[This page is a mirror of this original]

Doing Freedom masthead

Uncrackable Email Part 1

Lee Adams

[Editors' note: This article was not written for us; the Web site which originally published this article is now defunct. It was a libertarian 'zine, and in the spirit of sharing good information that enables or creates more freedom, we're happy to offer it here. This version is unchanged as to text. Slash marks delineate hyperlinks (and possibly emphasis) in the original. We encourage you to link to it or to share it with your pro-freedom friends as well, as long as you respect the author's copyright and license, below.]

[http://www.SPYCOUNTERSPY.com/fs006.html. Providing knowledge and skills to supporters of freedom and fairness.
Copyright 1998 Lee Adams.
All rights reserved. Quoting, copying, and distributing is encouraged. (Please credit us as the source.) Links to our home page are welcome. Names of characters, corporations, institutions, organizations, businesses, products, and services used as examples are fictitious, except as otherwise noted herein. No resemblance to actual individuals or entities is otherwise intended or implied.]

Assumption -- You are a typical American.

Question -- Is the FBI reading your encrypted email?

Answer -- Probably not.

Now the same question, but this time a different assumption.

You are an American under surveillance by the FBI.

Question -- Are they reading your encrypted email?

Answer -- Yes. Absolutely.

Dissidents pose no danger to the country.

It is the conformist who poses the greatest danger to our freedoms.

How surveillance is triggered...

If you are involved in anything like advocacy, dissent, or protest, then you are inviting surveillance. Anything that challenges the status quo--no matter how mild--is viewed with suspicion by the authorities. Sometimes the simple act of expressing an honest opinion or writing a letter to the editor is all it takes for a security service like the FBI or BATF to start nosing around. Independent thought is becoming a rare--and dangerous--attribute in America. Bureaucrats don't understand that dissent poses no danger to the country. On the contrary, it is /the conformist/ who poses the greatest danger to freedom.

There are thousands of regulations, prohibitions, rules, restrictions, laws, bylaws, codes, and statutes designed to regulate your behavior. It's common knowledge that any cop worth the badge can find /something/ to arrest you for. More than ever, ordinary Americans are finding it necessary to shield their activities from a government whose red tape can prevent you from earning a living, developing your land, etc. etc. etc.

*The Thought-Police.*

Once you're under surveillance, the simple act of encrypting your email is all it takes for the FBI to label you dangerous, perhaps a threat to national security.

Like many repressive regimes worldwide, the US government doesn't understand that people who want privacy /aren't necessarily hiding anything/. You put letters inside envelopes, don't you? Well then, doesn't it make sense to encrypt your email? Otherwise it's like sending a postcard. Anybody can read it along the way.

*PGP is under attack.*

PGP is considered the best encryption software available for use with email. But despite its robustness, PGP is regularly beaten by the FBI. Surveillance teams routinely read PGP-encrypted email.

That's because most people aren't using PGP correctly. If you are one of them, you are vulnerable. The FBI possesses the means to mount a sophisticated covert campaign against you. They can choose from an arsenal of proven methods for cracking your PGP-encrypted email. Those methods are described in this document.

*Assessing the threat.*

When the FBI succeeds at decrypting your messages, it is unlikely you will realize that you have been compromised. But having your email decrypted and read is not the prime threat. You face an even greater danger from an FBI surveillance team -- /especially if you are a member of a group that is targeted by the FBI/.

The FBI has decades of experience. They have learned to wring every possible advantage from each situation. They play by /Big Boys' Rules/. The FBI's goal is not only to get you, their goal is to wreck your entire group.

How do they manage to do this? By deception. Once they've cracked your PGP email, they will begin to create forged messages/. They will impersonate you.

The FBI team will send bogus email messages that seem to come from you. They will systematically work to create confusion, suspicion, and paranoia throughout your group.

This is the real nature of the threat. If the FBI cracks your communication they won't stop at getting you. They want the whole group -- or organization, team, cell, family, squad, or whatever it's called.

*How they do it.*

In this tutorial you're going to learn about the different methods that the FBI uses to crack your PGP system. Some of these attacks may come as a surprise to you. Many of these attacks are also used by other agencies like the BATF, DEA, CIA, and even local police.

*What you can do about it.*

This tutorial will show you different ways you can use PGP. These protocols reduce--and occasionally eliminate--the ability of the goons to crack your messages. And as a bonus, you're going to learn how you can use your email to conduct aggressive /antisurveillance/ against the FBI -- perhaps exposing a surveillance team that you didn't realize was watching you.

How the FBI cracks PGP email...

The FBI has resources and expertise. Their methods fall into four categories. Method 1 relies on their ability to break into your home or office undetected. Method 2 relies on their ability to bug your home or office. Method 3 uses electronic equipment that detects signals your computer makes. Method 4 is used in cases involving national security, where they rely upon the cryptanalysis capabilities of NSA.

*Know where you're vulnerable.*

The weakest part of your email security is you, the user. The mathematical algorithms that form the underpinnings of PGP are very robust. It is the manner in which you use them that creates vulnerabilities.

The most vulnerable point is the manner in which you create and store your original plaintext message. The next weakest element is your passphrase. Next are the PGP files on your computer's hard disk. (From now on we'll refer to your hard disk drive as HDD).

In a typical surveillance operation, the FBI will utilize the attacks described here. The ten attacks are listed in approximate order of increasing difficulty. It is standard operating procedure for the FBI surveillance team to use the simplest attacks first. In practice, their choice depends on the circumstances of the case.

*Attack #1 -- Plaintext recovery.*

An FBI or BATF surveillance team will break into your home or office /without your knowledge/. Once inside, the agents will read the plaintext files on your hard disk, diskettes, or paper printouts. Local police also use this method. It is very effective.

If you're like most people, you're probably thinking to yourself, "Aww, there's no way they could get in here without me knowing. I'd spot it right away."

Yeah, right. That's exactly the attitude the FBI wants you to have. So dummy up. FBI penetration agents love people like you. You are the ideal target. Over confident. Easy to deceive.

This is important enough for us to pause for a few moments and talk a bit about how surveillance teams really operate. What you are about to read has /never been published before/. The government does not want you to know this.

*Background -- How they get inside.*

Many people are amazed to learn their home or office can be entered without their knowledge.

And not just once, but /repeatedly/. A surveillance team often requires multiple entries in order to thoroughly pick through all your stuff.

Good quality locks on your doors and windows are generally useless. The penetration team ignores them. They've found /an easier way to get inside/. Perhaps an example is the best way to illustrate the point.

Original document had a photograph labeled "Top: Dislodged block, exterior wall."
Next photo: Cabinet against exterior wall.

*Case Study.*

Ever since we launched /Spy & CounterSpy/, we have been involved in running battles with FBI surveillance teams trying to get inside our offices. Because of our experience we are not an easy target. Their operations were complicated by the fact that the FBI is /operating illegally/ in Canada and must act covertly at all times.

*The setup.*

Our former office was situated in an industrial park. We were located in a cindercrete masonry building equipped with high-security locks. We concluded it would be difficult for an FBI surveillance team to conduct a surreptitious entry without our knowledge.

Our building abutted a similar cindercrete building next door -- a welding shop. The bathroom cabinet sink is located against this wall. The arrangement provided /a perfect opportunity for surreptitious entry/.

The photos tell the story. It's easy for FBI agents to enter a building next door and remove a few cindercrete blocks from two sets of exterior walls -- and then enter our office through the back of the bathroom cabinet.

*Repair experts.*

Most people aren't aware that surveillance teams routinely break in through walls, ceilings, and up through floors. This is /standard operating procedure/. The FBI's restoration specialists can repair a damaged area in under /90 minutes/ using patch drywall, quick-drying compound, and special paint. Apartments and houses are a snap for these guys. This is your own government doing this to you, folks.

My first experience with this sort of entry was when I was helping Vickie deal with 24-hour surveillance by US Naval Intelligence. (Return to our home page and click on /About Us/ for more on this.) I showed her how to seal her house -- doors, windows, attic panel, everything.

But they tunneled over from the house next door. They came in under the driveway and broke through behind a false wall next to a fireplace in the downstairs family-room. They moved along a short crawlspace and entered the livingspace just behind the furnace.

Their cover was clever. They used a ruse of major renovations next door to conceal the sound the tunnel crew made.

Their mistake? Not enough attention to detail. They didn't match the original panel when they replaced the wall behind the furnace. Vickie and I had done a complete inspection of her house two months earlier. We both spotted the bogus panel immediately. She still becomes /furious/ when she talks about it.

The reason the goons like to break in through walls is simple -- it's extremely difficult to defend against. But simply being able to detect that you've been penetrated gives you an advantage, especially if you don't reveal you're on to them.

Now that you've got a better understanding of how resourceful and cunning these government agents are, let's return to the different attacks they use to crack your encrypted email. We've already covered Attack #1, plaintext recovery.

Their goal is to grab your secret key and your passphrase so they can use any copy of PGP to read your email.

*Attack #2 -- Counterfeit PGP program.*

After breaking into your home or office, FBI agents will install a counterfeit copy of PGP on your HDD. Encrypted messages created by this modified program can be decrypted with the FBI's master key. It can still be decrypted by the recipient's key, too, of course.

A variation of this attack is the FBI's /bot/. Acting similar to a virus, the bot is a /key-trap program/. (Bot is an abbreviation of robot.) The bot intercepts your keystrokes without your knowledge. When the opportunity arises, the bot uses your Internet dial-up connection to transmit your passphrase to the surveillance team. FBI agents often hide bots in counterfeit copies of your word processing program, and so on.

*Attack #3 - PGP's working files.*

After entering your premises in your absence, FBI agents will make copies of certain PGP files on your HDD, especially the files containing your secret keys. The agents will then attempt to find where you've written down your passphrase. They'll methodically search your papers, desk, safe, filing cabinets, kitchen drawers, and so on. They'll use deception to gain access to your wallet, purse, money belt, briefcase, and pockets.

Their goal is to grab your secret key and your passphrase so they can use /any copy/ of PGP to read your encrypted email messages whenever they want.

If their search fails to turn up your passphrase, they'll use /cracker software/ to deduce it. This works because most people use passwords and passphrases consisting of words and numbers with special meaning like birth dates or pet names. Unfortunately, it's a simple matter for the FBI to collect information about you like your birth date, your mother's maiden name, the number of a PO Box you rented 10 years previous, the license plate of your vehicle, names of pets past and present, and so on.

Here's how the FBI's cracker software works -- it combines and recombines all these words and numbers and keeps submitting them to the PGP program. (They copy /your entire HDD/ and do this work at their office.) They routinely crack the passphrases of PGP-users who fail to use random characters in their passphrase.

*Attack #4 -- Video surveillance.*

After breaking into your home or office without your knowledge, FBI specialists will install a miniature video surveillance camera above your work area. The lens is the size of a pinhead. It's extremely difficult to detect. The FBI surveillance team watches your fingers on the keyboard as you type in your passphrase. Local police and private investigators have also been known to use this method.

*Attack #5 -- Audio surveillance.*

This method is a variation of Attack #4. FBI technicians install an audio bug near your computer. The sounds generated by the keyboard can be analyzed. By comparing these sounds with the noises made during generation of a known piece of text, the FBI can often deduce your passphrase -- or come so close that only a few characters need to be guessed.

*Attack #6 -- AC power analysis.*

Using equipment attached to your /outside power lines/, the FBI can detect subtle changes in the current as you type on your computer's keyboard. Depending on the user profile in your neighborhood, the FBI's equipment can be located some distance from you.

*Attack #7 -- EMT analysis.*

EMT is an acronym for electromagnetic transmission.

Computer CPUs and CRTs operate somewhat like radio transmitters. CPU is an acronym for central processing unit. This is your Pentium chip. CRT is an acronym for cathode ray tube. This is your display.

The FBI surveillance team uses a communications van (or motor home) parked across the street to capture the electromagnetic transmissions from your computer. This threat can be eliminated by a shielding system called /Tempest/. In many jurisdictions you need a special permit to buy a Tempest system, however.

*Attack #8 -- Coercion.*

The previous seven attacks are quite easy for the FBI to implement. In fact, they use almost all of them on a routine basis. Even the local police in major US cities have access to vans that can pick up your computer's EMT.

From this point on, however, things start to get very time-consuming and expensive for the FBI in their attempt to crack your PGP-encrypted email. So they may decide to take a more direct approach.

They'll simply bend your thumb back. /Until it breaks, if that's what it takes/. Before they start, they'll make sure they've got enough /biological leverage/ on you to blackmail you into becoming an informant. Biological leverage is spy-talk for blackmail information.

The main defense against this threat is deception. An appropriate strategy is discussed later in this tutorial.

*Attack #9 -- Random numbers.*

After breaking into your home or office without your knowledge, FBI agents will make a copy of PGP's randseed.bin file. PGP uses the pseudorandom data in this file to help it generate a one-time pad that it uses for creating a portion of the ciphertext. This type of attack borders on true cryptanalysis. It is time-consuming. It is expensive. It is generally worth neither the FBI's nor NSA's time, except in cases of national security.

*Attack #10 -- Cryptanalysis.*

It is ridiculously easy for anyone, including the FBI, to intercept email on the Internet. After collecting a sampling of your encrypted email, the FBI submits the data to NSA for cryptanalysis. Cryptanalysis is egghead-talk for using mathematics, logic, and problem-solving skills to crack an encrypted message. It's all done with computers -- and NSA has some /monster/ computers.

The best information available to us indicates that NSA can indeed crack PGP email, but a /brute force attack/ is required. A brute force attack involves a lot of informed guessing. It's mostly just trial-and-error. Cracking a message can take weeks, months, years, or decades depending on the content, format, and length of your message. Later in this tutorial you'll see how to make your messages more resistant to this attack.

Very few domestic cases warrant the involvement of NSA. Besides, FBI agents are usually successful in cracking your email using one of the other attacks, especially /break-and-enter/. So NSA devotes its resources to cracking the messages of other countries' governments and their intelligence agencies.

Thinking outside the box...

The preceding ten attack-scenarios are based on thinking inside the box. When we use this type of reasoning, we are staying within a set of fixed assumptions. We are, in effect, boxed in by our rigid assumptions -- hence the phrase, thinking inside the box.

The preceding attack-scenarios make two assumptions. First assumption -- You've got an authentic copy of PGP. Second assumption -- NSA has not yet discovered a mathematical method for decrypting PGP ciphertext. Neither assumption is necessarily correct.

*Counterfeit software.*

We have received one report about this. We must caution you that it is only one report, and we have been unable to verify it through other sources. Our contact says an FBI agent bragged to him that the CIA has been distributing doctored copies of PGP freeware over the Internet. According to our source, the FBI routinely decrypts messages encrypted with these doctored copies.

It is our view that if this happened it was not over a wide-scale. Many copies of PGP are digitally signed by the manufacturer, who is no dummy. We believe that the fragmentary and decentralized character of the Internet prevents this type of ruse from succeeding -- especially against savvy targets like the folks at PGP.

*Mathematical algorithm.*

It is unlikely that NSA has developed a mathematical algorithm for decrypting PGP ciphertext -- not impossible, but unlikely. Because the algorithm and the source code for PGP are widely known and freely available, PGP has been subjected to rigorous testing and attacks by some of the brightest minds in the scientific community. This is called a /review by your peers/. It is a powerful method for vetting new ideas and methods. None of these bright scientific minds have come close to cracking the PGP algorithm, which is based on a complicated /one-way math function/.

Sizing up your adversary...

Clearly, FBI and BATF surveillance teams are a force to be reckoned with. They possess a lethal arsenal of capabilities that they can bring to bear against you and your email privacy. Their methods range from the simple to the sublime. They can break into your home or office without your knowledge and use your computer. They can use sophisticated electronic equipment to read your keystrokes -- over the AC electrical connection, over the telephone line, or over the airwaves. And, finally, if these types of methods fail -- which isn't very often -- NSA will be called in to crack your PGP-encrypted message.

Is the FBI difficult to beat? Yes. They've been at this game a long time. They've learned many lessons over the years.

Can the FBI be beaten? /Yes, you can beat them./ It is easy? No, not at first, but it gets easier as you build up self-discipline. Beating the FBI requires that you stop thinking inside the box.

Part 2 of this tutorial will show you how.

To stop the FBI from reading your PGP-encrypted email, return to our home page now and click on /Uncrackable Email 2/.

Copyright 1998 Lee Adams.
All rights reserved except as noted herein. /Spy & CounterSpy/ is published by /Here's-how, Right-now! Seminars Inc./
How to contact us:

Send mail to PO Box 8026, Victoria BC, CANADA V8W 3R7.
Email us at reader_service@SPYCOUNTERSPY.com


By using this product you agree to the following terms and conditions. If you do not wish to be bound by these terms and conditions, do not use the product.

Spy & CounterSpy is an electronic magazine. It is published for entertainment and information purposes only.

We are not rendering legal, accounting, management, security, tactical, political, or psychological counseling. If such advice is required the services of a competent professional should be obtained. We assume no responsibility for the accuracy of, or errors or omissions in, the information provided. In no event shall we be liable for any direct, indirect, consequential, special, or incidental damages arising out of the use of, or the inability to use, information described in the magazine.

We are not responsible for typographical errors, browser performance, or email client idiosyncracies. The names of characters, corporations, institutions, organizations, products, and services used to illustrate human behavior in this publication are entirely fictitious, except for the names of existing intelligence agencies, security services, and police agencies. No resemblance to actual individuals or entities is otherwise intended or implied.


/Here's-how, Right-now! Seminars Inc./ grants you, and you accept, a nonexclusive nontransferable license as follows for /Spy & CounterSpy/, an electronic magazine hereinafter called the "product".

You may use the product for your own use. You may make copies of the product on your hard disk and on floppy disk for backup purposes. You may print paper copies of the product for personal use. You may copy and distribute Internet-readable copies of the product by email, by link, by posting at your website, and for critical reviews and news reports in electronic or print form. You shall not otherwise modify or adapt the product using any means, electronic or mechanical, either in displayable form or as HTML source code.

You shall not otherwise sell or transfer reproductions of the product to other parties in any way, nor rent, lease, or preview the product to other parties without the prior written permission of /Here's-how, Right-now! Seminars Inc./

Limited Warranty

You expressly acknowledge and agree that use of the product is at your sole risk. The product and related documentation are provided as is and without warranty of any kind, and /Here's-how, Right-now! Seminars Inc./ expressly disclaims all warranties, express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. No advertising, description, or representation, whether made by /Here's-how, Right-now! Seminars Inc./'s agent, dealer, or employee shall be binding upon /Here's-how, Right-now! Seminars Inc./ or shall change the terms of this disclaimer or the limited warranty set forth herein.

/Here's-how, Right-now! Seminars Inc./ does not warrant that the methods contained in the product will meet your requirements, or that the performance of the methods will be error-free, or that delivery of the product will be uninterrupted or error-free, or that defects in the product will be corrected.

Furthermore, /Here's-how, Right-now! Seminars Inc./ does not warrant or make any representations regarding the use or the results of the use of the product or related documentation in terms of their correctness, accuracy, reliability, or otherwise. No oral or written information or advice given by /Here's-how, Right-now! Seminars Inc./ or its authorized representatives shall create a warranty or in any way increase the scope of this limited warranty.

Should the product prove defective, you (and not /Here's-how, Right-now! Seminars Inc./) assume the entire cost of all necessary correction, repair, or servicing. Some jurisdictions do not allow the exclusion of implied warranties, so the above exclusion may not apply to you.

/Here's-how, Right-now! Seminars Inc./ shall not be liable for special, incidental, consequential, or other damages, even if /Here's-how, Right-now! Seminars Inc./ is advised of or aware of the possibility of such damages. This means that /Here's-how, Right-now! Seminars Inc./ shall not be responsible or liable for lost profits or revenues, or for damages or costs incurred as a result of loss of time, data, or use of the product, or from any other cause. In no event shall /Here's-how, Right-now! Seminars Inc./'s liability exceed the purchase price of the product. Some jurisdictions do not allow the exclusion or limitation of incidental or consequential damages, so the above limitation or exclusion may not apply to you. The author and publisher of the product have used their best efforts in preparing the product and the material contained in it. These efforts include the development, research, and testing of the theories and methods in order to determine their effectiveness. The author and publisher make no warranty of any kind, express or implied, with regard to these techniques or the documentation contained in this product. The author and publisher shall not be liable in the event of incidental or consequential damages in connection with, or arising out of, the furnishing, performance, or use of the techniques, associated instructions, and/or claims of productivity gains.


Table of Contents

Write a Letter to the Editor

Comment on this article
View all comments on this article