CryptoParty London 29th September 2012
Our first CryptoParty London held on Saturday 29th September 2012 at Google Campus
Slides & Presentations from CryptoParty London
Private Conversations Over Instant Messaging (OTR/Pidgin/Adium)
- Screencast Video
Encrypting Emails (PGP/Enigmail/Thunderbird)
- Screencast Video
Disk Encryption (Truecrypt)
- Screencast Video
Privacy Protected Browsing (Tor Browser Bundle)
- Screencast Video
Oyster Travel Card Swap
A London specific, easy, non-technical Anonymity technique would be an Oyster Travel Card swap at the London CryptoParty.
Participants could simply swap the prepaid Oyster Travel Cards that they have brought along to the CryptoParty (not necessarily the ones they actually used to travel there) with other attendees.
Any major differences in stored value left on the Oyster Cards should be settled up between participants.
N.B. the Transport for London databases are handed over to the Metropolitan Police, "in real time, in bulk", a process which the former Labour Home Secretary Jacqui Smith made exempt from the Data Protection Act 1998 by Ministerial Order, something which the current Conservative Home Secretary Theresa May has not bothered to cancel.
Swapping Oyster Travel Cards will not deprive TfL of any actual passenger travel statistics, to help them plan their network and timetables for Buses or the Tube, but it will help to anonymise the database(s) against public and private sector snoopers.
Mobile Phone Swap
The Communications Data generated by mobile phones is of three types - Location, Friendship tree (or suspect list of co-conspirators) of which number called which other number , when and for how long and your Subscriber Details.
- Buying an "anonymous" pre-paid mobile phone only protects your anonymity from the central registration of Subscriber Details i.e. name and address.
- Expensive, high end smartphones are as powerful as many computers and some models e.g. Apple iPhone attempt to track your usage and identity, especially if you purchase ring tones or music online. Others, like Google Android based phones make a virtue of their Location tracking capabilities. All of these have their uses, but present dangers to a whistleblower trying to contact a journalist or blogger or other intermediary to set up face to face meetings or to arrange whistleblower document deliveries or drops. These phones can cost hundreds of pounds, so they are not usually viable as disposable "burner" phones, unless you are also involved in drug dealing or have a corporate expense account.
- Buy a basic, cheap pre-paid mobile phone from a supermarket etc.. e.g. VX1 Party Phone unlocked Credit Card sized basic mobile phone Samsung GT-E1080i -a very basic voice and SMS only phone with a long battery life, available for just £9.97 including a free SIM card from one of seven network operators / billing services available from the larger Tesco supermarkets.
- You can buy a new pre-paid Mobile Phone from, for example, Tesco or Sainsburys etc., for as little as between £10 to £20 pounds
- "Dog Ate My Crypto Keys" - Whole Disk Encryption
- [Flash memory forensics to recover a changed TrueCrypt container file]
- [Greatest Common Divisor, Graphics Processor Units & 1024 bit Public / Private Keys]
- UK Legal Aspects of Cryptography & Anonymity (.ppt) (.pdf)
"Privacy is the power to selectively reveal oneself to the world." - Cypherpunk Manifesto, 1993. Data retention, wiretapping, interception, stalking.. Make it really f&*^ing hard for them!
Date - Sat 29th Sept
Saturday 29th September, 2012
Time - 6pm start
6pm till 11pm
Venue - Google Campus
Google Campus: Ground Floor 4-5 Bonhill Street London EC2A 4BX
This is about midway between Old Street and Moorgate Tube stations (slightly closer to Old Street)
Registration - Register here - now full, but there is Waiting List
This will be a free event, but you will need to register your intention to attend, so that we can keep within the capacity limits of the venue.
N.B. the Registration limit of 125 has now (Monday 24th September) been reached !
You can still use this Eventbrite form to be added to the Waiting List (now with over 30 people waiting for ticket cancellations)
Existing free ticket holders - please notify us via info@CryptoParty.org.uk if you cannot make it to the CryptoParty on Saturday as you hoped, so that we can allocate a place to people on the Waiting List.
What to bring with you
- Your Eventbrite printed ticket, or at least the ticket reference number - the event is fully subscribed, so unless you can impress our Social Engineering / Blagging experts, you won't get in without one.
- An open mind
- A sense of humour
- Laptop computer and charger (at your own risk) ideally with a fully charged battery. There will be quite a lot of electrical power points and extension bars for recharging, but perhaps not, not if everyone brings multiple devices
- SmartPhone and charger (at your own risk) ideally with a fully charged battery or spare batteries (remember to set this to silent or vibrate during the presentations)
- Rainproof clothing / umbrella (check the weather forecast)
- Food & Drink - we are commercially non-aligned so no commercial sponsorship (at least for this first event)
- If you want to participate in the CryptoParty Bring & Swap session, to help to confuse your digital communications and transport data trails, then bring along some PrePaid Oyster Cards, free / cheap mobile phone SIM cards, cheap prepaid mobile phone handsets or just some free webmail or social media usernames and passwords etc. which you can swap with other attendees.
- micro SD card reader for the flash memory forensics workshop
-----BEGIN RSA PRIVATE KEY----- ty8xLMIIEowIBAAKCAQEArmkP2lNe9A87PfX5Xg1EewDiCzGLkSOuKAbA3y2ZQ0C 2BBeg2khGVLqBf0OSBuKDDwYmv6J1mjJbgP3cIPBclQkDd9XVGFfvhHsMVNKCgpv xf5lkPcnPEbz3pmXilW8dkFn9/Q/LaBxVUR6g6Utci4vcddwEJaIHx3MaPKGSG4q DvnwUgwhmEeI/HKqICitnWtas3K5xK7SIkVKrmS6th2qYgGj/aGNckF8b/PihGjY qGhGGbHaalyjePo2OflxvCq3GKPOwo3US3nY9mzrXfuCiPGrkFeqKiLKOcXkTmJS lbl4mUJrnvBJaqBUxnPGff+RjHri9BSWai9rdU99ZCwIDAQABAoIBADx8IwtMLnn 5NZKel7yOTVl7DOlk3UoQXa1z6h976NLx81PiHcwtlHZ917sS6+mHVHw5XebHqJE eglgHd2DU+saUwacleSlgFaiUI8qm1qwE+mSg7OmAu1cjeZ8zZkj8p/wPuY2xlJE L6u53jzZY9FdQwbv9+VIzxw7cVBUC03DJLgNrTn3ckKEzc3Kriib+z9rI/GCELu1 s2v/xfH/kkGLRqE7KCk77Hh3/STAxySam3MonvN0XlRM8A1gIW94tyEAbmoLxbOC xcLX1YaV3Cxi9ACC4PdydA0Ypsrf4VEN7ETRKH7iTiYBAUZ7LudfESGZXfGP1GDU oZFzxIBtOa8ECgYEA1bUbWUeJ7+WfDa8JmmIa8mLb5M59gFgh4J9IDNJx8ZNrRNu nwtrjAIfDIYMqmooaof7YgsxgLz+ZcU| |Jh751ms0wkds3Snl+6qBy/3HnI48qb jnjkjdadap/ __| '__| | | | '_ \| __/ _ \n98sau98u98a98798782hiuh jxxccdsad| (__| | | |_| | |_) | || (_) |a86K2Mzwj+99uhjk1hj1hjs akjskm098h\___|_| \__, | .__/ \__\___/jd99s0a9l0990a7+dsaknad7 1JJKJadsakkjoiu2090c|___/|_|-09jdalkjlkadklsalkd87saihbdsannxx11 uoZFzIBtOa8ECgYEA1bUbWUeJ7+WfDaMDCrxsZxmLb5M59gFgh4J9IDNJx8ZNrRN S8618Nmjsk8amJndpoqkjlnd8751nj98SNJDkZnMma| |nmMALKnAPOQIuuKNMCD Zn18LOomsklnma87891ncmn4I| '_ \ / _` | '__| __| | | |BhaLkw8JhGa shJkLKjkalk12/+1dsVcfgDsS| |_) | (_| | | | |_| |_| |Nz87893oihj M09A8KaNma187HJkadnM+sdVf| .__/ \__,_|_| \__|\__, |10Kla+4lsdN cmMN1Janbsd82HgdfG81445Mn|_|0Kla/sHaj243676HaK1|___/aZdhjkaZ817d tUY1xI/zRRZvw88GajezKm3oiRjdppiLVqSwYG6NRkoZvGkTUUljq60klkjee+5T OTGIrldw2/YfI5iDMCvo0yBJVhv28XCIqy3Bd3JlXO+ygwlCqvrSuMDI8uE6KW07 tDvEidtFmkr/sMAxxhACu0zqd5wKBgQCV3ruJpUh6zYNtWbj8efLChRHA+wCXwJi kFgFlBYMK407EIyQmLFh4PzwWsN7AXghCAwKnRiBIsshx0xuvW4Erbr1PaUicKLj fuREsMg69| |8TmZum4kdCxwg5Q0Azp| |EdlyW98PR7gLSwj6EmkslgGcnyChFv tnCMEPf61| |M+u/ ___ _ __ __| | ___ _ __ JgkQKBgB5KCUjrVMG8x icZ+zUTGc| | / _ \| '_ \ / _` |/ _ \| '_ \hOCzlzV+zWvpLbO/slx CIhi+aLMW| |___| (_) | | | | (_| | (_) | | | |Pt+je5KTbXzpyjxoAW N9Pw0/LxQ\_____/\___/|_| |_|\__,_|\___/|_| |_|LxXsgtipa1WEpdKguv iNChiXuqOMlo9Ie0Ou9RNCKCs6eiK6xijeZiBDFVcWF4dVThM1lkiWw394ovn7Bd AJ1BOAMF06ZK1/bJWZgWA0O0UAIfDIYMqmooaof7YgsxgLz+ZcUvFk33Snl+6qBy /3HnI48qbnwtrjE8CgYE+XdpuUwlEzwuv5xD1eDqh0Y9/yE7yAmcHlsrdWcFAtyz FNU9lUE/M+AEoAGtIV/rLzVI2G18ZduTfbK/kXxZatpamEgPAudc/HrwkkdkxJzD uG5nDM4U -----END RSA PRIVATE KEY-----
From CryptoParty article by Parker Higgins of the EFF
"...a set of global get-togethers where more experienced users can teach beginners how to use the commonly available tools that tap into the incredibly powerful technology of cryptography. I hope that a beginner walks away from a #CryptoParty with an understanding of not just PGP, OTR, and the like, but with an idea of why threat models are important, what attack vectors she ought to consider, and — most importantly — a network of people and resources she can contact for even more knowledge."
- @CryptoPartyLond (the offical twitter account for the meetup)
- @samthetechie (just a random electronic engineer / geek trying to help make this meetup awesome, member of London Hackspace)
- Crypt (just another geek from LHS)
- @lamoustache (IT Smooth Operator)
CryptoParty London should be of especial interest to investigative journalists and politicians and human rights or civil liberties activists, almost none of whom use Cryptography or Anonymity tools and techniques.
- PDJB: wanted: basics of PGP, offered: basics of Truecrypt
- Inviting http://meetuplondon.hackshackers.com/ would make sense here...
CryptoParty London is still in the planning stages. We are
looking for a location and are looking for people willing to teach. More as the situation develops.
We would like to do hands-on workshops or give talks on:
- Threat Models - what sort of data are you trying to protect against how well resourced and motivated an adversary ?
* United Kingdom surveillance & snooping laws [Mark]
- Privacy / Confidentiality tools & techniques
PGP/GnuPG Public Key Cryptography software installation on multiple operating systems
- Key generation & use
- How long / strong a passphrase ?
- Publishing Public Keys, how and where e.g. PGP Key Servers,
- How to format the display of a PGP Public Key block in a web page
- Verifying PGP/GPG Digital Signatures
Truecrypt and LUKS
- Software download, verification and installation on multiple operating systems
- Choosing which Cryptographic Encryption Algorithm and which Hash function
- Full Disk or external Device Encryption
- Encrypted container files mountable as logical disk drives
- USB flash memory pen drives, digital camera and mobile phone memory cards, Read Write CDs or DVDs
** SSL and authentication [@lamoustache] *** Checking the validity of a web server Digital Certificate *** HTTPS Everywhere
Anonymity / Pseudo-Anonymity tools & techniques
** Tor and the Tor Browser Bundle [Runa] *** Tor Hidden Services anonymous publishing
- Open Proxies
- Public WiFi
- changing the MAC address of your WiFi connection
- Public WiFi
Voice Over IP (VoIP)
- pros and cons of Skype
- pros and cons of Mumble
Virtual Private Networks (VPNs)
- Private or Commercial VPNs - pros and cons
- Microsoft PPTP (avoid if possible, or tunnel something else through it)
- SSL VPNs via your web browser
- Remote Desktop sharing
- Web based Remote Desktop e.g. free version of LogMeIn
Mobile Phones - 2G, 3G & Apple & Android & Blackberry SmartPhones
- Anonymity - Communications Data retention and analysis
- mandatory for / by Law Enforcement & Intelligence Agencies
- Call Detail Records / Charging Detail Records & Location Based Services, Friendship Trees via Data Protection Act section 29 Single Point of Contact
- IMSI Catchers (may not be legally authorised)
- Silent SMS pings
- voluntary (but hard to escape) e.g. Google Latitude, Two Factor Authentication of Google or Twitter accounts etc.
- mandatory for / by Law Enforcement & Intelligence Agencies
- SMS text messaging (no encryption except over the air)
- BlackBerry Messenger (1 global DES Key handed over to various Governments)
- Smartphone Messaging Apps
- GPS satellite location
- Exif meta data in mobile phone camera images
- Anonymity - Communications Data retention and analysis
Mobile Phone Anonymity techniques
- Prepaid "Burner" Phones
- Why swapping a SIM card in a mobile phone handset does not stop you being tracked
- IMEI reprogramming (illegal in the UK !)
- call forwarding through GSM Gateways & Private PABX
- Smartphone VoIP Apps e.g. Burner App for IPhone
- Fuzzing your Location Data Services
- Vodafone ClearSignal 3GPP FemtoCell and a VPN tunnel
- Directional antenna to connect to a more distant Cell
- IMSI Catcher detection
- independently Encrypted SMS Text Messaging e.g. TextSecure
- independently Encrypted Voice Calls e.g. OSTel, RedPhone or custom encrypted handsets like CryptoPhone
- BlackBerry Enterprise Server (BES)
- private / corporate BES
- BES shared via Mobile Phone Network or third party provider
- VPNs through Mobile Phone data connections
- PIN codes
- Voicemail - remember the ongoing News of the World scandal ?
- Screen lock - often enough to stop casual illegal snooping through your Contacts and stored SMS messages
- SIM lock
- Mobile Phone "beeping" - pre-arranged messages via unanswered phone calls after a set number of rings - The Rules of Beeping: Exchanging Messages Via Intentional "Missed Calls" on Mobile Phones
- Minimizing your digital footprint
- Surveillance & Counter-Surveillance
CryptoParty Bring & Swap [Mark]
The idea is act as a "cut out" to confuse the forensic data trail leading back to the original purchase or set up of various communications (and travel) tools. Obtain these beforehand and then swap items of equal value with other CryptoParty attendees. ** Oyster Travel Card Swap - Prepaid Oyster Card £5 deposit + £5 minimum top up = £10 ** Pre-Paid SIM Card Swap (free or 99p) ** Pre-Paid Mobile Phone top up vouchers - minimum £5 T-Mobile, £10 other networks ** Unlocked cheap "burner" mobile phone handset - (£15 - £20) ** 3G data dongle e.g T-Mobile £20 + credit ** Free webmail or social media account setup - Swap the username and initial password with another CryptoParty London attendee.
* workshop/talk/challenge on flash storage,forensics,truecrypt. [John] ** Bring a micro SD card reader
* short lightning talk entitled "Dog Ate All My CryptoKeys" - an overview of whole disk encryption solutions, how they work and most importantly where they can fail - by @hackerfantastic
Want to do a workshop or a talk?
Want to do a workshop or a talk? Add it to this list. You don't have to put your name down, but please ping the organizer and other contributors to help keep everyone informed. The recent organising meeting set out a structure for the first meeting here This is meant to be a rough structure and is subject to be change, but should give a rough idea of what we aim to achieve with the first Cryptoparty
The threats to our privacy and security from government, corporate and criminal snoopers are especially great in the United Kingdom.
See the Written Evidence to the Parliamentary Joint Select Committee on Draft Communications Data Bill (.pdf] for warnings by technical and legal experts which contrast with the complacent, secretive, technologically incompetent surveillance state policy makers.
Normal, non-technical people need access to basic, practical Cryptographic and Anonymity software tools and techniques with the help of friendly, experienced users and experts.
Bring a laptop and yourself. We will post where all applicable updates are so you should install them before you come to the party. Do not bring removable media to pass out to attendees, by definition it can't be trusted. All software will have to be downloaded and cryptographically verified (don't worry, we'll teach you how to do that) by the attendee.
Mobiles phones should be set to silent or vibrate during talks.
Journalists are very welcome to come and learn, but please obtain people's individual consent to interview, video / audio record or photograph them, or their computer or phone screens or keyboards.
Undercover Covert Human Intelligence Sources (CHIS) are also welcome to come and learn (by definition, we cannot stop you) - at least buy us a beer on taxpayer or corporate funded expenses.
Spread the word
Please publicise CryptoParty using other media apart from Twitter (you can link to @CryptoPartyLond) e.g. blogs, email lists, FaceBook, discussion forums, word of mouth, letters to your local newspaper etc.
If you can contribute good graphic designs for London specific logos etc. or technical talks or can mentor non-technical people in the hands on workshops then:
b) Use the Talk London Discussion page on this wiki
c) Please CC email to firstname.lastname@example.org PGP Key ID: 0x54828CAA
d) Email: info@CryptoParty.org.uk
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: SKS 1.1.0 mQINBFA3Zg0BEADR4Dm2jF6H4Jux4gjC6GT6+xAPKdlJvsiSYhZACCg7KAEyICZaEl1FH97c rVA/fI5tQ7ZUq3JZdqNDZx9sRmtsO71WVMQO8MClCu3M4R0xGQCSc6LbedmK/apuQokjYL3M mLw6Z03H/4YJ8dr72G6XJfA5oZ97o5OqRogaSc72zeB/sr1AM9QTjaDwqnWF4J9vQenSbnA5 565NYuYZ4VXMcAjc3xER56/SRLDzYaSxELy+uiw/aTWScUi6j/qjAdW3RycXvjpzU3FTAmJF 8dcrfByDR16hAllNIwGNN7R1smXkrnvZwjbwlw0YLKCe7oymLXV3iR0nBDNvxttn9J02W2X1 WS0UHFLA3cT4RA+tL7VfIXgnXrdesqqRg89BGMjucPIF6ShURGu0Ou8vupUUGGqU47YHVczW UwlvavEIqSUDoBk5IJYVTF7zY15bfYR7NEEn3mgEbQk6b4CKx+nojfP6PGbuclUZE8SPhXQd 0n/9QsALCAQ9cvw01dutmAHaayOQzCe/RS/TaaMFWUiPCn7w1Dcn8iyK2lSAfAwC5F1mPpHd xtxig57sfwJubat4g2VIRXaShKc6lVLjA6jp5dbLp/wGuuka5iomKwRHkvQLSBEmUvPt4n6y wx+ZbOjSN2+8uoExnCeulJoS2U4KDtYNfGDaBzmhuoHygifPbQARAQABtEBDcnlwdG9QYXJ0 eSBVSyAodmFsaWQgdW50aWwgU2VwdCAyMDEzKSA8aW5mb0BDcnlwdG9QYXJ0eS5vcmcudWs+ iQI/BBMBAgApAhsDBQkB67+AAh4BAheABQJQN2crCAsJCAcKAgMNBRUKCAMCBBYBAgMACgkQ 1piRWomX8bj4Nw/+LPRhcyGzmhufVeulrvtm/AEu14H22StrYmPOtpk+PGJPUh+iO0AfZ+ge kuSp9Pz0teWR92NWBN7BZXM+1jeBE/s+HYReyQl+XzVtWAJIonKmO10X+li/29yZTtjfZYGJ pyGN0bueKb+/nasy9gqAhW1OlGuZpnOtJuYAlMFzhkog4FZqAGMf1K/XqxTCX2u+6cpDlYjM BFUsSadwF8YgJXRO+XRQGCD3Ja+DlDTDKp6jbvnNNZFSxw+feKKOB1OAv59G0tr7PHCBtqKW tFaSURKW1CUbbzIBnYepKGaiWWt6KbblJNt+Roef8k8SVXFGdgS3bsIGolMDEQCWxALRwRdk KuwyK67F/0FZAPFF2HlBduiP6Gfagq1GAAJxM87ZOHaUjsGmLPEtGjwZT61mi7h01Iv5uv7N qf5qgfhCtTilg6gqomo0DQeImaBC+IZCW4qezM9Bqz5zMGNv+c4KLTn8kdGAl0tR1m263zF5 jaXfkneO4oSzSnO0IQDa4buvHtn3f1nyW8f6KrA3n2yRyU+jaytTAora0wAMf71aZa2oTlce Rb9HBZAMcXT0hcteWQdLjTbyUr3rnbsu73QBjfnepA06+QjcpmNoSBHrOX1eIbV5r8lZskjP YhaG4rk8ptl26CoF9y4giOhLJWzAkRTDTHrq7oidovWNu/3n8R65Ag0EUDdmDQEQAL5narwF ISbXgiIHPPdiOEhxYyFa0fcVNGhH0bJoCDQKaBF//3bWD7j2zY3KUAmkxBvaD/sDTEMYP0F0 iCUndyKkMT1vDIlvbWHniU0SRQOfNMFit6uYsPPKt+7ioijpYjR2y1oe8arBaMsznBHHfd6B 6M72SIRGdaWumaANxh1BqSZ2iNKdYvCpNKr/P3EaQRKDbjQ5A0DWG3S6TW3NdaEo+rhwmAjs iJX1+J8sYv45KyrMb+wQgkBzSR/AndTaHvhbqBocMlwyzcum0SneZzCxR6MherJaIQEQ/p74 /YjDLINk3592mttKOvWCfKNDem3oAWEmmnYxBhtJ6FwNl7+6DW0XjiAC0dqpidYQo4ktyRRG cpQ/ixVHnePJ7/6I6fePaGrYEGSDWUPk5B41ghjtCPStYpjK0xZfyUB3w51hbP89AAyC0t8Z awK7/6RJLmub17MRZqGGf8Wy6MbF70ewa6YNiKoqtaaO5JmM4EO25GodMfg9Faxs3Thg1gMS rCAywhMdZeR14W3ioknnRIBUj+R0SYHa/nT4y7cIVYepINIWyO0FJQDaN6/INWz4PzMIx1JC XhrP9CjqwmMVsi0FtlbU7K75J4jKPbRJOSOwBGmKzZW+qFnln+D4FEIX3SetOieIaLyHU0Qo p1wlMKNvUPNrWe7O2HoZ5kkn5bHFABEBAAGJAiUEGAECAA8FAlA3Zg0CGwwFCQHrv4AACgkQ 1piRWomX8bimTw/+LOgljQpB7Rh1NjFCQbd+J3QOLF7AjMLAcqL76z2V7/QvxjVcCYQ0LHay lPxoRVMjXcKdVYuHhYzJpvkTMXlvJ0GgYk+PGu5iVTNF1DNJ4azjRHrwIOd0wYKfG/5/+drw ENlaTrSeoEY51WDTFBWYphHNSAAfWIwAXQ6azf2UzXIPjc6EYvbdTELd2+60SmkbeG4mwGcz pnFJGi9DBJ0QX3f2P3cgWF/jz+EMr7ldmIsFqeykj8HYhHMDCYzdD6XCiyu0iYDDDzeKpDDA tF67B0voorGE2ECoPJseRBAK/fLGoqiEYrBeCq1dA3ovm/0yvpXFoQsOMYf50RTbm/cYjbBR BxoTKfj4YQTljInA1DSAEfEm/XALNZBpzlvEjSXifRUV2KI9YZV3W4QPW3IMDvpo7weWHyXh G7URbt41vTS0DA1B9xMZDdy7WT6Y/Di6pC+4FICCZH3fimEuAQRKNjxTynSslk/iGnfQ/xt7 OqUr73lDAeqFYF1PLWJZmZvsv9nkCAgVZPsMfP3ToTlY9G6jGl+DuvcE63R3KFe7wcIkTIXq zC00InBFsi3xEEOMqhmEm7pXN/hZ+TNR67Pd5gonGyxbOy0v3Ay//A8ap1bslk/BXjeBLpMp 1vLzdhJUenYRcDVsCIbOaX/+vyHAbDbbjVzSTjJIg2UPHsKvSVo= =lcbV -----END PGP PUBLIC KEY BLOCK-----