Skip to content or view screen version

Public Key Infrastructure Book

Danny | 27.08.2007 16:27 | Other Press | Technology

"Every tool is a weapon if you hold it right" - Ani Difranco

Hot on the heels of wikiscanner there is a new tool that is much more useful to activists. This is double-edged sword of course so some of you at IM may want to review your own security - that's a 'heads-up' warning not a threat.


"How to case high-profile targets without really trying" http://www.theregister.co.uk/2007/08/24/pki_hacking_tool/ http://www.gnucitizen.org/pkibook/application.htm

For instance, ever wanted to network with those nice people at BAe ?

Public Key Server -- Index ``baesystems.com ''

Type bits /keyID    Date       User ID
pub  2048R/C24B7039 2007/05/01 XTS Support <xts-support@baesystems.com>
pub  1024D/EC18A4AF 2006/01/16 Jay Chamberlain <jay.chamberlain@baesystems.com>
pub  1024D/E3442957 2005/03/17 *** KEY REVOKED ***
                              John Franklin <john.franklin@baesystems.com>
                               John Franklin <john.franklin@digitalnet.com>
pub  1024D/1BA5D942 2005/02/09 Clyde Hardin <clyde.hardin@baesystems.com>
pub  4096R/0214276E 2005/01/21 Christopher M. White <christopher.m.white@baesystems.com>
pub  1024D/E1C7E84E 2004/12/15 Michael C. Bosse <michael.bosse@baesystems.com>
pub  1024D/3BA57231 2004/11/24 Michael J. Glew <michael.glew@baesystems.com>
pub  1024D/8D649434 2004/10/21 John Cockerham (Merrimack,NH,USA) <john.cockerham@baesystems.com>
pub  1024D/8ADEE212 2004/09/29 Noah Ternullo <noah.ternullo@baesystems.com>
                               Ternullo, Noah J. (US SSA) </O=ROOTLNK/OU=BLUE/cn=Recipients/cn=noah.ternullo>
pub  1024D/8B78DF66 2004/06/23 Tracy Williams <tracy.l.williams@baesystems.com>
pub  1024D/B62A150B 2004/05/26 James Juran <James.Juran@DigitalNet.com>
                               James Juran <James.Juran@baesystems.com>
pub  1024D/8A31FE7A 2004/03/17 John Franklin <john.franklin@baesystems.com>
                               John Franklin <john.franklin@digitalnet.com>
pub  1024D/0006F832 2003/09/29 Lawrence F. Burant <Lawrence.Burant@BAESYSTEMS.com>
pub  1024D/CBB788BD 2003/02/17 Peter O. Luthi <peter.o.luthi@baesystems.com>
                               Luthi, Peter O </o=BAE SYSTEMS IEWS/ou=Nashua/cn=Recipients/cn=RDB114142>
pub  1024D/BF5702B1 2002/09/05 david jibb <dave.jibb@baesystems.com>
pub  1024D/7F7DB0CB 2002/07/30 Thomas Svedman <thomas.svedman@esi.baesystems.com>
pub  1024D/9436AA76 2002/06/17 Keith Whalley RO Defence <keith.whalley@baesystems.com>
                               Whalley, Keith </o=GEC PLC/ou=GBR02/cn=VSELEX/cn=KWhalley>
pub  1024D/53CA9DD6 2002/06/06 John W. Leonard <john.leonard@esi.baesystems.com>
pub  1024D/47A88E2F 2002/04/29 HENRY JORDAN <Henry.Jordan@BAESYSTEMS.COM>
pub  1024D/53C75D3A 2002/04/29 HENRY JORDAN <HENRY.JORDAN@BAESYSTEMS.COM>
pub  1024D/9E0AD74C 2002/04/10 barry seddon <b.seddon@baesystems.kz>
                               David eagle <david.eagle@baesystems.com>
                               steven wright <steven.wright@baesystems.com>
pub  1024D/34C42207 2002/03/15 Ian Johnson <ian.l.johnson@baesystems.com>
pub  1024D/A33A4CE0 2002/02/27 Dominic Bryant <dom@cybersoft-i.com>
                               Dominic Bryant <dbryant@cybersoft-i.com>
                               Dominic Bryant <dominic.m.bryant@baesystems.com>
pub  1024D/4A00087D 2002/02/07 Bryan Barber <bryan.barber@baesystems.com>
pub  1024D/6F382388 2001/12/20 Phil Ward <phil.ward@baesystems.com>
pub  2048R/691BEFE3 2001/10/25 Steven F. Kimball <steven.f.kimball@baesystems.com>
pub  1024D/14703A3A 2001/09/28 b.seddon <b.seddon@talk21.com>
                               John Buckler <john.buckler@baesystems.com>
                               Steven Wright <steven.wright@baesystems.com>
                               Gordon Pattison <Gordon.Pattison@baesystems.com>
pub  1024D/9E53468A 2001/09/25 David Eagle <david.eagle@baesystems.com>
pub  1024D/569A9D46 2001/06/28 Pat Valentino <pat.valentino@baesystems.com>
pub  1024D/F79AA608 2001/06/19 Michael Paul <michael.paul@esi.baesystems.com>
pub  1024D/E10CF91B 2001/06/15 Milan M. Dedek <milan.m.dedek@baesystems.com>
pub  1024D/64574A05 2001/06/09 Peter John Bowen <peter.bowen@baesystems.com>
pub  1024D/C67589CB 2001/05/21 Bryan Barber <bryan.barber@baesystems.com>
pub  1024D/8FE4D6C6 2001/05/02 *** KEY REVOKED ***
                              Peter O. Luthi <peter.o.luthi@baesystems.com>
pub  1024D/AF36D592 2001/04/20 Mike Gaughan <michael.e.gaughan@baesystems.com>
pub  1024D/8527A69B 2001/02/14 John Buckler <john.buckler@baesystems.com>
pub  1024D/15328B68 2001/02/04 Steven Wright <steven.wright@baesystems.com>
pub  1024D/7169EBA4 2001/01/30 Layth Daoud <Layth.Daoud@baesystems-Canada.com>
                               Layth Daoud <Layth.Daoud@baesystems-Canada.com>
pub  1024D/227BE485 2000/11/20 Stephen J. Chapman <schapman@tpgi.com.au>
                               Stephen J. Chapman <steve.chapman@baesystems.com>
pub  1024D/9F04C992 2000/11/18 Hugh Edwards <hugh.v.edwards@baesystems.com>
pub  1024D/A52D36B7 2000/11/11 Ian Pacey <ian.pacey@baesystems.com>
pub  1024D/3475AAC5 2000/11/08 Dave Robbins <dave.robbins@baesystems.com>
pub  1024D/E1659909 2000/11/08 sophie-lee johnson <sophie-lee.johnson@baesystems.com>
pub  1024D/E64AF681 2000/11/03 Robert P Taylor <robert.taylor@baesystems.com>
pub  1024D/37A81F43 2000/11/02 Philip Lewis <phil.lewis@baesystems.com>
pub  1024D/EDF85168 2000/10/31 Dave Robbins <dave.robbins@baesystems.com>
pub  1024D/40465473 2000/10/26 Caroll Gomez <Caroll.Gomez@Baesystems-Canada.com>
pub  1024D/B8DE87B9 2000/10/10 Bob Fewings <bob.fewings@baesystems.com>
pub  1024D/25FDC1B4 2000/10/10 Clive carne <clive.carne@baesystems.com>
pub  1024D/1ED7BE17 2000/10/10 Maurice Hutton <maurice.hutton@baesystems.com>
                               Maurice Hutton <maurice.hutton@baesystems.com>
pub  1024D/614D670E 2000/10/10 Lizanne Woodbridge <lizanne.k.woodbridge@baesystems.com>
pub  1024D/141470DD 2000/10/05 Nick Dennett <nick.dennett@baesystems.com>
pub  1024D/79E92B84 2000/09/20 Art Dann <Arthur.Dann@baesystems.com>
pub  1024D/DA2293F1 2000/08/18 Connie Kincaid <connie.kincaid@baesystems.com>
pub  1024D/2D48FEE4 2000/08/18 Jan Winsey <jan.winsey@baesystems.com>
pub  1024D/4AE1190A 2000/08/17 Troy Brueggemeier <troy.brueggemeier@baesystems.com>
pub  1024D/B49AFF52 2000/08/17 Ly Tran <ltran@tampabay.rr.com>
                               Ly Tran <ly.tran@baesystems.com>
                               Ly Tran <ly.tran@reflectone.com>
pub  1024D/74957638 2000/08/15 James E. Butler <James.E.Butler@baesystems.com>
pub  1024D/3ACC5632 2000/07/17 Thawte Freemail Member <marcus.naraidoo@baesystems.com>
                               Thawte Freemail Member <marcus.naraidoo@baesystems.com>
pub  1024D/45C20D04 2000/06/27 Mike Kelliher <michael.kelliher@BAESYSTEMS.com>
                               Mike Kelliher <michael.kelliher@BAESYSTEMS.com>
pub  1024D/7A34302D 2000/06/26 John H. Treadway <john.treadway@baesystems.com>
pub  1024D/F71F5DAB 2000/04/05 Alan Browne <alan.browne@baesystems-canada.com>
pub  1024D/41706812 1999/10/03 Paul Worrall <paul.worrall@gecm.com>
                               Paul Worrall <paul@basilisk.uklinux.net>
                               Paul Worrall <paul.r.worrall@ntlworld.com>
                               Paul Worrall <paul.r.worrall@baesystems.com>
                               Paul Worrall (Home) <paul@basilisk.uklinux.net>
                               Paul R. Worrall <paul@jellyroll.freeserve.co.uk>
                               Paul Worrall (Home) <paul.r.worrall@ntlworld.com>
                               Paul Worrall (Work) <paul.r.worrall@baesystems.com>
pub  1024D/26BB96B9 1999/04/14 *** KEY REVOKED ***
                              Stephen J. Chapman <schapman@baea.com.au>
                               Stephen J. Chapman <schapman@tpgi.com.au>
                               Stephen J. Chapman <steve.chapman@baesystems.com>
pub  1024D/E5E8A2BF 1999/02/19 Graeme T. Neil <graeme.neil@baesystems.com>
                               Kiwinoz <kiwinozg@netscape.net>
                               Graeme T. Neil <gneil3@bigpond.net.au>
                               Visual Engineering <Visual_Engineering@yahoo.com>
pub  1024D/593C37D8 1998/02/23 John Ata <John.Ata@wang.com>
                               John <John@fso.digitalnet.com>
                               John G. Ata <John.Ata@wang.com>
                               John Ata <John.Ata@BAESystems.com>
                               John Ata <John.Ata@DigitalNet.com>
                               John Ata <john.ata@baesystems.com>
                               John Ata <John.Ata@GetronicsGov.com>
                               /o=WANG/ou=WFHQ/cn=Recipients/cn=ataj
                               John Ata <c=US;a=;p=WANG;o=WFHQ;s=Ata;G=John;>
                               John Ata </o=RootLNKA/ou=First Administrative Group/cn=Recipients/cn=john.ata>
pub  1024R/291E7451 1996/10/05 MNA <mark.n.atkinson@bae.co.uk>
                               2016 <mark.n.atkinson@bae.co.uk>
                               MNA <mark.atkinson@baesema.co.uk>
                               MNA <mark.n.atkinson@baesystems.com>

Danny
- Homepage: http://pgp.mit.edu:11371/pks/lookup?search=baesystems.com&op=index

Comments

Hide the following 19 comments

Not sure yiou understand "public key" encryption

27.08.2007 19:20

Danny, that's the whole point of "public key" encryption. Would be pretty useless if the public key weren't public.

You use THIS key (the key of any of the people you have listed) to send THEM an encrypted message that they can then decrypt using the secret half of that key. Similarly, anybody on that list can prove that they are the source of a message by "signing" encrypted with the secret half of their key and you decrypt using their public key.

Mike Novack
mail e-mail: stepbystpefarm mtdata.com


Careful!

27.08.2007 20:41

I'd be careful in how you are using this tool and how you are distributing any data. I fear that the CPS would readily classify this as "hacking".

If you don't know how take care, then get educated!


"(5) Access of any kind by any person to any program or data held in a computer is unauthorised if—

(a) he is not himself entitled to control access of the kind in question to the program or data; and

(b) he does not have consent to access by him of the kind in question to the program or data from any person who is so entitled. "

 http://www.opsi.gov.uk/ACTS/acts1990/Ukpga_19900018_en_2.htm

Plodding PC


Neutered text

27.08.2007 23:42

>Not sure yiou understand "public key" encryption

I do Mike. I used to run a PKI server for an organisation where half the financial transactions that occur each day pass across. I am glad you obviously understand PKI too. You've missed the point, and it isn't your fault as all the email addresses have been scraped from my post. Have a look at the 'homepage' link though and you may see why I think this is so significant. People are using their organisations PKI for their private addresses too. So business addresses are linked to private addresses - not just for corporations though that is the juicy bit, but for activist groups too. Even some people who I know are technically aware about security are doing this, but more so the executives. Ignore the neutered text, which was presumably neutered for understandable legal reasons. I do respect your technical opinion and feel you may have been misled by the censored data in the post so check the links, try it for yourself, and then please comment again. You should be able to see why this is more useful to activists than wikiscanner is. I've only had an hour on it but I was able to link several organistations and individuals I didn't ever suspect would be linked. I won't post that directly here as it will probably be hidden, besides, curiousity is it's own reward.


>I fear that the CPS would readily classify this as "hacking".

I never hacked anyone - MIT did ! Seriously though, there is no legal risk here, you are only accessing MIT's PC - this data is all publically available information as Mike pointed out. It has just become much easier to cross-reference which has obviously caught some people out. The Reg has used it to expose FBI addresses, all I did was repost a link with an alternative example that was perhaps of more interest to this site. Cut and paste your own favourite corporation domain into the homepage url. Save the results to your PC as they are likely to change quickly as sys admins become aware of this.


If anyone else finds other useful links then please post those links here.
As another example:
 http://pgp.mit.edu:11371/pks/lookup?search=raytheon.com&op=index

Danny


Or

28.08.2007 07:43

Or, you could just throw caution to the wind and just take your chances.

At any rate, the police/CPS won't care much how you got any compromised data that the owners' want proceedings brought for.

A friend of mine was woken by the hinges coming off his front door because Microsoft flexed its muscles and were busting everyone possible to retrieve some code hacked out their Redmont system.

That person, a coder had never hacked anything in their life. They simply had access to a private FTP server that had the code and downloaded it.

Another friend was taken into custody and got all his computer equipment seized (and had to go to court to get it returned after well after charges were dropped) because he simply deleted a client's website when they wouldn't settle a bill.

If you are going to sniff around things that people don't want you to see at least have the sense to make it slightly difficult for them to catch you. A sanitised OS on a wi-fi enabled mobile device with a wi-fi scanner app of choice would be a good idea. As would employing a random behaviour pattern regarding times and locations and accounts.

The golden rule of not getting caught: never tell ANYONE.


Plodding PC


PS

28.08.2007 08:07

Also, minimising your exposure to CCTV enroute and at your wi-fi spot is a good idea. Someone here published some info regarding scanning for CCTV, if anyone can link to it.

Plodding PC


Nasty

28.08.2007 11:17

Here is a fun one for all the Climate Change activists. A commercial security consultant is using a BAA PKI key for nasty.com "because nasty girls do nasty things". I've not been on that website so I assume the girls are doing nasty things like taking lots of short-haul flights when they could be taking the train.

BAA
- Homepage: http://pgp.mit.edu:11371/pks/lookup?search=baa.com&op=index


Spelling it out for you

28.08.2007 12:20

What Danny is doing is giving a warning to "activists" not to use the same public key for their "public" and "secret" personae. He's doing that by showing you how easy it is to harvest the data from PUBLIC DOMAIN sites (public keys are useless if not public) and then by running a program against this data to determine which keys have more than one persona associated with them.

In other words, if in the coporate world you are "John Doe" but on some offbeat sex sites you are "Richard Roe" but happen to use the same encryption key for both then rather easy to figure out that John and Richard are the same person.

And no folks, in no way illegal to write a program that resorts PUBLIC data into some different order and then checks for duplicates. This is exactly like using telephone directory data to determine which (supposedly different) people have the same phone number -- and so might not be different people after all. The "public key" directories are akin to telephone directories, the opposite of "secret".

Mike Novack
mail e-mail: stepbystpefarm mtdata.com


Hahahahaha!

28.08.2007 12:54

But, give the "girls" a chance they may be doing carbon neutral "nasty" things!

If that traces clearly back to BAA, I'd considering e-mailing the info to Private Eye. They'd love it.

Reminds me of the time I worked helpdesk and got a call from an embarrassed employee who had managed to set a jpeg from a ladyboys website as his desktop and couldn't figure out how to undo it.

There's a lot of entertainment to be had from not nailing 'user policies' shut.

Plodding PC


geek self-love

28.08.2007 14:23

I've checked him out, the guy is just a computer geek with no chance of getting a girlfriend, more to be pitied than scolded. The fact he is a security consultant is the thing that should make him cringe most. I'm sure most people look at porn sometimes, but associating his business PKI on a publically searchable directory with a porn website is, well, he is either brave, incompetent or just proud of being a wanker. Maybe all three.

It reminds me of my favourite story ever in the Reg.

"Porn-surfing bank supremo Michael Soden was caught with his browser down last week by the very same staff he outsourced to HP at the start of his reign at the Bank of Ireland...
The outsourcing move was Soden's second high-profile decision after his appointment as chief executive. His first was to update the acceptable use policy that prohibits staff from accessing porn using company equipment."
 http://www.theregister.co.uk/2004/06/01/outsourcing_porn


The true joy of the PKI Book is the ease with which different email acconts can be linked. So once you identify a sysadmin in a dodgy company, search for all their alternative addressses on technical forums and see what they are talking about 'anonymously'. You can quickly identify breaches in their companies security. "This patch didn't work". Real hackers have been doing this for decades, I guess I've just demoted myself to 'script-kiddy' by loving the convience of the tool.

You have to realise a lot of the info is out of date as keys aren't always revoked when someone leaves, but that allows you to trace their career. It is interesting how many people have addresses for say, Qinetiq and the MOD simultaneously.

Also, this info isn't necessarily true. Have a look at the author of the article - he has added himself to the FBI, the Whitehouse and half a dozen other groups that he almost certainly doesn't work for. You can use this to build a fake profile of yourself or others.

Danny


What about the "Web of Trust" data?

28.08.2007 15:51

Keeping different keys for different email addresses had already occurred to me.

But this tool makes me wonder if we're going to see something similar that analyses the "web of trust" relations for each key, i.e. "User X has signed / verified that this key belongs to User Y", thus implying that they know each other.

Bit of nuisance, as this would seem to include a lot of rich information, but not signing keys makes GPG a lot less useful as you don't know whether to trust a key or not. (As with all the "FBI" employees up there).

KeyNetic


Beware of geeks bearing gifts!

28.08.2007 15:54

Geeks are often the biggest security hazard in a network. They know too much (or just enough), get sloppy and get lazy.

You'd be amazed at how many domain scans show that ports have been opened to allow the geeks to play Quake (or whatever these days), or holes punched through to use instant messaging, or even anonymous ftps lying wide to the world (probably because some user couldn't get their head round logging in and setting a non-default port and the admin forgot to close it), directors machines blissfully sharing their entire C:\ with the world.

I've even seen a company with a server OUTside their firewall, I'll just pause for dramatic effect, which just also happened to be the user accounts and mail server (go figure!). It gets better. Root was yielded by a dictionary attack. Funnily enough someone set up an open smtp relay and anonymous proxy (for a botnet no doubt) on it and the geeks spent days persuading companies to take them off their spam filters.

With admins like that who needs external threats!? It's no wonder the that outsourcing security has become standard practice with banks now.

Plodding PC
- Homepage: http://www.theregister.co.uk/2007/03/09/bofh_episode_9/


Oh, talking of BAE...

28.08.2007 15:59

Some people may not have read this yet:

 http://www.controlbae.org/background/review.php

The Story So Far . . .
Background to the legal challenge

On 19 April 2007, The Corner House and Campaign Against Arms Trade (CAAT) filed papers at the High Court in a judicial review against the UK Government's decision in December 2006 to terminate an investigation by the Serious Fraud Office into alleged corruption by BAE Systems in recent Al Yamamah arms contracts with Saudi Arabia. (The Serious Fraud Office is a UK government department that investigates and prosecutes complex fraud.)

Here’s a brief timeline of developments leading up to the legal challenge and its progress so far.
Corruption investigation dropped

Since the 1980s, the UK has supplied Tornado fighter and ground attack aircraft and associated products and support services to the Kingdom of Saudi Arabia under a series of very high-value arms deals known as "Al Yamamah" ("The Dove"). The aircraft sold to Saudi Arabia under the Al Yamamah deals are all manufactured by BAE, the UK’s largest arms manufacturer. It is the UK’s largest-ever export agreement from which BAE has earned £43 billion.

In 2004, the Serious Fraud Office (SFO) initiated an investigation into alleged bribery and false accounting by BAE in relation to the Al Yamamah deals, including corruption offences since March 2002, when bribery of foreign officials became a crime in the UK.

In November and December 2006, it was widely reported that the Government of Saudi Arabia had threatened to suspend diplomatic ties with the UK and cancel a further proposed order for 72 Eurofighter Typhoon aircraft if the SFO investigation was not halted.

On 14 December 2006, the SFO announced that it was ending its investigation into these bribery allegations. The reason given was that continuing the investigation might lead to Saudi Arabia withdrawing diplomatic cooperation with the UK on security and intelligence.

The decision was widely criticized by parliamentarians, non-governmental organizations internationally, and by leading financial fund managers, who stated that it could compromise London’s standing as a financial centre.
Beginnings of a legal challenge

On 18 December 2006, The Corner House and Campaign Against Arms Trade wrote to the UK Government arguing that the SFO’s decision was unlawful and should be reversed.

The legal challenge centred on the UK’s obligations under the Organisation for Economic Co-operation and Development (OECD) Anti-bribery Convention, which Britain signed in 1997.

Article 5 of the Convention expressly forbids the termination of corruption investigations on grounds other than the merits of the case. Signatory governments specifically undertake NOT to be influenced “by the potential effect [of an investigation] upon relations with another State . . . .”

But the SFO stated that their decision was based on the grounds that continuing the corruption investigation would damage relations with Saudi Arabia and hence the UK’s national security.

The OECD itself has expressed "serious concerns" over the SFO decision. In March 2007, its Working Group on Bribery announced that it would be carrying out an in-depth review of the UK’s implementation of the Anti-bribery Convention.
Spying delays court case

Following our December 2006 letter, and the failure of the Government to restore the investigation, on 23 February 2007, The Corner House and CAAT began an application for a judicial review -- a court proceeding in which a judge reviews the lawfulness of a decision or action made by a public body. However, the full application was delayed because it had been discovered in January 2007 that an email from CAAT containing confidential and privileged legal advice about the judicial review from the groups' solicitors had been obtained by BAE.

CAAT went to court in January 2007 to require BAE Systems to identify the source of the leak, arguing that the judicial review proceedings could be severely prejudiced if BAE had access to CAAT’s (and The Corner House’s) confidential legal advice.

BAE was thus forced to reveal that it has been paying £2,500 per month to LigneDeux Associates, the business vehicle of Paul Mercer -- a private investigator with right-wing links -- who monitored and passed information about CAAT to BAE's Director of Security, Mike McGinty. Paul Mercer denied that he had misappropriated the confidential email, alleging that he had received it anonymously through the post. Mr Mercer has now given binding lifelong undertakings to the court not to misuse confidential information belonging to CAAT again and to inform CAAT if any such material comes into his possession. Any breach of those undertakings could lead to his committal to prison for contempt of court.

CAAT has recently obtained further material suggesting that BAE had been involved in unlawful acts of spying to a greater extent than the company originally implied. CAAT is therefore continuing to pursue, through the Court process, answers to the questions of how confidential information came into the hands of BAE.
Full application lodged . . .

On 19 April 2007, CAAT and The Corner House were able finally to lodge their full grounds for their application for a judicial review. Accompanying the application were two witness statements from each group:

* The 'witness statement' [pdf] from Campaign Against Arms Trade provided detailed background on the Al-Yamamah arms deals between the UK and Saudi Arabia from the 1980s to 2006; and the December 2006 decision to end the SFO investigation into alleged corruption in these deals;
* The 'witness statement' [pdf] from The Corner House outlined the nexus between corruption and bribery, and international trade, economic investment, terrorism and national security; and provided background on legislative and other steps to combat corruption.

. . . and refused . . .

On 29 May 2007, a High Court Judge considered the papers filed by lawyers for CAAT and The Corner House and the Government's response [INSERT: see below for more detail, OR MAKE A JUMP LINK??] to these papers -- and made a preliminary decision refusing to grant permission for a full judicial review hearing.
. . . but the proceedings continue

The Corner House and CAAT have thus taken the next step in the proceedings, which is to request a formal hearing before a Judge so as to argue why the case should proceed. That hearing has been scheduled for 9 November 2007, and we remain confident, as do our lawyers, that the Court will be persuaded to consider the legal challenge fully.
New allegations

Since initiating our legal challenge, separate revelations came to light in June 2007, via the BBC's Panorama television programme and in The Guardian newspaper that the UK Government itself may be implicated in the corrupt activities that the Serious Fraud Office was investigating. As the Judge who assessed the papers applying for judicial review did so in May 2007, he could not have been aware of these revelations.

Panorama's principal allegation is that BAE, with approval of the UK's Ministry of Defence, made payments worth hundreds of millions of pounds over two decades to bank accounts under the personal control of Prince Bandar bin Sultan, the son of Prince Sultan bin Abdul Aziz who has been the Saudi Defence Minister since 1962. The documentary suggests that some of the payments were for the personal expenditure of Prince Bandar bin Sultan.

The allegations raise further concerns about the shelving of the SFO investigation. They suggest that, since 1985, successive British governments under Prime Ministers Margaret Thatcher, John Major and Tony Blair have used Ministry of Defence bank accounts to facilitate corrupt payments to a foreign official. These allegations are more serious than the widely-reported ones of a £60 million "slush fund" run by BAE for the personal benefit of Saudi royals, because they suggest the active involvement and complicity of the UK government.
UK Government is prepared to break international law . . .

The Government refused to sanction public disclosure of its response to our judicial review proceedings. So activist and comedian Mark Thomas applied to the High Court for the document to be released, which the High Court initially refused on 18 June 2007 but a few weeks later, on 9 July 2007, allowed.

In its response [pdf 9mb]the Government denies any breach of the OECD Anti-Bribery Convention -- but declares that it would have taken the decision to terminate the SFO investigation anyway regardless of any violation of international law. According to the Government, compliance with the Convention “was not . . . a critical or decisive matter” in making the decision.

The Corner House and CAAT have written to the OECD to draw its attention to the UK Government's willingness to break the OECD Anti-bribery Convention, which is binding on signatories -- despite the Government specifically confirming to the the OECD in 2005 that none of the considerations prohibited by Article 5 would be taken into account as public interest factors not to prosecute and despite it stating in January 2007 that the UK had complied with the Convention in deciding to terminate the SFO's BAE-Saudi inquiry.

In effect, the Government has spun one story to the OECD and is spinning another to the UK courts.

The Government claims that continuation of the SFO inquiry would have endangered "British lives on British streets". Yet revelations in The Guardian newspaper and by BBC's Panorama television programme strongly suggest that the source of these security fears was Prince Bandar -- the very person whose receipt of funds from BAE was being investigated. They also point out that the OECD Anti-bribery Convention has no exemption for national security. The UK Government’s arguments are widely seen as threatening to undermine the Convention.
. . . while US Government picks up where UK left off

On 25 June 2007, BAE acknowledged that the US Department of Justice has decided to investigate the company’s compliance with US anti-corruption laws, particularly the 1977 Foreign Corrupt Practices Act. Over 30 years, the US has had a strong record on corruption prosecutions.

Plodding PC


Ah!

28.08.2007 17:43

Just had a play with both tools and just twigged what it's all about. Doh!

Yeah, you can't get done for pulling public data off the net.

Bloody addictive. Just had a jaunt round .police.uk and .gov.uk not much to report except a couple of geeky admins with myspace pages and some users who obviously do some work from home and some test accounts (advertised as test accounts).

It'd be nice if someone could code the two things into the app one and add web search engine... with perhaps a free 'Dunne & Bradstreet' & LexisNexis with every search.

I guess that'd make me a script embryo.

Good for digging out corporate & private e-mails too.

Plodding PC


Grey Hat

29.08.2007 00:01

Mike - Thanks, you said it more concisely than I could. Although bear in mind I didn't just warn activists of their personal risk, they can use the same tool to some advantage, don't just think defensively. Judging from past events I'm guessing we have about a fortnight to save as much as we can before corporate procedures get updated and the good stuff disappears. I'm also guessing this has been used aganst activists long before most unimaginative hacktivists like myself had the convenience of a website tool that spelled it out for us- and I'm 'paranoid' enough to assume what I am looking at is being looked at. Most sys admins are overworked, stressed and undersexed though. It is not until they are explicitly warned that they think to react. It is not for a few weeks after that that they actually react, though that depends on the sort of organisation that they work for. But thanks for your clarification, it was appreciated as the original post had been missing the email addresses so I presumably seemed to be talking shit.

KeyNetic- From what I know that is the sort of technique they use, mapping relationships. None of it can stand up in a court of law because implying someone knows someone else over the internet is hardly evidence of anything else, but that doesn't mean it won't be used to target you behind the scenes. "The accused verified Mr Bin Ladens key" is at worst translated to "gathering information useful to humanists". I think the worst thing that could happen is people stop signing other peoples keys fearing prosecution, as encryption is the last defence of freedom of speech. I think the standard argument for encrypting as much as possible also applies to verifying keys. I'd consider verifying any strangers key at this point, even if it meant verifying a few spooks by accident. It is the least worst option both for me personally and for everyone else. So no longer the web of trust but the web of no reason to distrust. I haven't had time to fully think that through though and would welcome being corrected.

Plodding PC - you may have plodded but you got there so pass it on and keep digging, there really is some hot stuff on it, not much but you are diving for pearls. I've found a few and I am keeping them for myself at this point. Sometimes on less obvious domains. Bear in mind you are looking for emails which are sometimes (in security conscious places) kept on completely different domain names from the webservers domain name. It also helps if you know in advance a few names of key members of IT staff. But just trawling is fun too. Script Embryo is a great name btw, I don't think anyone is using it.

I really have to play with it a lot more myself before I give any more advice. I'm not an uber-geek but I am geeky enough that I turned down the offer of sex with a woman I find beautiful last night simply to play with my new toy. Which is why I have some sympathy for the BAA 'nasty girls do nasty things' security consultant, he is just my reflection.

Danny


Danny

29.08.2007 07:33

I'll stick to plodding these days. I was never a 1337 |-|4x0r but spent a lot of time in their company and picked up a lot. I long ago hung up my boots when it comes to being naughty with computers and am glad, relieved and surprised to have gotten away with everything I did.


Anyway...

There are uses of this software that are obvious to anyone that has a mildly devious mind. Ironically, the system may be a great tool for e-mail network security, but from a social engineering aspect, it's an Achilles heel. Having Googeled the a few addresses it's obvious that many of these e-mail addresses aren't going to be this easily unearthed otherwise.

Unless I'm overlooking something fundamental here, the fact that some companies are advertising what employees are likely to be setup to access a WAN from home, and advertise their home e-mail address had me chuckling. Some really reprehensible type could engineer a Trojan, worm or malicious virus into that system with a bit of skill and luck.

Anyone who has worked helpdesk will be all too familiar with the concept of the nightmares of home workers and the usual lack of security control over their home/portable equipment. I had to regularly delouse many a laptop or dell with more infections than the Sophos database. Some of them even using their machines all weekend in that condition.

Bigger companies should(!) have their shit together in keeping things tight, but smaller companies and organisations are going to suffer the usual slapdash "whatever it takes to make this work easily" mentality.

Anyway...

You don't have to be any more technically adept than being able to use a browser to use this stuff...

If someone would write a "How to" step-by-step for users (with a couple of screenshots), I'd recommend it for a feature! I'm not sure this place has ever had a mid section tech feature???

There's a lot to be said about being discrete with any juicy info you unearth. Advertising certain things can back fire by giving them the heads up on what to change in their practices and slam the door on you.



Plodding PC


Encryption and the Plod

29.08.2007 10:32

Just in case anyone interested in such matters has somehow missed this (by being in a coma for 7 years):

Regarding the RIP 2000 Act

"The second key controversy is the legislation's reverse burden of proof. If intercepted communications are encrypted (encoded and made secret), the act will force the individual to surrender the keys (pin numbers which allow users to decipher encoded data), on pain of jail sentences of up to two years. The government says keys will only be required in special circumstances and promises that the security services will destroy the keys as soon as they are finished with."

 http://www.guardian.co.uk/theissues/article/0,6512,334007,00.html

"[...] "The police can say 'We think he's a terrorist' or 'We think he's trading in kiddie porn', and the suspect can say, 'No, they're love letters, sorry, I've lost the key'. How much evidence do you need [to convict]? If you can't decrypt [the data], then by definition you don't know what it is," said Clayton."

 http://news.zdnet.co.uk/security/0,1000000189,39269746,00.htm

I'm not aware if that has ever been legally tested as a strategy.



I'd recommend that all activists read those articles and the more technically-minded read the act itself and make sure other are aware of the scope of it:

 http://www.opsi.gov.uk/Acts/acts2000/20000023.htm


And here's a promising product with a development cycle threatening to rival 'Duke Nukem Forever':

 http://www.m-o-o-t.org/

Plodding PC


Moot Point

29.08.2007 11:38

"If someone would write a "How to" step-by-step for users (with a couple of screenshots), I'd recommend it for a feature! I'm not sure this place has ever had a mid section tech feature??? There's a lot to be said about being discrete with any juicy info you unearth. Advertising certain things can back fire by giving them the heads up on what to change in their practices and slam the door on you."

Yeah, it's a balancing act but the info was on the Register anyway so I thought it may as well be here. I wouldn't want to write it up as a feature as I tend to be too verbose and mention stuff I shouldn't, and I want to stay in and play with it as much as possible in the short term. You go ahead if you want though.

One thing about the RIP act 2000 that you didn't mention - and which stopped me using encryption with strangers - is the draconian punishments forbidding anyone whose keys are seized from saying that they have been compromised. With people you know you can prearrange a set conversation that acts as a signal that has occured.

I hadn't heard of Moot so thanks a lot for that, I'll definitely get a copy. I hope they have got around this problem though :

"5) m-o-o-t also provides partial traffic anonymity, but relies on an offshore mailserver for this. It has unfortunately proved impossible in time to include a method to provide anonymity without having to trust the server, but we plan to do this in a later version."

The author deserves great respect but I can't stop myself poking fun at the latest news:

"The release is going well, though there was a problem in one single line of code which took two weeks and a sixty-hour coding session to find - ouch!. ...- Peter Fairbrother, 23 September 2007"

I am unsure if he already has spent 60 hours looking for a problem in one line of code, or is planning to do that before the 23rd of September. I bet it was, or perhaps will be, a typo !

Danny


Well

29.08.2007 13:27

Some of the ancient techniques of security are still the best, like pre-agreeing a simple flagword, that won't stand out in normal conversation, to advertise that security is lost.

Yeah, the RIP Act caused quite a stir across the board. In any sane society it'd have been used as toilet paper at the proposal stage.


Well, once you are bored of playing with it, if you want to post some positive and negative bullet points, I'll make up a 'how to' and post in its own right (with co-authorship)?

60 hours isn't much if there are say 5 of his geeky friends at it. Otherwise, we can safely say this man has sacrificed his life for others, in a non-fatal sense.

All these kinds of things are a bit of a leap of faith anyway, unless you are the world's smartest security guru that can debug in hex.

I remember a while back there was a company spamming the murkier corners of the net marketing a net anonymiser proxy/shell service. Some people did some sniffing and it transpired that the company was run by two "ex" NSA techs!

Even if their intentions were genuine, and their skills will obviously be top notch, you just know that they aren't going put up a fight against any subpoenas, assuming by the ease they got outed the whole this wasn't a honey trap.


Plodding PC


BAe in Kazahkstan - a new Yamamah scandal

30.08.2007 11:35

" if you want to post some positive and negative bullet points, I'll make up a 'how to' and post in its own right"

No, this article is getting linked to quite a bit and I've been getting spoofed traffic for the past two days now. I've made most of my points. Here is one small example from the BAe data though - this isn't one of the juicy things I've been investigating, it's just to show the process from the BAe data since I already published it.


These people all share keys, including BAes military aviation wing and their Kazahkstan office. Sharing the one key strongly indicates working on the one project. I think this shows a new Yamamah 'jetfighters for oil' kickback deal in the making, in Kazahkstan this time not Saudi Arabia. I doubt it will surprise CAAT.

The rest of this is just cut'n'paste from Google.


barry seddon
David eagle
steven wright

b.seddon
John Buckler
Steven Wright
Gordon Pattison


9.BAE SYSTEMS
Barry Seddon, Project Direcor
20-A Kazybek bi Street, Office 409, Almaty, Tel: +(3272) 980 088; Fax: 980 087
E-mail:  b.seddon@baesystems.kz
Aerospace
barry john seddon

MARTIN-BAKER AIRCRAFT COMPANY LTD,
Head of Commercial Operations: John Buckler
+44 (0) 1895 836565  awalsh@martin-baker.co.uk

David Eagles is Director Flight Operations for BAe (Military)

*
BAE SYSTEMS
Farnborough,
o Email:  kazahkstan@baesystems.com


12 Dec 2003

Air Astana, a joint venture between the government of Kazakhstan and BAE Systems, begins flights between Britain and Kazakhstan on Saturday December 13.
The twice-weekly service is the first direct link between the two countries. Hailing the launch, BAE Systems chairman Sir Richard Evans said, The service is a response to increasing business ties between the two countries and we are working closely with the Kazakhstan government to support this growing trade by developing the country's aviation infrastructure.
Air Astana was formed as a first step in the development of a long-term UK relationship with Kazakhstan, as envisaged in a memorandum of understanding signed in November 2000. The MoU, signed at 10 Downing Street, calls for BAE Systems to invest in the aerospace infrastructure of the Central Asian country and is seen as a potential stepping stone towards wider co-operation.

December 4, 2006
Sir Richard Evans, former chairman of Britain's biggest arms company, BAE Systems, has gone to work for the president of Kazakhstan, Nursultan Nazarbayev. Sir Richard is to become chairman of Samruk, the oil and gas-rich central Asian country's state holding company. Sir Richard held talks with Mr Nazarbayev when he came to London on a three-day visit last month. Mr Nazarbayev also had lunch with Tony Blair and met the Queen. Sir Richard, who still works as a consultant to BAE, was the architect of the continuing Al-Yamamah arms deals with Saudi Arabia, and also signed off on confidential agency deals with other countries, which are being probed in the wide-ranging Serious Fraud Office inquiry into corruption allegations. Shortly after he stepped aside as BAE chairman, Sir Richard was interviewed at length by the SFO at the end of 2005. Sir Richard and BAE deny any wrongdoing, and the current chairman, Mike Turner, made public threats last week that a £6bn Saudi contract to buy Typhoon aircraft could be derailed if SFO inquiries into Swiss bank accounts were not curtailed. Mr Nazarbayev, too, has faced problems with corruption inquiries.



Britain is the third-largest foreign investor in Kazakhstan with British companies making up 14% of foreign direct investment. Over 100 British companies do business in Kazakhstan.
British Aerospace has a 49% stake in Air Astana.


On December 4, 2005, Nursultan Nazarbayev was reelected in a landslide victory. The electoral commission announced that he had won over 90% of the vote. The Organization for Security and Cooperation in Europe (OSCE) concluded the election did not meet international standards despite some improvements in the administration of the election.

Danny