Right now all they got was a one 1-minute phone call with their relatives each…

At a little past noon, I received an e-mail saying Hari has been granted bail and is no longer in jail. Alex Halderman and I just spoke to Hari as he was preparing to fly home from Mumbai to Hyderabad. He is tired after a week in jail, he needs some rest, but he is very happy to be free and his spirit is very much unbroken. The judge that released him apparently did his homework and has said that the government has no case, and that Hari deserves a reward, not jail.

This all follows rather bizarre developments yesterday during which newspapers, among which the Times of India, reported that the government was apparently looking into our research work as some kind of “plot to destabilize the country”.

NEW DELHI: Is the arrested activist, who showed that an Electronic Voting Machine (EVM) can be tampered with, a mere tool in the hands of some corporate rivals who want to make a clone of the equipment which has a huge demand in countries across Africa and South America?

Or, is he, who got technical help from three foreigners, a part of some larger conspiracy to discredit India’s election process?
With these sneaking suspicions in mind, the intelligence agencies — both IB and R&AW — have set into motion their network to check the backgrounds of Hari Prasad, who was arrested in Hyderabad in the EVM theft case last Saturday, and his foreign contacts.
Suspecting that the instrument might have been smuggled out possibly to an European country, a top official on Thursday said there could be a larger “conspiracy angle” to discredit the country’s election process and this was being probed “thoroughly” after Prasad’s arrest.
“There seems to be a bigger picture than what it looked like initially. We are conducting a through probe to find out who was actually behind it, why it has been done and whether there is a conspiracy to discredit India’s election process,” the official said.
Sources said the investigators have found that two Americans and one Dutch national had helped Prasad, technical coordinator of VeTA ( Citizens for Verifiability, Transparency and Accountability in Elections), to show how the machine can be tampered with.
The Union home ministry is constantly monitoring the development and giving regular directions to the investigators and intelligence agencies asking for all the details.

Based on my experiences in the Netherlands, I really did not expect for us to be named honorary citizens of India, at least not right away. But the above is really rather insane. You don’t need to be a rocket scientist to see that this story is way, way, way too easy to discredit for anyone with brief access to Google. At this point I speculate that this claim by the government has caused more people, many of whom initially inclined to believe the government, to investigate the matter. After reading up, most of these people probably realized that the government’s story is complete and utter bullshit.

We’ll have to see what public opinion in India does over the next months, but I have hopes that this dramatic overreach by the government will be part of the cause the current EVMs to be ditched. And even more than that I am so happy that Hari is on his way to his wife and kids.

If you are following this, you probably also want to read Freedom to Tinker, if you weren’t yet.

Hari Prasad

Last winter I was in India to research electronic voting machines there. I was part of a team with Hari Prasad from India and some people from his company NetIndia and Prof. Alex Halderman from the US with some of his students. We had access to a voting machine and we proved that electronic voting machines (called EVMs in India) are just as insecure there as they are anywhere else. Which is not all that surprising, except the Election Commission of India was making a whole brouhaha out of their machines being somehow “untamperable” and “perfect”.

It’s a pretty clear-cut case as these things go. We showed that it was possible to hack the machines in a variety of ways and that there were fundamental problems with transparency revolving, yet again, around unpublished software (that in this particular case cannot be audited, at all, by anyone !). We made a video and we wrote a scientific paper that will be presented at the CCS conference this fall. So we were right and they were wrong. Yet another case of the emperor wearing no clothes.

Except this emperor lives in India. So this emperor doesn’t simply run home in shame to get dressed. This emperor has his soldiers arrest the scoundrel that dared say he was naked.

Yesterday morning at 05:30, cops from Mumbai came to Hyderabad to arrest Hari Prasad. He was taken to Mumbai by road. My friend and colleague Alex Halderman has written a much more extensive piece on the circumstances. Read it. It includes audio of a phone conversation with Hari as he arrives in Mumbai, still in the car with the cops and miraculously still able to use his cellphone. (It was taken from him moments later.)

All of this makes me pause at the fact in some countries the truth has a much longer road to travel and that people in those countries are exposed to some very real personal risks for speaking out. There are democracies where finding out how the votes are counted is not merely frowned upon but actually dangerous.

The Indian blog IndianEVM.com has documents, commentary and much more updates on what’s going on. Hari showed the people of his country how secure their elections are. He needs to be commended and his technical expertise needs to be drawn upon to help safeguard future elections. He does not belong in jail. Please help spread the word. If you know journalists or other influential people in India, you might want to let them know that this is happening.

In more recent developments, Wired has written about the arrest of a soldier in Iraq called Bradley Manning, who is aledged to have told hacker and journalist Adrian Lamo about leaking this video to Wikileaks. According to Lamo, Manning also talked about about leaking a host of other secrets to Wikileaks. Lamo then went to the military, and Manning was arrested. Recent discoveries regarding the background and timeline of that story are an interesting read also.

Right now, there is apparently an international manhunt on for Julian Assange, the founder of Wikileaks. The Pentagon is said to ‘want a word’ regarding publication of any further secret documents that Wikileaks is said to have.

This is a story worth following and there are many many more things to be said. And I would too, except all of it can be much more eloquently said by Glenn Greenwald, Birgitta Jónsdóttir and Daniel Ellsberg in this footage from Democracy Now.

Now because of my involvement in the release of the video, people have begun asking me about these events. Before everyone asks me the same questions, let me note that:

• I do not know where Julian is. Really. I hope he is safe, and I think the fact that there apparently needs to be worry over his well-being is a freaking outrage.
• I have helped out Wikileaks with the Iraq video, and I’ve helped Icelandic MP Birgitta Jónsdóttir on the partly Wikileaks-inspired IMMI proposal in Iceland. I consider these to have been worthwhile adventures. However I am not a Wikileaks spokesperson or staff member.
• Apart from the Iraq video I never had any documents or materials that weren’t public yet.
• I do not know what’s going to happen next and follow the news sites and tweets with as much anxiety as anyone else. Julian is scheduled to speak in Brussels tomorrow. It starts at 14:30 Brussels time and there will apparently be a live stream. Do note that Julian has skipped earlier appearances citing security concerns.

Update: It is now Monday June 21st, 16:42 and Julian is indeed on stage in Brussels in a discussion about Freedom of Speech. I watched his opening remarks (it’s a forum setting), but the stream keeps breaking up.

So… If you have AdBlock Plus or something like that (and you should) you can simply add a filter for the facebook crap (which is in an <iframe>), and all will be good. For now, anyway. In AbBlock Plus, the filter rules are:

|http://www.facebook.com/widgets/*
|http://www.facebook.com/plugins/*

If you do this, the Facebook site itself will still work fine.

Update, June 21st: as commenters have pointed out, the IFRAME can be in the widgets or in the plugins direcyory, so both should be blocked. I added it above…

• Having Fun with Apple’s IOKit
• Attacking SAP Users Using sapsploit
• JIT-SPRAY Attacks & Advanced Shellcode
• The Travelling Hacksmith 2009 – 2010
• Abusing Microsoft’s PostMark Validation Protocol
• SAProuter: An Internet Window to your SAP Platform
• Hijacking Mobile Data Connections: State of the Art
• Subverting Windows 7 x64 Kernel with DMA Attacks

The entire program is here and registration is here.

Or, in normal language, you boot from a stick or any other device and get a basic unix operating system that is fully encrypted and not any slower than it needs to be. Of course, you’ll still want to use the fastest media you can get hold of, and a bit of processor speed for the crypto doesn’t hurt either. It runs fine on my eeePC 1005PE.

This just installs a basic FreeBSD unix system. It does not include X-Windows, web-browsers, mail clients or whatever else you’d like. You can of course install all that after the encryption is set up. Or compile your own image with everything you need already packaged in it.

Please have a play if you are so inclined, and use the comments to tell me what you think.

Download

Download FreeWDE-v0.1.zip by right-clicking and selecting ‘Save As’. Unzip the file.

Installation

You need to copy this unzippped image file to a disk device, generally a USB stick, an SD-card or a removable drive. It doesn’t help to simply copy the file, you need to ‘low level write’ the contents of the file to the disk.

IF YOU CONTINUE, YOU WILL BE WRITING DATA DIRECTLY TO A DISK DEVICE. PLEASE NOTE THAT THIS MAY, IN SOME CASES WITHOUT ANY WARNINGS, OVERWRITE THE DISK DEVICE YOU CHOOSE. SO PLEASE TAKE EXTREME CARE TO PICK THE DISK YOU ACTUALLY WANT TO INSTALL THIS ON, NOT THE HARD DISK WITH ALL YOUR WORK ON IT. REGULAR BACKUPS ARE ALWAYS A GOOD IDEA, AND RIGHT NOW IS A BETTER THAN AVERAGE TIME TO MAKE ONE.

On Mac/OSX, Linux, FreeBSD or other unix machine this is done with ‘dd’ from the command prompt as follows:
sudo dd if=<image file> of=<disk device> bs=1M
where <image file> is the file you just downloaded and <disk device> is the unix filename for the disk device. On a Mac, DO NOT USE /dev/disk0 (zero) as it is usually the system boot disk. You will be VERY sad if you write my file to it in this way.

On a machine running some version of Microsoft Windows, download a program called physdiskwrite and use it to write the image to the disk you’d like to run this from.

If you then shut down and boot from the stick, disk or card you just installed this on, you should, after the normal FreeBSD boot sequence, be presented with a dialog as follows. My answers in this example installation (to an 8 GB Sandisk Extreme 30 MB/s SD-card) are in bold.

Welcome to FreeWDE, the FreeBSD with Whole Disk Encryption installer

This script will help you create a bootable disk with multiple “slices”. One will be unencrypted and will hold the files needed to boot. In fact, we will reuse the part that you just booted from and just keep it as it is.

Then there’s the encrypted slice that this is all about. It is encrypted with AES-256 and holds either one or two partitions. There’s at least the root filesystem, and if you so choose there is also a swap area. And to make for a faster system on slow disks (such as many USB sticks), /tmp and /var/log can be put on tmpfs (which means they usually stay in RAM).

You can choose to install another ‘unencrypted’ slice. In there, we’ll put a regular Windows FAT32 filesystem. This means you can use the device as a regular USB disk or SD-card. To stick in your camera and take pictures on, for example.

Are you sure you want to do this? (yes/no) yes

Enter size of UNENCRYPTED slice. This size can be entered in megabytes or gigabytes. It needs to be entered as a number followed by M or G. So ’1G’ for a 1 gigabyte unencrypted slice. Enter “0″ or “none” if you do not want an unencrypted slice.

Size of unencrypted slice? 1G

Enter the size of the encrypted slice: a number immediately followed by M or G. This size includes root file system and swap. If you enter “all”, we will use the remainder of the device.

Size of encrypted slice? all

How big is the swap partition on the encrypted slice, again as a number immediately followed by the capital letter M or G. If you enter “0″ you will not have swap, so the entire encrypted slice is used for files.

Size of swap space? 2G

You can choose to wipe the disk, putting zeroes in the unencrypted slice and random data in the encrypted one. This makes sure there is no previous data that can be read, but it can take a long time depending on size and speed of the disk. So if you just bought it, you might as well enter no here.

Wipe disk? (yes/no) no

Would you like /tmp on a tmpfs (in ram) ? (yes/no) yes

We can do the same for /var/log. This does mean you’ll have to edit /etc/fstab before you can debug why something crashes.

Would you like /var/log on a tmpfs? (yes/no) yes

writing partition table

The partition table needs to be re-read, for which we need to reboot. Press enter to reboot. Installation will continue after we return.

Now the system reboots. Make sure it boots from the same disk again. You’ll see FreeBSD boot again. When that is done, the screen will clear and you’ll see:

FreeWDE – FreeBSD with Whole Disk Encryption
Continuing the installation…

Now writing random data to the new crypto slice. This might take a while. (Pressing Ctrl-T will tell you how many bytes have been written.)

This is where you pick a really strong passphrase and enter it twice to create the encrypted disk.

Enter new passphrase:
Reenter new passphrase:

Now type your passphrase once more to attach to the new encrypted disk.

Enter new passphrase:

Partitioning

Formatting

Copying files:
__/.cshrc
__/.profile
__/.snap
__/COPYRIGHT
__/bin
__/compat
__/dev
__/dist
__/etc
__/lib
__/libexec
__/media
__/proc
__/root
__/sbin
__/sys
__/tmp
__/usr
____/bin
____/compat
____/games
____/include
____/lib
____/libdata
____/libexec
____/local
____/obj
____/sbin
____/share
____/src
__/var

Creating mount points and symlinks

Making /etc/fstab

Formatting unencrypted slice

Press enter to boot into encrypted system

Rebooting …

After rebooting, you’ll find a virgin FreeBSD system, simply log in with ‘root’, no password. The system is the typical FreeBSD 8.0-RELEASE minimal install with a GENERIC kernel. The only difference is that the root filesystem is mounted off the secure part of the device you installed from and that swap and tmpfs have all been set up as specified during installation:

# df -h
Filesystem             Size  Used  Avail Capacity Mounted on
/dev/label/crypt.elia  4.0G  161M   3.5G    4%    /
devfs                  1.0K  1.0K     0B  100%    /dev
/dev/label/boota       327M  292M   8.0M   97%    /mnt/boot
/dev/da0s2             1.0G   48K   1.0G    0%    /unencrypted
tmpfs                  2.9G  4.0K   2.9G    0%    /tmp
tmpfs                  2.9G   60K   2.9G    0%    /var/log

# swapinfo
Device                 1K-blocks    Used  Avail    Capacity
/dev/label/crypt.elib  2097152      0     2097152     0%

The big cosmetic issue

If you boot into the encrypted system, it might seem as if the system hangs. Then if you read back a few lines, you’ll notice that the system is asking for your passphrase but that other parts of the boot process have put text after or on top of the prompt. You can just ignore all that and type your passphrase anyway. It is annoying and ugly, but there is not much I can do about it without going far deeper than I want to right now.

Tips

You’ll generally want to do:

echo 'powerd_enable="YES"' >> /etc/rc.conf
powerd

if you are running on a notebook or netbook, as this makes sure the system lowers the processor clock frequency if the system is idle, making the battery last much longer.

How to make your own

There are plenty of reasons to want to build your own system like this. You might be rolling out many of these, and maybe want to include your own software in the image. Or maybe you’d like to make sure that I haven’t installed something that logs your passphrase. (I could have, you know…)

The good news is that it is very easy to repeat what I did. All you need is this shell script and a fresh installation of FreeBSD in a slice that is so small that it just fits the files. You will also and another installation of FreeBSD to work from (which can also be on a USB stick). Start this working copy of FreeBSD and run FreeWDE-v0.1-DIY-install <disk>

The <disk> is the device name (without /dev/) of the disk where the fresh copy is. Make sure it’s not mounted, the script does all that. The script will notice that there is no file ‘clean’ in the current directory. It will then use dd to copy the s1 slice on the indicated device to ‘clean’, make some changes to the image to set it up for FreeWDE, install the installation script (which is contained in the DIY script) and copy the resulting image to the file ‘image’. If you make changes to the install script, you will not need a fresh copy of FreeBSD to test it, as the install script will simply use the copy in the file ‘clean’ from now on.

It’s great how it really is beginning to dawn on people all over the globe that paperless voting systems have a transparency problem. This last February I was invited to India for 9 days. It was good to get some sunlight, but again I was too busy to see many sights. I first went to Delhi to speak at the launch of a new book that is critical on Electronic Voting Machines (people there all call them EVMs). After that I went to Chennai for another conference. Then I went to Hyderabad and did … absolutely nothing that I was publicly talking about until today.

We spent a number of days hacking and filming an EVM (in various states of undress) that had fallen into precisely the right hands. In what qualifies as some of the crazier days of my life Alex Halderman, Hari Prasad and yours truly were finding ways around armed roadblocks, relocating parts on circuit boards, debugging code with teams in different timezones, testing electronics, meeting with political figures surrounded by guys with machine guns and shooting parts of the video embedded below. All of this against the backdrop of the hurricane of plan-resistant chaos that is India.

Our research proved something which we really never doubted: with some preparation anyone with even momentary access to paperless voting machines can own the country. If it wasn’t fun to do it would be depressing that something that obvious needs proving over and over again. Maybe some day we’ll skip the film and just own the country instead. (Just kidding…) Some parts of India definitely looked worth owning, those rare moments I had time to look.

Anyway: never got to see the Taj Mahal. Then again: when I go to India next time, it will probably still be there. Which is much more than one can say of these EVMs. Have a look for yourself.

The more scientific writeup of all this (and much more) can be found at IndiaEVM.org. And VeTA, a new organization that unites India’s budding election transparency movement, has set up a new website at IndianEVM.com.

Please help spread this story if you can. You know how.

I have to say, a fully staffed trauma team is impressive. I counted 22 people… Milo is awake but still in hospital, Carla is there now. We’re all OK. And I’m glad my next post was already written.

So here’s something I built just now. It allows me to maintain the aspect ratio while resizing the YouTube embeds such that they fit perfectly in this blog layout. It should be very easy to use: simply paste the YouTube embed code in the field below, adjust either height or width, click the button and copy-paste the resulting embed code back to where you wanted to use it.

Wikileaks has obtained and decrypted previously unreleased video footage from the onboard camera of a US Apache helicopter over Baghdad in 2007. The audio has the radio communication going on at the time. We released that video today. In it we see Reuters journalists Namir Noor-Eldeen and Saeed Chmagh and others getting shot by the Apache on a square in Eastern Baghdad after they are apparently assumed to be insurgents. After this, an unarmed group of adults and children in a minivan arrives on the scene and attempts to transport the wounded journalists. They are then fired upon also. Just the visuals are pretty gruesome stuff.

Meanwhile the voices on the radio are hoping they get to fire their 30mm cannon some more at a wounded journalist who tries to crawl while he is dying on the sidewalk. (“Come on buddy, all you gotta do is pick up a weapon”) They laugh about an armored vehicle running over the corpse of the other journalist and they appear both routined and content (“Nice!”) when they see a street full of dead people. The official statement on this incident initially listed all the adults as AIF KIA (“Anti Iraqi Forces” “Killed In Action”) and claimed the US military “did not know how the deaths ocurred”.

In researching this, Wikileaks has partnered with RUV, the Icelandic state television. Two of their reporters were supposed to leave for Baghdad, couldn’t get visas and then got some kind of last-minute emergency visas after all. So while we were scrambling to deal with yet another changed plan, the first pictures and emotional back-stories started emerging in bits and pieces from Baghdad. (Kristinn, Ingi, you guys rock!) More of that will appear over the next few days as the material is readied. Suffice it to say we all cried from time to time.

The very courageous anonymous source (yay!), the regular Wikileaks staffers, journalists in warzones, they all deserve much more praise than I do. Still, I’m hell of proud to have been part of the extraordinary team that helped get this video out. The supporting documents as well as various other bits of the story are on www.collateralmurder.com. Please check them out.

Here’s to hoping that these images of death by modern urban counter-insurgency warfare will enter the gallery of iconic frozen moments needed to break people’s apathy about the harsh realities of a particular war. We need to permanently rewire what happens in people’s brains when some robot in a clean uniform tell us of “hearts and minds”, “minor collateral damage” or “killed insurgents” from the safety of a briefing room half a world away from a dirty war.

It’s been a highly emotional and very intense couple of weeks. I’ve met some amazing new people that I now feel I’ve known for quite a while. But right now I’m looking forward to holding Carla, Milo and Floris, eating something other than crisps, pretzels and pizza, sleeping in my own bed and getting a full night’s sleep.

OK, so this was my part. If you feel this deserves a fair bit of attention, it’s your turn to help now. It’s hard to say how the corporate media, esp. in the US, will pick up this story. So act quickly. Help trend this topic. E-mail this. If you can, describe to your friends in your own words why this needs to be spread even further. Ignore the fact that you normally write about other things. We are not powerless and it is still legal to get emotional and angry every once in a while. Blog, update your Facebook status, embed, comment and give lots of stars on Youtube, tweet, digg, retweet, reddit and retweet some more. I mean, hell, I was so angry I even made a few phone calls. Spead the word. Far and wide…

And before I forget: if you have any leftover money, skills or a stack of secrets that really shouldn’t be secret, contact WikiLeaks.