Categories
Training

COMSEC

J6 participants are being charged with crimes, and supposedly encrypted communications are being used as evidence against them.

Either participants in the conversation are informants, or the Fed’s are reading encrypted mail.

  • Assume that all communications methods are compromised. Don’t discuss sensitive issues in the clear, even on an encrypted network. Use code words and phrases.
  • Any code can be broken, given enough money and computer power.
  • The easiest way to break a code is to break someone with the decryption key. Everyone has a weakness and this weakness WILL be used to break them.
  • In any organization, the chances of an informant increase exponentially with the size of that organization. Keep things small, close knit, and organized in cells of no more than 8 people. That way, potential informants only compromise the members of their cell.

Big brother is watching. For now, those who fail to learn go to jail. Soon, slow learners will be killed by government agents.

12 replies on “COMSEC”

The article refers specifically to Oath Keepers (egregiously mal-characterizing it, of course).
If Oath Keepers isn’t full of LE types, including Feds, we must be in some strange alternative universe. I mean… doesn’t Oath Keepers go out of its way to recruit cops? Isn’t that its original purpose?
It’s not exactly a secret society, and if a group is publicly visible and openly recruiting, it’s best to assume that there are informants present.

everything has a back door built in … from operating systems to processors and they have all the keys

Note, there is a difference between a cypher and a code.

A code can not be “cracked” but it can be compromised. “John needs a bottle of liver pills” could be a code. The words could have replacements. John could mean “at 1700 Friday” bottle could mean “grand central station” and liver could mean “avoid”.

You need the code book in order to understand the message.

Most current codes are bad. John means a person, liver pills means meth, and bottle means 1k. This code is bad and easy to understand once you have a few intercepts.

Cyphers are a scrambling of letters or bits. The simplest cypher I know is a simple rotation cypher. They can be cracked with knowledge and computer power.

I’ve used a computer program to decrypt an enigma cypher. It wasn’t easy but it could be done in an hour or so.

Uifsfgpsf

Pof ujnf qbe dzqifs are more effective, but breakable with computer support, but there are other ways. The weak point in any code or cypher is an informant.

I don’t think I’ve heard of a one time pad that has been cracked. Compromised when the pad was discovered, yes, but I’ve seen no reference to them being cracked.

Using a true random source, such as atomic decay, to generate a sequence of bits then use that as your pad.

If a pseudo random source is used then it isn’t a one time pad.

Sorry, I don’t mean to argue. Do you have any open references to one time pad being cracked?

You touched on the reason they have been cracked: it is beyond the capabilities of practicality for a private citizen to be able to generate a truly random key and keep it secure.
IMO, this is why the Feds stopped fighting encryption. They have subverted or inserted back doors into all of the ones they couldn’t beat, and can beat the rest.

All those apps you think are secure, the federal body inspectors and dunces hating sitizens mine this stuff all day, it is one of their biggest sources of pathetic threat reporting. If it aint in person, it aint secure, especially if your a target. Oh crap i cant use that word, I mean suspect.

The use of “decrypted messages” is a cover story for FBI informers being one of the senders / receivers. Have decades of making and breaking this kind of technology. Even shipped a product using the Signal encryption library (TextSecure). I know the code and the math.

In theory the TLA’s could use their custom hardware farms to brute force break the messages but that is very expensive. Much easier to use your informers, sorry assets, to provide the plain-text. Almost all compromising of comms / infrastructure systems is social engineering. Of one form or another. Compromising technology is very difficult and expensive but placing compromising people where you need them is easy and cheap.

Another thing to bear in mind is that any tech that reduces the potential attack surface to nil will never see the light of day in the US, Five Eyes, or any major state player country. You will get a polite visit by men in suits from the local TLA’s “suggesting” technology acquisition by a state research institution. They will be very persuasive. End of problem. For the state players.

Doesn’t have to be a state research institution, as such. Secure comm apps that gain any public interest get gobbled up by the likes of Facebook and Google, whose business models involve tracking users’ connections and interests – hence, all their comm apps must have monitoring features built right in.

Those are the “low security” building blocks. The stuff I am talking about is end to end technology that would definitely get a 22 CFR ยง 121.1 visit from some guys in suits.

Just like there are very interesting technical silent spots in the textbooks published in the US/UK etc on cryptography etc. Whereas Israeli and Eastern European textbooks and Russian ones of the 1990’s go into great detail about traffic analysis etc. Where the real action is when it comes decryption and cracking. You get hints of this in US/UK texts on steganography but thats about it.

As for google / FB etc. Their business model is collecting, aggregating and selling personal information. Less interested in raw data. more interested in network patterns. Thats were the value is. Although FB is Stasi level of creepiness and evil.

Reminds me of the ugly legal fistfight the U.S. gov had over crypto software and trying to classify it under ITAR.

There’s an XKCD cartoon that I’ve posted half a dozen times that talks about how crypto-nerds view the world vs. the way things really happen.

Without doing a panel by panel, word by word, the punchline is “His laptop’s encrypted. Drug him and hit him with this $5 wrench until he tells us the password.” Humint is always going to be the way around crypto.

Plants, Fedbois, call them what you will, but as has been noted, there’s probably an informant (or several) in every organization.

Comments are closed.