I love what you Anon guys do but you don’t understand the problems and challenges I face, immediately popped into my mind, but I didn’t have time to respond. Now I do.

The typical Anon lives an outwardly normal life but chooses to keep part of their online activities very secret.

If they have done their security jobs well, no one knows or even suspects they have another, Anonymous life online.

The typical whistle blower faces very different challenges.  If someone worries about what they might say or do, there is a good chance ALL their activities are monitored, including having key loggers put on their PCs. If intimidation or retaliation is evident, this may well be the case.

LulzSec’s disclosure of intelligence contractor HBGary’s PowerPoint presentations proposing ways to silence Progressive voices like Salon.com columnist Glenn Greenwald and Chamber of Commerce critics shows such actions are commonplace.  It proves what I’ve been saying for a long time:  banks and big companies use intelligence contractors to silence whistle blowers and critics.

Ever wonder why we don’t hear from whistle blowers despite all the fraud in the banking and mortgage industries?  Whistle blowers are silenced. I know because it is happening to me. See ReportingWrongdoing.com for details.

Two Stages of Whistle Blowing

There are two very different stages whistle blowers face.  The first is the Stealth Stage where no one knows or even suspects they intend to disclose damaging information.  Whistle blowers in the Stealth Stage are very much like typical Anons.

In the stealth stage, using anonymizing techniques like TOR and disposable cellphones can be very helpful.

The second is the Silenced/Suppressed/Retaliation Stage where whistle blowers are being silenced or retaliated against because of what they have revealed or might reveal. 

It’s important to emphasize that people don’t have to actually blow the whistle or disclose information to have these operations run against them.  If someone powerful worries about what you know or might do, you can be targeted for these retaliatory crimes.

In the Silenced/Suppressed/Retaliation Stage the retaliator’s goal is to cut the target’s communications so they can be isolated and eliminated without incident.  Secret cellphones don’t help the general public contact the target, the numbers are easily compromised whenever voice mail messages are left.

If the target’s cellphone is hacked (Google cellphone spying and cellphone spying to see how easy this is) their telephone communications are effectively cut.

Similarly, sophisticated keyloggers can track ALL their online activity, recording all the target’s passwords and browsing history. Email is filtered and deleted before the target sees it.

How Anons Can Assist Whistle Blowers in the Stealth Stage:

The biggest problem most whistle blowers face is:  Where can you disclose damaging information with complete safety and anonymity?  WikiLeaks is not accepting new submissions. You cannot count on law enforcement or federal agencies like the DOJ or SEC to follow up and prosecute.  The media is often unwilling to offend major advertisers or face a powerful board of directors.

Consider establishing a highly confidential, blog like interface that allows leakers to post information and place the responsibility on the leaker to explain what the information is and why it is significant. Using a WikiLeaks like approach, crowd source the information publicly and to the press to see if it is valid and valuable.  This helps protect Anons from being set up with false data by trolls and dirty tricksters.

Stealth Whistle Blowers will need clear, easy to follow instructions written in simple language describing how to upload information, protect their anonymity and be absolutely secure. Field test the instructions carefully to make sure they can be followed by technically limited,  frightened people.

Suggest they upload at different locations while traveling, wear disguises, use libraries, internet cafes (watch for security cameras) or other facilities (some YMCA’s have computer rooms.)  Describe how to keep yourself safe online (the Anons Guide to Internet Security?)

The Silenced/Suppressed/Retaliation Stage:

Here the whistle blower or potential whistle blower has been targeted for intentional, covert adverse action.  Crimes committed to intimidate, silence or suppress them need to be exposed.  The whistle blower’s activities are probably monitored and key loggers on their PCs add tracking signals to any USB or CD that connects to their systems.

There is no privacy or anonymity in these situations.   The perpetrators can be intelligence contractors like HBGary working for America’s most secret agencies.  The best defense is to be very visible and verbal about what is happening.  The goal is to smear, discredit and isolate the whistle blower so they can be eliminated without incident.

An estimated 60-70% of America’s $60 billion National Security budget is paid to private contractors, some of them are corrupt.  (See Tim Shorrock’s excellent, well documented book, Spies For Hire.) Many of the larger intelligence contractors advise multiple federal agencies and law enforcement agencies at high levels.  They are in positions to commit crimes, cover them up and get cooperation from law enforcement.

These private intelligence contractors also work for business interests and private corporations. They operate with immunity.  They can act as a secret police for private interests without any oversight, review or control.

How Anons Can Assist Whistle Blowers in the Silenced/Suppressed/Retaliation Stage:

The greatest dangers for Anons assisting whistle blowers in the Silenced/Suppressed/Retaliation Stage are:  1) You may be facing some of our nation’s most sophisticated intelligence contractors with unlimited resources;  2) These people can be used as honey pots to disclose your own identity; and 3) It’s easy to get involved with crazies, trolls and dirty tricksters.

The whistle blower’s plight is already public. The best strategy for Anons is to use their public profiles and to involve appropriate resources and reliable media at the right time in a public way.

Would it be satisfying to identify and publicly reveal corrupt contractors or federal agencies that had illegally placed key loggers on activists’ PCs? It could be lucrative if they sue for damages and make you a party to the settlement.

Documenting and disclosing the hacking or deliberate disruption of telephone and email services is easily achieved and could be lucrative as well.  The information could be used to pressure law enforcement to take action.

We’ll expand and explore this further in the future – see:  WhistleBlowerSurvival.com  Please comment!

Caller ID Spoofers allow you to change the caller ID of the telephone you are dialing from.

For example, if you decided to use the phrase “Gone Fishin” as your caller ID, the receiving party sees “Gone Fishin,” your spoofed caller ID,  instead of your real telephone number when you call them.

Caller ID Spoofing is offered by a variety of suppliers, many of whom are off shore and out of jurisdiction for local law enforcement.

This article is a must read for anyone who uses a phone.  You don’t need all the fancy software mention in the next post.

If you think your telephone messages are safe and secure you’re very wrong!

Copyright 2011 by The Happiness Hacker. Free Use Granted when the source is cited and a link to HappinessHacker.com  is included prominently with the posting.

These network television clips explain the dangers of Cellphone Spying far more forcefully and credibly than I can:

Overview of Cellphone Spyware (NBC):
http://www.youtube.com/watch?v=ldx0vDr5npE

Good Morning America (ABC):
http://www.youtube.com/watch?v=w3PKKxsuDk0&feature=related

FBI Cellphone Spying (Fox):
http://www.youtube.com/watch?v=g5GoJg_JRZw

Cellphone Spying (NBC 10):
http://www.youtube.com/watch?v=_zm3fH6qiNo&feature=related

Stalking & Harassing Women:
http://www.youtube.com/watch?v=c9pnkn6rh4o&feature=related

How To Tell If Your Cellphone Is Tapped (Howcast):
http://www.youtube.com/watch?v=tMJ3FzTnUU4&feature=related

Any doubts now how dangerous cellphone spyware is?

Copyright 2011 by The Happiness Hacker. Free Use Granted when the source is cited and a link to HappinessHacker.com  is included prominently with the posting.

I entered the world of hacking because I am being hacked myself – probably in retaliation for talking to the Securities and Exchange Commission about major accounting irregularities at the bank where I worked for 20 years.

Not A Snitch! – I was hired by SunTrust Bank* in Atlanta for their first McKinsey Client Team so I was able to see their operations from a very privileged perspective.

Three SunTrust Executive Vice Presidents were fired for accounting irregularities during a major SEC investigation – the EVP I reported to survived.

I was told a valued work colleague was pushed to suicide by all the problems.  If someone had pushed me to suicide, I’d want someone to speak up, so I did.

Shortly thereafter a long string of bad things started to happen.

The Goons said they would strangle my life and my business see: ReportingWrongdoing.com

I have watched calls come into my Verizon Blackberry 8830 and seen both the calling number and the voice mail message disappear before I could get to them.  Cellphone hacking  is a world wide problem. Google: cellphone spyware or cellphone spying to see how it works.

SMobile Systems  cellphone security software,  a U.S. Government standard, will not install on my Blackberry 8830s.

I have continual vandalism, thefts and threats, clothing and personal items are regularly slashed or stained.

There have been two attempts on my life concealed as and designed to cause automobile accidents.

Until the February  2011 HBGary disclosures by Anonymous, people did not believe me when I said government contractors were probably to blame. The Goons are able to operate with impunity and get cooperation from law enforcement agencies.

Defend-Dissent describes a Department of Defense research program that could be used to silence whistle blowers.

Hacking?  I attended The Last HOPE conference in New York City in July 2008 and again in 2010  trying to get help with these problems.  I’m technically adept but I do not try to break into other people’s systems.

I really respect, appreciate and applaud the way the Anonymous collective supports people fighting for freedom and democracy.

Sooner or later, the truth will come out. What’s happening to me can be directed against other activists and government or corporate critics.

Let’s stop it while we still can.

Happiness – I’d much rather be focusing on happiness – see HappinessHabit.com to see what I do.  I hope you enjoy exploring our many happiness sites.

I’m updating and expanding this site, removing old materials, adding new as needed.

If you can, please try to help.  This is much bigger and more important than just me.

Michele Moore
HappinessHabit.com

*I was hired by Trust Company Bank which became SunTrust Bank following their merger with SunBank of Florida.

Google:  cellphone spyware  and cellphone spying to see all the products that will allow you to monitor someones cellphone calls, text messages and GPS location.

Some spyware programs even allow you to turn the targeted cellphone’s microphone on when it is NOT in use so you an listen to room conversations.  Creepy, right!

We’re all familiar with PC key logger programs that allow you to monitor everything that is typed or sent from a targeted device.

It’s frighteningly easy to track what a person is doing or trying to do by monitoring their online activity and their cellphone activity.

Then it’s just a simple step to use Caller ID Spoofing to make anonymous calls to create havoc in their life.  Some Caller ID spoofing programs even offer voice disguises if you don’t have your own.

Some Stalk and Smear organizations send crazed imposters claiming to be the smear target to alienate and frighten anyone who tries to help or work with them.

Do you think there are sick stalkers out there that would find this fun?  Do you think there are criminals who would do it for money?  Do you think there are people who would use it to steal your life and your happiness from you?

It’s a real threat, be aware these technologies exist and recognize how easy and inexpensive they are to use.

Copyright 2011 by The Happiness Hacker. Free Use Granted when the source is cited and a link to HappinessHacker.com  is included prominently with the posting.

Years of work and lots of money can suddenly disappear.

Sadly, this happens all the time. Criminals break into one site and use the email addresses and passwords they find to break into other accounts that use the same passwords and email combinations.  

Here are several strategies to easily make your passwords safer and more secure – Warning: If a key logger is on your PC, all your passwords are easily read anytime by the owners of the key logger.

“One way to make your web identities more secure” Technology Review say, “is simply to acknowledge that there are entire classes of websites for which you should simply pretend that your password is already public.”

They recommend establishing several different layers of importance and dealing with each layer independently. It’s an excellent article.

Experts also recommend using Complex Passwords – unidentifiable sequences of letters and numbers that do not use common names or nouns like:  Oscus$btdel

This is much harder to guess or crack than common names or nouns which are all too often used as part of passwords.  The problem is remembering these complex passwords without writing them down.

Here’s a tip to make remembering complex passwords easy:  Use the first letter of a well known song or poem and add a special character at the end of each phrase.  Select a song or poem that has special significance to you or with limited knowledge or recognition.

Then write a clue that makes it easy for you to remember the song or poem you selected, like:   flag$   

And be sure to keep your password clue sheets with your user names absolutely secure.

Can you easily guess what the phrase was?   Take a moment and see if you can figure it out:  Oscus$btdel   from the clue:  flag$

“Oh say can you see,  by the dawn’s early light”

Or use the chorus of your favorite Rolling Stones song and write down the clue:   Stone%   and don’t tell people what your favorite Rollings Stones song is.

Another EASY way to create UNIQUE passwords for each site you regularly visit is to use a sentence that includes the name of the site in the password:

TspitwsoGM2  -  The smartest person in the world signs onto GMail2

Keep your phrase VERY SECRET!  Be careful to select a phrase that is not easily guessed and change your special phrase regularly.

Remember that most passwords are easily recoverable and can be quickly reset if you cannot remember the phrase you selected.

Define your own written Password Security Plan that identifies and protects your most important online access and acknowledges which passwords are most likely to be compromised by sloppy data security.

Keep your list of clues safe and change your most important passwords (banking, PayPal) regularly.

For more on this see: Seven Ways to Avoid Getting Hacked by Anonymous

Please comment and let us know what you think.

Good luck and safe computing!

Copyright 2011 by The Happiness Hacker. Free Use Granted when the source is cited and a link to HappinessHacker.com  is included prominently with the posting.

Is This The Girl That Hacked HBGary? – http://blogs.forbes.com/parmyolson/2011/…http://blogs.forbes.com/parmyolson/2011/03/16/is-this-the-girl-that-hack includes an interesting description of how a prominent hacker named Kayla operates online:

… She has no physical hard drive and boots her computer from a microSD card. “I could hide this card anywhere or chew it into a million pieces in a few seconds,” she says by e-mail. She keeps her operating system on a USB stick and uses a virtual machine (VM) to carry out her online shenanigans.

Are clear instructions describing how to construct a bootable microSD card, what operating systems to put on a USB stick and the best VM configurations to use for this posted somewhere?

I tried to use PenDriveLinux on a USB drive but couldn’t get it to work. Still don’t know if it was me, user error, or if the download was intentionally bollixed.

Read http://ReportingWrongdoing.com to understand why.

Simple, clear instructions for doing Super Cyber Security would be a big help to activists and dissidents fighting oppressive governments.

Can you help or point me in the right direction?

See: ExposingKeyloggers.Wordpress.com

Rootkit key loggers, like those developed by HBGary  and disclosed by Anonymous, threaten activists, freedom fighters and democracy world wide.

Key loggers record all the keystrokes on the target PC and send them to a remote location where they are stored and viewed. They are commonly used by parents to monitor their children’s Internet activity and for industrial espionage in business settings.

It’s a sophisticated spying technique that is readily available to oppressive governments everywhere.  They are designed to be intentionally hard to detect so people don’t find them and delete them.

Key loggers must use standard communications protocols to transmit their information to the remote location to work.*

This is a key logger’s most vulnerable point, when they transmit to the remote location, where they can be detected, identified and tracked.

*Some key loggers may simply store information on an USB-like memory stick but this information must be physically retrieved. This is only appropriate when the target PC (or printer) does not have good 7/24 physical security.

If enough prominent people find unauthorized key loggers spying on their PCs, their outrage would pressure the media and law enforcement to investigate and stop this spying.

Project Goal: Produce simple, reliable, inexpensive means to detect when key loggers transmit data to the remote location and identify where and when they are sending data in a form that can be easily shared widely with activists.

It’s important to emphasize that ANY device that does not have good 7/24 physical security can easily be tampered with. Portability, stability, reliability and ease of use need to be high priorities.

Concept #2:  Use a simple line sniffer to read and record the address headers of all outgoing transmissions. The hardware should be easily constructed from readily available electronic components or reuse of old PCs. The software should be Open Source or offered under an inexpensive Creative Commons arrangement.

Outbound transmissions from a PC should fall into one of two categories:  1) Deliberate browsing activity;   2) Installed programs calling home checking for updates.  The second would be relatively small, short and predictable, especially if automatic update is turned off.

Anything outside of these two types of transmissions would be suspect.  HBGary proposed disguising its key logger transmissions as ad clicks.

It shouldn’t be hard to read and record the address headers and the size of all outgoing transmissions. Key logger transmissions would be relatively large or frequent anomalies.  Once the entire key logger transmissions are identified, it’s easy to prove unauthorized spying is occurring.

The system should be designed to be as simple and inexpensive as possible and to minimize the possibility of hacks and back doors being installed to defeat them.  Hash or CRC checks should ensure the original code has not been changed.

Develop simple step by step procedures for constructing and setting up inexpensive line sniffers to do this.

Invite hackers to make suggestions as to how it could be defeated and improved.  Solicit better ideas from the hacking community. Review and improve the approach and instructions.

Once the design is finalized, share the instructions widely publicly in different languages.

Key logger sweeps could be a money making opportunity for people who have the interest, equipment and skills to do it.

Questions:

Is this the best approach? Has it already been done and documented? What is the best way to proceed?

I don’t have the expertise or skills to develop this myself, but I can certainly help test, polish and promote it.

Please Support This Effort & Stop the National Security State

Thanks to Black Ops emails from HBGary  which were leaked by Anonymous, we know the details of how the most sophisticated rootkit key loggers being developed for the U.S. Government work.

Key loggers are intentionally designed to be very hard to detect (if antivirus software found them, they could be deleted)  but all key loggers have to call home using standard protocols to work.

This is a key logger’s most vulnerable point, when they call home, where they can be detected, identified and tracked.

If enough prominent people find unauthorized key loggers spying on their PCs, their outrage would pressure the media and law enforcement to investigate and stop this spying.

Project Goal: Produce simple, reliable means to detect when key loggers call home and identify where and when they are sending data in a form that can be easily shared widely with activists.

Concept #1: Use Linux firewalls to monitor all outgoing traffic to prove key loggers are present and to identify where the information is being sent.

The system should be designed to be as simple and inexpensive as possible and to minimize the possibility of hacks and back doors being installed to defeat them.

Develop simple step by step procedures for setting up inexpensive Linux firewalls to do this.

Invite hackers to make suggestions as to how it could be defeated and improved.  Solicit better ideas from the hacking community. Review and improve the approach and instructions.

Once the design is finalized, share the instructions widely publicly in different languages.

Key logger sweeps could be a money making opportunity for people who have the interest, equipment and skills to do it.

Note:  Norton and other major security software vendors specifically exempt certain key logger detection functions to protect law enforcement activities. The solution MUST be able to catch these protected exemptions.

Even the simple recording of outgoing addresses that could be easily imported into an Excel spreadsheet might be of value.

Questions:

Is this the best approach? Has it already been done and documented? What is the best way to proceed?

I don’t have the expertise or skills to develop this myself, but I can certainly help test, polish and promote it.

Please Support This Effort & Stop the National Security State