An Open Letter to Police on the Occasion of This Eviction

The police line at Pine and Broadway, the night of the Zuccotti eviction

Dear Police, upon the occasion of the eviction of Occupy Philadelphia and Occupy LA:

It is not my place to say whether what you are about to do is right or wrong, and it doesn’t matter what I believe either way. You are going to evict this occupation, and all the resistance this ragtag band of sleep-deprived community organizers, volunteers, and chronically homeless could put up might, at best, delay you by a matter of hours. You, the occupiers, and we in the media: we all know these conflicts can only have one outcome.

What I am asking you to change is your demeanor. I have seen you be confrontational, frivolous, spiteful, insulting, self-righteous, and even at times, solemn.

There is something I’d like you to know about what you’re about to do. You don’t know these occupys like I do. This isn’t your fault; you can’t. You’re largely not welcome in many of them, because we all know what you will eventually do to them. Even if you’ve visited, you have to hold yourself distant from their story, even as I immerse myself in it. You’d no more want to hang out and get to the know the camps the way I have than you’d want to cuddle and name a calf that’s meant to be tomorrow’s veal dinner.

These camps, these collections of tarps and tents, are more than you see. They are the sweat and treasure of hundreds, sometimes thousands of people trying to learn how to take care of each other. The fucked-up kids, street kids and old homeless are as important as the community organizers and grad students.

They’ve all come to this place and tried to build a way to talk to and take care of each other, after giving up on a system they believe has failed them. This is what they’ve poured their hearts and their best thinking into. It may not be legal. It may, in your opinion and many others, not even be a good idea. But they’ve built a village. There are libraries and kitchens, places for women, places to provide shelter and clothing. There are even little temples here.

People have sanctified this space with their hope. It is imprinted with their lost nights, their spare money, their effort and their bodies. The places you see covered in plastic sheets and bric-a-brac are thick with memories: the echos of unguarded conversations, of commitments made, of love and struggle and compromise.

When you go in and wipe this place clean, and you will, what I ask is that you do it solemnly.

Do it with the gravity of the execution, not the frivolity of the easy triumph.

When people scream at you, think of them as the family members of the condemned, not as your enemies. Be, insofar as you can, gentle. Remember that when you are gone tomorrow and there is nothing left, these people will remain, not merely angry but emptied of effort. They will be hunting for friends lost in the fray, for scraps and bits of the life they built together. They will have lost their place to be in the world.

Remember that these people, whether misguided or not, stayed because they all found here something they needed. Some of them were listened to for the first time in their lives here; others found a place where people accepted them. A few were told hard truths about their own failings.

There are middle-class professional occupiers here who did something they believed in for the first time in many years. They’d lived outwardly successful but inwardly desperate lives, drained of the sense that anything they did could ever matter.

A few even came to prey on this place, but found something that mattered more than their own appetites for the first time. Almost none of them were good at being these new people, and it will show. I’m sorry for that. These people were weeks in on years-long journeys to be new.

Be merciful in the execution of your orders. Respect, if not the thing built, the hearts behind the building.

Photo: Quinn Norton/Wired

This post is part of a special series from Quinn Norton, who is embedding with Occupy protestors and going beyond the headlines with Anonymous for For an introduction to the series, read Quinn’s description of the project.

Feds Withholding Evidence Favorable to Bradley Manning, Lawyer Charges

The civilian lawyer for Bradley Manning, the Army private who allegedly leaked tens of thousands of classified U.S. government documents to WikiLeaks, is seeking to question the severity of the leak by requesting the government’s own internal damage assessments that reportedly contradict statements that Manning irreparably damaged national security.

Manning’s defense attorney, David E. Coombs, is attempting to get evidence from the government to defend Manning in his upcoming pre-trial hearing on Dec. 16, but says the government is stonewalling him.

“The defense has repeatedly requested the below discovery in this case, but the government has consistently responded with a blanket denial of the defense request,” Coombs wrote in the partially redacted filing.

The evidence Coombs seeks includes copies of internal reports conducted by task forces assessing the damage from and the classification levels of the 250,000 State Department diplomatic cables and 500,000 classified Iraq and Afghanistan war field reports allegedly leaked by Manning to WikiLeaks.

Published information about the various reports put them at odds with each other, Coombs notes. One assessment conducted by the Defense Intelligence Agency concluded that all of the information allegedly leaked was dated, represented low-level opinions, or was already commonly known due to previous public disclosures, while an official at another government office indicated that the leaks had caused damage to national security.

Coombs wants to use the DIA report, along with another unpublished one apparently commissioned by the White House, to ban witnesses from describing the leaks as more damaging than these official reports found them to be.

Manning is charged with 22 violations, which could get him up to life in prison if convicted.

The filing also sheds light on other likely avenues Coombs will use to mitigate or challenge the charges against Manning, including questioning the actions of President Barack Obama and Manning’s betrayer, Adrian Lamo.

For instance, Coombs seeks “known evidence tending to diminish credibility of any government witness including, but not limited to, prior convictions under Military Rule of Evidence (M.R.E.) 609, evidence of other character, conduct, or bias bearing on witness credibility under M.R.E. 608. Specifically, the defense requests the name and contact information for any law enforcement agent working with —.”

The name is blacked out in the document, but could be an indication that the defense will seek to discredit Lamo, a former hacker and prosecution witness who turned Manning in to authorities after Manning allegedly confessed to Lamo in chat logs that he leaked thousands of government documents to WikiLeaks.

In a section of the document that refers to the White House, the document seeks information about any assessment “given by any member of the government to —”. Although the identity of the person receiving the assessments is redacted in the document, a subsequent sentence seems to indicate it refers to President Barack Obama.

“The defense requests any e-mail, report, assessment, directive, or discussion by — to the Department of Defense concerning this case in order to determine the presence of unlawful command influence,” the sentence reads.

At a press conference last week, members of the Bradley Manning Support Network, which has raised money for Manning’s defense, argued that public comments that President Obama made earlier this year suggesting that Manning is guilty constituted illegal command influence on the military court from the nation’s commander in chief.

Obama told an audience in April, “If I was to release stuff, information that I’m not authorized to release, I’m breaking the law.”

“I can’t imagine a juror who wants to have a future in the military … going against the statement of [guilty] made by his or her commander-in-chief,” said Kevin Zeese, a legal advisor to the Bradley Manning Support Network. Zeese was referring to the military judge and jury who will preside over the hearing and subsequent court martial of Manning and could be swayed to convict based on Obama’s statements.

Coombs’ filing also addresses issues around Manning’s alleged mistreatment in prison, asking the government to hand over copies of all audio and video surveillance of the visitation booths at the Marine Corps brig in Quantico, Virginia, and at Ft. Leavenworth, Kansas, where Manning was moved earlier this year. Coombs requested a video the military apparently took of Manning when he was ordered to surrender his clothing while in custody earlier at Quantico.

“When PFC Manning was being ordered to surrender his clothes as part of the unnecessary suicide risk, the Brig made the decision to videotape this event along with an interrogation of PFC Manning by — and others,” Coombs writes. “The defense believes the video will support PFC Manning’s claim of unlawful pretrial punishment. The government has yet to respond to the defense request.”

The request also appears to solve some of the mystery behind two of the charges against the former Army intelligence analyst related to unauthorized software he’s accused of installing on classified government networks during the time he allegedly siphoned hundreds of thousands of documents off that classified network. Manning allegedly installed the software twice on Army computers connected to SIPRnet, the Secret Internet Protocol Router Network that has been identified as the original source of WikiLeaks’ large-scale U.S. releases.

The charges never identified the nature of the software, but last April, an Army spokeswoman clarified the charges for Threat Level. “The allegations … refer to data-mining software,” spokeswoman Shaunteh Kelly wrote in an e-mail, noting that the two allegations related to “the same data-mining software used on two different dates.”

Kelly, however, declined to identify the exact data-mining program that was used, writing that “Identifying at this point the specific software program used may potentially compromise the ongoing criminal investigation.”

If Manning installed data-mining software on his SIPRnet workstation, it could potentially strengthen the government’s case against him if it can be shown that the software helped him search for and steal documents. But “data-mining software” is a broad term for any number of different kinds of software programs that collect data.

In order to make the case that Manning wasn’t the only soldier to install unauthorized programs on classified networks, Coombs requested forensic images of each computer from the Tactical Sensitive Compartmented Information Facility (T-SCIF) and the Tactical Operations Center (TOC) at Forward Operating Base Hammer in Iraq, where Manning allegedly downloaded the data that was passed to WikiLeaks. Coombs is hoping to prove “it was common for soldiers to add unauthorized computer programs” to government systems, that apparently helped the soldiers do their work.

Among the programs soldiers commonly installed, he writes, were mIRC (an Internet Relay Chat client for Windows); Wget (a web crawler that improves activity on slow or unstable network connections); GEOTRANS (an application that allows a user to collect and use geographic coordinates from a variety of systems, maps and data sets); and Grid Extractor (an executable program that extracts MGRS grids from text documents and imports them into a Microsoft Excel spreadsheet).

Both of the last two programs mentioned, GEOTRANS and Grid Extractor, could conceivably be classified as data-mining programs, though it’s not known if either of these programs was specifically installed by Manning or if one of them is the basis for the government’s charges against Manning. If the defense can show that these programs were commonly used by Manning and other soldiers to aid in their daily work, this could weaken those particular charges against Manning.

Feds Seize 150 Domain Names in Counterfeit Crackdown

Federal authorities have seized the online names of 150 websites allegedly hawking counterfeit and copyright goods, bringing to 350 the number of domains taken as part of a forfeiture program that began a year ago.

Monday’s announcement of the seizures falls on the biggest online shopping day of the year, known as “Cyber Monday.” The development comes as Congress is debating granting private rights holders the ability to cripple websites by blocking ad traffic and financing to sites they believe are violating their copyright and trademark rights.

“Through this operation we are aggressively targeting those who are selling counterfeit goods for their own personal gain while costing our economy much-needed revenue and jobs,” Attorney General Eric Holder said in a statement. “Intellectual property crimes harm businesses and consumers, alike, threatening economic opportunity and financial stability, and today we have sent a clear message that the department will remain ever vigilant in protecting the public’s economic welfare and public safety through robust intellectual property enforcement.”

Federal authorities are taking .com, .org. and .net domains under the same civil-seizure law the government invokes to seize brick-and-mortar drug houses, bank accounts and other property tied to alleged illegal activity. The feds are able to seize the domains because Verisign, which controls the .net and .com names, and the Public Interest Registry, which runs .org, are U.S.-based organizations. Under civil forfeiture laws, the person losing the property has to prove that the items were not used to commit crimes.

Immigration and Customs Enforcement leaves behind a message to online visitors that a site has been seized under a program called “Operation in Our Sites.”  Those messages have received 77 million page views, the government said.

Sen. Ron Wyden (D-Ore.) has questioned the operation, saying the process does not give “targeted websites an opportunity to defend themselves before sanctions are imposed.”

The government said Monday that undercover agents purchased counterfeit sports jerseys, golf equipment, DVD sets, footwear, handbags and sunglasses from the sites before obtaining seizure orders from federal judges.

At least one site has unsuccessfully challenged a forfeiture in federal court, a decision that is on appeal.

The site’s .com and .org domains were seized in January along with eight others connected to pirated streams of professional sports. Puerto 80, which owns the site, claims Rojadirecta had some 865,000 registered users until its seizure, and denies committing copyright infringement.

Puerto 80 describes the site as a discussion board where members can talks sports, politics and other topics, and it additionally links to sports streams hosted elsewhere. The site, which now operates as, also includes a section called downloads, where users post links to recorded sporting events that can be downloaded from file-sharing sites.

Here is a list of the affected sites, as first reported by TorrentFreak.

Evolution of Russian Phone Number Spam

Article contributed by Emily Liu, Symantec Security Response Technician

Most of the Russian spam emails we usually encounter are about online advertising, product promotion, and training workshops. These spam emails typically are sent out unsolicited from free or hijacked personal email accounts, without opt-out, and have randomized subjects to avoid being caught in spam filters. Despite the use of random subjects, we continue to observe spammers who like to list phone numbers in the email as the only available means of contact instead of direct URL links.

Here is an example of a recent Russian event promotion spam:

Here is the English translation:

Figure 1. Russian-language spam promotion

Are you able to spot any abnormalities in the message? Look closely at the phone numbers at the bottom: Some digits are not written as numbers but instead as letters. Spammers have replaced the numerical digits with look-alike Russian/English characters in the phone number, a technique to avoid spam-detection we will look at below.

To begin, what follows are a few examples of how spammers have employed this method during the past few years. First, here is a simple set of contact phone numbers listed below:

Then, spammers change the phone number by inserting some random symbols between the numbers:

Eventually spammers become more sophisticated and begin to replace numbers with look-alike Russian or English alphabets. Here is a list of characters which resemble numbers in both Russian and English languages:

Figure 2. Russian and English letters which resemble numbers

Using this chart above, and some creativity, the original list of plain phone numbers can be changed to look like this:

Anti-spam technology has been effective in identifying and filtering out these spam patterns over time, which leaves the spammers with no choice but to get even more creative and come out with even better new tricks. In 2010, for instance, we observed spammers were beginning to spell out phone numbers in actual Russian words, as highlighted below:

Figure 3. Russian and English words representing numbers

Using this approach, and the original list of phone numbers we started with, the contact numbers now look even more complicated, as follows:

However, spammer creativity does not end there; they also came up with the idea of replacing area codes with the actual name of the city which it represents. Take the city Moscow, for instance. The area code for Moscow is 495. Therefore, area code 495 will be replaced by the Russian word for Moscow (Москва) or just the abbreviated city name code (MOW/Moc):

And, more recently, we observed yet another way to spoof the digits. In the examples shown above, some digits were spelled out in Russian, but just one digit at a time. Now, the spelling has progressed into double-digits (including two digits, not just one), as shown in the example below:

Figure 4. Examples of double-digit spelling in spam

It’s interesting to observe the tricks spammers often come up with to evade detection by spam filters. Fortunately, all of these tricks discussed above can be caught using the latest technology. As for spammers, they will have to think harder to come up with some new tricks. Symantec intelligence always keeps a vigilant watch over the latest spam trends so we can develop the best strategy in dealing with tricks like the Russian phone number puzzle investigated here.