Re: [Spooks] Thank you from the Project Evil team
Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from this list On Aug 8, 2006, at 10:57 AM, KD7JYK wrote: Dang, I miss those LA meetings... I was there from '92 - '96. Remember when 2600 actually had something to do with phones??? Sure do! I remember the '90s-era LA meetings also... Phone talk and Agent Steal tooting his own horn about some b.s. prank he was involved with. Good times. __ Spooks mailing list Home: http://mailman.qth.net/mailman/listinfo/spooks Help: http://mailman.qth.net/faq.htm Post: mailto:Spooks@mailman.qth.net - Visit http://www.spynumbers.com/ for complete information about Spy Numbers Stations
Re: [Spooks] Thank you from the Project Evil team
Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from this list Wow. I got pwned by a 2600 guy. hat's off sir! As far as the shared login to a hotmail type account- I think I remember reading that al queda or the like have used that method to coordinate and communicate. I thought it was safer since there's no SMTP server involved, it's just data stored on a hard drive on a server somewhere transmitted through http to the viewer's screen. The user simply pulls up the draft message from the other guy. It's all become way more complicated. The NSA guys must be going nuts, especially with the rise of Craigslist, MySpace, forums, you tube, and other web 2.0 apps that allow virtually anything to be posted. On 8/7/06, J. Random Entity [EMAIL PROTECTED] wrote: Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from this list Well, while it may be easy to DF a shortwave signal if you have adequate resources (like the government's), it's nearly impossible to tell who is receiving that transmission. Point taken, but DFing a signal doesn't require government-level resources. I've participated in a few DF events before, none of them using anything much more complex than a directional antenna for the band we're working and the signal meter built in to the radio. Granted, there's much better hardware out there to do it with - but remember that it was a couple of hams who found Yosemite Sam, not the FCC (although that's likely another story in and of itself). In the web world- however, there's a log for everything. Yes and no. Things get logged, assuming that: a) Logging is enabled. b) There's space to store the logs. c) The logs aren't rotated and written over. Every person who visited that Craigslist link is logged. We can't say that for certain because we don't know Craigslist's logging policies. More: The poster himself was logged. While this is likely the case, again, we don't know their policies on logging. And, of course, that doesn't cover the logs the VoIP providers have, or any of the other websites that were following the experiment. Further, just because logs exist doesn't mean that access to them by third parties (such as law enforcement, or the intelligence community) is automatic. Following on from that, though, we can probably *assume* (note the emphasis) that people from the original poster on down were logged. However, it's important to remember that there are any number of ways to obfuscate an IP address: use a public access terminal such as in an Internet cafe or library; use a proxy or similar anonymizing service; route your traffic through compromised machines. There are others, but that should serve to demonstrate the less-than-useful nature of relying on an IP address when attempting to physically locate someone. Also, there's one other thing that's probably worth pointing out: in a real-world scenario, this likely would've been an overly-complex way of communicating with an agent. There are two sides to the communication - one on Craigslist telling the agent to call a particular number, then the actual communication to the agent recorded on the VoIP station. Using Craigslist alone probably would've sufficed; the messages could've been encrypted steganographically within posts to, say, the rants raves section. I'm specifically picking rants raves here because it's a) not uncommon to see long messages posted there, allowing for a longer encrypted message to be hidden, and b) there are literally hundreds of posts there on any given day for any given city, which would again have made finding the intended recipient extremely difficult. With respect to the VoIP station, it worked fine as a transmission medium both from the standpoints of availability and obfuscation: people recorded it and made it available in many formats from MP3 to text to radio broadcasts, so knowing the intended recipient . However, the downfall is that it provides a second level of logging and if you're trying to avoid leaving an audit trail, multiple levels of logging can either work in your favour or against you - they can either serve to baffle an investigator by overwhelming them with data, or enable correlation of events allowing a list of suspects to be drawn up and chased down. And thanks to a powerful search engine like Google, one could search a large chunk of the internet for places where MEIN FREULEIN exists. Sure. But remember that we were never intending from the get-go for this to be clandestine; the idea was to put a high level of signal-to-noise around the stations by having their content spread for us by unwitting third parties. In a sense, this is some of the best obfuscation you could hope for. People already listen to shortwave transmissions and discuss them openly; that doesn't necessarily mean that their intended recipients are any more or less secure in their comings and goings than if nobody had heard them in the first
Re: [Spooks] Thank you from the Project Evil team
Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from this list On Mon, 2006-08-07 at 22:04 -0700, Jeff Wilson wrote: No the best way to covertly communicate online is to open an anonymous email account with Gmail or hotmail or something...then share the login/password with the person you intend to communicate with. Simply leave messages for each other from within the same account; voila, you avoid a lot of the risk online. You could even rot13 your one time number pad :) There are many ways to achieve online stealth, grasshopper. Anon -- /** / This stealth mailing address was hand-crafted to befuddle the / analysts at Homeland Security as to my real identity. / -Anon __ Spooks mailing list Home: http://mailman.qth.net/mailman/listinfo/spooks Help: http://mailman.qth.net/faq.htm Post: mailto:Spooks@mailman.qth.net - Visit http://www.spynumbers.com/ for complete information about Spy Numbers Stations
Re: [Spooks] Thank you from the Project Evil team
Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from this list On Mon, 7 Aug 2006, Jeff Wilson wrote: Well, while it may be easy to DF a shortwave signal if you have adequate resources (like the government's), it's nearly impossible to tell who is receiving that transmission. In the web world- however, there's a log for everything. Every person who visited that Craigslist link is logged. The poster himself was logged. And thanks to a powerful search engine like Google, one could search a large chunk of the internet for places where MEIN FREULEIN exists. From there, it's just a matter of filtering the data, then a quick subpeona of the telco's records for users from a certain area. Posting at an internet cafe with an anonymous account isn't safe either, due to the prevalence of cameras in such places. I wonder how easy it is to track telephone calls. I'm assuming it was possible to keep track of who called the telephone numbers (whether or not that was done, I don't know). I called the NY number but I used one of those cheap calling cards. People with caller ID tell me that when I call them using the card, it always comes up with something like Georgia Call or Virginia Call or even once Idaho Call. How easily can those be traced down? No the best way to covertly communicate online is to open an anonymous email account with Gmail or hotmail or something...then share the login/password with the person you intend to communicate with. Simply leave messages for each other from within the same account; voila, you avoid a lot of the risk online. You could even rot13 your one time number pad :) That is so simple and yet effective method that it makes me wonder why the numbers stations still exist. Maybe the intended audience has no computer? I suppose if you were a spy in a foreign country, you might not want to have a computer with you. Zack __ Spooks mailing list Home: http://mailman.qth.net/mailman/listinfo/spooks Help: http://mailman.qth.net/faq.htm Post: mailto:Spooks@mailman.qth.net - Visit http://www.spynumbers.com/ for complete information about Spy Numbers Stations
Re: [Spooks] Thank you from the Project Evil team
Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from this list I'll try to put more acronyms in my next post; this one was definitely way too light on them ;) True, a first-grader could have understood that last post... Kurt __ Spooks mailing list Home: http://mailman.qth.net/mailman/listinfo/spooks Help: http://mailman.qth.net/faq.htm Post: mailto:Spooks@mailman.qth.net - Visit http://www.spynumbers.com/ for complete information about Spy Numbers Stations
Re: [Spooks] Thank you from the Project Evil team
Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from this list Hi Jeff, Congrats on a nice little internet based experiment. It would have been even more impressive if it was an actual shortwave numbers station. ;) We actually considered doing it as a real station, but wanted a certain degree of anonymity. Of course, shortwave stations are great for that - but the only way to really do that would to be unlicensed, and we didn't really want to go down that road. Besides, licensed or not, you could still be DFed, and there was some curiosity to see how people would react when faced with a numbers station running over a non-traditional medium. You guys aren't behind Yosemite Sam are you? Nope, nor are we behind any of the others that might fall into the 'is it real or is it Memorex?' category. I will confess to having a fondness for Yosemite Sam, though, and have a theory (going by the audio sample it uses) that it's meant to be in direct competition to WBNY and the Rodent Revolution. But otherwise, sorry - not us :) Thanks, - skroo. __ Spooks mailing list Home: http://mailman.qth.net/mailman/listinfo/spooks Help: http://mailman.qth.net/faq.htm Post: mailto:Spooks@mailman.qth.net - Visit http://www.spynumbers.com/ for complete information about Spy Numbers Stations
Re: [Spooks] Thank you from the Project Evil team
Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from this list Wow... I didn't expect *that* many messages in my inbox after sending out this thread... It looks as though I neglected to send out the link to the Project Evil website in the original email, so here it is: http://www.projectevil.org/ . Anyone with questions may want to check there first, but I'm still more than happy to answer anything it doesn't :) Cheers, - skroo. __ Spooks mailing list Home: http://mailman.qth.net/mailman/listinfo/spooks Help: http://mailman.qth.net/faq.htm Post: mailto:Spooks@mailman.qth.net - Visit http://www.spynumbers.com/ for complete information about Spy Numbers Stations
RE: [Spooks] Thank you from the Project Evil team
Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from this list You guys aren't behind Yosemite Sam are you? What about the HELLO WORLD( http://en.wikipedia.org/wiki/Slashdot_trolling_phenomena#HELLO_WORLD ) messages that popped up on a Slashdot and a few other message boards and blogs? ^^ -Shutaro -- http://shutaro.livejournal.com/ __ Spooks mailing list Home: http://mailman.qth.net/mailman/listinfo/spooks Help: http://mailman.qth.net/faq.htm Post: mailto:Spooks@mailman.qth.net - Visit http://www.spynumbers.com/ for complete information about Spy Numbers Stations
Re: [Spooks] Thank you from the Project Evil team
Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from this list What about the HELLO WORLD( http://en.wikipedia.org/wiki/Slashdot_trolling_phenomena#HELLO_WORLD ) messages that popped up on a Slashdot and a few other message boards and blogs? ^^ Nope, not that one either. In fact, the only thing that Project Evil has released so far has been the Mein Fraulein stations. We're as in the dark as everyone else as to who's behind the ones showing up on Slashdot, Wikipedia, et. al. - skroo. __ Spooks mailing list Home: http://mailman.qth.net/mailman/listinfo/spooks Help: http://mailman.qth.net/faq.htm Post: mailto:Spooks@mailman.qth.net - Visit http://www.spynumbers.com/ for complete information about Spy Numbers Stations
Re: [Spooks] Thank you from the Project Evil team
Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from this list Copycats? On Mon, 7 Aug 2006, J. Random Entity wrote: What about the HELLO WORLD( http://en.wikipedia.org/wiki/Slashdot_trolling_phenomena#HELLO_WORLD ) messages that popped up on a Slashdot and a few other message boards and blogs? ^^ Nope, not that one either. In fact, the only thing that Project Evil has released so far has been the Mein Fraulein stations. We're as in the dark as everyone else as to who's behind the ones showing up on Slashdot, Wikipedia, et. al. - skroo. __ Spooks mailing list Home: http://mailman.qth.net/mailman/listinfo/spooks Help: http://mailman.qth.net/faq.htm Post: mailto:Spooks@mailman.qth.net - Visit http://www.spynumbers.com/ for complete information about Spy Numbers Stations
Re: [Spooks] Thank you from the Project Evil team
Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from this list Well, while it may be easy to DF a shortwave signal if you have adequate resources (like the government's), it's nearly impossible to tell who is receiving that transmission. In the web world- however, there's a log for everything. Every person who visited that Craigslist link is logged. The poster himself was logged. And thanks to a powerful search engine like Google, one could search a large chunk of the internet for places where MEIN FREULEIN exists. From there, it's just a matter of filtering the data, then a quick subpeona of the telco's records for users from a certain area. Posting at an internet cafe with an anonymous account isn't safe either, due to the prevalence of cameras in such places. No the best way to covertly communicate online is to open an anonymous email account with Gmail or hotmail or something...then share the login/password with the person you intend to communicate with. Simply leave messages for each other from within the same account; voila, you avoid a lot of the risk online. You could even rot13 your one time number pad :) On 8/7/06, Zack Widup [EMAIL PROTECTED] wrote: Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from this list Copycats? On Mon, 7 Aug 2006, J. Random Entity wrote: What about the HELLO WORLD( http://en.wikipedia.org/wiki/Slashdot_trolling_phenomena#HELLO_WORLD ) messages that popped up on a Slashdot and a few other message boards and blogs? ^^ Nope, not that one either. In fact, the only thing that Project Evil has released so far has been the Mein Fraulein stations. We're as in the dark as everyone else as to who's behind the ones showing up on Slashdot, Wikipedia, et. al. - skroo. __ Spooks mailing list Home: http://mailman.qth.net/mailman/listinfo/spooks Help: http://mailman.qth.net/faq.htm Post: mailto:Spooks@mailman.qth.net - Visit http://www.spynumbers.com/ for complete information about Spy Numbers Stations -- - Jeff Wilson __ Spooks mailing list Home: http://mailman.qth.net/mailman/listinfo/spooks Help: http://mailman.qth.net/faq.htm Post: mailto:Spooks@mailman.qth.net - Visit http://www.spynumbers.com/ for complete information about Spy Numbers Stations
Re: [Spooks] Thank you from the Project Evil team
Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from this list Copycats? Nah. Whoever's behind the ones on Slashdot, at least, has been at it for a number of years. It just appears as though the idea migrated over to Wikipedia at some more recent point. - skroo. __ Spooks mailing list Home: http://mailman.qth.net/mailman/listinfo/spooks Help: http://mailman.qth.net/faq.htm Post: mailto:Spooks@mailman.qth.net - Visit http://www.spynumbers.com/ for complete information about Spy Numbers Stations
RE: [Spooks] Thank you from the Project Evil team
Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from this list Yes, but it's a question of recourses. You could do all of that, to track down every person who has viewed every anomalous blog and message board posting. But sooner or later you run into the law of diminishing returns. How much time do you spend perusing all the fake messages that may or may not have been seeded out there by spam bot/progams/scripts before you find the one message that may actually have meaningful content? And it's recipient? Especially since, as has been demonstrated, people can create their own numbers stations/postings which only add to the signal to noise ratio? And what about examining all of the hundreds of thousands of people to view/listen to it? Yes, there's a log for everything. But how much time do you want to waste mining all that data? Especially given there's an equal liklihood of the message being either a) a mein fraulein-style social experiment, b) a copycat of said experiment, c) a real transmission? Yeah, everything is logged in the internet. But there's so many people out there on the net, it might as well be a shortwave signal. -Shutaro -- http://shutaro.livejournal.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jeff Wilson Sent: Monday, August 07, 2006 10:04 PM To: Shortwave Spy Numbers Stations Subject: Re: [Spooks] Thank you from the Project Evil team Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from this list Well, while it may be easy to DF a shortwave signal if you have adequate resources (like the government's), it's nearly impossible to tell who is receiving that transmission. In the web world- however, there's a log for everything. Every person who visited that Craigslist link is logged. The poster himself was logged. And thanks to a powerful search engine like Google, one could search a large chunk of the internet for places where MEIN FREULEIN exists. From there, it's just a matter of filtering the data, then a quick subpeona of the telco's records for users from a certain area. Posting at an internet cafe with an anonymous account isn't safe either, due to the prevalence of cameras in such places. No the best way to covertly communicate online is to open an anonymous email account with Gmail or hotmail or something...then share the login/password with the person you intend to communicate with. Simply leave messages for each other from within the same account; voila, you avoid a lot of the risk online. You could even rot13 your one time number pad :) On 8/7/06, Zack Widup [EMAIL PROTECTED] wrote: Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from this list Copycats? On Mon, 7 Aug 2006, J. Random Entity wrote: What about the HELLO WORLD( http://en.wikipedia.org/wiki/Slashdot_trolling_phenomena#HELLO_WORLD ) messages that popped up on a Slashdot and a few other message boards and blogs? ^^ Nope, not that one either. In fact, the only thing that Project Evil has released so far has been the Mein Fraulein stations. We're as in the dark as everyone else as to who's behind the ones showing up on Slashdot, Wikipedia, et. al. - skroo. __ Spooks mailing list Home: http://mailman.qth.net/mailman/listinfo/spooks Help: http://mailman.qth.net/faq.htm Post: mailto:Spooks@mailman.qth.net - Visit http://www.spynumbers.com/ for complete information about Spy Numbers Stations -- - Jeff Wilson __ Spooks mailing list Home: http://mailman.qth.net/mailman/listinfo/spooks Help: http://mailman.qth.net/faq.htm Post: mailto:Spooks@mailman.qth.net - Visit http://www.spynumbers.com/ for complete information about Spy Numbers Stations __ Spooks mailing list Home: http://mailman.qth.net/mailman/listinfo/spooks Help: http://mailman.qth.net/faq.htm Post: mailto:Spooks@mailman.qth.net - Visit http://www.spynumbers.com/ for complete information about Spy Numbers Stations
Re: [Spooks] Thank you from the Project Evil team
Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from this list Well, while it may be easy to DF a shortwave signal if you have adequate resources (like the government's), it's nearly impossible to tell who is receiving that transmission. Point taken, but DFing a signal doesn't require government-level resources. I've participated in a few DF events before, none of them using anything much more complex than a directional antenna for the band we're working and the signal meter built in to the radio. Granted, there's much better hardware out there to do it with - but remember that it was a couple of hams who found Yosemite Sam, not the FCC (although that's likely another story in and of itself). In the web world- however, there's a log for everything. Yes and no. Things get logged, assuming that: a) Logging is enabled. b) There's space to store the logs. c) The logs aren't rotated and written over. Every person who visited that Craigslist link is logged. We can't say that for certain because we don't know Craigslist's logging policies. More: The poster himself was logged. While this is likely the case, again, we don't know their policies on logging. And, of course, that doesn't cover the logs the VoIP providers have, or any of the other websites that were following the experiment. Further, just because logs exist doesn't mean that access to them by third parties (such as law enforcement, or the intelligence community) is automatic. Following on from that, though, we can probably *assume* (note the emphasis) that people from the original poster on down were logged. However, it's important to remember that there are any number of ways to obfuscate an IP address: use a public access terminal such as in an Internet cafe or library; use a proxy or similar anonymizing service; route your traffic through compromised machines. There are others, but that should serve to demonstrate the less-than-useful nature of relying on an IP address when attempting to physically locate someone. Also, there's one other thing that's probably worth pointing out: in a real-world scenario, this likely would've been an overly-complex way of communicating with an agent. There are two sides to the communication - one on Craigslist telling the agent to call a particular number, then the actual communication to the agent recorded on the VoIP station. Using Craigslist alone probably would've sufficed; the messages could've been encrypted steganographically within posts to, say, the rants raves section. I'm specifically picking rants raves here because it's a) not uncommon to see long messages posted there, allowing for a longer encrypted message to be hidden, and b) there are literally hundreds of posts there on any given day for any given city, which would again have made finding the intended recipient extremely difficult. With respect to the VoIP station, it worked fine as a transmission medium both from the standpoints of availability and obfuscation: people recorded it and made it available in many formats from MP3 to text to radio broadcasts, so knowing the intended recipient . However, the downfall is that it provides a second level of logging and if you're trying to avoid leaving an audit trail, multiple levels of logging can either work in your favour or against you - they can either serve to baffle an investigator by overwhelming them with data, or enable correlation of events allowing a list of suspects to be drawn up and chased down. And thanks to a powerful search engine like Google, one could search a large chunk of the internet for places where MEIN FREULEIN exists. Sure. But remember that we were never intending from the get-go for this to be clandestine; the idea was to put a high level of signal-to-noise around the stations by having their content spread for us by unwitting third parties. In a sense, this is some of the best obfuscation you could hope for. People already listen to shortwave transmissions and discuss them openly; that doesn't necessarily mean that their intended recipients are any more or less secure in their comings and goings than if nobody had heard them in the first place. As long as the message itself remains uncrackable and can't be tied to a particular individual, then all it is is a bit of spurious - but nonetheless interesting - data. From there, it's just a matter of filtering the data, then a quick subpeona of the telco's records for users from a certain area. Believe me, this is nowhere near as easy as it sounds. Posting at an internet cafe with an anonymous account isn't safe either, due to the prevalence of cameras in such places. Sure. But, as mentioned earlier, that's not the only option. And even if one were posting from a location such as an Internet cafe, there are steps that can be taken to very effectively make it appear as though this is not the case. No the best way to covertly communicate online is to open an
