Share this page!

matt blaze Profile picture
Twitter logo
10 Oct, 9 tweets, 2 min read
This case reads like a spy novel, and also illustrates the limits of cryptography. He set up encrypted communication and dead drops with a foreign government (even calling the endpoints “alice” and “bob”), but was actually communicating with the FBI.

justice.gov/opa/press-rele…
My guess for COUNTRY1 is France: has subs, independent enough that someone might approach but friendly enough to rebuff the approach and cooperate with the US, not English speaking.
A couple things jumped out at me. As soon as the FBI got the package from COUNTRY1, they clearly took it VERY seriously. Within just a week they had analyzed the SD card and sent an initial response to the Proton account.
It's interesting that COUNTRY1 got the package in April, but waited until after the election (December) to decide to rebuff it and share with the US. Would they have if the election had gone the other way?
Toebbe was very careful, and the complaint doesn't suggest too many mistakes on his part. Absent other details, the main thing that allowed him to be IDd was that he let "Bob" select dead drop sites, which were (obviously) under surveillance.
But Toebbe wasn't actually a trained spy, and I suspect his tradecraft was derived from reading the open literature (and spy novels).
In any case, there are only five countries beside the US with nuclear-propelled subs: Russia, China, UK, India and France. RU and China aren't going to cooperate. English (of a sort) is spoken in the UK.
That leaves India and France. Of the two,,with which would you apologize for poorly speaking the language and muse about sharing a bottle of wine in a cafe?
There are other countries with aspirations for building nuclear-propelled subs which are possibilities. Australia is one, but again, English speaking. Brazil is another possibility. So if not France, maybe Brazil.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with matt blaze

matt blaze Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @mattblaze

matt blaze Profile picture
5 Oct
1. A proper computer science education includes the study of physical security and locks.

2. An angle grinder was absolutely the right thing to do here. Server cages are cheap.
I just hope they wore safety glasses and other appropriate PPE.
Fortunately, angle grinders aren’t yet networked.
Read 4 tweets
matt blaze Profile picture
4 Oct
Imagine if FB owned AWS (or something with a similar footprint) right now.
“The Internet was designed to survive a nuclear war” has always been a myth, but it’s wronger than ever after decades of quiet centralization.
A really bad takeaway from this would be “look how badly FB was engineered”. They no doubt made some (serious) errors, but they’re about as technically good as anyone is at their scale.
Read 6 tweets
matt blaze Profile picture
3 Oct
Spending a lazy sunday afternoon testing faraday bags for phones. (Preliminary results so far: You don’t always get what you pay for, but you never get what you don’t pay for.)
Motivated by the fact that iPhones officially can’t be powered off, which, even if they implement really good privacy protections, will inspire other manufacturers to try similar things, often less carefully.
Some quick preliminary results, testing at 1, 2, 3, 4 , 5 and 6GHz: The expensive (~USD 40-60) phone-size bags from Mission Darkness (sold on Amazon) and EDEC (online store) work reliably well: >60dB attenuation at 1M distance, IF closed properly.
Read 8 tweets
matt blaze Profile picture
1 Oct
I knew this was coming eventually, but it finally happened. I asked a class today, as I periodically do, “how many people here have a landline phone at home” and the answer was zero.
“Plain old telephone service”, used to mean the once ubiquitous 48V,20ma local loop. The kids today think it means a cellphone with no data service.
That Apple origin story about Woz and Jobs financing the company by selling Blue Boxes for making free long distance calls requires a lot more explanation than it once did.
Read 4 tweets
matt blaze Profile picture
24 Sep
There’s going to be all sorts of analysis of the AZ “audit” report that’s being officially released tomorrow, which is more attention than it deserves. But at least this exercise in low-rent clownery reached the same conclusion about the outcome as the adult audits did.
Again - and this is the critical take-away here that I fear will be lost in the noise - the “Cyber Ninja Audit” has nothing in common with the rigorous Risk Limiting Audits recommended by experts (and which should be done after every election routinely).
Meaningful election audits are a well-defined process that provides quantifiable assurance that the reported outcomes match the ballots cast. The AZ fiasco, on the other hand, was an open-ended attempt to cast doubt on a valid outcome. And it failed even at that.
Read 8 tweets
matt blaze Profile picture
23 Sep
“I used to respect you but then you were mean to my blockchain voting idea”.
Just a suggestion. If I post a link with for a good starting point for learning about improving election security: nap.edu/catalog/25120/…

and you respond with a “solution" that contradicts several of its recommendations, I’m going to assume you’re unserious.
It’s fine to disagree with the experts. But if you propose something that contradicts the experts consensus without engaging with their recommendations or explaining what you think they're wrong about and why, you’re likely to be disappointed with the response you get.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @mattblaze has new unrolls!

Check out other threads from @mattblaze!

Read all threads by @mattblaze

:(