In the recent past, reached out to Mary Fanning (of The American Report) to discuss some topics related to Hammer and Scorecard. Today, I followed up with another communication. And then it occured to me, that it may be of interest to you folks here:
--
Mary,
I recently sent you a brief outline “connecting the dots” interspersed between Hammer and Scorecard and Italy-Did-It. I write to you here on a different aspect of the Hammer and Scorecard topic.
First off – thank you for bringing the Whistleblower Tapes to the American public. I have listened to each of them multiple times. And I noticed some unconnected dots that I thought I’d connect for you.
You may recall from The Tapes that at one point Arpaio and Blixseth refer to Obama’s birth certificate. And they say – without justification – that the birth certificate issue and The Hammer issue are “sort of the same thing.” But they don’t say how they are connected and what makes them the same. Given how they characterized The Hammer, I don’t think they actually understood how they are connected.
The Hammer locates a “target” server’s private asymmetric encryption key – in part, through brute computational force. It uses computational power to exhaust the solution space until it finds the sought-after key. I could explain – slowly and understandably – what that means, should it interest you, but the bottom line is this: possession of a “target server’s” private asymmetric key permits the possessor to eavesdrop on all thought-to-be-secure communications with that target server.
If you have Bank of America’s private asymmetric key, you can decrypt all communication to and from Bank of America. If you have the private asymmetric key used by the email server at NYU, you can decrypt all communication to and from that server. And so on.
Consider this: the NSA stores all of the IP packets ever communicated via our domestic Internet infrastructure. So, if it is interested in a particular communication session, it can retrieve the packets constituting that communication session, send them – in proper sequence and on a one-by-one basis – to The Hammer, which will decrypt the contents of each packet, and then the whole communication session can be eavesdropped upon.
So, Mary, want to know what this has to do with Obama’s birth certificate? Here’s what. You use the Hammer to find the private asymmetric encryption key for the servers operating the Department of Health for Hawaii. Then you use the NSA’s capabilities to “replay” the communication session by which one of its system administrators logged into the server. The outcome? You literally see the system administrator’s login credentials – i.e., his or her username and password. So you just use that to login, and then issue Obama a birth certificate.
You’re not really “hacking” anything in the traditional sense. You’re just watching the administrators login, and then using their credentials. That’s how they exfiltrated all of that Bank of America data that is referred to in The Tapes. That’s how they compromised the Florida voting database that they mentioned in The Tapes. They can repeat that exploit on any target system, as long as it is in the USA.
The word needs to get out. And to do that, it requires someone who can explain in – simple terms – what the Hammer really is, and what the consequences of it falling into the wrong hands really is. I’m here to help, should that be of interest.
My sincere admiration, gratitude and regards,
-“Simon”
I followed up with Mary today:
--
Mary,
It’s me again, “Simon.” I’ll try not to exhaust you.
I want you to consider the narrative “gap” in The Hammer story as it has been told. Consider The Whistleblower Tapes: thereon, you’ve got Blixseth saying that The Hammer “goes through billions of password combinations per minute.” So that’s what the public understands about The Hammer. It cycles through password combinations.
But that’s not correct. The Hammer doesn’t cycle through password combinations. It “hammers” through the solution space of private asymmetric encryption keys. (Hence, the name. The Hammer.)
This is not merely a point of abstruse technological precision. If it were only that, I wouldn’t be writing to you. It’s much more.
The Whistleblower Tapes reveal that all of the foreign embassies situated within the United Stated had their encryption keys compromised. How does cycling through passwords relate to that? As the story is being told, there is no apparent connection.
Now, if you understand that the first fruits of The Hammer are private asymmetric encryption keys, then it all makes sense. Our government aimed The Hammer at the communication sessions of each embassy here – which it can do, given the capabilities of the NSA. And The Hammer located their respective keys, which is exactly what it is designed to do. It’s not surprising that their keys were compromised. It's the direct result of the operation of The Hammer.
You need to augment your telling of The Hammer story to include: (1) an accurate description of what it is The Hammer does; (2) the NSA’s tapping of our core Internet infrastructure at undisclosed “access points” (this is a long-admitted fact); and (3) the implications of all of this. Otherwise no one will really understand our state of compromise.
I’m happy to assist by writing, or discussing, or via any other avenue you may find helpful.
My best regards,
-“Simon”