Hellbent on using technology for the betterment of humanity, a mysterious but well-known hacking group has unveiled a new technological tool – dubbed “Camera/Shy” – to an eager underground Internet audience.
This latest exploit promises to become a headache for oppressive Internet censors, snoops, spooks and crackpot dictators the world over, from China to North Korea to Iraq.
Based in Lubbock, Texas, the Cult of the Dead Cow is considered the most influential hacking group in the world. The cDc alumni reads like a Who’s Who of hacking and includes a former presidential adviser on Internet security and the German hacker known as “The Mixter.”
A secretive group of five high-IQ intellectuals, they are a wildly synergistic combination of grit, wit, social activism and righteous audacity united by a noble purpose – to keep the Internet free, healthy and adventurous and to aid people suffering from government-imposed Internet crackdowns.
Professing a belief “in the dignity of all human beings” as well as a love for “loud music and big parties” this “hacktivist” group is known for stretching the limits of the First Amendment and fighting anyone or any government that aspires to limit free speech.
To this end, the cDc organized a “special operations group” known as “Hactivismo” to study ways and means of circumventing state-sponsored censorship of the Internet and to implement technologies to challenge information-rights violations.
The founder of the cDc is “Foreign Minister” Oxblood Ruffin.
Like most hackers, Oxblood masks his identity with a pseudonym.
“Oxblood Ruffin,” incognito.
“Our fathers and grandfathers fought wars defending, among other things, our right to speak and be heard. They even fought to defend unpopular opinions. It is the unpopular opinions that are most in need of defense. Without them, society would remain unchallenged and unwilling to review core beliefs,” says Oxblood.
The cDc warns that “free speech is under siege” and they are “deeply alarmed that state-sponsored censorship of the Internet is rapidly spreading.”
The group is “convinced that the international hacking community has a moral imperative to act.”
Groups like cDc, l0pht and others discourage hacking websites and denial-of-service attacks. Instead, they try to help dissident computer groups in totalitarian and repressive societies. For example, The cDc claims it has aided a Chinese hacker group called the Hong Kong Blondes by giving it technical advice and software tools – including 5,000 copies of the cDc’s “Back Orifice” hacking tool to distribute in China. The Hong Kong Blondes reputedly were bothersome enough to be followed by Chinese government operatives when traveling overseas. In addition, they enlisted the services of a bodyguard.
These cocky cDc roughriders of cyberspace unveiled Camera/Shy Saturday at the H2K2 hackerfest in New York City. H2K2 is the 2002 Hackers On Planet Earth (HOPE) conference, alternately billed as a “gathering for hackers of all types” or a “computer security convention.”
The inventor and lead developer of Camera/Shy is a cDc hacker known as “The Pull.”
Camera/Shy is a browser that uses steganography – a method for inserting text into graphics files for viewing with companion software. The text is encrypted and can be pass-protected for an additional layer of secrecy.
Designed with the non-technical user in mind, Camera/Shy’s “one touch” encryption process delivers banned content across the Internet in seconds. Utilizing LSB steganographic techniques and AES-256 bit encryption, this application enables users to share censored information with their friends by hiding it in plain view as ordinary .gif images.
Camera/Shy is the only steganographic tool that automatically scans for and delivers decrypted content straight from the Web. It is a stand-alone, Internet Explorer-based browser that leaves no trace on the user’s system. As a safety feature, Camera/Shy also includes security switches for protection against malicious HTML.
It is expected that Camera/Shy will enable people in oppressive countries like China and Saudi Arabia, to engage in outlawed communications right under the noses of network administrators.
“The local feds would have a very hard difficult time stopping it,” says Hacktivismo.
Interview with Oxblood
WorldNetDaily interviewed Oxblood regarding the release of Camera/Shy and the cDc’s hopes to do their humble part to destabilize dictators around the world:
WND: Do you foresee any concrete threats to this new tool?
OXBLOOD: Not particularly. The developer who invented it is pretty sophisticated when it comes to vulnerability assessment. But that’s not to say there are no potential exploits associated with this technology. Because it is being released open source we expect the hacking community will be able to find any bugs that escaped The Pull’s gaze.
WND: Does it have a “window” of viability, or do you see it as a pretty long-lasting effective means of communication?
OXBLOOD: We see ourselves in a sort of hit-and-run conflict pattern with Internet censors, most notably the People’s Republic of China. We’ll exploit whatever vulnerabilities are in their censorware arsenal with C/S as long as it’s viable; then we’ll dump it and move on to something completely new. This is the first time state-sponsored Net censors have run up against anyone willing to challenge them, and it’s causing them, especially the PSB (Public Security Bureau – the Chinese Secret Service) to freak out. They thought all they’d have to do is call up their stooges from Cisco and the other software titans supplying them, and they wouldn’t have any problems maintaining control over their people. But we know all about the software they’re using.
The only difference between us and the IT-turncoats doing business with China, etc., is that we’re not for sale. If anything, these companies are creating a destabilizing international environment by abetting foreign governments in their quest to choke the free flow of information. And why these companies are not required to register with the U.S. government as agents of foreign governments confuses the hell out of me. As President Bush said, “You’re either with us or against us.” You can’t work with terrorist regimes such as the PRC and claim to be patriotic Americans.
WND: How do you foresee members of oppressed populations being able to find out about it and get it?
OXBLOOD: We have a fairly sophisticated distribution chain that will be managed by grass-roots democracy and human-rights organizations. But I am not at liberty to disclose the specifics of any arrangements.
Controversy and cocktail napkins
Some press reports have sensationalized potential misuses of the hacking tool. These criticisms have their roots in controversial and unsubstantiated media accounts, published before and after the 9-11 tragedy, which suggested terrorists may have used steganography techniques to imbed messages into .gif files. Such reports were circulated by the Washington Post and USA Today.
In February 2000, USA Today reported that terrorists were using steganography to hide their communications from law enforcement. According to the report, images were being hidden on Internet auction sites like eBay. But the report lacked the technical information necessary to allow a reader to verify the claims.
The USA Today article concluded: “It’s no wonder the FBI wants all encryption programs to file what amounts to a ‘master key’ with a federal authority that would allow them, with a judge’s permission, to decrypt a code in a case of national security.”
A few days before the Sept. 11 terror attacks, a team from the University of Michigan reported they had searched for images that might contain such messages, using a network of computers to look for the “signature” of steganography.
According to researchers at the University of Michigan Center for Information Technology Integration, they “analyzed 2 million images downloaded from eBay auctions but have not been able to find a single hidden message.” Their report noted that “recent suggestions in U.S. newspapers indicate that terrorists used steganography to communicate in secret with their accomplices. … While the newspaper articles sounded very dire, none substantiated these rumors.”
Former FBI Director Louis Freeh testified before a Senate panel on terrorism in March 1999 that “uncrackable encryption is allowing terrorists – Hamas, Hezbollah, al-Qaida and others – to communicate about their criminal intentions without fear of outside intrusion.” However, in two successive briefings following the terror attacks, senior FBI officials stated that the agency has as yet found no evidence that the hijackers who attacked America used electronic encryption methods to communicate on the Internet.
In stark contrast stood the reports that some of the terrorists had communicated via scribbled notes on cocktail napkins. And while credible reports suggested bin Laden was using satellite-ducking phone technology, there remains little evidence that his underlings, who were intentionally kept in the dark about much, needed to use any high-tech means to communicate.
Despite the FBI’s findings, some U.S. newspapers have continued to circulate similar reports.
For example, the Washington Post claimed that the inventor of the widely used PGP, or Pretty Good Privacy, encryption system, Phil Zimmermann, had been “crying every day … overwhelmed with feelings of guilt.” Post readers were told that Zimmermann “has trouble dealing with the reality that his software was likely used for evil.”
Zimmermann responded in a public statement, accusing the Post of serious misrepresentation in publishing things he never said. “Read my lips,” he said, “I have no regrets about developing PGP.” His grief had been for the victims, not for culpability about his invention.
Bane or blessing?
Camera/Shy’s inventor and lead developer, The Pull, notes that these “familiar, dramatic themes” have been “wheeled into the fray” as some have pointed out that the tool could give violent organizations the means to operate more covertly.
The Pull responded, “I think, without any pause, everyone who has had questions about Camera/Shy have alternatively said both ‘Camera/Shy will help terrorism’ and ‘they will catch you if you use it.'” He asks, “Well, which is it? Is it really a scary tool which terrorists could use and get away with? Or is it something that human-rights activists will use naively and hence get caught doing so?
“The bottom line is that there just are not that many tools designed specifically for this sort of purpose. It treads scary ground, but it is ground which must be tread,” Pull contends.
In memory of Wang Ruowang
Camera/Shy has been released open source under the GNU General Public License. It is dedicated to the memory of Wang Ruowang, a Chinese writer and social critic who was one of three prominent intellectuals expelled from the Communist Party in 1987 as “bourgeois liberalizers.”
The cDc calls Wang “a study in courage.” The Dalai Lama referred to him as a “freedom fighter who envisioned a liberal and democratic China.”
Wang died in New York on Dec. 19 after a brief illness. He was 83.
“I’m really proud of everyone in the group,” said Oxblood. “They’ve made a commitment to bringing a constitutional toolkit to the Internet. And although not all of us are Americans, we share the fundamental ideals of the Constitution of the United States, especially freedom of speech. Camera/Shy is a small first step in sharing that privilege.”
He adds, “We realize that, but for the grace of God, we could be sitting on the other side of the firewall,” noting that “there’s a new generation of freedom fighters – sitting behind computers.”
As Hacktivismo says, “Sometimes hiding the truth is the best way to protect it, and yourself.”
Related special offer: