FEDS have access to HUSHMAIL READ

DJ_UFO · Oct 7, 2007

muffinmaker said:
Wrong,if they have an email addy they suspect is doing something wrong, they can get the password.

right. for feds is just a phone call to hush. "we need that password now or tomorrow yall be harvesting rice in a chinese field"

similar to what happened to Pakistan after 9/11. Our government called Pervert Musharaff the next day and basically told him "you will be our allied or we will bomb your ass to stone age"

jeb0177 · Oct 7, 2007

it seems like the actual hushmail company handled the cds with all the confirmed emails sent and orders taken. man this fukig sukcs ass!!! i hate this

jh1 · Oct 7, 2007

DJ_UFO said:
right. for feds is just a phone call to hush. "we need that password now or tomorrow yall be harvesting rice in a chinese field"

similar to what happened to Pakistan after 9/11. Our government called Pervert Musharaff the next day and basically told him "you will be our allied or we will bomb your ass to stone age"

You're spreading nonsense.

Hushmail never gets your passphrase. They don't have it to hand out.

This is evident by:

1) Industry review by security experts would have outted this complete lapse of security.
2) The DEA has used keyloggers on suspects computers to get passphrases for hushmail.

rdel85 · Oct 7, 2007

jh1 said:
They could have read the emails after the arrest, after the possibility of OSOCA giving up the keys existed.

Obtaining emails from hush prior still provides momentum to the investigation since you know whom he is speaking with - in this case at least one well known raw materials supplier.

Either that or the keylogger route - as used the MDMA case.

Ownded.

I dunno, I am still thinking hush is not what they say they are. Just for the reason I feel they would have had to mention that they used a key stroke recorder in the inditement.

jeb0177 · Oct 7, 2007

so if they don't have it how they handled the cds with all the orders, customers, transactions to LE?? according the legal document pdf on the previous page.

jh1 said:
You're spreading nonsense.

Hushmail never gets your passphrase. They don't have it to hand out.

jh1 · Oct 7, 2007

rdel85 said:
I dunno, I am still thinking hush is not what they say they are. Just for the reason I feel they would have had to mention that they used a key stroke recorder in the inditement.

Security experts would have called hush out on that.

They don't mention a keystroke logger, the owner of the account turning over the password, hush providing clear text email message bodies, or some government encrtyption intelligence cracking the code...

Something had to have occured to get clear text. They simply didn't disclose whatever mechanism in the indictment, hush is not the most likely source....

I think it's a distinct possibility the indictment was written that way to shake everyone's confidence in hush. If that was their goal, they have certainly suceeded.

jh1 · Oct 7, 2007

jeb0177 said:
so if they don't have it how they handled the cds with all the orders, customers, transactions to LE?? according the legal document pdf on the previous page.

They handed over CDs containing all the emails. The email bodies were encrypted.

Customers are exposed through headers which are clear text. Specfics of orders such as what was ordered and amounts, shiping addys and stuff would have to be decrypted.

Either through knowledge of the keys from a keylogger or from the target of the indictment post arrest.

digger · Oct 7, 2007

jh1 said:
They handed over CDs containing all the emails. The email bodies were encrypted.

Customers are exposed through headers which are clear text. Specfics of orders such as what was ordered and amounts, shiping addys and stuff would have to be decrypted.

Either through knowledge of the keys from a keylogger or from the target of the indictment post arrest.

Or a brute force attack on the passphrase if it wasn't a particularly good one. But yeah, that's a really good summary.

People, The Man is not going to burn his sources willingly, any more than y'all would burn yours. Spreading fear and uncertainty about Hush? Sure, they'll do that. It works in their favor, big time. They also want you to keep thinking of Hush as black magic, and not as a system where you have to think about all the parts.

If you're corresponding with someone who thinks 'yomama' is a good PGP passphrase, you and he are both screwed.

If either of you is bigtime enough for Papa Fed to authorize a breakin and a keylogger on your keyboard(s), you're also screwed... unless you're Jack f'in' Bauer, and check for the blonde hair you carefully stretched under the keyboard, every single time it's used.

Back in WWII, Churchill and Roosevelt had a scrambled telephone. The Nazis had a descrambler, but it didn't do them any good, because Winston and FDR would only talk about documents that had been sent by courier, so all the eavesdroppers got were two guys saying stuff like "About item 17, I say yes."

The British operator had a standing order to tell everyone not to discuss classified material on the scrambler phone before she made the connection, and every time she read the order to Churchill, he said "Yes, ma'am."

Imagine the operator giving Hitler the same reminder.

"HEY, I'm Adolf Fuckin' Hitler, bitch! Put Rommel on and snap it up!"

Churchill lived to write history books about winning the war. Hitler ate a cyanide pill with a 9mm chaser.

We have smart people here telling you "here's where it's broken, and here's where it isn't broken." Listen to them.

Mavafanculo · Oct 8, 2007

jh1 said:
They could have read the emails after the arrest, after the possibility of OSOCA giving up the keys existed.
...........
...........

Either that or the keylogger route - as used the MDMA case.

I) Definitely read prior to arrest.

From the indictment (post 1) they read the emails prior to June 8 - they got the PO box # from the emails and served a subpeona on that date to get the subscriber info for that PO box.

OSOCA was still in business and the DEA placed an order with him on July 25.

So they definitely had access to decrypted emails prior to his arrest and possibility of cooperation.

That leaves in decreasing order of probability:

-1) keystroke logger

-2) diggers brute force attack on a weak passphrase (hadnt thought of that

)

-3) compromise of Hushmails implementation of PGP.

if anyone knows of Hushmail having an independent auditors letter or Crypto community having oversite access to THEIR SOURCE and THEIR IMPLEMENTATION of PGP post up a link.

Lacking the above, nothing would stop Hushmail from installing a backdoor (perhaps at the "request" of USA or Canada post-9/11), and no one would ever know.

-

-4) The possibility of cleartext email between OSOCA and GLP is out because GLP was on Hushmail as well.

II) Is this sentence in the indictment a hint? -> ".....Hushmail is a free encrypted email service that CLAIMS to secure the privacy security and authenticity of emails sent and received by its users....."

-

jh1 · Oct 8, 2007

Mavafanculo said:
I) Definitely read prior to arrest.

From the indictment (post 1) they read the emails prior to June 8 - they got the PO box # from the emails and served a subpeona on that date to get the subscriber info for that PO box.

OSOCA was still in business and the DEA placed an order with him on July 25.

So they definitely had access to decrypted emails prior to his arrest and possibility of cooperation.

That leaves in decreasing order of probability:

-1) keystroke logger

-2) diggers brute force attack on a weak passphrase (hadnt thought of that )

-3) compromise of Hushmails implementation of PGP.

if anyone knows of Hushmail having an independent auditors letter or Crypto community having oversite access to THEIR SOURCE and THEIR IMPLEMENTATION of PGP post up a link.

Lacking the above, nothing would stop Hushmail from installing a backdoor (perhaps at the "request" of USA or Canada post-9/11), and no one would ever know.

-

-4) The possibility of cleartext email between OSOCA and GLP is out because GLP was on Hushmail as well.

II) Is this sentence in the indictment a hint? -> ".....Hushmail is a free encrypted email service that CLAIMS to secure the privacy security and authenticity of emails sent and received by its users....."

-

I am still leaning towards a keylogger.

Brute force is a possibility, but at that level - I doubt the DEA attempts decryption via brute force. Even a trivial password would take a significant amount of time - and there is no guarantee. You may run that for weeks on end and end up no where. I would think they farm all 'cracks' out to a much more focused group like the NSA, and I sincerly doubt they get involved for such trival nonsense.

As far as a backdoor - if there was and hush was complying and conspiring - then why would the DEA seek a warrant for a break / enter and suripticiously install a keylogger in the much more important MDMA manufacturing case linked earlier? Seems ass backwards if they could simply make a phone call to hush and get the clear text - no?

The only hint that could point otherwise was that in the MDMA case they insisted upon the keylogger because they needed 'realtime' access to clear text emails - which in a hush/backdoor scenario - hush may not be setup to provide real time - they may have to retreive the emails, decrypt, send on a CD to LE.

How you would approach countering *ALL* these possibilities would vary depending upon if you were a customer or a distributer.

FEDS have access to HUSHMAIL READ

DJ_UFO

Banned

jeb0177

New member

jh1

New member

rdel85

New member

jeb0177

New member

jh1

New member

jh1

New member

digger

Chairman of Board

Mavafanculo

New member

jh1

New member

Similar threads