"e-Freedom fighters forge new weapon" (WorldNetDaily)
ukcrypto
ukcrypto at ttfn35.freeserve.co.uk
Tue, 16 Jul 2002 22:38:21 +0000 (GMT)
Apologies if this is too large a posting for this mailing list..
Posted: July 16, 2002
1:00 a.m. Eastern
By Sherrie Gossett
© 2002 WorldNetDaily.com
Hellbent on using technology for the betterment of humanity, a
mysterious but well-known hacking group has unveiled a new
technological tool dubbed "Camera/Shy" to an eager underground
Internet audience.
This latest exploit promises to become a headache for oppressive
Internet censors, snoops, spooks and crackpot dictators the world
over, from China to North Korea to Iraq.
Based in Lubbock, Texas, the Cult of the Dead Cow is considered
the most influential hacking group in the world. The cDc alumni reads
like a Who's Who of hacking and includes a former presidential adviser
on Internet security and the German hacker known as "The Mixter."
A secretive group of five high-IQ intellectuals, they are a wildly
synergistic combination of grit, wit, social activism and righteous
audacity united by a noble purpose to keep the Internet free, healthy
and adventurous and to aid people suffering from government-imposed
Internet crackdowns.
Professing a belief "in the dignity of all human beings" as well as a
love for "loud music and big parties" this "hacktivist" group is known
for stretching the limits of the First Amendment and fighting anyone
or any government that aspires to limit free speech.
To this end, the cDc organized a "special operations group" known as
"Hactivismo" to study ways and means of circumventing state-sponsored
censorship of the Internet and to implement technologies to challenge
information-rights violations.
The founder of the cDc is "Foreign Minister" Oxblood Ruffin.
Like most hackers, Oxblood masks his identity with a pseudonym.
"Our fathers and grandfathers fought wars defending, among other
things, our right to speak and be heard. They even fought to defend
unpopular opinions. It is the unpopular opinions that are most in need
of defense. Without them, society would remain unchallenged and
unwilling to review core beliefs," says Oxblood.
The cDc warns that "free speech is under siege" and they are "deeply
alarmed that state-sponsored censorship of the Internet is rapidly
spreading."
The group is "convinced that the international hacking community has a
moral imperative to act."
Groups like cDc, l0pht and others discourage hacking websites and
denial-of-service attacks. Instead, they try to help dissident
computer groups in totalitarian and repressive societies. For example,
The cDc claims it has aided a Chinese hacker group called the Hong
Kong Blondes by giving it technical advice and software tools
including 5,000 copies of the cDc's "Back Orifice" hacking tool to
distribute in China. The Hong Kong Blondes reputedly were bothersome
enough to be followed by Chinese government operatives when traveling
overseas. In addition, they enlisted the services of a bodyguard.
These cocky cDc roughriders of cyberspace unveiled Camera/Shy Saturday
at the H2K2 hackerfest in New York City. H2K2 is the 2002 Hackers
On Planet Earth (HOPE) conference, alternately billed as a "gathering
for hackers of all types" or a "computer security convention."
The inventor and lead developer of Camera/Shy is a cDc hacker known as
"The Pull."
Camera/Shy
Camera/Shy is a browser that uses steganography a method for inserting
text into graphics files for viewing with companion software. The text
is encrypted and can be pass-protected for an additional layer of
secrecy.
Designed with the non-technical user in mind, Camera/Shy's "one touch"
encryption process delivers banned content across the Internet in
seconds. Utilizing LSB steganographic techniques and AES-256 bit
encryption, this application enables users to share censored
information with their friends by hiding it in plain view as ordinary
.gif images.
Camera/Shy is the only steganographic tool that automatically scans
for and delivers decrypted content straight from the Web. It is a
stand-alone, Internet Explorer-based browser that leaves no trace on
the user's system. As a safety feature, Camera/Shy also includes
security switches for protection against malicious HTML.
It is expected that Camera/Shy will enable people in oppressive
countries like China and Saudi Arabia, to engage in outlawed
communications right under the noses of network administrators.
"The local feds would have a very hard difficult time stopping it,"
says Hacktivismo.
Interview with Oxblood
WorldNetDaily interviewed Oxblood regarding the release of Camera/Shy
and the cDc's hopes to do their humble part to destabilize dictators
around the world:
WND: Do you foresee any concrete threats to this new tool?
OXBLOOD: Not particularly. The developer who invented it is pretty
sophisticated when it comes to vulnerability assessment. But that's
not to say there are no potential exploits associated with this
technology. Because it is being released open source we expect the
hacking community will be able to find any bugs that escaped The
Pull's gaze.
WND: Does it have a "window" of viability, or do you see it as a
pretty long-lasting effective means of communication?
OXBLOOD: We see ourselves in a sort of hit-and-run conflict pattern
with Internet censors, most notably the People's Republic of China.
We'll exploit whatever vulnerabilities are in their censorware arsenal
with C/S as long as it's viable; then we'll dump it and move on to
something completely new. This is the first time state-sponsored Net
censors have run up against anyone willing to challenge them, and it's
causing them, especially the PSB (Public Security Bureau the Chinese
Secret Service) to freak out. They thought all they'd have to do is
call up their stooges from Cisco and the other software titans
supplying them, and they wouldn't have any problems maintaining
control over their people. But we know all about the software they're
using.
The only difference between us and the IT-turncoats doing business
with China, etc., is that we're not for sale. If anything, these
companies are creating a destabilizing international environment by
abetting foreign governments in their quest to choke the free flow of
information. And why these companies are not required to register with
the U.S. government as agents of foreign governments confuses the hell
out of me. As President Bush said, "You're either with us or against
us." You can't work with terrorist regimes such as the PRC and claim
to be patriotic Americans.
WND: How do you foresee members of oppressed populations being able to
find out about it and get it?
OXBLOOD: We have a fairly sophisticated distribution chain that will
be managed by grass-roots democracy and human-rights organizations.
But I am not at liberty to disclose the specifics of any arrangements.
Controversy and cocktail napkins
Some press reports have sensationalized potential misuses of the
hacking tool. These criticisms have their roots in controversial and
unsubstantiated media accounts, published before and after the 9-11
tragedy, which suggested terrorists may have used steganography
techniques to imbed images into .gif files. Such reports were
circulated by the Washington Post and USA Today.
In February 2000, USA Today reported that terrorists were using
steganography to hide their communications from law enforcement.
According to the report, images were being hidden on Internet auction
sites like eBay. But the report lacked the technical information
necessary to allow a reader to verify the claims.
The USA Today article concluded: "It's no wonder the FBI wants all
encryption programs to file what amounts to a 'master key' with a
federal authority that would allow them, with a judge's permission, to
decrypt a code in a case of national security."
A few days before the Sept. 11 terror attacks, a team from the
University of Michigan reported they had searched for images that
might contain such messages, using a network of computers to look for
the "signature" of steganography.
According to researchers at the University of Michigan Center for
Information Technology Integration, they "analyzed 2 million images
downloaded from eBay auctions but have not been able to find a single
hidden message." Their report noted that "recent suggestions in U.S.
newspapers indicate that terrorists used steganography to communicate
in secret with their accomplices. ... While the newspaper articles
sounded very dire, none substantiated these rumors."
Former FBI Director Louis Freeh testified before a Senate panel on
terrorism in March 1999 that "uncrackable encryption is allowing
terrorists Hamas, Hezbollah, al-Qaida and others to communicate about
their criminal intentions without fear of outside intrusion." However,
in two successive briefings following the terror attacks, senior FBI
officials stated that the agency has as yet found no evidence that the
hijackers who attacked America used electronic encryption methods to
communicate on the Internet.
In stark contrast stood the reports that some of the terrorists had
communicated via scribbled notes on cocktail napkins. And while
credible reports suggested bin Laden was using satellite-ducking phone
technology, there remains little evidence that his underlings, who
were intentionally kept in the dark about much, needed to use any
high-tech means to communicate.
Despite the FBI's findings, some U.S. newspapers have continued to
circulate similar reports.
For example, the Washington Post claimed that the inventor of the
widely used PGP, or Pretty Good Privacy, encryption system, Phil
Zimmermann, had been "crying every day ... overwhelmed with feelings
of guilt." Post readers were told that Zimmermann "has trouble dealing
with the reality that his software was likely used for evil."
Zimmermann responded in a public statement, accusing the Post of
serious misrepresentation in publishing things he never said. "Read my
lips," he said, "I have no regrets about developing PGP." His grief
had been for the victims, not for culpability about his invention.
Bane or blessing?
Camera/Shy's inventor and lead developer, The Pull, notes that these
"familiar, dramatic themes" have been "wheeled into the fray" as some
have pointed out that the tool could give violent organizations the
means to operate more covertly.
The Pull responded, "I think, without any pause, everyone who has had
questions about Camera/Shy have alternatively said both 'Camera/Shy
will help terrorism' and 'they will catch you if you use it.'" He
asks, "Well, which is it? Is it really a scary tool which terrorists
could use and get away with? Or is it something that human-rights
activists will use naively and hence get caught doing so?
"The bottom line is that there just are not that many tools designed
specifically for this sort of purpose. It treads scary ground, but it
is ground which must be tread," Pull contends.
In memory of Wang Ruowang
Camera/Shy has been released open source under the GNU General Public
License. It is dedicated to the memory of Wang Ruowang, a Chinese
writer and social critic who was one of three prominent intellectuals
expelled from the Communist Party in 1987 as "bourgeois liberalizers."
The cDc calls Wang "a study in courage." The Dalai Lama referred to
him as a "freedom fighter who envisioned a liberal and democratic
China."
Wang died in New York on Dec. 19 after a brief illness. He was 83.
"I'm really proud of everyone in the group," said Oxblood. "They've
made a commitment to bringing a constitutional toolkit to the
Internet. And although not all of us are Americans, we share the
fundamental ideals of the Constitution of the United States,
especially freedom of speech. Camera/Shy is a small first step in
sharing that privilege."
He adds, "We realize that, but for the grace of God, we could be
sitting on the other side of the firewall," noting that "there's a new
generation of freedom fighters sitting behind computers."
As Hacktivismo says, "Sometimes hiding the truth is the best way to
protect it, and yourself."
http://www.worldnetdaily.com/news/article.asp?ARTICLE_ID=28289
http://www.cultdeadcow.com/details.php3?listing_id=431