All posts for the month February, 2008

TrueCrypt is an essential drive encryption application for Windows, Mac OS X, Linux users who want to encrypt real or virtual drive partitions.  It’s free, easy to use, and it even runs on Windows Vista 32/64 bit.  The 5.0 release allows you to encrypt the boot drive partition in Windows, so if your server or laptop falls into the wrong hands, no data whatsoever can be gleamed from it. 

An interesting feature of TrueCrypt is the “plausible deniability” option, which allows you to encrypt any number of hidden partitions in the empty space of an outer partition, so even if you are forced to reveal the outer partition, you can plausible deny the existence of inner partitions.  Get it now!

How many of the 79 million personal records compromised in 2007 could have been avoided simply by installing this program? 

After  9/11, the U.S. government didn’t have much trouble blasting away any expectation of privacy when conducting financial transactions or traveling across the country.    It’s a little harder to justify destroying fundamental freedoms when it comes to spying on people’s email and instant messaging conversations.  What is the state to do?  If recent actions by the NSA and CIA are any indication, it is to invent ridiculous threats about the danger that “hackers” pose to us all.

First, Michael McConnell, Director of National Intelligence of the United States claimed that “the U.S. government should have unfettered and warrantless access to U.S. citizens’ Google search histories, private e-mails and file transfers” in the January 21st edition of the New Yorker.

One of his claims is that cyber crime costs $100 billion per year.  This number was made up by Valerie McNevin, who happened to have once served as an advisor to the U.S. Treasury department.  Wired reports that “within two hops, CNN was reporting the $105 billion as an official Treasury Department estimate of global cyber crime profits.”  Before long, the number was used by Information Week, Slashdot, Reuters, reputable security firms such as McAfee  – and the Director of the NSA.

The second preposterous claim is that “a massive cyber-attack on a single U.S. bank would be worse for the economy than the deadly terrorist attacks of September 11.” It takes a computer security specialist to appreciate the sheer ignorance of that claim.  The head of the NSA is surely familiar with highly secure computing environments.  Just like the government, banks employ data centers that are both physically and cryptographically isolated – you have to physically break into the bank’s data center before you can even think about causing havoc in a large scale.  The website you use to access your bank
account is far removed from the servers that actually hold your account information.
It’s easy to steal bank account information, and maybe even take away your online account access for a day.  But that is hardly a “911” type of event.  Without physical access to the data centers, hackers
cannot erase traces of their work, so the transactions can be easily reversed.
It’s hard to withdraw $100 billion of cash from a bank in a day.

Regardless, McConnel believes that a recent federal ruling which decided that “any telephone transmission or e-mail that incidentally flowed into U.S. computer systems was potentially subject to judicial oversight” has reduced the “capacity of the NSA to monitor foreign-based communications … by seventy per cent.”  No worries, because the Protect America Act passed this summer, and allows
“Gmail’s servers and AT&T’s switches [to be] de facto
arms of the surveillance industrial complex
without any court oversight.”

This latest attack on American’s privacy is just the latest act for McConnell – he was one of the main backers of the Clipper Chip, a plan to force an NSA backdoor into encryption product.  More recently, the NSA has attempted to sneak in a backdoor into encryption by creating flawed security standards.

In case you still think that this attack on American’s privacy has anything to do with terrorism, the testimony of Qest CEO Joseph Nacchio makes clear that the NSA was out to spy on
Americans at least
seven months before September 11, 2001

Michael Tanji, an ex-spook who spent 20 years in the intelligence community observes that
monitoring all traffic is basically an admission that the government has no
effective means of detecting or stopping legitimate threats, cyber or otherwise:

It’s bad enough that the Director of
National Intelligence is trotting out a bogus threat so the government can snoop on all Internet traffic.  What’s worse is that
this kind of mass surveillance is a pretty lame way to catch the honest-to-God
bad guys.

Of more interest to observers of intelligence activities is the issue of quality vs. quantity and the slow creep towards doom that these efforts foretell. The fact that we are essentially
attempting to gill-net bad guys is a fairly strong indicator that the intelligence community has yet to come up with an effective strategy against information-age threats.

The NSA is not alone in scaremongering Americans.  The CIA claims that hackers “turned
out the lights in multiple [foreign] cities after breaking into electrical
utilities and demanding extortion payments before disrupting the power.”  Of course, no details on where or when the outages occurred were provided, so it’s hard to evaluate this claim.  I wonder whether some power utilities around the globe are really dumb enough to connect critical components to the
public Internet, or whether the “hackers” simply broke into the facilities and flipped a switch.

The Dept of Homeland Security wants a piece of the horror-fest action too:  it “produced
a video showing commands quietly triggered by simulated hackers having such a violent reaction that an enormous generator shudders as it flies apart and belches black-and-white smoke.”  “Simulated” hackers?

Some people might look at the relentless attack by governments on privacy and personal liberty and ascribe it to some kind of enormous, sinister plot.  Yet reality is much more ordinary and mundane.  Countless nameless bureaucrats are just doing what they always do — fighting for power and influence using the only currency they have – the public’s money and liberty.