GPG Signatures on Press Releases & Verifiable Anonymous Factions

February 25th, 2011 | Categories: News, Rant, Security | Tags: , , , , , , , , ,

Found the below on anonnews.org (here's a reddit). As a proponent of public key cryptography, I whole-heartedly agree. If the groups used cryptographically secure signatures on their publications, anonymous would no longer be at risk of having members jump to fight in fabricated battles. This would do away with the potential for the Anonymous Hoax that seems so easy to create at the moment.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Anonymous,

Every time the core group puts out a press release or replaces website content with a message to the owners, it does so in the form of an image. I've been musing on the idea that internally these images must have a deeper purpose than simply acting as a style standard--maybe they have some steganographic messages hidden in the pixels to communicate within the inner circle. Maybe somewhere embedded is a forgery-proof watermark or a signature (beyond the famed logo)... but I haven't found anything (not that I've looked too terribly closely) and I'm starting to wonder if it's because nothing is there.

It's obvious at this stage that their is a 'usual' press release team, no matter the ethereal, leaderless form in which anonymous supposedly exists--and I doubt it's the only group acting as a team within anonymous. So here's my suggestion:

Individual groups within Anonymous adopt a standard for communication that involves setting up a GPG encryption key (http://www.gnupg.org/documentation/howtos.en.html) for the faction and then using that key to sign whatever image/message are published by that faction. This is really what Public-Key Cryptography (https://secure.wikimedia.org/wikipedia/en/wiki/Public-key_cryptography) was created for--a public key that anyone in the public can use to verify message origin authenticity, with a secret key, physically protected by the owner (or owners).

If the core group wants to exist in a form that it can be 'in charge' of press releases and going on air on the David Parkman show and the like to verbally combat the rantings of lunatics, it would be great to create a public key for the group so the next time someone claims to have received a message from anonymous, that group can say, "Show me the signature? Does it verify against our public key? No? Then we didn't sent it. Because we have a standard."

This would also help anyone interested in following different factions in identifying which faction put out which message. If you find that there is an anonymous faction (or even a third party group like the WBC, FBI, etc) acting out against the core values of anonymous or pretending to be a member of an influential group, you can be sure that their messages are not mistaken as coming from any of the groups who accept the GPG signing standard.

Granted, it should be advised that holding a private encryption key belonging to a faction acts as physical proof that you are a member of that faction (in the event that your equipment is seized or accessed by an opposing force)--so this key needs to be treated with the utmost security in mind.

You'll note that this message is signed by zombies@anonnews.org, which has a public key published for anyone to use to verify that this message was sent by the Anonymous Zombies faction: http://pgp.mit.edu:11371/pks/lookup?search=zombies%40anonnews.org&op=index (forgive us Sven/anonnews.org--but your domain just seemed the most apropos for using as our identification source since you are the closest thing we know to an official anonymous domain besides 4chan, LOL).

You are Anonymous
You are Legion
You do not Forgive
You do not Forget
I Expect you... to cryptographically sign your messages
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.11 (Darwin)

iEYEARECAAYFAk1oUigACgkQNoGgcrl7L2iwggCgjJ1JiZq17Tqz1R7Xs94ctyOi
UHUAoN25E+kLYGgfGTnHnECAwBCAh2+f
=LxmL
-----END PGP SIGNATURE-----

No comments yet.
You must be logged in to post a comment.