If they didn't specially target only illegal actives as their customer base then you might as well indict every gun maker and whatsapp, apple, google etc.
I know it sounds paranoid, but it's why I don't trust Signal for information that I want to defend against nation-states. In the US, if the govt couldn't circumvent their messages then they would find a way to take it down. Any warrant canaries could be required to be left untouched by secret FISA courts.
When lives are on the line, it's dangerous to wait for peer-reviewed papers or solid evidence to come out. Think of how many years the NSA spied on everything before Snowden leaked it. There were rumors for years, but no solid proof. It's better to be more paranoid and have good OPSEC.
I'm not saying I don't use Signal, because I do. It would work fine against cops or the federal government as a citizen. But if lives depended on it, it would merely be part of my communications toolbelt.
If needed, I'd prioritize good OPSEC and prevent association of the communication device with me. Purchase a laptop from Craigslist with cash, disconnect its power when close to an area I frequent. Use macchanger to change the mac address of my device when in use, use a yagi antenna so I don't have to get too close to the open WiFi access point. A host of other activities meant to make association more difficult.
Defense in depth is important. It's also unnecessary for most people most of the time, which is why I generally don't do it and just use Signal for interpersonal communication. But it's still good for people to know that depending on one system like Signal for security has risks so they can make their own determination on if it's worth it to harden their communication systems.
That depends entirely on the need. I would bet that any sort of decentralized chat system communicating to nonstandard servers would be closely scrutinized.
For one-to-one communication, ideally I'd set up either some sort of special code with the receiving end and just use http. If more information relaying is needed, a one-time pad would be good. I'd try to keep the messages short in case there's a hole in the system somewhere. Again, depending on your needs, relying on one protocol like matrix or pgp could be risky. Good OPSEC can make up for a leaky security system.
For one-to-many communication, proxies and device disassociation are priority above all else. You can assume interception of those messages generally.
Not every threat model is one where the NSA is what you need to worry about. The vast majority of people in the world live in countries were Signal will help protect them.
Assuming that wasn't intended sarcastically, I'm a bit more pessimistic. I think that the narrative would just move on to the next bogeyman to maintain the hostile stance. Between terrorists, paedophiles, organised crime and occasionally illegal immigrants, you always have an excuse for your political dilemma.
None of those other things are nearly as profitable as drug markets, or nearly as widespread. Drugs are a uniquely effective excuse for massive government interference into people's personal lives, and that interference also happens to be self-funding.
does anyone else see this title as a bit clickbaity?
I initially read this as if the CEO was actually drug trafficking, rather than the selling of encrypted chat being used to claim 'facilitation' of trafficking, which appears to be the actual charge..
Go to any small hardware store in Northern California and you'll find a display of turkey bags near the front for bagging pounds of weed.
I've wondered what the manufacturer must have thought when they first realized why demand is so much higher in that region. I guess the FBI would have them and all the owners of those mom and pop stores hauled off to prison.
knowingly and intentionally participated" in a criminal ring that distributed narcotics by facilitating the "sale and service of encrypted communications devices."
followed by
Canada-based Sky Global is a provider of custom handsets and the developer of Sky ECC, a subscription-based end-to-end encrypted messaging application.
Someone please correct me If I'm wrong but I thought If your systems are all E2E encrypted, then you as the service provider have no way of seeing what your users are discussing on your platform. At least from a technical aspect, the state's case doesn't really hold up.
However on the other side of the equation I have to ask. There has to be away they knew, and I think that is what the government is getting at, even if you can't read the exact messages, surely you aren't oblivious to what your users are discussing.
I think this will come down to the makeup of the user base. If say only 10% of your customers are using it for illicit purposes, you can claim you didn't know, of couldn't have know because the messages are E2E encrypted, however if that number is 50+%, then I think the case could be made that yes even though you couldn't read the exact messages, you can still be held liable.
I'm not an expert in this field and this is my Monday morning quarterback, so if someone has any better insights please correct me.
>I think this will come down to the makeup of the user base. If say only 10% of your customers are using it for illicit purposes, you can claim you didn't know, of couldn't have know because the messages are E2E encrypted, however if that number is 50+%, then I think the case could be made that yes even though you couldn't read the exact messages, you can still be held liable.
But what are you supposed to do in this situation? You get an inkling that the service you're providing is used by drug traffickers. If you start taking actions against that then it means you know, therefore more likely to be guilty in the eyes of the law. If you tell law enforcement then you're also taking a risk, because it's still happening in your backyard. On top of that, anything you do has a good chance of destroying the business as well.
You let law enforcement do their job, and forward what little you can. If you implemented e-2-e encryption properly it isn't your problem you have no access to anything but metadata.
If you didn't, and you really have access to keys that enable law enforcement to intercept or crack the encryption, then you weren't really end-to-end encrypted were you?
Law enforcement interaction, and adherence to the law is not that much different than following and implementing a protocol. They can ask. You are expected to make a best effort attempt at accomodating what they ask for, given they have probable cost and a warrant. If they say that isn't good enough, you fight it in Court until either a judge modifies the protocol, or stipulates it's a legislative question. Queue lobbying.
At all times, law enforcement are bound by probable cause. If they have it, you have to assist to the best of your ability, which for an e-2-e encrypted data stream is pretty much just metadata submission, or production of ciphertext if you're really going full centralized comm-stream tapping CALEA. Design your comm system like WebRTC, where your infra is only there to help two endpoints meet, and you have not even that.
That's all there is to it really. Awful people doing awful things is a certainty. LE just have their knickers getting in a twist because their prey are starting to play the game with the blinders of technical ignorance off.
What Law Enforcement wants is everyone to agree that they get privileged access to any message propagating through societal infrastructure... I sure hope everyone here understands why it is essential that they don't have it.
The correct response in his case was civil disobedience, cracking open every last detail of what he was being put through, and counting on the rest of us to come to our senses.
It's sad, but there really is no other way to reasonably confront tyrannical overreach. If you play by the rules and refuse to be non-compliant, you also sacrifice the one weapon an overreaching Administration has to fear: the Truth.
Now in a more naive mindset in my life I'd say go to the press. Nowadays though? It's a hard call who to go to to get the thumbscrews turned on those in power.
Normally I would disagree with you and say that following the law is the best course of action, but the article that Ladar Levison wrote for The Guardian (here: https://www.theguardian.com/commentisfree/2014/may/20/why-di...) makes it clear that he should have disobeyed the court summons and allowed himself to be arrested. Had that been the case, he should have been afforded the right to counsel because his liberty was at stake.
>Someone please correct me If I'm wrong but I thought If your systems are all E2E encrypted, then you as the service provider have no way of seeing what your users are discussing on your platform. At least from a technical aspect, the state's case doesn't really hold up.
When has a prosecutor ever let reality stop them from throwing shit at the wall to see what sticks?
It is highly unlikely that anyone developing an app that facilitates crime will leave themselves access to user data. It's a pointless risk from a business and criminal liability perspective. Pretty much everything illegal runs on the "don't ask don't tell" principal. The less you know the less of a target you are.
>Someone please correct me If I'm wrong but I thought If your systems are all E2E encrypted, then you as the service provider have no way of seeing what your users are discussing on your platform.
In the past the issue has been did the company intentionally develop and market the product for drug trafficking. For instance did they send sales reps to contact criminal organizations and offer their products as a way to do crimes.
One company produced electronic devices for the purposes of evading wiretaps and then visited various mafia owned bars to meet criminals and sold those devices to members of those syndicates [citation needed] specifically for the purposes of evading wiretaps. You might have heard of that company, it later became Apple Computer.
>"Somehow, despite the fact that many of their blue boxes had been seized by law enforcement, and there were definitely indicators that they were all made by the same outfit, the boxes were never linked back to Woz and Jobs." - [0]
Edit: I can't find anything to back up my memories that Woz talks about selling blue boxes at a bar. I may have misremembered. I have added a [citation need]
A blue box gives you administrative access to the switching equipment by tricking the switching equipment into thinking it is receiving control plane information from another switch. It's like being able to send BGP messages to routers.
This means you can make long distance calls for free, but it also means you can route your call through whatever switches you want and lying about both the source and destination at each hop. Because wiretapping systems often rely on the switching infrastructure and with a blue box you control the infrastructure, you can make yourself invisible. It was God-mode for the phone network.
Fundamentally, a blue box is, along with the essential 2600Hz tone, simply a DTMF dialer, like what is built into touch tone telephones, only it used operator dual tone frequencies, not the same dual tone frequencies used by touch tone telephones. You can't do much at all with a blue box unless you understand how the switching equipment that detected those frequencies worked, and that was only documented in unpublished Bell Telephone Company and then AT&T manuals, then subsequently by phone phreaks who either learned by trial and error or somehow came across one of those manuals. Blue boxes stopped working due to the change to digital switching equipment.
A red box, which emulates the tone that tells a pay telephone or a long distance operator that a quarter has been inserted, should still function, if you can find a pay telephone that still accepts quarters.
> One company produced electronic devices for the purposes of evading wiretaps and then visited various mafia owned bars to meet criminals and sold those devices to members of those syndicates specifically for the purposes of evading wiretaps. You might have heard of that company, it later became Apple Computer.
While Steve and Woz definitely made and sold Blue Boxes, this conjecture is entirely false otherwise. Blue boxes had nothing to do with evading wiretaps, but rather making free phone calls. Further, your farcical story of them visiting mafia owned bars is utterly fantasy.
>While Steve and Woz definitely made and sold Blue Boxes, this conjecture is entirely false otherwise. Blue boxes had nothing to do with evading wiretaps, but rather making free phone calls.
You are incorrect, blue boxes were and can be used to evade wiretaps.
"in wiretapping systems: common phone-tapping equipment was designed to be backwards compatible with in-band signalling, with the result that you can evade surveillance by using a blue box to convince the police equipment that you’ve hung up. The telephone exchange ignores this signal, so you remain
on the phone but with the police recording stopped" - [0]
>Further, your farcical story of them visiting mafia owned bars is utterly fantasy.
I can't find the exact quote where I think Woz talks about this in an interview. It is that not absurd at face value since one of the main purchaser of blue boxes was bookies. If you're selling blue boxes at that time, a bunch of the buyers are going to be bookies. Both for their ability make free calls, but also for advantages like evading wiretaps that blue boxes provide. See quote below:
"Since the early 1950s [mafia] bookies had been using every trick they could think of to make free and, more important, unrecorded long-distance telephone calls. One method was as simple as bribing telephone company operators and
technicians to place calls for them so that the calls never appeared on their own telephone bills. [..] Blue boxes were active devices: they allowed you to call people — anybody — without leaving a record that the call was ever made. It’s not clear exactly when the bookies learned about blue boxes, or from whom, but the best guess appears to be about 1 963
or 1 964. One source was Louis MacKenzie, the electronics engineer who offered to fix AT&T’s network, for a price, in the early 1960s. MacKenzie, who later became a witness for the government in several blue box prosecutions, sold blue boxes to bookies in 1965 or perhaps earlier." - [1]
Edit: Really having trouble finding that quote from Woz. I could have misremembered this. The article that inspired Woz to build blue boxes was about people selling blue boxes to bookies, perhaps I conflated those two stories.
> You are incorrect, blue boxes were and can be used to evade wiretaps.
That was not why Woz (and Jobs) were interested in them, which is my point. They were interested in the free phone calls and geeking out on the system. I know, because I asked him. I’ve also read all the history that’s been written down on the subject too, and nothing has remotely said what you claimed, including the source article to this post.
> Edit: Really having trouble finding that quote from Woz
I probably remembered it wrong and conflated the Rosenbaum with being about Woz and Jobs.
>That was not why Woz (and Jobs) were interested in them, which is my point.
Woz and Jobs decided to learn about blue boxes because they read "Secrets of the Little Blue Box" [0], an article which covers people selling blue boxes to mafia bookies [1]. My understanding is that Woz thought that Blue Boxes were neat and that Jobs wanted to turn it into a business so they began mass producing them. They were looking for a market, they knew based on the article that got them excited about Blue Boxes in the first that Blue Boxes can be used to evade wiretaps and that also based on that article they knew organized crime was willing to pay for them. At the very least they must have talked about it as some point, perhaps just to say we are never selling these to the mob".
If you ever get a chance to ask Woz about this, I'd love to hear his answer, who did they try to sell blue boxes to and if they didn't try to sell blue boxes to bookies what was their thinking at the time about why not?
"And with Wozniak, of course, the story goes that he discovered the blue box via reading Ron Rosenbaum’s article, Secrets of the Little Blue Box" [0]
"We [not Woz or Jobs] had this order for a thousand beeper boxes from a syndicate front man in Las Vegas. They use them to place bets coast to coast, keep lines open for hours, all of which can get expensive if you have to pay. The deal was a thousand blue boxes for $300 apiece. Before then we retailed them for $1,500 apiece" - [1]
Woz/Jobs were also interested in making a business out of it. They were trying to mass produce blue boxes. That could mean selling the device to people who wanted to use if for other purposes.
> That could mean selling the device to people who wanted to use if for other purposes.
There’s a huge difference between that and your prior libelous accusation that they intentionally went to bars frequented by mafia to sell them. Maybe rather than spouting fairy tales you dreamed up, you could actually read the article you linked and learn who they sold the few dozen of them they made too.
>There’s a huge difference between that and your prior libelous accusation that they intentionally went to bars frequented by mafia to sell them.
I probably got the stories mixed up with the other group that did sell blue box to mob bookies. If I could edit that comment to reflect that I would, but hn has turned off editing on that comment.
Especially considering this part of the indictment:
> ... on March 10, 2021, Europol announced that judicial and law enforcement authorities in Belgium, France and the Netherlands had wiretapped Sky Global’s servers and monitored hundreds of millions of messages by Sky Global’s users. The European investigation resulted in hundreds of arrests, the seizure of thousands of kilograms of cocaine and methamphetamine, hundreds of firearms, and millions of Euros.
That refers to the activities of the customers though, not the company itself.
If it's end-to-end encrypted, then in theory the company is unaware of the content of the messages.
That said, this feels like governments basically saying that even if you sell a service that is _technically_ legal, if the majority of your customers are using it for criminal activity, you're also going down.
It seems to me that if it is possible to "wiretap the server" it was not really E2E encrypted. I don't know, maybe some messages were, some weren't. Certain users, certain types of messages, certain platforms.
If this is the case, then that's of course quite damning..
However, if you run a business that is making (according to the article) "hundreds of millions" selling handsets and subscriptions, why would you need to be involved in other very obviously illicit business?
I think it's more likely that this guy is really a "freedom and privacy at all costs" guy who probably knows what his product is being used for, and doesn't care because for him that comes with the territory, and also because he's raking in the money.
Even the whole "skyecc.eu is a fake version made by a disgruntled reseller" feels like a deniability smokescreen..
If you're smart enough to able to set up a service like SkyECC in the first place, you're smart enough to know that one day the cops/feds/govt are going to take a shot at you, so you'd have some kind of plan in place for that I would think.
Whether it works or not, remains to be seen I guess.
>However, if you run a business that is making (according to the article) "hundreds of millions" selling handsets and subscriptions, why would you need to be involved in other very obviously illicit business?
This wasn't always a huge business. I'm sure they became more careful after the incident with phantom secure.
>I think it's more likely that this guy is really a "freedom and privacy at all costs" guy who probably knows what his product is being used for, and doesn't care because for him that comes with the territory, and also because he's raking in the money.
Full disclosure: I work in this space, SkyECC was a competitor and I'm deeply familiar with their product.
This guy is an opportunist and a liar promoting a very insecure product, constantly making false promises of security. He's made his money by exploiting the technical ineptitude of drug dealers.
A "freedom and privacy at all costs" guy he is not.
>If you're smart enough to able to set up a service like SkyECC in the first place, you're smart enough to know that one day the cops/feds/govt are going to take a shot at you, so you'd have some kind of plan in place for that I would think.
You're clearly not very familiar with this space. It's rife with absolutely terrible products built by drug dealers who just hired a couple of developers from freelancer.com.
SkyECCs sole focus was providing a polished user experience, not security.
These clowns had their corporate active directory server (adsql.skyecc.com) exposed to the internet with RDP, SMB, LDAP all publicly accessible until it was seized a few days ago. They did nothing to harden their infrastructure after the Encrochat hack. I assure you they weren't prepared for the cops to come knocking.
That former high-level distributor was selling boatloads of these things into the criminal underworld, and the DoJ is alleging that the CEO knew about it and didn't stop it.
54 comments
[ 5.4 ms ] story [ 143 ms ] threadLavabit provides a direct example.
I'm not saying I don't use Signal, because I do. It would work fine against cops or the federal government as a citizen. But if lives depended on it, it would merely be part of my communications toolbelt.
Defense in depth is important. It's also unnecessary for most people most of the time, which is why I generally don't do it and just use Signal for interpersonal communication. But it's still good for people to know that depending on one system like Signal for security has risks so they can make their own determination on if it's worth it to harden their communication systems.
For one-to-one communication, ideally I'd set up either some sort of special code with the receiving end and just use http. If more information relaying is needed, a one-time pad would be good. I'd try to keep the messages short in case there's a hole in the system somewhere. Again, depending on your needs, relying on one protocol like matrix or pgp could be risky. Good OPSEC can make up for a leaky security system.
For one-to-many communication, proxies and device disassociation are priority above all else. You can assume interception of those messages generally.
I initially read this as if the CEO was actually drug trafficking, rather than the selling of encrypted chat being used to claim 'facilitation' of trafficking, which appears to be the actual charge..
https://www.justice.gov/usao-sdca/pr/sky-global-executive-an...
"Sky Global CEO indicted for providing encryption on devices sold"
shit headlines and a deluge of ads, screw the user or accuracy
Say Monica runs a clothing shop and sells clothes (including face masks and sun glasses) to people she suspects are drug dealers.
And we are not talking a single pair of sun glasses - she is running the clothing shop 8 hours a day, every day, for many years.
Well, she facilitated criminal activity and must go to jail, right?
I've wondered what the manufacturer must have thought when they first realized why demand is so much higher in that region. I guess the FBI would have them and all the owners of those mom and pop stores hauled off to prison.
And the pawn shop will have sawzalls for stealing cats.
However on the other side of the equation I have to ask. There has to be away they knew, and I think that is what the government is getting at, even if you can't read the exact messages, surely you aren't oblivious to what your users are discussing.
I think this will come down to the makeup of the user base. If say only 10% of your customers are using it for illicit purposes, you can claim you didn't know, of couldn't have know because the messages are E2E encrypted, however if that number is 50+%, then I think the case could be made that yes even though you couldn't read the exact messages, you can still be held liable.
I'm not an expert in this field and this is my Monday morning quarterback, so if someone has any better insights please correct me.
But what are you supposed to do in this situation? You get an inkling that the service you're providing is used by drug traffickers. If you start taking actions against that then it means you know, therefore more likely to be guilty in the eyes of the law. If you tell law enforcement then you're also taking a risk, because it's still happening in your backyard. On top of that, anything you do has a good chance of destroying the business as well.
If you didn't, and you really have access to keys that enable law enforcement to intercept or crack the encryption, then you weren't really end-to-end encrypted were you?
Law enforcement interaction, and adherence to the law is not that much different than following and implementing a protocol. They can ask. You are expected to make a best effort attempt at accomodating what they ask for, given they have probable cost and a warrant. If they say that isn't good enough, you fight it in Court until either a judge modifies the protocol, or stipulates it's a legislative question. Queue lobbying.
At all times, law enforcement are bound by probable cause. If they have it, you have to assist to the best of your ability, which for an e-2-e encrypted data stream is pretty much just metadata submission, or production of ciphertext if you're really going full centralized comm-stream tapping CALEA. Design your comm system like WebRTC, where your infra is only there to help two endpoints meet, and you have not even that.
That's all there is to it really. Awful people doing awful things is a certainty. LE just have their knickers getting in a twist because their prey are starting to play the game with the blinders of technical ignorance off.
What Law Enforcement wants is everyone to agree that they get privileged access to any message propagating through societal infrastructure... I sure hope everyone here understands why it is essential that they don't have it.
It's sad, but there really is no other way to reasonably confront tyrannical overreach. If you play by the rules and refuse to be non-compliant, you also sacrifice the one weapon an overreaching Administration has to fear: the Truth.
Now in a more naive mindset in my life I'd say go to the press. Nowadays though? It's a hard call who to go to to get the thumbscrews turned on those in power.
When has a prosecutor ever let reality stop them from throwing shit at the wall to see what sticks?
It is highly unlikely that anyone developing an app that facilitates crime will leave themselves access to user data. It's a pointless risk from a business and criminal liability perspective. Pretty much everything illegal runs on the "don't ask don't tell" principal. The less you know the less of a target you are.
In the past the issue has been did the company intentionally develop and market the product for drug trafficking. For instance did they send sales reps to contact criminal organizations and offer their products as a way to do crimes.
One company produced electronic devices for the purposes of evading wiretaps and then visited various mafia owned bars to meet criminals and sold those devices to members of those syndicates [citation needed] specifically for the purposes of evading wiretaps. You might have heard of that company, it later became Apple Computer.
>"Somehow, despite the fact that many of their blue boxes had been seized by law enforcement, and there were definitely indicators that they were all made by the same outfit, the boxes were never linked back to Woz and Jobs." - [0]
Edit: I can't find anything to back up my memories that Woz talks about selling blue boxes at a bar. I may have misremembered. I have added a [citation need]
[0]: Concerning Steve Wozniak’s Blue Boxes https://512pixels.net/2018/03/woz-blue-box/
This means you can make long distance calls for free, but it also means you can route your call through whatever switches you want and lying about both the source and destination at each hop. Because wiretapping systems often rely on the switching infrastructure and with a blue box you control the infrastructure, you can make yourself invisible. It was God-mode for the phone network.
A red box, which emulates the tone that tells a pay telephone or a long distance operator that a quarter has been inserted, should still function, if you can find a pay telephone that still accepts quarters.
While Steve and Woz definitely made and sold Blue Boxes, this conjecture is entirely false otherwise. Blue boxes had nothing to do with evading wiretaps, but rather making free phone calls. Further, your farcical story of them visiting mafia owned bars is utterly fantasy.
You are incorrect, blue boxes were and can be used to evade wiretaps.
"in wiretapping systems: common phone-tapping equipment was designed to be backwards compatible with in-band signalling, with the result that you can evade surveillance by using a blue box to convince the police equipment that you’ve hung up. The telephone exchange ignores this signal, so you remain on the phone but with the police recording stopped" - [0]
>Further, your farcical story of them visiting mafia owned bars is utterly fantasy.
I can't find the exact quote where I think Woz talks about this in an interview. It is that not absurd at face value since one of the main purchaser of blue boxes was bookies. If you're selling blue boxes at that time, a bunch of the buyers are going to be bookies. Both for their ability make free calls, but also for advantages like evading wiretaps that blue boxes provide. See quote below:
"Since the early 1950s [mafia] bookies had been using every trick they could think of to make free and, more important, unrecorded long-distance telephone calls. One method was as simple as bribing telephone company operators and technicians to place calls for them so that the calls never appeared on their own telephone bills. [..] Blue boxes were active devices: they allowed you to call people — anybody — without leaving a record that the call was ever made. It’s not clear exactly when the bookies learned about blue boxes, or from whom, but the best guess appears to be about 1 963 or 1 964. One source was Louis MacKenzie, the electronics engineer who offered to fix AT&T’s network, for a price, in the early 1960s. MacKenzie, who later became a witness for the government in several blue box prosecutions, sold blue boxes to bookies in 1965 or perhaps earlier." - [1]
Edit: Really having trouble finding that quote from Woz. I could have misremembered this. The article that inspired Woz to build blue boxes was about people selling blue boxes to bookies, perhaps I conflated those two stories.
[0]: Telecom System Security: Chapter 20, https://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c20.pdf
[1]: The Untold Story of the Teenagers and Outlaws Who Hacked Ma Bell by Phil Lapsley, https://archive.org/stream/ExplodingThePhoneTheUntoldStoryOf...
That was not why Woz (and Jobs) were interested in them, which is my point. They were interested in the free phone calls and geeking out on the system. I know, because I asked him. I’ve also read all the history that’s been written down on the subject too, and nothing has remotely said what you claimed, including the source article to this post.
> Edit: Really having trouble finding that quote from Woz
Yeah, because it doesn’t exist.
I probably remembered it wrong and conflated the Rosenbaum with being about Woz and Jobs.
>That was not why Woz (and Jobs) were interested in them, which is my point.
Woz and Jobs decided to learn about blue boxes because they read "Secrets of the Little Blue Box" [0], an article which covers people selling blue boxes to mafia bookies [1]. My understanding is that Woz thought that Blue Boxes were neat and that Jobs wanted to turn it into a business so they began mass producing them. They were looking for a market, they knew based on the article that got them excited about Blue Boxes in the first that Blue Boxes can be used to evade wiretaps and that also based on that article they knew organized crime was willing to pay for them. At the very least they must have talked about it as some point, perhaps just to say we are never selling these to the mob".
If you ever get a chance to ask Woz about this, I'd love to hear his answer, who did they try to sell blue boxes to and if they didn't try to sell blue boxes to bookies what was their thinking at the time about why not?
"And with Wozniak, of course, the story goes that he discovered the blue box via reading Ron Rosenbaum’s article, Secrets of the Little Blue Box" [0]
"We [not Woz or Jobs] had this order for a thousand beeper boxes from a syndicate front man in Las Vegas. They use them to place bets coast to coast, keep lines open for hours, all of which can get expensive if you have to pay. The deal was a thousand blue boxes for $300 apiece. Before then we retailed them for $1,500 apiece" - [1]
[0] Concerning Steve Wozniak’s Blue Boxes, https://512pixels.net/2018/03/woz-blue-box/
[1] Secrets of the Little Blue Box by Ron Rosenbaum, http://www.lospadres.info/thorg/lbb.html
Yes, in general some did, but that is not why Woz/Jobs were interested and to say otherwise is just showing your own knowledge of the subject.
There’s a huge difference between that and your prior libelous accusation that they intentionally went to bars frequented by mafia to sell them. Maybe rather than spouting fairy tales you dreamed up, you could actually read the article you linked and learn who they sold the few dozen of them they made too.
I probably got the stories mixed up with the other group that did sell blue box to mob bookies. If I could edit that comment to reflect that I would, but hn has turned off editing on that comment.
The feds almost certainly have records of the CEO discussing drug trafficking.
> ... on March 10, 2021, Europol announced that judicial and law enforcement authorities in Belgium, France and the Netherlands had wiretapped Sky Global’s servers and monitored hundreds of millions of messages by Sky Global’s users. The European investigation resulted in hundreds of arrests, the seizure of thousands of kilograms of cocaine and methamphetamine, hundreds of firearms, and millions of Euros.
If it's end-to-end encrypted, then in theory the company is unaware of the content of the messages.
That said, this feels like governments basically saying that even if you sell a service that is _technically_ legal, if the majority of your customers are using it for criminal activity, you're also going down.
However, if you run a business that is making (according to the article) "hundreds of millions" selling handsets and subscriptions, why would you need to be involved in other very obviously illicit business?
I think it's more likely that this guy is really a "freedom and privacy at all costs" guy who probably knows what his product is being used for, and doesn't care because for him that comes with the territory, and also because he's raking in the money.
Even the whole "skyecc.eu is a fake version made by a disgruntled reseller" feels like a deniability smokescreen..
If you're smart enough to able to set up a service like SkyECC in the first place, you're smart enough to know that one day the cops/feds/govt are going to take a shot at you, so you'd have some kind of plan in place for that I would think.
Whether it works or not, remains to be seen I guess.
This wasn't always a huge business. I'm sure they became more careful after the incident with phantom secure.
>I think it's more likely that this guy is really a "freedom and privacy at all costs" guy who probably knows what his product is being used for, and doesn't care because for him that comes with the territory, and also because he's raking in the money.
Full disclosure: I work in this space, SkyECC was a competitor and I'm deeply familiar with their product.
This guy is an opportunist and a liar promoting a very insecure product, constantly making false promises of security. He's made his money by exploiting the technical ineptitude of drug dealers.
A "freedom and privacy at all costs" guy he is not.
>If you're smart enough to able to set up a service like SkyECC in the first place, you're smart enough to know that one day the cops/feds/govt are going to take a shot at you, so you'd have some kind of plan in place for that I would think.
You're clearly not very familiar with this space. It's rife with absolutely terrible products built by drug dealers who just hired a couple of developers from freelancer.com.
SkyECCs sole focus was providing a polished user experience, not security.
These clowns had their corporate active directory server (adsql.skyecc.com) exposed to the internet with RDP, SMB, LDAP all publicly accessible until it was seized a few days ago. They did nothing to harden their infrastructure after the Encrochat hack. I assure you they weren't prepared for the cops to come knocking.
That former high-level distributor was selling boatloads of these things into the criminal underworld, and the DoJ is alleging that the CEO knew about it and didn't stop it.