3 March 2010

A writes:

I've been reading these wonderful "spy" booklets/presentations you've been publishing. It's relatively interesting, however I have a feeling you may be missing a moment.

Well, in some point I and you may be from very different barricades. I have sometimes to deal with security such way that it does not slip out, in any possible way. However the paranoia-security is not my motto. If it slipped out, well, too bad. It's out there and you can't do anything with it. And here I think you are doing one of the greatest jobs on Internet - nullify the value of many "secrets". Good or bad ones it does not matter. Without such guys like you we would have here a Hell of a black market flourishing around. How many little guys have not eaten their bread on some Cayman resort due to you? :)

Anyway, I do think that secrecy has some places to live in. And not only and exclusively in some government vault. Even the guy on the street has some secret that it shall not be known to his wife... Or the Tax Service.

And here is where I go in. There is some sort of "field of investigation" people call "Computer Forensics". In fact it is a huge mess hanging between formal principles and amateur tricks. In some ways I am related to it, while it is not my regular profession.

You know nearly 90% of cases I had to deal with are related to victims. It is quite rare to have to deal with suspects per se. Maybe it is a personal fact, but I seriously doubt that in other fileds things are much different. In fact, most of the body of evidence has to be taken from an event "per se", not from the fact of what you may think about the suspect. And even if you are on the track dor the suspect you have to stick to the event and avoid getting around for every piece of shit you may dig from someone.

Meanhwile, to do the work the right way, you have a tremendous difficult task to deal with: most victims suspect by default. They may even have made some good effort to find you but, from the very moment you say "I need to see your computer", things get weird. They will never say "no", but they will never show they will be happy for that.

To do the job, one has to do it the hard and harsh way - build a trustship between the investigation and the vicitim. Not so simple at all, specially when there are vicitms who may be considered suspects (in the Internet world of 'fishings".and trojans, it is very easy to become _the_ suspect). And one have to use several tools you may not like so much - confidentiality, privacy and secrecy. Because everyone has a secret to hide, no matter big or small. It probably is an element of personality anyway. Yes, the investigator shall avoid to get into the mess of hiding clearly criminal matters, however, it is a very thiny line sometimes between the acceptable and the rules of society. Anyway, if the crime you have to deal with is heavier than all those secrets, I think they shall stay where they are.

Now I look at all these "spy" paraphernalia you have been publishing. What i see? The subject of investigation is the suspect by default. It is even quite clear on Microsoft docs where they overuse the word "suspect" several times. Meanwhile, there is no direct concern in relation to victims. How privacy may be afforded, how to provide a trustship... No, nothing. All we may see is waivers, data collection on the edge of blindness and "tricks of the trade" (these last ones are clearly seen on Microsoft materials). Even if one has "nothing to hide", he would be out of his mind to sign a waiver the way it was shown in one of those documents. It is a complete stripping of privacy and confidentiality. Everyone is "suspect by default".

What this may lead us to? In my position, I would see it as if Sherlock Holmes books were written the other way - on every investigation Sherlock would strip-nake every possible suspect of the crime and dig on every pocket and every hole in it. And leave the victim's body rot to the flies. Why would one bother to see the crime scene?

Frankly things may be not that bad. For now. Still investigations go on and people work. However, I see a growing mumbling fear rising from everyone I have to deal with. If it was hard 10 years ago to "go on it", now it is nearly impossible to put the victim on the right track. And one of the things that are making it are these leaks. There, one can see that if is not clean in front of their God and his dog... He has no right to justice. Like in the Middle Ages.

No, it is not your fault. You didn't write that. It was there before you published it. But it is turning things into the worst of possible ways. Criminals didn't go anywhere. Rough justices also. Meanwhile I see this "spy" circus, the more "flexible" Miranda rights and the massive turn of Justice into a globalistic farse. In the whole, we have a mess turning into a massive FUD, in the complete sense of its meaning. The consequnces may range from a cynical show, in the best traditions of Monty Python's "who called the Spanish Inquisition", to a revival of 1937 (but not in Russia. Sorry, we had 1937 already). Which o these ways the world will go?

I think that you are missing this moment. Yes, police is evil by default. But the worst is lawless police using needed tools the other way down and under a completely paranoid society. Not mentioning this, I think you are helping the desease, not healing it.

And here there is also a point that you should look at. In the whole, you mention lots of interesting companies. Well, where is open source here? No I am really a open source guy, everything I do is on open source. But open source is much more premeable to forensics than all these (half-)closed products and services. In fact, much of modern forensics was created and grew due to open source.

Considering the way things are being shown, I see people running to open source, thinking they have a safe haven out there. Uh, that's not exactly the way things are here. In fact they are much different, even forensics is still a "victim's tool" by the most. Yes, also here it is possible to do things such way it would be really hard to break in, both for the criminal and the investigator. But that demands professionalism and education. These recent freshmen I have seen lately don't have both. All they know is to use Ubuntu much like they used Windows...

In resume, I would be careful to keep dropping this "spy" stuff in a "as is" manner. But anyway you and me are different people right? Each one with his own secrets, right? However, don't forget that in every human on Earth there is a little of a punk inside his soul. Don't feed too much that little secret every human carries with himself.

Cryptome:

Your comments are most welcome.

Those who spy do not call it spying, it is those upon whom the spies spy who rightly call it spying.

Spies call spying a slew of disarming terms: Forensics, investigation, probes, intelligence, surveillance, research, observation, analysis, data gathering, data analysis, data mining, log filing, system testing, polling, questioning, interrogation, looking into, checking, double-checking, reviewing, verification, authentication, testing, evaluation, protection of the customer, the citizen, the nation, and more misleading terms being invented and deployed all the time.

Apologists for spying have an ancient and wide range of justifications for the practice and never admit it is not needed or wanted by the targets of spying. Instead, spies have forever claimed their offense is on behalf of the innocents who do not understand how dangerous the world is.

Spies do not believe they are subject to the same rules and laws of those spied upon, and for that reason they are outlaws, many of them criminals, and none are trustworthy.

Above all spies do not trust each other and their inbred paranoia is projected onto the public. For spies secrecy is oxygen, without it they suffocate. Transparency about spying is impossible, for once spying is exposed to sunshine it is no longer spying.

To be sure, spies these days proclaim they are in favor of openness but that is pure deception; deception is the lifeblood of spies, and especially ex-spies, and even moreso the overseers of spies.