Bluecoat hardware still up and running in Syria

Today I gave a talk to an audicence consisting mostly of European Studies students at the Faculty of Social Sciences in Gothenburg. I mostly talked about the political paradox of Western ”Net freedom” and dictatorship surveillance, and how we lost the credibility as Europeans to criticize other countries in the world. ”Surveillance is bad elsewhere but OK in Europe” is simply not a valid strategy.

However, I like concrete examples as pedagogical vehicles for explaining how government surveillance really works. So, I talked about Bluecoat in Syria and how US and EU technology is used to spy on people.

While preparing my talk I repeated some of the diagnostic commands (see above link) that were used to expose Bluecoat in the first place, just out of curiosity. I ran nmap -A -sS, and after two minutes, to my surprise, the nmap program gives the same output as it did almost a year ago. A small excerpt:

21/tcp open ftp Blue Coat ftpd
22/tcp filtered ssh
23/tcp filtered telnet
42/tcp filtered nameserver
80/tcp open http-proxy BlueCoat SG-400 http proxy
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1720/tcp filtered H.323/Q.931
1863/tcp open msnp?
2000/tcp filtered cisco-sccp
5050/tcp open mmcc?
5060/tcp filtered sip
5101/tcp open admdog?
8080/tcp open http-proxy BlueCoat SG-400 http proxy

The Bluecoat surveillance machines, in this case most likely a SG-400, are still up and running. You can try this for yourselves. It is perfectly legal and all you need is the nmap program.

So, even though Bluecoat devices get spotted around the world, for example in Burma and Syria, it seems that not much happens. The machines just keep running.

This raises a few questions:

1. Why won’t Bluecoat disable the surveillance gear remotely? These machines were never supposed to be in Syria in the first place.

2. This device is legal to use in the EU due to the data retention directive. To put credible political pressure on Syria and Burma, we need to make them illegal in the EU to begin with. Only then can we legitimately demand their removal with reference to human rights.

Update: I chatted with my more tech-savvy friends and they say the latest bid is that Bluecoat claims that they can not disable the machines remotely, but they have stopped sending upgrades to them. Whether true or not is hard to tell because I can’t find any official statements on this topic.

The 90s were already under surveillance

Recently it was revealed that TeliaSonera cooperates with the authorities in Azerbaijan, Kazakhstan and Belarus in providing a telephone interception system. Such an event is only a singular instance in a larger series of revelations that have been reported over the past few months. Other cases include Telecomix revealing Bluecoat surveillance equipment in Syria and the Wikileaks Spyfiles. Telecomix has even launched a project called Blue Cabinet that traces down vendors and corporations that are deeply entangled in both what we usually refer to as dictatorships and democracies.

To these cases there is a larger set of contradictions and twists that makes things very complicated. We may refer to them as hypocritical or immoral, however, it seems that these contradictions never dissolve and are very powerful in maintaining business as usual. They can be summarized as follows:

1. Government surveillance is legitimate in democratic states but not in dictatorial states. So, the western world supports ”net freedom” for ”democracy”.

2. Because surveillance is legal in the EU/US, it is perfectly all right to manufacture and use these technologies elsewhere where they are legal.

3. The world needs free and open communication technologies, so we sell the world technologies that makes surveillance more efficient.

This type of political reasoning enables a sort of dead lock. It makes possible for nobody to actually take responsibility for what happens. At the end of the day, politicians go home and dream of net freedom. And the corporations sleep tight knowing that what they do is within the ”legal” framework.

This can be demonstrated with TeliaSonera’s response to the revelations of their surveillance system. In Dagens Nyheter, TeliaSonera replies (roughly translated):

Telephone operators are thus obliged to give [access to the network traffic] to the authorities – also in Sweden, where the police is intercepting phone calls every day, the parliament has decided that phone and data traffic should be retained and the FRA has access to all data that passes our borders.

In one sense, TeliaSonera is completely right. There is nothing strange to this thing called government surveillance. We do it legally over here in Sweden and it is enacted by democratically elected governments. EU-wide data retention and signal intelligence interception is part of everyday life. These laws and regulations do not differ very much from those of non-democratic states. The Bluecoat equipment in Syria does nothing more than the average data retention in Europe. The police in Azerbaijan basically has the same legal framework as the Swedish police. However, even though TeliaSonera is right in showing that Sweden is hypocritical, they are cowardly claiming that they have no responsibility. Only because surveillance is legal everywhere doesn’t make it right.

And still, we say that these ”bad” states need more net freedom.

However, legal frameworks are often over-estimated in how they rule the world. A common misconception is that everything went crazy after 9/11. The story goes: In the fear of terrorism, EU and the US passed a different legislations that made surveillance more legal and human rights were increasingly being violated by the western world themselves.

This can in fact be easily falsified. A story most widely covered in Germany, concerns Siemens selling surveillance systems to Syria in the year of 1999 and then continued to sign more agreements in 2005 and 2008. A leaked invitation to bid dated August 1999 reveals the story of how the internet came with built-in government surveillance in Syria more or less from the beginning.

Before the deal with Siemens, the Syrian network was very small. According to the description of the current infrastructure found in the document, the capacity for e-mail was merely 5000 users.

Besides the retro-sounding paragraph 8 specifying Y2K compliance (p. 34), the invitation to bid specifies specific surveillance possibilities. For example, it says that ”[filters] should not cause any delay or bottleneck while maintaining the possibility to check every packet (9)”. Moreover, the section called ”Monitoring system” explains the needs of the Syrian government to pursue ”law enforcement”. So, the Syrian government requests:

In addition to the above mentioned minimum requirements, the bidder should describe in details the possibilities to detect, intercept, and block the exchange of encrypted data, along with all other possible monitoring features and applications. (p. 21)

It is the year of 1999 and the IT-boom is about to explode. Syria makes a request – western companies deliver. We don’t need a Patriot Act for that to happen. The 90’s were never a wild frontier for anarcho-liberal experimentation. The surveillance systems were built long before we would even dream of an arab spring or a data retention directive.

Siemens keep up their sales in Iran and Bahrain. To these states we want to export ”net freedom”. In fact, all we have exported so far are the technologies of mass surveillance.


Ni har väl inte glömt att skriva in Hacknight 3, 6-7 Augusti, i kalendrarna? Inbjudan och call for papers ligger redan ute.

Förra året medverkade jag genom att presentera Telecomix olika kryptoprojekt, och Raccoon gick in på detaljerna. Sen satt jag hela natten med hackarvänner och reverse-enginerade en Fonera-router. (dagen efter var jag så trött att jag glömde vilket lösenord vi satte, men det gör inget, det lyckades ju).

Året dessförinnan, dvs. ”Summer of Datalove, E01”, så besökte jag även den första iterationen av hacknight.

Forskningsavdelningen har haft lite bekymmer med folk som tror att modem är farliga. Dessutom nämns ”Forsken” i boken Svenska Hackare. Så, vill man se lite hackarhistoria när den skrivs, så är det bara att komma!

Alltså, jag uppmanar vem som helst att komma och delta. Man behöver inte kunna mer än 9000 tekniska ord, och har man Windows på datan så är allt förlåtet. Dessutom har Forskningsavdelningen ett nytt spejs i år som jag är mycket sugen på att se. Bli gästforskare för en natt. Nätter med hack, då kan allt hända!

Vi syns!

The Swiss connection

Ovan visas ett klipp om Telecomix som sänds på Schweizisk teve och i den globala kanalen TV5. Roligt är att Göteborg är epicentrum för en rörelse, i meningen saker som rör sig på internet, som sedan växte och muterade bortom kontroll. Jag, lillmacho och monki medverkar och det hela filmades på den alltid lika trevliga Gnutiken / Café Zeppelin.

Imorgon ca 08:15 pratar jag mer om Telecomix på P1.

På lördag medverkar jag och fo0, en fransk Telecomixinternaut, på Reportrar utan Gränsers journalistworkshop i Géneve. Workshopen är på både franska och engelska och gratis för journalister. Vi går igenom hur man tar sig runt censur, blockeringar och undviker övervakning och kan fortsätta rapportera inifrån ockuperade datornätverk. Det hela borde vara standardutbildning på journalisthögskolor. Så om svenska journalister är sugna, åk till Géneve. Eller så finns kunskaperna hos hackers runt hörnet 🙂

För er som har Linuxg33kst4tions och inte vill infektera era datorer med skadlig flashkod har jag laggt upp en .ogv här.


På videon ovan (se de övriga delarna hos Northern Lights TV) visas kanske den första presentationen i Sverige av konceptdatorn ”Svartkast”. Presentationen av Raccoon är mycket utförlig och väl framförd. (Det dåliga ljudet försvinner efter nån minut).

Ett svartkast är en dator som lämnas i den urbana infrastrukturen och som kopplar upp sig mot internäten, för att därefter bidra till ett eller flera darknet. Ett darknet blir ju som bekant både snabbare och säkrare genom att man skickar mer trafik genom dem. På ett svartkast kan man sedan skapa hemsidor, irc-servrar och allt annat som kan pressas genom svartnätet, och förutom den kryptografiska anonymiseringen uppstår även en fysisk anonymisering av själva hårdvaran.

Ett svartkast kan även fjärrstyras anonymt eftersom man kan köra ssh över både Tor och I2P. Särskilt värdefulla är svartkast i regimer där man censurerar internet, och kanske till och med försöker blockera anoymiseringstjänster. Då kan svartkastet fungera som en relästation som tar internauterna upp på de svarta snårstigarna istället för de farliga digitala motorvägarna.

Läs mer om konceptet hos Telecomix Crypto Munitions Bureau.

Finns då svartkasten realiserade i det urbana syntaxet och inte bara i labbmiljö? Kanske, kanske inte. Hela poängen är ju att vi inte ska veta. Men en kort notis i SvD vittnar om en ”mystisk extern dator på högskola” med krypterade diskar:

– Vi har ingen ägare och ingen misstanke, säger förvaltningschefen Ann Cederberg till Kristianstadsbladet. Hon funderar på att lämna in datorn som hittegods – för att eventuellt få tillbaka den efter tre månader.

Om det rör sig om ett svartkast kommer nog ingen att anmäla ägarskapet 🙂

Jumpstyle and Cipherstep

The above video shows a jumpstyle dance event in my local town of Gothenburg that took place in July this year. Not only does the dance look like a lot of fun, it also has some interesting resemblances to the cipherstep dance moves of the darknets. Let me explain!

Jumpstyle dance seems to follow protocols of hopping. There are simple instructions for how to jump in different configurations, and the jumping (or rather in German ”jumpen”) can then be moved across the locations of the city with ease. For example, in the Gothenburg case, which claims to be the ”first Swedish jumpstyle meetup”, we see clips from the main shopping mall Nordstan, the old harbour of Röda Sten, the park Slottskogen and the city centre of Brunnsparken. Jumpstyle utilizes portable soundsystems, and seems to be on the move, occupying the city by tactical maneouvres.

The basic protocol is described by Wikipedia as:

* The dance can be started with two small jumps that match the beat or stomping the left foot twice, to the beat.

* The dancer places his right foot to the front, and his left foot to the back.

* The dancer’s feet then switch positions.

* The dancer kicks his right leg forward twice. His foot would be at the same height as his knee.

* The dancer would then kick his left leg.

* The dancer then swings his left leg backwards. Similar to the original step, the foot would be level with the knee.

* The left leg would be put on the ground, behind the dancer.

* The dancer then swings his right leg back, knee level, to prepare for the initial first step.

* The dancer would repeat this.

There are also plenty of video tutorials showing five basic steps. A good advice is to remove sensitive furniture from you apartment before trying this at home.

Now, lets take a look at the so called tunnel hops of your advanced darknet software, which very much resembles the protocol of jumpstyle:

The image shows the settings for an i2p-tunnel. A ciphertunnel. This particular one leads from my computer to the irc.telecomix.i2p chat server. To go there the dark way, I have to jump. First my computer needs to execute a protocol-based encryption algorithm, then it forms a vector. Since there is no way of telling where the chat server is located physically, this is the strength of the darknets, it has to hop until it gets received by the inbound tunnel. So, it is like the video below, first you hop forwards, then backwards.

My data jumps two steps in the direction of the chat server, then I turn backwards and the server will take over my feet. I do not know how many more steps I have, because beyond this point I am not the one in charge anymore. Gently the destination tells me how to hop while looking back. And there I land. My little packets of encrypted data reach the destination, only to be pushed back towards me. I don’t know where the server is, and I do not want to know. The server does not know where I am. We only dance because we share little secret keys!

This particular video begins with three dancers following a basic protocol in the first instance, then hopping to a new destination, where inbound hops secures a new location, another territory:

As well as in the jumpstyle dance you may make random variations in your cryptographic router. Difference creates strength. The hops may be varied, made longer or shorter, multiple or singular. You go random paths along the intertubes. This makes the dark networks near-invisible when tunneled inside the vanilla internet. Jumpstyle, however, has a different purpose, aiming for visibility in the boring European streets, disrupting the everyday robot-like behaviour of humans on their way to work, or whatever.

To jump the networks solves the problem of burrowing paranoia. Nothing catches you in flight, your ciphers are constantly on the move. You do not ever stop dancing the cipherstep.

As far as the whole of networks go, we can never see it from above. Your vision is the vision of your position. The router is a large scale hub, mine looks like this:

Three hundred peers constantly push traffic through my node. They are caught in flight, only to put one foot in my apartment, then jumping to the next router in the network. They only stay for milliseconds, except for those who actually have me as their destination. These ones are able to safely fetch data off my computer. Maybe I run a web server, a chat server or I send encrypted e-mails. Nobody knows, and nobody should know.

So, lets do it like Scooter does. We jump all over the world, in the streets and in the interconnected tubes of the internet. It’s a lot of fun, I can promise!

IRC over Tor hidden services: client/server tutorial

Last thursday I set up access to one of the Telecomix chat servers via the Tor hidden services. Since I tend to forget stuff very easily, I’ll just scribble down here how I did it.

So, the server which I’m running one out of several IRC-servers on is called solarworks and is on the picture above. It is an old sparc-machine, which means that the version of the Tor software is a bit outdated.

Anyways, Tor is in the standard repositories of Debian Linux, so just do an apt-get install tor tor-geoipdb and it is up and running. On other distributions and operating systems, install is almost as easy. See Tor Project.

Then you want to create a hidden service inside the Tor darknet and make it point to the irc servers. As root, edit the /etc/tor/torrc file. Under the section for location-hidden services you add:

HiddenServiceDir /var/lib/tor/hidden_service/

HiddenServicePort 6667

What you did here was basically to specify one directory (the default one) where the private encryption keys go, then you tell the tunnel to go from port 6667 (default irc) to your local machine on port 6667 (where my IRC-server is listening). A hidden service never leaves the encrypted network, so you don’t actually need SSL. But, it works fine with an SSL enabled port as well (double encryption is double fun).

Then you save and restart Tor with /etc/init.d/tor restart and browse over to /var/lib/tor/hidden_service and run cat on the file hostname.

root@solarworks:/var/lib/tor/hidden_service# cat hostname

hsctwsqfsl7ejbh7.onion* weoq7a4exzcyaasj.onion

There you have the .onion address for the tunnel! Now, other Tor users can go straight to my IRC-server without ever leaving the darknet (thus without exposing oneself to an exit node on vanilla internet). It works similar as the ”local destinations” in the i2p darknet, which of course Telecomix also supports.

Client configuration

As a client you will also need to create a ”client tunnel”. This is equally easy. On the client machine, edit /etc/tor/torrc and under location-hidden services you just add something like:

mapaddress weoq7a4exzcyaasj.onion

This instructs the client machine to connect to the .onion destination via a randomly selected IP-number (choosing is a good way of avoiding conflicts with home routers, which usually use 192.168.x.x-series).

Restart Tor, and then you are done. Just torify you IRC-client of choice, for example torify irssi or torify pidgin and have them connect to an IRC-server on on port 6667, and you will end up on the solarworks machine of the Telecomix network. Once in a channel, you will appear to be coming from localhost, since the tunnel leads from your machine to my machine. Encrypted all the way, and made anonymous through the onion routing of Tor.

Pretty smooth, I would say!

Footnote: Since the time of publication of this post I moved everything to a new server and thus had to create a new hidden service (I’m sure you can export the keys if necessary though). This is why the .onion address has been updated to weoq7a4exzcyaasj.onion (with SSL on 6697). See for a list of servers in the TCX network.

Ett brev till journalistkåren

Kjell Häglund skriver en mycket intressant och på många sätt drabbande krönika om hur journalistiken påverkats av den senaste tidens övervakningslagar.

Vad gick snett egentligen? Varför kan inte ens SVT utlova källskydd längre eftersom all kommunikation är på väg att tvångsdatalagras? Varför ges instruktioner om att man ska smyga till internetcaféer och undvika kameror om man vill prata med en journalist?

En annan fråga, som är mera ödesmättad, är varför journalistkåren inte försvarade sig själva när det fortfarande fanns tid. För länge sedan, när FRA-lagen skulle omröstas i riksdagen, skrev jag att meddelarskyddet just avskaffades. Vad sade journalistkåren? Ingenting.

Men, nu finns det ju ingen anledning att vältra sig i en vad-vare-vi-sa-attityd. Sånt är för sorgliga rättshaverister!

Istället gäller det att bygga om det som gått fel, och då kan jag ge några tips.

För det första bör journalistkåren sluta vara objektiv. Det här handlar om dess viktigaste funktion, att granska makten och att skydda sina informanter. Man kan inte ge ”båda sidor” när det handlar om självförsvar. Jag vet att detta bryter mot olika dogmer som man får lära sig på journalisthögskolor, men låt istället Nepotia hosta upp med cash för att ge andra sidan. Det är inte er uppgift!

Men viktigare är den råa kryptografiska kraften! Anledningen till att man hellre läcker till Wikileaks än till en nyhetsredaktion i Sverige är att Wikileaks kan garantera anonymitet. Det kan inte längre en tidningsredaktion trots att man har lagen på sin sida. I’m sorry, men er teknik är kass!

Detta går att fixa. Låt mig beskriva ett teknologisk scenario. Vi tar som exempel.

Bygg helt enkelt Här har ni en självsignerad https-server som är inställd på att inte spara några loggar. Certifikatets fingerprint trycker ni i pappersupplagan av Dagens Nyheter. Då kan man själv verifiera att anslutningen är säker, och man sänder även en signal till de som vill övervaka och inskränka i meddelarskyddet att här har vi tagit till en drastisk metod. Denna säkra sida kan sedan funger som en ”drop box” för nyhetstips och uppladdning av dokument. Användarnas innehållsdata är skyddade av kryptering ända fram till webservern, och genom att uppmuntra dem att använda Tor eller en anonym VPN-tjänst kan de även kringgå datalagringsdirektivets trafikdatainsamling.

Vidare går alla journalister utbildning i GPG, OTR, och kanske även Tor. Med dessa teknologier redo att användas, blir det mycket enklare att upprätta säkra förbindelser under FRAdarn. Använd endast öppen mjukvara och signera certifikaten själva. Det innebär lite arbete, men det är värt varje minut när det väl sedan fungerar.

Liu Xiaobo lärde sig att tunnla ut ur Kina. Varje dag stöter jag på människor offline och online i Europa som gör samma sak. Kunskaper om datorsäkerhet och kryptografi är oerhört viktiga just nu, och därför är det allt mera bråttom att kunskaperna sprids på en bred front. Här kan journalistiken verkligen hjälpa till.

Nätaktivisterna hjälper gärna till. Mejla mig eller gå till Telecomix så ordnar vi gratiskurser i kryptografi. Vi har next level chiffer, ni har ett skadeskjutet meddelarskydd. Lägger man ihop dem så blir det dock väldigt kraftfullt!


This weekend I attended the FSCONS, and as usual it was a great experience. The conference is very informal and friendly, and there is plenty of time to talk to people from all over about projects and future collaborations. Many thanks to the organizers, once again!

One such event was a spontaneous I2P workshop organized by me and jaywalk, where we especially invited Erinn Clark and Linus Nordberg from the Tor Project. The Tor and I2P darknets share many similarities, so the point of the seminar was to exchange ideas and concepts. They are also quite different, both in usage, purpose and code.

It is a good thing that there are two awesome darknets around. We need more of them though, and more users, developers, reviewers etc. The Telecomix Crypto Munitions Bureau is devoted to promoting the use of all good ciphers, and hopefully we will organize a really next level Ciphernetics Assembly next year. Stay tuned to Telecomix for updates.

I didn’t take many pictures. Was too busy talking, I guess :). But here are a few:

Kyrah from MetaLab hackerspace talking about Arduino and art-projects:

IMMI workshop etherpad session:

Smári McCarthy talking about IMMI:

A next level 3D-printer:

See you all next year!

Hannah Montana Linux

So what to do on a rainy autumn sunday? This is a question of great existential importance. So I was up in the Telecomix main channel when someone just dropped a link to the coolest Linux distro evar. Behold of Hannah Montana Linux!

A while ago I was fed up with proprietary operating systems that were designed for ”consumers”. I was a Mac user that ragequitted the race towards an iTuneification of my iLife, and I landed safely in the warm hands of Ubuntu Linux. Now I can’t even imagine why people insist on using really obsolete systems like Windows and Mac OS. The world of openness is so much more flexible, and you don’t feel like a consumer anymore, but as a participant i a technological evolution!

When I go out and talk about internet politics, I have found myself presupposing that everyone is running Linux. This is of course not true. But I keep saying ”Yes, this and this is really simple. You can just install it with Aptitude and you are up and running in no time”. And then nobody gets my point…

Many people think that you need to be a super advanced computer hacker to run Linux. And that all Linux systems have really ugly interfaces that look like computer terminals from the 1980s. This is not true. I could try to convince you using words, but why argue when I can show it to you instead!

Teh RLY simple tutorial

1. So first you go to the download page. Then you grab the installer file just like you grab the latest telesync movie off the Pirate Bay, with any bittorrent client.

2. Burn it to a CD using any application that is able to burn boot images. Insert it to your computer, and make sure that it is set to boot from the CD-drive before the actual hard drive. Hannah Montana runs both as a Live-CD, which lets you try it out before installing, and an actual installer. Just trying it will not break anything!

3. First image. It is totally zef! Here you can choose either just to try it or install it. I selected install.

4. Just click your language of choice.

5. Select the location of your meatspace body!

6. This one is really important to get right. My keyboard layout is Swedish.

7. Looks frightening, but if you are sick of your existing operating system, just let Hannah Montana use all of the hard drive.

8. Difficult question. Who am I? Several, but Hannah Montana wants you to select one identity. Don’t worry, you can add thousands of more users later on.

9. Are you ready? I am!

10. Success! After a reboot this is your login screen.

11. Up and running. Connecting to IRC with the pre-installed client Quassel.

12. Two seconds away from the future!

13. Joining #telekompaketet where some awesome friends hang out!

14. You can add tons of cool software with the built in package manager. No need to chase around tons of websites and crack proprietary softwares anymore. Just add the real stuff, free as in freedom!

Usually I recommend using Ubuntu Linux or Debian, because those are large standard distributions. If you need to know anything, you just google it and someone else has already done it. But for more lulz, you might as well try out Hannah Montana!

Update: Hannah Montana appears to be a TV show… LOL