[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20070525134402.AF081C381C@mailserver10.hushmail.com>
Date: Fri, 25 May 2007 09:43:56 -0400
From: <auto294156@...hmail.com>
To: <full-disclosure@...ts.grok.org.uk>
Cc:
Subject: PHRACK 64: YOUTUBE IS THE ATTACK
_ _
_/B\_ _/W\_
(* *) Phrack #64 file 4 (* *)
| - | | - |
| | The Revolution will be on YouTube | |
| | | |
| | By Gladio | |
| | | |
| | Gladio@...ack.org | |
(____________________________________________________)
Forget everything you know about revolutions. It's all wrong.
Fighting a conventional war in an industrialized nation is suicide.
Even
if you could field a military force capable of defeating the
government
forces, the wreckage wouldn't be worth having. Think about mortar
shells
landing in chemical plants. Massive toxic waste spills. Poisonous
clouds
drifting with the winds. Fighting a war in your own backyard is just
plain stupid. Notice how the super-powers fight each other with
proxy
wars in other countries.
Sure it might be fun to form a militia and go play army with your
friends
in Idaho. Got some full-auto assault rifles? Maybe even mortars,
heavy
machine guns and some anti-aircraft guns?
Think they can take out an AC-130 lobbing artillery shells from 12
miles
away? A flight of A-10s spitting depleted uranium shells the size
of your
fist at a rate that makes the cannon sound like a redlined dirt
bike? A
shooting war with a modern government is a shortcut to obliteration.
Most coups are accomplished (or thwarted) by skillful manipulation
of
information. There have been a number of countries where tyrants
(and
legitimate leaders) have been overthrown by very small groups using
mass
communications effectively.
The typical method involves blocking all (or most) information
sources
controlled by the government, and supplying an alternative that
delivers
your message. Usually, you just announce the change in government,
tell
everyone they are safe and impose a curfew for a short time to
consolidate
your control. Announce that the country, the police and the
military are
under your control, and keep repeating it. Saturate the airwaves
with your
message, while preventing any contradictory messages from
propagation.
Virtually all broadcast media use the telephone network to deliver
content
from their studios to their transmitters. Networks use satellites
and
pstn to distribute content to local stations, which then use pstn to
deliver it to the transmitter site.
Hijacking these phone connections accomplishes both goals, of
denying the
'official' media access, and putting your own message out.
In cases where you can't hijack the transmitters, dropping the pstn
will be effective. Police and military also use pstn to connect
dispatch
centers with transmitter towers. Recently, many have installed
wireless
(microwave) fallback systems.
Physically shutting down the pstn just prior to your broadcasts may
be
very effective. This is most easily accomplished by physical damage
to
the telco facilities, but there are also non-physical technical
means to
do this on a broad scale. Spelling them out here would only result
in the
holes being closed, but if you have people with the skill set to do
this,
it is preferable to physical means because you will have the
advantage
of utilizing these communications resources as your plan progresses.
Leveraging the Internet
Most of the FUD produced about insurgence and the internet is
focused on
"taking down" the internet. That's probably not the most effective
use
of technical assets. An insurgency would benefit more from
utilizing the
net. One use is mass communications. Get your message out to the
masses
and recruit new members.
Another use is for communications within your group. This is where
things
get sticky. Most governments have the ability to monitor and
intercept
their citizen's internet traffic. The governments most deserving of
being overthrown are probably also the most effective at electronic
surveillance.
The gov will also infiltrate your group, so forums aren't going to
be the best means of communicating strategies and tactics. Forums
can
be useful for broad discussions, such as mission statements, goals
and
recruiting. Be wary of traffic analysis and sniffing. TOR can be
useful,
particularly if your server is accessible only on TOR network.
Encryption is your best friend, but can also be your worst enemy.
Keep
in mind that encryption only buys you time. A good, solid cipher
will
not likely be read in real time by your opponent, but will
eventually
be cracked. The important factor here is that it not be cracked
until
it's too late to be useful.
A one time pad (OTP) is the best way to go. Generate random data and
write it to 2, and only 2, DVDs. Physically transport the DVDs to
each
communications endpoint. Never let them out of your direct control.
Do
not mail them. Do not send keys over ssh or ssl. Physically hand
the DVD
to your counterpart on the other end. Never re-use a portion of the
key.
Below is a good way to utilize your OTP:
Generate a good OTP (K), come up with a suspicious alternate message
(M), and knowing your secret text (P), you calculate (where "+" =
mod
26 addition):
K' = M + K
K'' = P + K
C = K' + P
Lock up K'' in a safety deposit box, and hide k' in some other off
site, secure location. Keep C around with big "beware of Crypto
systems"
signs. When the rubber hose is broken out, take at least 2 good
lickings,
and then give up the key to the safety deposit box. They get K'',
and calculate
K'' + C = M
thus giving them the bogus message, and protecting your real text.
Operational Security
The classic "cellular" configuration is the most secure against
infiltration and compromise. A typical cell should have no more
than 5-10
members. One leader, 2 members who each know how to contact one
member
of an 'upstream' cell, and 2 members who each know how to contact
one
member of a downstream cell. Nobody, including the leader, should
know
how to contact more than one person outside of their own cell.
Never use your real name, and never use your organizational alias in
any other context.
Electronic communications between members should be kept to a
minimum. When it is necessary, it should only be conducted via the
OTP
cipher. Preferably, these communications should consist of not much
more
than arranging a physical meeting. Meet at a pre-arranged place,
and
then go to another, un-announced place where surveillance is
difficult,
to discuss operational matters.
Do not carry a phone. Even a phone which is switched off can be
tracked, and most can be used to eavesdrop on discussions even when
powered down. Removing the battery is only marginally safer, because
tracking/listening gear can be built into the battery pack. If you
find
yourself stuck with a phone during a meeting, remove the battery and
place both the phone and battery in a metal box and remove it from
the
immediate area of conversation.
It never hurts to generate some bogus traffic. Gibberish, random
data,
innocuous stories etc., all serve to generate noise in which to
better
hide your real communications.
Steganography can be useful when combined with solid crypto.
Encrypt and
stego small messages into something like a full length movie avi,
and
distribute it to many people via a torrent. Only your intended
recipient
will have the key to decrypt the stegged message. Be sure to stego
some
purely random noise into other movies, and torrent them as well.
Hopefully you'll find this document useful as a starting point for
further discussion and refinement. It's not meant to be definitive,
and
is surely not comprehensive. Feel free to copy, add, edit or change
as
you see fit. Please do add more relative to your area(s) of
expertise.
--
Click to get freedom from your annoying glasses. Save on LASIK surgery.
http://tagline.hushmail.com/fc/CAaCXv1RuqPFiCNGPfNWUZuSsrrmGaem/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists