Author Archives: Adam - Page 2

ADS Links

I’ve been doing a lot of research into encrypting data into alternate data streams (what, I was bored one night!). Instead of boring you with more of the same (this topic has been covered extensively by others), I’d like to share some links with you.

One of the best sources I’ve read regarding ADS is Harlan Carvey’s Windows Forensic Analysis 2E. It was my first real exposure to the wonderful world of alternate data streams and file/folder/executable piggy-backing. (Rob Lee mentioned alternate data streams in SANS FOR408, which piqued my interest.)

The Gabro Blog entry on ADS is extremely insightful as well. Although it does say how the ADS has different encryption attributes than the parent. That’s somewhat misleading as you can’t actually EFS-encrypt an ADS at all (trust me, I’ve tried via cipher /E /A and it isn’t… nor does it make too much sense logically). Of course you can encrypt content with something like GPG and then “push” the content into something else with type.

Additional Resources

Quinn Shamblin’s “Alternate Data Streams Overview” (SANS Blog)
Harlan Carvey’s Blog entry on ADS entitled, “NTFS Alternate Data Streams

Mandiant APT1 Report & New IOCs

I’m a little late writing about this but, as many people now know, U.S. security and forensics firm Mandiant has released critical information in regards to the Chinese state sponsored group known as APT1. As a student of digital forensics I find this kind of stuff very interesting. I’ve been having some great discussions on various forums with fellow (usually more experienced) security buffs in the field with regard to the 60-page report so I thought I’d reshare the links.

APT1: Exposing One of China’s Cyber Espionage Units (Mandiant Intelligence Center)

IOCs w/ hashes as part of Mandiant’s OpenIOC ProjectDigital Appendix & Indicators

So be sure to add those IOCs to a Redline collector and get scanning!

Google Map Tiles: Forensics & IEF

I stumbled upon something neat I thought I’d share with you all while playing around with a demo of Internet Evidence Finder by Magnet Forensics. It is essentially using a memory image to determine where an individual may have been based on his/her geolocation queries, crowd sourced GPS check-ins (using Google Maps), etc. by analyzing Google Map tiles.  Obviously, although IEF is known in the forensics community, I was impressed when using it for the first time.

I allowed IEF to carve web browser artifacts, chat sessions and Google map tile artifacts from a memory image (acquired via FTKi). Then had IEF map the coordinates from the tile file names and plot them across a world map (it is as simple as hitting “World Map” in the Report Viewer). You can also use Magnet’s free standalone GMTI (Google Maps Tile Investigator) to plot specified coordinates if you’ve pulled the artifacts using another method.

Although this is a known feature of the software, I found it incredibly impressive very useful. That you can do this directly from a memory image –  with the same amount of success as from a hard drive image – is pretty cool.

Using that information you can get a general sense of where an individual was by what map information he or she searched for using Google Maps.

memorytriangulation

You can begin to develop a hypothesis as to the location’s significance when you compare this information to other known facts within your investigation. Knowing this information can help you weigh the importance of a cluster of plots and determine whether they are significant.

Instructions and more information on Google Map tile forensics is available in a great post by Magnet on their blog: http://www.magnetforensics.com/investigating-google-maps-how-the-tiles-tell-all/

For more information on Magnet’s IEF see: http://www.magnetforensics.com/products/internet-evidence-finder/

Information on the standalone (free) GMTI can be found at this address: http://www.magnetforensics.com/google-maps-tile-investigator/

In NTFS Secure Erase Leaves Remains

I was wondering as to whether or not drive wiping tools in Windows actually performed as expected by wiping all previously securely deleted content from a mechanical hard drive’s unallocated space. I was also curious as to know what information could be gleaned from a wiped drive as to the files that were wiped and if such a find was worthwhile. My tool of choice for the exercise was CCleaner’s free space wiper.

For those that don’t know, wiping is essentially instructing a program to flip bits so that the data’s pattern is permanently unrecoverable. 1 would become a 0 and a 0 would become a 1. Ideally one good pass is all that’s needed to perform this operation but rarely does so efficiently. The DoD is known for using a 7 pass method in order to be safe, erring on the side of caution. Relying on statistics, pioneer of the Gutmann Method, Peter Gutmann, opted for a 35 pass wipe which is widely regarded as over kill. Which method is best? There’s no way to be certain. Different erase tools perform differently and some secure erase programs fail to “scramble” data in the appropriate fashion.

For my desires to wipe the data from the hard drive I decided on being cautious but not outright paranoid (most of the files I deleted to do this exercise were junk anyhow). I opted for the standard 7 pass method. Regardless of what type of pattern wipe you choose – or what wiping program you use – the results below will be the same.

I found that while alternate data streams and unallocated space on the drive were essentially wiped clean, file names were recoverable in the $I30 allocation index in sub-folders on the drive. How was this possible if the $MFT also didn’t indicate that data?

I’m relatively new to forensics and didn’t have a clue at first but with proper research I figured it out. All credit belongs to those that came before me. A blog post that explained it was entitled, “NTFS $I30 Index Attributes: Evidence of Deleted and Overwritten Files” by Chad Tilbury, a SANS Institute Instructor.

If you’re interested in learning more please check out that post. Essentially I learned that that in forensics we can find wiped content by viewing the NTFS Index Allocation File, $I30, still located in NTFS allocated space (FYI, I triaged the drive by examining it in FTKi). (Also if the file was ever EFS encrypted, an $EFS file may also be present in the folder in which it resided. One of the many reasons using the cipher command warns the user to encrypt an entire folder instead of contents within a folder.)

While I was unable to actually recover the files, I was able to glean the names of the files that I previously erased. Knowing that the index was in a particular sub-folder would also show a forensic investigator where the data was actually stored. But what is even more interesting is that Tilbury’s article states that MAC times can also be gleaned from an $I30. Plus, knowing file types or securely erased data may lend a hand to advanced data carving. Very cool. It truly makes the index a trove of useful information in an investigation.

As a student currently enrolled in forensics classes, my goal was to see if secure erasing completely removed “all traces” of said evidence on a Windows system. I was shocked to learn that it does not (yeah, I’m a “noob” with some things – this information has been out for a while – but I’m not afraid to admit that I’m learning). But for more in-depth information on parsing through the index or extracting more information from the file system please see the links below.

Apparently there are lots of remains left behind that indicate a drive has been wiped (the launching of the executable itself, obviously, but also of the content). If your interested in the topic I highly recommend researching it more thoroughly.

Obviously there are ways of getting rid of a data in a more effective manner. Wiping the entire disk from outside of Windows is preferable though manufacturer-style wipes are always the best. After my recent class I’ve been toying around with hdparm against SATA drives that accept the SE commands and found this method to be best. Of course you could use dc3dd/dcfldd’s pattern filling function as well.

File Wiping/Free Space Wiping Methods Used

Files securely erased with Eraser using 7 pass wipe and then performed a Free Space Wipe on the same drive in CCleaner (7 pass).

Sources

Tilbury, Chad. “NTFS $I30 Index Attributes: Evidence of Deleted and Overwritten Files.” SANS Blog. September 20, 2011.

Read about the blog post first on the Wilder Security Forums after doing a Google search for $I30.

Links- Ophcrack for Windows Password Extraction

With forensics in mind, there’s literally a ton of ways to gain access to Windows. From clear text password exploits that dump the password in plaintext to your screen to bootable CDs that reset the Windows password outright (just search Google for “Windows Password Recovery” to see what I mean). This post isn’t meant to cover all password recovery bases, just briefly explain why reset tools may not be forensically sound and provide some links that may be of value to you if you need a good tool (my current favorite method is utilizing tool known as Ophcrack).

For those that don’t know, 0phcrack is a free but powerful utility that makes use of rainbow tables to crack NT HASH and LM passwords. It utilizes a method known as Time-Memory Tradeoff (discussed earlier on the blog). The best tables that support different types of characters for use in password extraction (and for different OS types) can be rather large. Cracking passwords can also be time consuming.

Distributions like the now-defunct free version of e-fense’s Helix 3 (no longer supported in favor of a paid pro version), and DEFT Linux, made/makes use of 0phcrack and provided access to basic rainbow tables for this purpose. If you don’t have Helix or 0phcrack as part of your forensic tool-set, you should. If you are interested in expanding your tables and have access to a large enough medium, feel free to check FreeRainBowTables.com to get more tables generated using distributed computing methods). The basic tables can also be found on 0phcrack’s Sourceforge and are suitable for basic use, but they also have paid tables as well.

0phcrack can be used during the analysis of a target’s SAM and SYSTEM Hivehive. It can be run as an executable from within Windows or in a bootable environment. Such information could provide forensically invaluable in accessing EFS-protected files on the system. From what I know, using methods like chntpw in Backtrack do reset Windows passwords but do then make accessing EFS encrypted files impossible.

Check this video created and posted by TechnologyCrazy to see how to setup 0phcrack (completely unaffiliated with this site).

As I always state, this site does not condone illegal activity. Link posts are links to pre-existing content (I’m actually considering making my own informational videos at some point when I have the time. Maybe even a step-by-step guide).

For links to computer security related tools or resources, feel free to check this Neuralhub post.

If you have access to any related instructional video please post it in the comments! If they are any good (and they are publicly accessible), I’ll share them.

Edit: This post is fairly old and I’ve used some really great programs since then. Here are some further notes to help you decide which encryption auditing tool you should use and when:

Ophcrack Project Homepage

This tool is good for LM and NT hash; quick and easy SAM hive cracking which is ideal if you don’t happen to have a license for PRTK but do for FTK and wish to crack EFS; uses rainbow tables for speed (pre-calculated hashes), for brute force see l0phtcrack below.

l0phtcrack Password Auditor

Offers excellent brute force, support for rainbow tables and dictionary attacks. Some that are coming from PRTK may note l0phtcrack seems to be missing PRTK’s biographical dictionary attack… one of my favorite tools. But that’s not necessarily true: you can accomplish this by loading biographical information in by creating your own dictionaries. Also one of the coolest features of l0phtcrack is the network sniffer which pulls password hashes transmitted across a network… but fair warning: it doesn’t always work, if in doubt, read the documentation).

** Note: thanks to my nameless friend for letting me try his l0phtcrack. Much appreciated.

AccessData’s PRTK

One of my all time favorite tools. Although brute forcing and standard dictionary attacks may take a long time and be resource intensive, PRTK also includes some pretty powerful dictionaries straight off the bat. Also nothing beats the simple and straight forward interface. I’m a huge fan of the biographical dictionary attack in which you can import string data from FTK and FTKi to accomplish a user-specific attack (that is to say, things like directory listings, FTK dtIndex’d results, etc. can all be imported to speed up attacks).  I used PRTK extensively in my AccessData Certified Examiner studies and found it to be one of the best tools to date.

Interesting side note regarding EFS cracking if you have a license to FTK but not to PRTK:

If you are running FTK4+, you can first crack the Windows user password in Ophcrack (SAM & SYSTEM hives) and then, after selecting the EFS encrypted file, allow FTK to decrypt it with the password you’ve discovered. FTK also includes allows you to list multiple passwords if you’re unsure of which it may be. If PRTK is installed on the same system, it’ll use PRTK in the background and decrypt the file. Of course, as an ACE, I advocate getting a license to PRTK if you can, but thankfully PRTK can be used for this at the back-end with little trouble.

CyberCity Wargames Looks Great

Hacker wargames are nothing new: from the epic Pull The Plug to a number of off-shoot sites still in existence, simulated hacking environments are used to help train individuals to develop sound computer security problem solving skills. A few of these sites such as hackthissite.org and OverTheWire teach practical software exploitation and network penetration skills through game-like hands-on challenges. While organizations like Offensive Security and the SANS Institute feature full fledged certification paths involving penetration challenges (see SANS NetWars).

Now the United States Air Force has established one of their newest Cyber Ranges, CyberCity. The new simulation trains both military and government personnel in the proper way to safeguard systems from penetration in real world scenarios. The simulation contains bank-type systems, public wifi networks as in the sort that coffee houses and internet cafes have, social networking site-simulations and more. Even more interesting? The man behind SANS NetWars, Ed Skoudis (noteworthy SANS Metasploit teacher), designed Cyber City himself!

Although some (including myself) have been critical of Director Panetta’s use of “Pearl Harbor” as a metaphor for “cyber war” (see “Cyber Terrorism and the Election” @ Neuralhub), I can’t deny the importance of adopting sound IT security solutions to prevent against new emergent threats both domestic and abroad. I’m glad to see my government adopting them. Penetration testing and defending simulations are ideal learning opportunities.  If you haven’t had the opportunity to attend a con where CTF was being played, I highly recommend attending one of the conventions in New York or Vegas (my first was HOPE 2K!).

Safeguarding such systems in light of specific exploits, malware and viruses such as Stuxnet and Flame is of great importance of to government officials. Whereas some in the news have criticized the U.S. as being behind on cyber defense (especially so with the Chinese attack against White House computer network), the public and private sector have been trying to step up their game and continue to work together to train our future front-line defenders.

From all the articles I’m reading in regards to CyberCity, I’m most impressed with the idea of real world consequences the simulation portrays. If someone botches up, it’ll have “real world” ramifications illustrated in physical models of U.S. cities (sounds a bit like War Hammer+Uplink). The simulations are even complete with statistical information regarding people affected by events occurring in game.

A similar but more expensive project is DARPA’s National Cyber Range (Lockheed won the $30m contract to help design it with DARPA back in 2010). For more information on the NCR, click here. Although my opinion is strictly that of an enthusiast/lay person, from everything that I’m reading, CyberCity looks even more promising!

Lastly, I apologize my infrequent posts as of late. I’ve been taking a DFIR class that’s been taking up much of my time. So be sure to subscribe to fork() to keep up-to-date with all the latest blog postings delivered right to your email!

Sources

O’Harrow, Robert, Jr. “CyberCity allows government hackers to train for attacks.” Washington Post, 11/26/2012.  Note: If you’re interested in learning more about the CyberCity simulation, Robert O’Harrow Jr.’s coverage of it is full of great details and covers CyberCity much more detail.

For some free computer security training videos be sure to check out Security Tube or the fork() post entitled “Computer Security Resources” for more interesting sites.

Link/Article – Memory Forensics & Encrypted Data Extraction

I’d like to post a link to a very neat paper I found which discusses the ability analyze RAM in hopes of targeting encrypted drives, volumes, files or folders (cited below). A forensic investigator can recover encryption keys and even acquire passphrases with no hash cracking needed. Once a key and/or passphrase is obtained, any encrypted medium on the hard drive using the same credentials may be compromised.

Brian Kaplan’s RAM is Key – Extracting Disk Encryption Keys From Volatile Memory, Carnegie Mellon University (May 2007).

The paper is somewhat dated as it was released in 2007. But what’s cool about it is that such analysis wasn’t as common then as it is now (live acquisition was frowned upon). While it doesn’t highlight anything new (and, indeed, shows its age at times), the paper does make for some interesting reading.

While I’m still relatively new to forensics and currently studying DFIR, I figured that this paper may be of interest to some (I found it interesting from a historical aspect). Plus this article is a good way of introducing more forensic posts to the blog.

Feel free to share similar (or more timely) articles using the comments field below!

Related Tools

Volatility by Volatile Systems

Memoryze/AuditViewer & Redline by Mandiant

Finding Encrypted Drives/Volumes on Hard Drive

EDD and, I hear, TCHunt are both excellent tools. I’ve only played around with EDD but I plan on exploring other forms of encrypted drive/volume discovery and decryption in the future.

Privacy Concerns Over New ICE Intel Database

The Department of Homeland Security has just released information concerning a new intelligence database which may impact individual privacy online. For readers concerned with online privacy issues, the FALCON-SA (Search & Analysis) System may be of great importance. While inter-agency cooperation is nothing new, inter-agency databases bring up important privacy concerns.

New ICE database enables federal agents from multiple agencies controlled by Homeland Security to upload information on individuals both domestic and abroad that is or may become a threat to national security. ICE agents can then use the data in FALCON to enforce customs and immigration law more effectively, putting them “in the know.”Combating terrorism by monitoring new immigrants seems to be a primary focus of FALCON. This may even serve to assist in the prosecution of narco-terrorists further down the line.

FALCON can also aggregate data from the public internet as well, populating its database with information gleaned by a seemingly unrelated source. This ability to quickly corolate data ensures that ICE makes informed enforcement decisions based on all available information. It is important to note that the Privacy Impact Assessments released by the DHS and mentioned here were supplied on the DHS mailing list to help mitigate concern among citizens.

Depending on your opinions regarding online safety, databases like FALCON may make you feel uneasy. Information is collected in an “ad hoc” way, as stated by the privacy DHS privacy documents. No information is collected directly from any one individual.

It is my opinion that FALCON is an achievement worthy of note because it could potentially be used to warn ICE of impending threats previously assessed by other government agencies. Of course, the potential for abuse is always present. I’ll reserve the right to pass judgment on the system since I don’t actually know how information gleaned from FALCON-SA will be used.

A positive note is that DHS has actually anticipated problems arising from the dissemination of classified information to unauthorized ICE personnel:

Privacy Risk: Because FALCON-SA aggregates data from multiple data systems, it is possible that its users may be able access records in FALCON-SA that they otherwise could not view in the source system and are inappropriate for them to access.
Mitigation: For data sets routinely ingested into FALCON-SA, ICE has established technical rules to ensure that the user privileges of the source system carry forward and apply to that user in FALCON-SA. As a result, a user’s access privileges to the data stored in FALCON-SA are identical to their access privileges to that same data in the source system. This prevents FALCON-SA from being used, intentionally or unintentionally, to undermine or defeat the role-based access controls established by the source system.”

(Taken from assessment titled “DHS/ICE/PIA-032(a).”)

Furthermore it foresees many concerns that individuals may have with their own privacy being violated. All database queries are logged and inspected routinely. ICE users are also limited to what they see by access controls imposed by ICE (DHS/ICE/PIA-032(a)). As to what “public information” is aggregated, FALCON’s Privacy Impact Assessments remain vague (presumably to adapt with the growing technological climate).

It should be noted that DHS does not need to inform individuals that their previously (legally) obtained information is accessible to ICE via FALCON:

“Because FALCON-SA is a data aggregation system that operates for law enforcement purposes, it is not feasible or advisable to provide notice to all individuals at the time their information is collected or input into FALCON-SA. With respect to information obtained from individuals through federal government forms or other means, such as information collected pursuant to seizures of property, notices on any such forms state that their information may be shared with law enforcement entities.”

(Taken from assessment titled “DHS/ICE/PIA-032(a).”)

Many other privacy concerns are brought up by the new DHS/ICE system. Such concerns are outlined in the DHS Privacy Impact Assessments linked below.  Whenever there are advancements in security there are always privacy issues being raised. Undoubtedly, We will hear more of FALCON in the days to come.

DHS Privacy Impact Assessments

DHS/ICE/PIA-032(a) (FALCON-SA Privacy Issues In-Depth)

DHS/ICE/PIA-033: Falcon Tipline

Related fork() Articles

Cyber Terrorism and the Election @ fork()

National Cyber Security Awareness Month (October)

Janet Napolitano on Cybersecurity @ ASIS 2012

Cyber Terrorism and the Election

Leon Panetta, Secretary of Defense, recently stated that the United States could be facing Pearl Harbor if it doesn’t revamp its security. This time the threat doesn’t come from physical fire fights with opponents overseas, instead it stems from the Internet. Panetta’s goal is to help pass the new Cyber Security bill, H.R. 3623 (“Cyber Intelligence Sharing and Protection Act”).

https://www.youtube.com/watch?v=QVzgPDXJisI

Summed up briefly, the new bill hopes to enable federal law enforcement with the ability to be able to access corporate computer systems in times of need. CISPA’s opposition claims that the resolution hurts individual privacy online. We’ll let you – the reader – decide on whether or not the pros outweigh the cons. To read the resolution in full please click here.

Many feel that Panetta’s comments are an over-exaggeration of a very real problem. As security expert Bruce Schneier stated on October 19th, “[t]here’s an enormous amount of money and power that results from pushing cyberwar and cyberterrorism: power within the military, the Department of Homeland Security, and the Justice Department; and lucrative government contracts supporting those organizations. As long as cyber remains a prefix that scares, it’ll continue to be used as a bugaboo.” (Schneier on Security, 10/19/2012)

Similarly, I feel as Bruce Schneier does: although there’s a very real security threat (APTs), comparisons to Pearl Harbor or 9/11 serve only to incite fear. They aren’t based on any rational understanding of how actual computer networks work. That being said, I do believe industry control systems are at risk by forces from within as well as from without.

Over 2,000 lives were lost during the Japanese assault on Pearl Harbor. To compare a future cyber-assault to Pearl Harbor is a bit of a stretch. Despite the Secretary of Defense’s claims to the contrary, computer systems worldwide are NOT all integrated in a Terminator-style way. They may be in the distant future, but they aren’t now.

Can you DDoS systems on a network? Yes. The problem is that not all industry control systems are online or interconnected. And if they are, they must have something exploitable in order to be compromised. On top of that it is worth reminding readers that a DDoS isn’t “hacking into” anything, it is the flood of bogus traffic to an open and receptive server. Actually hacking “into” something requires systems-specific exploitation.

Panetta points to DDoS assaults such as the latest JP Morgan-Anonymous attack, but those attacks against a web server aren’t going to result in the inability for that bank to do business. E-commerce sites face greater risk from this form of attack.

Air traffic control and power grid monitoring systems are typically closed and separate from the internet. While these systems are sometimes networked on intranets or by secure other means, they aren’t actually accessible to us or an attacker. Panetta’s claims are lumping industry control systems in one big category when they should be understood on an individual basis (SCADA security is an excellent topic that well exceeds the scope of this post).

Do similar assaults pose a problem for corporate interests and cost companies revenue? Absolutely.

If the CISPA was designed to protect corporate interests alone, it would go a long way to easing the public’s opinions of the bill. The source of contention comes from CISPA giving the government power over corporate computers (in the mind’s of many citizens, anyway). Keep in mind companies like Google store your search queries in their database for a certain amount of time, identifying marks such as an IP address are removed eventually).

There probably are important systems that are connected to the Internet and need safeguarding. But to say the exploitation and disruption of such systems would cause an apocalyptic scenario is downright ludicrous. Such systems are the exception not the rule.

Proponents make mention of Stuxnet and yet rumors that Stuxnet was designed by a super power have been prevalent. Many point to the U.S. working in concert with the Israeli government to disrupt specific Siemens industrial equipment (after all, it clearly targets one ‘type’ of system). This is similar to one of the new incident Panetta mentions, a virus that targeted a very specific oil system. With Stuxnet, the rootkit is absolutely useless outside of the environment it was created to exploit: for more information see Operation Olympic Games.

You better believe the new CISPA bill is being pushed for political reasons. That doesn’t necessarily mean it’s bad either, it’s just unfortunate that the only time people “need protection” is during an election year. Positive future legislation will assist companies and stress importance of securing key infrastructure while, at the same time, ensuring that such systems aren’t accessible to the public.

Corporate espionage and enemy penetration from within a company’s own network is a very real danger but it’s beyond the scope of CISPA. Such issues are still not as prevalent as Secretary Panetta is making them out to be. Keep what Bruce Schneier says in mind when reading the news:

“But while scare stories are more movie-plot than actual threat, there are real risks. The government is continually poked and probed in cyberspace, from attackers ranging from kids playing politics to sophisticated national intelligence gathering operations. Hackers can do damage, although nothing like the cyber-terrorism rhetoric would lead you to believe.”

Schneier on Security, 10/19/2012

I’m not a politician and I don’t care how you vote. I only care about the facts. I don’t like when people are “scared” into action especially if they aren’t given all the facts. Cyber security and safety online is an issue which transcends political parties: stay informed is important and I urge everyone to read multiple news sources online for information.

Again, while cyber-threats are real, they’ve been portrayed in the news recently in a slightly over-dramatic way. With proper insight and understanding we can safeguard necessary systems without spreading unnecessary fear.

Sources

Video: BBC News. “Leon Panetta warns of cyber Pearl Harbour” (posted by BBC24News on YouTube), October 12, 2012.

Aitel, Dave. “The The Cybersecurity Act of 2012: Are We Smarter Than a Fifth Grader?.” Huffington Post, August 3, 2012.

Schneier, Bruce. “Stoking Cyber Fears.” Schneier on Security blog. October 19, 2012. Note: As always, Schneier has links to multiple sites/essays of interest concerning this matter.

H.R. 3523: Cyber Intelligence Sharing and Protection Act (CISPA)

Related Neuralhub Posts

LOIC DDoS & The Nature of Anonymous Attacks“, October 2, 2012.

Link – In the News: Chinese Attackers Hit White House“, October 2, 2012.

National Cybersecurity Awareness Month” @ Neuralhub, October 2, 2012.

Edit: A friend asked me for clarification a while after I wrote this. He asked if I was suggesting that Advanced Persistent Threats do not exist. I positively do not believe that. I was disagreeing with likening cyber attacks to Pearl Harbor (even as a metaphor for something extremely tragic). As technologies advance so too will the risks: this assessment can change with time. Advanced threats pose a very real problem to industry and national security and I personally agree with efforts to combat them.

News – The Death of a Dream

“Two tires fly. Two Wail.
A bamboo grove, all chopped down
From it, warring songs.”
― Neal Stephenson, Cryptonomicon

Great article in the Sunday Times Obituaries today covering the death of  Roy Bates, founder of The Principality of Sealand, on the 9th. Bates, residing in England, died at 91 after years of suffering from a number of illnesses.

For those that are not aware of Sealand’s existence, the former artillery platform was home to a number of shady operations throughout the years. Bates used the platform to broadcast pirate radio signals to Europe and declared that Sealand was its own nation and, therefore, not subject to any country’s laws.

With aspirations of becoming a standalone data haven, HavenCo tried to capitalize on Sealand but failed and ended up fading into obscurity. How does a free mini-nation exist without the protection and support from neighboring countries? It doesn’t. Even the infamous Julian Assange was said to have considered purchasing Sealand for his WikiLeaks servers and decided against it.

Although the Bates family has a caretaker staying at Sealand, the platform is empty despite past attempts to lease or sell it. Still, the family remains active and maintains a website and a soccer team!

Regardless of the realities, Sealand remains a dream to all those inspired by the idea of a censorship-free government. In that light, the family is selling everything from plastic wristbands and email accounts to custom titles on their website. Hey… freedom is a nice idea but someone needs to pay the bills!

Roy Bates will be missed. E Mare Libertas!

Source

Yardley, William.” Roy Bates, Bigger-Than-Life Founder of a Micronation, Dies at 91.” The New York Times. October 13, 2012.

Bates, James. “Prince Roy of Sealand aka Roy Bates (passed away 9th October 2012) Obituary.” Principality of Sealand Homepage. October 10th, 2012.

Related Articles

Grimmelmann, James. “Death of a data haven: cypherpunks, WikiLeaks, and the world’s smallest nation.” Ars Technica. March 27, 2012.

Libbenga, Jan. “Offshore hosting firm HavenCo lost at sea.” The Register (UK). November 25. 2008.

Masnick, Mike. “The History Of Sealand, HavenCo And Why Protecting Your Data Needs More Than Being In International Waters.” TechDirt. March 28, 2012.

Staff Writer. “HavenCo “data center” offline?” SecurityAndThe.Net. 2008.

The Principality of Sealand Homepage: http://www.sealandgov.org/