US Gov's Big Brother Ratings About to go Through the Roof

(continued)In real life, a murderer might hike through the woods, dragging his fresh kill behind himself. He'll bury the body, and then hike back down the mountain, jump in his car, and speed off-- leaving his tracks behind. The police, suspecting murder, discover these tracks, follow them to the burial spot, and discover the body. They then use the shoe imprints and tire tracks to match up with the killer, thus solving the crime.

IP addresses work in a similar way. Instead of a shoe print, they instead look like this: 69.56.219.218. That's the IP address of this site, by the way. So, imagine if I uploaded some good ol' fashioned child porn from this server to my myspace account. Myspace would have a record of "69.56.219.218" uploading "buttsecks-8-year-old-with-frog.jpg" to profile number "4168972" (actually my profile number on myspace). These would be the footprints I made of uploading the porn. If the FBI wanted to find out who uploaded the porn (ie, track the footprints), they would contact myspace and ask them "who uploaded that picture to that profile?" To which MySpace would respond, "69.56.219.218." They would then what to find out who was assigned "69.56.219.218" to find out who actually uploaded the porn by contacting my ISP, so they'd find "The Planet" by searching for the person who owns the "69.56" address block (and hosts my server). They'd then ask The Planet who bought the "shoe" (to make the footprint) of "69.56.219.218," and they'd find me and my credit card, pointing to my home address. Thus, they would have solved the crime and found the evil child pornographer.

... but that only works if I'm actually the bad guy. It relies upon the fact that I was the actual person doing the uploading. First off, any one of my friends who had access to my server could have uploaded the picture. In effect, I would have known nothing about it, but all signs would have pointed to me being the culprit; for, the image would have come from "69.56.219.218." Even worse, what if someone hacked into my server and uploaded the porn? Then, some random person from Utah, who's clearly repressed and attempting to relive his childhood fantasies raised in a mormon fundie environment, could upload porn from my server to anywhere he so wishes, and it would still look like it was coming from "69.56.219.218." The FBI knocks on my door, then arrests me for transmitting child porn. I spend 800 years in federal pound-me-in-the-ass prison because some hick in Utah gets his rocks off to kiddie porn.

Back to the analogy: It would be like someone putting on my shoes, stealing my car, murdering someone, and having the tracks all lead back to me. I get arrested for the crime and get sent to pound-me-in-the-ass prison for murder. Bummer, eh? Best case, I get off the hook, but I still get sent to jail until I get acquitted, thus losing my job and being disowned by everyone that knows about it.

It doesn't end there, either. The problem scales scarily well. If you've no doubt realized by now, the Internet is so called because it's an inter-connected series of networks. That's where it gets its name: the Internet. In real life, doing something bad requires at the very least minutes if not hours or days of preparation work, because there's only one practical way of doing it: by yourself or asking someone else to do it. On the Internet, however, transactions happen nearly instantaneously. Combine that with the fact that literally millions of nodes in the Internet are compromised or open proxies, you're talking about one hell of a lot of room for error.

Another analogy, to translate that from nerd to normal user speak: In real life, anyone who commits a crime is the person who commits the crime. Whether they're just plain crazy or simply cold murderers, the person who shoots the gun is the person who is shooting the gun. On the Internet, this is not always the case. As it stands today, "compromised" or "open" computers along the Internet translate to something similar to an invisible hole in the back of a person's mind. The person doesn't know it's there, but that hole allows anyone with the proper skill set to reach through that hole and control everything a person does, from the most innocent of things to the most heinous. In essence, a moderately-skilled Internet user can therefore use "mind control" on someone else on the Internet.

It would be like someone in real life being able to make someone else in real life do something evil, because everything from DNA to footprints to thumb prints would point right back to the person whose mind is being controlled. On the Internet, computer guys call those computers susceptible to mind control "open proxies" or "drones."

So then the following scenario exists: you (yes, you) are given the ip address “123.45.67.89” by your ISP (say, Earthlink or AOL). You surf your days away, primarily doing research on an anti-cancer drug while occasionally reading headlines over at CNN.com. When you're really horny, you (or your husband/wife) might run on over to a normal adult website to squeeze off some tension-- nothing illegal or otherwise bad. Then, someone from the IP address “69.69.69.69” uses a bug in Windows XP (quite probably the operating system you're running) to gain control over your computer. He installs a program, called “backdoor.exe,” for example, that reports to him everything you do, including everything you type (including passwords and credit card numbers) to every website you visit-- all without you knowing anything has ever happened. Then “69.69.69.69” gets frisky and wants to upload some child porn or do some terrorizing. He then connects to your home computer, which is still assigned the IP “123.45.67.89,” uploads some 8-year-old buttsecks, and emails in a bomb threat using your email address. To cover his tracks, he deletes “backdoor.exe,” and never contacts your computer again.

To anyone who inquires where the email came from or whose “footprints” uploaded the child porn/bomb threat, all signs will point to you, housed at 123.45.67.89. It is undeniable that the email came from your email address, and it's undeniable that the image was uploaded to myspace from 123.45.67.89; yet, you actually didn't do any of it. You were under “mind control.” But what jury who knows nothing about “backdoors” and such will believe that-- especially with no evidence of the intrusion.

A few weeks down the road, you're in handcuffs in the back of an FBI van on your way to a federal jail. You try to tell everyone you didn't do it, and that it's all one big mistake, but they don't believe you-- after all, you're a suspected terrorist and/or child molester. You're the scum of the Earth. Your family is driven out of its home by angry suburban housewives, and you're fired from your job to avoid P.R. risk once your occupation gets out in the news. Even if you're found innocent (by a panel of your peers that know nothing about the Internet), your face has been plastered all over the news, your wife wants a divorce, and the life you once had is over. That's best case scenario. Worst case scenario, you get sentenced to 25 years (eligible for parole in 10), and your new best friend is a coke dealer from Jamaica.

... all because the footprints led to you.

“69.69.69.69,” meanwhile, is jerking off to his kiddie porn while pressing detonators, laughing at your sorry ass for being in the wrong place at the wrong time. Tough shit. And, if you think that you could just point to “69.69.69.69” and say “he did it,” think again. Not only can 69.69.69.69 obscure his access to your computer, he can also use your computer to hack into other computers by installing a personal “proxy” for himself. In all reality, “69.69.69.69” might not even be the hacker, but instead the IP address of yet another person that the real hacker (who might be “77.77.77.77”) hacked into. The chain can continue across literally hundreds of compromised computers in different countries from different ISPs before it ever reaches “77.77.77.77,” which, in all reality, might just be a public wifi network at the local coffee shop. In the end, the true offender will almost certainly never be captured, while you rot away in prison.

Think it could never happen to you? Think again. Chances are actually rather good that already you have at least one backdoor installed on your home computer right now, especially if you have no idea what “windows update” is and/or you don't manually update your virus software's definitions at least once a week, then subsequently update the actual software itself to a newer yearly version once a year. Someone could be uploading porn from your computer right now as you're reading this, and you wouldn't even know it.

Of course, have no fear, for that's not that much of a problem right now. Most exploiters either simply sniff for your bank account/login information or use your compute to send spam. The more creative and more financially broke hackers install adware that nets them thousands of dollars a month by bombarding you with popups that come seemingly out of nowhere. They tie that adware to an offshore account and make a living off your stupidity. These are relatively harmless actions, which, worst case, result in you canceling your credit cards, changing your passwords, and reformatting your computer.

But, if these types of legislation go through without the public knowing that IP addresses do NOT translate to the same kind of “footprint” that a shoe, thumb, or DNA translates to in real life, I assure you that what was once simple fraud will soon become a matter of possible life imprisonment for innocent people.

By the way, just to show you how easy this all is, let me let you in on a little secret: I'm actually using a proxy right now to post this. Remember when I told you that www.nevercensored.com's IP address is 69.56.219.218? Well, I just logged in to MySpace from my home browser (which is actually on an IP address starting with “76.185,” belonging to Time Warner). However, if the FBI got nosy, they'd search MySpace's records, and instead they'd find “69.56.219.218,” even though the actual person who logged into MySpace came from “76.185.something.something.” That's because I run a private caching proxy on the same server nevercensored.com runs on in order to speed up my browsing and to strip things like CSS from stupid MySpace profiles that look hideous. Granted, if the FBI looked for who owned “69.56.219.218,” they'd still find me, but what if I simply installed my proxy elsewhere-- say, on one of the thousands of exploitable computers out there? Maybe instead I could install it on one of my enemy's computers? Even better, what if I didn't use a proxy at all, and instead connected to an open wireless router in a neighborhood close by? The possibilities are endless.

Speaking of, I figured I'd go ahead and brainstorm a few possibilities for this while I'm here.

• Corporate warfare. Make it look like a competing company is knowingly hosting an underground gambling+child porn+spam ring. That way, their servers get gobbled up by the FBI for a few months while they scan the hard drives for evidence, costing them massive downtime and huge profit loss.


• Blackmail. With drone networks sometimes hitting 100,000 or more, it becomes extremely easy to overload almost any small or medium-sized website. Assuming that only 10,000 of those drones are on DSL lines that limit their upstream bandwidth to 128kbits (16kbyte per second), the bandwidth pull from 10k drones * 128kbits == 1,280,000 kbit/sec == 12,800Mbit/sec == 12.8 gigabits per second. Considering that most sites consider 45megabits per second good (which is expensive, easily costing tens of thousands of dollars per month), a 12.8 gigabit flood of connections from 10,000 different ips from around the world to one single website will most certainly bring it to a screeching halt for an indefinite period of time. This opens the opportunity for “either you wire $40 grand to this offshore bank account or your e-commerce site is toast” types of blackmail.


• Wireless hacking. Those who don't even protect their wireless networks leave the door open for their neighbors to use their IP address anyway. Those that use WEP key encryption also do as well, as WEP is easily hackable. Between the two, there's a whole lot of options available when combined with a hacker's ability to use a car and a laptop to drive around town, using other people's Internet connections at whim.


• Drug network communication. Corporations nowadays hate keeping accounting records and possibly incriminating memos in the good ol' USA where it can be subpoenaed, so it's now becoming increasingly convenient to stick things offshore. Long before the legal businesses were doing it, the top-of-the-rung drug traffickers were doing the same thing. Drop points, pickup times, and even casual chit-chat can be easily coordinated using ultra high grade encryption and custom-made clients and servers to connect to chains of IPs-- compromised and not-- in many different countries, from Brazil, to the USA, back to Brazil, to China, Sinagpore, Japan, South Korea, back to Brazil, and finally Colombia. All of it changed and modified along the way to prevent broad packet sniffing. The routes and keys can be changed automatically and daily, while the daemons and keys are kept in memory, thus negating the possibility of reverse engineering the server code on a compromised server. It is therefore almost 100% impossible to track.


• Terrorist communication. See above. If the drug lords can do it, I guarantee the terrorists can too.
.

• Revenge. Don't like your neighbor? Hack him, use his credit card to subscribe to some child porn sites, send some dirty messages to some 13 year olds using his AIM account, and watch in hilarity as the police drag him from his house sobbing like a baby.


• Politics. The same things you can do in the “Revenge” bullet above can be done to your neck-and-neck political opponent. Nothing assures you victory more than a possible child porn scandal stuck to your opponent. Make it gay child porn and you've got the race in the bag. Make it urine sports bestiality gay porn and, well, you'll look like a fucking saint. :P


• Multinational issues. I touched on it above, but different countries have different laws, and while the US can make all the laws it wants to about regulating the Internet, it is almost impossible to get the rest of the world to cooperate. Bouncing encrypted communications off of any one of the countries that refuse to cooperate with the US completely negates the possibility of tracking a smart hacker.


• Unpatriotic communication. Remember when I bolded “other crimes” from the original article? That applies here, as well. While the law might be intended for use against child pornographers and terrorists, the actual target could become broader. Just like the Patriot Act was once intended for terrorists and is now used primarily on drug dealers and DUI offenders, I could easily envision a day where “unpatriotic” communication suddenly becomes outlawed once again. For the non-believers, Google the Alien and Sedition acts. Never fear, though: you can bypass that, too by posting through someone else... or even better... AS someone else. Properly framed, you can also make life a living hell for someone else by making unpatriotic comments look like they came from a certain person.

The list goes on, but this post has already become too long. The take home story of this entire thing is this: the Internet cannot be legislated, and doing so is simply costing everyone time and money. Not only that, but if this trend toward control continues, increasing numbers of miscarriages of justice will become more and more prevalent, with the end result of countless numbers of innocent people becoming victims in a never-ending war on nobody.

The Internet will always be free and impossible to control for the people at whom the control is aimed, but we must ask ourselves one big question: how much more will we be enslaved before we realize that the only people being controlled is the innocent? Much like the war on drugs, the war on the Internet will never be won, but will we have the foresight to stop this new war before it ends up costing us trillions of dollars in futility? Will we be able to? Of course, for the answer is simple: we vote these idiots out of office now. After all, an ounce of prevention is worth a pound of cure.

Cheers.