LEO's - Page 4

lullabud · 05-19-2002

Quote:

Originally posted by db8tr
Last night I was out stumbling and ran into a DUI checkpoint. When the officer came to my window and saw all of my gear on the seat next to me plus the antennas on the roof, he looked at me like I was up to no good. After figuring out that I was not drunk, he asked me what I was doing with all of my equipment. I told him that I am an amateur radio operator (which is true) and that I was out testing my new equipment. He immeadiately became at ease, told me to have a great night, and waved me through the checkpoint. Where I live (in Kansas) Law Enforcement generally has a good impression of hams since we do all of the storm spotting for the nws. So, at least around here I don't think the LEO's are going to be a problem.

i'm willing to bet the ideal stumble rig for being inconspicuous would be a jeep with cb antennas and stuff on it. just all tricked out with light bar, antennas, winch, CB on the dash, gas tanks, anything you can think of. basically you'd look like you were an accessory freak anyhow, and your gear would blend in, especially to the cb stuff.

blackwave · 05-19-2002

Quote:

Originally posted by lullabud
i'm willing to bet the ideal stumble rig for being inconspicuous would be a jeep with cb antennas and stuff on it. just all tricked out with light bar, antennas, winch, CB on the dash, gas tanks, anything you can think of. basically you'd look like you were an accessory freak anyhow, and your gear would blend in, especially to the cb stuff.

I am not sure where everybody is representing... but here in California, Socal, someone will have the audacity to break a windshield to get 50 cents in change off your dashboard.

In this environment I make sure that everything I buy for my auto is as portable as possible... (hence why I am looking for an iPAQ) that way I can throw whatever it is into a backpack, or into the trunk(that is disabled from opening with anything other than the key(inside and out))... even when I am driving with a pal, and they leave a book in the car, I ask them to place it in the trunk if we get out of the auto for any reason. I leave nothing to temptation, nothing.

this allows the would-be opportunist theif to find a more tempting offer...

...and I reside in the alleged "next-silicon-valley"... not the ghetto mind you.

lullabud · 05-19-2002

damn... i'd hate to tell you what i keep in my car. but where i'm from it's not so bad, like what you're talking about. i think the worst thing you could do around where i live is leave your car unlocked because the typical theft is casual rather than agressive, such as throwing a rock through somebody's window. given, it matters what area of town you're in, but that's the overall vibe. makes it nice for things like accessorizing.

Dr3D1zzl3 · 05-20-2002

think it was thorn that commented on the need for intent in the laws i posted (mind you i only posted one subsection of many that could be seen to apply to this area. My argument would be that Intent could be proven by teh software installed on the machine. IE Netstumbler, Kismet,AirTraf,WEllenrewhateveritscalled, etc. Allso by the equipment that is present, yagi's, oimnis, amps etc. The fact alone that you have this hardware and software could prove intent on accessing wireless networks. Just a thought, mind you it would take someone familiar with technology to manipulate these laws to this effect but it wouldnt be to hard to do. Its a shame that this country makes laws that are so broad and far reaching (DMCA, Patriot act, etc) .But hey who am i to argue? Im not doing anything to stop right, im not petetioning my senators im not orgnizing marches and the likes to show how stupid this is. Im not realy doing a damn thing about it and im sure many others here arent either. O well live with what you got right.
(please note my use of sarcasim)

Thorn · 05-20-2002

I would tend to agree that for a prosecutor, proving intent would be much easier because the presence of the software and hardware as the things listed above. But I have a lot of those things, and have legitmate uses for all of them. I use NS and the equipment for installing wireless gear. While doing surveys I see a lot of other networks. Which is why I do a survey. It keeps the customer off other peoples nets, and reduces interference. But I have never accessed a network without permission, and don't intend to in the future.

I would say that to fully prove the intent of someone, sufficient to show that they were "guilty beyond a reasonable doubt" a full forensic exam of the hard drive would have to be done, and that exam would have to show files that had originated on the attacked network.

My $0.02,

blackwave · 05-20-2002

Quote:

Originally posted by Thorn

I would say that to fully prove the intent of someone, sufficient to show that they were "guilty beyond a reasonable doubt" a full forensic exam of the hard drive would have to be done, and that exam would have to show files that had originated on the attacked network.

Any idea what happens if the drive is encrypted and the keys to the fortress have been "lost" ?

Can someone prove that there is intent if the drive is unable to be examined because of the encryption?

For example:

Defendant1 is stumbling. LEO has a sting in place.
XP OS connects with internet connection.
Outlook on XP attempts to check email (whoops)
--- We have passed the point of no return---
---Do we now have intent?
LEO sting pulls the Defendant1 over.
Defendant1 quickly grabs the their FIPS level 3 usb token (that has the private key for the encrypted drive on the laptop), and by stepping on it invalidates the security mechanisms, and therefore zeroizes the chip housing the private key data. Also when the car stops the power to the laptop stops and there is no battery sustaining power.

Forensice team must do the following:
power up laptop
immediately see that their is a bootlocker, no private key
immediately see that the drive itself is encrypted, no private key
immediately see that the fips 3 usb token has been damaged beyond repair and all data (private key) is zapped.
...

All things being above (and viable). What can their be done to prove intent?

Thorn · 05-20-2002

I'd say intent in the above scenerio would be harder to prove. But some of it would come down to the LEO's observations and the report/affidavit. Consider:

"Defendant 1 was observed sitting in the side alley next to XYZ Corp. Time was noted as 0300 hrs. Defendant 1 appeared to be using laptop for approx 1/2 hour. At 0330 defendant was approached by affiant. Defendant 1 immediately acted in a furtive manner. To wit: turned off the vehicle's power, thereby turning off the laptop, stepped on thereby destroying a device later identified as a software key to the encrypted drive within the laptop. Defendant 1 immediately invoked Right to Remain Silent and Right to Counsel; refusing to answer any questions as to what he was doing in the area."

Hmmm, doesn't look too good. Looks pretty damned suspicious in fact, and IMHO most juries would say that any defense this guys comes up with is pure BS. Conceivably, he might even get charged with Destruction of Evidence for crunching that USB key. (Thereby making him eligable to work at certain accounting firms.

)

Verses:

"Defendant 2 was observed at 0900 hours sitting in an open area in front of XYZ Corp., moving an device later idientifed as a directional antenna in a circular motion, and watching a laptop computer screen. Defendant 2 stopped the movement several times appeared to make note of the direction. This continued for about 10 minutes. Defendant 2 was approached bt this affiant when he put down the antenna, and seemed to be stopping the actions.

Defendant 2 spoke openly with this affiant. He claimed that he was conducting a data radio survey to determine possible interference for a data radio link. Defendant 2 referred affiant to contact Mr. Big Executive of XYZ Corp. Defendant 2 claimed that Mr. Executive had hired Defendant 2 to install data radio equipment, and to conduct radio surveys as part of the installation. Mr. Big Executive, VP for Marketing and Other BS at the XYZ Corp. was contacted and confirmed Defedant 2's story."

This guy probably wouldn't even get arrested; If he was I'd say his chances with a jury are pretty good. But the final is the gray area:

"Defendant 3 was observed at 2000 hours in the parking lot of the Big Bad Burger Shoppe located across the street from XYZ Corp. He was seen to be using a laptop while seated in the vehicle. When approached and questioned, Defendant 3 at first admitted that he was using a wireless interface to check his email. When questioned as to whether he had proper authorization to connect to a wireless interface and computer network in that area, Defendant 3 answered that he would like to invoke his Right to Counsel. In plain sight in the vehicle were seen several devices later identified as antennae."

IMO, this guy's got a 50/50 chance with a jury. If his defense is he had no intent to access the XYZ Corp., and thought he was on his own network, his chances are better. If says he didn't know and didn't care, his chances are probably lower.

One final thought, not to get too paranoid, but don't over estimate the strenth of encryption devices/algorithms. Just look at WEP. A encryption scheme endorsed as safe by a whole industry went down the tubes in short order. Are you sure that a USB token device will be safe to use tomorrow?

Cheers,

blackwave · 05-20-2002

Quote:

Originally posted by Thorn
Conceivably, he might even get charged with Destruction of Evidence for crunching that USB key. (Thereby making him eligable to work at certain accounting firms.)

Thanks Thorn, I understand the legitimacy value towards one's 'story', but sometimes things are just plain black.

FYI, To change the Destruction of Evidence charge...
The key would theoretically zeroized when the casing had been opened, or 1 too many bad passphrases, and unusable as direct evidence to the encrypted material.

Encryption is only meant to slow the other person down, not to stop them... but by then I think that anyone that mattered would be dead anyway... I probably wouldn't be too comfortable until I could get my hands on a fips 4 token anyway.

Chances are more likely that the application forgets to delete data from somewhere hidden on the drive and the forensics team finds that in under a minute.. and the data is recovered... proving nothing criminal had taken place, and at the time of the powerdown the defendant was playing a local installation of bejeweled.

*NOTE: This information is for informational and educational purposes only.
*No one invloved has at anytime past, present, future been involved in any operation deemed illegal forthwith the legalities of state, federal and national levels.
*This board does not promote or condone conspiracy theories, or methods to circumvent justice or the American way.

acidrayne · 05-21-2002

Quote:

Originally posted by blackwave

*NOTE: This information is for informational and educational purposes only.
*No one invloved has at anytime past, present, future been involved in any operation deemed illegal forthwith the legalities of state, federal and national levels.
*This board does not promote or condone conspiracy theories, or methods to circumvent justice or the American way.

Do you just have a book of legal disclaimers lying around somewhere that you refer to in every instance?

* This post is in no way intended as a flame nor has it been written to harm the ego or physical person of the aformentioned person.

blackwave · 05-21-2002

Quote:

Originally posted by acidrayne

Do you just have a book of legal disclaimers lying around somewhere that you refer to in every instance?

* This post is in no way intended as a flame nor has it been written to harm the ego or physical person of the aformentioned person.

LOL, I feel static tag-lines are passe*

*Note:No French fry was hurt during the process of this posting.

ZipperSeven · 05-22-2002

* Excessive belching can cause brain damage and social ostracism.

* Care should be taken when lifting this product, since its mass, and thus its weight, is dependent on its velocity relative to the user.

* No vegetables were harmed in the writing of this post.

More funny ones, although not related to posting, netstumbler, wireless technology, or electronics in general:

Click this link

Thorn · 05-23-2002

Here's a sig line I've used in the past. It is guaranteed to be offensive to just about every special interest group there is:

"Nuke all the unborn gay whales!"

How did we get on this? We return you now to 802.11b and your
regularly scheduled 'Stumbling...

acidrayne · 05-23-2002

Quote:

Originally posted by Thorn
How did we get on this?

I commented on BlackWaves disclaimers about everything and it escelated from there!

* All fish involved in the test were returned to their home waters.
* No fish were harmed in the making of this post.

Davo · 05-23-2002

I was talking with an IRS prosecutor, and we discussed hard drive encryption. His position was that if the defendant wouldn't give up the key to the drive, that the court would say "it looks like the tax records showing your guilt are on this drive, and if you don't prove otherwise, we will just assume that to be true." Don't know if he was correct, but he seemed to know what he was talking about.

And no, I don't hang out with the IRS. I met him at a party and didn't know who he was. He was a real dick, but seemed smart and experienced, and it would be bad news to have him prosecuting you. Not like I have anything to worry about with my 1040EZ...

05-19-2002	#46 (permalink)
lullabud Registered Member Join Date: Apr 2002 Location: Silicon Valley Posts: 261	amen

05-20-2002	#51 (permalink)
Thorn Did you do the math? Join Date: Apr 2002 Location: Villa Straylight Posts: 10,140	I would tend to agree that for a prosecutor, proving intent would be much easier because the presence of the software and hardware as the things listed above. But I have a lot of those things, and have legitmate uses for all of them. I use NS and the equipment for installing wireless gear. While doing surveys I see a lot of other networks. Which is why I do a survey. It keeps the customer off other peoples nets, and reduces interference. But I have never accessed a network without permission, and don't intend to in the future. I would say that to fully prove the intent of someone, sufficient to show that they were "guilty beyond a reasonable doubt" a full forensic exam of the hard drive would have to be done, and that exam would have to show files that had originated on the attacked network. My $0.02, __________________ Thorn "I'm The Doctor. I'm a Time Lord. I am from the planet Gallifrey in the constellation Kasterborous. I'm 903 years old and I am the man who is going to save your lives and all 6 billion people on the planet below... You got a problem with that?"

05-20-2002	#53 (permalink)
Thorn Did you do the math? Join Date: Apr 2002 Location: Villa Straylight Posts: 10,140	I'd say intent in the above scenerio would be harder to prove. But some of it would come down to the LEO's observations and the report/affidavit. Consider: "Defendant 1 was observed sitting in the side alley next to XYZ Corp. Time was noted as 0300 hrs. Defendant 1 appeared to be using laptop for approx 1/2 hour. At 0330 defendant was approached by affiant. Defendant 1 immediately acted in a furtive manner. To wit: turned off the vehicle's power, thereby turning off the laptop, stepped on thereby destroying a device later identified as a software key to the encrypted drive within the laptop. Defendant 1 immediately invoked Right to Remain Silent and Right to Counsel; refusing to answer any questions as to what he was doing in the area." Hmmm, doesn't look too good. Looks pretty damned suspicious in fact, and IMHO most juries would say that any defense this guys comes up with is pure BS. Conceivably, he might even get charged with Destruction of Evidence for crunching that USB key. (Thereby making him eligable to work at certain accounting firms.) Verses: "Defendant 2 was observed at 0900 hours sitting in an open area in front of XYZ Corp., moving an device later idientifed as a directional antenna in a circular motion, and watching a laptop computer screen. Defendant 2 stopped the movement several times appeared to make note of the direction. This continued for about 10 minutes. Defendant 2 was approached bt this affiant when he put down the antenna, and seemed to be stopping the actions. Defendant 2 spoke openly with this affiant. He claimed that he was conducting a data radio survey to determine possible interference for a data radio link. Defendant 2 referred affiant to contact Mr. Big Executive of XYZ Corp. Defendant 2 claimed that Mr. Executive had hired Defendant 2 to install data radio equipment, and to conduct radio surveys as part of the installation. Mr. Big Executive, VP for Marketing and Other BS at the XYZ Corp. was contacted and confirmed Defedant 2's story." This guy probably wouldn't even get arrested; If he was I'd say his chances with a jury are pretty good. But the final is the gray area: "Defendant 3 was observed at 2000 hours in the parking lot of the Big Bad Burger Shoppe located across the street from XYZ Corp. He was seen to be using a laptop while seated in the vehicle. When approached and questioned, Defendant 3 at first admitted that he was using a wireless interface to check his email. When questioned as to whether he had proper authorization to connect to a wireless interface and computer network in that area, Defendant 3 answered that he would like to invoke his Right to Counsel. In plain sight in the vehicle were seen several devices later identified as antennae." IMO, this guy's got a 50/50 chance with a jury. If his defense is he had no intent to access the XYZ Corp., and thought he was on his own network, his chances are better. If says he didn't know and didn't care, his chances are probably lower. One final thought, not to get too paranoid, but don't over estimate the strenth of encryption devices/algorithms. Just look at WEP. A encryption scheme endorsed as safe by a whole industry went down the tubes in short order. Are you sure that a USB token device will be safe to use tomorrow? Cheers, __________________ Thorn "I'm The Doctor. I'm a Time Lord. I am from the planet Gallifrey in the constellation Kasterborous. I'm 903 years old and I am the man who is going to save your lives and all 6 billion people on the planet below... You got a problem with that?"

05-23-2002	#58 (permalink)
Thorn Did you do the math? Join Date: Apr 2002 Location: Villa Straylight Posts: 10,140	Here's a sig line I've used in the past. It is guaranteed to be offensive to just about every special interest group there is: "Nuke all the unborn gay whales!" How did we get on this? We return you now to 802.11b and your regularly scheduled 'Stumbling... __________________ Thorn "I'm The Doctor. I'm a Time Lord. I am from the planet Gallifrey in the constellation Kasterborous. I'm 903 years old and I am the man who is going to save your lives and all 6 billion people on the planet below... You got a problem with that?"

05-23-2002	#60 (permalink)
Davo Registered Member Join Date: Apr 2002 Location: West Palm Beach, FL Posts: 31	anecdotal evidence I was talking with an IRS prosecutor, and we discussed hard drive encryption. His position was that if the defendant wouldn't give up the key to the drive, that the court would say "it looks like the tax records showing your guilt are on this drive, and if you don't prove otherwise, we will just assume that to be true." Don't know if he was correct, but he seemed to know what he was talking about. And no, I don't hang out with the IRS. I met him at a party and didn't know who he was. He was a real dick, but seemed smart and experienced, and it would be bad news to have him prosecuting you. Not like I have anything to worry about with my 1040EZ... __________________ Davo

05-19-2002	#49 (permalink)
lullabud Registered Member Join Date: Apr 2002 Location: Silicon Valley Posts: 261	damn... i'd hate to tell you what i keep in my car. but where i'm from it's not so bad, like what you're talking about. i think the worst thing you could do around where i live is leave your car unlocked because the typical theft is casual rather than agressive, such as throwing a rock through somebody's window. given, it matters what area of town you're in, but that's the overall vibe. makes it nice for things like accessorizing.

05-20-2002	#50 (permalink)
Dr3D1zzl3 Mental Penis Fencer Join Date: Apr 2002 Posts: 371	think it was thorn that commented on the need for intent in the laws i posted (mind you i only posted one subsection of many that could be seen to apply to this area. My argument would be that Intent could be proven by teh software installed on the machine. IE Netstumbler, Kismet,AirTraf,WEllenrewhateveritscalled, etc. Allso by the equipment that is present, yagi's, oimnis, amps etc. The fact alone that you have this hardware and software could prove intent on accessing wireless networks. Just a thought, mind you it would take someone familiar with technology to manipulate these laws to this effect but it wouldnt be to hard to do. Its a shame that this country makes laws that are so broad and far reaching (DMCA, Patriot act, etc) .But hey who am i to argue? Im not doing anything to stop right, im not petetioning my senators im not orgnizing marches and the likes to show how stupid this is. Im not realy doing a damn thing about it and im sure many others here arent either. O well live with what you got right. (please note my use of sarcasim)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode