A Geek With Guns

Chronicling the depravities of the State.

Archive for the ‘You’re Doing it Wrong’ tag

The Dangers of Insecure Internal Networks

without comments

It’s fairly well known that internally telephone networks operate on an insecure protocol called Signaling System 7 (SS7). How insecure is SS7? It has no mechanism for authentication so anybody able to access a network using SS7 can manipulate it. As you can imagine, gaining access to a global network that has no real authentication mechanism isn’t terribly difficult.

Security researchers have been warning about the dangers of SS7 for ages now but the telecom industry has shown little motivation to transition away from the insecure protocol. Now there is a Tor hidden service that claims to sell the ability to track individual phones using the SS7 protocol:

For years, experts have warned of vulnerabilities in the network that routes phone calls and cellular service — but those attacks may be more widespread than anyone realized. For more than a year, a Tor Hidden Service has been offering ongoing access to telecom’s private SS7 network for as little as $500 a month. Combined with known vulnerabilities, that access could be used to intercept texts, track the location of an individual phone, or cut off cellular service entirely.

Accessible on Tor at zkkc7e5rwvs4bpxm.onion, the “Interconnector” service offers a variety of services charged as monthly fees, including $250 to intercept calls or texts, $500 for full access, or $150 for cellphone reports (including location data and IMSI numbers). Well-heeled users can even pay $5,500 for direct access to the SS7 port, billed as “everything you need to start your own service.”

I checked the hidden service address and it appears that the site either went darker or never had much in the way of public information. Now it only lists an XMPP address to contact. However, while the service may or may not actually provide what it claims, the fact that it technically could offer such services should give people cause for concern.

SS7 is another example of the insecure legacy protocol that operates critical infrastructure. Considering the number of these legacy protocols being used to operate critical infrastructure, it’s a wonder that there aren’t more stores like this one.

Written by Christopher Burg

June 14th, 2017 at 10:00 am

The Evils of the Drug War

with one comment

The war on unapproved drugs may be one of the most evil acts being carried out here in the United States. It took an entirely voluntary activity, introducing chemicals into one’s own body, and turn it into an excuse for unprecedented levels of expropriation and criminal activity by agents of the State.

Using the drug war as justification, police have stolen cars, cash, and other property as well as sexually assaulted a practically uncountable number of victims. Their victims include the elderly, disabled, and even children:

But now, a lawsuit filed on behalf of several students and seeking class-action status for all of them makes some far more disturbing allegations:

a) Deputies ordered students to stand facing the wall with their hands and legs spread wide apart;

b) Deputies touched and manipulated students’ breasts and genitals;

c) Deputies inserted fingers inside girls’ bras, and pulled up girls’ bras, touching and partially exposing their bare breasts;

d) Deputies touched girls’ underwear by placing hands inside the waistbands of their pants or reaching up their dresses;

e) Deputies touched girls’ vaginal areas through their underwear;

f) Deputies cupped or groped boys’ genitals and touched their buttocks through their pants.

[…]

According to the lawsuit, the deputies had a list of 13 suspected students. Three of them were in school that day. For that, they searched 900 students. (And, let’s just point out again, found nothing. In a school of 900.)

If several adults went into a school and sexually assaulted 900 children most people wouldn’t even wait for a trial, they would grab the pitchforks and torches. But when the adults are wearing badges the behavior is suddenly seen as excusable in many people’s eyes. Oftentimes when officers commit such heinous crimes they receive no punishment, which encourages more wicked people to seek a job in law enforcement.

I’m hoping this lawsuit results in the involved officers being jailed. Even if the accusations of sexual assault are unfounded (which, considering the actions performed by officers in the pursuit of unapproved drugs, seems unlikely) the officers violated the privacy of 887 students (they only had a list of 13 suspected students) by searching them without any reason whatsoever.

You are Responsible for Your Own Anonymity

without comments

Reality Leigh Winner (who, despite her name, was not a winner in reality) is currently sitting in a cage for the crime of leaking classified National Security Agency (NSA) documents. Unlike Edward Snowden, Reality didn’t purposely go public. But she made a series of major mistakes that allowed the NSA to identify her after she leaked the documents. Her first mistake was using a work computer to communicate with The Intercept:

Investigators then determined that Ms Winner was one of only six people to have printed the document. Examination of her email on her desk computer further revealed that she had exchanged emails with the news outlet, the indictment said.

By using a work computer to communicate with The Intercept, she made hard evidence against her easily available to her employer.

Her second mistake was physically printing the documents:

When reporters at The Intercept approached the National Security Agency on June 1 to confirm a document that had been anonymously leaked to the publication in May, they handed over a copy of the document to the NSA to verify its authenticity. When they did so, the Intercept team inadvertently exposed its source because the copy showed fold marks that indicated it had been printed—and it included encoded watermarking that revealed exactly when it had been printed and on what printer.

Most major printer manufacturers watermark any pages printed by their printers. The watermarks identify which printer printed the document. In addition to the physical printer, the watermark on the document posted by The Intercept also included a timestamp of when the document was printed.

Reality’s third mistake was trusting a third-party to guard her anonymity. Because of The Intercept’s history of working with leakers it’s easy to assume that the organization takes precautions to guard the identities of its sources. However, a single mistake, posting the printed document without editing out the watermark, gave the NSA enough evidence to narrow down who the leaker could be.

The lesson to be learned from this is that you alone are responsible for maintaining your anonymity. If you’re leaking classified materials you need to do so in a way that even the individual or organization you’re leaking them to is unable to identify you.

Written by Christopher Burg

June 7th, 2017 at 11:00 am

Choosing the Easy Battles

without comments

As an outside observer, when both the alt-right and antifa tout their magnificent triumphs on the battlefield of Berkeley you realize something. Both groups have pursued easy fights instead of hard fights. In this article an individual who considers themselves a leftist performs a bit of introspection and notes that his team has a tendency of choosing battles that can be easily won over the hard battles that need to be won:

Incidents like the black bloc protests at Berkeley or the punching of Richard Spencer grant people license to overestimate the current potential of violent resistance. Hey, Spencer got punched; never mind that the Trump administration reinstituted the global gag rule on abortion the next day. Hey, Milo’s talk got canceled; never mind that the relentless effort to deport thousands, a bipartisan effort for which the Obama administration deserves considerable blame, went on without a hitch. Better to make yet another meme out of Spencer getting hit than to attempt to confront the full horror of our current predicament.

[…]

But consider the claim that he was going to out an undocumented student during his visit to campus. Who really threatened that student? Yiannopoulos, or the uniformed authorities who would have actually carried out the actual violent application of state force? (It is entirely unclear to me why Yiannopoulos would not have simply shared that information with ICE after his appearance was shut down anyway. Does Milo not own a cellphone?) Again, the same dynamic: Yiannopoulos’s followers seem punchable, subject to the application of a level of force that we imagine we can bring to bear. ICE doesn’t. The forces of state violence, I assure you, are perfectly capable of rolling right over the most passionate antifas. It turns out you can’t punch an MRAP or a Predator drone.

[…]

It’s become a cliché, at this point, but it’s still a powerful image: the man who searches for his keys at night not where he lost them but next to a lamp post, because that’s where he has light to look. That’s what I think about when I see the left fixating on these things, a political movement that is so desperate for good news that it’s willing to lie to itself to find it.

The author’s criticism is equally applicable to libertarians as it is to his fellow leftists. Wars have been fought over lesser tyrannies than we suffer today but most libertarians can’t even bring themselves to perform a little unlawful commerce to withhold their resources from the parasite known as government. And I understand why. Talking to people about ending the Federal Reserve is easy. There are few consequences for doing so. Likewise, voting for politicians who promise to audit the federal reserve has few consequences. Performing a little unlawful commerce for the express purpose of avoiding taxes? That can have real consequences. And when those consequences befall a libertarian they’re unlikely to win their court case. Talking about evil is an easy battle, taking action against evil is a difficult battle.

Much like the leftists though, if libertarians continue favoring the easy fights over the hard fights they will have an abundance of pats on the back but nothing real to show for their efforts.

Written by Christopher Burg

June 2nd, 2017 at 10:30 am

The Result of Relying on Coercion Instead of Market Forces

without comments

Minimum wage laws are seen by many as a mechanism to uplift the poor by ensuring every employee receives a “living wage.” For the economically ignorant that fairytale makes sense. For those with even a slight understanding of economics it’s a recipe for disaster.

The problem with minimum wage laws is the same problem with any government writ, they’re based on coercion instead of market forces. Market forces are based on wealth creation. When more wealth is created employees can be paid. Government writ doesn’t create new wealth so minimum wage laws rely on the current amount of wealth. Since the employers don’t have more wealth to draw from they’re forced to increase their prices to compensate, which often makes their product unaffordable to those who could previously afford it:

The U.S. restaurant industry is in a funk. Blame it on lunch.

Americans made 433 million fewer trips to restaurants at lunchtime last year, resulting in roughly $3.2 billion in lost business for restaurants, according to market-research firm NPD Group Inc. It was the lowest level of lunch traffic in at least four decades.

[…]

Cost is another factor working against eating out for lunch. While restaurants have raised their tabs over the past few years to cope with rising labor costs, the price of food at supermarkets has continued to drop, widening the cost gap between bringing in lunch and eating out.

Statists often scoff at the idea that minimum wage laws hurt the poor. How could laws that are advertised as helping the poor possibly hurt the poor? By forcing employers to increase their prices and thus make their product that was previous affordable to poorer individuals unaffordable.

The best way to help uplift the poor is to create more wealth. Creating more wealth requires fulfilling the wants and needs of consumers. Commands from governments cannot accomplish that no matter how many people vote in favor of them.

Written by Christopher Burg

June 1st, 2017 at 10:30 am

On an Editorial Board, Nobody Knows You’re a Dog

without comments

“Where’s your peer reviewed paper,” is a question many people instinctively ask when you present an idea that conflicts with one of their beliefs. The idea of requiring scientific peers to review research papers before they are considered scientifically sound is a good one. However, peer reviews are only as good as the people reviewing them. Many “scientific” journals exist not to verify scientific vigor but to prey on gullible researchers who are often new to their field. When such journals review a scientific paper you don’t know if the review was done by a human being or a dog:

Ollie’s owner, Mike Daube, is a professor of health policy at Australia’s Curtin University. He initially signed his dog up for the positions as a joke, with credentials such as an affiliation at the Subiaco College of Veterinary Science. But soon, he told Perth Now in a video, he realized it was a chance to show just how predatory some journals can be.

“Every academic gets several of these emails a day, from sham journals,” he said. “They’re trying to take advantage of gullible younger academics, gullible researchers” who want more publications to add to their CVs. These journals may look prestigious, but they charge researchers to publish and don’t check credentials or peer review articles. And this is precisely how a dog could make it onto their editorial boards.

The peer review process, like many things surrounding the scientific method, is often poorly understood by laymen. To those who have hoisted science onto a religious pedestal the words “peer review” are more of a magical incantation that makes the words that follow infallible. To those who understand the scientific method the words “peer review” means that the credentials of the peers need to be verified before their review is given any weight.

There are a lot of scam artists out there, even in scientific fields. Don’t trust research just because it was peer reviewed. Try to find out whether the peers who reviewed the research are likely knowledgeable about the subject or are really just a bunch of dogs.

Written by Christopher Burg

May 31st, 2017 at 10:30 am

The Evil Humans Do

without comments

I’m not sure if this has always been there or if it’s a fairly modern thing but there is certainly a trend, at least here in the United States, for people to dehumanize anybody they view as evil. A good example of this is the alt-right and the anti-fascists. The alt-right describe the anti-fascists as violent psychopaths incapable of empathy who want nothing more than to see the world burn. The anti-fascists describe the alt-right as, well, violent psychopaths incapable of empathy who want nothing more than to see the world burn. Both sides have effectively dehumanized each other because they view each other’s philosophies as evil.

But evil isn’t perpetrated by inhuman monsters, it’s perpetrated by humans:

One of the key themes of Tizons’ article is that his family was, in many senses, almost a caricature of the striving, American-dream-seeking immigrant experience. They were normal. They were normal and yet they had a slave. To which one could respond, “Well, no, they’re not normal — they are deranged psychopaths to have managed to simply live for decades and decades with a slave under their roof. That is not something normal people do, and it’s wrong to portray it as such.”

But the entire brutal weight of human history contradicts this view. Normal people — people who otherwise have no signs of derangement or a lack of a grip on basic human moral principles — do evil stuff all the time. One could write millions of pages detailing all the times when evil acts were perpetrated, abetted, or not resisted by people who were, in every other respect, perfectly normal. It’s safe to say, to a certain approximation, that all of us — I really mean this; I really mean you and your family and everyone you love — could, in a different historical context, have been a slaver or a Holocaust-perpetrator or at the very least decided it wasn’t worth the trouble to contest these grotesque crimes. Because that’s the human condition: We don’t have easy access to a zoomed-out view of morality and empathy. We do what the people around us are doing, what our culture is doing. Tizon’s Filipino family came from a place where a form of slavery was quite common, and moving to America didn’t change that fact.

One of my favorite characters in any television show is Obergruppenführer Smith from The Man in the High Castle. He’s a ruthless member of the American arm of the SS but at the same time one would probably describe him as a good family man. He has a happy marriage and cares deeply for the wellbeing of his children. The reason I like him so much as a character is because he shows what real evil looks like.

Too often once we categorize somebody as evil we become entirely unable to identify any human characteristics in them. Doing this creates an interesting archetype that actually hinders us in detecting evil. We’ll identify somebody like Charles Manson, who made his beliefs very obvious by carving a swastika into his forehead, as evil but we’ll assume that somebody who appears to be a good parent and spouse is entirely incapable of evil. You see this periodically when somebody is found guilty of an especially heinous crime and people who knew the perpetrator talk about how nice of a person they were, how quiet and well mannered they were, and how they can’t believe that the perpetrator would have committed such a crime.

Us humans are complex creatures made even more complex by being social creatures. Most of us have a general tendency to fit in, which leads us to generally go with the flow when it comes to social norms. We’re also capable of compartmentalizing ourselves. We can be extremely caring to friends, family, and strangers alike but at the same time have a day job that many would consider evil. People caught in that kind of situation are often unaware of it because they’ve compartmentalized their personal and professional lives.

Written by Christopher Burg

May 25th, 2017 at 10:30 am

Regulating People to Death

with one comment

Here in the United States we often express the costs of regulatory burdens in dollars. We only have the luxury of doing this because our economy hasn’t completely choked to death on regulations yet. However, Venezuelans aren’t so fortunate. Their economy has choked to death and now they have to express the costs of regulatory burden in human lives:

Several of his cavernous henhouses sit empty because, Escobar said, he can’t afford to buy more chicks or feed. Government price controls have made his business unprofitable, and armed gangs have been squeezing him for extortion payments and stealing his eggs.

Venezuela’s latest public health indicators confirm that the country is facing a dietary calamity. With medicines scarce and malnutrition cases soaring, more than 11,000 babies died last year, sending the infant mortality rate up 30 percent, according to Venezuela’s Health Ministry. The head of the ministry was fired by President Nicolás Maduro two days after she released those statistics.

Child hunger in parts of Venezuela is a “humanitarian crisis,” according to a new report by the Catholic relief organization Caritas, which found 11.4 percent of children under age 5 suffering from moderate to severe malnutrition, and 48 percent “at risk” of going hungry.

Starvation is the inevitable result of government meddling in economic matters. Socialism tends to reach starvation faster because the amount of government meddling in economic affairs is greater than other forms of statism. But the same result can be reached under the economic system of the United States as well.

Statists enjoy rolling their eyes at libertarians who talk about regulatory burden but government regulations can and do kill people. And when regulations start killing people governments don’t suddenly realize the errors of their ways and loosen their grip. They double down because they know people can’t stop doing business with them.

We’re seeing this happen right now in Venezuela. Venezuelans are starving to death and the Maduro regime is tightening the noose further. The Venezuelan government, like all governments, doesn’t give a shit about the people it claims rulership over. It only cares about lining its own pockets.

Written by Christopher Burg

May 23rd, 2017 at 11:00 am

It’s Science!

without comments

Reason posted an article claiming that research shows that you can’t even pay somebody to read information that contradicts their beliefs. However, if you read the about the methodology you learn that the researchers didn’t offer to pay people to read information that contradicted their beliefs:

The study gave participants two options: they could read an article about same-sex marriage that matched their own perspective, or they could read an article about same-sex marriage that contradicted their views on the subject. They were told that if they selected the article with which they disagreed, they would be entered in a drawing to win $10. But if they selected the more comforting, self-affirming article, they would only stand to win $7.

Being entered into a lottery isn’t payment, it’s a chance at payment.

I bring this article up to illustrate how poor research can quickly lead to stupid conclusions and headlines. Initially reading the research might lead one to believe that it gives evidence to the possibility that some people won’t read contradicting information even if there is a reward. But when you stop to think about the methodology used you quickly realize that the research was inadequate at addressing incentive. Some people might not be willing to read contradicting information for a chance to be entered in a lottery with a slightly better payoff but they might be willing to do so for straight up cash. $10 might not convince some people to read contradicting information but $20 or $30 might.

I also bring this article up because it shows that neocons and neoliberals aren’t the only people who allow themselves to use poor research to reach a desired conclusion. Libertarians can and do fall into that trap as well.

Written by Christopher Burg

May 17th, 2017 at 11:00 am

Karma

without comments

I can’t prove whether or not karma is a real thing but I certainly like to think it is. I especially like to believe in karma when somebody falls prey to the very policies they promote:

In 1918, while a deputy chief of the Cheka in Ukraine, he [Martin Latsis] established the principle that sentences were to be determined not by guilt or innocence but by social class. He is quoted as explaining the Red Terror as follows:

Do not look in materials you have gathered for evidence that a suspect acted or spoke against the Soviet authorities. The first question you should ask him is what class he belongs to, what is his origin, education, profession. These questions should determine his fate. This is the essence of the Red Terror.

Latsis himself became a victim of the Soviet regime in the 1930s Great Purge, when he was arrested on November 29, 1937 and was accused by a commission of NKVD and Prosecutor of the USSR belonging to a “counter-revolutionary, nationalist organization”. He was executed in 1938 by firing squad.

A lot of people either knowingly or unknowingly advocate for a guilty until proven innocent justice system for certain crimes. Socialists of various flavors often promote such a system when an accused individual is a member of a class they aren’t fond of. The problem with such a system is that it gets abused pretty quickly. An individual having a feud with their neighbor might inform the police that their neighbor is a member of a persecuted class. People in power are quickly to label anybody they don’t like as members of a persecuted class. Since class membership becomes the important factor, not the facts of the case, the system quickly becomes a convenient mechanism for one to eliminate their enemies instead of a system for delivering justice.

It warms to heart to know that somebody like Martin Latsis, who promoted a system that issued judgements based on class membership instead of guilt of a crime, fell victim to that very system.

Written by Christopher Burg

May 17th, 2017 at 10:00 am