1 00:00:00,000 --> 00:00:12,640 *rC3 preroll music* 2 00:00:12,640 --> 00:00:20,029 Herald: As we said the years before, the force merged to main. Andy is commonly 3 00:00:20,029 --> 00:00:27,910 known in our scene. His current talk "CIA vs. WikiLeaks: intimidation, surveillance, 4 00:00:27,910 --> 00:00:34,109 and other tactics observed and experienced". In this talk Andy aims to 5 00:00:34,109 --> 00:00:40,121 report and show us a collection of his observations, physical, visual and other 6 00:00:40,121 --> 00:00:47,010 evidences of the last year incidents that strongly indicate the context of US 7 00:00:47,010 --> 00:00:53,530 Central Intelligence Agency and potentially other entities of the US 8 00:00:53,530 --> 00:00:57,800 government acting against WikiLeaks and surrounding persons and organizations. 9 00:00:57,800 --> 00:01:03,909 Please welcome, with a very warm digital applause, Andy. 10 00:01:03,909 --> 00:01:10,990 Andy: OK, I have no idea how a digital applause works here, but thanks for it 11 00:01:10,990 --> 00:01:16,730 anyhow. At the beginning, I want to make and I have to make a few disclaimers, so 12 00:01:16,730 --> 00:01:22,390 that you know which perspective you're getting here. I'm working as a data 13 00:01:22,390 --> 00:01:26,110 journalist for quite a while around the topics of surveillance, signal 14 00:01:26,110 --> 00:01:31,250 intelligence, data security. I'm running this funny buggedplanet, even started that 15 00:01:31,250 --> 00:01:35,890 buggedplanet.info before Snowden came with all his documents. But I did work a while 16 00:01:35,890 --> 00:01:41,780 with his documents. However, this talk is a bit different as I'm not talking about 17 00:01:41,780 --> 00:01:47,560 things that I learned, studied or whatever, but I experienced myself. I'm 18 00:01:47,560 --> 00:01:52,240 describing events here where I was targeted. So, I might not be the most 19 00:01:52,240 --> 00:01:58,670 neutral person in this scenario, but I'm trying to be technically as accurate as 20 00:01:58,670 --> 00:02:05,840 possible anyhow. So forgive me if I'm a bit grumpy about these people. That's just 21 00:02:05,840 --> 00:02:12,120 because of their perspective. Secondly, while I've also and the CCC, of course, 22 00:02:12,120 --> 00:02:17,770 has been addressing human rights issues in the digital age for a long time, we, and I 23 00:02:17,770 --> 00:02:23,030 personally, co-founded EDRI, the European Digital Rights Initiative, to ensure the 24 00:02:23,030 --> 00:02:27,780 enforcement of human rights in the digital environment. However, what happened here 25 00:02:27,780 --> 00:02:34,590 is slightly beyond digital rights. It goes into real life. And while I'm a German 26 00:02:34,590 --> 00:02:39,120 citizen, and I know roughly what kind of laws have been violated here, in respect 27 00:02:39,120 --> 00:02:44,810 to the German environment, I absolutely would welcome people who help me analyze 28 00:02:44,810 --> 00:02:50,720 and understand it from the perspective of the universal human rights, because there 29 00:02:50,720 --> 00:02:58,400 is similar cases with people living in other jurisdictions and so on. Second 30 00:02:58,400 --> 00:03:04,130 slide of disclaimers, sorry that it's so much, so I'm addressing with this talk 31 00:03:04,130 --> 00:03:10,370 activities against people surrounding and have been and/or surrounding Julian and/or 32 00:03:10,370 --> 00:03:17,630 WikiLeaks and/or other members of WikiLeaks. Whatever I describe here, I 33 00:03:17,630 --> 00:03:23,810 have personally observed and experienced it. So it is for sure very incomplete. 34 00:03:23,810 --> 00:03:30,160 It's at best a fragment of what's gone on. But you will, in case you haven't heard 35 00:03:30,160 --> 00:03:38,270 about it yet, that Pompeo made some very clear statements when he was head of CIA. 36 00:03:38,270 --> 00:03:46,530 It's pretty clear where to attribute these things. And lastly, there is, of course, 37 00:03:46,530 --> 00:03:51,440 other persons mentioned. But I'm keeping them out here for all kinds of reasons. 38 00:03:51,440 --> 00:03:56,590 But there will be the time when we will hear more reports and other perspective of 39 00:03:56,590 --> 00:04:05,251 this particular situation. So, here's my little overview. I want to get you an idea 40 00:04:05,251 --> 00:04:12,709 how to get into such a mess. Just in case, you know, you want it. The context and the 41 00:04:12,709 --> 00:04:16,430 timeline, a bit of psychology as it's important because at some point you not 42 00:04:16,430 --> 00:04:21,603 only get paranoid, you have this drive to... no this can't be true. Right? You 43 00:04:21,603 --> 00:04:26,360 have this cognitive dissonance drive inside of you that you would like to stay 44 00:04:26,360 --> 00:04:34,080 sane. The new normal of "IT-incidents". We're all used to that, covert vs. overt. 45 00:04:34,080 --> 00:04:38,490 What I mean with the term intimidation surveillance, physical events and their 46 00:04:38,490 --> 00:04:46,020 impact about the elephant in the room, the problem of the missing socks. And at the 47 00:04:46,020 --> 00:04:50,949 end, a little bit of questions. Am I infectious, how to get out of this mess? 48 00:04:50,949 --> 00:04:58,069 Maybe also. So, how to get into such a beautiful mess? Wait, it's not beautiful. 49 00:04:58,069 --> 00:05:04,710 Well, there are some ideas we share in the hacker community usually, and even it's 50 00:05:04,710 --> 00:05:10,989 not far from there to get into the journalist community. Information should 51 00:05:10,989 --> 00:05:17,900 be free. Free flow of information is a bit of a requirement for world peace. And we 52 00:05:17,900 --> 00:05:23,211 had this and I personally also had this type of self conception, self 53 00:05:23,211 --> 00:05:28,639 understanding consciousness. Twenty years already when WikiLeaks started around 54 00:05:28,639 --> 00:05:36,889 2006. So this is not that I was jumping or anybody in the scene was jumping onto 55 00:05:36,889 --> 00:05:41,000 something that didn't exist until then. But WikiLeaks turned out to be an 56 00:05:41,000 --> 00:05:49,069 extremely good concept as a democracy test. If governments cannot deal with full 57 00:05:49,069 --> 00:05:55,419 transparency, well, that tells you a lot about them. But, of course, that is 58 00:05:55,419 --> 00:06:04,080 similar to jumping to the last point, similar to working in journalism. When you 59 00:06:04,080 --> 00:06:08,659 expose things in journalism be it corruption, be it hypocrisy of 60 00:06:08,659 --> 00:06:15,999 politicians, be it blunt lies or whatever. It's not always about making friends. It's 61 00:06:15,999 --> 00:06:23,499 yes, partly making friends, and partly pissing people off. That happens. However, 62 00:06:23,499 --> 00:06:31,310 in this particular environment that Julian inspired to create. There's some 63 00:06:31,310 --> 00:06:36,990 cultural, even misunderstandings. For example, the word conspiracy. For us in 64 00:06:36,990 --> 00:06:42,219 Europe, I think many of us indeed German hacker scene are inspired by Robert and 65 00:06:42,219 --> 00:06:47,069 Wilton's way of saying, oh, a conspiracy is like the world is full of them and we 66 00:06:47,069 --> 00:06:54,979 should join the best of them. But in the American context, the word conspiracy is a 67 00:06:54,979 --> 00:07:00,469 legal term, unfortunately. And when you are with American citizens in a room and 68 00:07:00,469 --> 00:07:04,369 talk about conspiracies, they often get very nervous. And it's kind of a complete 69 00:07:04,369 --> 00:07:09,871 different attitude. Because it's like the U.S. term to define people who belong to a 70 00:07:09,871 --> 00:07:14,399 group like, organized criminals or organized, you know, this T word, this 71 00:07:14,399 --> 00:07:19,160 other type of entities. And of course, that's absolutely not what we want to get 72 00:07:19,160 --> 00:07:24,600 into involved here. But sometimes, we mistakenly are misunderstandingly joke 73 00:07:24,600 --> 00:07:30,940 about conspiracies and people listening to this get it completely wrong. And I fear 74 00:07:30,940 --> 00:07:39,039 that is also what happened and how me and others got into such a mess. So at the 75 00:07:39,039 --> 00:07:46,750 end, of course, in journalism and that's similar to dealing with data from a 76 00:07:46,750 --> 00:07:55,949 hackers perspective is about supporting media with data and information and so on. 77 00:07:55,949 --> 00:08:02,909 So here is a bit of a timeline to give you a time frame. I'm now after I was a bit 78 00:08:02,909 --> 00:08:06,809 long for about two decades a CCC spokesperson and board member blah blah 79 00:08:06,809 --> 00:08:11,389 blah, I moved to the board of the Wau Holland Foundation. Wau Holland Foundation 80 00:08:11,389 --> 00:08:17,669 collects actually money for WikiLeaks under the aspect of Wau's idea of 81 00:08:17,669 --> 00:08:23,580 supporting Freedom of Information since 2010 or so. I joint a little later. 82 00:08:23,580 --> 00:08:29,929 However, when WikiLeaks started to publish the Afghanistan, the Iraq war logs and 83 00:08:29,929 --> 00:08:36,130 diplomatic cables that already triggered legal investigations, and of course, the 84 00:08:36,130 --> 00:08:42,659 arrest of then still Bradley, now Chelsea Manning, later. So there was always, it 85 00:08:42,659 --> 00:08:46,540 was always clear, more or less right from the beginning, that there's legal trouble 86 00:08:46,540 --> 00:08:50,930 on the way, that there's a secret grand jury and that the Americans didn't really 87 00:08:50,930 --> 00:08:56,720 appreciate their war crimes to be exposed and the diplomatic cables to be in the 88 00:08:56,720 --> 00:09:02,670 Internet, to be understood and readable for all of us and the media worldwide and 89 00:09:02,670 --> 00:09:09,630 so on. Of course, when people come together and gather in any project, you 90 00:09:09,630 --> 00:09:16,160 have human beings, you have, they have characters, they have mistakes. They do 91 00:09:16,160 --> 00:09:22,920 things that are not always great. So I'm not trying to say here that everything was 92 00:09:22,920 --> 00:09:28,259 always great and it was only the CIA messing it up. No, humans make mistakes 93 00:09:28,259 --> 00:09:33,660 and these mistakes in such an environment, of course, get exploited, get amplified 94 00:09:33,660 --> 00:09:41,930 and so on. In 2007, WikiLeaks started publishing some CIA documents and a whole 95 00:09:41,930 --> 00:09:47,540 series of it, the so-called 'Vault 7' documents. And those documents describe 96 00:09:47,540 --> 00:09:54,899 technology, exploit programs from the CIA. You probably, most of you will know them. 97 00:09:54,899 --> 00:10:01,339 If not, you can now look them up. And these included tools that allowed the CIA 98 00:10:01,339 --> 00:10:06,070 to pretend to be someone else, including coming from another country, speaking 99 00:10:06,070 --> 00:10:11,899 another language, be from Russia, in Russia be from Iran and Farsi and so on. 100 00:10:11,899 --> 00:10:19,040 And Pompeo, who was at that moment still head of the CIA, got very upset. And there's 101 00:10:19,040 --> 00:10:26,300 two references from this, one from April 2017, and another is from February 2018. 102 00:10:26,300 --> 00:10:36,430 In his first public speech as a CIA director in 13 of April 2017, he made a 103 00:10:36,430 --> 00:10:41,029 speech at a conference working in Washington and he said things like 104 00:10:41,029 --> 00:10:45,060 WikiLeaks walks like a hostile intelligence service and talks like an 105 00:10:45,060 --> 00:10:52,620 intelligence service. And called WikiLeaks a non-state hostile intelligence service. 106 00:10:52,620 --> 00:10:57,709 So for those of you who know a little bit about information science, there's this 107 00:10:57,709 --> 00:11:04,010 idea of data is actually something you can technically measure. Information is data 108 00:11:04,010 --> 00:11:08,350 in a context and intelligence is information processed to a level where you 109 00:11:08,350 --> 00:11:14,459 can make decisions based on it. So being a public intelligence service, I would say 110 00:11:14,459 --> 00:11:21,670 from that perspective is like an honorable term. However, the way Pompeo emphasized 111 00:11:21,670 --> 00:11:26,529 it, I think was slightly not that honorable. He was more comparing it to, 112 00:11:26,529 --> 00:11:33,120 you know, other state actors and evil forces and so on, because the US 113 00:11:33,120 --> 00:11:40,889 understanding of intelligence service far away from entities... sorry, I need a 114 00:11:40,889 --> 00:11:46,170 water... Is far away from entities just collecting information, but as you know, 115 00:11:46,170 --> 00:11:54,170 they also mess up with other people's life and so on. However, a year later, in 116 00:11:54,170 --> 00:12:03,079 February 2018, he even upgraded this type of statement. The Zeit, German newspaper, 117 00:12:03,079 --> 00:12:07,470 reported about what he said at the Munich Security Conference Intelligence 118 00:12:07,470 --> 00:12:13,490 Roundtable, and he said, a really nasty sentence like that. Most of his time he's 119 00:12:13,490 --> 00:12:18,680 dealing with the non-state actors. And that's like al-Qaida, Islamic State, 120 00:12:18,680 --> 00:12:28,289 WikiLeaks or Hezbollah. Like what a list. So I have no idea what he has. What turned 121 00:12:28,289 --> 00:12:34,829 him into comparing these kind of things? I mean, Hezbollah, I could say we in Berlin, 122 00:12:34,829 --> 00:12:41,540 we know they provide actually yummy halloumi and some things. But yes, they 123 00:12:41,540 --> 00:12:46,569 are money launderers and are a suspected terrorist in some areas or whatever, or 124 00:12:46,569 --> 00:12:52,680 have been declared terrorist. But their hummus is really good, I can say. However, 125 00:12:52,680 --> 00:12:58,940 the point I'm trying to come to. So Pompeo got very upset. He made all this 126 00:12:58,940 --> 00:13:05,870 comparison and he seems to have allocated resources to deal with WikiLeaks and 127 00:13:05,870 --> 00:13:13,129 everybody jumping around. And it's no surprise that as Wau Holland Foundation 128 00:13:13,129 --> 00:13:21,199 finances selected activities of specific publications there, that we also got in 129 00:13:21,199 --> 00:13:27,579 the focus with us collecting donations and, you know, talking with the guys and 130 00:13:27,579 --> 00:13:34,269 financing some projects. So before I'm coming to very concrete events, I want to 131 00:13:34,269 --> 00:13:42,509 get one second into psychology. So, of course, when things happen to you, from 132 00:13:42,509 --> 00:13:46,370 the intelligence perspective, they always come with what's called plausible 133 00:13:46,370 --> 00:13:50,779 deniability. When there's a guy standing in front of the door watching, you know, 134 00:13:50,779 --> 00:13:54,680 if you come in and out, it's not just someone watching your door. It's someone 135 00:13:54,680 --> 00:14:00,120 reading the newspaper or repairing some electrical pipes or some water pipe or 136 00:14:00,120 --> 00:14:03,810 whatever. I mean, that's always a good reason for him to be there that has 137 00:14:03,810 --> 00:14:09,909 nothing to do with what he's doing and that's a basic principle. Plausible 138 00:14:09,909 --> 00:14:15,899 deniability, how intelligence agencies act in the so-called field. So meaning in your 139 00:14:15,899 --> 00:14:23,149 home or on the street, following you or whatever. So over time, of course, if you 140 00:14:23,149 --> 00:14:27,820 have too much of this, you're seeing these patterns, and that's probably mainly 141 00:14:27,820 --> 00:14:32,009 called paranoia. So you get like, you know, suspicious of everything that 142 00:14:32,009 --> 00:14:36,400 happens that might be very legitimate, but you get like the feeling that something is 143 00:14:36,400 --> 00:14:42,560 wrong and so on. And that can be, we could also instead of paranoia, call it 144 00:14:42,560 --> 00:14:46,259 situational awareness at some points, because if it really happens, it has 145 00:14:46,259 --> 00:14:51,540 nothing to do with your mind getting crazy. It's just an accurate observation 146 00:14:51,540 --> 00:14:58,430 of patterns that happen around of you. But you might know that and your two friends 147 00:14:58,430 --> 00:15:04,339 who experience the same might know that your girlfriend, your partner, the normal 148 00:15:04,339 --> 00:15:07,970 people you deal with, they might all not understand this and think that you're 149 00:15:07,970 --> 00:15:14,749 driving nuts. And this driving nuts is, of course, an element that you always have to 150 00:15:14,749 --> 00:15:20,360 be self-critical, because on the one hand side, you might indeed see too much things 151 00:15:20,360 --> 00:15:23,990 happening that do not really happen. And on the other hand side, there's also the 152 00:15:23,990 --> 00:15:30,610 human drive that we don't want these CIA guys to be in our life. We want everything 153 00:15:30,610 --> 00:15:35,320 to be fine. And to some extent, maybe that's even healthy to not see the 154 00:15:35,320 --> 00:15:40,680 monsters all the time. But if they are really there and you start denying them 155 00:15:40,680 --> 00:15:45,990 while they sit in front of you, that's also not so helpful. So I found myself in 156 00:15:45,990 --> 00:15:51,959 this kind of weird environment where all these kind of thoughts come up all the 157 00:15:51,959 --> 00:15:58,819 time. And I'm starting with the most harmless stuff. So Internet attacks or 158 00:15:58,819 --> 00:16:04,829 well Internet incidents. I would... IT- incidents, I called it here. Due to the 159 00:16:04,829 --> 00:16:11,499 pure volume of it, I will put this into a separate presentation one day or report 160 00:16:11,499 --> 00:16:17,209 and in the next days or weeks or months. And you can all have fun with it. But here 161 00:16:17,209 --> 00:16:24,079 is just some basic pattern. So devices you use as communication terminals or 162 00:16:24,079 --> 00:16:28,860 communication devices, they always have issues when you start to do encrypted 163 00:16:28,860 --> 00:16:35,399 stuff, and it's always when you do it with specific people. So that's hm... Then, 164 00:16:35,399 --> 00:16:39,769 mobile phones with data service. At some point, all of them have start to have 165 00:16:39,769 --> 00:16:49,259 issues. Very high volume of used data, apps disappear if you use them at all. I 166 00:16:49,259 --> 00:16:55,970 stopped using them at all. High battery usage. When you did nothing with your 167 00:16:55,970 --> 00:17:00,350 phone over hours and you were wondering what's going on. OK, yes, we have buried 168 00:17:00,350 --> 00:17:03,949 their bags. We put them somewhere else. But still, it's a little weird when your 169 00:17:03,949 --> 00:17:12,339 battery is empty half day. On LTE when I configured my phone to be on LTE only it 170 00:17:12,339 --> 00:17:16,610 worked mainly fine. Next to that, I couldn't make normal phone calls, but when 171 00:17:16,610 --> 00:17:22,670 I had to do the normal mode, it got downgraded to 3G and there my encrypted 172 00:17:22,670 --> 00:17:28,110 connections started to have problems. On my fixed lines, my VPNs when I tried to 173 00:17:28,110 --> 00:17:35,120 build up a VPN shows me certificate errors and problems. And then of course you deal 174 00:17:35,120 --> 00:17:40,490 with journalists, which I'm doing with my colleagues all the time. And they are not 175 00:17:40,490 --> 00:17:45,000 technical experts. They all have their Macs and so on. So they have funny issues 176 00:17:45,000 --> 00:17:50,770 with their PGP keys not working anymore, with their PGP setup not working anymore. 177 00:17:50,770 --> 00:17:55,630 Yes, it's also because it's open source software, but there's also something going 178 00:17:55,630 --> 00:18:00,180 on. But this is kind of the world we all know and we got used to it. You know, this 179 00:18:00,180 --> 00:18:05,840 is like, OK, IT doesn't work. Secure connections break, well, happens all the 180 00:18:05,840 --> 00:18:16,730 time. From about mid 2017 when I still regularly, like once or twice a month was 181 00:18:16,730 --> 00:18:21,810 flying over to see Julian in the embassy, I realized that there was something 182 00:18:21,810 --> 00:18:25,950 changing with my treatment at the border. That's of course, that's yeah, that's 183 00:18:25,950 --> 00:18:32,880 purely UK border police uncles. And they like started to ask funny questions like 184 00:18:32,880 --> 00:18:37,120 "Do you live in the UK?", "What's your occupation?", "How long do you stay?", 185 00:18:37,120 --> 00:18:41,850 "What do you do in the UK?". Before then there was maybe one question, but not 186 00:18:41,850 --> 00:18:46,970 three or four of them. And the most important was that I realized that he did 187 00:18:46,970 --> 00:18:52,060 not even listen to my answers. Sometimes he started the first question after I 188 00:18:52,060 --> 00:18:56,280 answered the third, and it was feeling like in a limbo, like with a machine who 189 00:18:56,280 --> 00:19:01,000 would randomly ask me things. But I then realized he was just waiting for the green 190 00:19:01,000 --> 00:19:04,831 light on the screens to let me go. And that green light probably meant that the 191 00:19:04,831 --> 00:19:12,350 team outside was ready to pick me up and that's what happened. So I get into the UK 192 00:19:12,350 --> 00:19:17,770 and have people follow me like the whole fucking day, not only on the way to the 193 00:19:17,770 --> 00:19:25,930 embassy, from the embassy back and so on. I once spotted one of those persons like 194 00:19:25,930 --> 00:19:30,940 sitting at the street level on the other side watching the whole time I was in an 195 00:19:30,940 --> 00:19:37,620 office, ground level. And because I had a bit of experience with that in continental 196 00:19:37,620 --> 00:19:41,390 Europe, like in Germany, if you realized these guys just go after you and you put 197 00:19:41,390 --> 00:19:46,220 your camera on your table or start even to make photos of them, they're very quickly 198 00:19:46,220 --> 00:19:50,190 gone because they don't want to be relocated, they don't like to be exposed 199 00:19:50,190 --> 00:19:56,530 and so on. But the British behaved in this time, this scenario completely different. 200 00:19:56,530 --> 00:20:02,270 So he was like getting like, you know, very aggressively body language, try 201 00:20:02,270 --> 00:20:09,570 spotting, looking back and so on. So that was a little weird. That same day at three 202 00:20:09,570 --> 00:20:13,600 o'clock in the night when my friends drove me to the place where I was sleeping in a 203 00:20:13,600 --> 00:20:19,280 one way street, there was still a car following us, even in the one way street. 204 00:20:19,280 --> 00:20:25,990 So actually he had to turn back and so on. That was no more covert surveillance. That 205 00:20:25,990 --> 00:20:33,860 was already at the edge to intimidation. And then over the next months, I started 206 00:20:33,860 --> 00:20:39,030 to have new favorites, but not only in England, also in other countries that I 207 00:20:39,030 --> 00:20:44,620 would see homeless looking like people on the street level sitting there begging or 208 00:20:44,620 --> 00:20:50,790 leaning to some buildings. And at some point I had to realize that the cheap 209 00:20:50,790 --> 00:20:55,130 plastic bags that they were wearing were just a cover for cameras that were 210 00:20:55,130 --> 00:21:00,420 actually with Zoom and digital getting into my direction. And so that felt a 211 00:21:00,420 --> 00:21:08,110 little, um. And so the idea of this measures meant, if you look at their 212 00:21:08,110 --> 00:21:12,680 manuals, which you'll find somehow in the Internet, is that the difference between 213 00:21:12,680 --> 00:21:16,570 discovered surveillance, which is to find out where you are and to open 214 00:21:16,570 --> 00:21:22,410 surveillance, which I call intimidation surveillance. The idea is you create in 215 00:21:22,410 --> 00:21:29,070 the person in this case and yeah, for me, a state of distress. So you like 216 00:21:29,070 --> 00:21:34,170 constantly having this, like, you know, looking around and you obviously have the 217 00:21:34,170 --> 00:21:39,170 idea that something is going on and they let you know. They want to let you know 218 00:21:39,170 --> 00:21:50,450 and that's a little weird. So in April 2018, exiting in March 2018, I brought one 219 00:21:50,450 --> 00:21:58,260 of my Cryptophones, in this case a desk phone based on a SIP phone called Snom 870 220 00:21:58,260 --> 00:22:04,940 back to our workshop here to repair. The display had been exposed to heat and got a 221 00:22:04,940 --> 00:22:12,630 little melted. It's not so super high quality LCD display, so I wanted just to 222 00:22:12,630 --> 00:22:17,900 replace the display. So I opened the thing and I found actually a bug and that bug 223 00:22:17,900 --> 00:22:22,610 turned out to be a very sophisticated thing. So there was a battery pack, there 224 00:22:22,610 --> 00:22:29,290 was a shielded thing. Behind that shielded thing there was a module that had been 225 00:22:29,290 --> 00:22:36,460 soldered into. It was based on an FPGA, some hardware crypto element. 16 GB of 226 00:22:36,460 --> 00:22:41,030 flash ROM. It was completely passive. So I wouldn't have found it in any sweep 227 00:22:41,030 --> 00:22:47,970 because it just recorded whatever I talked on that encrypted phone and would be 228 00:22:47,970 --> 00:22:54,850 triggered by high frequency to send out the recorded stuff, encrypted in a signal. 229 00:22:54,850 --> 00:22:59,910 And you see here a URL to find more pictures online. To give you an idea this 230 00:22:59,910 --> 00:23:06,230 is the thing I found. This is how it looked like at the beginning. The phone 231 00:23:06,230 --> 00:23:12,130 itself has to PCB's one for the keyboards and one for the connectors, processing and 232 00:23:12,130 --> 00:23:18,510 so on. This was the modified version of the keyboard PCB with this battery pack 233 00:23:18,510 --> 00:23:25,170 in blue, the shielded module. And here you get an idea of what was in there. 234 00:23:25,170 --> 00:23:30,030 That's pretty high tech. We did, of course, look into what exactly do we have 235 00:23:30,030 --> 00:23:39,020 here, when were this chips produced, what does it do and so on. But it's pretty 236 00:23:39,020 --> 00:23:45,850 obvious that this is like for those who have read the Snowden documents intensely, 237 00:23:45,850 --> 00:23:50,070 it's what's called special collection service. Inside there, there's a group 238 00:23:50,070 --> 00:23:57,340 called a target access operations TAO, and they work together with a thing called 239 00:23:57,340 --> 00:24:03,760 PAG, the Physical Access Group because someone and that was the thing, it was not 240 00:24:03,760 --> 00:24:09,400 only built into this phone, that phone had been, of course, in a locked room. And I 241 00:24:09,400 --> 00:24:13,520 had to ask myself, OK, what happened here? Here you see how they grabbed the audio 242 00:24:13,520 --> 00:24:21,160 with a glued mini PCB from the other main controller into their little technology. 243 00:24:21,160 --> 00:24:26,830 And here you see a comparison picture, to the right you see the original PCB 244 00:24:26,830 --> 00:24:30,860 keyboard, which has almost nothing on it. And to the left, you see the modified 245 00:24:30,860 --> 00:24:40,710 version. A friend of mine made a bit of a diagram and yeah, I'll just leave it for 246 00:24:40,710 --> 00:24:45,990 you. You can review it later. I'll upload these PDF slides, of course. So here's 247 00:24:45,990 --> 00:24:52,320 some aspects of what was going through my head over the time. Of course, the first 248 00:24:52,320 --> 00:25:01,590 question was: How long was this there? No idea. Could be years. Um, the components 249 00:25:01,590 --> 00:25:10,600 we identified were produced around, oh no, not earlier than April 2013. So if you 250 00:25:10,600 --> 00:25:16,630 remember, Snowden came with his revelation mid of 2013 roughly. And I've been working 251 00:25:16,630 --> 00:25:21,840 for the Spiegel with others on the Snowden documents next to that phone and 252 00:25:21,840 --> 00:25:28,980 coordinating a lot of it in the year 2013. So in theory, it could be even related to 253 00:25:28,980 --> 00:25:35,110 that. Who knows. The dimensions such as Kadian nonmetric origin, the antenna 254 00:25:35,110 --> 00:25:43,520 would, you know, work in the range of 800 MHz. So you find a mentioning of a PDF 255 00:25:43,520 --> 00:25:48,520 that tells you something about these groups. But I did talk to some people who 256 00:25:48,520 --> 00:25:54,880 do professional sweeping, meaning, looking for audio bugs and so on in devices and 257 00:25:54,880 --> 00:26:00,050 rooms. And they told me from the experience of the Cold War until today, 258 00:26:00,050 --> 00:26:05,100 the operation to bring something into a room, into a device, that's quite an 259 00:26:05,100 --> 00:26:09,540 effort because you need to secure, you need to ensure you don't get caught and so 260 00:26:09,540 --> 00:26:15,400 on. And so what you normally do is, because technology can fail, is you do not 261 00:26:15,400 --> 00:26:20,840 install one bug, you install at least two. And the Cold War people told me, from the 262 00:26:20,840 --> 00:26:25,721 elder generation, that the relationship was one to eight, so that because 263 00:26:25,721 --> 00:26:32,140 technology failed a lot back then. However, that made me, of course, think, 264 00:26:32,140 --> 00:26:37,810 OK, what else could there be? You know, what can I do to find the rest and so on. 265 00:26:37,810 --> 00:26:43,110 Does it even make sense? Can I secure all the rooms that I use to work here and 266 00:26:43,110 --> 00:26:49,380 there in such a way that I could be sure. And of course, I can't be. So this was the 267 00:26:49,380 --> 00:26:54,540 first hard confrontation with my own cognitive dissonance, because all that 268 00:26:54,540 --> 00:26:59,150 surveillance theater where I said, OK, Julian has some trouble, I don't think I 269 00:26:59,150 --> 00:27:02,620 had something to do with it. And when I traveled to England, OK, they follow me, 270 00:27:02,620 --> 00:27:07,890 you know, you get used to that kind of things, but like something you can have in 271 00:27:07,890 --> 00:27:13,850 your hand and that's outside of IT incidents. That means that all your 272 00:27:13,850 --> 00:27:20,200 encrypted communications have been listened to. Well, that feels shitty. So 273 00:27:20,200 --> 00:27:25,720 that's what I call a hot confrontation with my own cognitive dissonance. The next 274 00:27:25,720 --> 00:27:32,340 thing I want to talk about is very recent. It's about one and a half months old now. 275 00:27:32,340 --> 00:27:39,600 When here in Berlin, um, I went out actually very early in the morning to get 276 00:27:39,600 --> 00:27:43,810 some stuff from a grocery in a time of pandemic when no one is in the shop at 277 00:27:43,810 --> 00:27:48,830 seven or something in the morning. I come back half an hour later and the key to my 278 00:27:48,830 --> 00:27:55,700 apartment door does not fit in the cylinder anymore. That felt a bit shitty. 279 00:27:55,700 --> 00:28:02,320 Um, it was not a normal cylinder. It was a so-called stealth cylinder. You might want 280 00:28:02,320 --> 00:28:06,960 to look in the Internet what it is. It's a Swiss company, it's doing nice keys that 281 00:28:06,960 --> 00:28:12,540 you cannot photograph and copy because it has inner elements with a sophisticated 282 00:28:12,540 --> 00:28:20,210 mechanical, a way of opening. I did, however, when I bumped into my door and 283 00:28:20,210 --> 00:28:25,810 had to first I called my locksmith dude or my friend from the lock picking industry, 284 00:28:25,810 --> 00:28:34,300 I could say, who had advised me to buy that cylinder. I talked with my lawyer and 285 00:28:34,300 --> 00:28:38,560 we agreed it's a good idea to call the police, to put it on the other list of 286 00:28:38,560 --> 00:28:43,700 things they had collected until then. I then realized that I had been followed 287 00:28:43,700 --> 00:28:48,140 that morning, but I didn't take any attention to it because I was just 288 00:28:48,140 --> 00:28:52,560 walking, you know in half-automatic mode to the grocery and there was a couple talking 289 00:28:52,560 --> 00:28:57,890 such a bullshit. They will probably listen to this talk and will remember the dialog. 290 00:28:57,890 --> 00:29:03,400 It was just not making any sense, but I was too polite to point it out. And they 291 00:29:03,400 --> 00:29:08,190 were very closely. So it was not about where I was going. It was about that I was 292 00:29:08,190 --> 00:29:12,870 not at home. So they ensured that in the time frame that I was there, the other 293 00:29:12,870 --> 00:29:18,680 guys could operate and so on. Yeah, that is an ongoing investigation. But I can 294 00:29:18,680 --> 00:29:26,160 tell you, this is the next incident where like cognitive dissonance and the illusion 295 00:29:26,160 --> 00:29:30,700 you want to give this of, you know, I'm not important in this game. Yeah. This 296 00:29:30,700 --> 00:29:34,730 guy is following me here and there. And this feels kind of different. This is no more 297 00:29:34,730 --> 00:29:40,490 nice. Um, here's a little bit to get the idea of the cylinder. You cannot really 298 00:29:40,490 --> 00:29:45,790 see the object that was inserted. But at the end, we didn't get it out. For 299 00:29:45,790 --> 00:29:50,350 forensic reasons. We had to drill. Police went through the apartment and so on. 300 00:29:50,350 --> 00:29:58,810 Yeah. Another interesting day you can have. Um, so here's some aspects that I 301 00:29:58,810 --> 00:30:06,690 asked myself. Um, so was it even my cylinder that I couldn't open? Maybe they 302 00:30:06,690 --> 00:30:14,600 could not lockpick the original stealth cylinder I had. They had to open it in a violent way. 303 00:30:14,600 --> 00:30:21,570 They were in the apartment to whatever put another bug in there. Um, but as they 304 00:30:21,570 --> 00:30:25,711 couldn't replace it with the original cylinder as they had destroyed it, like 305 00:30:25,711 --> 00:30:31,700 they put another one in. And that's why my key wasn't fitting. It's an option. Next 306 00:30:31,700 --> 00:30:36,740 option: Was it maybe a trap to make me replace the broken cylinder with a cheaper 307 00:30:36,740 --> 00:30:43,360 one with a more simple one that they could open then afterwards, when I was gone. The 308 00:30:43,360 --> 00:30:50,590 next option, or maybe was it not about the door at all? Was it maybe just to freak me 309 00:30:50,590 --> 00:30:56,230 out? Um, of course it feels not so great if you can't open your own apartment door 310 00:30:56,230 --> 00:31:01,930 and so on. And the first question was, of course: How much time did I spend that day 311 00:31:01,930 --> 00:31:07,230 with, you know, with the police, drilling open the door with all that kind of 312 00:31:07,230 --> 00:31:16,100 things? It more or less cost me a day. And what maybe happened to my machines, 313 00:31:16,100 --> 00:31:22,630 meaning my computers, my other things, maybe? Where was my attention not in that 314 00:31:22,630 --> 00:31:27,380 time frame? Because it could be, was a pure distraction thing. It would freak him 315 00:31:27,380 --> 00:31:31,280 out a little bit. And while he's freaking out, we do other things in his office or 316 00:31:31,280 --> 00:31:38,000 whatever, I can't rule it out. And then of course, I mean, the police sent me some 317 00:31:38,000 --> 00:31:41,750 funny questions. I'm still working on that, like, yeah, should I name Pompeo as 318 00:31:41,750 --> 00:31:49,860 a suspect? Not sure, but maybe I should. Discussing it with my lawyer and so on. 319 00:31:49,860 --> 00:31:55,600 And also is it maybe related to the date? This was the 3rd of November, just in case 320 00:31:55,600 --> 00:31:59,400 to have it said the 3rd of November is the election day, or was the election day in 321 00:31:59,400 --> 00:32:03,740 the United States. And there were some accusation that had something to do with 322 00:32:03,740 --> 00:32:14,220 the election some years ago. Um, so however, the next event, incident number 323 00:32:14,220 --> 00:32:18,710 three, has to do with something that happened in between, because on Monday, 324 00:32:18,710 --> 00:32:23,330 the day before they messed up with my door, I had shipped some documents to 325 00:32:23,330 --> 00:32:29,260 Spain, I realized then. That was legal documents that required me and a friend 326 00:32:29,260 --> 00:32:35,170 going to the Spanish embassy. We gave power of attorney and so on because we are 327 00:32:35,170 --> 00:32:40,110 also accusing this company, UC Global, which I talked about last year, which was 328 00:32:40,110 --> 00:32:45,500 the company running the surveillance or the protections/surveliance at the 329 00:32:45,500 --> 00:32:48,910 beginning on behalf of the Ecuadorians in that embassy and later turned out to be 330 00:32:48,910 --> 00:32:55,680 working, for (inaudible)'s company or at least having a site arrangement there, 331 00:32:55,680 --> 00:32:59,070 which is still subject to an ongoing lawsuit. And we participate in that 332 00:32:59,070 --> 00:33:03,790 lawsuit because not only Julian was spied on, everybody was spied on, who was 333 00:33:03,790 --> 00:33:10,560 visiting him and so on. So I had shipped documents on that Monday, almost six 334 00:33:10,560 --> 00:33:16,480 o'clock on the local post office here by DHL Express. I put that documents in a 335 00:33:16,480 --> 00:33:21,740 sealed bag, that's like a bag was a serial number and so on. That went together with 336 00:33:21,740 --> 00:33:27,640 the describing list what's inside the bag into a white envelope that again, I sealed 337 00:33:27,640 --> 00:33:31,770 with, you know, seal tape. Then I gave that to the post office. But they insisted 338 00:33:31,770 --> 00:33:37,180 that it gets in a DHL Express back. That's what you get for the 70 Euro to be 339 00:33:37,180 --> 00:33:46,840 arriving within two days. So, yeah, the stuff arrived on Wednesday, but all opened 340 00:33:46,840 --> 00:33:53,510 and the Spanish lawyers freaked completely out. They were very sure that this was a 341 00:33:53,510 --> 00:33:59,850 meddling. You would see that it was sliced open and so on. Yes. You see this funny 342 00:33:59,850 --> 00:34:06,410 duct tape here called Zoll. But why would the German customs open a document 343 00:34:06,410 --> 00:34:11,200 shipment within Europe? That just not makes a lot of sense. It's still on the 344 00:34:11,200 --> 00:34:16,580 way to be checked. In theory, they could do that. But also this incident has some 345 00:34:16,580 --> 00:34:21,310 aspects. It's a breach of attorney client privilege. That's why the Spanish lawyers 346 00:34:21,310 --> 00:34:26,399 insisted as we bring this to a criminal complaint. They did on their end right 347 00:34:26,399 --> 00:34:32,550 when they received it and they made those photos. So was German customs even 348 00:34:32,550 --> 00:34:38,610 involved or was just their duct tape used by some funny people. Why when I emailed 349 00:34:38,610 --> 00:34:43,870 all this to my lawyer with the picture sent to one, why did he not receive the 350 00:34:43,870 --> 00:34:51,020 email until he realized on Monday that it somehow ended in his trash? He also 351 00:34:51,020 --> 00:34:56,710 freaked out. And then I talked with DHL of course, I made a big fuss there and they 352 00:34:56,710 --> 00:35:02,210 were like, no, we cannot tell you on which legal grounds the shipment was opened. We 353 00:35:02,210 --> 00:35:06,800 cannot tell you who did it. But if you have an inquiry, why don't you send it to 354 00:35:06,800 --> 00:35:11,620 the customs? So without giving me even which customs entity it would be or 355 00:35:11,620 --> 00:35:17,450 whatever. And again, of course, this is kind of an interesting story, but I have 356 00:35:17,450 --> 00:35:21,730 normally other priorities in my life. So I'm asking myself, oh gosh, how many days 357 00:35:21,730 --> 00:35:26,960 shall I waste here with finding out who opened the fucking shipment. But, you 358 00:35:26,960 --> 00:35:31,930 know, this is, again, the state of distress. This is, again, the effort. And 359 00:35:31,930 --> 00:35:36,340 it's, again, a reminder. We are after you. We check your things. We don't like 360 00:35:36,340 --> 00:35:43,790 your're suing the CIA, a suspected company and so on and so on. So coming to a bit of 361 00:35:43,790 --> 00:35:51,160 a conclusion of this talk, as we also want to have time for questions and so on. I 362 00:35:51,160 --> 00:35:54,190 want to talk about three aspects. The one is the elephant in the room and the 363 00:35:54,190 --> 00:36:01,610 problem of the missing socks. So at some point, I don't want to say that I have 364 00:36:01,610 --> 00:36:07,280 been completely not in a state of distress. And so I don't know how this 365 00:36:07,280 --> 00:36:13,250 affects my sanity and those people surrounding me. So your cognitive systems 366 00:36:13,250 --> 00:36:19,810 get kind of otherwise triggered and you start to see these things everywhere. And 367 00:36:19,810 --> 00:36:26,730 when then you wash some socks and it turns out there's a sock missing. The other 368 00:36:26,730 --> 00:36:32,270 person in my life was like, OK, CIA. However, I did suspect the bed sheets and we 369 00:36:32,270 --> 00:36:37,320 found one of the socks in a bed sheet. So when you know, the problem is socks get in 370 00:36:37,320 --> 00:36:40,820 the drum sometimes, Hanging, then you wash something different then like a bed sheet 371 00:36:40,820 --> 00:36:45,310 and a bed sheet is an excellent place to hide things that have been in the drum. 372 00:36:45,310 --> 00:36:50,330 Get into the bed sheet and you just try it with it and you don't even realize it and 373 00:36:50,330 --> 00:36:57,040 so on.. So while I'm a complete, I for entertainment reasons and also for, you 374 00:36:57,040 --> 00:37:02,020 know, you need to relax your brain in such a situation once in a while, I'm totally 375 00:37:02,020 --> 00:37:06,990 OK to say the CIA is responsible for everything, including the missing socks, 376 00:37:06,990 --> 00:37:11,620 but I suspect the bed sheet first and realize that yes, this is a joke and this 377 00:37:11,620 --> 00:37:18,200 is escapism and it helps you maybe to stay sane for a little moment. But in the long 378 00:37:18,200 --> 00:37:23,620 term, I don't know. So and that's the I don't know part is the other two slides 379 00:37:23,620 --> 00:37:27,130 that are coming now. So what should I do? And I should invite some friends and 380 00:37:27,130 --> 00:37:34,520 declare my office here like a laboratory for surveillance. Yeah, it has been 381 00:37:34,520 --> 00:37:38,110 before. I looked at one technology, but this case is surveillance technology, 382 00:37:38,110 --> 00:37:43,900 looking at me and my friends. So it's slightly different. And it's maybe also 383 00:37:43,900 --> 00:37:51,270 important to not get into some kind of auto response mode when things happen. 384 00:37:51,270 --> 00:37:55,200 Because I was thinking also, what the fuck? Why are they doing all these things? 385 00:37:55,200 --> 00:38:00,220 It cost them money. It costs them effort. Is it to freak me out? Is it that they 386 00:38:00,220 --> 00:38:06,560 think that like like like I'm seriously in such an evil mode organization that, you 387 00:38:06,560 --> 00:38:11,480 know, they will escalate things and I will start to throw bombs at the U.S. Embassy 388 00:38:11,480 --> 00:38:18,650 or I don't know. I have no idea what their idea is, but I just try to stay like slow 389 00:38:18,650 --> 00:38:27,720 motion and think about it. The next aspect is how ever do I infect other people? And 390 00:38:27,720 --> 00:38:32,270 now I'm not talking about my paranoia or my situational awareness, as I would call 391 00:38:32,270 --> 00:38:40,750 it, which, of course, at some point it's ongoing and it's no more sometimes. But 392 00:38:40,750 --> 00:38:48,080 when I talk with normal people, with other journalist, with people I deal with for 393 00:38:48,080 --> 00:38:55,630 normal things, and they visit me and we do whatever kind of social things, like 394 00:38:55,630 --> 00:38:59,750 normal things, like having food. And afterwards, the way they call me a day 395 00:38:59,750 --> 00:39:04,840 later and say, oh, finally my phone started rebooting twice yesterday and 396 00:39:04,840 --> 00:39:09,860 these kind of things so that you think, OK, it's not my paranoia that is 397 00:39:09,860 --> 00:39:15,510 infectious. It's actually they obviously want to not only know what kind of people 398 00:39:15,510 --> 00:39:18,960 I'm dealing with and look into their technology, they also want to freak them 399 00:39:18,960 --> 00:39:27,080 out. So this is not cool. And it also means that the type of ignorance you could 400 00:39:27,080 --> 00:39:31,950 normally apply and say, well, ignorance is a bliss. Come on, let's have have a nice 401 00:39:31,950 --> 00:39:38,420 day and forget about all this. That's kind of limited. That's no more an option. Um, 402 00:39:38,420 --> 00:39:44,050 and also while I've been dealing with that type of stress and that type of thing for 403 00:39:44,050 --> 00:39:51,040 a while now, and I can say, yeah, well, that's how it is. And, um, it doesn't mean 404 00:39:51,040 --> 00:39:56,030 that everybody dealing with you can do that. There's people that are seriously 405 00:39:56,030 --> 00:40:02,440 freaked out by such a situation and it creates fear, it creates anger, stress and 406 00:40:02,440 --> 00:40:08,060 so on. So that's not cool. So, um, my last slide that ends up with a question to you 407 00:40:08,060 --> 00:40:14,882 guys is how to get out of this mess. So, you know, option one, I managed to get 408 00:40:14,882 --> 00:40:20,810 proper authorities to make the CIA stop acting illegal. OK, I heard the laughing. 409 00:40:20,810 --> 00:40:27,930 I know this is ridiculous, but, you know, it would be so beautiful. Justice 410 00:40:27,930 --> 00:40:32,630 prevails. The German authorities, the European ones pick it up. I finally 411 00:40:32,630 --> 00:40:35,940 managed to escalate it to the Generalbundesanwaltschaft. And I do not 412 00:40:35,940 --> 00:40:39,550 have to talk with the German intelligence services as I'm not sure they would be 413 00:40:39,550 --> 00:40:47,680 helpful in this game. And they make the stop, the CIA stop acting illegal and 414 00:40:47,680 --> 00:40:52,830 against me and the other person surrounding beautiful dream. But OK, not 415 00:40:52,830 --> 00:40:59,690 very realistic. Maybe option two, Pompeo realizes Jesus loves WikiLeaks and 416 00:40:59,690 --> 00:41:04,680 whatever shall become true will become true. He reads it on the Bible. Pompeo 417 00:41:04,680 --> 00:41:08,890 seems to me if you look at his Twitter account, reasonable believe in Jesus 418 00:41:08,890 --> 00:41:13,830 Christ and all that thing. So he realizes it's all wrongdoing against Julian, 419 00:41:13,830 --> 00:41:20,040 WikiLeaks and all the people targeted in that context and stops it. I know. OK, 420 00:41:20,040 --> 00:41:26,930 shit happens. What? But if that's realistic, I don't know. You tell me. And 421 00:41:26,930 --> 00:41:31,460 the third option. I don't know. Maybe you have some ideas. And that's my question to 422 00:41:31,460 --> 00:41:39,190 you at the audience and that's the end of my prepared part of the talk. 423 00:41:39,190 --> 00:41:47,940 Herald: And with these words. Thank you, Andy, for the brilliant talk. In the 424 00:41:47,940 --> 00:41:53,250 meantime, I received some messages. A third option would be to have a great 425 00:41:53,250 --> 00:41:59,430 vinyard, vinyard. Sorry, I personally Andy: Yes, yes it's completely right. I 426 00:41:59,430 --> 00:42:02,780 considered actually maybe I should do something with goats, become a farmer or, 427 00:42:02,780 --> 00:42:08,800 you know, yeah, there's these options. But I thought before I give it up and find my 428 00:42:08,800 --> 00:42:14,640 way on the countryside, I outsource the problem to the community and see what they 429 00:42:14,640 --> 00:42:20,020 think. Herald: In the meantime, I think there is 430 00:42:20,020 --> 00:42:28,090 plenty of time for a great white wine, but to our questions, we have indeed plenty of 431 00:42:28,090 --> 00:42:33,400 questions. The first question would be: How would you compare the surveillance of the 432 00:42:33,400 --> 00:42:40,170 CIA or other to surveillance of the DDR? So for the Deutsche Demokratische 433 00:42:40,170 --> 00:42:45,100 Republik. Andy: Well, I'm born in Hamburg in West 434 00:42:45,100 --> 00:42:50,630 Germany. I lived in East Germany when the government was already falling into 435 00:42:50,630 --> 00:42:57,920 pieces. It was technically still there. So I'm not the best person to compare it. But 436 00:42:57,920 --> 00:43:04,210 I did talk with a person I know who worked for the foreign intelligence services 437 00:43:04,210 --> 00:43:08,130 because there was, you know I simplified here, of course, the incidents a little 438 00:43:08,130 --> 00:43:13,619 bit. There was one scene when later I went into my kitchen that day when my door lock 439 00:43:13,619 --> 00:43:19,960 got tampered with and I found a blue plastic glove and I don't have blue 440 00:43:19,960 --> 00:43:24,420 plastic gloves. And I asked my locksmith guy, he was like, no, it's not for me. And 441 00:43:24,420 --> 00:43:28,830 the police had black ones. So I thought, what the fuck? Maybe the guys have been 442 00:43:28,830 --> 00:43:32,510 inside the apartment, which I didn't thought earlier because of a second look 443 00:43:32,510 --> 00:43:38,800 and the police checked and so on. Um, and then I talked to discuss it with this 444 00:43:38,800 --> 00:43:43,490 person I know. He's a quite friendly man, was working in the foreign intelligence of 445 00:43:43,490 --> 00:43:48,610 that country. And so and he was like, you know, you have to look at it from a cost 446 00:43:48,610 --> 00:43:54,000 effectiveness point of view, like that piece of plastic costs you ten cents, 447 00:43:54,000 --> 00:43:59,650 nothing, and it freaks you out three months. So see how much how cost effective 448 00:43:59,650 --> 00:44:07,430 it is. And I mean, that's a good aspect. That's a good point. And so I think that 449 00:44:07,430 --> 00:44:12,830 the East German Stasi, the guys, the East intelligence guys, they also they knew 450 00:44:12,830 --> 00:44:18,110 very well the difference. And they had both instruments in there, you know, in 451 00:44:18,110 --> 00:44:24,390 their program to either do covert surveillance really like not let you know. 452 00:44:24,390 --> 00:44:29,640 And the department for "we let him know and see how he reacts" or "we let him know 453 00:44:29,640 --> 00:44:34,840 because he's ongoing doing things that we want him to, you know, stop it and get 454 00:44:34,840 --> 00:44:39,400 intimidated". And so on, and get scared maybe or his wife gets scared or this kind 455 00:44:39,400 --> 00:44:48,180 of thing. So I think it is comparable. Herald: Cool. Well, not cool. Speaking of 456 00:44:48,180 --> 00:44:54,210 covert versus overt civilians. As you now know, does it still 457 00:44:54,210 --> 00:45:00,540 bother you emotionally? Andy: Um, well, what bothers me sometimes 458 00:45:00,540 --> 00:45:06,420 is, you know, it's also it has a sometimes it's nice to be alone and it's sometimes 459 00:45:06,420 --> 00:45:14,150 nice to not think about the CIA guys being in the apartment next door or in my case, 460 00:45:14,150 --> 00:45:21,720 an apartment under me or in the surrounding environments. Um, but thinking 461 00:45:21,720 --> 00:45:27,720 about normal things like playing a puzzle or seeing some funny spy movies. Oh, 462 00:45:27,720 --> 00:45:35,030 that's almost relaxing. No, seriously, at some point it sucks a little bit. I get my 463 00:45:35,030 --> 00:45:41,580 kind of deal with it. But I mean, this 20/20 era has of course, complicated or 464 00:45:41,580 --> 00:45:46,790 has made it almost impossible to travel. So normally I escape my intensity of my 465 00:45:46,790 --> 00:45:54,080 work situation with travels. Maybe I can do that this year. So it feels a little 466 00:45:54,080 --> 00:46:00,410 more intense and annoys a little bit. And I would like to get these guys out of 467 00:46:00,410 --> 00:46:05,150 my life and do something useful with their life or whatever. 468 00:46:05,150 --> 00:46:17,450 Herald: Now, the next question, he or she or the person or creature probably missed 469 00:46:17,450 --> 00:46:20,930 it: Do you dissemble all your devices on a regular basis? 470 00:46:20,930 --> 00:46:29,740 Andy: No, I usually do just regular and seal them. In this case, the seal had 471 00:46:29,740 --> 00:46:35,410 an issue with with the heat as well. So, and I was lousy on checking it. I have to 472 00:46:35,410 --> 00:46:42,360 say so. Yes, that's something. I mean, if you have one office, you can do that. I 473 00:46:42,360 --> 00:46:48,530 tend to work on different continents even, and that turned out to be a bit of an 474 00:46:48,530 --> 00:46:53,880 issue. So, yes, you need to have safes everywhere and seals and duh, duh, duh, 475 00:46:53,880 --> 00:47:01,230 duh. But even then, you know, Pompeo seems to have justified or have given 476 00:47:01,230 --> 00:47:07,490 orders to do these things no matter the costs. And my expectation to have like a 477 00:47:07,490 --> 00:47:15,630 "private" or "secure" encrypted channel so is very limited for a while, watching that 478 00:47:15,630 --> 00:47:20,730 effort. The encryption of the cryptophone obviously was good. Otherwise they 479 00:47:20,730 --> 00:47:25,980 wouldn't have had the effort to, you know, build something in. But at the end of the 480 00:47:25,980 --> 00:47:33,210 day, for me, it has the same impact. It's like, well, you know, it's a phone, it's a 481 00:47:33,210 --> 00:47:38,400 piece of device, it's in a room. The room has windows. We've seen what they've done 482 00:47:38,400 --> 00:47:44,040 with the embassy windows and so on. So it's like, yeah, security. What a nice 483 00:47:44,040 --> 00:47:51,140 idea, but it doesn't really exist. Herald: Yeah. Do you try giving a few 484 00:47:51,140 --> 00:47:57,260 coins to the homeless looking people to do either some reverse intimidation or good 485 00:47:57,260 --> 00:48:03,869 deed if they are not CIA? Andy: Yeah, that's, I mean, I had this one 486 00:48:03,869 --> 00:48:11,550 particular situation where I was waiting for someone on kind of a shopping street, 487 00:48:11,550 --> 00:48:18,570 and I just said something is wrong with the guy. But when I saw the camera and saw 488 00:48:18,570 --> 00:48:24,060 and he also rushed away. So, no, I didn't give them the money. The second 489 00:48:24,060 --> 00:48:31,070 scenario... No, but it's a good idea. Um, the thing is, what I started to do is to 490 00:48:31,070 --> 00:48:35,890 always have a camera with me. That turns out for me to be important, to be able to 491 00:48:35,890 --> 00:48:40,800 document things. And also most of them, except the British, don't like it when 492 00:48:40,800 --> 00:48:45,250 they are being photographed. And you either, they, it's very interesting 493 00:48:45,250 --> 00:48:49,430 because normal people do realize when they are being photographed. But these guys are 494 00:48:49,430 --> 00:48:54,610 either pretending, no, I don't see that you photograph me. You know, they look a 495 00:48:54,610 --> 00:49:01,700 little bit with too much energy away from it or they are seriously disturbed and go 496 00:49:01,700 --> 00:49:05,060 away. Herald: So the best solution would be to 497 00:49:05,060 --> 00:49:09,630 have the boldest, biggest, largest camera always in hand. 498 00:49:09,630 --> 00:49:14,340 Andy: Yeah, let me say it like this. I mean, I've not been a fan of surveillance 499 00:49:14,340 --> 00:49:21,150 technology and for sure not of CCTV for a long part of my life. But I start to like 500 00:49:21,150 --> 00:49:27,350 the idea of CCTV at some places in my own environment. I'm sorry to say that, but 501 00:49:27,350 --> 00:49:31,590 there's compromises you can make like surveil feet, you know, other parts you 502 00:49:31,590 --> 00:49:37,110 don't always need the faces. If you need the faces , yeah there's options. 503 00:49:37,110 --> 00:49:43,280 Herald: And still, analog photography is a great thing. But that's my personal 504 00:49:43,280 --> 00:49:48,870 opinion. Um. You maybe you want to, you can talk, maybe you cannot talk about: Do 505 00:49:48,870 --> 00:49:54,190 you use other counter measurements you want to talk about or can talk about? 506 00:49:54,190 --> 00:49:58,960 Andy: You know, I obviously don't want to talk about it. But I mean, I've been, um. 507 00:49:58,960 --> 00:50:09,330 But I was wondering myself how, um, why I had this rather intense things going on. I 508 00:50:09,330 --> 00:50:13,680 mean, I was wondering, is it the time frame? Is it me as a person? It might have 509 00:50:13,680 --> 00:50:20,320 to do with actually being in this funny scene? Of course, I've learned. I mean, I 510 00:50:20,320 --> 00:50:25,470 know lock picking persons, I've always had an eye on having good locks based on their 511 00:50:25,470 --> 00:50:30,380 advice, and understanding how easy it would be otherwise. And using encryption 512 00:50:30,380 --> 00:50:37,980 was also not always about, like, hiding something. It was just good practice of 513 00:50:37,980 --> 00:50:43,450 having privacy and operational security. So for me, that was very normal for many 514 00:50:43,450 --> 00:50:48,150 years to do that. And maybe, you know, compared to other persons, that made me 515 00:50:48,150 --> 00:50:54,480 more interesting. I don't know. I'll find out one day. But I think it's a good idea 516 00:50:54,480 --> 00:50:59,520 for everybody involved to think about these three aspects: physical security, 517 00:50:59,520 --> 00:51:06,430 encryption, and also what kind of ways do you have to realize if something is being 518 00:51:06,430 --> 00:51:08,630 tampered with. Herald: Yeah - 519 00:51:08,630 --> 00:51:13,490 Andy: And that's not necessarily monitoring. I mean, monitoring can help, 520 00:51:13,490 --> 00:51:17,570 but on the other hand side, yeah, with monitoring systems, they can also deal 521 00:51:17,570 --> 00:51:22,090 with. Herald: Like physical checksums(?), kind 522 00:51:22,090 --> 00:51:28,300 of. Our next question: Do you ask the police at the border if everything is 523 00:51:28,300 --> 00:51:33,950 prepared now? Andy: You know, the British border, 524 00:51:33,950 --> 00:51:38,470 probably that's a reference to, I don't travel to the UK anymore. I decided, you 525 00:51:38,470 --> 00:51:43,200 know, after they dealt with Julian there, I don't like that place anymore. I never 526 00:51:43,200 --> 00:51:49,840 felt so well there. And actually, maybe I forgot to mention that, after this kind of 527 00:51:49,840 --> 00:51:55,920 treatment at the border started I also started avoiding sleeping in the UK. So I 528 00:51:55,920 --> 00:52:01,200 made day trips sometimes, in order to get the last plane out of the country. I was 529 00:52:01,200 --> 00:52:05,100 flying to Zürich first, because it was a late flight to Zürich and then the next 530 00:52:05,100 --> 00:52:09,650 morning to Berlin. I felt in Zürich better at the bar of a shitty hotel than in 531 00:52:09,650 --> 00:52:16,000 London Central City with, yeah, this special relationship, as it's called, 532 00:52:16,000 --> 00:52:21,280 between the intelligence of the UK and those of the US. 533 00:52:21,280 --> 00:52:28,790 Herald: I see. Speaking of sleeping, or in this case concerning your apartment, the 534 00:52:28,790 --> 00:52:33,730 question would be: Would some home surveillance system bring some relief, for 535 00:52:33,730 --> 00:52:37,260 example? Andy: Well, that's like, that's like 536 00:52:37,260 --> 00:52:42,720 exchanging the devil with the other dude, right? I mean, no, I'm not really a fan of 537 00:52:42,720 --> 00:52:46,610 that. But yes, of course, I had to at the end of the day, at least check with my 538 00:52:46,610 --> 00:52:55,480 door and so on, what I can do to detect and record things and so on. But it's not 539 00:52:55,480 --> 00:53:00,640 a pleasure. It's not like, I don't know. I mean, yes, you end up doing that kind of 540 00:53:00,640 --> 00:53:03,920 shit. But that's not how life on planet Earth should be. 541 00:53:03,920 --> 00:53:10,550 Herald: Yeah, yeah. It's, it's a kind of a trade off, for what return. And yeah - 542 00:53:10,550 --> 00:53:14,830 Andy: I mean, the thing is, I mean, look, I'm a German citizen. What I'm doing is 543 00:53:14,830 --> 00:53:19,940 constitutionally protected. I live in the governmental district of Berlin. It's 544 00:53:19,940 --> 00:53:26,080 fairly safe here. But, you know, I have friends in other places, other situations, 545 00:53:26,080 --> 00:53:34,270 their life is completely different there, and that is more what worries me. That I'm 546 00:53:34,270 --> 00:53:37,869 in a relatively cool position, secure position. That's why I can talk about 547 00:53:37,869 --> 00:53:43,221 these things. But I have friends who have a more severe situation and they are not 548 00:53:43,221 --> 00:53:48,220 sure they should talk about it, to not escalate things. And that's a very tricky 549 00:53:48,220 --> 00:53:56,250 choice to make, maybe. Herald: Yes, indeed. Um, that brings us to 550 00:53:56,250 --> 00:54:02,290 another question. And I think this is a perfect point to mention that. Can we do - 551 00:54:02,290 --> 00:54:06,830 What can we do to support you in getting out of this mess? And what can we do in 552 00:54:06,830 --> 00:54:10,240 general for this? Andy: While I really appreciate the 553 00:54:10,240 --> 00:54:16,119 question, I don't have a good answer. But I think, yes, I would like to discuss more 554 00:54:16,119 --> 00:54:22,710 with people about what can be done. I mean, for the moment, I'm dealing with 555 00:54:22,710 --> 00:54:29,890 police, with lawyers, the Spiegel guys I'm working with, they also find some ways 556 00:54:29,890 --> 00:54:37,240 maybe to address it. Um, but it seems like at least if it comes to Julian's 557 00:54:37,240 --> 00:54:42,410 situation, things are, yeah, badly escalated and it's all a bit interrelated. 558 00:54:42,410 --> 00:54:49,340 So I don't have a good answer at this moment, but I think it's a good idea to 559 00:54:49,340 --> 00:54:55,720 discuss it more and also maybe identifying other people who are in some kind of a 560 00:54:55,720 --> 00:55:01,060 risk situation because these things happened. And so maybe, hopefully was able 561 00:55:01,060 --> 00:55:05,940 to show it's not that difficult to get into such a mess. It's - it happens. 562 00:55:05,940 --> 00:55:11,160 Herald: Yeah, and speaking of discussing, you mentioned earlier, there is a Big Blue 563 00:55:11,160 --> 00:55:17,210 Button to discuss any further. You will find it in the 2D area, in the 2D world in 564 00:55:17,210 --> 00:55:21,850 the Whistleblower Wiki. Is that right? Andy: Yes. In the tent, actually, I was 565 00:55:21,850 --> 00:55:26,710 told. In the tent is the URL to the Big Blue Button or somehow it's interlinked 566 00:55:26,710 --> 00:55:32,300 there. Herald: So again, please go out, explore 567 00:55:32,300 --> 00:55:37,599 the 2D world. And of course, the whistleblower tent. We still have some 568 00:55:37,599 --> 00:55:45,330 minutes left. How do you do mentally? Did you use any method to keep your head clean 569 00:55:45,330 --> 00:55:52,520 or clear and, did you freak out? Andy: Yeah, that's a good question. Um. I 570 00:55:52,520 --> 00:56:00,490 drink too much vodka, but I try to keep it with good quality. Um, let me say it 571 00:56:00,490 --> 00:56:08,599 like this. The real trouble is maybe that while in this scene here, people have a 572 00:56:08,599 --> 00:56:18,230 rough understanding of this type of things already. Um, I also liked to have, to be 573 00:56:18,230 --> 00:56:22,400 around with people who have nothing to do with IT, with security, with all these 574 00:56:22,400 --> 00:56:28,100 kind of things. So-called normal people. Sometimes it's refreshing to be with them, 575 00:56:28,100 --> 00:56:38,400 but their ability to understand this mess is a little bit limited. So it's, I think 576 00:56:38,400 --> 00:56:43,320 others judge better how I'm doing mentally. I'm trying to keep my head up 577 00:56:43,320 --> 00:56:50,650 and finding a good way out. But if anyone has a good idea, I am really all for 578 00:56:50,650 --> 00:56:57,160 listening and see what's possible. Herald: In this case. I can can come back 579 00:56:57,160 --> 00:57:03,810 to the vineyard and it's pretty relaxing to have work in the late autumn. 580 00:57:03,810 --> 00:57:11,330 Andy: All right. Even during a pandemic. OK, you just find a way there. Yeah. 581 00:57:11,330 --> 00:57:16,520 Herald: It's outside and it's a lot of distance between the people. I think this 582 00:57:16,520 --> 00:57:21,740 will work. So the last question: Red or white wine? 583 00:57:21,740 --> 00:57:26,350 Andy: Red, red wine. Herald: Red. 584 00:57:26,350 --> 00:57:32,050 Andy: Yeah, definitely. And I mean, thanks for all this. Just to point out, please, 585 00:57:32,050 --> 00:57:36,200 we also have to work on to getting Julian out there and others who are in this mess 586 00:57:36,200 --> 00:57:41,511 who can't even talk about it. I really appreciate the opportunity to talk to you 587 00:57:41,511 --> 00:57:48,470 guys, but it's also about the others. And let us get Julian out here, please. Out 588 00:57:48,470 --> 00:57:52,490 that shit there. Herald: With these great words, Andy, 589 00:57:52,490 --> 00:58:00,700 thanks for your time. Thanks for being here at the remote chaos. As mentioned, we 590 00:58:00,700 --> 00:58:07,130 still have the opportunity to ask you some questions in the whistleblower tent. And 591 00:58:07,130 --> 00:58:16,229 with this, have a nice evening. Try to relax and see you latest - next time. 592 00:58:16,229 --> 00:58:18,730 Andy: Goodbye. 593 00:58:18,730 --> 00:58:39,220 *postroll music* 594 00:58:39,220 --> 00:58:57,310 Subtitles created by c3subtitles.de in the year 2020. Join, and help us!