[cryptome] Re: surveillance side effects - sometimes with thrill ride included!

  • From: coderman <coderman@xxxxxxxxx>
  • To: Shelley <shelley@xxxxxxxxxxxxxxxx>, cypherpunks@xxxxxxxxxx, cryptome@xxxxxxxxxxxxx
  • Date: Tue, 15 Dec 2015 09:08:39 -0800

On 12/12/15, Shelley <shelley@xxxxxxxxxxxxxxxx> wrote:

Greetings coderman,

Sent off-list intentionally, which I hope you will excuse. I didn't want
to make ASSumptions about your post as I once have in the past :p

:P

belated reply, as this account is now working again after period of
inaccessible. (see below)



Also, if this is a personal anecdote, I didn't want to cause any potential
embarrassment/etc.

If this isn't a personal anecdote: do you have a link?

"so, that happened..."
-> https://ello.co/ohj2eevi/post/AcOPfljWjTmfuFEkpc5Pbg




If this is a personal anecdote: do you think it's retaliatory harassment
because of your Muckrock FOIA requests? If so, that's truly fucked up -
but I'm glad you let them know that you know, if it is a personal anecdote,

truly fucked up... yeah. you could say that!

---begin-forward---
---


access to this email account is back as of this morning, finally.

almost everything on the network inaccessible under "Disruption
Strategy" tactics that began last week during this event.

this appears to be the request at issue: (or at least the one which
pushed a response in turn)
https://www.muckrock.com/foi/united-states-of-america-10/kleptokeymgmt-21208/

"Procedures, instructions, relevant materials regarding the proper
handling of SSL/TLS secret key material obtained pursuant to court
order under any authority."



Refused as too vague, then I appeal:
'''
Per your request for fix of this request,

Under the USA PATRIOT Act, Pub. L. No. 107-56 ยง505(a), 115 Stat. 272,
365 (2001) , including recent revisions; C.f. USA FREEDOM Act of 2015,
Pub. L. No. 114-23, 129 Stat. 268, the FBI can issue National Security
Letters requesting specific business record information, including
SSL/TLS private keys used in Internet communications. See
https://peertech.org/files/merrill-v-lynch-unredacted-decision-vacating-gag.pdf
for additional information.

I am requesting Procedures, Instructions, and any other materials
regarding the proper handling of SSL/TLS secret keys obtained via
National Security Letters or Court Order under PATRIOT Act, or USA
FREEDOM Act authorities as above.

Thank you!
'''

(quick side note: above you see i linked to a PDF on my server,
https://peertech.org/files/merrill-v-lynch-unredacted-decision-vacating-gag.pdf.
logs show that only my test requests on Dec 1st retrieved this
document, however, it is possible that requests were made that were
subsequently erased by the attacker once they obtained private keys
giving the ability to MitM connections to the server itself. it is not
clear to me if intent to remove evidence was part of this brash
compromise.)

on the 9th, when reply outbound from agency, a series of events
occurrs that results in the compromise of the peertech server and
deprecating many keys.

this includes all attempts to download taobios-v2.tar.bz2 failing very
early in the download - i suspect but cannot prove, that downloads on
the 10th, 11th, and 13th were maliciously tampered with, and served to
clients by impersonating peertech.org. i have put out a call for
copies of these files if anyone kept them from those days.

i was able to use Ello and hidden services while under attack. this is
the first non-onion service that passed muster under this threat
level. thus i wrote about the details there:
https://ello.co/ohj2eevi/post/AcOPfljWjTmfuFEkpc5Pbg


also, after identifying the FOIA above as contentious, i filed:

https://www.muckrock.com/foi/united-states-of-america-10/procpeernotesbye-22872/
for the processing notes.


apologies for any trouble i may have brought your way. i can't believe
they're attacking my friends to compromise my systems. (!!!)


best regards, and my apologies,
martin
---end-forward---

P.S. burning sweet BIOS sploits as per the archive which is back up
probably didn't help their mood either.



because [ typing with middle fingers ] fuck them [ /middle fingers ] for
trying to block out the sunlight on their shady goings-on by being even
more shady!

this is how to respond properly to intimidation :)



If you choose not to reply, I understand. Know that your efforts are very
much appreciated, and if you are being harassed by retaliatory surveillance

I hope you will seek assistance from the EFF, EPIC and ACLU.

they're pretty out gunned against NSA and NatSec deep state, but i
appreciate their efforts. i never understood just how uphill a fight
these areas of national security law are to argue before the courts
until last few years.

truly david and goliath levels of imbalance of power.


best regards,


P.S. while i am revoking GPG keys out of abundance of caution, only
secrets on peertech.org itself were compromised. See list of keys and
things to copy copiously at:
http://70.85.129.98:443/
http://hackers22mysy6vg.onion/
http://hackers22grhtyvg.onion/
http://hackers23vzyoixr.onion/

Other related posts:

  • » [cryptome] Re: surveillance side effects - sometimes with thrill ride included! - coderman