Forgot your password?
typodupeerror
Privacy Encryption The Media

Privacy Advocate Jacob Appelbaum Reports Break-In Of Berlin Apartment 194

Posted by timothy
from the watch-your-friends'-enemies dept.
Jacob Appelbaum isn't shy about his role as a pro-privacy (and anti-secrecy) activist and hacker. A long-time contributor to the Tor project, and security researcher more generally, Appelbaum stood in for the strategically absent Julian Assange at HOPE in 2010, and more recently delivered Edward Snowden's acceptance speech when Snowden was awarded the Government Accountability Project's Whistleblower Prize. Now, he reports, his Berlin apartment appears to have been burglarized, and his computers tampered with. As reported by Deutsche Welle, "Appelbaum told [newspaper the Berliner Zeitung] that somebody had broken into his apartment and used his computer in his absence. 'When I flew away for an appointment, I installed four alarm systems in my apartment,' Appelbaum told the paper after discussing other situations which he said made him feel uneasy. 'When I returned, three of them had been turned off. The fourth, however, had registered that somebody was in my flat - although I'm the only one with a key. And some of my effects, whose positions I carefully note, were indeed askew. My computers had been turned on and off.'" It's not the first time by any means that Appelbaum's technical and political pursuits have drawn attention of the unpleasant variety.
This discussion has been archived. No new comments can be posted.

Privacy Advocate Jacob Appelbaum Reports Break-In Of Berlin Apartment

Comments Filter:
  • Paranoia (Score:5, Insightful)

    by the eric conspiracy (20178) on Sunday December 22, 2013 @12:29PM (#45760193)

    It's not paranoia when they really are out to get you.

    • Re:Paranoia (Score:5, Insightful)

      by Anonymous Coward on Sunday December 22, 2013 @12:54PM (#45760341)

      It's not paranoia when they really are out to get you.

      The distance between paranoia and reality has narrowed considerably.

      • Re: (Score:3, Insightful)

        by KingOfBLASH (620432)

        It's not paranoia when they really are out to get you.

        The distance between paranoia and reality has narrowed considerably.

        Where's +1 Sad when you need it?

        • Re: (Score:2, Insightful)

          by Tackhead (54550)

          It's not paranoia when they really are out to get you.

          The distance between paranoia and reality has narrowed considerably.

          Where's +1 Sad when you need it?

          Trust the Computer. Happiness is mandatory. You are happy, aren't you, Citizen?

    • Re:Paranoia (Score:5, Insightful)

      by cold fjord (826450) on Sunday December 22, 2013 @01:04PM (#45760393)

      It is always an interesting question though as to which "they" it is. Appelbaum has access to documents that Snowden leaked. Is it the Russian government trying to get their hands on the full cache of documents that Snowden leaked, assuming they don't have it already? Germany is crawling with Russian spies. Is it the German government looking for more information on US and British activity? Chancellor Merkel brought a former intelligence officer into her government recently. Is it the US government? Is it the Iranian government looking for ways to avoid detection of its agents? Is it another nation, impatient to see if there are any revelations about intelligence involving it but not wanting to wait for newspaper publication that may never come? Is it another advocacy group looking for information to share in the limelight? Is it another hacker group looking for clues as to how to avoid government surveillance of their activities, or for information they can crib into attacks? It is criminal gangs looking for information that can be exploited in many ways - making a profit and avoiding police surveillance? Is it a former lover looking for revenge? All that can be said is that he claims that something happened, but what it means is very much an open question. Various people will claim to know that it was this, or that, but Appelbaum doesn't know exactly what, how could anyone else but the perpetrators.... if they exist?

      • by CanHasDIY (1672858) on Sunday December 22, 2013 @03:23PM (#45761359) Homepage Journal

        I guess that depends on which group accuses him of having CP on his machine, here in a week or two.

      • Do you really believe they ever really leave the organisations they used to work for? Putin is clearly still KGB...
      • Is it the Russian government trying to get their hands on the full cache of documents that Snowden leaked, assuming they don't have it already?

        My opinion too: it's very likely that these documents doesn't contain much that the FSB (which has been at this spying game even before it was renamed from TcheKa to KGB) isn't already aware of through their own information channel.
        The reason we can trust when snowden tells that he hasn't handed anything over to Russia (nor China), is that very probably they won't gain much that they don't know already. It's simply not worth going through the hassle and public disapproval of using this controversial source

    • by houghi (78078)

      On they Internet NOBODY is paranoia. They ARE following you.

    • by quantaman (517394)

      10 years ago my first thought probably would have been along the lines of "probably just some random burglars, he's probably just paranoid". Now? No one seems to question that it was government agents who likely broke in.

      I think that's one of the strongest indictments of the NSA spying scandal I've seen yet, previously people assumed government spooks only went after other government spooks, serious criminals or terrorists, or in the very rare case, high level political subversive elements. The idea that a

  • So someone managed to turn off three alarm systems, but didn't think to make sure that the contents of the apartment were all left in the same position that they found them?

    • by wjcofkc (964165) on Sunday December 22, 2013 @12:35PM (#45760221)
      Just because they are spooks doesn't make them competent.
      • by cold fjord (826450) on Sunday December 22, 2013 @01:06PM (#45760405)

        You can't overlook the possibility that they were leaving a message, whoever it was.

        • by jd (1658) <imipak&yahoo,com> on Sunday December 22, 2013 @03:13PM (#45761301) Homepage Journal

          Very true. Instill an element of fear in someone who you know will talk about it, creating an element of fear over the wider community. PsyOps. Which we know governments practice.

          The Russians know no more than the rest of us - Snowden has made it clear he gave all documents to others, and this is extremely believable. It makes it pointless to limit damage - or even establishing what damage there is to be limited - by capturing or killing him.

          • by icebike (68054)

            Snowden has made it clear he gave all documents to others,

            He has made it clear he has given encrypted copies to others, and he releases encryption keys selectively as the need arises.
            Which suggests he as a very good memory, or access to something to retrieve the next key or the key specific to the topic he chooses.

            He hasn't made the whole trove accessible to all of the holders yet.

          • if i was him, i'd leave a computer behind with disinformation on it, while always carrying my laptop which would have the real information on it.

          • The Russians know no more than the rest of us - Snowden has made it clear he gave all documents to others, and this is extremely believable.

            These two are separated.
            The fact that Snowden has already given away the documents and doesn't have them any more, DOES NOT prevent the Russians from already knowing the information contained in the Snowden documents (not because they read the actual Snowden documents, but simply because they already have competent intelligence service with a very long experience dating back from the cold war and even before and vastly more ressource: Russians have probably already gathered similar amount of informations th

        • by Richy_T (111409)

          Zersetzung

          http://en.wikipedia.org/wiki/Stasi [wikipedia.org]

        • You can't overlook the possibility that they were leaving a message, whoever it was.

          "Never attribute to malice that which is adequately explained by stupidity." -- While disagree with the foolish absolutist term "never" Hanlon used in this quote, it's more probable sloppiness otherwise why bother disabling the other 3 alarms or turning off the computers? I mean, stealing the computers and ransacking the place to appear as a burglary would have been so much easier.

          The best defense is a good offense. This explains my odor, and why I insist mother brings my food down to the basement, so as

    • by nurb432 (527695)

      They may have tried, but you can set things up so that you can notice when even the best has come and gone.

      • by gweihir (88907)

        Indeed. And even the 3 that were "turned off" are a dead giveaway already. But turning the computers on is just plain gross incompetence. On the other hand, the NSA had all its crown-jewels stolen by a contractor, so the level of incompetence and stupidity in the "intelligence" community seems to be just what you would expect from government employees.

    • by Jawnn (445279) on Sunday December 22, 2013 @01:13PM (#45760453)

      So someone managed to turn off three alarm systems, but didn't think to make sure that the contents of the apartment were all left in the same position that they found them?

      Only if your aim was to hide the fact that you were ever there.

      • by HiThere (15173)

        And while they turned off three of them, apparently they didn't turn them back on before leaving. So they weren't hiding that they had been there.

        OTOH, they also didn't go out of their way to create a mess. So they weren't police.

    • They probably weren't expecting someone who memorises the placement of every pen and paperclip on their desk just in case this happens.

      • by AK Marc (707885) on Sunday December 22, 2013 @01:45PM (#45760731)
        My desktop computer moves when I make hardware changes. The dust is medium and consistent. Someone moving the computer to clone a drive or plug something in the back will make it so I can tell, unless they can also clean it and age the dust 8 months. You don't have to be OCD to notice changes. It just helps.
        • by Nyder (754090) on Sunday December 22, 2013 @02:15PM (#45760943) Journal

          My desktop computer moves when I make hardware changes. The dust is medium and consistent. Someone moving the computer to clone a drive or plug something in the back will make it so I can tell, unless they can also clean it and age the dust 8 months. You don't have to be OCD to notice changes. It just helps.

          I use the same excuse as a reason not cleaning my apartment.

    • by Nyder (754090)

      So someone managed to turn off three alarm systems, but didn't think to make sure that the contents of the apartment were all left in the same position that they found them?

      Going to point out since they missed the 4th alarm system, it's not surprising that didn't put everything back in the same place.

      • by icebike (68054)

        So someone managed to turn off three alarm systems, but didn't think to make sure that the contents of the apartment were all left in the same position that they found them?

        Going to point out since they missed the 4th alarm system, it's not surprising that didn't put everything back in the same place.

        After three went off loudly, they might have been forced to turn these off, and they totally missed the silent one. If all his alarms were the noisy kind, they might stop worrying when it got quiet.

        What I want to know, is why he doesn't have pictures. Four alarms and memorized placement, and no hidden wireless cameras?

    • by icebike (68054) on Sunday December 22, 2013 @04:16PM (#45761727)

      So someone managed to turn off three alarm systems, but didn't think to make sure that the contents of the apartment were all left in the same position that they found them?

      They might have had no alternative but to turn off the three alarms. After all a loud ringing alarm will soon bring investigators of one sort or another.

      Who knows just how persnickety his staged positioning of items in the room might have been. That magazine might overlap that envelope on the table "just so", and he could have had photos on his smartphone that he could match better than even a professional team could restore.

    • by quantaman (517394)

      So someone managed to turn off three alarm systems, but didn't think to make sure that the contents of the apartment were all left in the same position that they found them?

      If you came home after a trip and all your alarms had been turned off that's generally a better indication that you were broken into than having some items in a different position. Question is did they leave the alarms off as a practical manner (too hard to turn back on) or as a "we were here" message that some have suggested.

  • by dclozier (1002772) on Sunday December 22, 2013 @12:33PM (#45760209)
    As we improve our ability to keep private things private the government's orginizations will find it easier to snoop by gaining physical access first. There's no doubt we're on the slippery slope. I have to wonder, which orginization broke into his apartment? Or maybe it was a combined effort and they are sharing in the information gained, if any.
  • by Anonymous Coward

    There's no way he can trust using the electronic devices that were in the apartment now. In fact, he should probably move to a new place, or go all Gene Hackman on it.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      He should put his wireless router in a faraday cage so the US government can't spy on him.

  • What an idiot... (Score:2, Insightful)

    by Anonymous Coward

    Seriously, if you don't want the American secret police to dig around through your shit, kidnap, torture, and possibly kill you (while making your body disappear), don't piss off anyone in the American government.

    I'm not being sarcastic.

    • by AK Marc (707885)
      You just pissed off someone in the American Government.
    • by jd (1658)

      Nobody knows what would piss off the wrong people to that extent. The CIA apparently had "rogue" missions being launched by "enthused" controllers. We don't know if that's true, but since I am defining the scope of ignorance, anything we can rationally say we are ignorant of is in scope. In this case, we can rationally say that the best information we have makes it possible that upsetting relatively low-level employees of any security agency may be sufficient to warrant (in their eyes) a visit.

      I dispute the

    • You're making the fallacious assumption that the list of things that pisses them off is reasonable.

  • by Gonoff (88518) on Sunday December 22, 2013 @12:47PM (#45760295)

    It's surprising that there are still some people in the USA who are surprised that your spooks are generally perceived, all over the world, to be criminals.

    • Re: (Score:2, Redundant)

      by csumpi (2258986)
      Let's just not get carried away and think that Russians, Germans, the Brits, Canadians, you name it, don't engage in similar activities. Maybe it's just that in those countries nobody has the balls to leak the info.
    • Re:Perceptions (Score:4, Insightful)

      by cold fjord (826450) on Sunday December 22, 2013 @01:12PM (#45760443)

      It's surprising that there are still some people in the USA who are surprised that your spooks are generally perceived, all over the world, to be criminals.

      It is surprising that some people are unable to conceive of the idea that many nations would like to get their hands on the information that Snowden took, and which Appelbaum has access to. For all you know it could be Russians, Chinese, Iranians, Germans, French, Israelis, Swedes, or just about any other country's agents. That is before you consider criminal gangs or hacker groups. Your imagination is far too limited to consider the range of possibilities.

      • For all you know it could be Russians, Chinese, Iranians, Germans, French, Israelis, Swedes, or just about any other country's agents.

        There's 2 reasons why some countries might want to avoid getting their hand on Snowden's documents:

        1. These documents are known to exist, and are highly pollitically controversial. Although Germany representative would be free to bitch and moan about things published in the news papers about NSA spying them (after all these specific information where published for anyone to see, and are the consequence of news papers, not germany's own services), things will be very different if word got out the Russian or

  • by grumbel (592662) <grumbel@gmx.de> on Sunday December 22, 2013 @12:53PM (#45760337) Homepage

    Come on, he installed four alarm system and didn't bother with a single surveillance camera? I am not saying that there wasn't somebody in his apartment, but it's hard not to think this might have just been a case of a malfunctioning alarm system and a whole bunch of paranoia on top. If the government is after you, at least make sure you get some pretty pictures of them, cams are cheap these days.

    • Yup - pics or it didn't happen.
    • My thoughts exactly. All this security system but no cameras? If you are that worried about people breaking into your house, and think it has happened before, wouldnt you want to know WHO broke into your house?
    • Maybe the cameras were part of one of the three alarm systems that was turned off.

    • Also, it seems very unlikely that he's the only one with a key to his flat. If it's a flat, that means it's in a shared building. If he's renting the landlord has a key, for emergency and notified inspection purposes. If he's got a condo, the superintendent has a key for emergency purposes. Unless he owns the building and has a pick-proof lock, his claims on physical security seem to be overstated. OK, I guess he could have an extraordinary contract, but a power outage seems more likely given the infor

      • by vux984 (928602)

        If he's got a condo, the superintendent has a key for emergency purposes.

        I don't know if you mean something different by "condo"; but I've lived in a couple and live in one now, and there is no 'superindentent'. There is a strata corporation with a president and council who are elected from the owners, a 3rd party management company who provides some legal services, and a variety of contracts with trades... but nobody has a key to all the units. Hell, most owners re-key them as a matter of course when they

        • Hell, most owners re-key them as a matter of course when they buy them.

          What happens when smoke starts coming from one of the units? Or, less dramatically, if there's maintenance that needs to happen for shared systems (plumbing, etc.)?

      • by icebike (68054)

        Flat, in Germany refers to an apartment, not a condo.

        However, there is nothing (other than his rental agreement) that would prevent him from having his locks changed out, even if he did it himself. Its trivial, and your building super might not notice for years, if you are always there to let him in.

        Him having the only key means nothing if he bought a common lock, many of which are still being made to this day that are susceptible to bump keys.

    • by icebike (68054)

      Come on, he installed four alarm system and didn't bother with a single surveillance camera? I am not saying that there wasn't somebody in his apartment, but it's hard not to think this might have just been a case of a malfunctioning alarm system and a whole bunch of paranoia on top. If the government is after you, at least make sure you get some pretty pictures of them, cams are cheap these days.

      That triggered alarm bells in my head as well. Maybe those "alarms" that were disabled were really cameras sending pictures to someplace, these are cheap and getting cheaper these days. If he was using something from a commercial service (like Dropcam) those accounts would have been disabled before the break in crew arrived at his door step. If they were watching his internet stream they would have known about such things.

      Still, a guy that worried would have a cam somewhere.

  • BIOS Attacks (Score:5, Informative)

    by TechyImmigrant (175943) on Sunday December 22, 2013 @01:16PM (#45760471) Journal

    Plug in UEFI bootable USB stick.
    Turn off
    Turn on
    Keylogger and remote backdoor installed.

    So those machines are toast. He needs new ones.

    • Re:BIOS Attacks (Score:4, Insightful)

      by SuricouRaven (1897204) on Sunday December 22, 2013 @01:20PM (#45760511)

      And then go over the EFI boot partition, and find some way to compare the firmware with the file from the manufacturer's site. If they have been compromised, don't pass up the chance to document exactly how it was done.

    • Re:BIOS Attacks (Score:4, Informative)

      by Anonymous Coward on Sunday December 22, 2013 @01:24PM (#45760555)

      Or, he could be real savvy;

      Use a computer of a different architectural type, (Say ARM or PPC) and an EEPROM programmer. Clamp the connector onto the compromised system's UEFI bios, and dump it.

      Compare the dump against the vendor's stock image.

      Note the differences, Decompile the differences.
      Report on the hows and whys of the keylogger.

      Reflash the bios with the vendor's stock image, then nuke all harddrives from orbit. (Harddrives also contain updatable firmware, which may be harder to ensure are in a sane condition.)

      • Re:BIOS Attacks (Score:5, Insightful)

        by TechyImmigrant (175943) on Sunday December 22, 2013 @01:36PM (#45760657) Journal

        I'd swap out the keyboards as well. Just sayin'

      • by citizenr (871508)

        ARM machines dont have uefi (yet), + some have bootcode inside cpu + some have manufacturer debugging code inside cpu behind crypto handshake

        • by DrYak (748999)

          ARM machines dont have uefi (yet)

          Some do. The whole "Linux vs. Windows 8 and Secure UEFI" debacle is about the fact that, because Windows 8 mandates Secure UEFI, althrough *PC* vendor are required to let their customer around Secure UEFI (allowinf customer to disable it and allowing customer to put other signing keys there), the same requirement don't apply for ARM hardware.
          You can install linux on a Secure UEFI Windows 8 x86 desktop.
          You are not guaranteed to be able to install Linux on a ARM tablet with Secure UEFI and Windows 8 RT.

  • by dutchwhizzman (817898) on Sunday December 22, 2013 @01:17PM (#45760495)
    This computer holds the latest and greatest they have in espionage software and possibly hardware. I'd say get it thoroughly examined so we know what to look for on other machines.Make good forensic copies of anything that is able to hold data in the device and only work on copies of copies so you'll always be able to start from scratch if you mess up or want to prove your findings.
  • Ugh... (Score:5, Insightful)

    by koan (80826) on Sunday December 22, 2013 @01:26PM (#45760567)

    None of your hardware can be trusted any longer, your apartment is bugged, and man do I feel for you having to clean it up.

  • Competent spies can do it without you noticing. Perhaps "they" are getting sloppy? Maybe "they" subcontracted it out to a 3rd party private security agency? Maybe it was deliberately sloppy and intended to send a message to Appelbaum? Or maybe it was aliens? We can speculate about this all week if we want to ;)
    • by Anonymous Coward

      I can set it up so even the most competent spy can be detected.

      Insert USB dongle in laptop that tracks power on/off cycles, motion sensor, etc. with RF transmission as well.

      Remotely record the RF transmission with scanner (not a paired device); check that device, which can readily be hidden anywhere (including a block or two away).

      A custom device like this is simple, but unless you are truly absolutely exceptional you're not going to bypass it. And that level of exceptional only exists in people's imaginati

  • by Anonymous Coward on Sunday December 22, 2013 @02:08PM (#45760889)

    By the sound of it, he's doing a lot of things right. Read his bio. I'm very glad and thankful there are still brave men left.

  • and replaced all my furniture with exact duplicates.
  • This was a message (Score:5, Insightful)

    by argStyopa (232550) on Sunday December 22, 2013 @03:09PM (#45761285) Journal

    Sure, there are probably some surveillance things tossed in mainly "to be found", but the fact is that a break-in like this - where 3/4 of the systems weren't even turned back on is either a) laughably amateur, or b)(more likely) a deliberate message TELLING him he's under surveillance.

    If he's practicing even moderately good security measures, he's likely beyond all but governments' ability to crack. And if they're after him, there are few things that he could do to PREVENT such surveillance.

  • Child porn either hidden on his computer or on cds hidden in the depths of the apartment somewhere. On his computer a timer to reveal it in a few days time; the disks are 'stumbled across' at some point in the future. He needs to check the apartment and totally shred the computer disks... Any bets anyone?
    • Your web browser will download anything from anywhere the pages you visit tell them to. Even if you browse only encrypted sites the site itself can be trivially exploited via XSS, SQL injection, or the zero-day exploits purchasable on the black market. Now, some of the pages you've been browsing can contain hidden <iframe> tags or if JS is enabled XMLHTTP Requests to download child porn. You'll never see the images, but there it is: an ISP record that your computer regularly made requests to child porn sites and downloaded kiddie porn. The spy agencies can simply put CP on your systems remotely, and give them "probable cause" to search. A physical copy would be quite a nice touch.

      This isn't a hypothetical warning. I clean up servers linking to CP about 3 times a year. The government doesn't even have to do anything but make possession of certain strings of 1's and 0's illegal. Then the angsty teen skiddies with a copy of Metasploit inject the illegal pictures to ordinary sites in protest that sexting pics of themselves is illegal. Now, your Internet history clears after a period of time, so if it's not in there right now, it could have been and probably still resides on your drive's free sectors. You should be using whole drive encryption for this reason alone -- Although that doesn't rid the ISP record of your apparent obsession with disgusting perverse illegal imagery.

      A police state has two prime tools:
      0. Ensure it's impossible to obey every law.
      1. Selective enforcement of the law.

  • he finds the nice hardware and software and analyses them. I guess he's clever enough not to use his systems after this.

  • Considering that the computers weren't just taken, it was hired thugs or police. The GCHQ, NSA, etc. simply exploit your system remotely with the zero-day-exploits purchasable on the black market. [theatlantic.com]

"One Architecture, One OS" also translates as "One Egg, One Basket".

Working...