There are many actions you could take to mess with the investigation that might seem like fair game, but you should discuss each one with an attorney so you don't provide some arcane justification for them to arrest you (by hacking back, or even maybe "interfering with an investigation").
Once you get past that stage, the attorney can help you petition to stop the behavior or demand more information about it.
Legal advice is what you need now, not tech advice.
(Because the server is crushed, I'm only getting the basic gist - forgive me if you've already done this.)
The only relevant piece of advice here. This is, after all, Canada: if it is indeed CSIS who setup backdoor the OP's computer, there is a paper trail. Lawyers know how to obtain this paper trail. I don't know Canadian law, but the worst I could possibly think of in any of US/UK/AU jurisdiction is that the paper trail says "confidential, pending investigation".
I should add that while the malware in question may indeed talking to CSIS servers, this could be the case the CSIS servers themselves are hacked -- more likely by an automated worm in service of spammers (and honestly this is what the 'PG' person sounds like to me -- a scammer/spammer) than any scary entity.
Regardless, this is a legal, not technical matter at this point. Get recommendations for a lawyer in your area (you could also try contacting the university staff for this -- they may well be required to help you find an attorney), talk to them. Avoid posting anything else to a public forum.
Don't. They take forever as they have only so few lawyers and they're all backlogged for months. They're also not equipped for this kind of thing. Their lawyers focus more on civil suits, not criminal..
> EFF maintains a list of attorneys, called the Cooperating Attorneys list, who have told us that they are passionate about the same things we're passionate about, and who have indicated that they have some of the same areas of expertise. If we can't help you, but feel that your case is something our cooperating attorneys may be able to assist with, we'll offer to refer you to one of them.
More to the point the EFF's lawyers are US lawyers. Canada is an entirely different beast from the US in terms of legal system. Their separate mailing list may have Canadian lawyers, but I'd suspect that the vast majority are US lawyers.
Don't rely solely on EFF, but also don't avoid contacting them. I have a friend of a friend who contacted the EFF and was given immense help on short notice. Their lawyers do work they find interesting. Explain your situation and see what comes of it.
I'm not a lawyer nor do I know any who can deal with this kind of thing. However I do know that in Canada CSIS will not spy on citizens unless they have a warrant for it. So getting a lawyer is a great idea at this point. If the government is spying on you they have reasons to believe you are tied to someone who might pull you indadvertedly into something illegal.
"Hello, I'm sure this is all a big misunderstanding, but did you happen to root my computer?"
Not trying to be sarcastic, but I'm really curious what such an email could possibly achieve. If they tell you they haven't done anything, they're either lying or not - you wouldn't know. And really, what are the chances they would tell you that they have rooted your PC if they had?
It'd likely only achieve something if someone else is trying to pull a prank either on him or CSIS, in which case drawing their attention to it might not be so bad (and of course if it's them, they already likely knows he knows, so who cares).
I don't know you and I don't know the world you live in, but just from your worried tone, and the rate at which you're responding to comments in this thread, I just want to say: take a breath. Engaging in a wild HN thread, full of well meaning but varied techy suggestions/speculation might not be the best approach right now. Have some friends sift through it for good information and disengage. Seek legal advice, and take it slow.
I strongly suggest you take a week off - don't expend valuable energyon trying to control the things that are stressing you. Check in and say hi to friends on Twitter (or suchlike) by all means, so that nobody has to worry about you, but don't put pressure on yourself to get to the bottom of this or resolve it within a certain timeframe. You haven't done anything wrong that I can see so there's no particular reason you should knock yourself out trying to untangle the situation.
Watch some movies, catch your regular classes (or skip a couple if you can), read that fat sci-fi novel - fill in the blank. FI anyone you don't know calls you on the phone just tell them you're not interested, goodbye, and take a rest from the internet. After a week, chat to a lawyer and work on the fact that someone is harrassing you - might be an intelligence service, might be criminals, but make it your lawyer's problem. The best thing for you right now is to recharge your batteries and that putting some distance between yourself and the source of your stress. The best way to deal with your computer being hacked is to leave it switched off; not least because your lawyer might advise handing it over to a forensic analyst for an audit.
But primarily, take it easy and be good to yourself. Nothing obliges you to wear yourself out responding to the behavior of others if it is making you stressed or unhappy.
Yes.. and in the meantime, I suggest all of us watch this 29c3 talk by Jacob Applebaum, "Not My Department" ( http://www.youtube.com/watch?v=7mnuofn_DXw ), and think about all our roles in all this. It's not going to stop unless we make it.
There seems to be a new pattern where anyone involved in promoting free speech and privacy through encryption gets harassed by the state, regardless if they actually did anything illegal.
Although the details of the gov's investigation and harassment of Jake are largely shrouded in secrecy, his harassment at the border began right after giving a keynote at HOPE 2010 in place of Julian Assange, as the only US citizen identified in the media as a member of the Wikileaks team.
Although I think what the US government has done to Jake is quite clearly a disgusting abuse of power, let us not kid ourselves by somehow believing that the state has gone after him because he has publicly advocated for the use of strong crypto.
| his harassment at the border began right after
| giving a keynote at HOPE 2010 in place of Julian
| Assange
| the only US citizen identified in the media as
| a member of the Wikileaks team.
I'm thinking that these two pieces of information are part of it.
IIRC, moxie said at some point that he was being harassed because he was a contact on Jake's phone which was confiscated by the US government at some point, so now he's associated with him.
Ok, to explain in the least charged way as possible.
First, I will tell there are "groups", mind you, I only mean a collective of individuals and organisations, that many times are fighting amont themselves, also individually they may have different aims and purposes, but the "group" thing simplify the things.
Second, the subject is very ancient, so I will try to talk only about the last 100 years, because otherwise it will become a too complex thing to write about in a short post.
Also, I will not name the groups, because whatever name I use for each of them, have different meanings and charges to each person, resulting in a flamewar (and the reason people think I am crazy).
I will list the groups in order of theoretical and legal (not necessarily de facto) power.
Group A: This group is in power in several states, run some huge international organisations, and wants more power centralisation, individuals within it want more power to themselves.
The Group A is very much against cryptography technology leaking (the weapons of choice of Group E), Group A also tend to help Group C if they think it will be a blow to Group B or E, otherwise they currently use Group C as scapegoat and target to fool their subjects in giving them more power.
Group B is very much alike Group A, but with fundamentally different economic beliefs, Group B realised it cannot beat Group A directly, so they right now work by mostly promoting ideologies and morals that will undermine Group A centralisation of power and capacity to react, Group B also don't like Group E, and don't like crypto on Group E hands, but sometimes they might allow Group E to get that tech if it means improving their own to use against Group A.
Group C currently is like Group A and B, but based on religion, also Group C recently took over 4 countries, with great help of Group E and Group A, much to the regret of Group E that only now realised it was against their interests to this happen.
Group D only want to be left alone, but are frequently caught in the crossfire.
Group E are the opposite of Group A, they want more freedom, more decentralisation, and of course, more power to themselves too, but not in a hierarchy, and more splintered. Group E loves cryptography, and the reason OP is being hunted, is because he is helping Group E (on purpose or not).
The only one i think i can't figure out is Group D.
Also, if my guesses are right, the economic beliefs of Group B are not so different from Group A anymore.
Group A, and B, have names, that they used themselves, but those names are too charged for me to use, people will misunderstand things, and think I am talking about something else.
Group C probably has a name, but I don't know it.
All Groups, maybe with exception of B, are not much cohesive and are easier to say who belong in them.
So, I will say some organizations that BELONG to some groups (they are NOT the groups, they are PART of them, a small part by the way).
Group A: Has on it the UN, and several countries. Also has on it some esoteric organizations and religions.
Most people don't notice, but Thelemites (followers of Thelema) frequently align with Group A, so if you want some extra information, read about that.
Group B has on it the followers of Gramsci, Frankfurt School, several atheist evangelists, and part of their strategy was very much well explained by a guy named Yuri Alexandrovich Bezmenov, see if you find his interview.
Group C has on it Muslim Brotherhood, and Al Quaeda, "Al Quaeda" means "The Foundation", and Osama Bin Laden has read the foundation series by Isaac Asimov, so if you want to know what Group C is doing, read those books, and think about how you would apply them to present age...
Group D has people like the guy above that claimed to be part of F, also has countries that don't want to be dragged in all the A, B, C craziness, like some african countries, some asiatic countries, and so on.
Group E has among them the OP, Julian Assange, Punks (the ones from 70s), Cyberpunks, Cipherpunks, Anonymous, Libertarians, Far right groups, non-aligned christians (those that follow the bible and reject mainstream churches), a small amount of catholics, secularist arabs, conspiracy theorists, nutjobs, normal people that dislike their constitution torn apart, federalists, Catalan/Scotch/Chechen/Kurd/Touareg/Xeer/Somalilandi/Gaucho/etc... independence/autonomy movements, Occupy X/Y/Z, Indignados, Golden Dawn Party, the norwegian serial killer, lots of other random people.
Groups that I don't know their alignment: Shia countries (Syria, Iran, Iraq, Lebanon), seemly those are related to D, several people in E are helping them (and A and C are attacking them).
For those wondering where is Israel, Zionists and Roman Catholic Church. I will leave those out on purpose.
After watching a few Bezmenov videos, i wonder if your Group B is still trying to subvert the west?
My believe was that the KGB had degenerated into some sort of mafia and russia was now playing the capitalist game (by their own rules of course). But then again i don't know much about those things.
"First, I will tell there are "groups", mind you, I only mean a collective of individuals and organisations, that many times are fighting amont themselves, also individually they may have different aims and purposes, but the "group" thing simplify the things."
naming the groups by their most conventional names, you gone so far as to create the dynamics of these groups, why forgo naming them? not really understanding the cloak and dagger element
Probably because the name for the groups is something like "Illuminati." It's possible he could just be talking about A and B being capitalists and communists though.
exactly, just want to know if he is making an insightful geo-political theory on interactions between groups, or if it is hagbard celine and the yellow submarine.
I'd like to point out that we like cake and tea, and amuse ourselves with getting on with stuff, while groups A-E do their best to screw it up. If A-E could just naff off and let the rest of get on with it, we'd be in a much better place.
You're covered as a part of Group D, the most dangerous group: content with at best an "enlightened hedonism" (work diligently, but only so that you could afford that 60" TV), while groups A-C strip away your liberty and safety.
First, you will understand lots of things easier if you read at least the first book of the Isaac Asimov "Foundation" series.
Then, I've been researching this for a looooong time.
Also you will waddle through lots of crazy stuff, trying to find the gems.
I only started to find out, what information matters, and what don't, what is real and what is just nutjob ideas, after I met some particular people in real life.
Also there are deep religious issues on this, and some fringe stuff (for example: the ex-wife and some more people related to a known member of Group A claimed that he rose to power in his country using black magic).
But a good start, is research about what is Thelema (and its followers), who is Antonio Gramsci, what is Frankfurt School, what is Muslim Brotherhood, the islamic plans for gold standard, Colonel Gadaffi push for gold standard, Punks, Cyberpunks and Cypherpunks, Saddam Hussein push for oil be sold for Euro (instead of USD), Sunni vs Shia wars, pro-Assad christians.
These are the stuff I remember where real facts are easier to find.
Other things that I would mention here are too bizarre and hard to understand, and filled with misinformation.
Also if you decide to research this stuff, caution to who you talk, you might get dragged into the thing (and let me tell you, it is not pretty, I had two serious close calls recently).
Of course, like the OP, you might get dragged into it anyway.
It may sound cliche, but fiddling with that stuff, that I learned how serious the phrase "And when you gaze long into an abyss the abyss also gazes into you" is dead serious.
I cannot say much, in fact I wrote a post that now I just deleted and will make a even shorter version with less information.
But let's say that I had a online friend, that I decided to help, and found out that this friend was a unwilling weapon of "Group A" that escaped, and was being searched for, and I got tangled into very hair raising stuff (including death threats toward me).
And I learned lots of stuff, that I wish I had not learned, the sort of stuff that make people say that "Ignorance is Bliss", but now that I learned, I must act upon it, there not much else to be done.
It was a hell of a adventure. The most scary shit I ever faced in my life, and made me get much more mature and responsible.
Also I almost lost my family in the process (they were very much against some actions that I did and became incredibly upset).
Happily they later understood everything that I did and now we are happy again.
Slow down a bit there. Whatever is happening, you need to slow down. Don't make any quick decisions. I know you may feel under a lot of pressure. Best way is to talk to someone you know and trust. A family member or a very old friend. These people love you and want the best for you. Contact them, and explain what is happening. Then with their company, analyze the situation.
I want you to do this. Your current position may make it not so simple. But you must slow down and regain your composure.
Such situations are better dealt with people who love you.
Postpone any harsh decision until you have met with a loved one and have explained the items.
Remember that there is always a way to work things out. Dont lose hope. I want you to remember that things get better. They improve. You just need to slow down and reason a bit.
I'm not doubting your points. But I want you to go to a safe place where you can get some rest. Tomorrow you may be able to think about this with a better understanding. You are a smart person. You always figure out hard problems. You need to rest a bit before you can tackle it. Go and stay with a loved one. They will welcome you and listen to the items you are talking about.
I am orangethirty. Have been programming for a long time. I live in the Caribbean, and you can read more about me on my github (github.com/orangethirty). I'm only interested in your well being. We all want for you to regain your inner peace.
If you need anything, then let me know by posting here. If you feel comfortable emailing me, then do so.I am not pressuring you to do so. Do it if you feel like it.
I want you to remember that tomorrow is another day. Things improve. There is a way to solve every problem.
Image the drive, sign and optionally encrypt the contents, preferably file-by-file checksum and copy to multiple secure locations. Copy of checksums in additional secure location.
Get out of your house with your computer as soon as possible (as soon as you upload one or two images). Do not leave the computer, they will try to destroy or confiscate the evidence. Plan to store computer in secure location, preferably with 24/7 video monitoring and a heavy duty safe. Preserving the evidence is probably that important.
Try to be in the company of someone you trust so they can act as a witness and can protect you from physical intimidation or attack.
Assume phones are compromised including GPS on your mobile phone. Assume you are under physical surveillance. Assume your car is compromised.
Relatives and close friends will be known to operatives. May be a good idea to spend 1-2 nights in a motel with a friend without anyone's cell phone paying cash until you secure copies of your data and get advice on what to do next.
Yeah, actually I think he probably meant "PG" and not PG. But by the time I realized that, someone had replied to me, and I don't like to delete comments with replies.
Did he learn his trade from movies or so something? What if there are 2 people in black suits? Oh, covered, he will be the one with the shaken martini.
Nothing wrong with black suits, in London theyre very common among business people.
Not everyone has the luxury of wearing t-shirts and jeans to the office.
Black suits aren't supposed to be worn for business. They are for evening wear. They should only be worn in the day if you are a waiter, doorman, undertaker, American etc.
It seems ridiculous that an "intelligence" organization would upload files to a server that identified themselves so blatantly like that. Could it be that it is some ruse of some sort? I don't doubt that someone broke in, but would it really be CSIS?
An actual exploit like this designed to monitor the hacked computer would likely either talk to a small range of IPs in the infiltrating organization, or a widely scattered botnet.
Trying to contact a small variety of servers of various disparate government agencies seems more like an attempt to generate false evidence that the victim is actually a dangerous hacker.
Or at least that's what Stephenson, Doctorow, and Gibson have trained me to think.
Which one is? I put the Mosad up there, but most are summed up by the statement: Reward for failure. Screw up, get given a bigger budget so it doesn't happen again.
For the limited scope of the work that they do (which is essentially limited to what the NSA does in the US. They don't really do what the CIA does), and with a relatively small $600 million dollar public budget, they're known to be quite competent.
This story sounds...weird. I doubt it is quite as he suspects it is.
I think you've got it mixed up: CSIS [0] is the Canadian CIA, having been created in the wake of shutting down Department D of the RCMP after one too many scandals in the 1970s. The Canadian NSA is the CSE [1].
>which is essentially limited to what the NSA does in the US.
The NSA doesn't do field intelligence work, AFAIK, unlike CSIS.
>This story sounds...weird. I doubt it is quite as he suspects it is.
It's weird, but I'm not sure who else other than CSIS would have the motivation to hack an activists computer so it sends data to CSIS-affiliated servers.
The author said "Hostnames that appear to belong to CSIS.". Reverse DNS should not be trusted. Saying that a hostname "appears to belong" to someone is a naive statement.
Indeed, spoofing reverse DNS is not hard -- and spoofing reverse DNS to appear like an intelligence agency is straight out of every 1990s IRC script kiddie's cookbook.
This guy should widely distribute the SFTP creds being used by the backdoor agent on his computer. Then we could all be helpful by uploading useful data to the Canadian government's spy server.
If he was backdoored by a 3/4-letter and he is not skilled[1] in malware analysis how likey do you think it is that he will recover the credentials? Do you think it is as easy as:
$ ls -l ~/.ssh
total 80
-rw-------+ 1 nadim staff 737 Aug 22 01:39 authorized_keys
-rw-------+ 1 nadim staff 35 Jan 5 21:32 config
-rw-------+ 1 nadim staff 3243 Aug 18 10:57 id_rsa
-rw-------+ 1 nadim staff 735 Aug 18 10:57 id_rsa.pub
-rw-------+ 1 nadim staff 3326 Feb 2 21:41 id_rsa_CSIS
-rw-------+ 1 nadim staff 749 Feb 2 21:41 id_rsa_CSIS.pub
-rw-------+ 1 nadim staff 3198 Feb 2 21:46 known_hosts
[1] I have no reason to think he does or does not posses this skill. I only mention it in the negative because it was not in his wikipedia bio.
While an amusing suggestion, I sincerely hope everyone realises that such a move would be ... incompatible with a long and healthy lifestyle. Both for Nadim and anyone foolish enough to do so.
On the other hand, anyone who has reason to believe there might be information critical to their investigation embedded in the full version of Two Girls One Cup, it is their civic duty to submit that video to the authorities.
But sneaking it in through a backdoor and smearing it on their server is probably not going to be well received. (any unintentional puns are entirely unintentional).
I am suggesting pissing off CSIS, or any law enforcement body, is not a good idea. I doubt you will be outright killed on purpose, but arrested, detained and interrogated is a reasonable risk. Worst (reasonable) case is being jailed for "interfering in an investigation" or "unauthorised access to computers" or such like.
Magikarp is doing everything right so far. He doesn't need to cross a line by exposing CSIS servers to attack. And nobody else needs to play with CSIS servers either.
Protest and demonstration is one thing, but playing with law enforcement servers is like throwing bottles at police cars for the lulz and is just asking for the book to be thrown back at you.
I have asked before, but why would you want to live in countries where this train of thought is a possible reality? Although chances are not great 'it will happen to you', anything over 0% is far too great for my taste.
I entirely agree, which is the main reason why I am not interested in working in China again. But we don't live in a perfect world, compromises need to be made and living in a Western democracy is about the best you can do for your rights. Beyond that I feel you get into diminishing returns. At some point your treatment is based on the whims of the law enforcement officers and their particular culture which is very hard to measure and changes and evolves over time and political environments anyway.
Do you have evidence of any particularly good countries?
It is possible that someone is playing a bad prank on Nadim, or that Nadim made the story up to gain attention.
Please read on. If this is real, then I'm sorry and recommend you to consider all suggestions before deciding illogical.
DON'T COMMIT SUICIDE!
If you watched the movie "Enemy of the State", I'd become paranoid, but not afraid. Stay calm and act logical.
I've looked at cryptocat two days ago, what's special about it? I don't see any reason for the Government to observe you, except that you would be a good fit into their Cyberwar Team. And that you have the wrong connections in the internet. I mean your friends are all hackers. It makes you appear dangerous too. Anyway, the government observes everyone, but with different priority and detail. I think only you might know why they observe you. No need to share the info.
Just as in the Movie: I'd replace all clothes, shoes and hardware with new ones and move to a different place. Acquire encryption software from a trusted source or compile it myself on a newly obtained Netbook and encrypt the hardrive+swap with a password and keyfile. Hide the keyfile. Put your hardware and new phone into a cool faradaybag.com. Stay in public, but personally invincible. Leak everything that isn't harmful for you using delayed transmissions with ifttt.com. Always have multiple copies of important documents, just for the case it's necessary.
Oh and I'd get a weapon and buy a bulletproof jacket (not vest). Avoid any contact to officials should be priority.
Use Tor and VPNs like spotflux, hide.io, ovpn.to etc. and inform close friends to guard you.
I don't think that buying a weapon and a bulletproof jacket is logical in his situation. Seems quite counterproductive to me when dealing with officials.
I think a bulletproof jacket is logical if his life is in danger.
Yes, I agree on the weapon, every signal that can pull the trigger of an official's gun should be avoided. But I think not having a weapon maybe careless too, only he knows what's right in his situation. A stupid move when confronted with officials could cause him more harm than wearing a gun.
The interesting part of this to me is that I'm curious how, exactly, a computer owned by an undisputed computer security expert was successfully backdoored. Presumably he isn't clicking on spear-phishing emails and the like. If they physically accessed the machine, e.g. they sent Jason Bourne in to bug his machine, he's probably headed for some trouble at some point. In general that kind of thing isn't done just for the purposes of poking around.
Remote-ownage exploits do happen, and there is no reasonable defence against them until they are patched. And given the frequency of exploits being found in common user components such as browsers and content (flash/pdf) plugins, an usual well secured computer still is vulnerable to multiple exploits any day of the week.
Of course, he doesn't seem 'valuable' enough to spend a fresh 0-day on him alone as the government backdoors (Flame and friends) did with multiple 0-days included; but I'd guess that every large gov't has a standard rootkit and knows a few vulnerabilities not yet disclosed/patched - it's really not that hard/expensive to do, you can just spend a million and buy that stuff from private researchers.
I agree: I'd be formatting the machine and putting it on sale or eBay and then I'd buy a new machine. Nothing illegal here.
Now if he's in trouble simply because he works in the security field, this is a bit concerning. The lawyer advice is the sound one: fight legally the system and bring this to court if the attacker did anything illegal.
Of course you have to laugh hard at the mediocrity of the second part of the "attack": directly contacting servers which can be reverse-looked up. Doh!
But it still begs the question as to how his computer got owned in the first place.
>Of course you have to laugh hard at the mediocrity of the second part of the "attack": directly contacting servers which can be reverse-looked up. Doh!
Is it mediocrity, or is it intended in order to send a message?
I'd say imaginary myself. I'm curious what the systems were that were obviously csis systems. He failed to include any logs or information beyond his claims.
The problem is you have a person who constantly has more and more amazing stories like this that he pushes everywhere with no proof. Logs or the hostnames or anything is pretty simple proof but require work to make up beyond a story. He put so much effort into detailing it why leave them out? That is why I want to see some sort of proof before I just believe his claims.
yet another cry for attention from this talented but misguided young man. First it was TSA and Homeland, now the Canadian CSIS -please! You yell and scream about silent circle, about Skype -you demean and disrespect other noted cryptographers when they get press....I work for the govt -your little Hello-Kitty plug in is akin to sugar koolaid. There are many senior experienced folks here that would make great mentors. Get a good mentor -but please stop with the high-school drama. its not reality. I am too old to placate this and someone needs to bring this young man under his wing. He has a future if he stops pining for attention.
?The last thing society needs it his talent being co-opted. His software is a clever little tool and helps to strike a balance between overarching security organizations and the citizens they're supposed to protect. Sure it is not enterprise class but good enough is pretty damn good.
I think you while he could learn from you tecnically, you could learn a lot from him as a citizen.
Good enough isn't good in crypto when people are trusting it for secure communications. Also why what's the difference (functionally) between cryptocat and pidgin/adium with OTR turned on? In the latter case I believe you can even use gtalk securely.
Unless you had logs in Transmit indicating it was used, I would recommend not saying they used Transmit to do it - considering OS X has a builtin command-line sftp client:
If you're still concerned your machine is affected, I'd recommend getting Little Snitch - which automatically blocks connections (both in-bound and out-bound) that are not pre-approved. In addition, when it auto-blocks it records the application that was making the connection attempt in the auto-block rule.
(Well, actually I'd suggest you dd a backup of the drive to analyze - then wipe and start anew.)
If they hired anyone of any worth, the person installed a timed launchd (or cron) controlled script to run rarely and at odd hours to upload content from your machine to those remote locations. This kind of setup a.) would use a command-line tool for the upload and b.) unless they knew you had Transmit it would be designed around executables already included in OS X or that they installed.
Unfortunately, if it has stopped, they've probably deleted the scripts and cleaned up the evidence. If you've got Time Machine running, however, you may have backed up some of their handiwork.
OK, the proper way to do this is to not touch the machine at all. Shut it down and leave it alone. Maybe borrow its hard drive and back it up using 'dd'.
Set up a separate Linux (etc) machine with two ethernet ports as a firewall/router, running wireshark in addition to everything else. It can now log all packets in and out of your network, and save them for later analysis.
If nothing interesting happens in the time it takes you to get bored, copy just the files you really need across from your old HDD to a shiny new one.
Given that the author of the blog post seems to understand cryptography - but doesn't seem to have much in the way of the forensics skill set - I did intentionally try to keep my post at the general consumer level (though I did mention dd, like you suggested).
The real -legal- solution is to turn the computer off, stop touching it, and get a lawyer specializing in computer crimes. Get the machine to them so they can make an image of the drive, complete with hashes of the filesystem, so that they can prove it hasn't been tampered with past that point.
Then let -them- do the investigation, with someone that has the documented skills a court would recognize.
Thank you for your response, though. I was just trying to be a little more practical.
I was more addressing the techical "How can I tell if my computer is haunted?" question than the original poster's legal issues, on which I am not at all qualified to speculate.
If you want to protect against the kind of attach he hypothesizes to have experienced, yes. Trying to catch root backdoor on your machine by running a firewall on that same machine won't be much help. He called it an "external firewall", so I imagine it was a separate machine that noticed the outgoing requests.
Yes, there are inherent problems with the built-in firewall. The bad guys know it is there so any exploit that they install will likely modify the firewall to cover their tracks. External firewalls can be trusted more than built-in software.
I would be surprised if the built-in firewall even blocks any outgoing connections by default. I'm not on my MBP at the moment so I can't check for sure.
transmit can be scripted so it could be anything running on the machine that is backdoored.
i assume they had connection for sending commands that was separate because the sftp sounds like it was blocked but the uploading stopped apparently in response to external stimuli. seems kind of lame to have some kind of connection sending commands and then using transmit to upload files.
How did they get access to your hardware? No disk encryption?
Might be crazy, but when I travel I setup a webcam in my office to upload to a vps and then ustream 24/7. Highest quality (don't care about bw since nobodies home.)
Hello,
I left for NYC for five days. Since I develop sensitive cryptography software, I do not store anything sensitive on my desktop, only on my laptop, which is kept with me at all times (even when going on dates and such.) It was my desktop that exhibited this behaviour after my 5 day trip to NYC. Stupidly, I left it on the whole time. I do use full disk encryption.
This is an interesting mindset...I'm inclined to do the inverse, because of how easy it is for someone to steal a laptop.
While yes, a desktop can be breached (as it apparently was in this case), there's more surveillance options you have with which to secure its surroundings. And agents would have to get a warrant anyway.
If you're worried about the prospect of them warantlessly breaking in...I guess that the more likely danger is that if they are willing to resort to that, they are also willing to stage a robbery in which someone punches you in the face and makes off with the laptop. Or hire someone to spike your drink during a date.
It's trivial to put a keylogger+rootkit on an unattended desktop than on a laptop in your bag. Stealing hardware can't be prevented, but the risk is mitigated by good full disk encryption.
Cool, I learned something. I guess the boot partition is likely to be inactive, and with a ffs-derived file system you can simply overwrite some file in place with your own functionality. E.g., replace some unused driver code with your rootkit, which loads itself on probe.
The post does say Ever since my return from NYC as when the activity has been encountered. Since I'm guessing that he didn't have his external firewall with him on travel, the access could have taken place in an airport or anytime in the US.
It would be interesting to hear if/when he didn't have direct control of his laptop while on travel.
As it's written this seems to be a very confused article to me. What exactly is the author's point in writing this? And what is his next step moving forward?
What operating system does he use, what software under that operating system (specifically the FTP client), does he have a secure firewall, etc. etc.
I am currently in a state of shock and rage. I am contacting helpful friends, documenting every shred of detail for my own protection, and mirroring evidence to multiple servers in order to prevent it from being erased.
Two bits of advice for what to do after backing up evidence:
1. If you suspect the machine was tampered with, do not use it again. There are a lot of places a backdoor could be hiding, even after you reinstall the OS.
2. If you do not do so already, use smartcards for crypto. Don't store keys on your machine. It is easier to carry a card around than a computer, and smartcards are harder to brute force.
The easiest one to buy in small quantities is probably the GPG smartcard, although I have not had much luck with it in the low-end reader that my laptop has (YMMV but the same folks that sell GPG smartcards also sell card readers that should work). Otherwise, I am only aware of cards that are only sold in bulk i.e. for corporate and government use.
If you have not shut down the machine, I would do a memory acquisition (http://code.google.com/p/lime-forensics/, can be analyzed with Volatility) and a raw disk acquisition (you can use dd) and get to someone for forensic investigation to look for rootkits and other evidence of tampering.
I'm sure you know very well how to record and preserve data, so I won't advise you on that note.
But you should try to script something quickly which will automate these actions for you. And you should also try to make a bot to investigate the "backdoor" more.
Aside from your evidence, is there anything that has happened in the past that would lead you to being a target for the NCIS?
He is of Lebanese ancestry and studied in Lebanon for 2 years thus he likely speaks Arabic and has Arabic speaking friends. This alone could be enough if someone among his acquaintances has terrorist links. In addition he was one of the first to speak out about Bradley Manning's arrest, in his support, which raises the possibility that he has connections with WikiLeaks, lulzsec, etc. That is enough for CSIS to investigate him. He also has traveled to the USA which is where the FBI gets involved and, of course, anything regarding terrorist connections or lulzsec brings in the CIA. Quite frankly he is not a clean person and should not be developing software like this. If you were a business executive with shady dealings, would you want to use software from this guy? Would you trust him not to install a backdoor? And would you take the risk of travelling across an international border with a copy of this software knowing that 3-letter agencies associate it with terrorism?
He is a person. He is being attacked because he has a conscience, actually likes to protect the freedom 3 letter agencies are out to destroy while claiming the opposite, and pays more than lip service to it. Thanks for the bootlicking demonstration.
So since he's Arab and involved in activism we shouldn't use his software, interesting. Even more interesting is you seem to be getting upvotes. Congrats, ass.
I find the idea that Nadim is under surveillance to not be unrealistic. I don't believe he would be under surveillance for his programming. Whether for his associates is another thing.
I don't believe the people he alleges he spoke with are intelligence operatives. Whoever they are, they were almost surely messing with him (but could still be conventional employees of an intelligence agency.) Whether or not they're for real doesn't change my first paragraph though.
I'm not able to give any advice except this: As long as you're on this road, there is no one you can fully trust. No one at all. You haven't fully internalized this yet.
Working for CSIS doesn't mean that you're a covert operative. I know plenty of present and past employees of CSIS, CSEC, CIA, NSA, GCHQ, etc -- my understanding is that the general rule is "don't call attention to your affiliation, but it's ok to say if evading questions would draw even more attention to you".
Spying on and harassing activists has, for a long time, been a big part of what CSIS does. I personally know tech activists that have been spied on and harassed. The RCMP is also known for this.
Mainstream new story from a couple weeks ago in which activist orgs complained of CSIS harassment:
Investigating people who are doing unusual things is part of their job. In cases like the Occupy movement, it's entirely appropriate for them to say "gee, something's going on -- it seems mostly peaceful so far, but does it have the potential to become violent later?" and investigate.
Spying on and harassing activists has, for a long time, been a big part of what CSIS does.
Give me a break.
Canada has a very open door immigration policy. Unfortunately that open door draws in people who actually don't like what Canada is about (which makes it weird that they would come here) and who conspire against, effectively, Canadian society. I welcome that law enforcement cares about this and does normal investigations.
Further from a corporate perspective it is well known that China, in particular, is going absolutely rampant with corporate espionage in the West. This is a major concern.
Or just call it some sort of "anti-activism" creed.
>Unfortunately that open door draws in people who actually don't like what Canada is about ... Or just call it some sort of "anti-activism" creed.
Sounds like what you're saying is that because CSIS does some legitimate things it means they don't also do less legitimate things, like harass/spy on activists.
I personally know and have seen the logs from an activist who has CSIS host-names show up in his blog for the past few years. This came after the G8 fiasco in Toronto, where they pulled him in for questioning.
If you need donations for any legal pursuits, set up a page accepting bitcoins or similar.
I'd totally support this.
Illegally monitoring a citizen has to about as bad as it gets in my books. Especially someone who has never done anything illegal and only received attention by building tools to help free speech/privacy.
Actually it is not excessive. It is legal for CSIS to monitor non-citizens and it is even legal for them to investigate citizens if they may be assisting foreigners that Canada disapproves of. I was interviewed by CSIS because I did some technical work on a server for a foreign-born Canadian who was suspected of being involved in white-power/neo-nazi orgs. The goal of CSIS was to find out if a certain prominent foreign white-power speaker might sneak into Canada. There was a well-known leaky spot in the US border not far from the town where this guy lived.
This Nadim fellow is a suspicious guy doing suspicious things who travels to terrorist hot-spots and to the USA, which is also suspicious. And I bet that CSIS is reading every word on HN right now. After all, where do you think that CSIS finds the hackers to set up the kind of hacks that Nadim has described? Same goes for CIA, NSA, FBI, DHS.
> Actually it is not excessive. It is legal for CSIS to monitor non-citizens and it is even legal for them to investigate citizens if they may be assisting foreigners that Canada disapproves of.
Just because something is legal doesn't mean its not excessive. Just because the government does something, doesn't make it right.
> "And I bet that CSIS is reading every word on HN right now."
Well, on that off chance, let me be the one to say to our CSIS guys and gals: for fsck sake, don't do something like this. We could all use some better role models, and the number of comments and votes on this thread reflect how monumentally-offensive the suggestion is.
Sorry but respectively, no. I can't allow you to trash Aaron's name like that. Aaron was actually a child prodigy and a borderline genius who had done more than this at 14 years old. This kid plays with JavaScript and wrote a chrome extension that adheres to the XMPP spec. They're not in the same league.
It's ironic that you keep calling him "kid", yet he's obviously accomplished more than you. Is this veiled jealousy, or what?
In any case: Please take the time to actually understand the difference between XMPP and OTR. You have repeatedly and very confidently shown a fundamental misunderstanding of their function and implementation in this thread.
I was not trashing Aaron, and sorry if it came off sounding that way. I was just trying to draw a parallel between two teenage hackers who became activists, and raised the ire of the government.
Is the OP sure those were CSIS peeps? Just wondering based on how they bumbled through their attempts at making contact. Thought intelligence agents would be slicker than that.
Maybe this is the new guy, and it's his first assignment. Maybe it's not CSIS, but some other interested party. Seriously though, they're gov't employees, the hiring process does not guarantee the highest quality in every case.
I may or may not have any comments about your situation. Nevertheless, anyone responding to these comments needs to know that there is no guarantee that magikarp is actually Nadim himself, whether the account is compromised and so on. Catch 22 is in full mode in this thread and I would hope that this is not simply paranoia kicking in.
Hypothetically, what is the benefit of airing out of all this information ?
Hypothetically, what is the benefit of airing out of all this information ?
Media attention. That seems to be all this kid has done is wave things at the media that the media themselves don't understand. Cryptocat is a javascript implementation of XMPP with OTR enabled. Snore... Hop on Google chat and click "Off the record" and you've done the same thing cryptocat does. Unlike google chat you have to load up yet another Chrome browser extension that will no doubt eat more memory.
The "anapnea" thing he was involved in looks like a joke as well. "Encrypted tunneling network"? You mean a VPS you give people SSH access to? Mind blowing.
Google's "off the record" has nothing to do with the OTR protocol. It only instructs the server to stop archiving the conversation, and does not involve end-to-end crypto. Google still has access to the cleartext as it passes through their servers.
The first implementation of Cryptocat was bad in this regard, but the new version uses OTR. OTR virtually guarantees that a middle man can't interpret your communications by performing public key authentication and key negotiation--similar to SSL with mutual authentication using a shared secret (see http://www.cypherpunks.ca/otr/Protocol-v3-4.0.0.html, particularly the section on the Socialist Millionaires' Protocol.) You don't have to trust anyone to transport your data without snooping. Not only that, Cryptocat's new implementation is open source: https://github.com/cryptocat/cryptocat.
As you said. "Virtually". All of this relies on you trusting the third party involved here and that was my point. Whether its Google or some 23 year old kid, or if its open source or not doesn't matter.
He is quite literally doing the same thing as I could do in setting us open fire on a box and inviting everyone to conne t and turn on their client side OTR. Just because it's a chrome extension and written in JavaScript somehow changes that? No.
> As you said. "Virtually". All of this relies on you trusting the third party involved here and that was my point.
No, it doesn't. That's not what "virtually" means. It's guaranteed, barring some unexpected advance against one of the cryptographic algorithms used. In cryptography you use words like "essentially" or "infeasible", not "completely" and "impossible," because at the end of the day you are just hiding behind hard math problems.
The whole point of OTR is that you don't have to trust the third party, and you obviously do not understand that. They are just a transport. The analogy you are making could just as well be applied to any ISP inbetween you and the person you are talking to. They are a transport. Don't trust the client? Use another. Or are you seriously suggesting writing your own? Then you're starting down a very long path: http://cm.bell-labs.com/who/ken/trust.html
You also keep comparing it to Google's "no log" feature, but they have absolutely nothing in common. The "specs are not different"; they are completely different things.
It's disappointing that you're so stubborn, arrogant, insulting to the author, and wrong at the same time. OTR is a brilliant and fascinating protocol, particularly because it gives people who communicate deniability, which PGP, for example, doesn't. Cryptocat is helping popularize it, and that's good.
You're quite cocky for being so hilariously wrong. "Off the record" in GTalk makes it not log your conversation in your "Chats" folder. It has absolutely nothing to do whatsoever with encryption or deniability.
I'm sorry, I thought this was "hacker" news. I Expected people would know that Google's OTR and OTR XMPP spec are different. My point was that you shouldn't be using 3rd party services to talk to people if the information is legitimately sensitive.
The specs are not "different." They are completely different things.
You realize it is impossible to talk to somebody over the Internet, or in real life except in person, without relying on a third party, right? You choose who to trust, and OTR, the protocol, makes it so you only have to worry about the software used, not about the communications channel and anyone listening in on it.
> The specs are not different. They are completely different things.
Do you not have any reading comprehension? That's literally what I said. I haven't said anything against OTR at all. I fully support the use of XMPP and OTR for communications. You can attack me all you'd like, it doesn't change anything I said.
Since you have already published so much of this story. How about full disclosure and post the actual hostnames, firewall entries and that email you received?
They're caught up in the moment, I'm guessing. My first reaction was "where are the logs? show me some kind of actual proof". Otherwise this is just some kid who's paranoid and has a rootkit on his machine or something.
Phil Zimmerman (PGP) knows a thing or two about what happens when you make cryptography/encryption that is not easily known/keyed/trapdoored for national security agencies.
i know the author (nadim) is in here and this is all a bit fantastic. cryptocat is one of many crypto snake-oil products that i would never consider using for any kind of secure communication.
using defective crypto products is much riskier than not using any crypto at all and exercising caution. cryptocat has always seemed a poorly disguised honeypot to me.
It would be nice if you could meet me for coffee and say this to my face, friend.
I am trying to protect myself and my open source project, which, by the way, has been audited countless times and has progressed greatly towards security. If you have a problem with me, then call me up and discuss it instead of stressing me out even more when I just discovered that the government is building a case against me.
If you don't like my work, file a bug report. Check out our documentation. Review our OTR implementation. Submit a pull request. Hack some code. Just don't say hurtful and untrue things like that in public. You can do better.
I think that the reason you are seeing this response towards your project is that it's not entirely clear what it is intended for. As in who cares about security enough to encrypt their messages but not enough to install a standalone client, which has a stricter security model.
That being said, I think it's a cool project and it seems to be pissing off all the right people, so keep it up. And I'm not a lawyer but I don't think that the gov't has a case against you (or am I missing something). In fact, it would appear that this might be warrantless wiretapping so you might have a case against them, but I'm not sure if that is something you want to pursue.
"As in who cares about security enough to encrypt their messages but not enough to install a standalone client, which has a stricter security model."
this is so spot on. secure comms have no place in a web browser, which is a complex beast with a large set of underlying dependencies. webkit vulnerabilities leading to comms being blown is a crappy architecture.
people who care about comms use a standalone client and a separate server. if you care about the integrity of the server, you run some disk crypto, DDR3 memory, secure it physically, etc.
Certainly DDR3 memory (as a type of main memory) has less permanence than hard disks (i.e. secondary storage). It's a side effect not a desired goal.
Especially if you're bit-flipping sensitive stuff, there's probably a good hope for protection from recovery at normal temperature after what, 30-60 seconds? So reset is an issue, but "keep sensitive things in RAM vs. on disk" is still a reasonable security precaution.
More "secure" from single bit errors, but not for recovery -- kind of the opposite goal. The big difference is DRAM (mostly the same, including DDR3) vs. SRAM (of several types -- relevant due to use in HSMs, cpu cache, etc.). DRAM has been getting worse/longer duration as it becomes lower power, so arguably DDR3 (being relatively new) would be worse than 1985 RAM.
CPU registers are the safest place against this attack (hence stuff like TRESOR where AES keys are held in CPU registers), but are by necessity limited (especially on x86; SPARC was better, and some of the new extensions to x86 help (SSE, etc.)
Most of this has been mitigated to some extent by periodic inversion of sensitive strings in main memory (keys, usually) -- this has been implemented in ~all crypto libraries.
SRAM's huge advantage is you can clear it faster than DRAM, but that doesn't help if you can somehow prevent the clearing from happening.
Law enforcement officers come to you with a correctly formed legal document - a court order, or a warrant, or somesuch - and ask you to serve a malformed client to some cryptocat users. This malformed client will give the impression of encrypted communication, but will actually allow the law enforcement officers full access to the plain text (but only for the specified users). What do you do?
This is the Hushmail attack, and it seems like Cryptocat is vulnerable to it.
Cryptocat is a browser plugin. You need to download it like everything else. The source code is on Github.
I swear upon my father's grave I will never do something so dishonest and evil towards everyone who has supported Cryptocat, the most meaningful thing I have made with my life.
You always have a choice. In this case, you can refuse and go through the legal system. If you've made that choice already, then you can further raise a big stink about it and hope public pressure forces the gov't to back down.
Except he's distributing his client via the Google Chrome Web Store, so if law enforcement had a way of requesting that a particular user's software be backdoor-ed [1], they'd go to Google, which would also be significantly less likely to engage in civil disobedience.
1. I'm not a lawyer, but I'd be surprised if this were legal.
You are handling things exceptionally well under the circumstances. If anything, I find it incredulous how eminently sensible you are being. You have my respect.
Some people are fanatics who will never believe. Perhaps there wasn't enough hacking in terminals with falling green letters or he doesn't think crypto software can possibly be easy for non-security professionals.
Again, you are doing the right thing. I'm only sorry the only thing I can give you is my support.
your original product was riddled with problems, so much so you had to entirely change the architecture. a stream of ppl popped out of the woodwork and had a laundry list of problems with your original work. making security products that are not built properly endangers those who use it, as i am sure you have heard many times before.
you are clearly very talented with marketing yourself and the project, so cryptocat getting lots of media coverage led to an essentially crowdsourced design for cryptocat 2, very similar to mega. sure enough, this design has held up relatively well and gotten through audits without too many serious issues. as someone who cares a lot about secure comms, i have seen and continue to see no reason to use cryptocat.
i find it particularly ridiculous that a supposed proponent of free speech suggest i am not entitled to my (negative) opinion of your project. i see no point in filing bug reports for software i will never use. i believe in people doing their own homework, it is not my job to improve your project.
if i assume that your govt troubles are indeed legitimate, there are a couple things that seem inconsistent to me:
- you seem very concerned about the negative ramifications of angering your local govt, and all this is linked to (1) your dev work and (2) your prominence in the media. if you are so truly concerned about govt action against you, why are you publicizing the harrassment you have experienced? it only serves to promote your dev work and elevate your media presence, which i would expect to further aggravate your local govt.
- the govt likely knows that actions like this, properly publicized, only lead to an increase in the reach and use of your product, in direct contradiction to your suggestion that they don't want to have your product circulate. it seems that "cui bono" in the context of your story is that you and your project directly benefit by getting lots of publicity.
i found it a bit difficult to fish out details on the ciphers and modes you use with cryptocat 2, which doesn't exactly inspire confidence. i am not a fan of using a stream cipher (AES-CTR) to protect non-streaming comms due to the nonce re-use issues your audit found. ssh using AES-CTR makes sense to me, an IM protocol, not so much.
I think a statement like that needs a little more in the way of support.
Cryptocat has been fairly well reviewed by a number of fairly smart people. While flaws have certainly been found, they've mostly been addressed, AFAIK.
"Snake oil" has been a popular term to throw around ever since the original PGP user's guide, but simply labeling something "snake oil" without any actual proof is a dangerous thing to do (especially when it's an open source product, and you should be able to point to any defects specifically).
Edit: I realize the term 'snake oil' predates PGP, I was referring to the crypto community's penchant for it.
Snake-oil? I am not sure I would go that far. I am somewhat concerned about crypto that runs in-browser after the Hushmail debacle, but the term "snake-oil" is usually reserved for cryptosystems that follow proprietary designs or "roll your own crypto," and cryptocat does not seem to fall into either category.
That's how the US has treated its hackers since ... the beginning. And that's why the Chinese are almost certainly eating our crypto-lunch. You'd almost think the authorities are compelled to help CN.
I have spent a fair bit of time discussing Cryptocat with Nadim in person. He is sincere in his development goals for Cryptocat and does not intend for it to be a honeypot.
It just seems exceptionally incompetently handled. The inconsistent stories? Repeated connection attempts to send data to "obvious" places instead of more careful probes and innocent looking transmission attempts to less suspicious locations.
The whole thing sounds like a bad b-movie or someone playing a practical joke, rather than a genuine attempt.
Then again, who knows, idiots manage to get hired everywhere.
from my own personal experience, govt folks like to follow. the business of knowing usually doesn't involve overt intimidation that is demonstrable to outside parties.
I have to wonder what you'd see
If you used style as ID.
Styles change from time to time
But style stays from line to line.
Names can change and faces too
But writing tells you who is who.[0]
Many say they are a crowd
But fewer do once lost their shroud.
Traps and snares one will find
Many more if kept their wits about their mind
Still plenty that you see
Hide their face behind IP.
[1]: EDIT: It seems to me that it is very possible that not all accounts here, though not necessarily in this thread, correspond to a single individual.
Sure. While I don't want to start a witch hunt, I often wonder while reading discussions who it is behind the handle. To the point where I can't help but think that a little careful observation might uncover an army of sockpuppets.
With the help of the HN api, you could probably fingerprint a lot of users.
Is it possible that they may have used a type of hardware backdoor? Something that would be connected to the router, or back of the computer using the lan or usb port?
None of that would show up in any logs or files, and it would get around any password protection and encryption on the actual computer, the only evidence would be from monitoring router traffic. A usb bug would be something that would transmit via wifi, but it would need to be connected directly to your computer to work.
Also check inside the computer for anything unusual.
In case you're curious about who exactly we're talking about.. check out this CSIS Recruiting Video, complete with ominous, heart-thumping, background music.
Upon visiting that blog.crypto.cat URL, Chrome tells me "Incorrect certificate for host / Error 150 (net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN): The server's certificate appears to be a forgery."
The main crypto.cat page loads fine over HTTPS (certificate has sha1 thumbprint d1aa1c1037202e359f224e407d7f84a0e8a94dd7 which i see is advertised on the erroring blog.crypto.cat page).
Why has the certificate changed? Why did the CA signing the SSL certificate change? Is there any forwarding message signed by the original certificate?
The Wikipedia article notes that the press attention garnered by Nadim after his prior tussles increased the popularity of Cyptocat. Now imagine an intelligence agency wanting people to make greater use of a system they have back-doored or which is vulnerable to attack by them. Perhaps they couldn't resist the urge to make Cryptocat more popular! (Disclaimer: I have no knowledge of Cryptocat or CSIS, and my comment is hypothetical speculation. Alternative hypotheses are that they are invading Nadim's computer to try to find a way to break Cryptocat or to spook its developer, or because they have Nadim under some sort of surveillance, for who knows what reason.)
I do have a question about the story though. Why would an intelligence agency want to "acquire" Cryptocat? What would that mean anyway? Purchasing it for internal use is surely not necessary. They can just use it or any one of a number of in-house products they surely already have access to. Purchasing it to take it out of circulation is a possibility. But is this actually feasible? It's Open Source. Purchasing it to stop the developer working on it is a possibility. But wouldn't others step up? Buying a controlling stake in it is a possibility. But I don't see why an intelligence agency would make an offer of cash to someone not known to be susceptible to that kind of manipulation. I actually just don't see them doing this full stop. They surely know Nadim is motivated by idealism, not cash. So I can't think of a reason to "acquire" Cryptocat that actually stacks up. To work out what is going on here, you have to put yourself into the mindset of the individuals and organisations involved. And that is not easy if you simply have their media persona to go by.
Like the rest of the population, these organisations tend to be filled with people of many different persuasions, from geeks and activists and hackers through ultra-authoritarians and rogue elements. It's impossible to know which group is responsible for this, or what their motivations might be. It might have even been an unauthorised operation! And it may just as easily have been someone spoofing CSIS, e.g. some hacker group angry at CSIS for some past grievance. If so, I bet it is baking CSIS's noodle just as much as Nadim's!
At any rate, one should never infer a conspiracy where simple administrative or bureaucratic incompetence is a perfectly valid explanation.
This is the most trouble a browser plugin could ever cause anyone, and if all this is true then the Canadian government, the FBI and whomever else are after this kid are being very silly. That being said I can't help but think the author likes the media attention, and why wouldn't he, it must be bringing more exposure to his work.
I'm extremely confused by one detail. I'd like to know, what would be the point of describing oneself as a "Juror" or "former Juror"? Is there a particular court case involved with this story that I've missed a reference to? Is it some kind of slang in intelligence circles?
No, this seems like overload. To be fair, HN isn't exactly gentle on WordPress sites to begin with, especially if they're not aggressively being cached.
This PG approached him with a "business opportunity" -- so the Canadian security folk probably did mean to confuse him into thinking that this PG is our HN pg.
magikarp, could you please do a writeup on how did you notice the surveilance? Any extra info except i found a backdoor and noticed funny traffic would be more than useful to know.
Well probably because you did something wrong. Turn yourself in and reflect on your wrongdoings. Put yourself together and stop causing harm to the society.
There are many actions you could take to mess with the investigation that might seem like fair game, but you should discuss each one with an attorney so you don't provide some arcane justification for them to arrest you (by hacking back, or even maybe "interfering with an investigation").
Once you get past that stage, the attorney can help you petition to stop the behavior or demand more information about it.
Legal advice is what you need now, not tech advice.
(Because the server is crushed, I'm only getting the basic gist - forgive me if you've already done this.)