Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from this list
Well, while it may be easy to DF a shortwave signal if you have adequate resources (like the government's), it's nearly impossible to tell who is receiving that transmission.
Point taken, but DFing a signal doesn't require government-level resources. I've participated in a few DF events before, none of them using anything much more complex than a directional antenna for the band we're working and the signal meter built in to the radio. Granted, there's much better hardware out there to do it with - but remember that it was a couple of hams who found Yosemite Sam, not the FCC (although that's likely another story in and of itself).
In the web world- however, there's a log for everything.
Yes and no. Things get logged, assuming that: a) Logging is enabled. b) There's space to store the logs. c) The logs aren't rotated and written over.
Every person who visited that Craigslist link is logged.
We can't say that for certain because we don't know Craigslist's logging policies. More:
The poster himself was logged.
While this is likely the case, again, we don't know their policies on logging. And, of course, that doesn't cover the logs the VoIP providers have, or any of the other websites that were following the experiment. Further, just because logs exist doesn't mean that access to them by third parties (such as law enforcement, or the intelligence community) is automatic. Following on from that, though, we can probably *assume* (note the emphasis) that people from the original poster on down were logged. However, it's important to remember that there are any number of ways to obfuscate an IP address: use a public access terminal such as in an Internet cafe or library; use a proxy or similar anonymizing service; route your traffic through compromised machines. There are others, but that should serve to demonstrate the less-than-useful nature of relying on an IP address when attempting to physically locate someone. Also, there's one other thing that's probably worth pointing out: in a real-world scenario, this likely would've been an overly-complex way of communicating with an agent. There are two sides to the communication - one on Craigslist telling the agent to call a particular number, then the actual communication to the agent recorded on the VoIP station. Using Craigslist alone probably would've sufficed; the messages could've been encrypted steganographically within posts to, say, the rants & raves section. I'm specifically picking rants & raves here because it's a) not uncommon to see long messages posted there, allowing for a longer encrypted message to be hidden, and b) there are literally hundreds of posts there on any given day for any given city, which would again have made finding the intended recipient extremely difficult. With respect to the VoIP station, it worked fine as a transmission medium both from the standpoints of availability and obfuscation: people recorded it and made it available in many formats from MP3 to text to radio broadcasts, so knowing the intended recipient . However, the downfall is that it provides a second level of logging and if you're trying to avoid leaving an audit trail, multiple levels of logging can either work in your favour or against you - they can either serve to baffle an investigator by overwhelming them with data, or enable correlation of events allowing a list of suspects to be drawn up and chased down.
And thanks to a powerful search engine like Google, one could search a large chunk of the internet for places where "MEIN FREULEIN" exists.
Sure. But remember that we were never intending from the get-go for this to be clandestine; the idea was to put a high level of signal-to-noise around the stations by having their content spread for us by unwitting third parties. In a sense, this is some of the best obfuscation you could hope for. People already listen to shortwave transmissions and discuss them openly; that doesn't necessarily mean that their intended recipients are any more or less secure in their comings and goings than if nobody had heard them in the first place. As long as the message itself remains uncrackable and can't be tied to a particular individual, then all it is is a bit of spurious - but nonetheless interesting - data.
From there, it's just a matter of filtering the data, then a quick subpeona of the telco's records for users from a certain area.
Believe me, this is nowhere near as easy as it sounds.
Posting at an internet cafe with an anonymous account isn't safe either, due to the prevalence of cameras in such places.
Sure. But, as mentioned earlier, that's not the only option. And even if one were posting from a location such as an Internet cafe, there are steps that can be taken to very effectively make it appear as though this is not the case.
No the best way to covertly communicate online is to open an anonymous email account with Gmail or hotmail or something...then share the login/password with the person you intend to communicate with.
No. Absolutely not. This would be about the *worst* way you could do it. Gmail archives *everything* and is highly-searchable; ditto Hotmail. Even if you're emailing encrypted content between two parties, you've still got an established link between them, and the email itself is in plaintext - so it's trivial to look at a message, say, 'yup, that's encrypted traffic', and then start watching for communication between the sender and recipient. Decrypting the transmitted content would be an entirely more complex matter, but at least it'd be possible to infer that a channel of communication exists between the two parties. Further, working in the shared-login scenario that you suggest, that effectively compromises the login and exponentially widens the chances of it falling into the wrong hands.
Simply leave messages for each other from within the same account; voila, you avoid a lot of the risk online. You could even rot13 your one time number pad :)
I just want to know why nobody's done rot26 yet - I mean, it should be twice as secure, right? ;) - skroo. ______________________________________________________________ Spooks mailing list Home: http://mailman.qth.net/mailman/listinfo/spooks Help: http://mailman.qth.net/faq.htm Post: mailto:Spooks@mailman.qth.net - Visit http://www.spynumbers.com/ for complete information about Spy Numbers Stations
