Delivery-Date: Sun, 07 Dec 2014 05:28:02 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,
	URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 490CF1E0385;
	Sun,  7 Dec 2014 05:27:57 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 204682D68B;
	Sun,  7 Dec 2014 10:27:53 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id E6D78291EE
 for <tor-talk@lists.torproject.org>; Sun,  7 Dec 2014 10:27:48 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ynaFsQjS1xUV for <tor-talk@lists.torproject.org>;
 Sun,  7 Dec 2014 10:27:48 +0000 (UTC)
Received: from mail-lb0-x22d.google.com (mail-lb0-x22d.google.com
 [IPv6:2a00:1450:4010:c04::22d])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 87D5424965
 for <tor-talk@lists.torproject.org>; Sun,  7 Dec 2014 10:27:48 +0000 (UTC)
Received: by mail-lb0-f173.google.com with SMTP id z12so2450719lbi.4
 for <tor-talk@lists.torproject.org>; Sun, 07 Dec 2014 02:27:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=+QWYYHpiGroKEUoj9ddWkrj73Jlbi+eFIDREz+h/hnI=;
 b=sY5or7YnjkVn/wbaXC/HUPaiWdzUqhA2if46DFj9ta8dM/p0uhduwdQ724v2S3XaB0
 lWwUDUF5FGqISCqXYHo0LhU3nmx4aWM83wl5vGhzIo/+hxDqwQhwTY5w2e1LMCckdvnD
 4A5XvdoJrNLaWXW2HUpYJ5ryEHs4VIXNRYg7Q2ZBfpV0w57Th2ZE1Juvp8kCF4T8pzAq
 ZHE49beLoHuJInImqPSYCReWZkORk5YJxQ5qIkusIfQPwGPlH5ZStRPwpNuOweBfIOjA
 0VmxY/MEycuhplbCdjsgu4WI+vXcvi4F8G6D4cZT8rqVQCmQNx29lJG/XSinN41xCtcn
 k/kw==
MIME-Version: 1.0
X-Received: by 10.112.202.71 with SMTP id kg7mr10998559lbc.16.1417948065396;
 Sun, 07 Dec 2014 02:27:45 -0800 (PST)
Received: by 10.112.156.225 with HTTP; Sun, 7 Dec 2014 02:27:44 -0800 (PST)
In-Reply-To: <20141207023823.15123l26w3vbay2o@www.vfemail.net>
References: <20141207023823.15123l26w3vbay2o@www.vfemail.net>
Date: Sun, 7 Dec 2014 02:27:44 -0800
Message-ID: <CAJVRA1RaBkxNGLmTSSDOLSNijeTYX0EohOOeCw+LLMfeDJJ-kg@mail.gmail.com>
From: coderman <coderman@gmail.com>
To: EGOTISTICALSHALLOT <egotisticalshallot@openmail.cc>
Cc: tor-talk@lists.torproject.org, adrelanos@riseup.net
Subject: Re: [tor-talk] NSA TAO Exploit of Whonix Qubes - EGOTISTICALSHALLOT
	- Martin Peck
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 12/7/14, EGOTISTICALSHALLOT <egotisticalshallot@openmail.cc> wrote:
> ...
> Unfortunately it does not clear the matter up, as these "fictional"
> and "EGOTISTICALGIRAFFE" perspectives were known and considered here
> already..
>
> https://www.whonix.org/forum/index.php/topic,805.0.html

thanks for pointing out the thread. there are more questions there, as
you ask below.



> Are you coderman the Martin R. Peck of the mentioned affidavit and
> BigSun application?
>
> - http://cryptome.org/2014/12/peck-roark-affidavit.pdf
> - http://sunshineeevvocqr.onion

Patrick worked it out; i am indeed the same.
(apologies for the typo; this document was in flux hours before the
deadline to submit. Qubes should have been Qubes OS as well.)



> Did you personally dream up and write this EGOTISTICALSHALLOT codename
> and quoted text about a TAO exploit specific to Whonix Qubes? Are you
> the original author of this or was it copied from another source?

i am the author, and as stated, there are two examples of information
in the document. one about programs/projects that _do_ exist, meaning
the information is fully supported multiple times in the "public
knowledge base".

and this alternate example which is similar, but fictional, and thus
results in only partial support in the public knowledge base.

this "public knowledge base" and BigSun system is a much longer
discussion. i originally started on this work back in spring for a
different purpose; see cypherpunks "datamine the Snowden files"
discussion. the application to redaction and evaluating claims of
sensitivity evolved later, and specifically to assist Diane with her
case.



> If you are indeed the original author, what personally compelled you
> towards specifically choosing Whonix Qubes as a TAO exploit example
> and highlighting Whonix Qubes as a prime example in your NLP system
> offering to the NSA?

Whonix on Qubes OS represents defense in depth unlike any other
system. as such, it is a likely target, like Tails and the Tor Browser
before it.

being a likely target, it made a good candidate for description of a
fictitious exploit for the purposes of this partial support example.

a better example would be to compare a classified document with a
unique attack, and never leaked, against the public knowledge base.

this would demonstrate only partial support because it contains
information that has not been made public.  for obvious reasons, the
alternative of constructing a fictitious example to demonstrate
partial support was used.


---
some other comments from that thread:

"The mentioned creation date of 2014 also looks accurate as far as
matching when your Whonix group started working with the Qubes group
to co-develop your software together."

the specific date was chosen because of the affidavit being this year.
if Whonix Qubes OS had started in 2013, i would still have used 2014
in the example.


---
and:

"Maybe this Martin Peck, software engineer, is just a fan or user of
Whonix and Qubes and was being creative by dreaming up this
EGOTISTICALSHALLOT exploit?"

i am a fan of many things, but as described above, this example was
chosen for being a good candidate to demonstrate partial support in
the public knowledge base.


best regards,
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

