Hacking is simple, says author claiming role in breach of spyware firm

An anonymous author who claims to be the hacker who penetrated controversial UK-based Gamma Group International and aired 40 gigabytes of its dirty laundry has published a how-to guide for other hacktivists.

"I'm not writing this to brag about what an 31337 h4x0r I am and what m4d sk1llz it took to 0wn Gamma," wrote the author, who rightly cautions that the unauthorized access of other people's networks is illegal. "I'm writing this to demystify hacking, to show how simple it is, and to hopefully inform and inspire you to go out and hack shit. If you have no experience with programming or hacking, some of the text below might look like a foreign language. Check the resources section at the end to help you get started."

The do-it-yourself guide explains how hackers can map entryways into a target's network, scan for vulnerable services and exploit any that are found. It also lists some of the most common methods hackers use to keep their IP addresses and other digital fingerprints off their attacks. Among other things, the how-to suggests installing Whonix inside a hidden encrypted volume created by TrueCrypt and carrying out all operations from there. It also counsels against using Tor and instead using hacked servers. Again, this is illegal.

Read 1 remaining paragraphs | Comments

Father of PGP encryption: Telcos need to get out of bed with governments

Sean Gallagher

LAS VEGAS—Phil Zimmermann, the creator of Pretty Good Privacy public-key encryption, has some experience when it comes to the politics of crypto. During the “crypto wars” of the 1990s, Zimmermann fought to convince the US government to stop classifying PGP as a “munition” and shut down the Clipper Chip program—an effort to create a government-mandated encryption processor that would have given the NSA a back door into all encrypted electronic communication. Now Zimmermann and the company he co-founded are working to convince telecommunications companies—mostly overseas—that it’s time to end their nearly century-long cozy relationship with governments.

Zimmermann compared telephone companies’ thinking with the long-held belief that tomatoes were toxic until it was demonstrated they weren’t. “For a long time, for a hundred years, phone companies around the world have created a culture around themselves that is very cooperative with governments in invading people’s privacy. And these phone companies tend to think that there’s no other way—that they can’t break from this culture, that the tomatoes are poisonous," he said.

A call for crypto

Back in 2005, Zimmermann, Alan Johnston, and Jon Callas began work on an encryption protocol for voice over IP (VoIP) phone calls, dubbed ZRTP, as part of his Zfone project. In 2011, ZRTP became an Internet Engineering Task Force RFC, and it has been published as open source under a BSD license. It’s also the basis of the voice service for Silent Circle, the end-to-end encrypted voice service Zimmermann co-founded with former Navy SEAL Mark Janke. Silent Circle, which Ars tested on the Blackphone in June, is a ZRTP-based voice and ephemeral messaging service that generates session-specific keys between users to encrypt from end to end. The call is tunneled over a Transport Layer Security-encrypted connection through Silent Circle’s servers in Canada and Switzerland. ZRTP and the Silent Circle calls don’t rely on PGP or any other public key infrastructure, so there’s no keys to hand over under a FISA order or law enforcement warrant.

Read 9 remaining paragraphs | Comments