[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A Scenario



Anonymous User scripsit
>> 
>> Let's say I have a digital cellular phone.  I also have Anonymous
Remailers,
>> PGP, and over 100 BBS numbers (structured for which day and which hour
each
>> would be used) so that I can contact and talk to my "Friend."
>> Please tell me how the LEA's can find me and understand the transactions
>> between us? 

>You don't give us enough information.

>Are your attackers looking for known parties?
>How secure is your cellular?  Do you operate from a known or a guessable 
>location?  Is your "Friend" known?  Suspected?  His location, guessable?  
>Known?


>If your location were known it would be a simple matter to monitor 
>the area, say put a van just outside your site and wait for cellular 
>activity of a strength that suggests your presence.  How likely would it 
>be that someone else is using a cellular phone in your presence?  Given 
>this, it is probably not difficult to obtain the billing/ESN number for 
>your phone, and then obtain detailed traffic information about your 
>transmissions.  Given that it is a simple matter to conduct a lower tech 
>attack, say tempest, and pick up the conversation as you compose it, end 
>running the encryption so to speak.  You think in too shallow a fashion.  
>Security is about more than communications security.

>Even if yours is perfect, how about your friends.  A tempest attack on 
>his site while he is using Word for Windows is just as effective as one 
>on you.

>Modify this tactic to use a phone which uses several different ESN's at 
>random or move your location often and at random.

>> 
>> If I have several encryption programs, can I 'layer' each document [I PGP
the
>> file, the I DES the PGP file, then IDEA for the final layer.

>Worthless given the above attack.

>> Does the NSA have to crack it one layer at a time, or can they bombard it,
>> crack the layers in whatever order the supercomputer finds?

>Again, unimportant given the cheaper low tech solution.

>> If I am missing something, please let me know what I have missed.

>Been there, did that.

>-uni- (Dark)

In the above scenario, I would never use my voice over the digital cellular
[and I would be always moving {nothing done at home}]...strictly PGP/E-Mail.
Even IF the parties are known, can they make their case? [How can they prove
X sent Y if using PGP and anonymous remailers?] Of course, if one of them
cooperates, that's different.

Can Tempest be used as I'm driving/on a city bus? How expensive is it to
maintain a Tempest surveillance in this fashion? This is a positive of
portable computers and portable communications..no one can pinpoint [even
remotely] where I'll compose/collect my pgp/e-mail. I am assuming that I'm
covering my tracks smartly, and the only thing they have is what they can
grab over the air, which is PGP, and that gets sent to some BBS [which they
don't know] for my friend to pick up.

The ESNs and the Keep Moving are really helpful, thanks.