's textbook.
> If you naïvely apply bad encryption before good you may weaken the entire system
The strength of the system can be viewed from multiple angles. From a practical angle, applying one kind of commercial encryption on top of another type of commercial encryption turns it into a technically weaker, but unique cryptosystem. And uniqueness has value if you're just a single fish in a big pond.
For instance, if one single An0m customer had applied a caesar cypher to their communications, the cops might have skipped over him due to the unknown cost of putting dedicated crypto effort into one person in a massive dragnet.
So? https it adds a publicly known header at beginning of any connection anyway and I don't see public key encryption being cracked anyway. Or blockchains do that too, are wallets being emptied by the ones that don't have the private key?
And since you mentioned Schneier textbook, he also said that a good safe is the one that you give to your adversaries with the blue print of how it's made and still is uncracked, not the one that you dump in the middle of the ocean and ask your adversaries to crack it (security through obscurity).
PGP is still uncracked, if I'd become a criminal then public PGP with at least 8k bits key would be my choice.
> PGP is still uncracked, if I'd become a criminal then public PGP with at least 8k bits key would be my choice.
It's not PGP that is uncracked, PGP is a set of tools built on top of RSA. RSA is still secure (other than brute force factoring) with appropriately sized keys.
The biggest problem with PGP isn't PGP itself, it's your opsec approach to everything else. Example... after decrypting a PGP payload - did you save it to disk unencrypted? Did the recipients to your messages save it unencrypted? Are any machines infected with keyloggers? PGP is a great tool, but still requires good opsec overall.
You're technically right, but it's practically true for good algorithms. Yes, if you apply a rot(-13) before your rot(13) "encryption" it's going to make it worse.
I think that if we are going to be concerned about multiple layers of encryption, as you say, then we should be equally concerned with things such as what encoding we use to send text with, or whether we use gzip or bzip. It would suck having to worry about all that; good encryption algorithms work regardless of how their plaintext is encoded, and home grown encryption is just another form of encoding.
It's definitely a dilemma. I guess the sweet spot would be security systems that are well understood in house but built on existing, well understood and studied standards and theory.
A starting point might be to use battle-tested open source systems but subject them to detailed in-house analysis and audit.
I always took this as "you're not a domain expert so you'll get it wrong", with the implied corollary that if you actually _are_ a domain expert, then you know what you're doing. IOW, hire bonafide domain experts rather than trying to cheap out.
Oh, indeed, unless you're DJB, never roll your own. I mean you should understand what you're doing and why you're doing it, not leave it up to someone else to make decisions for you. Not that you should re-invent the wheel. :-)
Do not rely on technical means to solve an administrative problems. Vito Corleone didn't have messenger apps, email or ERP systems, but his enterprise ran like like a clock. So should yours.
1. That's it, if you don't use phones for your criminal activities, most modern technological surveillance techniques will not be effective against you.
2. There were a lot of non-fictional organizations that ran just fine without any modern means. Genghis Khan conquered a lot of countries without relying on radio for communications or satellites for reconnaissance. Using a WhatsApp-like chat apps to communicate about criminal activities is very convenient, but opens a new vector of attack against you.
One time pads are really inconvenient and hard to get right. That's why they are almost never used in practice, despite being theoretically perfect.
First, you need to generate large amounts of unbiased, true random data. If it is not true randomness, you have a stream cypher, and if you "rolled your own", probably not a good one.
They you have to store the one-time pad. It is usually too big to memorize. You have to store in on a device like a USB stick or a book, and guard it well.
Then, you have to share the secret, and for that you need a secure channel and that shouldn't rely on encryption, because it would miss the point. Essentially, you need to meet in person, in a secure location.
Then, you need to make sure that the one-time pad really is one-time. It should be securely destroyed after each use, preferably on both ends.
IF you want to send arbitrary data. Usually people don't need that.
For something like coke smuggling you just need to know its on the way, get ready. So the OTP could be something as lame as "if you get a phone call from some rando who says 'Taste the Feeling'" then the next boat is full of coke, or if not, then the next boat is not full of coke". Actually terrible idea as taste the feeling was a coke company slogan a couple years back, but you get the general idea.
Most criminal activity involves communicating arbitrary data. Communicating that a drug boat is coming across a border is a tiny fraction of the communication in a criminal organization. In the scenario you described, planning out the communication protocol itself is an example of communicating arbitrary data... That needs to happen, at every physical hand-off point.
I had recently finished reading both books by Robert Mason, who started out flying helicopters for the Army in Vietnam and ended up smuggling literal tons of weed and got caught and did federal time. Pretty interesting autobiography. Anyway my comments fit pretty well with his description contained in his second book.
Mr Mason got caught by bad luck. There will always be small timers who do things small timer style who get caught by being verbose and oversharing, and to catch those we'll have "encrypted" smartphones.
You generally need more information flow than that to successfully coordinate a big logistics move like this though which is where you need arbitrary messages.
In this situation that would leave you open to network analysis and location analysis, even if no payloads were decryptable.
Using enough data warehousing and artificial intelligence, eventually some algorithm would notice that every time some dude gets a phone call, next month the same boat gets a bill for servicing its water intakes, and a month later coke supply increases in .au decreasing the price. Might take a few times, but someone's getting caught.
The best part is if they go in shooting on a warrant and kill some random completely uninvolved people, it was all an algorithm's fault and nobody is to blame and I guess we just need more police involvement and surveillance to prevent future tragedies.
If you have a way to security distribute one time pads you don't actually need one time pads as you have a way to security distribute the messages as the one time pads are higher than the size of the messages you are distributing.
- It was specifically marketed to criminal entities. That is, it sharply reduced the search space. In a 33 bit world, An0m is 14 bits.
- It was specifically back-doored.
"Roll your own" avoids the 2nd case but not the first. By definition, rolling your own already reduces search space to the domain of interest. (Other means of evidence gathering may be needed, but should be reasonably viablle.)
Instead, what you want is:
- Blend in with the crowd.
- Utilise widely-shared communications protocols, implementations, and tools.
- Ensure that these have secure cryptographic methods and implementations.
- Audit the hell out of these and offer bounties for any vulnerabilities which can be demonstrated.
If at all possible, see to it that widely-used, generally-available communications tools themselves offer secure cryptographic methods and implemntations. And school your minions in their proper and effective use and limits.
> - Audit the hell out of these and offer bounties for any vulnerabilities which can be demonstrated.
The NSA backdoors will be pretty hard to find if they are there - It's not like you are going to see something like "If User == "NSA" Then Divulge_Key()". The backdoor is going to be something like a very subtle bug with how a particular crypto library is implemented, or some obscure buffer oveflow attack, and it probably won't even be discernible from an accidental bug.
In reality I doubt there is any way to know if the NSA can eavesdrop, it's a complete coin toss.
AFAIU most of the NSA's capabilities come through workfactor-reduction values --- seed values to cryptographic functions which reduce the time to crack a given message (if the secret seeds are known).
Avoiding NIST-recommended ciphers seems to be generally-advisable in this case.
There are other backdoors (see the case of Juniper Networks), but there's probably an enumerable set of pracices.
One helpful option is to use Free Software tools in which single actors are ulikely to be able to subvert the tool, and many have an interest in its integrity.
> Either because of a lack of technical knowhow, or fear for his safety, Ramos refused, and pleaded guilty to running a criminal enterprise, a charge for which he was sentenced to nine years in prison
Wait a second, why would he have to go to prison? If all he did was selling phones, what charges could there possibly be?
I'm also missing a third option that he refused to cooperate "for idiological reasons".
If you knowingly work with and for criminals congrats you're committing a crime too basically anywhere. A LocalBitcoins guy I knew briefly got charged (on top of the usual illegal money tranmission charges) a bit back for selling coins to an undercover after they implied the money came from selling cocaine.
But how would he have known? It's not like criminals are "Uh hey yeah we're going to use your phone in our murder preparations kthxbye". The mere thought "Hm that guys look a bit sketchy" isn't enough to be thrown into jail, is it?
This just goes to show that you can't trust any messaging app or phone to be "secure".
Imagine if there was a small handheld device that you could type messages into (along with a secret phrase or a private key), and it would spit out a string of encrypted text that could be entered into ANY messaging app (or even published publicly on a billboard if you wanted). You could even encode the encrypted text as a scannable QR code if you wanted.
On the receiving side of things, the decrypter device could have a camera that could read QR codes (or maybe OCR an encrypted string of text). The most basic solution would be to type the entire encrypted string of text into the box and then enter the secret pass phrase or key to decrypt it.
The point, however, is that the encryption and decryption HAVE to be done on a separate hardware device that is air-gapped and does NOT have internet access in any way.
If we're being paranoid that separate device could also be compromised so that the messages could be decrypted with another key other than the main key(s) used by either party.
FBI? I though FBI was supposed to only work on US soil? And were they listening to any messages from American citizens? Because that works appear to be unconstitutional.
Sounds like the FBI sold the phones and the Aussies did the reading. It's the same trick that was revealed a decade ago, US agencies can't read American messages but foreign agencies can so they share info on anything interesting the other partners couldn't legally find out themselves.
> Every single message sent on the app since its launch in 2018 – 19.37m of them – had been collected, and many of them read by the Australian federal police (AFP) who, together with the FBI, had conceived, built, marketed and sold the devices
Interesting thing about intercepting messages which are encrypted using modern encryption protocols like OTR is deniability. If a police installs MitM on a server, it can't cryptographically prove that messages were originating from criminals, not written themselves.
That's an interesting thought, but I doubt it matters much in practice. I mean, we don't refuse to admit into evidence a ransom note just because the criminal didn't get it notarized. And that's all that SSL is doing, is acting as that notary. The jury can still decide that they think other evidence pointing to the message's origin is sufficient proof.
True but it can be shown to be plausibly written by the defendant if there's no reasonable way the police could have known details without the message being intercepted.
For example:
"Hey Bill, I'm going to steal the car at 123 Anywhere Street on Thursday at 2 am."
Police then put a camera at 123 Anywhere St., and a reasonable juror would likely conclude there are two lines of legitimate evidence.
And there's parallel construction to avoid mentioning the wiretap at all. Cop calls the station from a burner phone and pretends to be an anonymous tipster..."Hey someone is stealing a car at 123 Anywhere..."
If they have video of a car theft (or any other crime), they don't need to mention the intercepted message. There the defendant is, stealing the car, on video. That's illegal. It is only when they need to prove marginal stuff like conspiracy that intercepts would matter.
Yeah it is well known that all you have to do is claim that the police forged the evidence and then that evidence is immediately thrown out. If the police don't have hard cryptographic evidence than they are just out of luck.
It would be interesting to see what would happen if anyone ever tried the deniability defence in court:
"Ha Ha. You can't link those messages to my public key. They could of been forged."
"We can't for sure link your identity to your public key in the first place. Why should we care about any of this?"
There is nobody in the world easier to fool than a technically illiterate person with vague and malformed ideas about privacy and security. Once you've got them all worked up over illusory threats you can sell them any snake oil you want.
Unlocking the phone with a normal PIN code shows some normal apps like Tinder,
Netflix, and Facebook, but none of the apps actually open when you tap their
icon. However, unlocking the Pixel phone with a different PIN code reveals icons
for a clock app, a calculator app, and the device’s settings. Tapping the
calculator icon doesn’t actually open a calculator app, however. Instead, it
opens a login screen for the ANOM service
What percentage of HN's population would find this convincing? What's interesting here is that any one of us could have pointed out the absurdity of this, but black markets don't have a way to propagate such information it seems.
Every time I read about police investigation techniques that justify the use of mass-surveillance, deception, and entrapment, I grow closer to fully rejecting the legitimacy of criminal law and criminal justice.
The less legitimacy I assign to criminal law and criminal justice, the more infuriating it is that the budgets of law enforcement agencies grow ever more inflated to do ridiculous schemes like this to enforce ridiculous laws against things like drugs or voluntary sex work, and that this cost is seen as more necessary and inevitable by our governments than alleviating poverty or providing essential services like healthcare
Yup. They can become aggressive and bad-tempered. So can smackheads. So can alcoholics. Hell, some people are aggressive and bad-tempered without the help of any drugs at all.
Solution: avoid hanging around with bad-tempered people.
Alternative solution: launch an unwinnable global war on drugs.
Don't care for drugs or sex work, for all I care they should be legal. What is horrifying to me is the amount of violence / abuse amounting not only to slavery and trafficking but also the murders of the innocent these people commit. Should they be left unchecked, to flourish? Look at countries where criminal activity has gone up severely, thinking of drug cartels in Mexico for one (or other places) where normal people can no longer feel safe even if they want nothing to do with this underworld.
To be frank, I think the most parsimonious theory for why these trades involve so much violence is because we've made them black markets and forced the entities that successfully operate in those trades to be equipped to contend with increasingly military-like police forces, as well as incentivized to be secretive in their dealings, removing the reputational and regulatory pressures that many other industries are subject to, and giving them reason to harm people more often
But even if criminalization isn't creating these problems, it certainly is doing nothing to solve them, and making it harder for anyone who's found themselves involved in these activities to seek out help from more above-board sources (Including the police themselves, but also for example medical practitioners, who might report them to the police)
And of course this all leaves aside the philosophical objection I have to hunting people down and putting them in cages, not because they've harmed people, but because we think maybe something else they're doing is associated with that harmful behavior in many instances. This is just not something I can get behind
But at the end of the day, all of this pales in comparison to the systemic consequences of creating a powerful police state that has license to surveil and invade people's homes, confiscate their property, or even gun them down because of suspicion about contraband. This social cost is more than I would pay for murder investigations, let alone controlling what substances people can ingest or what motivations they have for their sex lives
> equipped to contend with increasingly military-like police forces
The real reason drug dealers tool-up isn't to deal with cops; it's to deal with robbers. Dealers hold stock and cash, and if those are stolen, there's not much the dealer can do - he certainly can't report the robbery to the police.
So as a few people have noted above, decriminalisation would result in a significant reduction in both violence and firearms offences.
These operations require justification. Wouldn't be surprised to find most of the supposed drugs to come from the same people who supposedly found them.
That's fine but you'll eventually have undercovers (or less discrete criminals) who'll lets 'slip' that they're using your phones to do crimes at which point if you don't refuse to sell to them you're a criminal too in most of the world.
One of the earlier items posted on this investigation highlights what's an increasing concern of mine as regards the investigation: That the methods used are illegal in the US by virtue of the 4th Amendment protections on search and privacy:
FBI agents were not allowed to download or read any messages sent from AN0M accounts in the United States because of privacy laws. President of the NSW Council of Civil Liberties Pauline Wright said the US had "pretty strict protections around human rights and privacy" which Australia did not have. "It illustrates that Australia is an outlier in terms of protections for human rights and civil liberties," she said.
That's a ratio of about 7% arrests --- which means that for every 15 persons whose every communication was monitored for a year and a half, sufficient evidence to make an arrest could not be found for 14 of them. And that the investigation would have included all of Xheir furXher conXacXs as well. Xhis in a world where six degrees separates any two people.
I'm not sure these 11,200 or so people are pure as the driven snow, but they did give up their privacy rights under a general warrant, but not under direct suspicion according o he reports I've seen. And he legality has been questioned:
I suspect a fair argument could be made that the FBI exceeded its legal authority in this operation and that the operation itself was illegal.
That there have been no US arrests officially linked to the operaiton isn't a guarantee that none will occur, though those might well occur under "parallel construction" or similar pracXices, where inadmissable evidence is used as the pretext to obtain evidence that can stand in US courts. The very fact that the FBI were active participants in An0m / Operation Trojan Shield / Operation Ironside taints any investigations for years going forward.
The other tradecraft lessons are that:
- Only cryptographic methods secure enough to be of interest to criminals are sufficient for the rest of us.
- Whether a criminal or simply on watchlists for other reasons, those who need cryptography are best served where their use of it doesn't significantly highlight them from the rest of the population.
It's that second factor which both makes tools such as An0m so inherently risky to the privacy-conscious, and which explains the 30-year-long concerted an unyielding press by world governments to keep effective cryptography out of the general public's hands by preventing its being built into generally-used tools. Even strong crypto, if sufficently rarely used, becomes just another metadata point in identifying subjects of interest
Gee, what if there was an industry standard simple to implement cryptographic messaging protocol (unlike PGP).
That is to say, there is never a good solution to this basic problem which should have been solved 30 years ago, on top of having to convince your mob boss on what to use.
It is a fascinating case, but apart from the technical aspect of it.. how is that not entrapment? FBI effectively created a tool explicitly designed for criminal element and 'marketed' as such.
I would ask about legality, but I am worried its in a very, very grey area.
I am most certainly not a lawyer, but from what i've read entrapment is pretty narrowly defined in America. There's a ton of stuff that many people would view as entrapment that the courts wouldn't consider to be entrapment.
This is one instance though where even from a layperson definition I'm really not sure how this could possibly be interpreted as entrapment.
"The key aspect of entrapment is this: Government agents do not entrap defendants simply by offering them an opportunity to commit a crime. Judges expect people to resist any ordinary temptation to violate the law. An entrapment defense arises when government agents resort to repugnant behavior such as the use of threats, harassment, fraud, or even flattery to induce defendants to commit crimes."[1]
[1] https://www.nolo.com/legal-encyclopedia/entrapment-basics-33...
This isn't entrapment. Entrapment is when the government forces you to commit a crime not when the government provides all the tools required to commit a crime without any coercion. Unless you can show you were pressured/forced to do the crime by the government it's assumed you would have done it the same if the situation arose without the government being the other party, because you already did and presumably you didn't know they were cops.
I mean they had 10,000 users and 800 arrests. That's an 8% criminality rate, it seems like they didn't entrap anyone who wasn't committing crimes anyway. Entrapment is about trapping people in a situation where committing crimes is the best option available. Selling people a secure phone does not do that.
Each time I read about this I'm a bit underwhelmed by the number of arrests. Tens of thousands of users, presumably almost all of them criminals, and only 600 arrests? That's a very leaky sieve.
> The rain pattered lightly on the harbour of the Belgian port city of Ghent when, on 21 June 2021, a team of professional divers slipped below the surface into the emerald murk. The Brazilian tanker, heavy with fruit juice bound for Austra—
No. Stop. This is not how you report news. This is a failed fiction author’s blog post.
When I read a news story, I want the facts, not a goddamned noir piece. Give me the facts, and I’ll respond to your plea for funding. I have a recurring donation to Wikimedia because they do this properly. If I wanted to pay for pretty narrative, I’d buy your ebook or subscribe to your LiveJournal or whatever.
This is a long feature piece. It's journalism. If you want the simple facts, the story has been reported plenty of other places. You can get the CliffsNotes on Twitter.
The style you are calling «journalism», others call "entertainment". The article does provide information, but the idea implied in the opening, of "bringing you somewhere" (as if fiction), clashes with the supposed intention of inform and comment (the «lightly pattering rain» is irrelevant to the story). If a journal is intended for recording idle remarks, its purpose may be artistic, if for annotations, informative, if for reasoning, analytical: the three can find an organic balance in a journal, finding a thread in the person of the writer. But the idle remarks are not required in the loci for information and analysis, where they are dissonant. Similarly, the "imagery" used as introduction clashes with the piece and looks like clumsy obedience to some weakly grounded convention.
That kind of imagery is not necessary in long feature pieces and journalism. And it mixes up registers with doubtful purpose and effect ("are we reasoning or are we feeling, imagining dreaming...?").
> Chiba (千葉市, Chiba-shi, Japanese: [tɕiꜜba]) is the capital city of Chiba Prefecture, Japan. It sits about 40 kilometres (25 mi) East of the centre of Tokyo on Tokyo Bay.[1] The city became a government-designated city in 1992. In June 2019, its population was 979,768, with a population density of 3,605 people per km2. The city has an area of 271.77 square kilometres (104.93 sq mi).
The sky above the port was the color of television, tuned to a dead channel.
"It's not like I'm using", Case heard someone say, as he shouldered his way through the crowd around the door of the Chat. "It's like my body's developed this massive drug deficiency". It was a Sprawl voice and a Sprawl joke. The Chatsubo was a bar for professional expatriates; you could drink there for a week and never hear two words in Japanese. [...]
If I could find them, maybe. The ones worth reading mostly link to…longer pieces. The Guardian has plenty of other stories that follow the inverted pyramid, and they serve as a gatekeeper for filtering out the rest of Twitter.
Point me towards a “simple facts” version, and I’ll submit that link instead. This is the first I have heard of it, and I want to know more, but I do not want to read a spy novel to get the primary info.
> Now that the workings have been revealed, An0m is a trick that could surely never be repeated in the world of organised crime. The revelations will push criminals away from technology, even if it makes their work more laborious and slow-moving.
I can imagine future organized crime information flows more closely resembling what was depicted in John Wick: a lot of secretaries and file clerks pushing paper around, using old mechanical adding machines and typewriters; if they do touch a computer, it's a VIC-20 or similarly ancient, internet-incapable device.
That sounds like it would be a big win for law enforcement. If you can force your opponent to avoid some modern ways to communicate, you can put a big dent in their efficiency.
It's possible that paranoia might lead to criminals avoiding even technology that they could be using safely, further slowing them down.
An old fashioned system also seems like it would require more people, opening up more opportunities for human intelligence operations targeting the network.
Properly installed (F-Droid) on off-the-shelf phones with fresh prepaid sims and OS updates disabled, it can be considered secure software against all but the most sophisticated adversaries.
Then, simply verify the handshake key for your contacts, and you can be sure there is no man in the middle attack. Rotate phone+sim every 2 months, while keeping the same "outside" number, say, a landline you control.
There are attacks against this too, but they are very noisy (modify all Signal binaries delivered to a certain area) or typically exceed the technical capabilities of run-of-the-mill agencies (exploit an OS zero day).
The easier way to attack this is by instituting a know your customer law for phone systems including prepaid SIMs, combined with accomplice charges for anyone who's SIM is used in connection with criminal acts.
People are too free with their phones. Just walk into a bar and say you're too drunk to drive and could the bartender call my wife to pick me up? Not knowing its actually picking up $60M worth of coke instead of picking up me.
Or pull off to the side of the road, walk in well dressed, wave a dead iphone in front of them, ask the receptionist "hey my car broke down and my battery is dead, could you call this number and tell them my car broke down?" Or bonus points if the cops arrive because you're blocking traffic, ask the cop to call on their phone.
(edited I got the best idea that most anyone would fall for: Slip a kid $20 to ask an adult to call his mommie because he got lost...)
This is all well and good for communicating a single, pre-planned operation, but you're going to need to communicate a lot more in order to actually do all that pre-planning for it.
And how would you address the issue of people being good sams --- making calls on behalf of someone else when they ask, in good faith.
See for example RMS:
When I need to call someone, I ask someone nearby to let me make a call. If I use someone else's cell phone, that doesn't give Big Brother any information about me.
> What specifically in this comment would you penalise?
One comment up from that I said:
> The easier way to attack this is by instituting a know your customer law for phone systems including prepaid SIMs, combined with accomplice charges for anyone who's SIM is used in connection with criminal acts.
~~~~~~~~~~~~~~~~
> And how would you address the issue of people being good sams --- making calls on behalf of someone else when they ask, in good faith.
Prosecutorial discretion.
And to be clear I'm not pushing for these laws; I think they're awful. I just see it as a clear direction that .gov is going to go if they feel the need to that's easier than maintaining zero days for general law enforcement. The ability to actually tie phones to personal identity in a way good enough for a court room.
> Penalisation under a "KYC" law would have to be extreme.
Yep. It would have to be enacted in the kind of furvor like existed around 9/11. But, the PATRIOT act had been floating around DC for years before 9/11 too.
> And I suspect there'd be all kinds of challenges to such a requirement.
> Again, the Good Sam loophole is huge.
In the US, it really isn't. It's a patchwork of state and local laws that could absolutely be invalidated by the feds in the case of a global communications medium like the phone network, since that implies interstate commerce.
By "huge" I mean that the plausible set of circumstances in which someone loaned out a phone for a call is large.
It's one thing to put leverage on the already marginal. Another to haul upstanding citizens off for offering a stranger a phone call. Resistance would be huge. No matter how weak any perceived legal shield would be.
That doesn't really work in practice. All it does is raise the price of black market sims by a fixed, low dollar amount, that is irrelevant for criminal operations willing to spend thousands of dollars for secure coms.
Think about it: unless you distribute SIMs at the local police station, your last mile enforcement officer is just some guy in a kiosk making minimal wage. Assuming he is motivated by law to do his job right, and photocopy IDs etc., he's still untrained to spot fake ones, unwilling to make a ruckus if the customer face does not really match the ID etc.
All it takes is one rogue distributor or some homeless guy, and you will have thousands of SIMS that can't be traced. Then you have anonymous roaming sims for people willing to pay the data roaming fees.
> Properly installed (F-Droid) on off-the-shelf phones with fresh prepaid sims and OS updates disabled, it can be considered secure software against all but the most sophisticated adversaries.
You can easily identify the phone of the target by physical surveillance coupled with Stingray type of cell traps. No need to bother with IMEI, plain cell number which you will then intercept with operator support.
So you will prove the target uses a phone, and that phone connects to Signal servers or some offshore VPN. That's not very useful.
The quest is to access communication contents, or map out a criminal network that can then then lead to identifying other physical locations of terminals and unknown members of the ring.
This is what document-retention-and-disposal policies are for.
In major business districts throughout the Western world, document disposal companies will drive their collection truck to a given business address and shred the collected paper right there in the street as it's loaded into the truck.
Besides criminals, even legitimate businesses might start to prefer offline methods. With the decline of privacy comes corporate espionage and that's no good for business.
Legitimate businesses can much more easily avoid being scammed by vendors because their legitimate businesses are protected by the legal system. They also can openly discuss their experiences with vendors, because they're not hiding from anyone.
I've never heard of a business being scammed by a vendor through ransomware. When businesses choose vendors, they do it with legal contracts enforceable in their jurisdictions.
Vendor-based scams are what this thread and this article is about. The root quoted that An0m was a 'trick' that couldn't be repeated again. My point is that legitimate businesses would have never had to worry about such tricks, being scammed by a vendor like this is a problem unique to illegal businesses.
Though I think there are actually at least two discussions being had here, apparently talking past one another:
One, that a vendor which promises some service but fails to deliver on it, as An0m did here, would be subject to civil claims for fraud or false representation. This seems to be your general argument.
Another is that any given business has concerns over surveillance and privac breaches, whether from law enforcement or other entities, and that any use of digial communictations and data systems exposes them to this risk. Paper-based systems have, of course, far lower capabiliies to data processing, but also to data exfiltration*.
Both are risks.
You're focused on one. Others take a broader view, myself included.
That's fair. But I still don't think the situation translates; businesses have significantly more options for mitigation and less downside risk. They're likely not going to prison if they have a data leak, and they have access to good information and the world's most reputable vendors for solutions to those problems.
Outside of exceptionally high risk (or exceptionally low revenue) businesses , I don't think many are going to choose to go back to paper. Although, we may see more systems being air-gapped, virtualized, or using other forms of isolation. The types of enterprises that could afford the labor cost of using paper can also afford the price tag on digital solutions that do a good job of mitigating those risks. Most breaches, ransomware attacks, etc are things that could have been prevented. Rarely do incident response crews say "this company couldn't have done anything to prevent this"
Additionally, legitimate businesses have customers that will demand that they use digital solutions. Criminals dealing with other criminals might be willing to use paper to mitigate risks. Customers of established B2B or B2C companies will not.
So, yes, one of the core benefits of operating (mostly) inside the law is, well, operating inside the law. Including availing yourself of the law's protections. Criminals are in many cases "outlaws", in the original sense of being outside the scope of legal protections.
There are some limits to this, of course:
- There are people who have little choice but to live outside the law (undocumented aliens --- perhaps emigrating as children, petty criminals, the poor, those living in corrupt societies), who nonetheless have very legitimate criminal complaints against others (theft, robbery, assault, rape, etc.). In many cases, such people are victimised by both criminal and law-enforcement communities.
- There are generally-lawful businesses which engage in illegal acts. HBSC serving as money-launderer to the Mexican drug cartels, Google knowingly engaging in illegal pharmaceutical sales and imports to the US, as two instances. More generally, wage, labour, and safety infractions are highly probable among any business.
Either way, "lawful business" isn't a strict binary, it's more a heap of sorites.
In the case of An0m, the sting itself was putatively legal (I'm not fully agreed with that, I'm positing that for this argument), in which case the argument for fraud or contract violation is ... well, something of a long shot. On the other hand, the targets of the sting have little to lose.
The case with paper is that the costs and risks are very well understood, in ways that the risks and costs of digitisation are not. And to a very large extent, business likes certainty.
There may be measures which can be taken to minimise the risks of digital business-management systems. I'm not entirely sure what those might be, though anything which greatly increases data frictions would likely be a benefit. I suspect this particular discussion will be ongoing for years and decades, though it's possible that specific major events might precipitate change. I'm trying to think of analogues from other domains. Disease, hygiene, and predator-prey relations come to mind.
It’s a known problem with HN’s don’t edit the headline mantra but that’s where we are. It nips a lot of stuff in the bud so it’s maybe worth the trouble with headlines like this that are multipart.
The sad thing about this technology is that it's routinely used, as enumerated in this article, to a completely worthless end. Cocaine should not be illegal anywhere, nor should surveillance stings be set up to entrap people.
>>nor should surveillance stings be set up to entrap people.
You used the word "entrap". I don't think it means what you think it means.
Setting up surveillance of people doing what they independently decide to do on their own, is not entrapment.
Entrapment is when you interact with a target and actively convince them and/or enable them to do a criminal act that they (arguably) would not have done on their own without your prompting/enabling actions.
The war on drugs and surveillance overreach is a total disaster, but that's completely irrelevant to whether harmful drugs should be regulated at all. Fail to adequately regulate drug distribution, and you'll end up with another opioid epidemic.
I find myself asking this question, what causes more net harm, the social impact of people abusing cocaine and associated problems or the damage caused by cocaine being high lucrative while illegal and the war on drugs.
> $1,700 for the handset, with a $1,250 annual subscription
> Almost 10,000 users around the world had agreed to pay
So the FBI built a 8 figure ARR hardware business...