Penet Remailer
   HOME

TheInfoList



OR:

The Penet remailer () was a
pseudonymous remailer A pseudonymous remailer or nym server, as opposed to an anonymous remailer, is an Internet software program designed to allow people to write pseudonymous messages on Usenet newsgroups and send pseudonymous email. Unlike purely anonymous remailer ...
operated by Johan "Julf" Helsingius of Finland from 1993 to 1996. Its initial creation stemmed from an argument in a Finnish
newsgroup A Usenet newsgroup is a repository usually within the Usenet system for messages posted from users in different locations using the Internet. They are not only discussion groups or conversations, but also a repository to publish articles, start ...
over whether people should be required to tie their real name to their online communications. Julf believed that people should not—indeed, could not—be required to do so. In his own words: :"Some people from a university network really argued about if everybody should put their proper name on the messages and everybody should be accountable, so you could actually verify that it is the person who is sending the messages. And I kept arguing that the Internet just doesn't work that way, and if somebody actually tries to enforce that, the Internet will always find a solution around it. And just to prove my point, I spent two days or something cooking up the first version of the server, just to prove a point."


Implementation

Julf's remailer worked by receiving an e-mail from a person, stripping away all the technical information that could be used to identify the original source of the e-mail, and then remailing the message to its final destination. The result provided Internet users with the ability to send e-mail messages and post to Usenet newsgroups without revealing their identities. In addition, the Penet remailer used a type of “post office box” system in which users could claim their own anonymous e-mail addresses of the form ''an''xxxxx''@anon.penet.fi'', allowing them to assign pseudonymous identities to their anonymous messages, and to receive messages sent to their (anonymous) e-mail addresses. While the basic concept was effective, the Penet remailer had several vulnerabilities which threatened the anonymity of its users. Chief among them was the need to store a list of real e-mail addresses mapped to the corresponding anonymous e-mail addresses on the server. A potential attacker needed only to access that list to compromise the identities of all of Penet's users. The Penet remailer was on two occasions required by the legal system in
Finland Finland, officially the Republic of Finland, is a Nordic country in Northern Europe. It borders Sweden to the northwest, Norway to the north, and Russia to the east, with the Gulf of Bothnia to the west and the Gulf of Finland to the south, ...
(the country where the Penet server hardware resided) to turn over the real e-mail address that was mapped to an anonymous e-mail address. Another potential vulnerability was that messages sent to and from the remailer were all sent in cleartext, making it vulnerable to electronic eavesdropping. Later anonymous remailer designs, such as the Cypherpunk and Mixmaster designs, adopted more sophisticated techniques to try to overcome these vulnerabilities, including the use of encryption to prevent eavesdropping, and also the technique known as
onion routing Onion routing is a technique for anonymous communication over a computer network. In an onion network, messages are encapsulated in layers of encryption, analogous to the layers of an onion. The encrypted data is transmitted through a series o ...
to allow the existence of pseudonymous remailers in which no record of a user's real e-mail address is stored by the remailer. Despite its relatively weak security, the Penet remailer was a hugely popular remailer owing to its ease of anonymous account set-up and use compared to more secure but less user-friendly remailers, and had over 700,000 registered users at the time of its shutdown in September 1996.


First compromise

In the summer of 1994, word spread online of the Penet remailer being compromised, with the announcement being made at the hacker convention
DEF CON DEF CON (also written as DEFCON, Defcon, or DC) is a Computer security conference, hacker convention held annually in Las Vegas Valley, Las Vegas, Nevada. The first DEF CON took place in June 1993 and today many attendees at DEF CON include comp ...
II. ''
Wired Wired may refer to: Arts, entertainment, and media Music * ''Wired'' (Jeff Beck album), 1976 * ''Wired'' (Hugh Cornwell album), 1993 * ''Wired'' (Mallory Knox album), 2017 * "Wired", a song by Prism from their album '' Beat Street'' * "Wired ...
'' magazine reported at the time: This was followed a year later by a mention in the announcement for DEF CON III:
SPEAKERS Sarah Gordon, AKA
Theora Theora is a free lossy video compression format. It was developed by the Xiph.Org Foundation and distributed without licensing fees alongside their other free and open media projects, including the Vorbis audio format and the Ogg contai ...
, a veteran of DC II will be presenting another speech this year. Last year she organized a round table discussion with
Phil Zimmermann Philip R. Zimmermann (born 1954) is an American computer scientist and cryptographer. He is the creator of Pretty Good Privacy (PGP), the most widely used email encryption software in the world. He is also known for his work in VoIP encryption ...
and Presence, and revealed that the Anonymous remailer anon.penet.fi was compromised. TOPIC: Not Announced Yet.


Second compromise

The second reported compromise of the Penet remailer occurred in February 1995 at the behest of the
Church of Scientology The Church of Scientology is a group of interconnected corporate entities and other organizations devoted to the practice, administration and dissemination of Scientology, which is variously defined as a cult, a business, or a new religiou ...
. Claiming that a file had been stolen from one of the Church's internal computer servers and posted to the newsgroup alt.religion.scientology by a Penet user, representatives of the Church contacted
Interpol The International Criminal Police Organization – INTERPOL (abbreviated as ICPO–INTERPOL), commonly known as Interpol ( , ; stylized in allcaps), is an international organization that facilitates worldwide police cooperation and crime cont ...
, who in turn contacted the Finnish police, who issued a search warrant demanding that Julf hand over data on the users of the Penet remailer. Initially Julf was asked to turn over the identities of all users of his remailer (which numbered 200,000 at the time), but he managed a compromise and revealed only the single user being sought by the Church of Scientology. The anonymous user in question used the handle "-AB-" when posting anonymously, and their real e-mail address indicated that they were an alumnus or alumna of the
California Institute of Technology The California Institute of Technology (branded as Caltech) is a private research university in Pasadena, California, United States. The university is responsible for many modern scientific advancements and is among a small group of institutes ...
. The document he posted was an internal report by a Scientology private investigator, Eugene Ingram, about an incident that had occurred involving a man named Tom Klemesrud, a BBS operator involved in a
controversy Controversy (, ) is a state of prolonged public dispute or debate, usually concerning a matter of conflicting opinion or point of view. The word was coined from the Latin '' controversia'', as a composite of ''controversus'' – "turned in an op ...
. The confusing story became known on the Internet as the "Miss Blood Incident". Eventually the Church learned the real identity of "-AB-" to be Tom Rummelhart, a Scientologist and computer operator responsible for some of the maintenance of the Church of Scientology's INCOMM computer system. The fate of "-AB-" after the Church of Scientology learned his true identity is unknown. Years later in 2003, a two-part story entitled "What Really Happened in INCOMM - Part 1" and "What Really Happened in INCOMM – Part 2" was posted to alt.religion.scientology by a former Scientologist named Dan Garvin, which described events within the Church leading up to and stemming from the Penet posting by "-AB-".


Other attacks

Julf was also contacted by the government of
Singapore Singapore, officially the Republic of Singapore, is an island country and city-state in Southeast Asia. The country's territory comprises one main island, 63 satellite islands and islets, and one outlying islet. It is about one degree ...
as part of an effort to discover who was posting messages critical of the nation's government in the newsgroup soc.culture.singapore, but as Finnish law did not recognise any crime being committed, Julf was not required to reveal the user's identity. In August 1996, a British newspaper, ''
The Observer ''The Observer'' is a British newspaper published on Sundays. First published in 1791, it is the world's oldest Sunday newspaper. In 1993 it was acquired by Guardian Media Group Limited, and operated as a sister paper to ''The Guardian'' ...
'', published an article describing the Penet remailer as a major hub of
child pornography Child pornography (also abbreviated as CP, also called child porn or kiddie porn, and child sexual abuse material, known by the acronym CSAM (underscoring that children can not be deemed willing participants under law)), is Eroticism, erotic ma ...
, quoting a United States
FBI The Federal Bureau of Investigation (FBI) is the domestic Intelligence agency, intelligence and Security agency, security service of the United States and Federal law enforcement in the United States, its principal federal law enforcement ag ...
investigator named Toby Tyler as saying that Penet was responsible for between 75% and 90% of the child pornography being distributed on the Internet. Investigations by online journalist
Declan McCullagh Declan McCullagh is an American entrepreneur, journalist, and software engineer. He is the CEO and co-founder, with computer scientist Celine Bursztein, of Recent Media Inc., a startup in Silicon Valley that has built a recommendation engine and ...
demonstrated many errors and omissions in the ''Observer'' article. In an article penned by McCullagh, the alleged FBI investigator described himself as a sergeant in
California California () is a U.S. state, state in the Western United States that lies on the West Coast of the United States, Pacific Coast. It borders Oregon to the north, Nevada and Arizona to the east, and shares Mexico–United States border, an ...
's San Bernardino sheriff's office who only consulted with the FBI from time to time, a relationship which the ''Observer'' article had in his opinion purposefully misrepresented as some kind of employment relationship. Tyler also claimed that the ''Observer'' purposely misquoted him, and he had actually said that most child pornography posted to newsgroups does not go through remailers. In addition, Julf claimed that he explained to the ''Observer'' the steps he took to prevent child pornography from being posted by forbidding posting to the alt.binaries
newsgroups A Usenet newsgroup is a repository usually within the Usenet system for messages posted from users in different locations using the Internet. They are not only discussion groups or conversations, but also a repository to publish articles, start ...
and limiting the size of messages to 16 kilobytes, too small to allow uuencoded binaries such as pictures to be posted. He also informed the ''Observer'' of an investigation already performed by the Finnish police which had found no evidence that child pornography was being remailed through Penet. Julf claims that all this information was ignored, stating that the ''Observer'' "wanted to make a story so they made things up." Despite voluminous reader mail pointing to the numerous errors in the news story, the ''Observer'' never issued a full retraction of its claims, only going so far as to clarify that Johan Helsingius had "consistently denied" the claims of child pornography distribution. In September 1996, the
Church of Scientology The Church of Scientology is a group of interconnected corporate entities and other organizations devoted to the practice, administration and dissemination of Scientology, which is variously defined as a cult, a business, or a new religiou ...
again sought information from Julf as part of its court case against a critic of the Church named Grady Ward. The Church wanted to know if Ward had posted any information through the Penet remailer. Ward gave Julf explicit permission to reveal the extent of his alleged use of the Penet remailer, and Julf told the Church that he could find no evidence that Ward had ever used the Penet remailer at all.


Third compromise and shutdown

In September 1996, an anonymous user posted the confidential writings of the
Church of Scientology The Church of Scientology is a group of interconnected corporate entities and other organizations devoted to the practice, administration and dissemination of Scientology, which is variously defined as a cult, a business, or a new religiou ...
through the Penet remailer. The Church once again demanded that Julf turn over the identity of one of its users, claiming that the poster had infringed the Church's copyright on the confidential material. The Church was successful in finding the originating e-mail address of the posting before Penet remailed it, but it turned out to be another anonymous remailer: the alpha.c2.org nymserver, a more advanced and more secure remailer which didn't keep a mapping of e-mail addresses that could be
subpoena A subpoena (; also subpœna, supenna or subpena) or witness summons is a writ issued by a government agency, most often a court, to compel testimony by a witness or production of evidence under a penalty for failure. There are two common types of ...
ed. Facing much criticism and many attacks, and unable to guarantee the anonymity of Penet users, Julf shut down the remailer in September 1996.


See also

*
Anonymous remailer An anonymous remailer is a server that receives messages with embedded instructions on where to send them next, and that forwards them without revealing where they originally came from. There are cypherpunk anonymous remailers, mixmaster anony ...
* Crypto-anarchism * Cypherpunk *
Pseudonymous remailer A pseudonymous remailer or nym server, as opposed to an anonymous remailer, is an Internet software program designed to allow people to write pseudonymous messages on Usenet newsgroups and send pseudonymous email. Unlike purely anonymous remailer ...
* Sintercom * Scientology and law * Scientology and the Internet


References


Further reading

* * *
Transcription
hosted by Cyberspace Law Institute) *


External links

* * * {{DEFAULTSORT:Penet Remailer Cryptography law Anonymity networks Internet properties established in 1993 Internet properties disestablished in 1996 Scientology and the Internet Internet services shut down by a legal challenge Routing Network architecture Internet in Finland