got this on email today:
-----------------------------------------------------------------------------------
>
>I find myself living in a cyberpunk novel. It is by turns an
>exhilerating and gut-churning experience.
>
>You're all probably all aware of the political turmoil in
>Iran. Well...on Sunday I was recruited into an international network
>of hackers who are setting up proxy servers and Tor bridges for the
>use of the demonstrators, who are fast morphing into revolutionaries.
>
>Duty called me. What they're doing to the demonstrators is horrible;
>I've seen video of teenagers shot down in the streets like animals -
>wounded, dying - because they had the courage to contest an election
>that was clearly rigged by a corrupt and tyrannical government.
>
>We've named our network after one of them, a young woman named Neda
>Agha Soltan who was pointlessly murdered by a basiji paramilitary last
>Friday as she stood watching a street demonstration. She wasn't a
>hoodlum or a political agitator, just a pretty, lively 26-year-old
>girl with a mischievous look in her eye. The shot, and her death, was
>caught on video and smuggled out to YouTube. "Neda", in literary
>Farsi, means "call" or "voice". Of such symbols are revolutions made;
>I think the mullahs are going to bitterly regret creating this one.
>
>Most of the people in the network are pretty stealthed; I only know
>the human names of two of the principals, the rest are known to me
>(and each other) only as IRC chat handles. And yes, we have covert
>contacts on the ground in Iran; I have carefully not tried to find out
>who they are or the exact nature of our channels to them.
>
>There is a reason for being careful about security. The Iranian
>government doesn't like what we're doing at *all*, and it's got lots
>of quasi-deniable proxies in various terrorist organizations. Some of
>our key people (I've been asked not to specify the number) had already
>received death threats when I joined up.
>
>However, I swiftly concluded that someone in the network needed to be
>visible aboveground to do outreach and PR. Everybody else knew this
>too, but the problem with being visible is that given the way the
>Iranian regime has operated against opponents in the past, our
>public-face job has a non-zero assassination risk attached to it.
>
>Unfortunately, I concluded that the designated clay pigeon needed to
>be me. For three reasons (1) I'm good at the PR end, (2) I've already
>had my jihadi death threat from Iran back in 2006, so stepping up
>doesn't increase my risk as much as it would for others, and (3) it's
>stone-obvious to everybody involved, including me, that I'd be a
>harder target than any of the (other) principals.
>
>Of these, the most important reasion is really the third one. I
>couldn't live with my conscience very easily afterwards if someone
>else in our network less prepared for violence exposed himself and got
>capped by some jihadi. And they're kids, mostly - dewy-eyed
>idealistic innocents no older than the student demonstrators in
>Iran. That puts a duty on me, too.
>
>While I was thinking though all this, I was doing one of the two or
>three key technical jobs, which is maintaining the customized proxy
>server configuration we hand people who want to help with that end of
>things. It restricts access to Iranian IPs and locks out blocks known
>to be government-owned; also disables logging so the client IPs can't
>be traced in the event of a host security breach. A lot of the value
>in it is the detailed setup instructions, which I've managed to
>collate for (basically) every platform except Windows.
>
>Since I took NedaNet aboveground, we've attracted notice in the New York
>Times (twice), the Washington Post, and Instapundit. As a result,
>lots of competent people are showing up to help. I'm also starting to
>get contacts from other groups of hackers, including grey hats who
>want to wage network warfare against Iranian government sites. They're
>looking for strategy and coordination - and some of them are starting
>to expect me to provide it.
>
>Like, here's a strategy issue. We do *not* want to try to DOS
>Iranian government sites from out of country. Bad idea! The problem
>is that Iran's bandwidth to the outside world is pretty low. If we
>clog that pipe, the dissidents will lose access to the communications
>channels we've been setting up for them. That would be a net loss.
>
>So the technical and outreach/PR/strategy ends are going fine; now I
>just have to manage the not-getting-killed part. And the hazard level
>rose this morning. I've been releasing progress reports on my blog,
>in the comments attached to "Dispatches from the Iranian cyberfront",
><
http://esr.ibiblio.org/?p=1096>. This morning I received a death
>threat directed specifically at me.
>
>I've since talked with the FBI and with Sal Sanfratello (known to many
>of you) who has field experience in security and counterrorism. There
>are two possible threat levels here. One is amateur night - bunch of
>hotheads from the local Islamic "social club", the other is an Iranian
>professional team.
>
>Sal says that if there's any indication the Iranians have pros in the
>area I should bug the fuck out, and has given me detailed escape and
>evasion advice. (I have a laptop, so I can keep operating anywhere
>there's wifi.) He's offered to come out here and cover my back if I
>think the shit is getting heavy, which is reassuring since he's the
>most dangerous human being I know.
>
>However, neither he nor the FBI thinks pros are even remotely
>likely. The FBI Special Agent I apoke with agrees with his threat
>assessment and has promised to call me if they have any indication of
>pros on the ground, but agrees that the scenario to plan against is
>amateur night. And about that, Sal is very reassuring.
>
>Sal says Cathy and I are better hand-to-hand fighters and shooters
>than anybody the amateur-night scenario is likely to throw at us - and
>having been among those who trained us, he's in a good position to
>know. Amateur-night attackers would almost certainly be lousy shots
>with poor tactical coordination; if we don't let them get the drop on
>us Sal thinks we'll probably be OK. Awareness is key.
>
>The FBI is alerted. The local cops have my house on elevated watch and
>are 100% behind me (at times like this, living in a small town with a
>police chief who's a pro-gun conservative and a wife on the Borough
>Council is a huge boon). I'm armed and maintaining Cooper Condition
>Yellow. I think this is about as good a defense in depth as is
>possible given our resources, and it should be adequate against the
>plausible threat.
>
>Meanwhile, the next technical issue is coming up with procedures for
>setting up Tor bridges, relays, and clients that are as cleanly
>packaged as the squid configuration. Tor is a sort of tunneling
>system that defeats traffic analysis, providing anonymity to
>network clients.
>
>Am I enjoying all this? On one level, *hell* yeah. I've dreamed of
>being part of a rebel crew of hackers knocking the props out from
>under a tyrannical government for more than a quarter century - what
>more natural fantasy for a libertarian programmer? Getting to
>actually do it...wow. I'm living my most strongly-held values now,
>putting my skills at the service of freedom. That feels *great*. The
>fact that I'm potentially putting my life on the line - for sound
>reasons, in a good cause, against truly villainous enemies - only
>makes it tastier.
>
>But I'm not a Shi'a Muslim; martyrdom holds no appeal for me. I don't
>want to get killed, I want to live to spit in the eyes of more evil
>empires after I help bring down this one. In truth, I don't think the
>odds that I'll get hit are very high - it's just that dismissing the
>threat and not counter-planning against it could be a way to end up
>feeling very stupid and (shortly afterwards) very dead.
>
>So, yes, I'm typing with a pistol strapped to my hip. Not that I think
>I'm going to need it inside the house, but I need to get more used to
>moving with it because I think I'm going to be wearing it until this
>shit blows over. Thank Goddess open carry is legal in Pennsylvania.
>
>You're good people on this list, and I know you're going to worry
>about me. But the risks I'm running with my eyes open are nothing -
>*nothing* - compared to what the Iranian dissidents are facing every
>day in the streets of Tehran and elsewhere. Bend your thoughts to
>them. If you can think of anything to do to help them - to honor poor
>murdered Neda Agha Soltan's memory - do it.
>
>And for me, this is the moment when all of what I am comes together --
>hacker, fighter, propagandist, each skillset enabling the others. It's
>a great thing, provided I survive it.
http://www.catb.org/esr/nedanet/