Cooper Quintin

Communiques on technology and society

10 Years in Jail for Exposing War Crimes

Photo of Jeremy Hammond

Today my friend Jeremy Hammond was sentenced to 10 years in Federal Prison. His crime, exposing war crimes. Jeremy hacked into the website of strategic forecasting inc., a private global intelligence firm that contracts with the U.S. Government to provide foreign intelligence and other services. Jeremy released thousands of emails and documents from the stratfor servers, providing evidence that stratfor was working for various governments to track and monitor dissidents and activists.

Jeremy’s crimes were not violent, they were done in the spirit of civil disobedience, acting against the corporations and governments responsible for the murder and impoverishment of millions of people. Jeremy was not hacking for personal gain or glory, he was not doing it for the ‘lulz’. Jeremy was fighting for freedom, he was fighting for justice, he was fighting to preserve life and liberty which are the inalienable rights of all humanity. Jeremy did all of this not for himself, he took these actions because he could not stand to see the atrocities that were continuing to be commited by corporations and governments all over the world. He did this with the full knowledge that if here were caught he would serve many years in jail if caught.

http://freeanons.org/jeremy-hammond-sentenced-10-years/

I targeted law enforcement systems because of the racism and inequality with which the criminal law is enforced. I targeted the manufacturers and distributors of military and police equipment who profit from weaponry used to advance U.S. political and economic interests abroad and to repress people at home. I targeted information security firms because they work in secret to protect government and corporate interests at the expense of individual rights, undermining and discrediting activists, journalists and other truth seekers, and spreading disinformation. – Jeremy Hammond

Jeremy plead guilty to the charges of a violation of the Computer Fraud and Abuse Act, as a condition of his plea bargain he will not be charged with any other crimes. Violation of the CFAA carries a maximum 10 year sentence, which is what Jeremy has received. In comparison, the stubenville rapists received sentences of 1 and 2 years each, for a conviction of rape. With this disproportionate sentence, the US Government is sending a very clear message, “if you commit acts of civil disobedience, if you are a whistleblower, we will put you in jail as long as we possibly can.”

As I heard the news of Jeremy’s sentencing today I could not decide whether I wanted to cry or scream. I have had the pleasure of knowing Jeremy for over 8 years. Jeremy has, in that time, continually inspired me with his dedication, kindness and bravery. Jeremy has never let police repression silence him, he has never let arrests and jail time stop him. Jeremy is not one to back down, and I do not expect this situation to be any different. They may have locked Jeremy away for the next decade, but they have not silenced his spirit, and they will never silence his voice.

Jeremy does not deserve the sentence that he has received. Judge loretta perska, hector monseguir and stratfor are guilty of crimes against humanity; they are complicit in mass murder and the unraveling of our liberties, they are responsible for stealing a decade of Jeremy’s life.

The US government may have jailed Jeremy Hammond and other freedom fighters like Chelsea Manning; but we are not intimidated by these actions, and we will not be silenced.

They are in there for us! We are out here for them! Support all political prisoners!

If you want to support Jeremy you can find out more at his website: http://freejeremy.net/

note: I have purposefully not capitalized the names of those guilty of this travesty of justice, as a sign of disrespect.

Four Easy Ways to Increase Security on Your Android Phone

Mobile phone security can be a nightmare. Mobile platforms are quite complex and with this complexity comes many vulnerabilities. As the complexity of mobile platforms increases so does the number of ways that they can be exploited.
Mobile platforms are also a very attractive target for an attacker, storing increasingly large amounts of data including but not limited to: contacts, pictures, videos, browsing history, text messages, emails and even credit card data. This data is all of great interest to an attacker. But don’t lose hope, there are some simple things that you can do to increase the security of your mobile device today. Taking these actions will not make your mobile phone perfectly secure, there will still be ways that a determined attacker could gain access to your device. However, having some security is better than having none at all.

1. Set Up a Strong Screen Lock

Setting up a strong screen lock is the first line of defense in keeping your phone secure. But what exactly constitutes a good screen lock? As you can see from the picture below, using the pattern based screen lock can leave a smudge on the screen that makes it easy to guess what the pattern is. Picture of a smudged android phone I recommend using the pin lock or the full text password lock. However, this comes with a caveat. If you are going to use the pin lock you should pick a secure pin. Make it more than 4 numbers and don’t base it on any easily guessable dates or numbers (e.g. 1234, 1984, 1111, 1379). For an excellent in depth analysis of pin code security I recommend this article. Of course setting a full text screen lock is the most secure option, unfortunately it is also the least convenient. If you don’t want the hassle of typing in a full text password I recommend a 7 or 8 digit pin number.

2. Encrypt the Disk

While a strong screen lock will protect your data while it’s turned on, full disk encryption will protect your phone when it is turned off. Full disk encryption encrypts the disk that all of your data is on, making it so that a password is required to read any data on your phone. Android devices have had full disk encryption built in since Android 3. It is based on a tried and true piece of encryption software called LUKS, which is the disk encryption program of choice for Linux users. Full Disk Encryption on android can be enabled by going to Menu –> Settings –> Security –> Encrypt Device. Android will then encrypt your disk. When it reboots you will have to enter your screen lock password before the phone will decrypt the disk. This is another reason to choose a strong screen lock password! Personally however, I prefer to have an encryption password that is more secure than my screen lock password. There is an app that will let you change your disk encryption password if you have root access to your phone: CryptFS Password. There is one caveat however, once you encrypt your disk you can not undo the process. If you forget the password that you set, all of the data on your phone will be permanently lost.

3. Use Open Source Software

There are many great apps for entertainment, work, and more in the android app store, Most of them do what they say; however there are some unscrupulous app developers out there that will insert malicious code into their applications. This can include anything from code that tracks what web pages you visit to code that logs your keystrokes or tries to steal banking data. The problem is that there is no way to confirm that an android application does what it says it will do since you cannot see the source code. With open source software, anyone can read the source code and (hopefully) verify that the program is doing what it says it will do. Some great open source alternatives include Firefox instead of chrome, K-9 mail instead of the default email client, OSMAnd instead of Google maps and Duck Duck Go instead of Google for searching. There is even an app store that only includes open source software called F-Droid. If you want to get especially hardcore you can even replace the android operating system with an open source fork called Cyanogen Mod.

4. Use Encryption Applications

Now that we have open source software running and our hard drive is encrypted, we can focus on protecting our data while it is in transit. Encryption software will protect your data while it is in transit over the mobile data network. There are a number of great encryption applications for Android, all of these programs are open source as well! The programs that I recommend are: Text Secure (text messaging), Red Phone (phone calls), Ostel (phone calls), APG (email), Orbot and Orweb (web browsing), Chatsecure (chat), Notecipher (Notes). By using these applications you can increase the security of your data on your phone as well as in transit.

Conclusion

Following these steps will not make your phone 100% secure. None of the steps are foolproof. A determined attacker could find ways to circumvent all of them. But it will make your phone more secure. By pro-actively pursuing security for your mobile device you will be able to keep your data safe from many of the attacks that a mobile user will face.

Drupal: Never Again, or, How I Stopped Worrying and Learned to Love Markdown

I have been a web developer for over 6 years now, I have hacked in Drupal, Wordpress, Ruby on Rails and Django and more. Lately my favorite framework has been good ol’ fashioned static HTML and Javascript.

I switched my blog recently from a custom written Ruby on Rails CMS to this Octopress generated website and I couldn’t be happier. In fact, lately, I have been tempted to create every new site using a static generator.

Now obviously using a static site generator like Octopress or Jekyll is not for everyone. You have to be reasonably comfortable with Ruby and with Markdown to use Octopress; so I will probably not be rolling it out as a CMS for any of my clients any time soon. However, for the sites that I directly maintain it has been a fantastic tool.

But Why?

Security

Using a static blog generator offers a level of security that can’t be matched by Drupal, Wordpress or RoR. Any framework is going to have the possibility of security problems: session hijacking, cross site scripting, mysql injections and zero days. A static site generator has none of these problems, this significantly decreases the attack surface for any website.

Scalability

Static text scales better than anything else. With Drupal or RoR you need to cache the hell out of a site to get it to scale to any reasonable site. With a static site you don’t have any caching to worry about at all, and if your site does somehow grow beyond the capabilities of your server it is easy to use varnish to increase your throughput, because it is static it can all be cached, and there is no database to be a pain in your side!

Better Workflows

Now that I am using Octopress I don’t have to worry about updates, caching, plugins, publishing or wysiwygs. I just fire up vim and start writing my post in markdown. Then when I am done, I can publish and deploy with one simple command: # rake gen_deploy. This is a workflow that is so easy for me it makes writing a joy.

Using octopress for blogging has so many benefits over other content management systems it makes me wonder how I ever used them. I will certainly be using Octopress for every site I can from now on.