Hushmail Info....might be helpful!

[T-Biggs]

I pulled this from another board and thought it might ease some minds:

Of particular concern to some officials are offshore providers of free
e-mail services such as Hushmail,[Footnote 9] based in Ireland, and
Operamail, based in the Netherlands. Officials at one agency told us
that they believe it is too risky to approach these providers with
requests for voluntary cooperation because they can ignore
nondisclosure requests with impunity, and may intentionally or
unintentionally tip off the subjects of investigations.

Internet drug crime investigations are further complicated by service
providers who strip e-mail messages of information about their point of
origin. E-mail generally contains "header" information identifying
various Internet Protocol (IP) addresses, including "routing" and
"originating" IP addresses. IP addresses may prove useful in
determining the identity of the user of a particular e-mail account.
However, in some cases, investigators find that some service providers
automatically eliminate origination and routing IP addresses from e-
mail sent through their services. Hushmail, for example, strips
origination IP addresses and substitutes the IP Address of Hushmail's
own computers on its customers' communications. The result, for
example, is that when a steroids dealer in Florida sends an e-mail to a
customer in Virginia, the e-mail that arrives in Virginia has
Hushmail's originating IP Address in Ireland rather than the actual IP
originating address of the dealer.

[jaysunderstudy]

Sux when ur privacy rites are violated. Thanx for the info.

[scaramouche]

hushmail is in canada isnt it? and it logs everything and hands it over to le,i have read elswhere they were instrumental in raw deal

[RuhlFreak55]

why in **** can't we get this hushmail shit straight??????????

[scaramouche]

which "other board" did u pull it from,the notice board down at the precinct

[rock75]

hushmail is in canada isnt it? and it logs everything and hands it over to le,i have read elswhere they were instrumental in raw deal

where do you get this info from????? really would like to know???? no flame just curious bro

[YouAintKnow330]

Yeah I'd like to know where that info came from as well... Also very curious

[Roidal]

hushmail is in canada isnt it? and it logs everything and hands it over to le,i have read elswhere they were instrumental in raw deal

x2

T-biggs that stuff is crap shoot and too old, there is no ****ing way I would ever trust or deal with hush in any way possible.

[scaramouche]

where do you get this info from????? really would like to know???? no flame just curious bro

from hushmail.com

Hush Communications maintains its servers in British Columbia, Canada. Hush Communications complies fully with valid court orders issued by the courts of British Columbia, Canada. In order to ensure consistent treatment of all users, Hush Communications does not accept court orders from other jurisdictions. However, law enforcement agencies from other jurisdictions may pursue action through international channels compliant with the laws of British Columbia and Canada, resulting in a court order being issued by a court of British Columbia.

Hush Communications Ltd
Suite 1177 - 1100 Melville Street - Box 27
Vancouver, BC, Canada
V6E 4A6

all le has to do is ask,hush comply without a fight the last thing they want is to be seen in the media to be hampering bush's war on drugs

i havnt got the links here but do a search,the evidence is right here in some posts by a member called the godfather i think

by all means trust hush if u want but ull be digging a nice big hole for urself and anyone u communicate with

[scaramouche]

ok i just found it

http://forums.steroid.com/showthread.php?t=317132

the very next person to say anything good about hush should be banned

[magic32]

ok i just found it

http://forums.steroid.com/showthread.php?t=317132

the very next person to say anything good about hush should be banned

[TAPPER]

Originally posted by: scaramouche

the very next person to say anything good about hush should be banned

Ban me if you wish but out of any online community I would think this group would understand how easy it is to get a bad rap from the uninformed. That said,

THERE IS NOTHING WRONG WITH HUSH!!!

People who don’t fully understand the technology and choose to place 100% confidence in a free service can’t lay the blame with their service provider when shit goes down. Hush tells you right up front it logs your IP, stores your key on their server along with your encrypted emails, and does not tolerate illegal activity. The ONLY piece missing from the puzzle is your password (assuming Hush is working with LE). Crack the password and gain access to all your communications stored on their servers.

Why? Because Hush stores keys just like every other email encryption service out there. Hush is not the problem, letting someone else encrypt/decrypt your emails is the problem. If you do not have to personally exchange keys with every single person you wish to exchange encrypted communications with than you are at risk. These services make the whole process easier, but at a cost.

I’m not going to address the whole offshore server thing again. If your interested do a search of my posts any you will see how many countries already have MLAT agreements with the US already in place.

Be smart people, because the Feds aren’t sitting at the donut shop swilling coffee.



CNET News
July 10, 2007 4:45 AM PDT
Feds use keylogger to thwart PGP, Hushmail
Posted by Declan McCullagh

A recent court case provides a rare glimpse into how some federal agents deal with encryption: by breaking into a suspect's home or office, implanting keystroke-logging software, and spying on what happens from afar.

An agent with the Drug Enforcement Administration persuaded a federal judge to authorize him to sneak into an Escondido, Calif., office believed to be a front for manufacturing the drug MDMA, or Ecstasy. The DEA received permission to copy the hard drives' contents and inject a keystroke logger into the computers.

That was necessary, according to DEA Agent Greg Coffey, because the suspects were using PGP and the encrypted Web e-mail service Hushmail.com. Coffey asserted that the DEA needed "real-time and meaningful access" to "monitor the keystrokes" for PGP and Hushmail passphrases.

The aggressive surveillance techniques employed by the DEA were part of a case that resulted in a ruling on Friday (PDF) by the 9th Circuit Court of Appeals, which primarily dealt with Internet surveillance through a wiretap conducted on a PacBell (now AT&T) business DSL line used by the defendants. More on that below.

The DEA's pursuit of alleged Ecstasy manufacturers Mark Forrester and Dennis Alba differs from the first known police use of key-logging software, which snared reputed mobster Nicodemo Scarfo in 1999. In the Scarfo case, the FBI said in an unclassified affidavit (PDF) at the time, a keylogger that also was planted in a black bag job was disabled when the Internet connection became active.

Note requirement for 'real-time' access / Excerpt from DEA Agent Greg Coffey affidavit


Not much more is known about the DEA's keylogger in the Forrester-Alba case. An affidavit prepared by DEA agent Coffey in July 2001 asks for permission to enter the Escondido office "by breaking and entering, if necessary, for the purpose of installing, maintaining, and removing software tools" that "will enable agents to capture and record all keyboard keystrokes."

Note there's no evidence the DEA used the FBI's keystroke logger known as Magic Lantern, which reportedly can be installed remotely by taking advantage of operating system vulnerabilities without having agents physically break into an office.

Keyloggers are hardly unusual nowadays, of course. In 2003, a former Boston College student was indicted for allegedly installing key-logging software on campus computers. More recent surveys indicate that plenty of workplaces are infected by spyware with key-logging abilities.

Who created PGP? It was actually Phil Zimmermann. / Excerpt from DEA Agent Greg Coffey affidavit


Keyloggers: Unresolved questions

The use of keyloggers by police, however, seems to be uncommon: A search on Monday through legal databases for terms such as "keylogger" turned up only the Scarfo and Forrester-Alba cases.

When used by police, they raise novel legal issues. That's because it's not entirely clear in what circumstances they're permitted under the U.S. Constitution and wiretap laws (which is why, in the Scarfo case, the FBI cleverly ducked this issue by, according to sworn testimony, disabling the keylogger when the modem was in use).

Even so, Scarfo's defense attorney claimed that a keylogger is akin to a "general warrant" permitting the DEA to seize "any record, including e-mail, simply because it was typed on a computer." General warrants are prohibited by the Fourth Amendment, which requires that warrants specify the "things to be seized." Another potential legal obstacle is whether wiretap laws apply--including their requirement of minimizing the interception of irrelevant conversations.

A federal judge eventually ruled that the unique design made the Scarfo logger permissible. But in the Forrester-Alba case, because Alba did not challenge the keylogger directly, the 9th Circuit never weighed in.

DEA claims that alleged Ecstasy/MDMA lab operators use encryption frequently / Excerpt from DEA Agent Greg Coffey affidavit


Eavesdropping without probable cause

Instead, the 9th Circuit spent much of its time evaluating whether government agents can eavesdrop on the Internet addresses Americans visit and the e-mail address of their correspondents without obtaining a search warrant first.

The judges' conclusion: federal agents did not violate the Fourth Amendment when spying on the Escondido DSL line without any evidence of criminal wrongdoing on his behalf, a legal standard known as probable cause. All the feds must do is prove the information is "relevant" to an ongoing investigation.

The wiretap was done at PacBell's connection facility at 650 Robinson Rd. in San Diego. The DEA obtained what's known as a "mirror port," a feature that many network switches made by companies including Cisco Systems include for troubleshooting purposes.

A mirror port duplicates all the Internet traffic of one user to a second port on the same switch, without the suspect being alerted that electronic surveillance is under way. The scheme is probably easier to accomplish with a static Internet Protocol (IP) address, which is what the Escondido case involved.

According to the DEA, only IP addresses of Web sites (such as 216.239.122.200 instead of cnet.com) and e-mail headers are captured, and not the rest of the communication stream. That, they argue, makes it akin to existing precedent dealing with pen registers, which capture telephone numbers dialed and are permitted without any proof of probable cause of wrongdoing.

The 9th Circuit agreed, ruling on Friday that "e-mail and Internet users have no expectation of privacy in the To/From addresses of their messages or the IP addresses of the websites they visit because they should know that these messages are sent and these IP addresses are accessed through the equipment of their Internet service provider and other third parties." This follows the lead of a Massachusetts judge who said much the same thing in November 2005.

Both Forrester and Alba were sentenced to 30 years in prison (PDF) on charges including conspiracy to manufacture and distribute Ecstasy. In a decision made on unrelated grounds, however, the 9th Circuit reversed Forrester's conviction and partially reversed Alba's. Forrester faces retrial.

http://www.news.com/8301-10784_3-9741357-7.html

[sphincter]

so what do we do? change password frequently? only send email to hose who accept encrypted email?

[RuhlFreak55]

so what do we do? change password frequently? only send email to hose who accept encrypted email?

rofl my password for hush is over 100 characters....

[TAPPER]

Originally posted by: sphincter

so what do we do?

I guess that depends on how secure you want to be. The “security table” has more than one leg so to speak. How one sends funds, receives goods, protects communications, and trusts the other party all come into play. You could have the most secure method of communication, but if the camera at the WU place captures your smiling face and/or your fingerprint(s) on the form it didn’t do you any good.

At a minimum I would not trust anyone else to encrypt/decrypt important communications. If that means more work for those involved, exchanging keys instead of letting a service hold them for you, than so be it. Without the key there is essentially no way in hell anyone is going to decrypt the message.

Personally, I value my freedom and take further steps to try and ensure my anonymity. Although I may never truly be safe, I’m not going to make it easy for them and just “hand over the keys”.

Speaking of passwords, here is a cool link to determine how long your password will stand up against an attack. http://www.shoutwire.com/viewstory/9..._Your_Password

[scaramouche]

they dont need to be able to decrypt ur emails, all they need is the server logs hush and ur isp's to confirm u have been communicating with sources,go right ahead use ur precious husmail and see where it gets u

[Roidal]

they dont need to be able to decrypt ur emails, all they need is the server logs hush and ur isp's to confirm u have been communicating with sources,go right ahead use ur precious husmail and see where it gets u

Some people never learn ey?..

[TAPPER]

Originally posted by: scaramouche

they dont need to be able to decrypt ur emails, all they need is the server logs hush and ur isp's to confirm u have been communicating with sources,

HA HA HA. I would like to see that fly in court. For all they know I could have been spamming the source with ads for penis enlargement and they were replying to have their name taken off the contact list.

Originally posted by: scaramouche

go right ahead use ur precious husmail and see where it gets u

My precious Hushmail????, maybe you need to lay off the pipe. I spoke up because you were bashing a company with misleading statements. If you read the Hush FAQ it clearly states they will comply with LE. The terms of service state you can’t use Hush for illegal purposes and the privacy policy says they log your IP address. Hush did EXATLY what they said they would do, it’s the users that created and perpetuated a false sense of security.

Also, ANY company is going to comply with the Feds. In the same investigation (US v Tyler Stumbo) the UPS store, Road Runner, and Green Dot Corporation (prepaid cc’s) also cooperated with the Feds.

Lastly, Hush does not “log everything”. It’s this statement that leads me to believe you don’t understand the technology behind these encryption services. Hush is no different than using Cyber-rights, Mailvault, Cryptomail, or any other email provider that performs the encryption for you.

If you had read my last post you would have seen the DEA was using key loggers to try and nab the Hush passwords of some ecstasy manufacturers. If Hush “logged everything and just handed it over for the asking” why would the DEA bother using keyloggers??? If “all they need is the server logs hush and ur isp's to confirm u have been communicating with sources”, why spend the resources to get the password????



US v Tyler Stumbo
http://static.bakersfield.com/smedia...filiate.25.pdf

[kif]

Maybe I'm mistaken....but I read the hole affidavit...and this guy goes on a board and says what he says...what does he think will happen. Dont get me wrong I feel bad for the dude but who the hell goes on a public board and tells everyone what hes doing and how to contact him. I'm sure the DEA has been or is still on this board.....thats why we all must be safe and carefull of what we say. And as far as the hush emails the dea can get warrants for anything. Once again maybe I didnt read it right but thats the way i took it

[Dumbbell_Blonde]

ok... anything, absolutely anything, sent over the internet is just exactly that: SENT OVER THE INTERNET. that means nothing is completely sacred and nothing is completely safe. the data can leak, it has to be stored somewhere and that can be accessed, the government watches way more than they let on. now they don't have the time and resources to follow everything, so small fish have less to worry about than big ones, but there's really no telling what they're looking at as of the patriot act. they could define use of an encrypted mail server as suspicious against the national well being, and watch it for that reason alone (based on history of use for illegal activity)... you really don't know. just be careful, and use different addresses, different services, and consider buying a device to cover your tracks if you're really that worried about it. but like i wad the first time: if it's on the internet it's documented somewhere and can be found.

[SergioLMT]

So, with all this being said, what is the best move for previous hush users??? Let your account expire and never use it again??? From what I'm gathering from some posts, aren't you technically already ****ed if you've used it for certain things in the past???

[scaramouche]

So, with all this being said, what is the best move for previous hush users??? Let your account expire and never use it again??? From what I'm gathering from some posts, aren't you technically already ****ed if you've used it for certain things in the past???

yes and no,ur isp will only keep logs for 6 months im not sure about hush,heres how it works..

ur package get intercepted by customs or the mail,they visit u sieze ur pc,they see in ur temp files and by ur isp logs uve been to hush,they ask hush to match ur ip,hush obliges and they know uve been in contact with mrsource @ hushmail.com,dea get his logs too and tell whoever then he gets a visit too and there is a huge knock on effect

i dont care about what some bigshot lawer did in this case or that case,the fact is u need to minimise risks not just to urself

the solution,go to one of the offshore secure email ppl

[nbkandrew13]

it shouldnt be questioned if hush cooperated, or how much they cooperated they FULLY COOPERATED 100%. oh yeah and unless you are a govment high level analyst, you are guessing about what they have the ability to do with everyones logs. in every aspect weapons, aircraft computer technology they are always 5 to 10 years ahead of the actual development of whatever product

[nbkandrew13]

computers and video cameras were around @ 25 years before the public had acess

[nbkandrew13]

I pulled this from another board and thought it might ease some minds:

Of particular concern to some officials are offshore providers of free
e-mail services such as Hushmail,[Footnote 9] based in Ireland, and
Operamail, based in the Netherlands. Officials at one agency told us
that they believe it is too risky to approach these providers with
requests for voluntary cooperation because they can ignore
nondisclosure requests with impunity, and may intentionally or
unintentionally tip off the subjects of investigations.

Internet drug crime investigations are further complicated by service
providers who strip e-mail messages of information about their point of
origin. E-mail generally contains "header" information identifying
various Internet Protocol (IP) addresses, including "routing" and
"originating" IP addresses. IP addresses may prove useful in
determining the identity of the user of a particular e-mail account.
However, in some cases, investigators find that some service providers
automatically eliminate origination and routing IP addresses from e-
mail sent through their services. Hushmail, for example, strips
origination IP addresses and substitutes the IP Address of Hushmail's
own computers on its customers' communications. The result, for
example, is that when a steroids dealer in Florida sends an e-mail to a
customer in Virginia, the e-mail that arrives in Virginia has
Hushmail's originating IP Address in Ireland rather than the actual IP
originating address of the dealer.

anyone else notice this guy has been a member almost 4 years and has 12 posts????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????? hes been lurking ............... le blows

[SergioLMT]

yes and no,ur isp will only keep logs for 6 months im not sure about hush,heres how it works..

ur package get intercepted by customs or the mail,they visit u sieze ur pc,they see in ur temp files and by ur isp logs uve been to hush,they ask hush to match ur ip,hush obliges and they know uve been in contact with mrsource @ hushmail.com,dea get his logs too and tell whoever then he gets a visit too and there is a huge knock on effect

i dont care about what some bigshot lawer did in this case or that case,the fact is u need to minimise risks not just to urself

the solution,go to one of the offshore secure email ppl

Ahhh, ok, so in that case, the biggest risk is if you've had a package seized and are being investigated? That makes a lot of sense actually.

[scaramouche]

anyone else notice this guy has been a member almost 4 years and has 12 posts????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????? hes been lurking ............... le blows

hes only made the one post in this thread too

oink oink

bacon anyone?

[nbkandrew13]

wow we spent 18 million on busting a bunch of guys who were selling gear, to people who wanted it, and we have people living on the street in evry city in usa stupid politicians and i hate pigggs

[sphincter]

hes only made the one post in this thread too

oink oink

bacon anyone?

ehhh, I couldn't care less how many or few posts the guy has.. maybe he has a life?? maybe he's a cop?, maybe he doesn't care what you think... IMO he was trying to pass along info some may find helpful and did just that. If I were that concerned about my activities then I'd actually research into what I should do and employ to ensure a reasonable amount of anonymity and security for my online activities.. I'm not a big fish.. hell, I'm barely a small fish so I am not that concerned about any of this... I don't know anyone or anything that could be helpful to the LEO's so I'm not too worried.. and, yes, I've been to jail and yes it sux and no I don't wanna go back. I just know how the system works and I am nto afraid for my part in it as of right now.

[Dumbbell_Blonde]

here's a thought... LE has a shit ton of information to go through right now. do you really think they're going to be going through the internet with a fine toothed comb for MORE tiny bits of information that will take time and money to go through? probably not. i'd say if you're at high risk from multiple previous transactions via email with sources etc, you may yet get a nasty-gram from the boys in blue. if you're not a real user of web communications, or you've been changing your email address often, or you've only used it once or twice, you can probably rest easier. if you're just now getting online with aas, be careful, i'd say wait until it's quieted down in the media and they're ass deep in processing the mess they have and aren't watching any more. they've got their hands full and i doubt they're funneling much more money into the project or expanding it. they've got their hands full with the truck loads of data and people now.

[scaramouche]

ehhh, I couldn't care less how many or few posts the guy has.. maybe he has a life?? maybe he's a cop?, maybe he doesn't care what you think... IMO he was trying to pass along info some may find helpful and did just that. If I were that concerned about my activities then I'd actually research into what I should do and employ to ensure a reasonable amount of anonymity and security for my online activities.. I'm not a big fish.. hell, I'm barely a small fish so I am not that concerned about any of this... I don't know anyone or anything that could be helpful to the LEO's so I'm not too worried.. and, yes, I've been to jail and yes it sux and no I don't wanna go back. I just know how the system works and I am nto afraid for my part in it as of right now.

yeh well the info he was passing on was innacurate to say the least

anyways,what made u choose a screen name like sphincter