flat assembler
Message board for the users of flat assembler.

Index > Heap > [Encryption] Boucher gave in. Fricosu betrayed. Doe succeeds

Goto page Previous  1, 2, 3, 4, 5, 6  Next
Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17273
Location: In your JS exploiting you and your system
revolution
Borsuc wrote:
Anyway, maybe he was protecting someone?
I have been thinking about this since you first posted it but I don't think this is the case here.
vid wrote:
But seriously, read up something about stalinist show trials. If police has you in control without public oversight, it is easy to make you say whatever they want you.
I have also been thinking about this since you first posted it but this is not some detention camp. I consider it highly unlikely that things like drugs or psychological "persuasion" are being used. More likely they found something else instead.

The only explanation I can think of is that Boucher has not used full disk encryption. I think he has used a file container only. The disk appears normal with OS and apps etc. but also with a large encrypted file stored somewhere with the bad stuff in it. Now this means that there is some unencrypted stuff that the FBI can see. My guess is that Boucher has some pirated and/or hacked software/music in the unencrypted portion. Perhaps the DMCA (or some other law) can provide worse consequences than for CP? Sometimes laws are cumulative in that each infringement counts towards extra penalties. Maybe he has 10000+ pirated music files and each one carries a $30000 fine or something? It might be that this is a plea bargain (the US law allows this) and rather then spend the rest of his life paying all his earnings back in fines he decides that 10 years (less 5 for "good behaviour") is not so bad in comparison?
Post 03 Oct 2009, 21:04
View user's profile Send private message Visit poster's website Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
What happens if you say you don't remember the password though? Razz

_________________
Previously known as The_Grey_Beast
Post 03 Oct 2009, 21:50
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17273
Location: In your JS exploiting you and your system
revolution
Borsuc wrote:
What happens if you say you don't remember the password though? Razz
I wish I knew. It would be interesting to find out how it would be handled.

Bruce Schneier has a suggestion to allow one to truthfully say "I don't know the password."
Step One: Before you board your plane, add another key to your whole-disk encryption (it'll probably mean adding another "user") -- and make it random. By "random," I mean really random: Pound the keyboard for a while, like a monkey trying to write Shakespeare. Don't make it memorable. Don't even try to memorize it.

Technically, this key doesn't directly encrypt your hard drive. Instead, it encrypts the key that is used to encrypt your hard drive -- that's how the software allows multiple users.

So now there are two different users named with two different keys: the one you normally use, and some random one you just invented.

Step Two: Send that new random key to someone you trust. Make sure the trusted recipient has it, and make sure it works. You won't be able to recover your hard drive without it.

Step Three: Burn, shred, delete or otherwise destroy all copies of that new random key. Forget it. If it was sufficiently random and non-memorable, this should be easy.

Step Four: Board your plane normally and use your computer for the whole flight.

Step Five: Before you land, delete the key you normally use.

At this point, you will not be able to boot your computer. The only key remaining is the one you forgot in Step Three. There's no need to lie to the customs official; you can even show him a copy of this article if he doesn't believe you.

Step Six: When you're safely through customs, get that random key back from your confidant, boot your computer and re-add the key you normally use to access your hard drive.
It is a bit tricky though and can't guarantee you get what you want. Read the linked article to see how this can backfire.

And why must it be a truthful reply? Because lying to a CBP agent is also a crime!
Post 03 Oct 2009, 22:09
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17273
Location: In your JS exploiting you and your system
revolution
In the UK you can be jailed for not giving your password.

It seems the police have no other evidence against him for anything. If they did have some other evidence then they would not need the password. So this person has been jailed without evidence that shows guilt of anything. The only "crime" they have proof of is him keeping his mouth shut.
Post 11 Oct 2010, 12:21
View user's profile Send private message Visit poster's website Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4237
Location: 2018
edfed
i suggest to jail every government that keep secret a lot of things.

for example, USA that keep secret the september 11th pentagon videos.
Post 11 Oct 2010, 15:28
View user's profile Send private message Visit poster's website Reply with quote
Coty



Joined: 17 May 2010
Posts: 546
Location: ␀
Coty
@edfed, In that case... no country would have a goverment Wink
@revolution, I don't really think that it would be worth it...
Post 11 Oct 2010, 15:53
View user's profile Send private message Send e-mail Visit poster's website AIM Address Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17273
Location: In your JS exploiting you and your system
revolution
Coty wrote:
I don't really think that it would be worth it...
You don't think what is worth it?
Post 11 Oct 2010, 16:06
View user's profile Send private message Visit poster's website Reply with quote
windwakr



Joined: 30 Jun 2004
Posts: 827
Location: Michigan, USA
windwakr
revolution wrote:
In the UK you can be jailed for not giving your password.

It seems the police have no other evidence against him for anything. If they did have some other evidence then they would not need the password. So this person has been jailed without evidence that shows guilt of anything. The only "crime" they have proof of is him keeping his mouth shut.


4 months in jail is better than what he would have gotten if he did indeed have CP on his computer and gave them the password.

Also, lol at 'Police are still trying to crack the code on Drage's computer to find out its contents 17 months after they seized it'. Are they stupid? Why even bother trying?

_________________
----> * <---- My star, won HERE
Post 11 Oct 2010, 17:37
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17273
Location: In your JS exploiting you and your system
revolution
windwakr wrote:
4 months in jail is better than what he would have gotten if he did indeed have CP on his computer and gave them the password.
Yes, perhaps. But 4 months is a lot worse than what he would have gotten if he had "nothing of interest" on his computer. It is a very slippery path to putting someone in jail for just an accusation. Remember there is no proof. Also there is no guarantee that 4 months is the end of it. After 4 months they ask again for the password and then the cycle repeats.

I use TrueCrypt. It scares me that someone might just decide to accuse me of something I don't have. And because I won't reveal my password I can end up in jail based upon a simple accusation?

Besides there are other ways to break the crypto. Key-loggers, either hardware or software based, can be surreptitiously installed by the cops - with appropriate warrants and things of course. Pin hole cameras could record the typing and/or take screen shots. The crypto software could be patched to send the master key to a server (i.e. installing a backdoor). Lots of methods can be applied without the user knowing anything. And if the user is extremely clever and discovers the subterfuge then I guess it is just another one that gets away with it, but better that than putting innocent people in jail.
Post 11 Oct 2010, 18:34
View user's profile Send private message Visit poster's website Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
windwakr wrote:
4 months in jail is better than what he would have gotten if he did indeed have CP on his computer and gave them the password.

Even if it was "regular" pr0n or his girlfriend's nude photos, he would probably prefer to hide it and spend a few months in jail than be ridiculed in front of his family and everyone else.
Maybe it was nothing and they got the wrong guy. You know, sh*t happens, especially online. A guy on a forum I visit was repeatedly being accused of pedophilia by another member. He had trouble with justice and almost lost his job.

windwakr wrote:
Also, lol at 'Police are still trying to crack the code on Drage's computer to find out its contents 17 months after they seized it'. Are they stupid? Why even bother trying?

What? Still 998 years and 7 months to go and you want them to give up already? Don't interfere with the wise use of the taxpayer's money. Cool
Post 11 Oct 2010, 18:39
View user's profile Send private message Reply with quote
rugxulo



Joined: 09 Aug 2005
Posts: 2341
Location: Usono (aka, USA)
rugxulo
revolution wrote:
It scares me that someone might just decide to accuse me of something I don't have. And because I won't reveal my password I can end up in jail based upon a simple accusation?


There are lots of scary things out there. People can pretty much do whatever they want, even with impunity. It is not a just world. But that's why it's good to have friends to encourage you, heal your wounds, distract you from your own pessimisms, even defend you if needed, and of course most important (though I know you're not religious) ... faith.

(sorry, gotta quote here, it's supposed to make you feel better that God cares about injustice ... and don't forget we're in Heap, so don't be too angry with me!):

Amos 8 wrote:

Hear this, you who trample upon the needy and destroy the poor of the land!
...
The LORD has sworn by the pride of Jacob: Never will I forget a thing they have done!


EDIT: Yet He is a God of mercy, so please don't misunderstand. He will quickly forgive anything if you ask, do penance, and if you plan to avoid it in the future.

(And yes, I know you'll say, "But why is He so slow?" His time is different than ours. Remember, He's a true perfectionist! Life is indeed always going to be full of suffering, but moreso for the unjust person!)

Psalm 13 wrote:

For the leader. A psalm of David.
How long, LORD? Will you utterly forget me? How long will you hide your face from me?
How long must I carry sorrow in my soul, grief in my heart day after day? How long will my enemy triumph over me?
Look upon me, answer me, LORD, my God! Give light to my eyes lest I sleep in death,
Lest my enemy say, "I have prevailed," lest my foes rejoice at my downfall.
I trust in your faithfulness. Grant my heart joy in your help, That I may sing of the LORD, "How good our God has been to me!"


Those are His words, so surely saying that to Him can't offend Him! Don't be afraid to pray this.

Sure, some reasonable (simple) amount of discipline is a good idea (e.g. lock your door, don't go walking alone at night), but encrypting everything like someone is constantly looking over your shoulder is too much, even if true! (Besides, probably wears your drives out faster.) It's no fun to live in fear, esp. if that fear spoils what is otherwise a perfectly enjoyable life! I mean, it's ridiculous to have to have passwords for every banal site on the Internet. People should really find better, more constructive things to do than hack websites, exploit security holes, etc. (And yes, I know, we can't stop them, but still ... it's so extremely pointless and a waste.)

On the opposite side, some things you can't even FORCE people to look at (ahem, FreeDOS). So the solution to everything is just be boring and annoying, then nobody will care. Comes naturally to some of us. Wink
Post 11 Oct 2010, 20:43
View user's profile Send private message Visit poster's website Reply with quote
Coty



Joined: 17 May 2010
Posts: 546
Location: &#9216;
Coty
revolution wrote:
You don't think what is worth it?

Bruce Schneier's "suggestion" to truthfully say "I don't know the password."
Post 12 Oct 2010, 18:58
View user's profile Send private message Send e-mail Visit poster's website AIM Address Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2914
Location: [RSP+8*5]
bitRAKE
[Can't access the original article.]

There are plenty of data formats online which have available space to store additional data - not just pictures. The only methods of detecting it are statistical (i.e. flawed). Security IS an illusion.

Computers can even detect users by usage patterns - who needs a password? I want my email to darken and music volume to lessen when someone is standing behind me. Maybe a video window opens to show the lurker, too. Razz So many people at the café trying to read my x86 code, lol.

Don't ever give in to attacks on personal privacy. Let them hunt and make claims. Stand your ground and admit nothing. This struggle is the cost of freedom. It happens first in the populous and then in the courts. The process will dissolve as it becomes ineffective, or abusive (unless there is no transparency - we must insure that as well).
Post 12 Oct 2010, 21:12
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17273
Location: In your JS exploiting you and your system
revolution
bitRAKE wrote:
[Can't access the original article.]
Link still works for me.
bitRAKE wrote:
There are plenty of data formats online which have available space to store additional data - not just pictures. The only methods of detecting it are statistical (i.e. flawed). Security IS an illusion.
Steganography. But this should not be needed unless our government is oppressive.
bitRAKE wrote:
Don't ever give in to attacks on personal privacy. Let them hunt and make claims. Stand your ground and admit nothing. This struggle is the cost of freedom. It happens first in the populous and then in the courts. The process will dissolve as it becomes ineffective, or abusive (unless there is no transparency - we must insure that as well).
Yes, good words.
Post 12 Oct 2010, 23:12
View user's profile Send private message Visit poster's website Reply with quote
Tyler



Joined: 19 Nov 2009
Posts: 1216
Location: NC, USA
Tyler
Quote:

Link still works for me.

Cached? It says it was deleted for me. Save yourself a copy, I bet it's only in your browser's cache.
Post 13 Oct 2010, 01:03
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17273
Location: In your JS exploiting you and your system
revolution
I don't have any browser cache.
Post 13 Oct 2010, 01:11
View user's profile Send private message Visit poster's website Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2914
Location: [RSP+8*5]
bitRAKE
Maybe, it is our oppressive government. Razz
Quote:

404 Page Not Found

Unfortunately we are unable to locate the page you have requested. This could be due to content on our site having expired, a broken link, an outdated bookmark, or a mistyped address. Please use the navigation provided on this page, or click here to visit our home page.
Post 13 Oct 2010, 05:25
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17273
Location: In your JS exploiting you and your system
revolution
Oh, I see. You are trying the URL in the very first post from a year ago. I thought you were asking about the latest URL about the UK 19 year-old that I posted when I reopened this topic yesterday.

Anyhow, I have replaced the "original" URL in the first post. Seems the new URL has a little but of an update also regarding Boucher.
Post 13 Oct 2010, 05:52
View user's profile Send private message Visit poster's website Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2914
Location: [RSP+8*5]
bitRAKE
Now that we have his name:
http://en.wikipedia.org/wiki/United_States_v._Boucher

Of the latest article, I find the following very disturbing:
Quote:
Last year the first person jailed for not giving police access to encrypted material, was a 33-year old businessman known only as JFL (revolution? Razz).

He was not judged to be a threat to national security, and the encrypted material in question was not suspected of securing illegal material.

The man who ran a software company in London told a judge he was refusing to disclose the code on principle, on the basis that he should have a right to silence but was jailed for 13 months for refusing to hand over his decryption keys.
It's like having a locked front door to one's home, and the police say one is guilty because they will not open the door and let them in. Here in the US we have the option to invite Police into our homes or not -- in all but extreme cases some proof of wrong doing is required.
Post 13 Oct 2010, 06:27
View user's profile Send private message Visit poster's website Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1901
DOS386
> In the UK you can be jailed for not giving your password.

Because UK is just a slave of USA (same for Germany, Poland, ... & Co ... except Iran + North Korea) Sad
Post 14 Oct 2010, 03:38
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4, 5, 6  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.