|Main Archive Page > Month Archives > full-disclosure-uk archives|
(* *) Phrack #64 file 4 (* *)
| - | | - |
| | The Revolution will be on YouTube | |
| | | |
| | By Gladio | |
| | | |
| | Gladio@phrack.org | |
Forget everything you know about revolutions. It's all wrong.
Fighting a conventional war in an industrialized nation is suicide.
if you could field a military force capable of defeating the government
forces, the wreckage wouldn't be worth having. Think about mortar shells
landing in chemical plants. Massive toxic waste spills. Poisonous clouds
drifting with the winds. Fighting a war in your own backyard is just plain stupid. Notice how the super-powers fight each other with proxy
wars in other countries.
Sure it might be fun to form a militia and go play army with your
in Idaho. Got some full-auto assault rifles? Maybe even mortars, heavy
machine guns and some anti-aircraft guns?
Think they can take out an AC-130 lobbing artillery shells from 12
away? A flight of A-10s spitting depleted uranium shells the size of your
fist at a rate that makes the cannon sound like a redlined dirt bike? A
shooting war with a modern government is a shortcut to obliteration.
Most coups are accomplished (or thwarted) by skillful manipulation
information. There have been a number of countries where tyrants (and
legitimate leaders) have been overthrown by very small groups using mass
The typical method involves blocking all (or most) information
controlled by the government, and supplying an alternative that delivers
your message. Usually, you just announce the change in government, tell
everyone they are safe and impose a curfew for a short time to consolidate
your control. Announce that the country, the police and the military are
under your control, and keep repeating it. Saturate the airwaves with your
message, while preventing any contradictory messages from propagation.
Virtually all broadcast media use the telephone network to deliver
from their studios to their transmitters. Networks use satellites and
pstn to distribute content to local stations, which then use pstn to deliver it to the transmitter site.
Hijacking these phone connections accomplishes both goals, of
'official' media access, and putting your own message out.
In cases where you can't hijack the transmitters, dropping the pstn
will be effective. Police and military also use pstn to connect
centers with transmitter towers. Recently, many have installed wireless
(microwave) fallback systems.
Physically shutting down the pstn just prior to your broadcasts may
very effective. This is most easily accomplished by physical damage to
the telco facilities, but there are also non-physical technical means to
do this on a broad scale. Spelling them out here would only result in the
holes being closed, but if you have people with the skill set to do this,
it is preferable to physical means because you will have the advantage
of utilizing these communications resources as your plan progresses.
Leveraging the Internet
Most of the FUD produced about insurgence and the internet is
"taking down" the internet. That's probably not the most effective use
of technical assets. An insurgency would benefit more from utilizing the
net. One use is mass communications. Get your message out to the masses
and recruit new members.
Another use is for communications within your group. This is where
get sticky. Most governments have the ability to monitor and intercept
their citizen's internet traffic. The governments most deserving of being overthrown are probably also the most effective at electronic surveillance.
The gov will also infiltrate your group, so forums aren't going to
be the best means of communicating strategies and tactics. Forums
be useful for broad discussions, such as mission statements, goals and
recruiting. Be wary of traffic analysis and sniffing. TOR can be useful,
particularly if your server is accessible only on TOR network.
Encryption is your best friend, but can also be your worst enemy.
in mind that encryption only buys you time. A good, solid cipher will
not likely be read in real time by your opponent, but will eventually
be cracked. The important factor here is that it not be cracked until
it's too late to be useful.
A one time pad (OTP) is the best way to go. Generate random data and
write it to 2, and only 2, DVDs. Physically transport the DVDs to
communications endpoint. Never let them out of your direct control. Do
not mail them. Do not send keys over ssh or ssl. Physically hand the DVD
to your counterpart on the other end. Never re-use a portion of the key.
Below is a good way to utilize your OTP:
Generate a good OTP (K), come up with a suspicious alternate message
(M), and knowing your secret text (P), you calculate (where "+" =
K' = M + K
K'' = P + K
C = K' + P
Lock up K'' in a safety deposit box, and hide k' in some other off
site, secure location. Keep C around with big "beware of Crypto
signs. When the rubber hose is broken out, take at least 2 good lickings,
and then give up the key to the safety deposit box. They get K'', and calculate
K'' + C = M
thus giving them the bogus message, and protecting your real text.
The classic "cellular" configuration is the most secure against
infiltration and compromise. A typical cell should have no more
members. One leader, 2 members who each know how to contact one member
of an 'upstream' cell, and 2 members who each know how to contact one
member of a downstream cell. Nobody, including the leader, should know
how to contact more than one person outside of their own cell.
Never use your real name, and never use your organizational alias in any other context.
Electronic communications between members should be kept to a
minimum. When it is necessary, it should only be conducted via the
cipher. Preferably, these communications should consist of not much more
than arranging a physical meeting. Meet at a pre-arranged place, and
then go to another, un-announced place where surveillance is difficult,
to discuss operational matters.
Do not carry a phone. Even a phone which is switched off can be
tracked, and most can be used to eavesdrop on discussions even when
powered down. Removing the battery is only marginally safer, because
tracking/listening gear can be built into the battery pack. If you
yourself stuck with a phone during a meeting, remove the battery and place both the phone and battery in a metal box and remove it from the
immediate area of conversation.
It never hurts to generate some bogus traffic. Gibberish, random
innocuous stories etc., all serve to generate noise in which to better
hide your real communications.
Steganography can be useful when combined with solid crypto.
stego small messages into something like a full length movie avi, and
distribute it to many people via a torrent. Only your intended recipient
will have the key to decrypt the stegged message. Be sure to stego some
purely random noise into other movies, and torrent them as well.
Hopefully you'll find this document useful as a starting point for
further discussion and refinement. It's not meant to be definitive,
is surely not comprehensive. Feel free to copy, add, edit or change as
you see fit. Please do add more relative to your area(s) of expertise. -- Click to get freedom from your annoying glasses. Save on LASIK surgery. http://tagline.hushmail.com/fc/CAaCXv1RuqPFiCNGPfNWUZuSsrrmGaem/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/