Tinker, Tailor, Soldier… Hacker??

Lots of you are aware that the laptop I used from 2010 to early 2013 now has a new home as an exhibit inside Washington DC’s International Spy Museum. Many people are wondering how the hell it got there, this post will address that question.

The International Spy Museum and friends expressed an interest in acquiring the laptop on loan for a period of five years, to be displayed under glass in their new Weapons of Mass Disruption exhibit. I thought this was such a cool idea. But I had to think about the logistics of getting it there safely and without jeopardizing my own position. It just so happens that one of my followers whom I have a great deal of respect for, offered to be (one of) the links in the chain between me and the museum.

I set about sanitizing the laptop both inside and out, including DBANning the SSD drive multiple times and ‘draining’ the RAM. I removed all serial numbers, drilled the torque screws out so they could not be removed and cleansed the exterior thoroughly to remove prints, etc.

With that done, I packaged it up and set about setting up a chain of 3 people, none of whom know my identity, to relay it to each other with the final link in the chain being in Washington DC, who was willing to walk it directly into the museum personally. Once this was arranged I waited until I was out of town on business with my day job before mailing it to the first link in the chain.

And that’s what happened. It’s a great honor for me that it’s got a home there for now, but also very surreal. The 007 Bond car is directly to its left standing overwatch. Very weird for me to see photos of it being tweeted to me by visitors. I always associate museums with artifacts from dead people and events long since passed. It’s just a huge honor for me. I’d like to thank the International Spy Museum (@IntlSpyMuseum), and all the folks that facilitated the transportation and handover (you know who you are). Thank you. Here’s some more photos of the handover:

Click to Images Enlarge

Interesting Footnote:

The irony of how the Museum even found out about the laptop in the first place.

I originally attempted to auction my decommissioned laptop using the BitMit Bitcoin auction site, to preserve my anonymity and donate the proceeds to the Wounded Warrior Project. What could go wrong?

Well, it was all going great, I let everyone know via twitter and my blog and a few bids came in. Then predictably the crazed stalker now known as NarcoTroll Emick and her then sidekick (she has a new sidekick now) decided that it was all a big scam, I didn’t have the laptop and so on, the usual fathomless shit from her. They took it upon themselves to sabotage the auction, in the interests of the public at large (clearly lol) to prevent me from ‘ripping anybody off’. Asshats, I know. Here’s NarcoTroll Emick claiming the laptop doesn’t exist and here’s a screenshot of their outrageous bidding.

I suppose it was naive of me to think this wouldn’t happen, but I thought it was worth a shot for a good cause. So it came to be that the auction had to be abandoned, all because NarcoTroll Emick knows best, and isn’t at all vindictive and jealous or anything right? So I’d like to thank the NarcoTroll Emick because without her obsessive mission to ‘thwart’ my every move, this whole thing would never have happened. Thanks Jen, I am so proud.

Moral of the story. Be careful what you wish troll for.

Happy Independence Day.

Peace.

J

.

Joey Ortega – Behind the Wig

The poisonous, obnoxious, obsessive stalker known as NarcoTroll Emick famed for spending the last 2 years of her life hounding me, has FINALLY found a friend. It had to happen sooner or later, and I must say they definitely deserve each other. Both are failed ‘investigators’ both are parasitic trolls spewing lies and bullshit day after day in the hope that something eventually sticks, and most interestingly both are desperate for recognition or fame and they see me as a ‘trophy’ or something. They want to be the one who ‘got me’.

Here’s the sad story of how the NarcoTroll Emick finally found a friend.

It’s a little known fact that Joey Ortega AKA @theYellowTape used to approve of my intrepid adventures, so much so that popular culture might have even referred to him as a ‘fanboi’. This all changed after a fateful night a few months back.

Now,  Joey lives with his brother and his sister-in-law, sponging off them by day, and by night he has a natty little podcast – he actually uses this fact to pass himself off as ‘media’ to anyone who will listen, but lying is a personal trait of his. So anyway, his show lasts about 2 hours, but if you cut out all the ‘umming and ahhhing’ and ‘errrrring’ there’s about 5 minutes of actual content. One night he advertised on twitter he was going to be talking about me on his ‘show’. I decided I would listen to it and thought I might help him out and let all my followers know about his show and that I would be listening too. You know, helping a ‘brother’ out.

So it came to pass that Joey’s show got more listeners than it has ever had (combined) on this particular night. But 2 strange things happened during the course of the show.

First Strange thing: As we all know I get A LOT of people pretending they are me, imposters if you will. I am currently in a battle with twitter to try and get myself verified because of this very thing, you can read my open letter here. So during the show a mildly amusing freaking Keith Richards sound-a-like calls in and says he is ‘The Jester’ – I lolled. But he was lucid enough to say he would ‘authenticate’ on twitter that he was the ‘real’ Jester.

Sidenote: In hindsight I think it was probably a ruse engineered by Joey himself. Something like – get a friend to phone into his podcast making out he’s ‘Jester’ and gain major listeners and ratings, or whatever the fuck.

Second Strange thing: I thought, for once I’ll roll with the imposter and tweeted out during the show that the Keith Richards Sound-a-like was genuinely me, just to see how it panned out. I bet the imposter damn near shit his pants. Big fucking mistake.

After his show Joey decided to make a ‘mixtape’ called ‘Trolled by Jester’ with sound bites of the Keith Richards caller and then sell it on iTunes, Amazon, and a million other places. This is when I first realized Joey was a fame whoreing parasite who will stop at nothing to further his own agenda and financial gain, on the backs of others. He ‘marketed’ the ‘mixtape’ by pushing out I was on it. This is all AFTER I had found out about it and contacted him privately to save him from public embarrassment to inform him that firstly, it wasn’t actually me who called his show, did he really think I would break cover after over 3 years to call a shitty little podcast with 4 listeners, and also that I was not happy about him making money off my name, misleading the public and misrepresenting me.

This is when he got nasty.

The NarcoTroll Emick, who latches on to anybody who shows even a hint of disagreeing with me, noticed this and started feeding him her line of shit all about how I am fake, and a scammer etc etc and she’s even furnished him with ‘my name’ – lol. Now Joey, is on a mission to ‘destroy’ me, expose me and prove all of NarcoTroll Emick‘s theories and generally take a dump on everything I do or say. They are really quite menacing and harrassing to anyone who supports me too. They are also so narcissistic they insist that anyone who disagrees with them or disproves their shit with facts or evidence is an account run by myself, they literally can’t grasp that another human being isn’t buying their lies. It’s actually quite laughable, I’m not going to bore you with the hundreds of tweets he has directed at me over the past week but here’s a couple of my faves:

So I’ve repeatedly and publicly asked him to provide this ‘name’ of mine……. crickets.

This is where he thinks his hair is of adequate length to ‘give me a shot’.

Errrrm – who the fuck are you again Joey? My Dad or something?

The best theory they have dumped so far (and there are many, no shred of facts or evidence to back anything up though) is regarding the last WBC hack (Yahoo news story) on the Oklahoma site. Emick and Joey are insisting that I registered the domain 5 YEARS ago, it belonged to me and I never hacked anything. Lemme get this correct, I registered godhatesoklahoma.com site 2 years before ‘Jester’ even existed in the hope that a natural disaster would occur (in Oklahoma no less) all so I could fake a hack on WBC? Okaaaay crackheads, because that sounds legit. Ever hear of WHOIS?

I just wanted you guys to know what went down. This latest round of online abuse has flared up since my laptop was installed at the International Spy Museum in DC, I made the cover of Newsweek , I had a TV slot on MSNBC and I dared to make and sell some t-shirts all in the same week. Funny that? You see, it boils down to pure jealousy and butthurt. Nothing more complicated than that, and as we have seen this week, birds of a feather are flocking together, except the flock is pretty sparse.   They are both the most narcissistic fuckstains I have ever witnessed and deserve each other.

So be advised, these two insignificant glue bags will spend all day and night, hinting and eluding to ‘facts’, suggesting they ‘have something’ and being generally vague about their ‘investigations’ – all you have to do is ask them to show some kind of ‘evidence’ or proof of their crazy fucking claims.

In short Joey, I’m not calling you an asshole.  NarcoTroll Emick is an asshole. But if an asshole had an asshole, you’d be that asshole. I would suggest you make like ‘Lou Diamond Phillips’ and pedal your spirit horse off my dick, before I actually uncoil on you. You should know, the last troll that I did that with was REALLY SORRY, and if you view this you have to ask yourself the question ‘what could make a grown-ass man fold and u-turn after a 2 year smear campaign.

I’d like to thank all the followers I have that help me deal with these chapped-ass parasitic wasters, keep challenging the crazy. But remember, there’s too many awesome people on twitter to waste too much time on this lot. Thank you.

Some people just need a high five. To the face. With a chair.

Okay that’s all for now.

J

cc: Mr Michael Ullemeyer

PS: What you still doing here? Quit reading this and get to the good stuff about the Snowden/NSA furor.

This:

.

So…About This Snowden Affair

My twitter timeline is bulging with my views and commentary on this whole Edward Snowden/NSA thing, yet everyday there’s a new person asking me ‘ So J, what’s your take on the Snowden thing’ – well here’s my goddam take on the ‘Snowden thing’. Be advised it’s just what I think, and to those waxing on about your freedom of speech, then I’m entitled to mine too and here it is.

Let’s start with Snowden Himself

What we essentially have is a low-level gimp who has lied about numerous things and embellished others since identifying himself. What we do know is he fancied himself as a bit of a ladies man and international man of mystery. A very narcissistic character, although I am sure now he has a new found understanding as to why secrets are essential, considering he is hiding himself like a scared little puppy and doesn’t want anyone to know where he is or where he’s headed. Funny how that works. So secrets are okay now? For more of a background on exactly what caliber of  fuck stain Snowden has always been you can look at his past for yourself, he used to use the very inappropriate internet nickname ‘theTrueHooah’, so here’s a simple google search of that handle from Jnauary 2000 to the day before he identified himself. Interesting reading.

……okay, that should have got rid of the ‘Snowden is a Hero’ demographic.

So on to the ‘Whistleblowing’

One thing to clear up is he didn’t work for the NSA. He worked for Booz Allen Hamilton and they contract to the NSA. The guy was a nobody, desperate to be a somebody. So much so he admitted here, that he went to work for Booz Allen Hamilton for the specific reason of gaining intelligence about the NSA’s programmes. He’s not a fucking ‘whistleblower’ he’s a traitor. There are procedures he could have followed that are designed specifically to protect the blower of the whistle, and none of them include running to the Chinese with FOUR laptops and a USB stick full of sensitive government information.

He didn’t have to do it this way. Any rules regarding government employees, especially NSA, not being permitted to blow whistles, don’t apply here, he didn’t work for NSA. He worked for a civilian contractor. Another thing people are questioning is how he had access to this stuff. Well he didn’t. What he did do as reported here, is fabricated digital keys that gave him access to areas he was not allowed to visit as a low-level contractor.

So let’s recap so far.

• Snowden admits to joining Booze, for the sole reason of stealing (yes stealing, he’s a common thief too ) intel on NSA programmes.
• Snowden admits to fabricating digital keys so that he could gain access to areas he was not authorized.
• Snowden was in the job only 3 Months (with BAH) before he bolted to the open arms of the CHINESE with FOUR laptops.

.

This is not a goddam hero, here to save Americans from ‘the government’ because of privacy infringements and breaches of the 4th amendment, he is a traitor and has jeopardized all our lives because of the intelligence we have lost to perceived enemies, human operations that now have to be abandoned for fear of possible compromise, and worse than all this, intelligence we will no longer be able to aquire about threats to the nation in the future.

So what’s really going on?

Well it sure as hell isn’t trying to expose a corrupt government and save the people’s god-given privacy rights, that’s for damn sure. Look at the facts. This was plannned. Well planned. Snowden knew exactly where he was going, and who was gonna meet him there. Did nobody wonder how Wikileaks staff including Assanges’ own girlfriend, were in Hong Kong so quickly? FOUR laptops were mysteriously separated from Snowden, the genius master-spy as soon as he arrived in Hong Kong, they traveled in separate vehicles, because that sounds legit right? Then on to Russia for leg two of the world tour.

It’s my belief old Snowden was groomed by that Assange, much like Manning was. Also something worth noting is Mr transparency Assange himself is far from transparent and more than nefarious. Does nobody wonder why this fighter of truth and justice and transparency has:

• Overlooked murdered Russian whistleblowers Magnistky or Navalny.
• Conveniently forgotten all about Pussy Riot’s incarceration?
• Made sure certain nations feature less in the Wikileaks cable leaks?

.

Well now you know. It’s not hard to see there’s a less than noble agenda here. Who is Assange, and what manner of dirt is he holding back in the cable releases about Ecuador? He’s been living on their dime in their London Embassy for a year now, and it’s possible that Snowden is heading there too. Oh, and here’s a coincidence, this whole thing occurred only one week into the Manning trial. Distinct smell of fish in the air.

It’s also interesting that both Snowden and Assange have played the – ‘I’ve got an insurance file that will be distributed over the internet if anything happens to me card.’ See here for Assange and here for Snowden versions of the same ransom tactic.

What’s playing out with Snowden right now is game of highest bidder, and Assange is the broker, and has been from the start, remember Wikileaks staff including Assanges’ girlfriend – Sarah Harrison, were on the scene in Hong Kong pretty fucking fast.  And let’s not forget Assange isn’t seeking asylum because he’s some heroic whistleblower or do-gooder. He’s wanted for questioning on a rape charge.

But PRiSM is watching my every move?

Get a life. Shit, the average iPhone or Nikon SLR captures more identifying data and meta-data about you than PRiSM, are you getting all crotchety with Apple or Nikon too? Do you think PriSM is new? Just because YOU don’t know about it doesn’t mean it’s ‘new’ – try googling ‘Echelon‘ or ‘Carnivore‘, it’s just an natural extension of the same, things move on you know? Quit crying about it.

I am aware of 40 foiled plots in just one year – just like the Boston Bombing – you can thank our intelligence community with the help of programmes like PRiSM you don’t know about 39 more. For the record, I don’t sway towards a pro-government stance, no matter what you may think, I sway toward pro OUR Military, LEA, & Intel Communities who do the same job no matter who is sitting in the big seat.

Even if NSA were hoovering up trillions of petabytes of data on every single individual in the country or the world for that matter, why do you feel that you are so riveting? Nobody in government gives a shit about who’s wife you are screwing. You know these same people who are crying about PriSM and projects like it, are the same folks who publish every morsel of food they consume and every dump they take to the likes of facebook for all the world to see.

But if you still want privacy? Be responsible for it yourself. It’s entirely possible to do, I am living proof by the way. If it’s that important to you, why would you entrust anyone else with it? The 2nd amendment allows us to carry guns, and be responsible for our personal safety. Correct use of encryption allows us to be responsible for our privacy.

Before you start slinging mud at me about my own activities. Two things to note. I never target the US and If I am arrested, and convicted in due process by a jury of my peers I will consider that justice will have been served.

(and I won’t run away to the Chinese or anyone else either as I am sure they’d love a little chat, because that’s just downright decidedly totally UNAmerican).

Peace.

J

THIS:

 

JΞSTΞR GΞAR OFFICIAL STORΞ

“Capitalism has worked very well. Anyone who wants to move to North Korea is welcome.” – Bill Gates

To clarify, quantify and justify. Howdy folks. After much deliberation I have decided to bite the bullet and bow to the requests of many and open an online store. I am sure I will come into a lot of critique from the usual set of trolls, but what don’t they whine about?? In order to head off some of the inevitable bad-mouthing and naysayers, I’ll outline my thoughts on the matter at the end of this post, but beware it essentially equates to don’t like it – don’t buy it. Simple eh?

About The Store

I have chosen to open my store at ZAZZLE.COM (international buyers can use the links on the store footer).  I’ll be adding new stuff as time goes on, when I can fit in designing etc. Ladies please take note that all shirts can be customized into a ladies cut or color  and style via the item details page.

My Personal Security

Now before we go any further, my personal details are not linked in anyway to the account, and I will be withdrawing the profits, minus 10% to Wounded Warrior Project via a trusted third party, who will then send me my cut via Bitcoin in order to preserve my anonymity.

Why Have I Done This

• Well, I’ve been operating for well over 3 years now, and whether I like it or not there is a ‘brand’ that has evolved.
• Many people have asked if I will do T-Shirts and similar products and I agree it’s a great idea.
• As we know, Wounded Warrior Project is close to my heart, and 10% of all profits will find their way to WWP.
• Over the years I have watched many people try to sell stuff bearing my name, I decided that if I don’t do it, somebody else will.
• Servers, bandwidth, development costs and general awesomeness doesn’t grow on fucking trees you know.

 

If you are in any way unhappy or butthurt with my decision, here’s what you can do:

• Just don’t buy anything. I am not forcing you to do anything here.
• Work for free for 3 years, evolve a brand and setup your own shop, capitalism is what this great country was founded on.
• Just donate to Wounded Warrior Project direct as I have historically always asked on my support page.

 

And with that I guess all that’s left to say is Welcome to the Store there’s always a link to ‘JESTERGEAR’ on the top navigation menu of this blog and latest stuff will show in the left sidebar. Thanks for the support and if anyone has any funky ideas for shirts that you think I will like, feel free to tweet me.

Final clarification, my personal details are not attached to my zazzle.com account, trying to hack them or harassing them is a total waste of time. This is not the online shop you are looking for.

Peace.

J

.

Menomonie High School – Unmasking Jester

I have always tried to support education and those institutions and as you may have noticed I often do class interactions, particularly with students from Utica College and University of Southern Maine. I am often told of ‘case studies’ and assignment tasks that tutors from many places of education set for students based upon my antics. It is a rare occasion that  I ever get to see any of the papers, however a few days ago the following tweet popped up in my timeline:

I approached @MilkyCaramel014 and asked if I could take a look at his findings. It was a short paper and I think it was very well put together so in keeping with my policy of support for education, I asked for permission from him to post here on the blog and he kindly agreed. What follows is the paper (verbatim) – written for Mr John Kitzman’s Modern Military History class at Menomonie High School in Wisconsin, by student Dylan Jerald Harmston AKA @MilkyCaramel014

 –Snip

 Unmasking th3j35t3r – By Dylan Jerald Harmston

‘With great power comes great responsibility’-Uncle Ben.

 Every superhero has a choice to make, to use the gifts and talents they are given for good, sacrificing everything in the process; or using their gifts for personal gain, gaining everything in return. Most of us will have this choice in our life also, but on a much smaller scale. Do we return the 20 dollars we found? Or do you keep it for yourself? Rarely does somebody have the power to alter the future on a grand scale. TH3J35T3R is one of the few. In this paper I will unmask TH3J35T3R, not physically but mentally and emotionally.

First we have to understand who ‘he” is. This is an impossible question because no one knows who ‘he” is. He hides behind a mask in this digital age. His privacy is what makes him powerful, and it’s from his privacy that he fights to protect yours.  January 1, 2010 is a historic day for cyber warfare and the first that we hear of TH3J35T3R. Attacking a taliban website (alemarah.info) he would leave his mark on history. On June 26, 2010 he established his blog (Jester’s Court). One of the main reasons for this was imposters. In his recent letter to twitter, he asks for verification of his account. Not for more ‘followers” or to be popular but for the safety of those dumb enough to pretend to be him. Like all great people, you will have enemies.  TH3J35T3R has a list longer than anybody. These aren’t just internet ‘trolls but high level organization that kill people everyday and want him dead. From the taliban to al qaeda, his “hate sheet” just makes his accomplishments so much more enjoyable. Even though he has some of the most dangerous men and women after him he still remains masked. Hiding in the shadows. In the day and age where people can know anything about anybody this is highly impressive.

Even though TH3J35T3R remains masked we do know some things about him. He is ex-military. On April 10, 2012, The Jester gave a live chat interview to a class of Computer Science students at the University of Southern Maine where he confirmed his military service. This brings up the question is he still working for the government? If you look at his attacks and the websites he has shut down, a majority of them have been terrorist organization. He actually stated “ I am motivated by the fact that previously…  for a bad person to recruit a potential bad person…. teach them to make IEDs…  or vests  they had to meet which was great made them easier to spot  now there is no need for a physical meeting.  I am here to say – no guys – you ain’t gonna use the web to blow up my buds”. TH3J35T3R still working for a government is highly unlikely. I can not see any  modern government flaunting their cyberattacks. I believe that he realized after seeing his friends die in combat that he could help the world better by wearing his mask. He believes in freedom of speech but not if that freedom risks the lives of innocent people.

“A small team of A players can run circles round a giant team of B and C players” (TH3J35T3R quoting Steve Jobs).

This explains why TH3J35T3R works alone. Most “hackers” now a days work in groups. Spend five minutes on TH3J35T3R twitter page and youwill see that he despises groups. It doesn’t mean he won’t work with anyone, it means he chooses not to. Lets take Anonymous for example, Anonymous is probably the most well known hacking group in the world. Their iconic fawkes masks from V for Vendetta are worn at every major protest.  Yet TH3J35T3R despises them. Not for the fact that they take credit for his work, but for the fact that they have no structure, no leader and have permitted terrorists to join their group. TH3J35T3R believes in order. Without order there is chaos, and in chaos is where evil thrives.

Like every human being TH3J35T3R struggles with moral choices. One wrong decision and he can literally start a war, but one right decision and he can save our lives. The weight on his shoulders is tremendous but like every good athlete TH3J35T3R thrives under pressure.  “I do wrestle with whether what I am doing is right. (TH3J35T3R 2010). He is not oblivious to the power he possesses. Which makes you think, what would you do? The thought is tempting that a click of a button could get me $45 million dollars, but I guarantee this thought has never crossed his mind. TH3J35T3R doesn’t even accept donations, all proceeds go to the Wounded Warrior Project. How he is funded is a mystery to me. (I like to think that he works at Mcdonalds and at night turns into a superhero, but this is highly unlikely.) The fact of the matter is, TH3J35T3R is probably a very good investor and invest his money to make maximum profit.

One question that has always been on my mind is “how does he do it”. Taking down a website, even though he makes it look easy is probably one of the toughest things to do. TH3J35T3R since the launching of his campaign has had over two hundred  but probably closer to three hundred successful “tango downs” his trademark catchphrase when he crashes a website. (Every superhero needs a catchphrase). He has been responsible for the arrests of anonymous members. The arrest of lulzsec members. The attacks on Westboro Baptist Church “I draw the line in the sand…when they attempt to get in the face of the mourners of our military”. and probably my two favorites, the temporary shutdown of wikileaks and the cyber attacks on the North Korean government.

To this date the United States Government/Military has recognized TH3J35T3R as the one and only person to successfully take down the website Wikileaks. “TANGO DOWN – INDEFINITELY – for threatening the lives of our troops and ‘other assets’ (TH3J35T3R, 2010) In this press conference the U.S military acknowledged his existence and gives him credit for the “tango down”:

Skip to 28 Minutes 12 Seconds for the good stuff.

On March 29 TH3J35T3R launched an attack on the North Korean government, shutting down missile test sites, North Korea’s official airline and their national computer center. (Random fact: In North Korea there’s no Internet. Kwangmyong is a ‘national internet’ available to common people. It’s sole purpose is to feed propaganda to citizens.) How does TH3J35T3R do this? Normally to take down a website a ‘hacker” uses a “DDoS” (distributed denial-of-service attack) or a DoS attack ( denial-of-service attack). These attacks make the network unavailable to its users. It’s pretty much if a million people press refresh on the same web page over and over again. Hackers though have the ability to do this themselves. They use programs that route the attack through millions of computers leaving it relatively untraceable.

TH3J35T3R is different because unlike most hackers his programs are not open source software to the public. TH3J35T3R programs nicknamed XerXes and Saladin are specially made for his needs and his privacy. Not only can he take down targets fast and secretly but they stay down for long periods of time.To put it simply these are the average hackers programs on steriodes. The Michael Jordan of hacking kits.

If you want to know more about TH3J35T3R and his attacks or way of attacking I would highly recommend checking out, The Jester Dynamic: A Lesson in Asymmetric Unmanaged Cyber Warfare by: Major TJ O’Connor. This paper goes into great detail of his attacks and how he does it.

My conclusion on the TH3J35T3R is one of curiosity. It is weird doing a report on someone that a simple google search won’t bring up their entire life. It also makes me ask questions.

How safe are we?

Cyber attacks are a relatively new threat that the average citizen does not understand. It’s a scary thought that somebody could financially ruin you before breakfast and while they are still in their footy pajamas. It’s even scarier when you look at countries like China that launch cyber warfare on our government.

• Is this an act of war?
• What should the punishment be for a 15 year old boy that steals your private information?
• Can we ban people from the internet? (Like the case of cosmo the 15 year old hacker that got banned until he is 21).
• Does freedom of speech apply to the internet? If so can a Government censor it?
• One of the biggest questions and one that TH3J35T3R has to think about everyday, if someone found out who he is, would he be charged with a crime?

Peace comes at a cost. It is the brave men and women that pay this so we do not have to. You can form your own opinion of TH3J35T3R, but this is more than that. This is the future of warfare, where one individual from his laptop can have more effect than soldiers on the ground and planes in the air. Literally one man can change the world for better or worst. Thats some great power. How would you handle the responsibility?

Scary thought.

–UnSnip

Thank you to Mr John Kitzman’s Modern Military History class at Menomonie High School and student Dylan Jerald Harmston AKA @MilkyCaramel014 for allowing me to help in the education and engagement of our up and coming cyber security professionals.

Stay Frosty

J.

.

Open Letter to Twitter

Dearest Twitter,

Firstly, I would like to commend you on a first rate micro-blogging platform and assure you I am very pleased with the service as a means to voice my opinions, and also a means to see others’ opinions and breaking news before mainstream media picks up the thread. Excellent stuff! However, I feel I must now write this open letter in good faith that you will at least look into addressing an ongoing issue that I have approached your support team in private about, but for which no solution has been forthcoming to date.

As you are fully aware, I have been using Twitter as my primary means of communication since day one of my conception over 3 years ago. In this time I have somehow gained nearly 50,000 followers, mostly made up of good actors, but the bad guys like to follow too just to keep abreast of goings on. I have spoken to your support team on numerous occasions with a request to be ‘Verified by Twitter’ and given the reasons I shall outline below. I feel that once you understand my reasoning for this modest request, and have facts available, you may be able to make a sounder judgement call on the matter.

I get an awful lot of imposters, who create twitter accounts with names very similar to my handle, who then copy my bio, background, profile picture etc  trying to pass themselves off as me. Here’s a small selection for your perusal:

@th3i3St3r @th3j35t3r_, @_th3j35t3r , @th3j35t3r_Troll, @_th3j35t3r_ , @th3j35t3rddos, @th3j35t3rsArmy, @Mrs_th3j35t3r, @th3j35t3r1, @th3j35t3r9, @th3j35t3r7, @TheJester9, @th3j35t3r6, @th3j35t3r5, @th3j35t3r2, @th3j35t3r4,

…to name but a few.

Now obviously this is not good for me as these fake accounts, and it happens all the time, try to make statements as if they are me and engage in all manner of assholery in pathetic attempts to undermine my work, or make me look less than intelligent. Yes that’s annoying and when a new one gets on my radar it usually takes me less a minute to debunk him. No biggy right? Wrong.

It came to my attention today that a Professor who shall remain unidentified for now, at a University, that shall also remain unidentified for now, who teaches Cyber warfare courses, has tasked his students with what is arguably the dumbest hood-ass assignment ever. The assignment is for his students to create fake ‘jester’ personas online and convince as many people as they can that they are actually me.

Apparently there is an ‘easy A’ up for grabs too. He definitely hasn’t thought this through.

It’s all fun and games until somebody actually gets that ‘A’ and the wrong people believe they are me and then some busted up hippy-van loaded with angry Libyans gets all up in their shit with automatic weapons. Does nobody remember how mortifying it was when Doc got slotted in Back to The Future? Now I don’t know about you Twitter, but I sure as fuck don’t possess a time-machine and in all seriousness, there’s a more sinister side to being me. These are students who are likely ‘less equipped’ shall we say, to fend off the type off targeted attacks I deal with daily.

As I mentioned at the top of this letter, I have garnered considerable support over the years, but with that also comes considerable numbers of enemies, some are plain whack-jobs like John Tiessen and Anonymous and therefore not all that scary at all. But you don’t get to consistently annoy real terrorists for three years, exposing them, and knocking their websites and forums off the web without them wanting to come at you. All they need is a fix on my position so to speak. I know what you’re thinking I’m over-reacting right? Well, not really when you consider some Islamic Terrorist Organization’s have started placing bounties on counter-jihad website administrators.

Make no mistake it’s a serious business.  Among the more delightful events in my 3 years operating, I have received everything from minor trolls up to and including multiple death threats from whacked out US citizens, a couple of fatwahs from foreign terror organization ‘representatives’ and many failed attempts at ‘doxing’ me have occurred at the hands of Anonymous. I can live with this and do, it’s part of the game, but these imposters may not realize what they are signing up for.

The way I see it, we both have a duty of care to minimize the risk to these imposters, both you and I Twitter.  Whether their intentions are good or bad, they are putting themselves in harms way. We can take this simple step together and easily ensure none of them are ever taken seriously. I have requested for my account to be ‘Verified by Twitter’ numerous times, and you have denied the request because and I quote: I’m not a real ‘person or business entity’ and I won’t give up my actual identity. Incidentally, this is also the reason why any complaints I lodge regarding trolls get disregarded too. It’s disappointing when as a Twitter user I am, (like any other), both a consumer AND content provider but can’t seem to get support on anything because, for obvious reasons I wish to remain incognito.

That’s a bit irresponsible given the potential risk not doing so puts other (albeit dumb) Twitter users in. It can all be fixed and avoided by simply:

‘Verifying’ the persona, not the person.

I notice that these accounts ARE IN FACT ‘VERIFIED’ and can’t help but wonder to myself, how can this be when you deny the same to me?

• @spongebob -who lives in a freakin pineapple under the sea and isn’t even a real sponge.
• @RealCapnCrunch – who is a goddam breakfast cereal, and I am almost certain is not a real Captain.
• @DocPemberton – He’s been DEAD 124 years, no really he has.
• @NBABackboardCam – Really? Not even a person – an inanimate object.

Your argument is they are known brands. Well it appears to some extent I am too, given the amount of fakers out there, no? A ‘brand’ I have built tirelessly over a long period of time, sometimes at great personal risk.

As a supporting sidenote, I’d like to draw your attention to the fact that The International Spy Museum in Washington DC has just accepted my Alienware laptop, and will be exhibiting it for the next FIVE years. That’s not bad going for a person that’s ‘not real’ – More here.

Let’s end the ability of the stupid to walk into fires they can’t handle and ‘verify’ the persona, not the person.

Final thoughts: When somebody does get hurt, because they were mistakenly identified as me, it’s now on public record that I requested verification, and have been denied it numerous times. With great power comes great responsibility Twitter, you have the power to unfuck this situation. Two words: ‘foreseeable consequence’.

I hope this letter finds you in good health, and is received in the spirit with which it was penned. This letter is not meant to cause you problems or force precedence, I’m simply asking for a solution, to an ongoing issue.

Thank you for your time.

Yours Faithfully

Mr The Jester

Another pineaple, Under the Sea, UW 90210

PS: It’s a little know fact that over 87% of people don’t know the opposite words for the following: ‘Always’ ‘Coming’ ‘From’ ‘Take’ ‘Me’ ‘Down’ > TrueStory

THIS:

.

Boston Marathon Bombing: Just a hunch.

“When the shit hits the fan you’d rather be the fan than the shit.” – Falopians 2:83 (No offence Ladies)
.
Be advised: there’s a few updates you can’t miss after you read this post at the bottom. I’ve been watching the fallout from the Boston Bombing with great sadness and a deep personal interest. I have made a few observations, and that’s all they are. I will outline them below.

Please bear in mind this is just a theory, a hunch. But if it looks like a bus, and drives like a bus, it’s probably a erhhm.. bus. I am simply presenting facts and backing up with evidence. Your conclusions are your own. So, I have kinda had my spidey sensors out and all over this since the atrocity occurred and I started to get a whiff of something very stinky.

And it goes a little something like this.

Suspect Number #2’s twitter account is by now very well known, in case you have been living on the moon –  it’s @J_Tsar – So first thing to take note is a tweet sent from Tsarnaev to an as yet unidentified twitter user, who deleted his account immediately after Tsarnaev’s identity was released which was sent SIX MONTHS BEFORE the April 15th Boston Marathon, on August 10th 2012. The tweet indicates that there was at least 6 months planning went into this, and multiple personalities where at least aware of ‘shit about to go down’.

Three weeks before the attack on the 15th the surviving Boston Bomber, Tsarnaev had the following conversation with some of his buddies. They all live in and around Boston MA and study together. Things to take away from this exchange is the timing along with the fact that they were talking about ‘fireworks’ that ‘can do some damage’ and (sic) ‘fuk shit up’ it’s also worth noting that from the conversation we can deduce that there had been some previous ‘tests’ from the phrase ‘I got some more left’.

Here it is

On it’s own that’s pretty sketchy right?

So fast forward 6 days after this conversation happened a report came out regarding an incident not 30 minutes away from UMass where these kids ‘study’ involving unidentified explosions. The location sits between Dartmouth and Boston.

Exerpted from Wicked Local, Hanover, MA

” The first incident was reported at 8:34 p.m. on March 12. Police and fire personnel responded to the area of Pine Street and Tower Hill Drive. Witnesses at the nearby Target store on Washington Street reported seeing a bright flash and hearing two explosions from that area. Several unexploded devices were found at the scene and later detonated under secure conditions by the State Police Bomb Squad.”

Full Article here

Still pretty weak right?

Okay lets look at the people in the original exchange. Three main players:

• @J_Tsar – Tsarnaev – Well we know who he is, he’s the brainiac that is currently unable to talk because he unsuccessfully suicided himself, and is lying in hospital, after trying to escape on a boat with no water.
• @TroyCrossley – played by himself – strangely he’s the leader of the Boston Truther campaign that’s trying to prove that Tsarnaev was setup and it’s all a government conspiracy. Hmmmm.
• @XxJungaxX – Junes Umarov – I’m getting to that part.

 

It’s all still rather sketchy right?

Okay – finally lets take a look at @XxJungaxX – Well on the 7th April, a week before the bombing this guy tweeted the following:

And this is where it gets very interesting.

You see I posted the following tweet out, drawing attention to these unfortunate coincidences:

It took @XxJungaxX only a few minutes after I pushed this tweet out to delete his entire twitter account! Hmmm

Not to mention a shit load of other accounts too.

I know…. its still nothing right?

Well here’s where I get all Lemony Snickett:

By total happen-chance @XxJungaxX, whose full name is “Junes Umarov‘ happens to share his surname with none other that ‘Dokku Umarov‘ who by total chance also happens to be the leader of the Causcus Emirate Terror organization. I mentioned him back on the 20th April:

Also it’s pretty clear that these two recognized their buddy on TV BEFORE the MIT Police officer was shot to death and yet failed to notify the authorities. Thus complicity at least.

And perhaps the most telling is a conversation that occurred on twitter immediately after the bombing on the 15th April. Here it is:

Update: Predictably @Adballa_35 has now deleted the ‘It was Junes’ Tweet, but here’s a link to his previous one

I wouldn’t want to jump to any conclusions or anything. But am just merely pointing out some observations.

Obviously this is all just a series of unfortunate circumstantial coincidences. It’s probably nothing. Right?

Peace.

J

UPDATE 04/22/2013 @ 1450pm:

Upon deleting / deactivating your account, Twitter gives you 30 days in which to reactivate it, incase you change your mind or suddenly realize that deleting your account makes you look suspicious.  @XxJungaxX  has just re-activated his twitter account and is continuing the totally insane ‘#FreeJahar’ campaign alongside @TroyCrossley, in an attempt to prove that the brothers were framed by the government/US Navy SEALs.

Because that’s highly probable. Not.

UPDATE 04/22/2013 @ 1615pm:

@XxJungaxX << And he’s deleted it again. Ftw. And it looks like ol’ @TroyCrossley is limbering up, getting ready to delete his twitter account too, and then predictably blame it on the government too:

UPDATE 04/22/2013 @ 1641pm:

And there goes @TroyCrossley’s Facebook account as mentioned above. ( https://www.facebook.com/pages/Troy-Crossley-MP )

See how they run. Like cockroaches when the light goes on.

UPDATE 04/22/2013 @ 1735pm:

@TroyCrossley is desperately trying to point the finger at some dudes that look like they may be Mil/PMA/SEALs. We have to ask ourselves only two questions. Given the rest of this blog post, why exactly is he trying so hard to deflect the attention away, and also:

Riddle me fucking this @TroyCrossley, if as you say  the two mil guys blew up their rucks, and they were responsible, how in the name of Zeus’ butt-hole are they holding them immediately after the blasts:

Click here to see full resolution>>

 BTW They are National Guard and it’s perfectly common for guard troops to get activated to support a public event. The guard belongs to the state governors. But it seems to me, given the FACTS as I have outlined in this blog post, that @TroyCrossley and his buddies have every reason to try and get everyone thinking it was anybody BUT his friend, Tsarnaev.

UPDATE 04/22/2013 @ 2122pm:

@XxJungaxX << And he’s reactivated his account again. He’s so indecisive. Just in case he or in-fact any of his buddies decides to delete tweets or accounts again here’s a link to all their respective historical tweets, because on the interweb, you can’t delete, only hide. For example here’s an interesting tweet:

“@SalamAlacomOsam:@xXjungaXx Ill wire the money to you, When we going to Russia though?lol”

• @XxJungaxX << All his tweets. Right Here.
• @TroyCrossley << All his tweets. Right Here.
• @J_Tsar << All his tweets. Right Here.

 

UPDATE 04/23/2013 @ 1744pm:

We have to ask ourselves WHY these two terrorist sympathizers are so intent on ‘proving’ Tsarnaev’s innocence, even though he already confessed and evidence against him is overwhelming. They are willing to just make shit up in their little crusade. Below we see Troy, having to ask who Chris Kyle is, and then miraculously 6 minutes later, Chief Kyle is now implicated in their crazy fucking bullshit. You are going to hell for that one Troy boy.

.

THIS:

 

Facebook as an Intelligence Collection Tool

‘War doesn’t determine who is right, only who is left.’ – Bertrand Russell

Facebook Graph Search is one of the newest features of Facebook. It allows you to data-mine every person and page on the entire social network. You can get an introduction at this page.

It’s not available for everyone yet…but you can sign up for early access if you’d like.  It is extremely powerful as an OSINT (Open Source Intelligence) tool.

So, I decided to give it a try myself.  The results are eye opening. You may or may not be aware that I have repeatedly warned that Anonymous has been infiltrated by terror organizations such as Hamas/AQ etc.  Well, as they say…the proof is in the pudding.

One of the first searches I performed was “People who like Izz ad-Din al-Qassam Brigades and like Anonymous”.  For those not familiar…Izz ad-Din al-Qassam Brigades is the military branch of the terrorist organization Hamas. I only bring this up again because now there’s a way for me to more effectively make the connections between potential players, at least with facebook users anyway.

Be advised – I have not included the full result sets, only redacted samples.

Lets give it a try eh?

You can click the screenshot below to view the results for the search term “People who like Izz ad-Din al-Qassam Brigades and like Anonymous” it in all it’s facebooky glory. And that’s just the start some people really are stoopid. What they are doing here is actually helping me find links between online ‘personas’ and real online people.

“People who like Izz ad-Din al-Qassam Brigades and like Anonymous”  MORE HERE

These results really do speak for themselves.  It’s clear that there are many who associate themselves with both Anonymous and Hamas.

Now I know what you are thinking, if Facebook is logging and retaining all this kind of real world link analysis, they are also watching who is searching for what terms and keywords, and you would be right. That’s why when doing these searches personal OPSEC is also recommended, as there can’t be too many people searching for these types of queries and keywords, if you know what I mean.

So what else interesting can you find with Facebook Graph Search?

Okay folks, lets up the game a little. What happens if we throw into the Graph Search tool a phrase like, ooooh, I don’t know, what about something like: “Current Iran residents who work at Nuclear Power Plants”

“Current Iran residents who work at Nuclear Power Plants”  MORE HERE

Above you can see that this returns a lovely list of, well errr, current residents of Iran who well, errr work at nuclear facilities. Scary isn’t it. One of the things I really like is the free form natural language type queries you can plug into it. You can literally just ‘say who you want’ to find. The result sets I am displaying here are not complete, but you get the picture.

It’s already known that nuclear scientists in Iran have been meeting with untimely deaths. Despite this…many Iranians who work at Iran’s nuclear power plants have listed their employment location…opening themselves up to possible assassination.

When you accept Facebook terms of service you sign up for this, then you get busy populating your profile, making connections and forgetting to adjust privacy settings, and next thing you know, BOOM all your shit is just hanging out there.

Graph search can also provide some interesting political and employer affiliations…

Here’s some of my faves:

 “People who like Communism and work at MSNBC”

or how about…..

 “People who like Marxism and work at CNN”

or maybe even….

“People who like National Rifle Association” and work at Fox News”

Note that Facebook automatically replaced MSNBC with alternatives – such as NBC TV shows.  It also includes previous employers in the search, but I think you get the idea.

Thanks Zuckerberg.

Remember kids. The internet is forever.

Tick Tock.

J.

THIS:

.

Weird but Wired: North Korea's not so Internet

‘Argue with a fool, and you’ve got two fools.’ – John Avlon’s Father
.
Conventional wisdom never gets you very far when you’re trying to understand the Democratic People’s Republic of Korea. Take, for example, the bizarre, self-contained universe that is the North Korean internet.

In the past few weeks, there’s been a spike in chatter about the House of Kim’s Web presence. First came speculation about what North Korean netizens were being told about the botched missile launch, then came self-satisfied mockery of the $15 page template the regime bought for its English-language site. The takeaway might seem pretty simple: the DPRK’s network is censored and silly, like a dime-store version of China’s. But the reality is much weirder. Maybe only one-tenth of the online freedom you see in China is present in North Korea.

That’s not because the censors are tougher. It’s because North Korea built its own internet, and we’re not invited.

The vast majority of North Korean surfers have never actually seen the Web. At libraries and educational facilities, they log on to something called Kwangmyong (roughly translated as “bright”). It’s been around since the early 2000s and it’s a completely closed intranet system, operating via fiber optic cable. It most likely has no more than a few dozen sites, most of them for education or propaganda.

Cuba has a similar system and Iran is contemplating one, but Kwangmyong is more tightly controlled than either of those. Think of it as the global Internet’s pocket-sized, dystopian reflection. “I haven’t heard of Internet sites being made available on the domestic intranet,” said Martyn Williams, a longtime technology analyst and head of North Korea Tech. “Some content is taken from the Internet, but I’ve only heard of technical documents, books and educational material.”

Even the experts only know about Kwangmyong in bits and pieces. After all, that’s part of the network’s totalitarian genius: in addition to preventing users from gazing beyond it, you have to physically enter North Korea to see inside it. But of course, any trip to the Hermit Kingdom is so tightly choreographed that you can’t fully trust what an outside observer gets to see. For example, the AP’s Jean H. Lee witnessed North Korean students using flat-screen monitors and Photoshop last year. But Williams says the latest images from domestic DPRK television (which he sees via satellite) tell a very different story.

“All the PCs appear to be running Windows Explorer and the websites look relatively basic,” he said. “Although it’s difficult to figure out if that’s because the code is stuck in mid-nineties HTML or due to the lack of ads, Flash boxes, fancy navigation and the like.”

None of this is to say the global Internet has no presence in North Korea. Earlier this month, the DPRK got its second-ever hookup to the Internet, thanks to a link through Intelstat, a Washington-based satellite operator. That comes on top of an existing connection via a Chinese telecom company, established in 2010.

Before 2010, the country had no full-fledged online link to the rest of the planet. In a uniquely North Korean bit of absurdity, the government most likely maintained its foreign-facing official website by telling subordinates in Japan or China what to put on it.

It was a nuclear nation with no stable Internet access.

Also believed to have relatively free rein is the DPRK’s growing army of hackers. To a large extent, it’s a child army. According to a prominent defector, there’s a “pyramid-like prodigy recruiting system” that plucks bright students for the regime’s “cyberwarrior” program. They allegedly train for years (with stints in Russia or China for cyberwarfare master classes) before joining the ominously named “Unit 121” hacker squad in Pyongyang. Other than that, the only suspected users of the global Web are a very small number of government bureaucrats. After all, someone has to keep up the DPRK’s social media presence. The Uriminzokkiri (“our nation”) Twitter and YouTube accounts sprouted up in 2010 and have been a resource for propaganda and odd online curios ever since. There’s no agreed-upon explanation for North Korean online tech’s expansion since 2010. Brian Myers, an expert on North Korean propaganda, has speculated that it’s been part of a propaganda effort to promote Kim Jong-un as a tech-forward thinker. But Kongdan Oh doubts that. “It’s just undeniable, 21st century trickle-down change,” she said. Things have progressed in the past two years, but if you’re inside the DPRK and want to get on the global Web, you have to fall into one of three categories.

Foreign journalists have been known to get access – great access, in fact. In October 2010, when 80 or so reporters were there for the 65th anniversary of the Workers’ Party of Korea’s founding, unrestricted connections abounded at the hotel where they were housed. And the change is still coming very slowly. Although exact numbers aren’t available, the vast majority of the North Korean populace has never actually used a computer. Indeed, after years of reporting on the DPRK, journalist Barbara Demick concluded that “most North Koreans are unaware of the existence of the Internet.”

Williams is slightly more optimistic. “The evening news regularly mentions when foreign web sites say something nice about the country,” he says. “So people are probably familiar with the words ‘Internet’ and ‘website,’ but they might not know what they mean. They certainly wouldn’t have an appreciation for the scale and complexity of the Internet.”

To put that last statement in context, think of it this way: Imagine finding out you’ve only ever had access to 0.0000001% of the total Internet. That most of the planet is downloading things 60 times faster than you ever have. That, in addition to the 366 million sites you’ve ever been able to visit from your MacBook, there are more than 2 quadrillion that have been hidden from you.

That’s roughly how it would feel for even the most seasoned Kwangmyong user to use Google for the first time.

At least these little Norks ‘think’ they are having a great old time doing their best impression of Walk off the Earth:

.

Source Motherboard.

JΞSTΞR's Loadout: The Laptop

‘Have more than thou showest, Speak less than thou knowest, Lend less than thou owest’ – William Shakespeare
.
So I wanted to continue my ‘Loadout‘ series, as I know I’ve neglected it to the point that the ‘series’ currently consists of only one other article. It’s busy times, so I apologize in advance. I get lots of questions regarding how I secure my connection and manage to stay ‘underground’ for so long. I thought about talking about that, but decided against it, at least for now for reasons I am sure must be obvious to anyone who possesses an IQ that exceeds that of Mr John Tiessen AKA @johntiessen and that of Ms Jennifer Emick AKA @asherahresearch combined. (Sorry couldn’t resist).

Now there’s something to be said for spreading your operation out, so if ‘they’ (whoever your ‘they’ is) get one thing they don’t get it all. But there’s also something to be said for keeping your attack surface as small as possible. Its two schools of thought, I prefer the latter. It makes things manageable and easier to monitor. This is why EVERYTHING I do, whether offensive, defensive or passive, as ‘Jester’ is done on a single laptop. There is zero cross pollination between that and my actual identity. This ensures that even if the laptop somehow leaves my possession, all they got was ‘Jesters’ laptop. This blog post will concentrate on how to secure that laptop and the information on it from physical or coerced infiltration, so even if they get a hold of it in your absence, it’s a case of fuggit, no harm done.

What to buy

We’ve all been there. In the store. Pesky sales guy honey-badgering the shit out of us. There’s all kinds of shiny objects begging for our money. The hybrid lapTab, the gargantuan power house laptop that takes 3 thick-set fully grown fighting age males to move from A to B, it’s a minefield. Here’s my advice for what it’s worth.

Don’t buy anything other than business or enterprise class machines. They are easier to upgrade later or sooner if you are the same as me with gigabytes of DDR3 Sodimms floating round the place along with a bunch of SSD MSata’s. My point here is simple, enterprise class machines are uglier yes, but they are built to easily be ripped apart so you can get inside and upgrade, and they come with things like TPM chips and extended BIOS which we will get to later in this post. I won’t be mentioning any actual laptop brand names so don’t ask folks.

Upgrade Path

Sooner or later you are gonna want to upgrade, bear this in mind when you buy. Me personally, I like at least 16Gb Ram and a system drive (or a internal disk that boots the OS) that is MSATA SSD for speedy boots and a secondary internal SATA that I use for storage. All this can be fitted into a very small enterprise class form-factor, that’s what they are built for, and good luck finding consumer models that allow the same level of flexibility, power and form-factor.

BIOS 101

First thing you will want to do is secure your BIOS, set individual passwords for BIOS modification, system boot, boot drive selection and anything else your particular BIOS version allows. Mix it up a little. Also enable any biometric options and your TPM (Trusted Platform Module) chip. When you do this you also need to ‘own’ your TPM so it is not the same chip config as when it left the factory.

Full Disk Encryption

I am fully aware that most readers are running Windows, so I would advise for the sake of argument, utilizing Bitlocker which ships with the Pro versions of Windows as standard.

• System Drive (SSD) I would advise for this drive to use Bitlocker and allow 2-factor authentication, you can use the group policies within windows by running ‘gpedit.msc’ to force you to have to insert a USB stick into your laptop in order for it to even boot, even though you have previously enabled your TPM chip. This combined with your BIOS password means someone needs ‘something you know’ as well as ‘something you have’ to get the laptop to boot.
• Storage Drive (SATA) For this disk on a Windows laptop, my advice would be to use Bitlocker again, but this time, just make it TPM based only IE: you don’t need a USB stick to access it, decryption is transparent, but it does however need to be physically present in your particular laptop. No other will do.

Caveat: I know I know, Bitlocker is MS but this combined with the 3rd  ‘plausible deniability’ solution below covers you pretty nicely.

Biometric Authentication

A lot of enterprise class laptops these days come with Biometric Fingerprint scanning hardware, drivers and software to prevent logging into your OS of choice without your finger being present at the time of login or unlock. Enable this too. When you enable it you can select which finger you use as your key. If you are right-handed use your left pinky, and vice versa. That way when ‘they’ cut your digit off to access your machine you are not completely fucked.

Important sidenote: Never, ever, under any circumstances nominate your thumb for fingerprint scanners, humans are the only creatures blessed with opposing thumbs, you’ll miss not being able to use scissors without mom’s supervision.

Proximity Lockdown

Ever walk away from your machine and forget to lock it? Yeah, it happens right? There’s software out there available for free that allows you to associate any bluetooth device with your laptop. The most obvious device to utilize here is your cell as it’s most likely to leave your workstation when you do. This software causes your laptop to ‘ping’ your cell over bluetooth every few seconds, if your cell is out of range, your laptop locks down and requires your 2 or 3 factor authentication in order to let you back in.

Push Out Decoy Wifi Access Points

Add an external USB wifi adapter in addition to your regular internal one. You can then configure this (if you are clever) to throw out hundreds of fake wireless AP SSID’s. You can even randomize the names of them based on a wordlist. Why would you do this? Well security through obscurity is by no means sensible I agree, but anyone looking to sniff your wifi traffic is not going to be able to see the forest for the trees, and you get to log all the intrusion attempts. If you use a micro-USB wifi adapter you never need to take it out and your forest will follow you wherever you roam.

Plausible Deniabilty

Worst case scenario. You and your laptop are compromised together. Nobody wants to lose a digit here right? This is where we get really tricky. There’s software that will allow you to encrypt your system drive as a hidden ‘partition’ and have another decoy system drive, such that one boot password will boot the decoy partition and the other password will boot the real one. That way if you really are in the shit, you can appear to be giving up your machine when in actual fact you are merely giving up the decoy, which obviously contains dummy/fake information.

For those interested it looks a little like this:

Now that’s what I’m talking about. All these mechanisms are available cross-platform (well Linux and Windows at least) I have not gone into full details of individual specifics for obvious reasons. Google is your friend. Seek and ye shall find.

Disclaimer: All information here is my humble opinion and theoretically explaining what I would do if I was an international man of mystery hacker type super-geek. Nothing more. Peace.

Staying Frosty

J.