Skip to content or view screen version

Police bugged SHAC, but what else did they do?

Collins | 10.10.2008 12:44 | SHAC | Animal Liberation

Police have admitted to bugging SHAC, however it's what tehy don't admit to that is more interesting.

As expected SHAC was bugged by the police. This isn't a surprise. What is interesting is that Police have knowledge of files that SHAC supposedly securely erased.

This means that either the police had an virus on SHAC members computers or that SHAC has a apolice informer in it's ranks.It is likely that both are true however the amount of knowledge police seem to have could only have been acquired by them having a software bug on SHAC computers.

This is something all activists must be careful about. The Police are putting backdoors onto peoples computers. Virus checkers won't spot them as they will not be known by anti-virus companies.

What can we do against this new threat?

Collins

Comments

Hide 11 hidden comments or hide all comments

Well you can make it harder

10.10.2008 12:53

You could make it harder for them by using open source software. Not as easy to plant a virus then. Using windows (if you do) just makes it easy for them.

Alpha Geek


Don not assume Linux =safe

10.10.2008 13:03

There are rootkits available for Linux which would give the same level of access as rootkits for windows. Using Linux might make you a little safer but it doesn't make you safe.

Beta Geek


autosave was probably to blame

10.10.2008 13:15

I suspect the problem in this case was the "autosave" functionality used by most complex software applications. Things like email and word processing programs generally will autosave backup copies to disk every minute or so, so that files you are working on can be recovered if the program crashes.

Even if you securely delete the final plaintext copy, fragments of these insecurely deleted autosaved files could still remain on the disk.

The lessons are:

* Don't put sensitive information on computers unless absolutely necessary.
* Use full disk encryption rather than relying on encryption of specific files or partitions.

Full disk encryption means everything on the disk is encrypted - the operating system, the applications, and the files. There is some good free and open source full disk encryption software called Truecrypt:
 http://www.truecrypt.org/

Remember also to shut down or lock the computer when you are away from it - if they gain access to your computer while it is running and open, all the encryption will be useless.

supporter


I agree

10.10.2008 13:45

I agree Beta Geek, I wasn't saying *nix is totally safe.

Alpha Geek


Hidden Comment

This posting has been hidden because it breaches the Indymedia UK (IMC UK) Editorial Guidelines.

IMC UK is an interactive site offering inclusive participation. All postings to the open publishing newswire are the responsibility of the individual authors and not of IMC UK. Although IMC UK volunteers attempt to ensure accuracy of the newswire, they take no responsibility legal or otherwise for the contents of the open publishing site. Mention of external web sites or services is for information purposes only and constitutes neither an endorsement nor a recommendation.

SHAC Computer information

10.10.2008 13:48


AS WE HAVE BEEN TRYING TO TELL PEOPLE FOR MONTHS THIS IS THE RESULT OF A PC BELONGING TO SEAN KIRTLEY HAVING ITS HARD-DRIVE COPIED AND THE CONTENTS SOLD TO THE POLICE.

It is frustrating beyond belief to have this being denied again and again by people within SHAC when it is now common knowledge and was even discussed openly in court.

This thread on Indymedia a couple of weeks ago started to talk about it and that was great however once again we saw somebody from the SHAC inner circle (this time called 'Indymedia Pat' ) decide that it should be closed down and the truth hidden

 http://www.indymedia.org.uk/en/2008/09/408433.html?c=all

Why Indymedia allowed this I can't imagine.

Now that this has all been confirmed in open court will 'Indymedia Pat' be back to apologise and will Indymedia mods release the hidden comments so that those within the movement can see the truth ?

We need to stay together but we need to tell the truth


sauce?

10.10.2008 13:54

> As expected SHAC was bugged by the police. This isn't a surprise.
> What is interesting is that Police have knowledge of files that
> SHAC supposedly securely erased.

Care to share where this is from?

hp


Hidden Comment

This posting has been hidden because it breaches the Indymedia UK (IMC UK) Editorial Guidelines.

IMC UK is an interactive site offering inclusive participation. All postings to the open publishing newswire are the responsibility of the individual authors and not of IMC UK. Although IMC UK volunteers attempt to ensure accuracy of the newswire, they take no responsibility legal or otherwise for the contents of the open publishing site. Mention of external web sites or services is for information purposes only and constitutes neither an endorsement nor a recommendation.

SHAC Computer information

10.10.2008 13:58



AS WE HAVE BEEN TRYING TO TELL PEOPLE FOR MONTHS THIS IS THE RESULT OF A PC BELONGING TO SEAN KIRTLEY HAVING ITS HARD-DRIVE COPIED AND THE CONTENTS SOLD TO THE POLICE.

It is frustrating beyond belief to have this being denied again and again by people within SHAC when it is now common knowledge and was even discussed openly in court.

This thread on Indymedia a couple of weeks ago started to talk about it and that was great however once again we saw somebody from the SHAC inner circle (this time called 'Indymedia Pat' ) decide that it should be closed down and the truth hidden

 http://www.indymedia.org.uk/en/2008/09/408433.html?c=all

Why Indymedia allowed this I can't imagine.

Now that this has all been confirmed in open court will 'Indymedia Pat' be back to apologise and will Indymedia mods release the hidden comments so that those within the movement can see the truth ?






--------------------------------------------------------------------------------

We need to stay together but we need to tell the truth


Hidden Comment

This posting has been hidden because it breaches the Indymedia UK (IMC UK) Editorial Guidelines.

IMC UK is an interactive site offering inclusive participation. All postings to the open publishing newswire are the responsibility of the individual authors and not of IMC UK. Although IMC UK volunteers attempt to ensure accuracy of the newswire, they take no responsibility legal or otherwise for the contents of the open publishing site. Mention of external web sites or services is for information purposes only and constitutes neither an endorsement nor a recommendation.

ignore the troll (post: SHAC computer information)

10.10.2008 14:36

Please ignore the troll comments (post titled SHAC computer information). The people at Indymedia will be able to tell that they are from the same person posting under different names by their IP address.

It is probably just someone from the pro-animal abuse SHACwatch site trying to shit-stir.

supporter


Hidden Comment

This posting has been hidden because it breaches the Indymedia UK (IMC UK) Editorial Guidelines.

IMC UK is an interactive site offering inclusive participation. All postings to the open publishing newswire are the responsibility of the individual authors and not of IMC UK. Although IMC UK volunteers attempt to ensure accuracy of the newswire, they take no responsibility legal or otherwise for the contents of the open publishing site. Mention of external web sites or services is for information purposes only and constitutes neither an endorsement nor a recommendation.

Sean is Sequani not SHAC - totally irrelevant hysterical comment again

10.10.2008 14:54

This is the SHAC case, not Sequani. So no, true or not, the Sean comment is totally irrelevant here. Sean's hard drive "getting copied" has absolutely no bearing on the SHAC trial. Once again, as said in the previous thread all about this, STOP POSTING ON INDYMEDIA AND SPEAK TO PEOPLE FACE TO FACE. If you really were a genuine AR activist you would already be doing this rather than posting up hysterics that you seem to know nothing about.

Now back to the real topic - most likely any worries about security will be due to autosaving as someone has previously said. Full disk encryption software will give you much more security and 'eliminate' this problem - if it cannot be hacked into that is. PGP is secure as far as we are aware but there is a specific company in the UK that works for the police and government who specialise in cracking encrypted computers. How successful they are is another question altogether... time will tell!

Sneaky Geeky


Hidden Comment

This posting has been hidden because it breaches the Indymedia UK (IMC UK) Editorial Guidelines.

IMC UK is an interactive site offering inclusive participation. All postings to the open publishing newswire are the responsibility of the individual authors and not of IMC UK. Although IMC UK volunteers attempt to ensure accuracy of the newswire, they take no responsibility legal or otherwise for the contents of the open publishing site. Mention of external web sites or services is for information purposes only and constitutes neither an endorsement nor a recommendation.

The troll just doesn't give up!

10.10.2008 15:02

I thought that the troll had got bored especially when he/she were told by indymedia that they would not be putting up with fake shit stirring stories!

Oh well what ever makes him/her happy............. bless!!

Troll Watch!


Risks of full disk encryption

10.10.2008 15:21

Full disk encryption is a good step, but like anything, it is not a total panacea.

The risks are:

1) The thumbscrew attack: use some form of torture to get the person to give up their passphrase.

2) Weak passphrase: don't use you dog's name, and make it long and difficult to guess!

3) Keyloggers: unless you are with your computer 24/7, someone can gain physical access to your computer and plant a hardware keylogger that records all your keystrokes - including when you type in the passphrase.

4) Firewire ports: firewire/iLink ports have direct access to the computer memory, which would necessarily include the decryption key. Remove or disable your firewire ports.

5) Access to a running computer: protecting from someone who has physical access to a computer is difficult at the best of times, but if it is powered on, it is even more difficult. Set your computer to use a locking screensaver, and turn it on when you are not sat at the computer.

supporter


Hidden Comment

This posting has been hidden because it breaches the Indymedia UK (IMC UK) Editorial Guidelines.

IMC UK is an interactive site offering inclusive participation. All postings to the open publishing newswire are the responsibility of the individual authors and not of IMC UK. Although IMC UK volunteers attempt to ensure accuracy of the newswire, they take no responsibility legal or otherwise for the contents of the open publishing site. Mention of external web sites or services is for information purposes only and constitutes neither an endorsement nor a recommendation.

What is happening ?

10.10.2008 15:29

I have been following the trial and the information about this mans computer being copied has already been talked about and challenged by the lawyers in open court so there is no point in pretending it did not happen.

I am confused at the motivation of people in trying to cover this up, the police obtained vital evidence as the result of what was in effect a burglary, we can use that to demand this evidence is inadmissable and get any convition overturned.

I realise that some poeple feel a bit foolish because they trusted others who turned out to be police but sometimes we need to stand up and admit our mistakes, learn from them and move on. Trying to cover things up and pretend they did not happen is a little silly.


The police have clearly gathered a lot of information, probably about individuals but most of it will be of no use to them just donations and emails of support etc so there is no need to be worried or try to keep others in the dark because that just looks suspicious.

As a final thought would some please, please not call posters trolls just because they have differing viewpoints, it is a really annoying part of this webpage that all opposition opinion is called trolling. Internet trolling is a very different thing.

Supporter


Hidden Comment

This posting has been hidden because it breaches the Indymedia UK (IMC UK) Editorial Guidelines.

IMC UK is an interactive site offering inclusive participation. All postings to the open publishing newswire are the responsibility of the individual authors and not of IMC UK. Although IMC UK volunteers attempt to ensure accuracy of the newswire, they take no responsibility legal or otherwise for the contents of the open publishing site. Mention of external web sites or services is for information purposes only and constitutes neither an endorsement nor a recommendation.

Stay strong

10.10.2008 15:43

From all of us over here in the USA we salute what you are doing for the animals.

We have been following your work and we are so sorry that things are going so badly for you all right now. The laws in the US are very different to England and what the police have done to you would neved be allowed here.

We hope you stay strong and can come through this with new people and new groups to take over from those that have failed.

Mary - USA


Hidden Comment

This posting has been hidden because it breaches the Indymedia UK (IMC UK) Editorial Guidelines.

IMC UK is an interactive site offering inclusive participation. All postings to the open publishing newswire are the responsibility of the individual authors and not of IMC UK. Although IMC UK volunteers attempt to ensure accuracy of the newswire, they take no responsibility legal or otherwise for the contents of the open publishing site. Mention of external web sites or services is for information purposes only and constitutes neither an endorsement nor a recommendation.

are these SHAC stories posted by a troll?

10.10.2008 16:32

Reading some of the recent posts to Indymedia about SHAC makes me suspect they may be posted by a troll. Something about them doesn't ring true. I could be wrong, but be cautious.

supporter


Hidden Comment

This posting has been hidden because it breaches the Indymedia UK (IMC UK) Editorial Guidelines.

IMC UK is an interactive site offering inclusive participation. All postings to the open publishing newswire are the responsibility of the individual authors and not of IMC UK. Although IMC UK volunteers attempt to ensure accuracy of the newswire, they take no responsibility legal or otherwise for the contents of the open publishing site. Mention of external web sites or services is for information purposes only and constitutes neither an endorsement nor a recommendation.

Definition of a Troll

10.10.2008 16:57

An Internet troll, or simply troll in Internet slang, is someone who posts controversial and irrelevant or off-topic messages in an online community, such as an online discussion forum or chat room, with the intention of provoking other users into an emotional response or to generally disrupt normal on-topic discussion. (wikipedia.org/wiki/Internet_troll)


This is my last comment because I've been advised you shouldn't feed the Trolls ............lol...........

Troll Watch!


Hidden Comment

This posting has been hidden because it breaches the Indymedia UK (IMC UK) Editorial Guidelines.

IMC UK is an interactive site offering inclusive participation. All postings to the open publishing newswire are the responsibility of the individual authors and not of IMC UK. Although IMC UK volunteers attempt to ensure accuracy of the newswire, they take no responsibility legal or otherwise for the contents of the open publishing site. Mention of external web sites or services is for information purposes only and constitutes neither an endorsement nor a recommendation.

Why not use macs?

10.10.2008 17:04

Look better, don't line the geat satans pockets any further and are much more secure. You can put PGP on them too.

Mac fan


Why not use macs?

10.10.2008 17:05

Look better, don't line the geat satans pockets any further and are much more secure. You can put PGP on them too.

Mac fan


What actually happened..

10.10.2008 17:18

The macs they were using weren't full disk encrpyted (you can now get full disk encryption for macs, i suggest you get it!) and the programmes they were using, eg. word, notepad etc. were automatically saving in the background.
They were not aware of this, and what the police have got their hands on are the automatically saved files which weren't encrypted.

There was no virus, they dont know their passwords and they havent got anywhere near as many recovered files as they are making out.

So everyone please stop worrying!

I highly suggest everyone gets full disk encryption

A friend of SHAC
- Homepage: http://www.shac.net


Good to know BUT who was advising them?

10.10.2008 17:29

The fact WORD periodically says - 'autosaving' is a bit of a clue!

But it is good to know that it;s simple cock up and not a super PLOD black helicopter squad :)

Another Mac Fan


re: What actually happened

10.10.2008 18:12

Friend of SHAC (and others) thanks for informing us what actually happened. But isn't that even more worrying? In that it would be a common problem especially with shared computers that people can't use full disk encryption on. A friend has mentioned tools that securely wipe these fragments of information and also deleted information. Can anyone on the newswire suggest some software that is known to work well. EVERYONE should use one of these wipers immdiately.Better to be safe.

Collins


Don't rely on disk free space wipers

10.10.2008 19:43

If you are using a shared computer my advice is: don't put anything that you want kept private on there.

Tools that wipe the free space take a long time and aren't always guaranteed to work. Also, you would have to run them every time you edited your file, since you never know when you might get a visit. That makes them practically useless, in my opinion.

If you want security, full disk encryption is the only way to go. And even then, be aware of the possible risks (see my earlier post).

Note that if you use Thunderbird, it is possible to turn off autosave of emails you are writing. It's probably a good idea to do this even if you use full disk encryption, just as another layer of security.

supporter


A Very Real concern

11.10.2008 09:26

This is certainly a worrying state of affairs - I am also a supporter and am very involved in prisoner support, am in touch with shac activist - since we live in a police state i suppose this sort of thing is to be expected - I have had the experience of local police (Brighton/Hove) driving past me when I am posting and shouting out "we know what you're doing George"
Every time I post I get to a page stating there is a problem with the security certificate - what does this mean?
I would be interested in others views - it is worth noting that there was almost certainly an informer within shac - also that one group are pleading guilty to conspiracy to black mail while the others (with heather Nicholson) are pleading not guilty

George Coombs
mail e-mail: georgecmbs@tiscali.co.uk


Some comments

11.10.2008 12:11

1. Free space wipers and file erasers generally do work (there's one called Eraser for windows which I think is held in good esteem). However the problem is not the erasing, it's that Windows/Office etc make copies (temporary files, swap space, backups, auto-saves etc). which are not getting erased. The solution here, as has been said previously, is to encrypt the entire drive. Truecrypt is the way I would go for this.

2. If your computer is taken by the police at any time, if you want to be very careful it is wise to assume that the operating system has been "doctored", perhaps to record keystrokes for transmission to the internet. This is a touch paranoid, to be fair, and unless you're a terrorist there's a chance that the police won't spend the time/money doing this. It may also be illegal (though that may not stop them). If your computer is returned to you after "evidence gathering" then personally I would wipe the entire operating system and reinstall it. Usually this is not for the faint-hearted as it can be a pig to do. Many machines no longer come with restore discs these days - instead they have a "restore partition" on the hard disc which unfortunately also can be doctored (although it's harder to do). If you want to be sure, get someone to restore it all properly from CDs/DVDs that have not been confiscated.

3. Bear in mind that the ROM (a silicon chip) of a machine can also be compromised! There is an anti-theft product on the market that modifies the contents of the "boot sequence" software, so that it sends out a regular tracking signal over the internet. This is a good thing if your machine is stolen, as it helps the owner find their machine even if the operating system is wiped and reinstalled. However the same technology is available to the police/authorities and can be used to install keystroke loggers to discover your encryption passwords. To combat this, the "BIOS" needs to be reinstalled (or "reflashed"). Again this requires an expert.

4. The problems with the security certificate are almost certainly NOT evidence that the cops are intercepting your visits/posts to IM. They are there (I believe) because IM has not purchased "legitimate" server certificates from a certifying authority. This might be because IM admins don't believe in having an "authority" (as IM is anti-authoritarian) but also because certificates can be expensive, and IM presumably isn't awash with cash. A properly working/purchased certificate only guarantees so much anyway - if the certifying authority was to hand over the certificate private key to the police, they would be able to decrypt everything you do. (There's no evidence that this is rife however, since if it was made public, it would start to degrade public trust in buying online, which the certifying authorities rely on to continue their business).

5. Lastly keep backups of everything you want to keep, and give them to your non-activist friends for safe storage. Keep stuff encrypted at your own house and (in general) unencrypted at your friends' houses (unless you have special reason to be worried, in which case keep it encrypted everywhere). The reason I suggest keeping it unencrypted is that if your encryption fails (or you forget your password) you have a backup that you can rely on! Encryption is great but it can cause you more problems than it solves if you are not careful. Never refer to backups in instant messaging, text, email or telephone calls otherwise the police will be able to find out where you keep copies.

Think that's about it.

Jon


Hidden Comment

This posting has been hidden because it breaches the Indymedia UK (IMC UK) Editorial Guidelines.

IMC UK is an interactive site offering inclusive participation. All postings to the open publishing newswire are the responsibility of the individual authors and not of IMC UK. Although IMC UK volunteers attempt to ensure accuracy of the newswire, they take no responsibility legal or otherwise for the contents of the open publishing site. Mention of external web sites or services is for information purposes only and constitutes neither an endorsement nor a recommendation.

Long memory

11.10.2008 19:20

OK I give up - you win

You want to pretend all this was the result of some fucking PC scan or save technology then go right ahead. Lots of the usual wankers can produce the same posts all pretending it was that with lots of pseudo IT knowledge to make themselves look good.

WELL I KNOW THE TRUTH
I KNOW THAT SEAN'S HARDDRIVE WAS COPIED
I KNOW THAT HE WAS SOLD OUT
I KNOW THAT GRASSES ARE IN THE MOVEMENT AT HIGH LEVELS
I KNOW THAT FURTHER ARRESTS ARE LIKELY AND IMMINENT
I KNOW THAT SOME ARE TRYING TO COVER THIS UP
I KNOW THAT PEOPLE WITHIN THE INDYMEDIA ORGANISATION ARE HELPING THEM

In short you can all fuck off, I will never again have anything to do with you or Indymedia

I will work if needed on my own to liberate the animals that live in hell while others get rich.

THERE WILL BE A DAY OF RECKONING AND WE WILL REMEMBER THOSE WHO SOLD US OUT AND THOSE WHO HELPED THEM.

YOU CAN ALL GO TO HELL

ALF


An effective solution....

12.10.2008 08:11

Instead of using Windows, (or MAC OS or even normal Linux), you should all be using this:

 http://mandalka.name/privatix/index.html.en

You can run it in a "Virtual Machine" on any Windows computer and it will leave no traces of what you have been doing, (except on the encrypted USB key). This means that you can have a normal OS that you use for "normal" activities and a separate OS for any more "controversial" activities.

It works....


Microsoft sucks!

12.10.2008 13:26

There is a type of spyware in the windose registry that spyware doesn't pick up, that is microsofts MRU files.
The Most Recently Used files log every file you've opened and saved.

How to Clear the Windows Explorer MRU Lists
 http://support.microsoft.com/kb/142298

also delete the entries in-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet_Explorer\Typed

I also recommend overwiting the IE history folder and deleting the info in that .dat file which is hidden in that folder.

EnCase user!


more on this

13.10.2008 00:55

You can now run entire operating systems from a CD ROM - these run slower but do not leave any trace of files after they have been turned off. Similarly, you can run entire an entire system off a USB drive now... if you were to do this and periodically erase the free space using a program like Eraser then you would be safe too.

If you are surfing you can use TOR too - though again, it is slower than accessing the Internet directly.

Let's be honest though, there is no real chance of privacy when every mobile phone is a potential police microphone and location finder, records of net activity are kept for years, and DNA evidence can be retrieved from any computer. I reckon the cops are gonna be one step ahead of this on this one...but they don't have the money, resources, or expertise at present to follow-up on absolutely every case - they will reserve this for really high profile issues.

I would be interested to hear about any really foolproof means of having total privacy using a PC.

Krop


How to clean Firefox's history

22.10.2008 12:46

Firefox's history files are in weird .MORK files which can be accessed with Mork.pl

Mainly they are accessed from their history.dat file which can be opened with Notepad.
in XP-
C:\Documents and settings\\application Data\Mozilla\Profiles\\history.dat
in Linux-
~/.Mozilla/profiles//history.dat

OR from the cookie data
C:\Documents and settings\\application Data\Mozilla\Profiles\\cookies.dat
~/.Mozilla/profiles//history.dat

also in linux browse this URL-
about:cache

Nicola


Hide 11 hidden comments or hide all comments