Since I now have more information about what actually happened, I'll try to be much less obsecure in this post update.
As a few of you already know, I'm the guy behind the scenes @ CS. Pj normally handles all of the public facing stuff (twitter, marketing, the forum, etc.) as I don't care much about that kind of stuff, I prefer just dealing with the techie stuff. Since the twitter activity often leans more towards the philosophical aspects of tech and less about the actual tech, I often avoid it. Turns out I should have been paying more attention :/
Let me start with what's being referred to as "The March incident". It's apparently a situation where graze was taken hostage by CSIS agents. Turns out that was complete bullshit (quoted from graze himself via txtsec earlier, after positive ID verification). What really happened is that pj took too many pills, and almost OD'd. My guess is that he really did see agents taking graze away, it just wasn't actually happening. I believe this is true because I do recall a night when pj called & texted me and sounded very incoherent. I heard from him a day or two later and he sounded normal, so I figured "Whatever, he got too fucked up one night, seems fine now though".
That incident lead to a 6 month long argument with graze, an argument that involved a rapidly growing suspicion that graze was some kind of double agent for CSIS.
Pj started becoming more paranoid. Not the good, security concious kind of paranoia we encourage. The mentally unstable kind of paranoia that makes a person believe the NSA/etc. are outside using poisonous gases and mind controlling spores to bend his will (which it seems, was one of the scenarios that pj believed was actually happening).
His increasing paranoia wasn't helped by his research in what he called "Corruptor-Injector Networks" (aka Sauron's Eye), as the concept behind what he was describing actually does exist and has been implemented.
The problem was, he thought it was happening to him, all the time. It took him several weeks to simply install Linux on a laptop because he believed the .iso's he was downloading had been manipulated mid-stream by a backdoor in his router that was introduced via CIN (again, technically possible, but highly unlikely).
When he finally did get Linux installed, he started noticing what he claimed were "strange things" happening in Chrome. I never really got an exact description of what those strange things were, but just to be safe, I introduced him to the `strace` and `ltrace` commands so that he could see exactly what his Chrome process(es) were doing. Shortly after that, I started receiving alot of trace logs that he believed confirmed the presence of a rootkit (or backdoor) that was trying to monitor his browsing activity. I manually looked through every log file, I never saw anything unusual. I've written plenty of Linux based rootkits & backdoors, I know what to look for. Eventually, I got tired of dealing with the whole thing, so I showed him how to run a reverse shell so that his system would remotely send me his bash prompt. From there, I was able to execute commands on his system, and from there I did everything I could to check for the presence of anything unusual. I didn't find anything you wouldn't find on any other default desktop Ubuntu install.
As time went by, his online presence became more erratic. Occasionally, I would get a text or email that contained perfectly coherent, legitimate sounding text, so I assumed he's probably just doing more research on something else.
Fast forward a few months later. He gets arrested in Canada due to some sort of immigration status problem. My guess is it has to do with his old cocaine smuggling charges and Canada not knowing about them when they let him in the country. A slightly funny incident occured where the canadian jail he was being held at accidently releases him early, when they were supposed to release him the next day to US immigration agents. Since he's no stranger to the legal system, he thought it was odd that he was allowed to leave without having to sign any of the usual paperwork. They kind of just let him go. According to most news articles, the same thing happened earlier that month at the same jail with someone else, so it doesn't sound unlikely. Anyways, he waits at his house in Canada, expecting to be picked up any moment by the people who made the mistake. So he stays offline (encrypted backups are already online prior to any of this), sticking only to txtsec messages to me with some status updates. Eventually, they do pick him back up, release him to the US agents they were supposed to release him to and he finally gets deported to the US by way of NY. After a few days in an american jail, he gets released since he hasn't broken any US laws. He spends some time with family in the US, gets back online via an encrypted backup, everything seems normal. He tells me he's going to apply for some kind of native status back in Canada because apparently he is %30 (or something) aboriginal or whatever the hell they call the natives up in Canada. That way he can return to Canada without fear of arbitrary deportation. So he returns to Canada...
Time goes by, he tweets a bit with the main @cryptostorm_is account, emails/txts me occasionally, things seem fairly normal again.
However, I notice that while he seems to be busy with "something", I'm not seeing any CS related activity happening anywhere (no github updates, nothing new on the forum, no logins to any servers, etc.).
Just this one blog post: http://cryptostorm.is/blog/
Obscure references to war, a generally cryptic style to everything, alot of big words used although no actual message is ever conveyed.
Sounds like the usual type of Dorkbot forum post to me... But with so many references to war, I'm worried that it's his allusive way of saying that CS is under attack.
So I keep an eye on all the remote logs (which are recording every execv() call via grsec, in chroots too), the few .bash_history files we have, the lastlog's, the web logs, I looked into pretty much everything we keep logs for.
Some days later, I get a somewhat odd text from pj telling me to cycle all the root passes and remove his SSH keys from the servers. Says not to give him the new passwords just yet. I ask if he's been compromised, he says no, but just to be safe it would be a good idea, as something might be happening soon...
Whatever. I comply, since changing passes/keys often is usually a good idea. I'm thinking he found some lame peice of spyware in a test win box and is overreacting by assuming his entire network has been compromised (Not an entirely bad idea, tbh).
Saturday night (or Sunday morning, I forget). I'm in the shower, so I missed pj's call. I get out of the shower, call him back expecting to start the convo with a usual "Sorry I missed your call, was in the shower".
Instead I hear sirens of fire engines in the background. I ask if everything is OK? He sounds very incoherent, distraught, responds with something like "It's OK, it's not you" (I think that's what he said, it's difficult to be sure with the sirens in the background). Then quickly he either hanged up, or we got disconnected.
A bit worried, I decided I should probably check twitter just to see if there's any info there about wtf is going on.
Then I see this tweet from earlier: "Our staff again at high risk. If we vanish, dig deeper. Please rt. We'll confirm our identities as soon as things are safe again."
Wtf? I'm staff, I'm not at risk (as far as I know)...
And then I see this other tweet: "If anyone has a minute for some legal advice, please call us at 559.382.6911. Urgent."
I text & call pj, to see what the hell is going on. No response....
About a day goes by, twitter understandably goes nuts since a request for legal advice followed by silence is never a good thing.
I didn't have twitter credentials (since I never wanted them) so I wasn't able to tweet any kind of "Uh, df is still here, CS is still running. dunno wtf is going on with pj tho..."
Then graze txts me, says "FYI... DB [Dorkbot/pj] went weird again - probably in jail".
After some wtf!!?'s etc. from me, I ask if graze has twitter creds, because I need to let people know that CS is not involved with whatever the hell is going on.
A few hours later, I was able to login to twitter and post the first status update.
As most of you have already read on several news sites out there, the incident involved assault, arson, resisting arrest, and more.
I asked graze if he knows if pj was high on pills when that happened, or what? The exact response: "I... Dunno"
So. Yea.. Those are some pretty serious charges.
My personal conclusion is that although pj is clearly a highly intelligent person, he might also be mentally ill (or an addict, or both).
Like most of you, I've always found a satisfying degree of depth to his analytical articles.
Unfortunately, and especially in this field where government conspiracies often end up being true, it is difficult to find the line between insane and intelligent.
I hope he gets whatever help he needs...
As for CS, our services remain uninterrupted. I conceived of and implemented the widget, DeepDNS, voodoo, all of our security protocols (graze was the one behind the mongo database framework, which he hasn't needed to change since the beginning, simply because it worked so well).
The security protocol concept is simple: everything and everyone is a potential attack vector. I know myself enough to know that I will not give up any CS members.
Put a gun to my head and threaten death, I will tell you to go fuck yourself. Offer me a million dollars, I'll offer a counter-proposal involving self-coitus.
Even though some people say that, I can never really know if that's how they really are if/when a situation like that actually comes around.
So I've always treated all staff members with a degree of scrutiny, especially pj since he has root access to the servers.
In my eyes, it's not a matter of trust, it's a matter of security.
Pj in any state of mind is most likely willing to die for CS, but if he likes to visit some ad-ridden torrent site from IE on the same system he does CS stuff on, he's a potential attack vector (heh, that's an example.. fucking better be).
So anytime anyone has ever done anything on any CS server, I've been there, monitoring exactly wtf they're doing.
That's how I know that attempts to backdoor or unnecessarily monitor something hasn't happened.
Accusations are floating around that pj snitched on his co-conspirators in his old cocaine smuggling case, which resulted in a lesser prison sentence, therefore he is a govt plant for CS!
I've gathered my own data relating to these accusations, and I believe that none of that is true. He blew the whistle on his lawyer for breaching client/attorney confidentiality, which lead to an internal investigation at the law firm, and probably charges against that lawyer too (I didn't care enough to investigate further). That's the closest he's ever come to "snitching", but to me that sounds more like whistle blowing.
Regarding the beastiality accusations, I'm undecided on whether or not they're true.
From both sides I've seen blatant disinformation, misinformation, and "evidence" that contradicts the truth that I know. So much so that I can't make an informed decision.
Regardless of whether or not the accusations are true, I believe that none of it involves CS so it really doesn't matter.
For the record, I don't condone beastiality, I don't support it.
But I do believe that if someone wants to speak on their beliefs regarding a lifestyle that involves beastality, I don't think that it's constitutional to prevent that person from speaking their mind.
In summation, the tin foil hat brigade can safely continue to use CS. pj hasn't been involved with the back bits for more than a year now anyways.
However, it turns out that the front end can be more devastating to a thing like CS than the backend >:/
I blame all of this on @SwiftOnSecurity, for obvious reasons, such as: Fuck it, why not?
The original status update from a day or two ago:
As some of you may have noticed, there was recently a request for legal advice on the main twitter account. We're still awaiting more information on the exact details of what happened, but it appears to involve just one of the cryptostorm staff members. As far as I can tell, it's not anything computer related (like a raid). Also, the staff member predicted about a week ago that something like this might be happening soon. At the time, it was suggested that I change/remove all the important passwords/keys on the network that the staff member had just to be safe, so I did. That means that on the off chance this turns into a worse case scenario, anything any adversaries might get their hands on has already been rendered useless.
So just to be clear, whatever happens next with that staff member, cryptostorm will continue to move forward.
The only noticeable difference is that there will probably be less twitter activity as the other staff members are pretty busy with other aspects of the network (myself included).
As for me, I'm still working on the next widget version. It already includes dnscrypt-proxy so the pre-connect DNS queries will be safe from prying eyes, I just need to finish fixing some annoying bugs I've noticed in other parts of the widget. All of the DeepDNS IPs already have dnscrypt-wrapper setup on UDP & TCP port 443 if anyone wants to start using it now. Usage is fairly straightforward: install dnscrypt-proxy, tell it to use https://cryptostorm.is/dnscrypt-resolvers.csv, run it with (for example, using the France server)
Code: Select all
dnscrypt-proxy --local-address=127.0.0.1:53 -R cs-fr
Code: Select all
dnscrypt-proxy --local-address=127.0.0.1:53 --resolver-address=188.8.131.52:443 --provider-name=2.dnscrypt-cert.cryptostorm.is --provider-key=3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A
(replace 184.108.40.206 with whichever DeepDNS IP you'd like to use [Nice key, eh? ]).
I noticed that even though most people don't like the fact that we have some US nodes, they seem to always have a higher user count than any of the other servers. So for that reason (and because we have no US east node), I went ahead and ordered an unlimited/1gbps one in NY. Should be ready in a day or so.