[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]


..[ Phrack Magazine ]..
.:: The revolution will be on YouTube ::.

Issues: [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [ 20 ] [ 21 ] [ 22 ] [ 23 ] [ 24 ] [ 25 ] [ 26 ] [ 27 ] [ 28 ] [ 29 ] [ 30 ] [ 31 ] [ 32 ] [ 33 ] [ 34 ] [ 35 ] [ 36 ] [ 37 ] [ 38 ] [ 39 ] [ 40 ] [ 41 ] [ 42 ] [ 43 ] [ 44 ] [ 45 ] [ 46 ] [ 47 ] [ 48 ] [ 49 ] [ 50 ] [ 51 ] [ 52 ] [ 53 ] [ 54 ] [ 55 ] [ 56 ] [ 57 ] [ 58 ] [ 59 ] [ 60 ] [ 61 ] [ 62 ] [ 63 ] [ 64 ] [ 65 ] [ 66 ] [ 67 ] [ 68 ]
Current issue : #64 | Release date : 2007-05-27 | Editor : The Circle of Lost Hackers
IntroductionThe Circle of Lost Hackers
Phrack Prophile of the new editorsThe Circle of Lost Hackers
Phrack World NewsThe Circle of Lost Hackers
A brief history of the Underground sceneDuvel
Hijacking RDS TMC traffic information signallcars & danbia
Attacking the Core: Kernel Exploitation Notestwiz & sgrakkyu
The revolution will be on YouTubegladio
Automated vulnerability auditing in machine codeTyler Durden
The use of set_head to defeat the wildernessg463
Cryptanalysis of DPA-128sysk
Mac OS X Wars - A XNU Hopenemo
Hacking deeper in the systemscythale
The art of exploitation: Autopsy of cvsxplAc1dB1tch3z
Know your enemy: Facing the copsLance
Remote blind TCP/IP spoofingklm
Hacking your brain: The projection of consciousnesskeptune
International scenesVarious
Title : The revolution will be on YouTube
Author : gladio
              _                                                _
            _/B\_                                            _/W\_
            (* *)             Phrack #64 file 7              (* *)
            | - |                                            | - |
            |   |     The Revolution will be on YouTube      |   |
            |   |                                            |   |
            |   |                 By Gladio                  |   |
            |   |                                            |   |
            |   |              Gladio@phrack.org             |   |
            (____________________________________________________)


Forget everything you know about revolutions. It's all wrong.

Fighting a conventional war in an industrialized nation is suicide. Even
if you could field a military force capable of defeating the government
forces, the wreckage wouldn't be worth having. Think about mortar shells
landing in chemical plants. Massive toxic waste spills. Poisonous clouds
drifting with the winds. Fighting a war in your own backyard is just
plain stupid. Notice how the super-powers fight each other with proxy
wars in other countries.

Sure it might be fun to form a militia and go play army with your friends
in Idaho. Got some full-auto assault rifles?  Maybe even mortars, heavy
machine guns and some anti-aircraft guns?

Think they can take out an AC-130 lobbing artillery shells from 12 miles
away? A flight of A-10s spitting depleted uranium shells the size of your
fist at a rate that makes the cannon sound like a redlined dirt bike? A
shooting war with a modern government is a shortcut to obliteration.

Most coups are accomplished (or thwarted) by skillful manipulation of
information. There have been a number of countries where tyrants (and
legitimate leaders) have been overthrown by very small groups using mass
communications effectively.

The typical method involves blocking all (or most) information sources
controlled by the government, and supplying an alternative that delivers
your message. Usually, you just announce the change in government, tell
everyone they are safe and impose a curfew for a short time to consolidate
your control. Announce that the country, the police and the military are
under your control, and keep repeating it. Saturate the airwaves with your
message, while preventing any contradictory messages from propagation.

Virtually all broadcast media use the telephone network to deliver content
from their studios to their transmitters.  Networks use satellites and
pstn to distribute content to local stations, which then use pstn to
deliver it to the transmitter site.

Hijacking these phone connections accomplishes both goals, of denying the
'official' media access, and putting your own message out.

In cases where you can't hijack the transmitters, dropping the pstn
will be effective. Police and military also use pstn to connect dispatch
centers with transmitter towers. Recently, many have installed wireless
(microwave) fallback systems.

Physically shutting down the pstn just prior to your broadcasts may be
very effective. This is most easily accomplished by physical damage to
the telco facilities, but there are also non-physical technical means to
do this on a broad scale.  Spelling them out here would only result in the
holes being closed, but if you have people with the skill set to do this,
it is preferable to physical means because you will have the advantage
of utilizing these communications resources as your plan progresses.


Leveraging the Internet

Most of the FUD produced about insurgence and the internet is focused on
"taking down" the internet. That's probably not the most effective use
of technical assets. An insurgency would benefit more from utilizing the
net. One use is mass communications. Get your message out to the masses
and recruit new members.

Another use is for communications within your group. This is where things
get sticky. Most governments have the ability to monitor and intercept
their citizen's internet traffic. The governments most deserving of
being overthrown are probably also the most effective at electronic
surveillance.

The gov will also infiltrate your group, so forums aren't going to
be the best means of communicating strategies and tactics. Forums can
be useful for broad discussions, such as mission statements, goals and
recruiting. Be wary of traffic analysis and sniffing. TOR can be useful,
particularly if your server is accessible only on TOR network.

Encryption is your best friend, but can also be your worst enemy. Keep
in mind that encryption only buys you time. A good, solid cipher will
not likely be read in real time by your opponent, but will eventually
be cracked. The important factor here is that it not be cracked until
it's too late to be useful.

A one time pad (OTP) is the best way to go. Generate random data and
write it to 2, and only 2, DVDs. Physically transport the DVDs to each
communications endpoint. Never let them out of your direct control. Do
not mail them. Do not send keys over ssh or ssl. Physically hand the DVD
to your counterpart on the other end. Never re-use a portion of the key.

Below is a good way to utilize your OTP:

Generate a good OTP (K), come up with a suspicious alternate message
(M), and knowing your secret text (P), you calculate (where "+" = mod
26 addition):

K' = M + K 
K'' = P + K 
C = K' + P

Lock up K'' in a safety deposit box, and hide k' in some other off
site, secure location. Keep C around with big "beware of Crypto systems"
signs. When the rubber hose is broken out, take at least 2 good lickings,
and then give up the key to the safety deposit box. They get K'',
and calculate

K'' + C = M

thus giving them the bogus message, and protecting your real text.


Operational Security

The classic "cellular" configuration is the most secure against
infiltration and compromise. A typical cell should have no more than 5-10
members. One leader, 2 members who each know how to contact one member
of an 'upstream' cell, and 2 members who each know how to contact one
member of a downstream cell. Nobody, including the leader, should know
how to contact more than one person outside of their own cell.

Never use your real name, and never use your organizational alias in
any other context.

Electronic communications between members should be kept to a
minimum. When it is necessary, it should only be conducted via the OTP
cipher. Preferably, these communications should consist of not much more
than arranging a physical meeting.  Meet at a pre-arranged place, and
then go to another, un-announced place where surveillance is difficult,
to discuss operational matters.

Do not carry a phone. Even a phone which is switched off can be
tracked, and most can be used to eavesdrop on discussions even when
powered down. Removing the battery is only marginally safer, because
tracking/listening gear can be built into the battery pack. If you find
yourself stuck with a phone during a meeting, remove the battery and
place both the phone and battery in a metal box and remove it from the
immediate area of conversation.

It never hurts to generate some bogus traffic. Gibberish, random data,
innocuous stories etc., all serve to generate noise in which to better
hide your real communications.

Steganography can be useful when combined with solid crypto. Encrypt and
stego small messages into something like a full length movie avi, and
distribute it to many people via a torrent. Only your intended recipient
will have the key to decrypt the stegged message. Be sure to stego some
purely random noise into other movies, and torrent them as well.

Hopefully you'll find this document useful as a starting point for
further discussion and refinement. It's not meant to be definitive, and
is surely not comprehensive. Feel free to copy, add, edit or change as
you see fit. Please do add more relative to your area(s) of expertise.
[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]
© Copyleft 1985-2014, Phrack Magazine.