A Geek With Guns

Chronicling the depravities of the State.

Archive for the ‘Protecting Yourself and Others’ Category

Learning Lessons the Hard Way

without comments

I’d imagine that most of you were taught to keep your hands to yourself at a pretty young age. I certainly was. However, some people can only learn this lesson the hard way:

A woman jogging Friday morning in Salt Lake City fought back against a man who came up behind her and groped her.

She was attacked about 6 a.m. in a neighborhood near 1700 South and 500 East, Salt Lake City police spokesman Greg Wilking said.

The woman was carrying a small knife in her hand and stabbed the man multiple times when he grabbed her.

And a valuable lesson was taught.

With sexual assault so prevalent in the news, it’s nice to read a story about how high the cost of sexual assault can be. The biggest enable of sexual assault is likely the extremely low cost of perpetuating it. Sexual assaults often face no physical or legal consequences. If sexual assaulters were commonly beaten, stabbed, or shot, the cost of perpetuating sexual assault might be high enough where would-be sexual assaulters would reconsider their actions.

Written by Christopher Burg

November 17th, 2017 at 11:00 am

The Importance of Out-of-Band Verification

without comments

Yesterday I received an e-mail that appeared to be from a friend. It was a short e-mail asking what I thought about the contents of a link. The first red flag was that this friend seldom e-mails me. We have other forms of communication that we use. The second red flag was the e-mail address, which was his name at a domain I wasn’t familiar with. The third red flag was the link, it went to a domain I wasn’t familiar with.

Friends asking me about content on unfamiliar domains isn’t unusual. Moreover, friends e-mailing me from unfamiliar domains isn’t without precedence since new “privacy focused” e-mail domains pop up everyday and I have friends who are interested in e-mail providers who respect their users’ privacy. I smelled a scam but wanted to make sure so I contacted my friend through another messaging service and he confirmed that he didn’t send the e-mail.

The combination of social media with people’s general lack of security has made a lot of social information available to malicious individuals. If you want to specifically target somebody, the social information is often available to do it convincingly. Even if you’re not interested in specifically targeting somebody, the social information that is available is often complete enough that it can be fed to an automated tool that sends targeted e-mails to anybody it has information about. These types of scams can be difficult to defend against.

One method for defending against them is establishing multiple channels for communicating with your friends. Between e-mail, Signal, WhatsApp, Facebook Messenger, text messaging, Skype, XMPP, and a slew of other freely available communication tools, it’s easy to ensure that you have at least two separate means of communicating with your friends. If you receive a suspicious message that appears to be from a friend, you can use another form of communications to verify whether or not they sent it. Admittedly, such a tactic isn’t bulletproof. It’s possible for an attacker to compromise multiple communication methods. However, it’s more difficult to compromise two communication methods than to compromise one.

Written by Christopher Burg

November 15th, 2017 at 11:00 am

Cash is King

with one comment

I’m a rare bird amongst my friends because I always have some cash on hand. In this day of credit cards, Apple Pay, Bitcoin, and other forms of electronics payments, cash seems antiquated. However, when the power grid and Internet connectivity become unreliable, all of those forms of electronic payments cease to function:

In post-hurricane San Juan on Monday, commerce picked up ever so slightly. With a little effort, you could get the basics and sometimes more: diapers, medicine, or even a gourmet hamburger smothered in fried onions and Gorgonzola cheese.

But almost impossible to find was a place that accepted credit cards.

“Cash only,” said Abraham Lebron, the store manager standing guard at Supermax, a supermarket in San Juan’s Plaza de las Armas. He was in a well-policed area, but admitted feeling like a sitting duck with so many bills on hand. “The system is down, so we can’t process the cards. It’s tough, but one finds a way to make it work.”

The cash economy has reigned in Puerto Rico since Hurricane Maria decimated much of the U.S. commonwealth last week, leveling the power grid and wireless towers and transporting the island to a time before plastic existed. The state of affairs could carry on for weeks or longer in some remote parts of the commonwealth, and that means it could be impossible to trace revenue and enforce tax rules.

I believe that it’s important to always have a backup plan. While we enjoy mostly reliable power and Internet connectivity here in the United States, the infrastructure that provides those assets is only a natural disaster away from not functioning. Having cash on hand gives you an option if the infrastructure is damaged.

Written by Christopher Burg

September 27th, 2017 at 10:00 am

They Came for Violence

without comments

If you listen to self-identified national socialists, you would be lead to believe that they had no violent intentions in Charlottesville and that they only resorted to violence to defend themselves against the international socialists. However, material posted in chats for organizing the event indicate that those claims of self-defense are spurious at best:

Unicorn Riot has so far published roughly 1,000 screenshots of chats, and the recording, conducted through the app Discord, from a source. A march organizer says the documents he has seen appear to be authentic. Transcripts show participants openly planning violence while organizers instruct them to obey the law. Participants on one call debated when it would be permissible to use riot shields as weapons. “Some screaming little Latina bitch comes at you and knocks your teeth on your riot shield, that means you hit her, and you’re going to get in trouble for the weapons,” one participant says.

Timothy Litzenburg represents two women injured in the melee who last week sued 28 groups and individuals, including the alleged organizers of the Unite the Right march. He says the documents could be “the crux of the case,” because they show “a little flavor of how [organizers] totally intended on violence and mayhem.”

While Unicorn Riot cannot be called an impartial source (it’s a hardcore leftist media collective), it did provide screenshots from the organizer’s Discord server that have so far been undisputed. Moreover, it’s no surprise that a bunch of national socialists planned to perpetrate violence since national and international socialists have been killing each other for a long time now. But this information does lend itself to a more interesting topic: self-defense.

In Minnesota, one of the requirements for legally using deadly force in self-defense is that you must be a reluctant participant. That is to say, you must not have willfully entered yourself into the violent situation. I personally think that it’s a good principle.

So the question here is, can the national socialists claim self-defense in this situation? Obviously that question can only be answered on an individual by individual basis. However, the material released by Unicorn Riot shows that at least some of the individuals who went to Charlottesville did so seeking violence. They knowingly put themselves into a situation that was all but guaranteed to turn violent (violating the “Don’t go stupid places,” principle of self-defense) and specifically expressed a purpose to perform violence.

I know there will be some debate about whether or not one can claim self-defense if they knowingly went somewhere that they reasonably believed would turn violence, however, one thing is certain: prosecutors eat up material like this. And that is another important point. While situations that qualify as self-defense can be debated, what you post online can and will be used against you if you are ever in a situation where you claim self-defense. Protecting yourself doesn’t stop after the situation itself, it starts before that situation and ends after that situation. Before you get into a self-defense situation, you should take care of how you portray yourself because a prosecutor will use your character against you after the situation.

Written by Christopher Burg

August 31st, 2017 at 11:00 am

Pieces of Paper Are Just Pieces of Paper

without comments

There appears to have been an honest to goodness axe murder in the Twin Cities:

Gallagher’s wife told police that she had been lying on the couch in the living room when she heard a noise at the front door and saw Hoogenakker breaking into the house. She ran to call 911 and saw Hoogenakker pull her husband into the living room and onto the floor, where he hit Gallagher, swinging the tool with both arms, before pulling him outside.

A man who is a renter in the Gallagher home said he heard a fight downstairs that then spilled outside. The renter told police he saw the attacker walking away from the house. Police used a dog to track the man to a house a few blocks away, in the 300 block of Ninth Avenue.

Hoogenakker came outside and was arrested by police, who found the ax-like tool in a closet. ” Hoogenakker” was etched into the handle. Hoogenakker also admitted that he attacked Gallagher, who had an active harassment restraining order in effect against the suspect.

There are two important points to take away from this story. First, a restraining order is not a self-defense tool, it’s a legal tool. While a restraining order grants certain legal benefits that can make them a valuable tool in the courtroom, it is entirely incapable of actually protecting anybody.

Second, the police are more often than not cleanup and retribution, not protectors. When you call 911 a police officer doesn’t immediately teleport to your location. You have to wait for an officer to get from wherever they are to wherever you are, which generally takes minutes. When you’re being attacked by somebody, you usually don’t have minutes. Oftentimes, as in this case, when the police do arrive the attack has already concluded so their job is to find the perpetrator so vengeance can be had. While vengeance may have a certain appeal, it’s not as appealing as still being alive.

When you’re being attacked you’re usually on your own. That being the case, it would be wise to invest in some self-defense training as well as tools to better enable you to defend yourself.

Written by Christopher Burg

August 30th, 2017 at 10:00 am

The Best Option for You

without comments

A lot of electrons have been annoyed by people writing scathing diatribes because the various governmental bodies responsible for Houston, Texas didn’t issue an evacuation order. I think that this article did a good job of pointing out just how much of a clusterfuck planning and responding to disasters on this scale are.

There was obviously disagreement between the various governmental bodies responsible for Houston. Some bodies wanted to perform an evacuation, other bodies didn’t. As with most things in our modern age, the disagreement was taken to the Internet. Governor Greg Abbott advised people in the lower areas of Houston to get the fuck out. Meanwhile, the local and country government officials were telling residents to shelter in place. Who was right? With the 20/20 vision offered by hindsight, a lot of people are saying that evacuating would have been the correct choice. But they are missing a critical piece of information. When Hurricane Rita was making a beeline for Houston in 2005, the order to evacuate was given. More than 100 people died in that evacuation. As of this writing, five people are known to have died in the aftermath of Harvey. If we judge results by death toll, the decision to not evacuate Houston is still significantly ahead of the decision to evacuate the city in 2005.

Realistically, evacuating a city the size (in both geographic area and number of people) of Houston isn’t feasible. There are too many people and too few exits to get everybody out at the same time. Neither the roadways or public transit systems are designed to handle everybody using them simultaneously. If you’re in an area that is about to be nailed by a natural disaster and an evacuation order is given, it’s already too late to get out.

Instead of arguing about whether or not Houston should have been evacuated, you might want to consider, if you haven’t already, developing your own disaster survival plan and begin implementing it. Having a plan head of time makes surviving much easier. Furthermore, you shouldn’t rely on the orders issued by government bodies to decide whether or not you’re going to evacuate an area. They’re (assuming their intentions are good, which may not be the case but I’ll give the benefit of the doubt here) going to look at the big picture. Their concern is going to be what’s the best option for the largest number of people. You should be concerned about you and yours. An evacuation may not be the best option for the largest number of people, but it might very well be the best option for you.

Written by Christopher Burg

August 29th, 2017 at 11:00 am

You are Responsible for Your Own Anonymity

without comments

Reality Leigh Winner (who, despite her name, was not a winner in reality) is currently sitting in a cage for the crime of leaking classified National Security Agency (NSA) documents. Unlike Edward Snowden, Reality didn’t purposely go public. But she made a series of major mistakes that allowed the NSA to identify her after she leaked the documents. Her first mistake was using a work computer to communicate with The Intercept:

Investigators then determined that Ms Winner was one of only six people to have printed the document. Examination of her email on her desk computer further revealed that she had exchanged emails with the news outlet, the indictment said.

By using a work computer to communicate with The Intercept, she made hard evidence against her easily available to her employer.

Her second mistake was physically printing the documents:

When reporters at The Intercept approached the National Security Agency on June 1 to confirm a document that had been anonymously leaked to the publication in May, they handed over a copy of the document to the NSA to verify its authenticity. When they did so, the Intercept team inadvertently exposed its source because the copy showed fold marks that indicated it had been printed—and it included encoded watermarking that revealed exactly when it had been printed and on what printer.

Most major printer manufacturers watermark any pages printed by their printers. The watermarks identify which printer printed the document. In addition to the physical printer, the watermark on the document posted by The Intercept also included a timestamp of when the document was printed.

Reality’s third mistake was trusting a third-party to guard her anonymity. Because of The Intercept’s history of working with leakers it’s easy to assume that the organization takes precautions to guard the identities of its sources. However, a single mistake, posting the printed document without editing out the watermark, gave the NSA enough evidence to narrow down who the leaker could be.

The lesson to be learned from this is that you alone are responsible for maintaining your anonymity. If you’re leaking classified materials you need to do so in a way that even the individual or organization you’re leaking them to is unable to identify you.

Written by Christopher Burg

June 7th, 2017 at 11:00 am

Without Government Who Would Protect the People

without comments

When I discuss anarchism with statists they always have a litany of excuses to justify why they believe the violence of the State is necessary. Roads are a popular one but another popular excuse are the police. Statists always want to know who will provide protection in a stateless society. One characteristic of statists that always amuses me is their insistence that anarchists solve problems that their precious government haven’t managed to solve. So my usual response to the question of police is asking who provides protection now.

Let’s consider the security market. If the State’s police were doing an adequate job of providing protection one would expect that the security market would be pretty small. But the security market is booming. Homeowners have subscribed to security services such as alarm systems for decades now. Surveillance cameras have been around for decades as well. At first surveillance cameras were used in stores to deter and identify thieves but now the price of decent quality cameras is low enough that one can find them in homes. Other security products that are becoming popular are films that can be applied to windows to make breaking in by smashing through a windows very difficult. Door locks, padlocks, and other forms of access control have existed for ages. It’s not unusual for companies to hire private security guards. Some companies even hire armed security guards.

Even the personal defense market is booming. Self-defense classes are available in even modestly sized townships. The number of carry permits being issued has continued to increase because many people, such as myself, realize that the only effective form of self-defense is what you have on you. In addition to carry permits, handguns designed to be easy to carry have been selling very well because people realize that the State’s police will take minutes, if you’re lucky, to get to you.

The State hasn’t done an effective job of providing security, which is why the market has stepped in. In the absence of government the market will continue serving the exact same function it’s serving today.

Written by Christopher Burg

February 23rd, 2017 at 11:00 am

Social Media for Activists

with one comment

After eight years of unexplained absence, neoliberals who are critical of the State have returned. I’m not sure where they were hiding but I’m glad to see that they’re safe and sound. But a lot has change in eight years so I’m sure many of them are out of the loop when it comes to online security. For example, what if you’re a federal employee who was told by your employer to shut up and you wanted to criticize them for it but didn’t want to be fired from your parasitic job? This isn’t as easy as opening a Twitter account and blasting criticisms out 140 characters at a time. Your employer has massive surveillance powers that would allow it to discover who you are and fire you for disobedience. Fortunately, The Grugq has you covered.

The information in his post regarding Twitter is applicable to any activist who is utilizing social media and might raise the ire of the State. I think the most important piece of information in that article though is that you shouldn’t immediately jump in with the sharks:

These are a lot of complicated operational rules and guides you’ll have to follow strictly and with discipline. If you “learn on the job” your mistakes will be linked to the account that you’re trying to protect. It would be best that you go through the steps and practice these rules on a non sensitive account. Make sure you’re comfortable with them, that you know how to use the tools, that you understand what you’re supposed to do and why.

Some underground organisations have something they call “the first and last mistake,” which is when you break a security rule and it leads to discovery and exposure. You’re the resistance, you need to make sure you can use the tools of resistance without mistakes – so practice where it is safe, get the newbie mistakes out of the way, and then implement and operate safely where it matters.

If you’re planning to partake in activism you should do a few trail runs of creating and maintaining pseudonymous social media accounts. Maintaining the discipline necessary to avoid detection is no easy feat. It’s best to screw up when it doesn’t matter than to screw up when you could face real world consequences.

Written by Christopher Burg

January 31st, 2017 at 10:30 am

The Privacy Arms Race

with 4 comments

Big Brother is watching. Many people have been defeated by the constant improvements in government surveillance. Instead of fighting they lie themselves into complacency by claiming that they have nothing to hide. Don’t allow yourself to fall into that trap. Privacy is an arms race. As surveillance technology improves so do countermeasures:

The use of facial recognition software for commercial purposes is becoming more common, but, as Amazon scans faces in its physical shop and Facebook searches photos of users to add tags to, those concerned about their privacy are fighting back.

Berlin-based artist and technologist Adam Harvey aims to overwhelm and confuse these systems by presenting them with thousands of false hits so they can’t tell which faces are real.

The Hyperface project involves printing patterns on to clothing or textiles, which then appear to have eyes, mouths and other features that a computer can interpret as a face.

Camouflage is older than humans. In fact, much of what we know about camouflage comes from our observations of animals. As predators improved so did the camouflage of prey. To win against the predatory State we must constantly improve our defenses. Against surveillance one of the best defenses is camouflage.

I admire people like Adam Harvey because they’re on the front lines. Will their plans work? Only time will tell. But I’ll take somebody who is trying to fight the good fight and fails over somebody who has rolled over and surrendered to the State any day.

Written by Christopher Burg

January 5th, 2017 at 10:00 am