Penet remailer
Encyclopedia
The Penet remailer was a pseudonymous remailer
(type 0) operated by Johan "Julf" Helsingius
of Finland from 1993 to 1996. Its initial creation stemmed from an argument in a Finnish newsgroup over whether people should be required to tie their real name to their online communications. Julf believed that people should not—indeed, could not—be required to do so. In his own words:
In addition, the Penet remailer used a type of “post office box” system in which users could claim their own anonymous e-mail addresses of the form anxxxxx@anon.penet.fi, allowing them to assign pseudonymous identities to their anonymous messages, and to receive messages sent to their (anonymous) e-mail addresses.
While the basic concept was effective, the Penet remailer had several vulnerabilities which threatened the anonymity of its users. Chief among them was the need to store a list of real e-mail addresses mapped to the corresponding anonymous e-mail addresses on the server. A potential attacker needed only to access that list to compromise the identities of all of Penet’s users. The Penet remailer was on two occasions required by the legal system in Finland (the country where Penet resided) to turn over the real e-mail address that was mapped to an anonymous e-mail address. Another potential vulnerability was that messages sent to and from the remailer were all sent in cleartext, making it vulnerable to electronic eavesdropping.
Later anonymous remailer designs, such as the Cypherpunk
and Mixmaster
designs, adopted more sophisticated techniques to try and overcome these vulnerabilities, including the use of encryption to prevent eavesdropping, and also the technique known as onion routing
to allow the existence of pseudonymous remailers in which no record of a user's real e-mail address is stored by the remailer.
Despite its relatively weak security, the Penet remailer was a hugely popular remailer owing to its ease of anonymous account set-up and use compared to more secure but less user-friendly remailers, and had over 700,000 registered users at the time of its shutdown in September 1996.
II. Wired
magazine reported at the time:
This was followed a year later by a mention in the announcement for DEF CON III:
There are no known reports detailing the specifics and extent of this compromise.
. Claiming that a file had been stolen from one of the Church's internal computer servers and posted to the newsgroup alt.religion.scientology
by a Penet user, representatives of the Church contacted Interpol
, who in turn contacted the Finnish police, who issued a search warrant demanding that Julf hand over data on the users of the Penet remailer. Initially Julf was asked to turn over the identities of all users of his remailer (which numbered over 300,000 at the time), but he managed a compromise and revealed only the single user being sought by the Church of Scientology.
The anonymous user in question used the handle "-AB-" when posting anonymously, and their real e-mail address indicated that they were an alumnus or alumna of the California Institute of Technology
. The document he posted was an internal report by a Scientology private investigator, Gene Ingram, about an incident that had occurred involving a man named Tom Klemesrud, a BBS operator involved in the Scientology versus the Internet
controversy. The confusing story became known on the Internet as the "Miss Blood Incident".
Eventually the Church learned the real identity of "-AB-" to be Tom Rummelhart, a Scientologist and computer operator responsible for some of the maintenance of the Church of Scientology's INCOMM computer system. The fate of "-AB-" after the Church of Scientology learned his true identity is unknown. Years later in 2003, a two-part story entitled "What Really Happened in INCOMM - Part 1" and "What Really Happened in INCOMM – Part 2" was posted to alt.religion.scientology
by a former Scientologist named Dan Garvin, which described events within the Church leading up to and stemming from the Penet posting by "-AB-".
as part of an effort to discover who was posting messages critical of the nation's government in the newsgroup soc.culture.singapore, but as Finnish law did not recognise any crime being committed, Julf was not required to reveal the user's identity.
In August 1996, a major British newspaper, The Observer
, published an article describing the Penet remailer as a major hub of child pornography
, quoting a United States FBI
investigator named Toby Tyler as saying that Penet was responsible for between 75% and 90% of the child pornography being distributed on the Internet. Investigations by online journalist Declan McCullagh
demonstrated many errors and omissions in the Observer article. In an article penned by McCullagh, the alleged FBI investigator described himself as a sergeant in California
's San Bernardino
sheriff's office who only consulted with the FBI from time to time, a relationship which the Observer article had in his opinion purposefully misrepresented as some kind of employment relationship. Tyler also claimed that the Observer purposely misquoted him, and he had actually said "that most child pornography posted to newsgroups does not go through remailers."
In addition, Julf claimed that he explained to the Observer the steps he took to prevent child pornography from being posted by forbidding posting to the alt.binaries newsgroups and limiting the size of messages to 16 kilobytes, too small to allow uuencode
d binaries such as pictures to be posted. He also informed the Observer of an investigation already performed by the Finnish police which had found no evidence that child pornography was being remailed through Penet. Julf claims that all this information was ignored, stating that the Observer "wanted to make a story so they made things up."
Despite voluminous reader mail pointing to the numerous errors in the news story, the Observer never issued a full retraction of its claims, only going so far as to clarify that Johan Helsingius had "consistently denied" the claims of child pornography distribution.
In September 1996, the Church of Scientology
again sought information from Julf as part of its court case against a critic of the Church named Grady Ward
. The Church wanted to know if Ward had posted any information through the Penet remailer. Ward gave Julf explicit permission to reveal the extent of his alleged use of the Penet remailer, and Julf told the Church that he could find no evidence that Ward had ever used the Penet remailer at all.
through the Penet remailer. The Church once again demanded that Julf turn over the identity of one of its users, claiming that the poster had infringed the Church's copyright
on the confidential material. The Church was successful in finding the originating e-mail address of the posting before Penet remailed it, but it turned out to be another anonymous remailer: the alpha.c2.org nymserver, a more advanced and more secure remailer which didn't keep a mapping of e-mail addresses that could be subpoena
ed.
Facing multiple criticism and attacks, and unable to guarantee the anonymity of Penet users, Julf shut down the remailer in September 1996.
Pseudonymous remailer
A pseudonymous remailer or nym server, as opposed to an anonymous remailer, is an Internet software program designed to allow people to write pseudonymous messages on Usenet newsgroups and send pseudonymous email. Unlike purely anonymous remailers, it assigns its users a user name, and it keeps a...
(type 0) operated by Johan "Julf" Helsingius
Johan Helsingius
Johan "Julf" Helsingius, born in 1961 in Helsinki, Finland, started and ran the Anon.penet.fi internet remailer.Anon.penet.fi was one of the most popular Internet remailers, handling 10,000 messages a day. The server was the first of its kind to use a password-protected PO box system for sending...
of Finland from 1993 to 1996. Its initial creation stemmed from an argument in a Finnish newsgroup over whether people should be required to tie their real name to their online communications. Julf believed that people should not—indeed, could not—be required to do so. In his own words:
- "Some people from a university network really argued about if everybody should put their proper name on the messages and everybody should be accountable, so you could actually verify that it is the person who is sending the messages. And I kept arguing that the Internet just doesn't work that way, and if somebody actually tries to enforce that, the Internet will always find a solution around it. And just to prove my point, I spent two days or something cooking up the first version of the server, just to prove a point."
Implementation
Julf's remailer worked by receiving an e-mail from a person, stripping away all the technical information that could be used to identify the original source of the e-mail, and then remailing the message to its final destination. The result provided Internet users with the ability to send e-mail messages and post to Usenet newsgroups without revealing their identities.In addition, the Penet remailer used a type of “post office box” system in which users could claim their own anonymous e-mail addresses of the form anxxxxx@anon.penet.fi, allowing them to assign pseudonymous identities to their anonymous messages, and to receive messages sent to their (anonymous) e-mail addresses.
While the basic concept was effective, the Penet remailer had several vulnerabilities which threatened the anonymity of its users. Chief among them was the need to store a list of real e-mail addresses mapped to the corresponding anonymous e-mail addresses on the server. A potential attacker needed only to access that list to compromise the identities of all of Penet’s users. The Penet remailer was on two occasions required by the legal system in Finland (the country where Penet resided) to turn over the real e-mail address that was mapped to an anonymous e-mail address. Another potential vulnerability was that messages sent to and from the remailer were all sent in cleartext, making it vulnerable to electronic eavesdropping.
Later anonymous remailer designs, such as the Cypherpunk
Cypherpunk anonymous remailer
A cypherpunk anonymous remailer is a Type I anonymous remailer that takes messages encrypted with PGP or GPG, or in some cases in plain text, and forwards them removing any identifying information from the header.-Sending a Cypherpunk Message:...
and Mixmaster
Mixmaster anonymous remailer
Mixmaster is a Type II anonymous remailer which sends messages in fixed-size packets and reorders them, preventing anyone watching the messages go in and out of remailers from tracing them. Mixmaster was originally written by Lance Cottrell, and was maintained by Len Sassaman Peter Palfrader is the...
designs, adopted more sophisticated techniques to try and overcome these vulnerabilities, including the use of encryption to prevent eavesdropping, and also the technique known as onion routing
Onion routing
Onion routing is a technique for anonymous communication over a computer network. Messages are repeatedly encrypted and then sent through several network nodes called onion routers. Like someone unpeeling an onion, each onion router removes a layer of encryption to uncover routing instructions, and...
to allow the existence of pseudonymous remailers in which no record of a user's real e-mail address is stored by the remailer.
Despite its relatively weak security, the Penet remailer was a hugely popular remailer owing to its ease of anonymous account set-up and use compared to more secure but less user-friendly remailers, and had over 700,000 registered users at the time of its shutdown in September 1996.
First compromise
In the summer of 1994, word spread online of the Penet remailer being compromised, with the announcement being made at the hacker convention DEF CONDEF CON
DEF CON is one of the world's largest annual computer hacker conventions, held every year in Las Vegas, Nevada...
II. Wired
Wired (magazine)
Wired is a full-color monthly American magazine and on-line periodical, published since January 1993, that reports on how new and developing technology affects culture, the economy, and politics...
magazine reported at the time:
- An official announcement was made at this year's DCDEF CONDEF CON is one of the world's largest annual computer hacker conventions, held every year in Las Vegas, Nevada...
that anon.penet.fi has been seriously compromised. We strongly suggest that you not trust this anonymous remailer. (Word has it that some folks are working on a PGPPretty Good PrivacyPretty Good Privacy is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security...
-based service.) We'll keep you posted.
This was followed a year later by a mention in the announcement for DEF CON III:
SPEAKERS
Sarah GordonSarah GordonSarah Gordon is a computer security researcher, responsible for early scientific and academic work on virus writers, hackers, and social issues in computing She was among the first computer scientists to propose a multidisciplinary approach to computer security...
, AKA Theora, a veteran of DC II will be presenting another speech this year. Last year she organized a round table discussion with Phil ZimmermannPhil ZimmermannPhilip R. "Phil" Zimmermann Jr. is the creator of Pretty Good Privacy , the most widely used email encryption software in the world. He is also known for his work in VoIP encryption protocols, notably ZRTP and Zfone....
and Presence, and revealed that the Anonymous remailer anon.penet.fi was compromised. TOPIC: Not Announced Yet.
There are no known reports detailing the specifics and extent of this compromise.
Second compromise
The second reported compromise of the Penet remailer occurred in February 1995 at the behest of the Church of ScientologyChurch of Scientology
The Church of Scientology is an organization devoted to the practice and the promotion of the Scientology belief system. The Church of Scientology International is the Church of Scientology's parent organization, and is responsible for the overall ecclesiastical management, dissemination and...
. Claiming that a file had been stolen from one of the Church's internal computer servers and posted to the newsgroup alt.religion.scientology
Alt.religion.scientology
The newsgroup alt.religion.scientology is a Usenet newsgroup started in 1991 to discuss the controversial beliefs of Scientology, as well as the Church of Scientology, which claims exclusive intellectual property rights thereto and is viewed by many as a dangerous cult...
by a Penet user, representatives of the Church contacted Interpol
Interpol
Interpol, whose full name is the International Criminal Police Organization – INTERPOL, is an organization facilitating international police cooperation...
, who in turn contacted the Finnish police, who issued a search warrant demanding that Julf hand over data on the users of the Penet remailer. Initially Julf was asked to turn over the identities of all users of his remailer (which numbered over 300,000 at the time), but he managed a compromise and revealed only the single user being sought by the Church of Scientology.
The anonymous user in question used the handle "-AB-" when posting anonymously, and their real e-mail address indicated that they were an alumnus or alumna of the California Institute of Technology
California Institute of Technology
The California Institute of Technology is a private research university located in Pasadena, California, United States. Caltech has six academic divisions with strong emphases on science and engineering...
. The document he posted was an internal report by a Scientology private investigator, Gene Ingram, about an incident that had occurred involving a man named Tom Klemesrud, a BBS operator involved in the Scientology versus the Internet
Scientology versus the Internet
"Scientology versus the Internet" refers to a number of disputes relating to the Church of Scientology's efforts to suppress material critical of Scientology on the Internet through the use of lawsuits and legal threats. In late 1994, the Church of Scientology began using various legal tactics to...
controversy. The confusing story became known on the Internet as the "Miss Blood Incident".
Eventually the Church learned the real identity of "-AB-" to be Tom Rummelhart, a Scientologist and computer operator responsible for some of the maintenance of the Church of Scientology's INCOMM computer system. The fate of "-AB-" after the Church of Scientology learned his true identity is unknown. Years later in 2003, a two-part story entitled "What Really Happened in INCOMM - Part 1" and "What Really Happened in INCOMM – Part 2" was posted to alt.religion.scientology
Alt.religion.scientology
The newsgroup alt.religion.scientology is a Usenet newsgroup started in 1991 to discuss the controversial beliefs of Scientology, as well as the Church of Scientology, which claims exclusive intellectual property rights thereto and is viewed by many as a dangerous cult...
by a former Scientologist named Dan Garvin, which described events within the Church leading up to and stemming from the Penet posting by "-AB-".
Other attacks
Julf was also contacted by the government of SingaporeSingapore
Singapore , officially the Republic of Singapore, is a Southeast Asian city-state off the southern tip of the Malay Peninsula, north of the equator. An island country made up of 63 islands, it is separated from Malaysia by the Straits of Johor to its north and from Indonesia's Riau Islands by the...
as part of an effort to discover who was posting messages critical of the nation's government in the newsgroup soc.culture.singapore, but as Finnish law did not recognise any crime being committed, Julf was not required to reveal the user's identity.
In August 1996, a major British newspaper, The Observer
The Observer
The Observer is a British newspaper, published on Sundays. In the same place on the political spectrum as its daily sister paper The Guardian, which acquired it in 1993, it takes a liberal or social democratic line on most issues. It is the world's oldest Sunday newspaper.-Origins:The first issue,...
, published an article describing the Penet remailer as a major hub of child pornography
Child pornography
Child pornography refers to images or films and, in some cases, writings depicting sexually explicit activities involving a child...
, quoting a United States FBI
Federal Bureau of Investigation
The Federal Bureau of Investigation is an agency of the United States Department of Justice that serves as both a federal criminal investigative body and an internal intelligence agency . The FBI has investigative jurisdiction over violations of more than 200 categories of federal crime...
investigator named Toby Tyler as saying that Penet was responsible for between 75% and 90% of the child pornography being distributed on the Internet. Investigations by online journalist Declan McCullagh
Declan McCullagh
Declan McCullagh is an American journalist and columnist for CBSNews.com. He specializes in computer security and privacy issues. He is notable, among other things, for his early involvement with the media interpretation of U.S...
demonstrated many errors and omissions in the Observer article. In an article penned by McCullagh, the alleged FBI investigator described himself as a sergeant in California
California
California is a state located on the West Coast of the United States. It is by far the most populous U.S. state, and the third-largest by land area...
's San Bernardino
San Bernardino, California
San Bernardino is a city located in the Riverside-San Bernardino metropolitan area , and serves as the county seat of San Bernardino County, California, United States...
sheriff's office who only consulted with the FBI from time to time, a relationship which the Observer article had in his opinion purposefully misrepresented as some kind of employment relationship. Tyler also claimed that the Observer purposely misquoted him, and he had actually said "that most child pornography posted to newsgroups does not go through remailers."
In addition, Julf claimed that he explained to the Observer the steps he took to prevent child pornography from being posted by forbidding posting to the alt.binaries newsgroups and limiting the size of messages to 16 kilobytes, too small to allow uuencode
Uuencode
Uuencoding is a form of binary-to-text encoding that originated in the Unix program uuencode, for encoding binary data for transmission over the uucp mail system.The name "uuencoding" is derived from "Unix-to-Unix encoding"...
d binaries such as pictures to be posted. He also informed the Observer of an investigation already performed by the Finnish police which had found no evidence that child pornography was being remailed through Penet. Julf claims that all this information was ignored, stating that the Observer "wanted to make a story so they made things up."
Despite voluminous reader mail pointing to the numerous errors in the news story, the Observer never issued a full retraction of its claims, only going so far as to clarify that Johan Helsingius had "consistently denied" the claims of child pornography distribution.
In September 1996, the Church of Scientology
Church of Scientology
The Church of Scientology is an organization devoted to the practice and the promotion of the Scientology belief system. The Church of Scientology International is the Church of Scientology's parent organization, and is responsible for the overall ecclesiastical management, dissemination and...
again sought information from Julf as part of its court case against a critic of the Church named Grady Ward
Grady Ward
William Grady Ward is an American software engineer, lexicographer, and Internet activist who has featured prominently in the Scientology versus the Internet controversy....
. The Church wanted to know if Ward had posted any information through the Penet remailer. Ward gave Julf explicit permission to reveal the extent of his alleged use of the Penet remailer, and Julf told the Church that he could find no evidence that Ward had ever used the Penet remailer at all.
Third compromise and shutdown
In September 1996, an anonymous user posted the confidential writings of the Church of ScientologyChurch of Scientology
The Church of Scientology is an organization devoted to the practice and the promotion of the Scientology belief system. The Church of Scientology International is the Church of Scientology's parent organization, and is responsible for the overall ecclesiastical management, dissemination and...
through the Penet remailer. The Church once again demanded that Julf turn over the identity of one of its users, claiming that the poster had infringed the Church's copyright
Scientology and the legal system
The Church of Scientology has been involved in court disputes in several countries. In some cases, when the Church has initiated the dispute, question has been raised as to its motives. The Church says that its use of the legal system is necessary to protect its intellectual property and its right...
on the confidential material. The Church was successful in finding the originating e-mail address of the posting before Penet remailed it, but it turned out to be another anonymous remailer: the alpha.c2.org nymserver, a more advanced and more secure remailer which didn't keep a mapping of e-mail addresses that could be subpoena
Subpoena
A subpoena is a writ by a government agency, most often a court, that has authority to compel testimony by a witness or production of evidence under a penalty for failure. There are two common types of subpoena:...
ed.
Facing multiple criticism and attacks, and unable to guarantee the anonymity of Penet users, Julf shut down the remailer in September 1996.
See also
- Anonymous remailerAnonymous remailerAn anonymous remailer is a server computer which receives messages with embedded instructions on where to send them next, and which forwards them without revealing where they originally came from...
- Crypto-anarchismCrypto-anarchismCrypto-anarchism expounds the use of strong public-key cryptography to bring about privacy and freedom. It was described by Vernor Vinge as a cyberspatial realization of anarchism. Crypto-anarchists aim to create cryptographic software that can be used to evade prosecution and harassment while...
- CypherpunkCypherpunkA cypherpunk is an activist advocating widespread use of strong cryptography as a route to social and political change.Originally communicating through the Cypherpunks electronic mailing list, informal groups aimed to achieve privacy and security through proactive use of cryptography...
- Pseudonymous remailerPseudonymous remailerA pseudonymous remailer or nym server, as opposed to an anonymous remailer, is an Internet software program designed to allow people to write pseudonymous messages on Usenet newsgroups and send pseudonymous email. Unlike purely anonymous remailers, it assigns its users a user name, and it keeps a...
- SintercomSintercomSintercom was an Internet community launched by Dr Tan Chong Kee in 1994 with the objective of providing a platform for free flowing discussion on various national issues much akin to soc.culture.singapore in USENET where he was active.-SBA incident:On 5 July 2001, before the general election, Dr...
- The Law of Cyber-SpaceThe Law of Cyber-SpaceThe Law of Cyber-Space is a book by Ahmad Kamal, Senior Fellow at the United Nations Institute for Training and Research on the subject of Cyber law....