Cryptome

OCTOBER 2001

 | Search | + At Cryptome.org  | ^ At Cartome.org | Echelon  | NSA TEMPEST Series | USA v. Bin Laden |
| Mirrors of Cryptome | AEBPR | MS DRM Crack |

cia-cbrbook.htm     + CIA Chem, Bio, Radiological Incident Handbook    October 31, 2001
bop103101.txt       + National Security Terrorism in US Prisons        October 31, 2001

nro103101.txt       + National Reconnaissance Office Records Exempt    October 31, 2001
hspd-01.htm         + Prez Directive on Homeland Security              October 30, 2001
paki-nukes2.htm     + US Says Pakistan's Nukes Are Secure              October 30, 2001
fcc103001.txt       + Public Safety National Coordination Committee    October 30, 2001
istac103001.txt     + Info Security TAC Meet                           October 30, 2001

doj-at-guide.htm    + DoJ Field Guidance on Anti-Terrorism Law         October 30, 2001
stego-pal.htm       + Steganographic PAL Bypass                        October 30, 2001
isp-hijack.htm      + ISPs Hijacking E-mail                            October 30, 2001
wtc-failure.htm     + Investigation of WTC Design Failure Needed       October 30, 2001
za-disrupt.htm      + Secret South African Disruption                  October 29, 2001

aid102601.htm       + USAID/FAO on Famine Emergency in Central Asia    October 29, 2001
dsb102901.txt       + Defense Science Board Secret Meet                October 29, 2001
pl107-38.txt        + $40B Anti-Terrorism to Hide Failure              October 29, 2001
piny.htm            + Power, Imagination and New York's Future         October 28, 2001
whats-truth.htm     + May, Pravda, FBI, Kallstrom, CIA, DoD on Truth   October 27, 2001

O f f s i t e 

InfoWar               InfoWar, Terrorism, Crime, NatSec Course         October 31, 2001
Lil Boy               How to Build a Backyard Nuke /MF                 October 30, 2001
Poly Hit (ok)         Ex-FBI Polygrapher Hits Practice /GM             October 30, 2001

Paki Nukes            The Risks to Pakistan's Nuclear Arsenal          October 29, 2001
SAAG                  South Asia Analysis Group /A                     October 29, 2001
Idiot.edu             Free David McOwen                                October 27, 2001
OPCW                  Org for the Prohibition of Chemical Weapons /M   October 27, 2001
SE NBC                Swedish Inspectorate for Strategic Products /M   October 27, 2001


Date: Wed, 31 Oct 2001 16:21:48 -0500 (EST)
From: DCI/CIA Web Site Update <updates@ucia.gov>

October 31 - Posted Chemical/Biological/Radiological Incident Handbook (October 1998) to the Publication & Reports page under DCI and CIA Reports.

http://www.cia.gov/cia/publications/cbr_handbook/cbrbook.htm

Cryptome mirror:

http://cryptome.org/cia-cbrbook.htm

"This handbook was first produced by the Chemical, Biological and Radiological (CBRN) Subcommittee in June 1995. The subcommittee is one of seven subcommittees of the Interagency Intelligence Committee on Terrorism (IICT). Established and charged under DCI Directive 3/22, 24 October 1990, the IICT is comprised of representatives from 45 US Government agencies and organizations from the intelligence, law enforcement, regulatory, and defense communities. The IICT and its subcommittees provide an interagency forum for coordination and cooperation on a wide spectrum of counterterrorism and antiterrorism issues.

This edition of the handbook earmarks the addition of information pertaining to radiological incidents. This update reflects the collective efforts of each agency represented on the CBRN Subcommittee to provide critical information on new and evolving trends necessary to understanding and dealing with changing counterterrorism issues. In particular, I wish to thank the Nuclear Regulatory Commission, the Defense Intelligence Agency, the Federal Emergency Management Agency, the Public Health Service and the Central Intelligence Agency for the major role they played in the update of this handbook."


"SUMMARY: The current regulations of the Bureau of Prisons on
institutional management authorize the Bureau to impose special
administrative measures with respect to specified inmates, based on
information provided by senior intelligence or law enforcement
officials, where it has been determined to be necessary to prevent the
dissemination either of classified information that could endanger the
national security or of other information that could lead to acts of
violence and terrorism. This rule extends the period of time for which
such special administrative measures may be imposed from 120 days to up
to one year, and modifies the standards for approving extensions of
such special administrative measures. In addition, in those cases where
the Attorney General has certified that reasonable suspicion exists to
believe that an inmate may use communications with attorneys or their
agents to further or facilitate acts of violence or terrorism, this
rule amends the existing regulations to provide that the Bureau is
authorized to monitor mail or communications with attorneys in order to
deter such acts, subject to specific procedural safeguards, to the
extent permitted under the Constitution and laws of the United States.
Finally, this rule provides that the head of each component of the
Department of Justice that has custody of persons for whom special
administrative measures are determined to be necessary may exercise the
same authority to impose such measures as the Director of the Bureau of
Prisons."
-- Bureau of Prisons, National Security; Prevention of Acts of Violence and Terrorism, October 31, 2001


"This course will study the nature of information warfare, including computer crime and information terrorism, as it relates to national, economic, organizational , and personal security. Students will gain an understanding of the threats to information resources, including military and economic espionage, communications eavesdropping, computer break-ins, denial-of-service, destruction and modification of data, distortion and fabrication of information, forgery, control and disruption of information flow, electronic bombs, and psyops and perception management. They will learn about countermeasures, including authentication, encryption, auditing, monitoring, intrusion detection, and firewalls, and the limitations of those countermeasures. They will learn about cyberspace law and law enforcement, information warfare and the military, and intelligence in the information age. Information warfare policy and ethical issues will be examined."

-- Dorothy Denning, COSC 511 Information Warfare: Terrorism, Crime, and National Security, Fall 2001 (offsite)


"HSC Policy Coordination Committees (HSC/PCCs) shall coordinate the
development and implementation of homeland security policies by
multiple departments and agencies throughout the Federal government,
and shall coordinate those policies with State and local government.
The HSC/PCCs shall be the main day-to-day fora for interagency
coordination of homeland security policy. They shall provide policy
analysis for consideration by the more senior committees of the HSC
system and ensure timely responses to decisions made by the President.
Each HSC/PCC shall include representatives from the executive
departments, offices, and agencies represented in the HSC/DC.

Eleven HSC/PCCs are hereby established for the following functional
areas, each to be chaired by the designated Senior Director from the
Office of Homeland Security:

1. Detection, Surveillance, and Intelligence (by the Senior Director,
Intelligence and Detection);

2. Plans, Training, Exercises, and Evaluation (by the Senior Director,
Policy and Plans);

3. Law Enforcement and Investigation (by the Senior Director,
Intelligence and Detection);

4. Weapons of Mass Destruction (WMD) Consequence Management (by the
Senior Director, Response and Recovery);

5. Key Asset, Border, Territorial Waters, and Airspace Security (by
the Senior Director, Protection and Prevention);

6. Domestic Transportation Security (by the Senior Director,
Protection and Prevention);

7. Research and Development (by the Senior Director, Research and
Development);

8. Medical and Public Health Preparedness (by the Senior Director,
Protection and Prevention);

9. Domestic Threat Response and Incident Management (by the Senior
Director, Response and Recovery);

10. Economic Consequences (by the Senior Director, Response and
Recovery); and

11. Public Affairs (by the Senior Director, Communications)."

-- Homeland Security Presidential Directive - 1, October 30, 2001


"This document advises interested persons of a meeting of the
Public Safety National Coordination Committee, which will be
held in Brooklyn, NY.

DATES: November 16, 2001 at 9:30 a.m.-3:30 p.m.

ADDRESSES: New York Marriott Brooklyn, 333 Adams Street, Brooklyn, NY
11201.

FOR FURTHER INFORMATION CONTACT: Designated Federal Officer, Michael J.
Wilhelm, (202) 418-0680, e-mail mwilhelm@fcc.gov. Press Contact,
Meribeth McCarrick, Wireless Telecommunications Bureau, 202-418-0600,
or e-mail mmccarri@fcc.gov.
    The NCC Subcommittees will meet from 9:00 a.m. to 5:30 p.m. the
previous day. The NCC General Membership Meeting will commence at 9:30
a.m. and continue until 3:30 p.m. The agenda for the NCC membership
meeting is as follows:
    1. Introduction and Welcoming Remarks.
    2. Presentation by New York Public Safety Representatives on
Interoperability Factors Affecting the Response to the World Trade
Center Incident.
    3. Presentation by Steve Souder, Arlington County, Virginia,
Emergency Communications Center on Interoperability Factors Affecting
the Response to the Pentagon Incident.
    4. Presentation by John Oblak of the Telecommunications Industries
Association on 700 MHz Wideband Data Transmission Standards. ..."
-- Public Safety National Coordination Committee, October 30, 2001


"Section 814 Deterrence and Prevention of Cyberterrorism

Section 814 makes a number of changes to improve 18 U.S.C. § 1030, the Computer Fraud and Abuse Act. This section increases penalties for hackers who damage protected computers (from a maximum of 10 years to a maximum of 20 years); clarifies the mens rea required for such offenses to make explicit that a hacker need only intend damage, not a particular type of damage; adds a new offense for damaging computers used for national security or criminal justice; expands the coverage of the statute to include computers in foreign countries so long as there is an effect on U.S. interstate or foreign commerce; counts state convictions as "prior offenses" for purpose of recidivist sentencing enhancements; and allows losses to several computers from a hacker's course of conduct to be aggregated for purposes of meeting the $5,000 jurisdictional threshold.

The following discussion analyzes these and other provisions in more detail.

A. Section 1030(c) -- Raising the maximum penalty for hackers that damage protected computers and eliminating mandatory minimums

Previous law: Under previous law, first-time offenders who violate section 1030(a)(5) could be punished by no more than five years' imprisonment, while repeat offenders could receive up to ten years. Certain offenders, however, can cause such severe damage to protected computers that this five-year maximum did not adequately take! into account the seriousness of their crimes. For example, David Smith pled guilty to violating section 1030(a)(5) for releasing the "Melissa" virus that damaged thousands of computers across the Internet. Although Smith agreed, as part of his plea, that his conduct caused over $80,000,000 worth of loss (the maximum dollar figure contained in the Sentencing Guidelines), experts estimate that the real loss was as much as ten times that amount.

In addition, previous law set a mandatory sentencing guidelines minimum of six months imprisonment for any violation of section 1030(a)(5), as well as for violations of section 1030(a)(4) (accessing a protected computer with the intent to defraud).

Amendment: Section 814 of the Act raises the maximum penalty for violations for damaging a protected computer to ten years for first offenders, and twenty years for repeat offenders. 18 U.S. C. § 1030(c)(4). Congress chose, however, to eliminate all mandatory minimum guidelines sentencing for section 1030 violations.

B. Subsection 1030(c)(2)(C) and (e)(8) -- Hackers need only intend to cause damage, not a particular consequence or degree of damage

Previous law: Under previous law, in order to violate subsections (a)(5)(A), an offender had to "intentionally [cause] damage without authorization." Section 1030 defined "damage" as impairment to theintegrity or availability of data, a program, a system, or information that (1) caused loss of at least $5,000; (2) modified or impairs medical treatment; (3) caused physical injury; or (4) threatened public health or safety.

The question repeatedly arose, however, whether an offender must intend the $5,000 loss or other special harm, or whether a violation occurs if the person only intends to damage the computer, that in fact ends up causing the $5,000 loss or harming the individuals. It appears that Congress never intended that the language contained in the definition of "damage" would create additional elements of proof of the actor's mental state. Moreover, in most cases, it would be almost impossible to prove this additional intent.

Amendment: Section 814 of the Act restructures the statute to make clear that an individual need only intend to damage the computer or the information on it, and not a specific dollar amount of loss or other special harm. The amendments move these jurisdictional requirements to 1030 (a) (5) (B), explicitly making them elements of the offense, and define " damage " to mean " any impairment to the integrity or availability of data, a program, a system or information. " 18 U.S.C. § 1030(e)(8) (emphasis supplied). Under this clarified structure, in order for the government to prove a violation of 1030(a)(5), it must show that the actor caused damage to a protected computer (with one of the listed mental states), and that the actor's conduct caused either loss exceeding $5,000, impairment of medical records, harm to a person, or threat to public safety. 18 U.S.C. § 1030(a)(5)(B).

C. Section 1030(c) -- Aggregating the damage caused by a hacker's entire course of conduct

Previous law: Previous law was unclear about whether the government could aggregate the loss resulting from damage an individual caused to different protected coinputers in seeking to meet the jurisdictional threshold of $5,000 in loss. For example, an individual could unlawfully access five computers on a network on ten different dates -- as part of a related course of conduct -- but cause only $1,000 loss to each computer during each intrusion. If previous law were interpreted not to allow aggregation, then that person would not have committed a federal crime at all since he or she had not caused over $5,000 to any particular computer.

Amendment: Under the amendments in Section 814 of the Act, the government may now aggregate "loss resulting from a related course of conduct affecting one or more other protected computers" that occurs within a one year period in proving the $5,000 jurisdictional threshold for damaging a protected computer. 18 U.S.C. § 103 0 W (5) (B) (i).

D. 1030(c)(2)(C) -- New offense for damaging computers used for national security and criminal justice

Previous law: Section 1030 previously had no special provision that would enhance punishment for hackers who damage computers used in furtherance of the administration of justice, national defense, or national security. Thus, federal investigators and prosecutors did not have jurisdiction over efforts to damage criminal justice and military computers where the attack did not cause over $5,000 loss (or meet one of the other special requirements). Yet these systems serve critical functions and merit felony prosecutions even where the damage is relatively slight. Indeed, attacks on computers used in the national defense that occur during periods of active military engagement are particularly serious -- even if they do not cause extensive damage or disrupt the war-fighting capabilities of the military -- because they divert time and attention away from the military's proper objectives. Similarly, disruption of court computer systems and data could seriously impair the integrity of the criminaljustice system.

Amendment: Amendments in Section 814 of the Act create section 1030(a)(5)(B)(v) to solve this inadequacy. Under this provision, a hacker violates federal law by damaging a computer "used by or for a government entity in furtherance of the administration of justice, national defense, or national security," even if that damage does not result in provable loss over $5,000.

E. Subsection 1030(e)(2) -- expanding the definition of "protected computer" to include computers in foreign countries

Previous law: Before the amendments in Section 814 of the Act, section 1030 of title 18 defined "protected computer" as a computer used by the federal government or a financial institution, or one "which is used in interstate or foreign commerce." 18 U.S.C. § 1030(e)(2). The definition did not explicitly include computers outside the United States.

Because of the interdependency ;and availability of global computer networks, hackers from within the United States are increasingly targeting systems located entirely outside of this country. The statute did not explicitly allow for prosecution of such hackers. In addition, individuals in foreign countries frequently route communications through the United States, even as they hack from one foreign country to another. In such cases, their hope may be that the lack of any U.S. victim would either prevent or discourage U.S. law enforcement agencies from assisting in any foreign investigation or prosecution.

Amendment Section 814 of the Act amends the definition of "protected corriputer" to make clear that this term includes computers outside of the United States so long as they affect "interstate or foreign commerce or communication of the United States." 18 U.S. C. § 1030(e)(2)(B). By clarifying the fact that a domestic offense exists, the United States can now use speedier domestic procedures to join in international hacker investigations. As these crimes often involve investigators and victims in more than one country, fostering international law enforcement cooperation is essential.

In addition, the amendment creates the option, where appropriate, of prosecuting such criminals in the United States. Since the U.S. is urging other countries to ensure that they can vindicate the interests of U.S. victims for computer crimes that originate in their nations, this provision will allow the U.S. to provide reciprocal coverage."

-- Department of Justice Field Guidance on New Authorities Enacted in the 2001 Anti-Terrorism Legislation, October 2001


The New York Times reports today on the possible use of steganography by terrorists and the efforts of various investigators who are searching for evidence of the technology on the Net:

http://www.nytimes.com/2001/10/30/science/physical/30STEG.html

To test discovery of steganographic use Cryptome offers an alleged description of how to activate a nuclear warhead by bypassing its permissive action link (like DoD's covert nuke disarmament teams claim to do), in five stego formats and in PGP:

http://cryptome.org/bypass.wmf

http://cryptome.org/bypass.eps

http://cryptome.org/bypass.bmp

http://cryptome.org/bypass.dxf

http://cryptome.org/bypass.dwg

http://cryptome.org/bypass.pgp

If successful in breaking these, do not publish the unveiled  alleged Top Secret/SCI/Codeword/RM description, nor the secret of how the steganography works, just proclaim that it is very dangerous. For that you will be given a handsome government contract from the growing, already overflowing anti-terrorism honeypot, or if not, then prohibited from disclosing the information under a slew of national and economic security laws, backroom favors to political contributors, and top secret presidential orders.

It is likely that more secret and confidential information is transmitted by this steganographic method than any other for it has been in use since, well, since virtual reality enraptured brains, circa 50,000 BC.


"Dr. Drew C. Richardson, the FBI's recently retired senior scientific expert on polygraphy, addressed the National Academy of Sciences/National Research Council Study to Review the Scientific Evidence on Polygraphs on the 17th of October. While Dr. Richardson's remarks received no media attention, AntiPolygraph.org co-founder Gino Scalabrini attended the public meeting and has prepared this report."

-- George W. Maschke, AntiPolygraph.org


"Here is the outline of how ISP's in North America are hijacking customer's email and holding it ransom on a routine basis:

When a customer's account is perceived to be in arrears, the ISP 'suspends' the account.  This means the customer has no access to their email and is unable to log onto the server to access the Internet.  BUT the ISP keeps the email address open and all messages being sent to this address are absorbed onto the server.  The senders have no knowledge that the person they are sending their message to is not receiving it.  Nor is the customer aware that the ISP is collecting their email and holding onto it.  Nowhere in any ISP's 'Terms and Conditions' is this key detail of the suspension policy made clear.

I contacted a half-dozen of the largest ISP's in North America and asked them if they also use a policy of 'suspending' customer accounts.  AOL (both in Canada and the US), Earthlink, Sympatico, Telus, Inter.net US and Inter.net Global Ltd. admitted (reluctantly in most cases) that they also have this policy.   The chairman of the Board of Directors for the Canadian Association of Internet Providers, our 'self-regulating' body here in Canada, sent me an email in which he states his own company regularly suspends accounts in order to 'nudge' the customer for payment.

I have contacted four branches of the federal government here in Canada with this information: the Privacy Commissioner, Industry Canada's E-business Task Force, the Consumer Affairs Bureau, and the Competition and Fair Practices Branch.   All four of these departments are concerned and are taking action based on their mandates.  The Privacy Commissioner has launched an investigation into Inter.net's suspension practice, Industry Canada is going after the Canadian Association of Internet Providers, the Consumer Bureau is looking at possible legal action, and the Competition and Fair Practices Branch is targeting this as a contract law issue.

I have also spoken with Clarke Brinckerhoff at the Federal Trade Commission and Les Lauzier at the Virginia State Attorney General's Office.  Both these men expressed immediate concern about this practice, but seemed stymied about where it falls in terms of the law and how they should respond."

-- Nancy Carter, ISPs Seizing E-mail for Payment, October 30, 2001


"A former high-level State Department official, who maintains close contact with events in Pakistan, said he understands that Musharraf has assured the Bush Administration that 'only the most reliable military people remain in control of the nuclear arsenal, and if there's any real worry he'd disarm them. He does not want the crazies to precipitate a real war.'

Nonetheless, in recent weeks an élite Pentagon undercover unit -- trained to slip into foreign countries and find suspected nuclear weapons, and disarm them if necessary -- has explored plans for an operation inside Pakistan. In 1998, Pakistan successfully tested a nuclear device, heralded as the Islamic world's first atomic bomb. According to United States government estimates, Pakistan now has at least twenty-four warheads, which can be delivered by intermediate-range missiles and a fleet of F-16 aircraft.

Some of the government's most experienced South Asia experts have doubts about Musharraf's ability to maintain control over the military and its nuclear arsenal in the event of a coup; there are also fears that a dissident group of fundamentalist officers might try to seize a warhead. The Army and the influential Inter-Services Intelligence, or I.S.I., have long-standing religious and personal ties to many of the leaders of the Taliban, dating back to Afghanistan's war against the Soviet Union in the nineteen-eighties, when Pakistan was the main conduit for American support.

The crisis may bring into play the élite unit, operating under Pentagon control with C.I.A. assistance, whose mission it is to destroy nuclear facilities, past and present government officials told me. 'They're good,' one American said. 'If they screw up, they die. They've had good success in proving the negative' -- that is, in determining that suspected facilities were not nuclear-related.

The American team is apparently getting help from Israel's most successful special-operations unit, the storied Sayeret Matkal, also known as Unit 262, a deep-penetration unit that has been involved in assassinations, the theft of foreign signals-intelligence materials, and the theft and destruction of foreign nuclear weaponry. Members of the Israeli unit arrived in the United States a few days after September 11th, an informed source said, and as of last week were training with American special-forces units at undisclosed locations."

-- Seymour Hersh, Watching the Warheads: The risks to Pakistan's nuclear arsenal, October 29, 2001 (offsite)


"These four secret documents were produced by the South African National Intelligence Agency during 1998. Written by former white Afrikaner members of the apartheid National Intelligence Service (NIS) now employed since 1994 by the African National Congress/Communist Party government in NIA.

They describe, provide 'analysis' and transcribe a supposed conspiratorial meeting to disrupt the South African 1999 general election and pander to the increasing paranoia of ANC/SACP president Thabo Mbeki. In the event no such coup occurred.

The Civil Co-operation Bureau (CCB) is the apartheid military intelligence deniable operation under the control of General Rudolf  'Witkop' Badenhorst that was responsible for among other actions the murder of Swapo Laywer, Anton Lubowski, in neighbouring Namibia in August 1989 during the run-up to UN supervised elections and independence. It was disbanded before the ANC/SACP came to power in 1994.

Executive Outcomes is a private military company comprised of many former apartheid officers and NCOs. EO successfully defeated the Unita offensive in Angola against the Marxist (and US recognized) government in Luanda thus preserving its rule. At the insistence of UN secretary General Kofi Annan, Thabo Mbeki passed legislation prohibiting South Africans providing military, security or intelligence assistance to state and non-state actors. Permission is required from SACP stalwart Kadar Asmal (currently Minister of Education)."

-- Anonymous, Secret South African Disruption, October 28, 2001


"Just thinking about architecture in relation to the events of Sept. 11 is a major imaginative challenge. People died on that site. Even if their bodies are removed to Staten Island, this is where 6,000 people lost their lives. Corporate culture has no way of dealing with this. In corporate culture, no one ever dies. Everyone is young and glowing. The older we get, the younger we look. The fear of death is thus forestalled. Yet here is death.

Corporate America has encountered similar problems in the past: product recalls; class action suits; structural failures; hazardous wastes. It will find ways to deal with this, too. Time and space will be found to organize a competition to design a memorial. The making of memorials, in fact, has lately become an industry itself. Consultants will be enlisted from Hiroshima, Vienna and Oklahoma City. The memorial and new office towers will be artfully combined. There will be something for everyone. Everything will have been thought about, except thought itself.

There is something comforting, therapeutic, perhaps even divine about the determination to carry on. Only maniacs want the economy to fall apart. Only nut cases want cities to crumble, modernity to shrivel up, dreams to die. Even with the smoke still heavy in the air, it's desirable to live inside the world's most powerful economic engine. That desire is intrinsically healthy.

But the terrorist attack did not just create a crisis; it also exposed one. There is a cultural contradiction between the aims of corporate architects and the needs of the city they claim to represent. Here is money, here is death. Carrying on can be traumatic, even violent, as well as healing. The imagination thrives on such contradictions. The inclination of the status quo is to deny their existence, or to trivialize them into problems of design.

The Florentines embraced the contradictions of their day. The result was humanism. Through learning, the powerful undertook to support the imaginative. Arts formerly considered satanic were allowed free expression. Creativity was back. Life was affirmed. Princes didn't pretend to be artists. They hired artists. And artists didn't have to wear suits. To paraphrase Iris Murdoch, artists had the dirty, Orphic job of venturing down into the dark, hellish regions where ideas and images are formed. They came back with flawless beauty.

A sophisticated local and international audience is prepared to see how a great modern city could possibly wrap its imagination around money and death, ice cream and fate, success and terror. That audience is willing to wait. There is no rush to satisfy its expectations, certainly not while the world is still at war. The city is not a video game. Eros and Thanatos are in the air, along with heroism, connection to others, sacrifice, self-deception, grandiosity, paranoia and greed. At this early date, why should we think that any of these drives are ready to be contained? "

-- Herbert Muschamp, Power, Imagination and New York's Future, October 28, 2001


Beale Screamer's FreeMe crack of MS DRM2:

Technical details and philosophy of the crack: http://cryptome.org/ms-drm.htm

Zipped file of everything: FreeMe executable program, source code, technical details and philosophy:

Via Freenet:
freenet:KSK@msdrm2
freenet:CHK@xK7PG6G1WplhGrXAsWZsW~o7WYcOAwE,xJ~Iz735FtTNKjgTykoJGw

Here and elsewhere:

http://cryptome.org/FreeMe.zip (93KB)
http://www.theregister.co.uk/media/657.zip
http://www.student.oulu.fi/~mliimata/MSDRM_Hack.zip
http://jya.com/FreeMe.zip
http://216.167.120.50/FreeMe.zip

http://www.nunce.org/FreeMe.zip
http://www.typo.co.il/msdrm2/FreeMe.zip
http://h-filter.net/misc/657.zip
http://www.furinkan.net/mirror/657.zip
http://content.rc6.org/mirror/msdrm/657.zip
http://lookingglass.akardam.net/mirrored/msdrmv2-remtool/msdrm2-remtool.zip
http://whirlpool.net.au/mirror/freeme.zip

Mirror URLs of Beale Screamer's zipped welcomed. Send to jya@pipeline.com. PK below.

Beale Screamer's messages posted to newsgroup sci.crypt:

http://cryptome.org/beale-sci-crypt.htm


A major newspaper would like to interview Beale Screamer on the MS DRM crack. Beale is requested to propose a secure protocol for anonymous communication with a reporter and to authenticate being the author of the crack. Post the protocol to sci.crypt and/or send encrypted to jya@pipeline.com. PK below.

Privacy Alert: To balance the load on Cryptome automatic mirrors have been established:
www.eu.cryptome.org -- the main mirror, which has two or more hardly transparent back-ups:
www.nl.cryptome.org
www.at.cryptome.org

Anonymous operators of these mirrors swear no access logs are kept, not even for the usual undisclosed purposes, so be sure to protect yourself there and here and all around the Net.


Blocks of massive downloads are being reinstituted; innocents affected complain to jya.

______________________________

Thanks to A for mirror:

http://www.lessgov.org/cryptome

Thanks to SC for crypto software:

http://cnsint01.senecac.on.ca:8140/

Thanks to AJ for mirrors:

http://cryptome.sabotage.org

ftp://ftp.zedz.net/pub/varia/Cryptome/cryptome.org/

the whole shebang is available at:
ftp://ftp.zedz.net/pub/varia/Cryptome/

Thanks to mb for mirror:

http://while1.org/~xm/cryptome.tgz

Thanks to VP for mirror:

http://munitions.vipul.net/documents/cryptome/

Thanks to GB:

People who want/need a copy of Cryptome as of Sep 16 2001 can get a copy at
http://www.parrhesia.com/cryptome.tgz (248 Mb!)

or bit-by-bit at

http://www.parrhesia.com/cryptome/

For people who can do FTP, which usually transfers faster than HTTP, it's also at

ftp://bivens.parrhesia.com/cryptome.tgz

Quintessenz mirror located in Vienna, Austria:

http://cryptome.lo-res.org/

______________________________

Note: Cryptome is nearly shutdown by excessive downloading of the full archive. Most of Cryptome is non-essential stuff and doesn't deserve archiving elsewhere or mirroring. The crypto programs listed at http://jya.com/crypto-free.htm are much more important and should be widely mirrored.

We will distribute a few compressed copies of Cryptome for hosting elsewhere and those URLs will be publicized when ready.

We would appreciate limiting downloads to recent material and not the whole wad; our modest server cannot handle the overload. Otherwise to avoid unintentional shutdown we will have to reinstitute blocks recently lifted.

______________________________

Cryptome and a host of other crypto resources are likely to be shutdown if the war panic continues. What methods could be used to assure continued access to crypto for homeland and self-defense by citizens of all nations against communication transgressors?

A while back a list of global sites for accessing crypto and privacy tools was set up:

http://jya.com/crypto-free.htm

This list of crypto sources, and additions to it, should be mirrored and the mirrors widely publicized to aid citizen access to tools for personal and homeland protection worldwide from those urging war and terrorism at home and around the globe.

To supplement that, Cryptome would appreciate hearing by encrypted mail (anonymous remail too) what others have done or could do to stockpile and distribute self-dense tools. We've sent out a few hundred CDs of the Cryptome collection, and are considering offering here a ~100MB compressed package of the ~8000 files. If so, we would first make more of the packages available to other global sites to offset our bandwidth limitations.

There are only a few crypto programs in the files, mostly PGP since 2.62. We might grab more for inclusion unless others are doing that. To comply with law we'd have to notify BXA of any new program offerings.

Responses welcome: jya

Pipeline.com is owned by Earthlink, one of the ISPs reportedly now intercepted by Carnivore; Verio, host of this site, may be as well, your hosts too.

John Young PK below.

Advanced eBook Processor (AEBPR)

"Colleen Pouliot, Senior Vice President and General Counsel for Adobe, said, 'ElcomSoft's Advanced eBook Processor software is no longer available in the United States.' "

-- Adobe, EFF Call for Release of Dmitry Sklyarov, July 23, 2001

For background information and to download a trial version of the Adobe eBook-cracking program, AEBPR, see the ElcomSoft site: http://www.elcomsoft.com

Cryptome mirror of the AEBPR trial version: http://cryptome.org/aebpr/aebpr22.zip  (746KB)

For cryptographic scientific research allowed under the DMCA here is a key from Anonymous to boost the trial version -- which decrypts 25% of an eBook -- to its 100% capability (though not verified):

LEPR-T2K7-NA8Z-3DUE-EVDQS-TMPV-MBAUB

Thanks to ET:

"To verify the unlock key for Dimitry Sklyarov's AEBPR application create the following STRING VALUE in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Elcom\Advanced eBook Processor\Registration\Code

and assign it the value of the registration key provided on your site:

LEPR-T2K7-NA8Z-3DUE-EVDQS-TMPV-MBAUB

Start the AEPBR application and you will be all set."

Dmitry needs funds for legal defense. If you use AEBPR consider contributing to EFF or to Dmitry through PayPal.

"Call for Technical Submissions

I am interested in receiving and publishing the following kinds of information:

  • Technical descriptions of the access control and encryption mechanisms associated with PDF files and/or eBooks.
  • Technical descriptions of remedies for these mechanisms, e.g., patches, key recovery algorithms, modified plug-ins, etc.
  • Source code for implementing these remedies.

Mail submissions to Dave Touretzky. Anonymous submissions are fine."

-- Gallery of Adobe Remedies (offsite)

"Ever-more subtle and sophisticated Panoptic mechanisms continue to reduce the individual's privacy and integrity. Panopticism continues to limit the space in which civil liberties can be freely deployed. In the face of manipulative technologies, inventive reverse-engineering strategies are necessarily distributed, multiple, simultaneous, hybrid, interdisciplinary, opportunistic. We recall the dazzling efficacy of Ariadne's fragile silk thread in the face of the Minotaur's brutality. Last night, panelists reviewing the challenges to civil liberties wrought by SDMI and DMCA underscored the need for resistance through collaborations that reach across disciplinary boundaries and specializations. Institutional and disciplinary isolation -- and preaching to the choir -- constitute a prison of their own. Unexpected collaborations can offer productive strategies, and it is hoped that Cryptome and Cartome libraries offer useful tools towards the conceptualization of such novel strategies."
-- Deborah Natsios, Reversing the Panopticon, August 16, 2001 (at Cartome)


"A sparsely attended trial which unfolded in Tacoma’s US district courthouse the first week of April 2001 hardly seemed an event that might open a small but revealing view onto the shifting national security apparatus. But to outside observers following the criminal prosecution of Washington State resident Jim Bell, accused of stalking and intimidating local agents of the IRS, Treasury Department and BATF, the defendant was a symptomatic target, and the government’s stated case against him only a fragment of a more complex campaign linked to the evolving landscape of national and homeland defense.

In the government’s estimation, Bell had placed its Pacific Northwest agents "in reasonable fear of death or serious bodily injury". But for some trial-watchers, the case against James Dalton Bell, 43, was underpinned by a constellation of factors that made him more than the disaffected neighbor projecting antigovernment bile. Bell had invited the government’s fullest prosecutorial zeal because his technical skills placed him in more ambiguous terrain, that of untested gray zones within emerging national defense landscapes, which, by calling into question the impregnability of the national border, have been taking national security tactics incountry in unprecedented ways, deploying new rules of engagement to challenge national security threats within the US domestic interior."

-- Deborah Natsios, Homeland Defense and the Prosecution of Jim Bell, June 8, 2001 (At Cartome.org)

Cartome, a companion site to Cryptome, has been inaugurated. It is an archive of spatial and geographic documents on privacy, cryptography, dual-use technologies, national security and intelligence -- communicated by imagery systems: cartography, photography, photogrammetry, steganography, climatography, seismography, geography, camouflage, maps, images, drawings, charts, diagrams, imagery intelligence (IMINT) and their reverse-panopticon and counter-deception potential. Administrator is architect Deborah Natsios, longtime Cryptome partner.

"But Admiral Wilson wins the award for the most creative neologism, C3D2, which stands for 'cover, concealment, camouflage, denial and deception,' as in: 'Many potential adversaries -- nations, groups, and individuals -- are undertaking more and increasingly sophisticated C3D2 operations against the United States.' "

-- Vernon Loeb, CIA's Tenet Finds the Going Easier in 2001, February 19, 2001 (offsite)

Note: Due to recurring problems with abuse by spiders, bots, siphons and various automatic download programs, the originating addresses of all such programs will now be blocked. Please help stop burgeoning spider abuse.


  Cryptome Archives

   

| Echelon |     MI6     | TEMPEST | DVD-DeCSS |     GSM     |    PGP     |

Cryptout
Post-Latest

Cryptomb 9
Jan-Jun 2001

Cryptomb 8
Jun-Dec 2000

Cryptomb 7
Jan-May 2000

Cryptomb 6
Jul-Dec 1999

Cryptomb 5
Jan-Jun 1999

Cryptomb 4
Jun-Dec 1998

Cryptomb 3
Jan-May 1998

Cryptomb 2
Jun-Dec 1997

Cryptomb 1
To May 1997

Cryptome welcomes documents for publication that are prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security and intelligence -- open, secret and classified documents -- but not limited to those.

Documents are removed from this site only by order served directly by a US court having jurisdiction. No court order has ever been served; any order will be published here or elsewhere if gagged by order. Bluffs will be published if comical but otherwise ignored.

Send by e-mail, fax or mail:
Cryptome Administrator: John Young
E-mail: jya
Tel: (US) 212-873-8700
Fax: (US) 212-787-6102
Mail: 251 West 89th Street, New York, NY 10024

August 26, 2000: To avoid the ADK bug use PGP 2.6.2:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzHMJLAAAAEEALQamOmaVP3dWAxTWAtoK6SMp8smRTcLweBSLerX0BAAK5s8
c87yZSxKNGHwIejM0MpqbcpTOO5KwMSxAbefGfbOe815TB43pnHMET+itOCmwYsL
lHiuy12o63wETsr1d5EdqWh+dS+p35Ne3qiapoADm1KktJcqIudR7MF7a6tdAAUR
tB1Kb2huIFlvdW5nIDxqeWFAcGlwZWxpbmUuY29tPg==
=c8jN
-----END PGP PUBLIC KEY BLOCK-----

August 27, 2000: New PGP 6.5.8 Key:

ID: 0xC3207009
Fingerprint:
3791 CC39 66E8 EF1D CCA4  CA48 0C56 D974 C320 7009

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

mQGiBDmpjpURBAD6LkFyCYrXyetmgvdjf2DXynnYsy1j8keHW7qbiVQ2y3SgrEp1
bz5OTnqZ/qmLDUQ45s1q3PxgP473bEqK8PeXllJ5kRzOwfdexv2VBlQLLEQGlcza
Ke2vGXjWm5XGCIeVtYe2ToBh//6xkGn2tSp6U8Sj+NPYc0t8DvXyyIT7pQCg/0z1
y06zARLlS3fJn9W8gd6fJIED/1QUPbQS71kaS8zExgqzR716mMSD82yp3/qC6yOD
nTbCPV/vFGeM8zUvEz+HzAEHtQ9JAYfSukamWPM0N2hrNzDb9wRaWoQ9dWZdBwep
NlLW7vkwmhJsrTv+tabhCKYBM8b9XcWlM8aiwDtT8X/d5DoGTxSGTSk5tE3tMRng
g/ZTA/9h/iSEXTcRug1qPsnIqcquLVFt9VVR3xTPnN1CqosLIv9oL3K4LkEvWzn/
j5TLQBxPPfPiNnYtk0JuXj/fRVbSVTvFZMawwp43+PCSVB0mtsulzmrTosqI568q
Qp5/fM903AGdh2GGDV9IA22CX2BtMEAUXsc4ShwhH0dFh6fWZ7QdSm9obiBZb3Vu
ZyA8anlhQHBpcGVsaW5lLmNvbT6JAE4EEBECAA4FAjmpjpUECwMCAQIZAQAKCRAM
Vtl0wyBwCYBDAJ9H5kmH+Lzk/uF5C1o983nDh8Ll4gCfdtVIfGZ2nVIKPb+LzN9b
A4Yh5K+5Ag0EOamOlRAIAPZCV7cIfwgXcqK61qlC8wXo+VMROU+28W65Szgg2gGn
VqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh01D49Vlf3HZSTz09jdvOmeFX
klnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscBqtNbno2gpXI61Brwv0YAWCvl
9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFstjvbzySPAQ/ClWxiNjrtVjLhd
ONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISnCnLWhsQDGcgHKXrKlQzZlp+r
0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVekyCzsAAgIH/i3wAsfX3gaaq21t
eXKBv6YO85gUFa6CFzRZemwFW9n1RzAnYUCNoLSZ4pmGnWKs7t50zS9sie1fLHCA
aZ6CuJNQOF8MAaxgX3DqQRnInKJyK+WSSH5YOG4N5Bq7CMvbLiMDVKOtJFxEX4Kq
Dd+0nCkGce7uwoBzU+rbINEeEVZdo6Pr+J5dfm+4Ac8WQ/HeHlwUmkg0YXZPkkDD
MdjrxoTvUEKECjk3Orwrymj/531hIKZDDme4LqjDbPCOon1WaKIBJEudXMESUiIW
tdQNGCHEZKChfwuX7tq9SFfHlc5fzOqBfXxHvvMMgRk4IfZWI3ZPWdbSoGQ+9mFK
59AToVuJAEYEGBECAAYFAjmpjpUACgkQDFbZdMMgcAlX4QCgwjrFBkAq+Q6CvsLW
I/Z8BY/ETR0AoOcddpzxnmLBjf97J4WUII7tNcZ4
=0rDn
-----END PGP PUBLIC KEY BLOCK-----



JYA is a companion archive of Cryptome. Information there describes the sites' operator.