Archive for the ‘Uncategorized’ Category

Uncle Dane wants YOU!

Wednesday, August 20th, 2014

You may have heard about Danish and Swedish agents interrogating possible witnesses as preparation for the trial against anakata in September.

Here’s the sweet deal they have to offer (tl;dr: free transportation, DKK 20/h, tourist class hotel room):

You are hereby summoned to meet in:

Th Court at Frederiksberg, Howitzvej 32, 2000 Frederiksberg, Court 001,

Please se attached letter.

Please confirm receipt and do not hesitate to contact me if you have questions.

Med venlig hilsen

Jens Jørgensen

Kriminalassistent

Efterforskningsenheden

Afdelingen for personfarlig kriminalitet

Særlige sager, sektion II

Postadresse: Politigården, 1567 København V.

Besøgsadresse: Teglholms Alle 1-3, 2450 København SV

You are hereby summoned to meet in

The court at Frederiksberg, Howitzvej 32, 2000 Frederiksberg, Court 001

You shall in court give statement as a witness in the case against Per Gottfrid Svartholm Warg and JT, regarding the period from 13th of February 2012 to the 30th of August 2012, to have gained access to a society important information system belonging to CSC Danmark A/S, containing a large quantity of data, including personal information belonging to private and public companies.

As witness you have the right to get your transportation expenses to and from Denmark reimbursed. If it is necessary, you will free of all charge, be provided with a hotel room – tourist class – during the stay in Denmark. You also have a right to witness compensation of DKK 40, for every started period of 2 hours you are away from home or work, because you have to meet in court.

If you declare you understand and accept to show in court, you are asked to address yourself to the Copenhagen Police, Public Prosecutor’s Department of Violent Crime at * or email [email protected], where you will receive further information about pay-out of witness compensation and so on. Witness compensation will be paid when you meet in court, but by addressing Copenhagen Police you can have an airplane ticket send. The police will also see to any, if necesary, hotel reservation. In case you are prevented to show, you are asked to give information hereof to Copenhagen Police, Public Prosecutor’s Department of Violent Crime at * or email [email protected]

In case the fixed witness compensation does not cover the costs or loss, e.g. of regular income you have by appearing in court, the court can give you an increased witness compensation. You should give notice of this before you appear, and you should in that case be able to document the loss, e.g. by statement from employer.

Please bring this Witness Summon to court with you.

SÄPO doesn’t have time for virus scans

Sunday, June 8th, 2014

Earlier this week Torrentfreak reported that the Danish police investigating anakata for hacking charges had discovered that the analyzed computer had been hacked and infected by malware. Kristina Svartholm reported that the computer had been infected by more than 500 trojans.

Let’s rewind the tape from Denmark to Sweden, where the same computer (seizure 2012-0201-BG25023-26) was used as evidence against anakata. My translated version of the Swedish Security Service’s investigation of remote control possibilities can be downloaded from here. I also wrote a short paper in response to the investigation report which can be read here (tl;dr version available here).

The 12 SLOC Python example that I wrote and included in the paper played an important role in having all intrusion and fraud charges regarding the Nordea bank dropped. In the paper I also called the investigators biased for working with the assumption that computers can only be remotely controlled in legit ways, such as PowerShell and Remote Desktop mentioned by anakata as technical possibilities in hearings.

The Swedish Appeal court agreed with the points that I made and Jacob Applebaum pointed out in his witness testimony: remote control could not be excluded, hence the SÄPO investigation written by Jesper Blomström fell. Anakata was however sentenced for intrusions dated 2011 as it was considered “unlikely” that it would have been hacked since 2011 without notice.

A very important point to raise here is the fact that Jesper Blomström was the same person who made the discoveries of sensitive data originating from Denmark on the computer in question. He was also the one who rang to Denmark with his revelations. What Jesper found on the laptop and his investigation was the entire basis for extraditing Gottfrid from Sweden to face similar charges with evidence originating from the same harddrive as the court in Sweden had already ruled may have been remotely controlled.

Let’s revisit the court hearing with Jesper:

“I also think that it’s important to read the introduction of the PM when reading the conclusions, because we were given a task from the Stockholm County Police department that the computer had been remotely controlled first through one way that we investigated and then another that we controlled, so that you have that in the back of your head when you read the PM.”

“It’s when we write that we don’t see any programs that have been used for remotely controlling the computer. Based on the given task and the circumstances then in those frames we don’t see any traces.”

“It can be worth adding that we haven’t looked at every every file in every computer, because it’s like a giant haystack with enormous, thousands, of files in various ways. And then we would need to go through each individual program: is it this one that has remotely controlled, is it this, is it this, and that whole part. There hasn’t been any investigation like that on the computer because there is simply not enough time.”

The Swedish Security Service didn’t have time to do an antivirus scan on the computer and since the Stockholm County Police department didn’t specify it in their request nobody in Sweden appears to have scanned the computer for viruses.

This is outrageous on every level possible. Gottfrid was sentenced to jail in Sweden because the police didn’t have time to find anything that may have been in his favor. Guilty until proven innocent, eh?

This entire fiasco could have been avoided if Sweden had replaced the so called IT Security Specialists involved in the investigation with any ten year old from the street who learned Norton at Christmas family dinner, because obviously the computer was infected and obviously it was discovered as soon as somebody ran a virus scan.

Why I won’t work for Google

Saturday, May 3rd, 2014

Hi Niklas,

Patrick here from Google.

I looked over your Github and LinkedIn profiles, and personal site (having found the panic_bcast project), and was keen to get in touch regarding a number of Engineering positions here at Google.

Your Open Source contributions and projects, Systems/Networking experience and development background looked relevant to what some of the engineers here are doing, but I wanted to touch base with you first to understand a bit more about your work.

If your schedule permits it, would you be open to a conversation next week?

The positions I had wanted to share with you are part of a mission-critical team that combines software development, networking and systems engineering expertise to build and run large scale, massively distributed, fault-tolerant software systems and infrastructure.

Thanks for your time and have a good weekend.

Best regards,
Patrick

Hi Patrick,

Thank you for reaching out to me and complimenting me on the panic_bcast project, it is always flattering being recognized by entities greater than oneself.

Before properly answering your question I would like to give you some background about myself and my relation to Google.

As a kid growing up Google would always be the most interesting employee one working in the technical industry could possibly imagine. Google would flex very playfully in line with its “Don’t do evil” agenda. I grew up as a very ideologically and principle driven individual, but foremost I was curios by nature. As a kid interested in information security and computers in general I quickly began exploring code by breaking it and systems by breaking into them driven by the force that information wanted to be free.

My father found out quickly and we had a long chat about life’s importance. He told me not to be wreckless because the future would consist of tyranny and powerless people. He told me that in the future the world’s power structures would depend much on what I would today categorize as cypherpunks and hackers.

I feel that the future that my father explained to me as a kid is today’s present. Google says “Don’t do evil” on one hand, but on another hand Google also reads the contents of its users’ emails and tracks their behavior on the Internet – two things which I would characterise as directly evil. Google reads the emails that my mother is writing and tracking what my friends are buying. For advertisement purposes, Google says, and we only discovered the true consequences later when Edward Snowden blew the whistle.

It turned out that Google had been helping American and European intelligence agencies illegally wiretap their own citizens. “We tried to fight back, we tried not to be evil!”, Google responds, but we never saw Google shut down its service in protest like Lavabit. We never saw Google fight back for the best of its users, which consists of a great majority of the world’s population. We saw Google justify its data inspection by saying that it was great for advertisement models.

We learned that Google is in fact doing very evil things to the majority of the world’s population. We learned that Google tends to sport the two edged sword. We learned that Google’s “open source as much as possible” policy only applies as long as they don’t disrupt existing flows of cash.

We witnessed Google sending cease and desist letters to the developers and maintainers of the popular Android CyanogenMod for violating some patents by modifying open source elements of an open source licensed project.

We learned that Google’s friendliness is a marketing scheme. We learned that Google is not what we thought it would be, that it is not fighting for what’s best for humanity but for what’s best for its own dollar.

I am different from Google in this sense. My principles are not compatible with those that Google is displaying and has displayed throughout history.

Due to my principles I would much rather delete all data Google has collected about its users which consists of myself, my family, my friends, my co-workers and everybody that they know that connects to and uses popular services on the public Internet. I would not be able to sleep at night knowing that I worked for a company which was directly threatening and targeting the people that I love.

I would never be able to develop the tyrannical tools required to keep the Google wheels spinning. I am on the opposite side of the spectra. The project which you acknowledged, panic_bcast, I wrote to make it harder for law enforcement officers to gather evidence on political activists through cold boot attacks. Other projects I am mainly involved in because I believe in a free unregulated stream of information on the public Internet.

I am one of those lucky individuals who can afford to work only on projects which I choose, and I choose to only involve myself in projects that I believe contribute something positive to the planet’s population. Google is not very high on that list, therefor I must respectfully decline your job offer.

“Gentlemen do not read each other’s mail.” – Henry L. Stimson

I wish you good luck on your quest to find the right candidate.

Regards,

Niklas

Life.

Saturday, December 28th, 2013

Your consciousness spawns as a result of an imaginary nothing. You’re forced into an imaginary eternal maze purposefully filled with stress and anxiety.

Welcome to life: a game where players in your shoes have lost touch with nature and become mindless drones chasing fantasies of materialistic possessions backed by imaginary values, thus judging you thereafter – rather than character. On our deathbeds we’ll proudly tell the stories about all the megapixels we had, for that is what is most important.

Forget questioning, we’ll turn you into an outcast and stack the odds against you like Blackjack. We’ll guide you into temptation only to benefit from punishing you. We’ll call you sick, twisted and insane after paving the road and having established the pillars on which we built you.

Change, yes we can, everything except our opinions and habits, how else could we function? You can vote for the Pepsi or the Coke party, you see, we’re giving you a fair choice here. Like Henry Ford said it: you can have a car painted any color so long as it’s black. Did you wish to say something? Oh, sorry, we’ve run out of air time.

Swedish little piggy wants to shop invisibly

Friday, December 20th, 2013

Eight days ago I wrote about the mysterious events in Swedish aid donations to Cambodia in relation to anakata’s arrest year 2012, revealing that 2012 hit a peak with a ~$9,5 million increase which later dropped in 2013.

As usual the post was read by officials working for the Swedish government. More specifically the Swedish Defence Research Agency read the article at 2013-12-16 09:14:22 AM, at 09:15:19 AM they clicked the Creeper icon in the menu to the right (and discovered that their surfing habits were being publicly recorded) and at 09:15:51 AM they read about anakata’s uncontrollable computer:

qnrq.se *   2013-12-16 09:15:51 – FOI, Totalförsvarets forskningsinstitut
gnuheter.com *  2013-12-16 09:15:19 – FOI, Totalförsvarets forskningsinstitut
qnrq.se *   2013-12-16 09:14:22 – FOI, Totalförsvarets forskningsinstitut

Today I can reveal that between 16th and 20th December the Swedish aid to Cambodia was mysteriously modified to, instead of listing $26,400,000 like it did eight days ago, display the total sum for 2013 as $36,400,000.

Between today and four days ago, when the reveleation was read by the Swedish Defence Research Agency, the aid sum was bumped on OpenAid.se with an exact $10 million. There is currently no further explanation for where the extra $10 million has come from, but it is incredibly close to the estimated price for extracting anakata from Cambodia.

Was the extra $10 million actually spent or only added to the published statistics to make it look like a more natural development than the way it looks when the aid increases with 32.15% in 2012 only to drop again by 30.22% in 2013? Has Sweden purchased another hacker for extraction?

Either way: It’s very hard to escape the tinfoil style fashion speculation that this is a pure cover-up.

Swedish little piggy went to the market

Thursday, December 12th, 2013

In 2012, after anakata’s arrest in Cambodia, suspicions rose that Sweden might have paid for his arrest through an increase in its annual aid package. The reasons being that only four days later Ambassadors signed a deal granting an all time high donation.

Anders Jörle, Swedish Ministry for Foreign Affairs spokesperson, was quoted in Swedish press calling the speculations about the oddly timed increase “ridicilously far-fetched”, but publicly released numbers show that perhaps money trail speculations were not that far from the truth.

What the published statistics show is that one of the highest donations occurred in 1997, at the time when Hun Sen rose to power through a military coup. 1997 was the year when the currently serving government rose to power through violence, not long after Pol Pot’s Khmer Rouge regime had fallen and Cambodia fell back to civil war standards. In relation to the rough times that Cambodia was facing in 1997 it is quite expected that Sweden would donate an all time high sum.

Yet, the 1997 donation is historically the 2nd largest sum donated to Cambodia by the Swedish government in form of aid. The largest donation occurred in 2012, coincidentally the same year as anakata was arrested in central Phnom Penh.

Not only was 2012 the largest total, it was also the largest modern percentage increase of 32.15% between 2011 and 2012, while the increase between 2010 and 2011 was only 6.25%. Coincidentally the total aid sum mysteriously dropped again between 2012 and 2013 by a good 30.22%.

In 2013 the same ministry, the Swedish Ministry for Foreign Affairs, released a report where they concluded that they didn’t really have any clue of how Sweden is handling aid money which is paid annually to countries considered in need of help.

The Swedish Ministry for Foreign Affairs report concluded that parts of the Swedish annual aid is handled by trainees and nobody is actually following up where the money is going.

In fact, everybody is so informed about how aid packages are received by third world countries in need that when Swedish SIDA in 2013 donated IT equipment to the Cambodian Ministry of Education Nath Bunroeun, Education Ministry Secretary of State, begged local officials not to bring it home for private use.

So, who took the ~9,400,000 paid by Sweden to extract anakata home?

Aid by year

1980 $12,300,000
1981 $8,730,000
1982 $8,340,000
1983 $5,460,000
1984 $8,460,000
1985 $3,110,000
1986 $4,449,000
1987 $1,080,000
1988 $0
1989 $5,270,000
1990 $3,580,000
1991 $3,170,000
1992 $19,200,000
1993 $10,100,000
1994 $5,670,000
1995 $3,970,000
1996 $14,300,000
1997 $30,400,000
1998 $14,200,000
1999 $7,550,000
2000 $16,800,000
2001 $16,900,000
2002 $14,500,000
2003 $18,700,000
2004 $22,500,000
2005 $14,400,000
2006 $17,200,000
2007 $17,900,000
2008 $16,100,000
2009 $23,900,000
2010 $24,000,000
2011 $28,300,000
2012 $35,800,000
2013 $26,400,000

Fending off attacks

Tuesday, June 18th, 2013

Dear readers,

As you may or may not have noticed, qnrq.se was inaccessible between Friday the 14th until Monday the 17th. The site was totally unavailable for 65 hours due to a powerful DDoS attack that knocked out my host’s cluster on which the site resides (195.74.38.18). Downtime doesn’t affect me as a publisher: there is nothing here that is not backed up and I don’t intend to financially gain from the visitors of this site. Instead, it affects you as a reader. It affects your ability to access the information that is being spread through this domain. This is a serious attack on your right to access information freely. Therefor I would like to address how this situation will be handled to ensure that you can, at bare minimum, always access the content that I provide.

There are no restrictions that prevent search engines and other crawlers from accessing content published on this site. If it goes down you can always view the content through, for example, Google’s cache or the Internet Archive. I have also installed and configured Cloudflare, which caches and delivers content through their CDN even when the site is inaccessible. Please keep in mind that Cloudflare is an American company which by law has to co-operate with the NSA and similar organizations. If you wish to hide your activities on this site from such organizations then please use an anonymization service like IPredator or Tor.

Cloudflare is the first non-Swedish service which is involved in delivering content on this site since I first put it online nearly two years ago. There are no Google Analytics or similar foreign tracking you here. My host, Binero, is a Swedish company with their servers placed in Sweden. The Flattr buttons you see all over the site are served by a Swedish company with servers in Sweden. The Creeper icon in the menu on the right side is served by a Swedish server run by a group of Swedish open source fanatics. The top domain? Swedish. You get the point.

Limiting the site to be served from within the Swedish borders has always been a conscious decision. Originally publications were mostly limited to Sweden and I didn’t want my visitors’ data to be sent to a lot of fishy people I have no idea of who they are. Later the site grew in popularity and I now have almost as many international visitors as I have Swedish.

I have to both fend off attacks and ensure acceptable performance. The site is being run with a very limited budget and implementing Cloudflare seems to be the best alternative from a both financial and performance perspective. Introducing an American company into the chain isn’t exactly my dream scenario but the availability is important for me. Unfortunately this creates a conflict with users that care about their privacy, especially around America.

I hope to satisfy both the performance parts and privacy parts in different means. I have stuck to the same host, Binero, for many years now, but the way that they handled the recent DDoS is entirely unacceptable to me. I am not going to deal with a host that requires me to contact them to move my site to a cluster which is not affected by the attack by pure principle (“because it causes downtime for the already DDoSed customers”, they claimed). My attitude is that if I am paying somebody to deliver me a service then I expect them to do everything in their power to ensure that the service is delivered and not require me to walk extra miles for them and then waiting for three days for their support to react. With those conditions I would much rather have as much as possible in my control, and that’s the next phase.

I am breaking up with Binero and moving the site to a dedicated Swedish VPS. For security and other considerations I will abandon PHP on the new host and serve WordPress generated pages statically. Everything will remain the same for you as a reader in terms of accessing and reading. The positive thing is that I won’t have to deal with intrusion attempts directed at PHP and WordPress and also Cloudflare will be configured to cache the static pages so that you can access them even when my host goes offline. The negative part is that you will no longer be able to leave comments on the site, but that may be fixed sometime in the future. When the site has been migrated to the new host it will also be available through HTTPS.

I believe that this is the best solution available, please let me know if you feel otherwise by commenting on this post.

Cheers, stay critical.

The extradition (Morgan part 7)

Monday, June 17th, 2013

Nacka District Court has granted prosecutor Henrik Olin permissions to extradite Anakata to Denmark in accordance with the Danish order for arrest. Anakata will remain in solitary confinement until the extradition is executed. Whether Anakata is allowed contacting the outside world is up to the prosecutor, Henrik Olin, in the Swedish hacking and fraud charges.

Extradition can be executed by earliest 25th June, given that the District Court finalizes the judgement on time. Prosecutor Henrik Olin decides in co-operation with the Danish authorities when the extradition shall be executed. The District Court’s decision can be appealed to the Swedish Court of Appeal.

Morgan the Trial (part 6)

Saturday, June 1st, 2013

Below is the translated transcription of the hearing with GSW regarding charges related to intrusions in the Nordea Bank. Original Swedish recording can be downloaded here.

Dag 5, 2013-05-31
11:00 Förhör med tilltalad GSW (åp 5-13)

OLIN: Thank you. I think Ola Salomonsson has already answered some of my questions, but I thought I would ask you to make some comments. Perhaps you would first like to say something in general about these charges.
GSW: Yes, well… I don’t know what more to say than that I don’t have anything to do with it.
OLIN: Then I would like to ask a little about… first the harddrive, point 2. On it there are traces of all kinds of datasets from Nordea, do you have any comments on that?
GSW: I’m not denying that they are there, I’m denying that I have put them there.
OLIN: Yes. And you heard my statement about these 14 different IP addresses that were relevant and the 13 direct occurrence and 14 indirect occurrences in the MacBook, point 26. A big portion of them was from the ISP Cogetel, which perhaps is a big provider in Cambodia or?
GSW: I actually don’t know that.
OLIN: No. You said earlier that you had used that ISP?
GSW: Yes exactly.
OLIN: And yes… Perhaps it’s not so easy, but do you recognize any of these IP addresses?
GSW: No. I can say that I recognize that they are from Cogetel based on the numbers they are starting with but… I don’t recognize them otherwise.
OLIN: This other Cambodian ISP, what was the name again… Maybe you know that better than I? Citylink and Digi, do you recog–
GSW: No, it’s nothing I recognize. I may have heard the names but I haven’t been a customer of them.
OLIN: Malmö Borgarskola, (inaudible) group, nothing you–
GSW: Never heard of them.
OLIN: No familiar names at all?
GSW: No.
OLIN: Returning to this Mysec content that we discussed in previous hearings. In the Mysec content, if I can express myself like that… The files connected to Mysec in your computer, there are 4 of these IP addresses that are connected to the intrusion against Nordea.
GSW: Which page?
OLIN: Oh no… Perhaps I am wrong a little bit I’m realizing, these IP addresses…
?: Which page?
OLIN: I am on page 130. Oh, okay. Sorry. I will reformulate the question. I think that you should interpret this on page 130 that after contact with Mysec and in data that they have delivered they have informed that 4 out of these 14 IP addresses connected to Cambodia have been discovered at Mysec. Do you have any comment?
GSW: I will begin by pointing out that Cogetel uses so called dynamic IP addresses, meaning the customer gets a new IP address every time he connects. So you have to look at the timestamp also.
OLIN: Yes. But you have connected to Mysec’s environment from your computer in Cambodia.
GSW: That’s correct.
OLIN: And you naturally don’t know which IP?
GSW: No.
OLIN: Especially considering they are dynamic?
GSW: Mm.
OLIN: And that your defense already answered to but I’ll ask anyway at the risk of being a bit repetitive, but regarding these transactions… these names of individuals and companies, is there anything that is familiar to you?
GSW: The first time I heard any of the names was during the interrogation on 8th March.
OLIN: The company called (inaudible)?
GSW: Never heard of it. I think on 8th March you asked about three recipients.
OLIN: During interrogations?
GSW: Exactly.
OLIN: Oh, OK. But now that you’ve heard all names you don’t have any..
GSW: No.
OLIN: No. I have no more questions, thank you.
Judge: Ola Salomonsson.
OLA: The question can seem a bit distant in relation to all these technical things… But I will begin by asking you, without going into personal things, how are you living in Cambodia during this time? How is it financially for you?
GSW: I didn’t have any financial problems. I was partially working, running a business down there.
OLA: And you had a lot of employees too?
GSW: Yes, in the previous year.
OLA: But at this time, more exactly during the summer 2012.
GSW: I was freelancing as a consultant and didn’t have any financial problems at all. I was getting money from my parents too.
OLA: Is it the same residence and same conditions as you said in earlier hearings?
GSW: Yes.
OLA: I mean with the guestroom and the computers and so forth.
GSW: Exactly.
OLA: There is no difference I think. Now… the technology isn’t so easy at least for me, but when you say that the ISP in this case had a dynamic timestamp or…
GSW: Dynamic IP address.
OLA: That’s right, dynamic IP address. What does that mean, explain a little bit.
GSW: It means that customers are assigned new IP addresses every time they connect.
OLA: OK. So that many different IP addresses are occuring…
GSW: That can both mean that one and the same computer has multiple IP addresses or that multiple computers have the same IP address. They only have it at the same time.
OLA: If we apply that on the fact that there are 14 different IP addresses here, does it have any value then?
GSW: No, not really.
OLA: No, OK. I said but perhaps it should also come from you, or perhaps that question was asked. But you didn’t recognize any of these companies…
GSW: No.
OLA: that the money has supposedly been sent to…
GSW: Nothing.
OLA: We have Iran here, now your computer might have been remotely accessed but do you have any connection there?
GSW: No, none.
OLA: Do you have any similar reflection as you had on the previous charge, a slight idea over which individual or group could be behind this?
GSW: This is closer in time so it’s easier to remember things that have happened and I have my suspicions of who could…
OLA: Is that going in the same direction as what we talked about previously?
GSW: Yes, it’s more or less the same.
OLA: More or less the same?
GSW: It’s the same.
OLA: I have thought, and of course you think a lot about this case, it’s a pretty large investigation but… I am wondering if it’s not you that is responsible for the intrusion and transactions then one can ask, and you have your suspicions, but is there anything in this material that you can point at that shows that you didn’t do it?
GSW: It’s hard to say that it’s not me except by saying that I don’t know anyone of those involved.
(OLA and GSW talking at the same time, inaudible.)
GSW: Besides that I can say that I actually had work to do and didn’t have time to sit and do these things.
OLA: Summer 2012?
GSW: Yes exactly.
OLA: Maybe it doesn’t take so long to do this but you can tell anyway, what are you doing when you are busy?
GSW: I am freelancing as a consultant doing graphical development and other…
OLA: Mm, and it was a little bit what you said earlier.
GSW: Exactly.
OLA: So to say you were active summer 2012.
GSW: Yes.
OLA: One can either way ask, since we are specifically asking about the summer 2012, even though the intrusions happened a short while before that, were you physically in Phnom Penh where the computers stood?
GSW: Yes I was.
OLA: You know that you were?
GSW: Yes.
OLA: Have you had any guests at all?
GSW: I have had many.
OLA: Even during this timeframe?
GSW: Exactly. Also people that have been living there for longer periods. I had, like I said, a pretty large apartment very centrally so people often came to the city when living somewhere else in Cambodia or were temporarily in Cambodia and lived in my apartment instead of renting a hotel room.
OLA: I asked the question to the prosecutor if the intrusions and data transfers had to be made (inaudible) is there anything in that regard that you want to inform or say?
GSW: I have nothing to do with neither the intrusions nor the data transfers so I can just generally point out that it doesn’t have to be the same person.
OLIN: One more question from my side.
JUDGE: Go ahead.
OLIN: You don’t have any obligations to prove your innocence of course, Gottfrid. But now both under this charge and the previous one you have repeated these suspicions that you have, when you’ve said one part don’t you want to say the second part and give some more information about your suspicions?
GSW: Now I will speak personally from the heart so to say. You must understand that here you come and first you talk about several years in prison. Do you know what happens to so called snitches in prison?
OLIN: It’s not my part to answer any questions right now but I understand your viewpoint.
GSW: You have to understand that I can’t expose myself to the obvious risk losing life and limb. It’s also quite large sums of money so it’s very likely that the actual offenders would go after me if I…
OLIN: So your own security is the reason why you don’t want to say anything more. I respect your answer, that’s what I wanted an answer to. Thank you.
OLA: To add on the same theme, there are even journalists that have called me, not only one but pretty many, but people are wondering a little about whether you’ve been threatened or are afraid of threats from individuals or groups, have there been any?
GSW: I haven’t received any concrete threats, no.
OLA: This with the computer world, hackers breaking into every mainframe and banks and transfer money, this can spontaneously possibly be connected to international crime and serious crime…
GSW: It’s a little bit why I brought up this with that different people can have done the hackings and transfers.
OLA: I can imagine that this is extremely organized.
GSW: Exactly.

Morgan the Trial (part 5)

Sunday, May 19th, 2013

The trial against Anakata and his alleged co-conspirators begins tomorrow and is scheduled until the 6th June. In case you’ve missed it, WikiLeaks published all related documents today. The prosecution documents, which the Swedish government declined handing out in digital format, has thus gone fully public.

The loud voices that were panicking Cambodian authorities into deporting Gottfrid aren’t echoing in the prosecution. The alleged danger was certainly hyped; a wise tactic if the goal is to withdraw somebody from another country as fast and quietly as possible, however unwise if the authorities wished to act in accordance with their own laws.

“Sweden has donated money to Cambodia since 1979, shut up with your tinfoil fashion”, says the critic. Yes, but what amounts? Published 2009 by SIDA, Sweden originally planned to donate 241 255 000 SEK to Cambodia year 2012. In 2010 Sweden donated 24 million $USD and 25.5 million $USD in year 2011. Year 2012, the year of Gottfrid’s arrest in Cambodia, the financial aid grew with, comparing to 2011, 32.15% to 33.7 million $USD. Quite a large increase considering the 6.25% increase between 2010 and 2011. The financial aid that Cambodia received from Sweden 2012 is the largest one in history.

Of course there are other parameters to take into consideration such as economical development, but when the Cambodian Interior Minister travels to Stockholm only one week after he signed Gottfrid’s deportation order then it’s quite natural to raise questions. In fact it’s so natural that even the officials of the Swedish Ministry for Foreign Affairs are being prepared to answer to those questions and the Swedish Embassy staff is pointing out that the coincidence is an “interesting detail”. Smile and wave boys, smile and wave.

A state does not simply legally deny somebody their right to an attorney and lie to and mislead those that wish such rights to be granted. According to themselves, originally the Swedish embassy and Ministry for Foreign Affairs was insecure of whether they’d be able to retrieve Gottfrid in the first place. Fully understandable, considering the fact that upon deportation the deportee has a choice of destination and also various legal rights such as access to lawyers and court processing, things that were never optional for Gottfrid. The Swedish authorities intended to act as quickly as possible in the shadows of their own biased classifications. Us mortals are told to get with the system and stop questioning or face the never-ending troublemaker labeling.

In order to raise the panic levels the government is saying that people have been harmed in these alleged intrusions. When directly asked the Swedish tax agency couldn’t estimate if it hurt anybody. The government wrote in their statements that people with protected identities were being put at risk by the leaked so called person numbers. They are entirely public in Sweden and can’t be put to much use. The same information that was allegedly stolen from Logica’s mainframes, the tax agency data, contains information that can be retrieved by calling the tax agency and asking for it.

Swedish person numbers are no secrets, they are available anywhere and the worst thing you can do with it is change somebody’s name or address, like how someone changed the name of Antipiratbyrån’s lawyer Henrik Pontén to Pirate Pontén. Actual harm and annoyance can undoubtedly be caused by using person numbers in malicious ways, but once again they are entirely public. If it is such a big problem that people can cause harm with person numbers then why doesn’t the tax agency start, hm let’s say, verifying critical things that can be done with one’s person number to begin with? These are problems that exist far outside the hacker scope.

The alleged harm is of course made up to weigh in sync with the amount of money that the affected private companies and government agencies spent on their investigations. Not actual harm caused to individual members of the society.

It’s actually about time that something like this happened. People are always boasting about how anything can be hacked but in the end of the day very few citizens reflect on whether or not it is wise to trust the government. After all they are repeating what their trusted vendor has told them after saying what their own trusted vendor has told them, and so forth. The citizens are trusting a government to protect their data and in turn the government outsources the data to private companies which is configuring their mainframes to forbid passwords mixed with uppercase and lowercase characters and then capping them at 8 characters. Best of all, all these mainstream media articles about password policies and security? Turns out Sweden protected their tax agency datasets without any password policies. The government is just a brand used to verify multiple companies which have structures that are too complex for the average citizen to get a wide understanding of. We elect a government because we are lazy. Our own laziness is repeatedly making bad decisions for us.

The tip of Mount Problem is that these problems are everywhere. System administrators, governments and companies don’t care if your data is lost because it’s lost, they care because if you find out about it then you might choose someone else to provide you services and they’ll start losing customers and votes. Governmental trust is the lowest level of marketing because the general public trusts it to make the right decisions in most cases by default due to the governmental branding.

The biggest threat of exposing them is that they lose trust. They are not protecting you. If you aren’t protecting yourself then nobody is. Banks and governments have repeatedly proven that they will rather keep cyber attacks secret than expose them and risk losing your trust, which you have to keep in mind is what they convert into profit. The biggest threat of exposing them is that they lose trust. Keeping cyber attacks secret paradoxically benefits the attackers just as much as the government.

Now vote like it matters.