lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 27 Jun 2008 20:38:56 -0400
From: Ureleet <ureleet@...il.com>
To: n3td3v <xploitable@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: What the UK government care about in a hacker

u know how old this article is?

On Thu, Jun 26, 2008 at 5:45 PM, n3td3v <xploitable@...il.com> wrote:
> On Thu, Jun 26, 2008 at 2:08 AM, n3td3v <xploitable@...il.com> wrote:
>> I think we've gone beyond the F-Secure has said stage, I think folks
>> are looking for something more. I think the security space has evolved
>> already in respect of home user hackers, the security professional
>> circuit and with the government.
>>
>> Infact the government are finding it hard to keep up with what's
>> possible by the government and what's technologically possible by joe
>> average in his bedroom.
>>
>> A few years ago it was impossible for joe average to shoot the live
>> scene of a national emergency via his cell phone, email that footage
>> to a national television station and that to be used as prime time
>> evidence of the incident, now it is.
>>
>> With this I look onto the media, its still using F-Secure press
>> releases for its news round.
>>
>> Your average joe is now able to creep behind the media wall and get
>> the news before the outlet gets time to read up.
>>
>> The fact, the media is becoming less important in the security arena
>> for bringing us news.
>>
>> Your average joe can configure google.com/ig to give them keyword news
>> thats coming onto the news wires and google.com/alerts can too.
>>
>> What used to be a government fundamental for the intelligence
>> services, is now becoming a challenge for them to know what user is
>> signed upto what and how much they know.
>>
>> Before it was more straight forward, they would know what news sites
>> were available as civilian intelligence sources but now its becoming
>> less obvious.
>>
>> The intelligence community are having to dig deep into online
>> community to see what is possibly being plotted and what sources of
>> information they have and the technique in which its gathered.
>>
>> Today the world is changing, what used to be charted water only
>> reserved for the intelligence services is now also being used by the
>> civilian population.
>>
>> It's scary times, hackers have the best ability to over come the
>> intelligence services, not the script kids, but the hackers!
>>
>> The main focus for the British intelligence service is mobile and
>> anything to do with radio frequency hacks, including RFID type stuff,
>> that's high on the British government look out.
>>
>> The media are hyping about mobile phone worm, while this hype *is*
>> unfounded right now, thats not to say its not top on the British
>> government's watch list of most desirable vulnerability threat vector
>> against national infrastructure of government and civilian population.
>>
>> The hax0r credibility score board from the government's point of view
>> isn't hacks in safari, fire fox or internet explorer, its
>> telecommunications and radio frequency hacks right now.
>>
>> So while you and your friends might think browser hacks, etc.. think
>> again, the real stuff that gets the UK government interested in you is
>> radio, mobile and chip hacks, anything to do with electronics and
>> communication, they don't actually give a fuck about applications, DNS
>> hacks, Cisco router hacks and the like.
>>
>> While those things like  DNS hacks, Cisco router hacks and the like
>> are internet critical, they aren't national security critical...
>>
>> So hackers, if you want the most hax0r credibility points and
>> attention with the UK government, think national infrastructure, radio
>> frequency, chip hacks and mobile telecommunication interception.
>>
>> If you want head hunted into the UK government cyber defensive,
>> offensive and research departments go for those vectors... keep away
>> from silly stuff like web browser hacks, DNS poisoning, Cisco etc.
>>
>> How will the UK government contact you? Brute guys will jump out of a
>> range rover land rover which will have darkened windows and will give
>> you an offer you can't refuse after abducting you for five minutes
>> based on your research post on Full-Disclosure.
>>
>> All the best,
>>
>> n3td3v
>>
>
> ---------- Forwarded message ----------
> From: n3td3v <xploitable@...il.com>
> Date: Sun, Apr 20, 2008 at 10:42 PM
> Subject: GSM Researcher stopped at Heathrow Airport by UK government officials
> To: n3td3v <n3td3v@...glegroups.com>
>
>
> I was leaving today from the United Kingdom/Heathrow airport. I am
> about to speak at the HITB IT security conference about GSM security
> and the USRP (gnu-radio project).
>
> I was searched by the UK government while waiting at the Gate and
> reading a newspaper. A UK Government employee flipped his badge and
> said "Let's talk. Come over here".
>
> They detained my USRP (Software Defined Radio), my mobile phone and my
> personal SIM card.
>
> They did their homework. They knew who I am, where i live, which day I
> speak at the conference and who I work for.
>
> I'm involved in the GSM software project where we also developed a new
> attack against the GSM encryption A51. We published our research in
> February at the Blackhat security conference in Washington DC.
>
> I understand that the government wanted to make sure that I'm not
> exporting any cryptanalytic device.
>
> I did not. I will not. The USRP is a radio. My mobile phone is a
> normal nokia 3310 phone and my SIM card is a sim card.
>
> They said they do not know what the USRP is and that I can not take it
> until they have checked it in the lab. This can take 14 days (1/2
> month).
>
> So be it. They have it for 14 days. Guys, enjoy the device! It's fun
> playing around with it!
>
> I'm uneasy that they took my mobile phone and my sim card. Having a
> pregnant wife at home and not being reachable complicates my
> situation.
>
> Is this common practice? Are they allowed to do this?
> Any tips how I can get my mobile phone and my sim card back quicker?
>
> Our project: http://wiki.thc.org/gsm
> The USRP is available from http://www.ettus.com
> The GNU RADIO project: http://www.gnu.org/software/gnuradio
>
>
> stunning,
>
> THC
> ---
> Appendix: Surprisingly they did not detain my laptop or my paperwork
> which would be the most likely place to store any information related
> to cracking A51. They were also not interested in my 160GB harddrive
> which would have been the obvious place for storing the rainbow
> tables. Neither were they interested in the high performance FPGA
> chip.
>
> Instead they took all equipment that could have been used for
> demonstrating that GSM signals can be received with publicly available
> hardware for 700 USD.
>
> It does not appear that they were after cryptanalytic information.
>
> I received a yellow paper about my detained goods. They left the field
> blank that reads
> "The goods specified below are detained for the following reason:". What reason?
>
> They also crossed out the field "Agent" of the officer who was in
> charge of the operation.
>
> ---
> UPDATE 2008-04-18
> Arrived back at Heathrow. Airplane crew announced "All passengers
> please have your passport ready. There is a passport check while
> leaving the airplane. Passenger Steve Mueller please make yourself
> noticeable to the crew. Steve Mueller please."
>
> They told me at the gate that I can get my equipment back. I had a
> chat with them and they answered many of my questions. They did not
> answer who requested that I should be searched when I left the
> country.
>
> I'm happy that I got my equipment back and I appreciate that they had
> it checked out quickly.
>
> I'm still not sure why they took exactly the radio receiver parts. I
> had to change my presentation for the conference and was not able to
> demonstrate the USRP/gnu-radio.
>
> http://blog.thc.org/index.php?/archives/1-GSM-Researcher-stopped-at-Heathrow-Airport-by-UK-government-officials.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ