Xerobank Presents Workshops for the U.S Intelligence Community

I see there is a thread or two here with some discussion concerning how well insulated Xerobank is against demands from the intelligence community or law enforcement to turn over information. All the energy spent pondering this question would be a pointless exercise if…and let me be clear here…I say, IF it turns out that Xerobank happens to be a participating member or a supporting member of the intelligence community itself.

The good relationship Steve Topletz apparently has with certain national intelligence agencies in the United States hasn’t exactly been a well guarded secret. Mr. Tobletz even wrote about getting together for consultations with members of the FBI on Xerobank’s own forum. He also wrote about being invited inside the AT&T building that houses the NSA’s (formerly) ultra top-secret telecommunications eavesdropping room. He even went so far as to post up a picture he took during his visit!

While Mr. Topletz’s pedigree related to privacy rights is impressive (e.g., Cult of the Dead Cow’s Hacktivismo Project that brought the world Torpark) the posts on his forum did raise an eyebrow or two there among the faithful.

Other bits of data and information have surfaced from time to time about Xerobank that caused more than just eyebrows to be raised. The data and information that posters here and other places have brought to light appear to be well documented. Much of it starkly conflicts with what Mr. Toplez has had to say about Xerobank’s origins and affiliations. Such conflictions quite naturally raise questions in the rational mind.

Unfortunately, these questions often become escalated into full-blown assumptions due to the incomplete manner in which they are addressed, or as in most cases, not addressed by Xerobank. Instead of the point-on-point responses that Xerobank’s customers deserve and thought would be forthcoming, they received highly skilled demonstrations of how to successfully bob and weave when sparing with even the most articulate of forum participants and bloggers on the world wide web today.

Mr. Topletz and his proxies are truly artful dodgers. Anyone foolish enough to wade into the deep end of the wordplay pool with them usually winds up becoming drowned in the same frustration that comes from trying to nail jello to a wall. The specific evidentiary points raised are never directly addressed. Pointed questions either get deflected or outright ignored. One has to wonder if this is a natural skill or the result of some special training.

Unfortunately, whatever Xerobank’s true affiliations have been or are will more than likely continue to remain a mystery. Should Mr. Topletz or any of his numerous shadows come swooping down on this thread to do a little damage control, I feel certain we’ll learn very little more from them about what’s behind the mask that Xerobank continues to display.

However, if we’re resourceful, perhaps we can learn a little on our own. Care to join me?

This is a recent media document apparently issued by Xerobank to an organization for one reason or another. Perhaps it was related to an event at which Mr. Topletz made a presentation, or perhaps not. It doesn’t really matter.

What I find particularly appalling in this document is that Mr. Topletz openly and cheerfully invites members of this organization to meet and talk with him and other members of Xerobank. He later graciously invites them to email him or his team members.

An excerpt from the link reads,

Meet Us

XeroBank team members can be found all over the world. We will be hosting an event at
the DefCon convention in Las Vegas in August, presenting at the IPCybercrime
Bootcamp in September, and speaking at the ISS World conference in Washington DC
in October. We encourage you to attend, and any of our team members would be happy
to meet with you.

This has to be particularly galling for Xerobank customers. The Xerobank “team” apparently has plenty of time to flit around to different cities in the US to do presentations and put on training workshops for intelligence gathering organizations, but not a moment to spare to take care of a single support ticket.

I didn’t look to see what Mr. Topletz’s presentation was about at DefCon, but the agenda for his next presentation was a little more informative…even has a right smart picture of him on it as well: IPC Cybercrive Boot Camp

Seems the private online investigative firm, IPCybercrime mentioned in the link liked having Steve at its investigator training “bootcamp” so much last year, that it invited him back again. IPCybercrime, by the way, uses cutting edge technology and uses innovative techniques it developed to track and locate individuals online. The firm and its flamboyant owner have previously been profiled on national news programs.

As these two events are already over with, I suppose the only opportunity left for Xerobank customers to get a word with its “Operations Advisor” is at the ISS World Conference in Washington DC coming up this October. ISS’ full title is, “TeleStrategies’ Intelligence Support Systems for Lawful Interception, Criminal Investigations and Intelligence Gathering”.

According to theagenda,

ISS World Americas is the world's largest gathering of North American, Caribbean and Latin American law enforcement, intelligence, homeland security analysts and telecom operators responsible for lawful interception, electronic investigations and network intelligence.​

This event is huge! A workshop or presentation will be given on every conceivable subject one can imagine related to communications intercept and internet forensics. The event is so big, in fact, that the workshops will be split into seven different training segments or, “tracks”.

The event flyer states that each track will target a “different segment of the lawful intercept market”. The sponsorship list reads like a Langley, Virginia Who’s Who list.

Mr. Topletz’s presentation will be part of Training Track 6 and will occur on Wednesday, October 13, 2010 at 2:45. Track 6 is described in the agenda as follows:

Track 6: Special OSINT Sessions - Naked Intelligence
ISS World and Naked Intelligence have partnered to create the world’s most unique Intelligence Support Systems and Intelligence Gathering conference track. This track combines hands-on access to intelligence support systems solution providers with valuable insight and know-how presented by experienced practitioners of intelligence. ​

Now...granted, not knowing the full context for the motives surrounding Xerobank’s obviously cozy relationship with the intelligence community, all one can do is speculate. Perhaps the biggest question of all is, why would the very people who have shouted the loudest warnings about how governments around the world continually violate the basic human right to privacy be offering them information and training?

What are the driving factors at work here? Has idealism been replaced by misguided pragmatism or, worse, by materialism? As someone in one of the other threads pointed out, logic dictates that Xerobank’s business model isn’t sustainable. With far-flung operations in a foreign country far away from its main customer base, along with huge communication and server costs, it does not seem realistic that a large enough customer base could be out there to support it…especially now when its customers are being driven away by a complete and total lack of support. Presenters for events like these cited aren’t paid all that much, if at all. Which makes one wonder, where does the income for the "team members all over the world" come from?

Folks…I don’t know what the answers to these questions are, but I think its fairly obvious by now that the credibility gap that has surrounded Xerobank for awhile now just got a bit wider. Could it be that just as the words night and day go together, that we have a case here where words like honey and pot do also? If so, given the human rights issues Mr. Topletz and his associates proclaim they stand for, it would be a betrayal of the highest and most foul order.

 

That's an excellent summary, Xile. There's nothing that I can add, except some speculation.

The saga of Steve, Hacktivismo and XeroBank is nothing new. For a public hacker, it's the best possible outcome. It beats prison or rendition, for sure It's obvious why LEA and their consultants would welcome his input, no? He has expertise in areas of great interest to them. OTOH, he may play roles in efforts that frustrate them. And that's the tension for him, IMHO -- to know enough to be useful alive and free, yet remain totally ignorant re actual operations. Speaking fees are also welcome, I'm sure

And FWIW, read The Second Realm with all of this in mind. If that were your public stand, how would you relate to TPTB?

 

Yeah i agree, nice post Xile plenty of food for thought, and Great links In fact i've just started a new thread based on one of the interesting links you gave - https://www.wilderssecurity.com/showthread.php?t=281695

I read The Second Realm when SteveTX first posted it, and commented on it in one of the other related threads. I found it strange that he hadn't posted much for ages, then as soon as "certain" questions were being asked about him MIA etc, he turns up with that, then promptly disappears again, with no sight or sound of him on here since ?

I think SteveTX & XB might have put themselves in a no win situation. He has his feet in both camps, on the one hand he loudly expouses freedom etc etc = but at the same time mixes etc with people/organisations etc that have been, and are, involved in the opposite of that =

Unless we hear from the horses mouth some Concrete info to truly satisfy ordinary users of XB, i wonder where it's all headed ? It would be a real shame if what started out as looking/reading like the best service available, ended up not as advertised etc

 

You mean this: http://everyjoe.com/work/xerobank-privacy-and-the-fbi-just-a-quick-lunch-for-steve-topletz-162/ ?

“I had to stress that unless the violators are international ‘terrorists’ that pose some immediate threat to human life, child-pornographers, or cash/paypal/e-gold fraudsters then we simply can’t be bothered with anything less than a court order, which won’t trace or identify the client anyway.” “…If the user isn’t violating our terms of service, we have to decline to provide any assistance. Of course, we also know who we are dealing with, and if it is an issue of terrorism, we don’t think we’ll be getting a call from the FBI. In that situations the lights will turn on at the NSA, and the potential threat will be neutralized with little or no involvement from xb whatsoever. As I said earlier, if you are trying to hide from a super-powerful omniscient agency with the ability to monitor all traffic on the internet, you’ve got bigger problems than anyone can help you with.”

Doesn't really sound like you make it sound.

I remember him posting a picture in front of the building but I don't remember him ever saying he was invited inside or that he went inside at all. I recall he typed he wanted to get a "picture with the beast" for fun or something to that effect.

 

Are you saying that their is no one in the camp of the enemy who supports privacy and freedom?

O.K. My turn:
[Speculation]
Xerobank is an independent Government franchise.
How can the Government profit form this?
1. Through distance in that anything occuring through Xerobank can not be attributable as an act of the Government.
2. By building a large user base, sufficient static or noise allows sponsored malicious behavior to blend in with legitimate behavior.
3. While Xerobank management holds the keys to the data they only seem interested in causing problems for morally corrupt individuals, and in a manner that limits their exposure. I just wish they would focus on the CIA instead of average citizens/non citizens. Piper Perabo is off limits though.
[/Speculation]

The time of choosing is upon us, choose thou!

 

If you're a public guy like Steve, with an in-your-face privacy firm like XeroBank, there's no way you're NOT going to be talking with TPTB. And so the conversation might as well be cordial, non-confrontational and professional. Otherwise, you're hosed.

 

As a former XBer myself, I have chosen. XeroBank is months-ago history for me.

I was a Cotse user for years and should have never left. They now offer OpenVPN and that's a deal-breaker for me, with email and all the other Cotse program extras, I think I'm going back.

I also use AlwaysVPN because I think it's a good prepaid solution for protection at hotspots. It's amazing how far 5GB will get you for $8.50 (10GB $20), paid with a prepaid Visa card from Walgreens. That's a lot of bandwidth for surfing, email and simple protection when I'm on the road. Stable and consistent in all aspects too. (Are you listening Steve?) Customer service (needed it twice) was almost immediate.

But the Cotse deal for a low monthly fee is great for sensitive communications. One question for anybody that knows...is the email at Cotse still a souped-up SquirrelMail?

 

Enemies typically support privacy and freedom, albeit limited, for enemies of their enemies, as well as for their friends

That's Anonymizer's role, IMHO. Although XeroBank's cooperation re paedophiles etc. certainly represents a carrot for TPTB, it's arguably not full franchising.

Are you thinking about anything in particular? UltraSurf and China, perhaps?

Actually, I do suspect that XeroBank values VPN clients far more as noise generators than as sources of income. However, I have no clue what traffic they're hiding. Perhas they just like to chat privately

I don't understand this comment. Please elaborate.

I really don't understand this comment. Perhaps I've been too lazy to google what your sig means. Please elaborate.

 

Thanks for the update on the email at Cotse, Poosey. It's good - no question about it.

Hierophant brought up a very interesting possibility regarding the whole UltraSurf "exposé". I remember thinking they were on to something and then -- nobody bought it. The explanations seemed perfectly logical. What was the whole purpose behind trying to discredit the Global Internet Freedom Consortium?

 

That is funnny -- and oh so true! Something I thought was interesting was Steve saying if the issue is terrorism he wouldn't be getting a call from the FBI. Wrong. The FBI takes the lead on investigating terrorism - including electronic investigations - as shown in the Moussaoui/Padilla trials (among many other investigations). ISPs report being contacted by the FBI regarding terrorism investigations. The NSA might be working on the technical details, but the leg work is indeed done by the FBI.

 

Yes, that's very funny, PooseyII

But what if -- taking public claims at face value -- Steve doesn't have admin rights to anything important, doesn't know who the admins are, and doesn't even know who the funders are? If that's not the case, OTOH, PooseyII may be right

 

It is hard to imagine how he gets away with playing the games he talks about.

Fortunately, I have no direct experience.

I get that.

 

You have commented on this when you replied to #1 with:

They are the true Axis of Evil; Soldiers of Darkness! They will make you their patsy.

With crush like language I point to an actress playing a CIA recruit, who is worthy of saving, and the irony is that she's an actress, not a real CIA agent.

I fully understand the explanation of humor does make it funnier not!

Another way to say:

By "sig" do you mean ---V Or are talking about couched meanings, in which case Google is your best friend.

 

I see a little speculation doesn't just go a long way, it goes all the way. The rumors of my defection are greatly exaggerated, and I give this thread a "B" for baloney.

The Naked Intelligence track was actually another conference entirely on a different continent for which I agreed to speak at about two years ago at the request of a friend who was running it. Naked Intelligence was for hackers, market researchers, osint, and proxy boys. The conference got delayed and later got gobbled up by the ISS. The ISS conference is for spooks, LE, surveillance tech, and telecom. Apparently you can't even get into the convention without a clearance, mandatory background checks, and no press or bloggers allowed.

I know what you're thinking, I was thinking it too. But then it occurred to me, what better opportunity would I have to address these groups directly. Not to mention we've got a sponsorship at the conf to display our new enterprise-grade OSINT network.

You guys are smart than this... if the person making the wild speculations has less than 100 posts, it is usually best to ignore them. The troll in this case looks like it was his first post, coincidentally like many of the other anti-xb posts for years here. But forget that, it isn't really news; what I'm still blown away that nobody figured out Kyle gave out an 0-day root exploit on Yoggie adapters. Somebody asked for a glass of water and he dumped out the ocean. Back to my day off. :: Stealth mode activated ::

 

Too late Steve

You and your forums extended absence have caused damage beyond repair. Any trust that you gained previously has now vanished and IMO, cannot be regained

 

I generally agree with that assessment. That's their job, right? I wonder whose interests they serve. Could it be as simple as wealth?

I doubt that Steve wants to take on the CIA just yet

Yes, I could have googled that

OK, I get that you feel that XeroBank should choose freedom/privacy vs cooperating with TPTB. That's not my call.

Perhaps you're also arguing that we need to choose XeroBank, or not, based on their choice. Based on the evidence that's been presented, I still trust them.

My sig comment reflected confusion of you with CloneRanger. Sorry about that.

 

That's a little harsh, no?

I admit that it'd be great if we got occasional XeroBank progress updates. However, given the many benefits of its VPN service, a few weeks of uncertainty from time to time is workable.

 

Harsh! A few weeks!

The site has said be back in a few days for what a month now ? And how about the month prior to that?? You don't remember ? Was that an impostor posting on the xerobank forum as hierophant?? Everyone was wondering why there was no responces from anyone - even the forum mods. But the mods were still there - even editing posts. But again, saying nothing

Then steve shows up here to say "fud" or bask in the glow of a wilders member nominating him for some award. But again, says nothing else lol!

It's your and everyone's else choice to make but how much more slack can you cut someone or a company that "deals in privacy and trust" that keeps everyone in the dark ?

 

Wow, $3.39 a pound for FUD! I'll take 2 pounds please, sliced thin.
Do you have pre sliced White American Fud?

 

Bottom line here is not to trust Xerobank or any VPN like them. If you need strong anonymity use Tor.

 

I was annoyed by the roll out of dark.ai aka gamma, apparently for Defcon, after all the talk of new services. Can't deny it.

It does make one wonder, doesn't it?

Hey, I no longer expect predictable communication from Steve/XeroBank. I can still trust him/them in other ways, however. And YMMV.

 

I agree - especially considering Hierophant posted this in another thread

 

If you are in the privacy business and support your subscribers then those spooks would be an anathema. Yet it seems as if he wants benefit from the connections and expertise of the aforementioned spooks and still sell his services. That is spitting in the face of anyone who takes privacy seriously. For Steve maybe the grass is greener on the other side.

 

And wasn't the internet designed for spooks, by spooks so that spooks could be spooks and then released it to the world? Spooky, huh?

Xerobank is Tor is the Government! Keep your eye on the pea in the shell company!

 

As I've noted previously in this thread, I don't believe that it's realistic for anyone in Steve's position to be confrontational with the law-enforcement and intelligence communities. And most importantly, unless your situation is comparable, you have no right to judge him.

Regarding my security, I use XeroBank and other anonymous VPN services only for play. I work on separate machines, using non-anonymous security services. However, for casual observers, seeing VPN traffic is arguably not a red flag.