Home Tags Cruise

Tag: Cruise

TUI Cruises’ Fleet Stays on Course with DataCore’s Software-Defined Storage

Enjoys Failsafe Travel with SANsymphonyREADING, UK. and Unterfoehring, Germany, June 19, 2017 – DataCore Software, a leading provider of software-defined storage, today announced that its software-defined storage platform, SANsymphonytrade;, has been implemented on the cruise ship fleet of TUI Cruises, a joint venture between German TUI AG and Royal Caribbean Cruises Ltd., the worldrsquo;s second-largest cruise company.

The SANsymphonytrade; storage platform delivers highly-available and high-performance storage capacity for VMware, Microsoft SQL Server and Microsoft Exchange.“DataCorersquo;s... Source: RealWire

North Korea hits imperialist aggressor barge in coastal cruise missile demo

In the latest missile-palooza, DPRK shoots four missiles at targets in Sea of Japan.

The Mummy review: A mix of good-creepy and Tom Cruise-creepy

Best bits make us hopeful for next Dark Universe movie. Not this one, though.

Open the pod bay doors, Watson: IBM introduces “cognitive rooms”

Will have a "wake word" like Google Home, Amazon Echo—but you can choose it.

Avoid "Hal."

Cadillac Super Cruises to the front with the most advanced semi-autonomous...

Geofenced to highways, it uses head-tracking to know when the driver's distracted.

The best of the 2017 New York International Auto Show

Much to like, including Cadillac's semi-autonomous system and a Ford police hybrid.

Use of biofuel could reduce aviation-related emissions

But burning biofuel still gives off a lot of soot particles.

Up close and personal: Russian spy ship skims edge of US...

It's the latest provocation as Russia's military appears to test Trump.

Can ISPs step up and solve the DDoS problem?

Apply best routing practices liberally. Repeat each morning Solve the DDoS problem? No problem. We’ll just get ISPs to rewrite the internet.
In this interview Ian Levy, technical director of GCHQ’s National Cyber Security Centre, says it’s up to ISPs to rewrite internet standards and stamp out DDoS attacks coming from the UK.
In particular, they should change the Border Gateway Protocol, which lies at the heart of the routing system, he suggests. He’s right about BGP.
It sucks.

ENISA calls it the “Achilles’ heel of the Internet”.
In an ideal world, it should be rewritten.
In the real one, it’s a bit more difficult. Apart from the ghastly idea of having the government’s surveillance agency helping to rewrite the Internet’s routing layer, it’s also like trying to rebuild a cruise ship from the inside out. Just because the ship was built a while ago and none of the cabin doors shut properly doesn’t mean that you can just dismantle the thing and start again.
It’s a massive ship and it’s at sea and there are people living in it. In any case, ISPs already have standards to help stop at least one category of DDoS, and it’s been around for the last 16 years.

All they have to do is implement it. Reflecting on the problem Although there are many subcategories, we can break down DDoS attacks into two broad types.

The first is a direct attack, where devices flood a target with traffic directly. The second is a reflected attack. Here, the attacker impersonates a target by sending packets to another device that look like they’re coming from the target’s address.

The device then tries to contact the target, participating in a DDoS attack that knocks it out. The attacker fools the device by spoofing the source of the IP packet, replacing their IP address in the packet header’s source IP entry with the target’s address.
It’s like sending a letter in someone else’s name.

The key here is amplification: depending on the type of traffic sent, the response sent to the target can be an order of magnitude greater. ISPs can prevent this by validating source addresses and using anti-spoofing filters that stop packets with incorrect source IP addresses from entering or leaving the network, explains the Mutually Agreed Norms for Routing Security (MANRS).

This is a manifesto produced by a collection of network operators who want to make the routing layer more secure by promoting best practices for service providers. Return to sender One way to do this is with an existing standard from 2000 called BCP 38. When implemented in network edge equipment, it checks to see whether incoming packets contain a source IP address that’s approved and linked to a customer (eg, within the appropriate block of IPs).
If it isn’t, it drops the packet.
Simple.

Corero COO & CTO Dave Larson adds, “If you are not following BCP 38 in your environment, you should be.
If all operators implemented this simple best practice, reflection and amplification DDoS attacks would be drastically reduced.” There are other things that ISPs can do to choke off these attacks, such as response rate limiting.

Authoritative DNS servers are often used as the unwitting dupe in reflection attacks because they send more traffic to the target than the attacker sends to them.

Their operators can limit the number of responses using a mechanism included by default in the BIND DNS server software, for example, which can detect patterns in incoming traffic and limit the responses to avoid flooding a target. The Internet of Pings We’d better sort this out, because the stakes are rising.

Thanks to the Internet of Things, we’re seeing attackers forklift large numbers of dumb devices such as IP cameras and DVRs, pointing them at whatever targets they want. Welcome to the Internet of Pings. We’re at the point where some jerk can bring down the Internet using an army of angry toasters.

Because of the vast range of IP addresses, it also makes things more difficult for ISPs to detect and solve the problem. We saw this with the attack on Dyn in late October, which could well be the largest attack ever at this point, hitting the DNS provider with pings from tens of millions of IP addresses.

Those claiming responsibility said that it was a dry run. Bruce Schneier had already reported someone rattling the Internet’s biggest doors. “What can we do about this?” he asked. “Nothing, really.” Well, we can do something. We can implore our ISPs to pull their collective fingers out and start implementing some preventative technology. We can also encourage IoT manufacturers to impose better security in IoT equipment. Let’s get to proper code signing later, and start with just avoiding the use of default login credentials first. When a crummy malware strain like Mirai takes down half the web using nothing but a pre-baked list of usernames and passwords, you know something’s wrong. How do we persuade IoT vendors to do better? Perhaps some government regulation is appropriate.
Indeed, organizations are already exploring this on both sides of the pond. Unfortunately, politicians move like molasses, while DDoS packets move at the speed of light.
In the meantime, it’s going to be up to the gatekeepers to solve the problem voluntarily. ® Sponsored: Want to know more about PAM? Visit The Register's hub

Stealing, scamming, bluffing: El Reg rides along with pen-testing ‘red team...

Broad smiles, good suits and fake IDs test security in new dimensions FEATURE "Go to this McDonald's," Chris Gatford told me. "There's a 'Create Your Taste' burger-builder PC there and you should be able to access the OS.

Find that machine, open the command prompt and pretend to do something important. "I'll be watching you." Gatford instructed your reporter to visit the burger barn because he practices a form of penetration testing called "red teaming", wherein consultants attack clients using techniques limited only by their imagination, ingenuity, and bravado. He wanted me to break the burger-builder to probe my weaknesses before he would let The Register ride along on a red-team raid aimed at breaking into the supposedly secure headquarters of a major property chain worth hundreds of millions of dollars. Before we try for that target, Gatford, director of penetrations testing firm HackLabs, wants to know if I will give the game away during a social engineering exploit. Chris Gatford (Image: Darren Pauli / The Register) So when the McDonald's computer turns out to have been fixed and my fake system administrator act cancelled, we visit an office building's lobby where Gatford challenges me to break into a small glass-walled room containing a shabby-looking ATM. I can't see a way into the locked room.
I think I see a security camera peering down from the roof, but later on I'm not sure I did.
I can't think of a way in and I'm trying to look so casual I know I'm certain to look nervous. Time's up.

Gatford is finished with the lobby clerk. He asks how I would get in, and hints in my silence that the door responds to heat sensors. I mutter something stupid about using a hair dryer.

Gatford laughs and reminds me about heat packs you'd slip into gloves or ski boots. "Slide one of those under the crack," he says. I've failed that test but stayed cool, so Gatford decides he's happy to have me along on a red-team raid, if only because red teams seldom face significant resistance. "At the end of the day, people just want to help," Gatford says. Red alert Costume is therefore an important element of a red team raid.

For this raid, our software exploits are suits and clipboards.
Sometimes it's high-visibility tradie vests, hard hats, or anything that makes a security tester appear legitimate. Once dressed for the part, practitioners use social-engineering skills to manipulate staff into doing their bidding.

Fans of Mr Robot may recall an episode where the protagonist uses social engineering to gain access to a highly secure data centre; this is red teaming stylised.

Think a real-world capture the flag where the flags are located in the CEO's office, the guard office, and highly secure areas behind multiple layers of locked doors. By scoring flags, testers demonstrate the fallibility of physical defences. Only one manager, usually the CEO of the target company, tends to know an operation is afoot. Limited knowledge, or black-box testing, is critical to examine the real defences of an organisation. Red teamers are typically not told anything outside of the barebones criteria of the job, while staff know nothing at all.
It catches tech teams off guard and can make them look bad.

Gatford is not the only tester forced to calm irate staff with the same social engineering manipulation he uses to breach defences. Red teamers almost always win, pushing some to more audacious attacks. Vulture South knows of one Australian team busted by police after the black-clad hackers abseiled down from the roof of a data centre with Go-Pro cameras strapped to their heads. Across the Pacific, veteran security tester Charles Henderson tells of how years back he exited a warehouse after a red-teaming job. "I was walking out to leave and I looked over and saw this truck," Henderson says. "It was full of the company's disks ready to be shredded.

The keys were in it." Henderson phoned the CEO and asked if the truck was in-scope, a term signalling a green light for penetration testers.
It was, and if it weren't for a potential call to police, he would have hopped into the cab and drove off. Henderson now leads Dell's new red-teaming unit in the United States, which he also built from the ground up. "There are some instances where criminal law makes little distinction between actions and intent, placing red teams in predicaments during an assignment, particularly when performing physical intrusion tasks," Nathaniel Carew and Michael McKinnon from Sense of Security's Melbourne office say. "They should always ensure they carry with them a letter of authority from the enterprise." Your reporter has, over pints with the hacking community, heard many stories of law enforcement showing up during red-team ops. One Australian was sitting off a site staring through a military-grade sniper scope, only to have a cop tap on the window.

Gatford some years ago found himself face-to-face in a small room with a massive industrial furnace while taking a wrong turn on a red-team assignment at a NSW utility. He and his colleagues were dressed in suits.

Another tester on an assignment in the Middle East was detained for a day by AK-47-wielding guards after the CEO failed to answer the phone. Red teamers have been stopped by police in London, Sydney, and Quebec, The Register hears. One of Australia's notably talented red teamers told of how he completely compromised a huge gaming company using his laptop and mobile phone. Whether red teaming on site or behind the keyboard, the mission is the same: breach by any means necessary. Equipment check A fortnight after the ATM incident, The Register is at HackLabs' Manly office.
It's an unassuming and unmarked door that takes this reporter several minutes to spot. Upstairs, entry passes to international hacker cons are draped from one wall, a collection of gadgets on a neighbouring shelf.

Then there's the equipment area.
Scanners, radios, a 3D printer, and network equipment sit beside identity cards sporting the same face but different names and titles.

There's a PwnPlug and three versions of the iconic Wi-Fi Pineapple over by the lockpicks.

A trio of neon hard hats dangle from hooks. "What do you think?" Gatford asks.
It's impressive; a messy collection of more hacking gadgets than this reporter had seen in one place, all showing use or in some stage of construction.

This is a workshop of tools, not toys. "No one uses the secure stuff, mate." In his office, Gatford revealed the target customer. The Register agrees to obscure the client's name, and any identifying particulars, so the pseudonym "Estate Brokers" will serve.

Gatford speaks of the industry in which it operates, Brokers' clientele, and their likely approach to security. The customer has multiple properties in Sydney's central business district, some housing clients of high value to attackers.
It has undergone technical security testing before, but has not yet evaluated its social engineering resilience. The day before, Gatford ran some reconnaissance of the first building we are to hit, watching the flow of people in and out of the building from the pavement. Our targets, he says, are the bottlenecks like doors and escalators that force people to bunch up. JavaScript Disabled Please Enable JavaScript to use this feature. He unzips a small suitcase revealing what looks like a large scanner, with cables and D-cell batteries flowing from circuit boards. "It's an access card reader", Gatford says.
It reads the most common frequencies used by the typically white rigid plastic door entry cards that dangle from staffer waists.

There are more secure versions that this particular device does not read without modification. "No one uses the secure stuff, mate," Gatford says with the same half-smile worn by most in his sector when talking about the pervasive unwillingness to spend on security. I point to a blue plastic card sleeve that turns out to be a SkimSAFE FIPS 201-certified anti-skimming card protector.

Gatford pops an access card into it and waves it about a foot in front of the suitcase-sized scanner.
It beeps and card number data flashes up on a monitor. "So much for that," Gatford laughs. He taps away at his Mac, loading up Estate Brokers' website. "We'll need employee identity cards or we'll be asked too many questions," Gatford says. We are to play the role of contractors on site to conduct an audit of IT equipment, so we will need something that looks official enough to pass cursory inspection. The company name and logo image is copied over, a mug shot of your reporter snapped, and both are printed on a laminated white identity card.

Gatford does the same for himself. We're auditors come to itemise Estate Brokers' security systems and make sure everything is running. "We should get going," he says as he places hacking gear into a hard shell suitcase.
So off we go. Beep beep beep beepbeepbeep Our attack was staged in two parts over two days.

Estate Brokers has an office in a luxurious CBD tower. We need to compromise that in order to breach the second line of defences. We'll need an access card to get through the doors, however, and our laptop-sized skimmer, which made a mockery of the SkimSAFE gadget, will be the key. It is 4:32pm and employees are starting to pour out of the building.

Gatford hands me the skimmer concealed in a very ordinary-looking laptop bag. "Go get some cards," he says. Almost everyone clips access cards on their right hip.
If I can get the bag within 30cm of the cards, I'll hear the soft beep I've been training my ear to detect that signals a successful read. Maybe one in 20 wear their access cards like a necklace. "Hold your bag in your left hand, and pretend to check the time on your watch," Gatford says.

That raises the scanner high enough to get a hit. I'm talking to no one on my mobile as I clumsily weave in and out of brisk walking staff, copping shade from those whose patience has expired for the day.

Beep.

Beep.

Beep, beep, beep, beep, beepbeepbeepbeep.

There are dozens of beeps, far too many to count.

Then we enter a crowded lift and it's like a musical.
It's fun, exhilarating stuff.

The staff hail from law firms, big tech, even the Federal Government.

And we now have their access cards. Estate Brokers is on level 10, but we need a card to send the lift to it. No matter, people just want to help, remember? The lady in the lift is more than happy to tap her card for the two smiling blokes in suits.

Gatford knows the office and puts me in front. "Walk left, second right, second left, then right." I recite it. With people behind us, I walk out and start to turn right, before tightening, and speeding up through the security door someone has propped open. We enter an open-plan office. "They are terrible for security," I recall Gatford saying earlier that day.
It allows attackers to walk anywhere without the challenge of doors. Lucky for us.

Gatford takes the lead and we cruise past staff bashing away their final hour in cubicles, straight to the stationery room. No one is there as Gatford fills a bag with letter heads and branded pens, while rifling through for other things that could prove useful. We head back to the lobby for a few more rounds of card stealing. Not all the reads come out clean, and not all the staff we hit are from Estate Brokers, so it pays to scan plenty of cards. "Look out for that guard down there," Gatford says, indicating the edge of the floor where a security guard can be seen on ground level. "Tell you what, if you can get his card, I'll give you 50 bucks." "You're on," I say. The guard has his card so high on his chest it is almost under his chin.

At this point I think I'm unbeatable so after one nerve-cooling circuit on the phone, I walk up to him checking my watch with my arm so high I know I look strange.
I don't care, though, because I figure customer service is a big thing in the corporate world and he'll keep his opinions to himself.
I ask him where some made-up law firm is as I hear the beep. Silver tongue It is 8:30am the next day and I am back in Gatford's office. We peruse the access cards. He opens up the large text file dump of yesterday's haul and tells me what the data fields represent. "These are the building numbers; they cycle between one and 255, and these are the floor numbers," he says.

There are blank fields and junk characters from erroneous scans. He works out which belong to Estate Brokers and writes them to blank cards.

They work. More reconnaissance.

Estate Brokers has more buildings that Gatford will test after your reporter leaves. He fires up Apple Maps, and Google Maps Street View. With the eyes of a budding red teamer I am staggered by the level of detail it offers.

Apple is great for external building architecture, like routing pathways across neighbouring rooftops, Gatford says, while Google lets you explore the front of buildings for cameras and possible sheltered access points.
Some mapping services even let you go inside lobbies. Today's mission is to get into the guards' office and record the security controls in place.
If we can learn the name and version of the building management system, we've won.

Anything more is a bonus for Gatford's subsequent report. We take the Estate Brokers stationery haul along with our access cards and fake identity badges and head out to the firm's second site. "Don't hesitate, be confident." But first, coffee in the lobby. We chat about red teaming, about how humans are always the weakest link. We eat and are magnanimous with the waiting staff.

Gatford gets talking to one lady and says how he has forgotten the building manager's name. "Jason sent us in," he says, truthfully. Jason is the guy who ordered the red team test, but we don't have anything else to help us.

The rest is up to Gatford's skills. It takes a few minutes for the waitress to come back.

The person who she consulted is suspicious and asks a few challenging questions. Not to worry, we have identity cards and Gatford is an old hand.
I quietly muse over how I would have clammed up and failed at this point, but I'm happily in the backseat, gazing at my phone. We use the access cards skimmed the day earlier to take the lift up to an Estate Brokers level.
It is a cold, white corridor, unkempt, and made for services, not customers.

There's a security door, but no one responds to our knocks.

There are CCTV cameras. We return down to the lobby. Michael is the manager Gatford had asked about. He is standing at the lifts with another guy, and they greet us with brusque handshakes, Michael's barely concealed irritation threatening to boil over in response to our surprise audit. He rings Jason, but there's no answer.
I watch Gatford weave around Michael's questions and witness the subtle diffusion.
It's impressive stuff. Michael says the security room is on the basement level, so we head back into the lift and beep our way down with our cards. This room is lined with dank, white concrete and dimly lit. We spy the security room beaming with CCTV. "Don't hesitate, be confident," Gatford tells me. We stride towards the door, knock, and Gatford talks through the glass slit to the guard inside. Gatford tells him our story. He's a nice bloke, around 50 years old, with a broad smile.

After some back-and-forth about how Jason screwed up and failed to tell anyone about the audit, he lets us in. My pulse quickens as Gatford walks over to a terminal chatting away to the guard.

There are banks of CCTV screens showing footage from around the building.

A pile of access cards.
Some software boxes. I hear the guard telling Gatford how staff use remote desktop protocol to log in to the building management system, our mission objective. "What version?" Gatford asks. "Uh, 7.1.
It crashes a lot." Bingo. Day one, heading up in a crowded lift.
Shot with a pen camera I look down and there are logins scrawled on Post-it notes. Of course.
I snap a few photos while their backs are turned. Behind me is a small room with a server rack and an unlocked cabinet full of keys.
I think Gatford should see it so I walk back out and think of a reason to chat to the guard.
I don't want to talk technology because I'm worried my nerves will make me say something stupid.
I see a motorbike helmet. "What do you ride?" I ask. He tells me about his BMW 1200GS. Nice bike.
I tell him I'm about ready to upgrade my Suzuki and share a story about a recent ride through some mountainous countryside. Gatford, meanwhile, is out of sight, holed up in the server room snapping photos of the racks and keys. More gravy for the report. We thank the guard and leave.
I feel unshakably guilty. From the red to the black Gatford and I debrief over drinks, a beer for me, single-malt whiskey for him. We talk again about how the same courtesy and acquiescence to the customer that society demands creates avenues for manipulation. It isn’t just red teamers who exploit this; their craft is essentially ancient grifts and cons that have ripped off countless gullible victims, won elections or made spear phishing a viable attack. I ask Gatford why red teaming is needed when the typical enterprise fails security basics, leaving old application security vulnerabilities in place, forgetting to shut down disused domains and relying on known bad practice checkbox compliance-driven audits. "You can't ignore one area of security just to focus on another," he says. "And you don't do red teaming in isolation." Carew and McKinnon agree, adding that red teaming is distinct from penetration testing in that it is a deliberately hostile attack through the easiest path to the heart of organisations, while the former shakes out all electronic vulnerabilities. "Penetration testing delivers an exhaustive battery of digital intrusion tests that find bugs from critical, all the way down to informational... and compliance problems and opportunities," they say in a client paper detailing aspects of red teaming [PDF]. "In contrast, red teaming aims to exploit the most effective vulnerabilities in order to capture a target, and is not a replacement for penetration testing as it provides nowhere near the same exhaustive review." Red teaming, they say, helps organisations to better defend against competitors, organised crime, and even cops and spys in some countries. Gatford sells red teaming as a package.

Australia's boutique consultancies, and those across the ditch in New Zealand, pride themselves on close partnerships with their clients.

They point out the holes, and then help to heal.

They offer mitigation strategies, harass vendors for patches, and help businesses move bit by bit from exposed to secure. For his part, Gatford is notably proud of his gamified social engineering training, which he says is designed to showcase the importance of defence against the human side of security, covering attacks like phishing and red teaming. He's started training those keen on entering red teaming through a three-day practical course. "Estate Brokers", like others signing up for this burgeoning area of security testing, will go through that training.

Gatford will walk staff through how he exploited their kindness to breach the secure core of the organisation. And how the next time, it could be real criminals who exploit their willingness to help. ®

Long-range projectiles for Navy’s newest ship too expensive to shoot

Enlarge / The USS Zumwalt (DDG-1000), commissioned in Baltimore in October.
Its two AGS guns depend on projectiles too expensive to pass a Navy gut-check.US Navy reader comments 40 Share this story The USS Zumwalt (DDG-1000) is the US Navy’s latest warship, commissioned just last month—and it comes with the biggest guns the Navy has deployed since the twilight of the battleships.

But it turns out the Zumwalt's guns won’t be getting much of a workout any time soon, aside from acceptance testing.

That’s because the special projectiles they were intended to fire are so expensive that the Navy has canceled its order. Back when it was originally conceived, the Zumwalt was supposed to be the modern-day incarnation of the big-gunned cruisers and battleships that once provided fire support for Marines storming hostile beaches.

This ability to lob devastating volleys of powerful explosive shells deep inland to take out hardened enemy positions, weapons, and infrastructure was lost after the Gulf War’s end, when the last of the Iowa-class battleships were retired.

To bring it back, the Zumwalt’s design included a new gun, the Advanced Gun System (AGS).

As we described it in a story two years ago: The automated AGS can fire 10 rocket-assisted, precision-guided projectiles per minute at targets over 100 miles away.

Those projectiles use GPS and inertial guidance to improve the gun’s accuracy to a 50 meter (164 feet) circle of probable error—meaning that half of its GPS-guided shells will fall within that distance from the target. The projectile responsible for that accuracy—something far too complex to just be called a "shell" or "bullet"—is the Long Range Land-Attack Projectile (LRLAP).

Each projectile has precision guidance provided by internal global positioning and inertial sensors, and bursts of LRLAPs could in theory be fired over a minute following different ballistic trajectories that cause them to land all at the same time. Enlarge / A Lockheed Martin image of the LRLAP. Lockheed Martin won the competition to produce the LRLAPs, and the company described their capabilities thusly: 155mm LRLAP provides single strike lethality against a wide range of targets, with three times the lethality of traditional 5-inch naval ballistic rounds—and because it is guided, fewer rounds can produce similar or more lethal effects at less cost. LRLAP has the capability to guide multiple rounds launched from the same gun to strike single or multiple targets simultaneously, maximizing lethal effects. The "less cost" part, however, turned out to be a pipe dream. With the reduction of the Zumwalt class to a total of three ships, the corresponding reduction in requirements for LRLAP production raised the production costs just as the price of the ships they would be deployed to soared.

Defense News reports that the Navy is canceling production of the LRLAP because of an $800,000-per-shot price tag—more than 10 times the original projected cost.

By comparison, the nuclear-capable Tomahawk cruise missile costs approximately $1 million per shot, while the M712 Copperhead laser-guided 155-millimeter projectile and M982 Excalibur GPS-guided rounds cost less than $70,000 per shot.

Traditional Navy 5-inch shells cost no more than a few hundred dollars each. In theory, the Army's Copperhead or Excalibur rounds could be adapted to the AGS, because the gun is the same bore-size and is essentially a sea-based howitzer—it fires at a higher angle than previous naval guns and is designed strictly for firing at land targets.

The Excalibur has been used successfully in combats against targets more than 20 miles away.

The Navy is reportedly looking at the Excalibur as one option, as well as the Hyper Velocity Projectile (HVP)—a projectile being developed by BAE Systems under contract with the Office of Naval Research for use both in traditional powder-fired guns and a future Navy electromagnetic railgun system. In the long run, the HVP will likely win out—that is, if the Zumwalt is successfully fitted with a railgun.

The ship’s all-electric design was created with the intention of being compatible with high-energy electrical weapons (like railguns) once they're generally available, and the HVP would be the obvious next step.

Exclusive: Our Thai prison interview with an alleged top advisor to...

reader comments 7 Share this story BANGKOK, Thailand—Few people were watching when the prison truck doors swung open at Ratchada Criminal Court to reveal a 55-year-old Canadian inmate.

But there he was: Roger Thomas Clark, the man accused of being “Variety Jones,” notorious dope dealer and top advisor to Silk Road founder Ross “Dread Pirate Roberts” Ulbricht. Enlarge / Clark entering court. Clark did the perp-walk, shuffling unchained and unnoticed past the Bangkok press brigade, which was focused that day on the trial of an accused Spanish murderer.

Accompanied by a lone Thai corrections officer in a sand-coloured uniform, Clark was led to the eighth floor and was greeted by his team of lawyers and interpreters. Clark was here to battle extradition to America and a possible life sentence on charges of narcotics conspiracy and conspiracy to commit money laundering.

But face-to-face, whether in a Thai court or a prison, Clark appeared unfazed by the powerful forces seeking him for a trial on the other side of the planet. Though acknowledging that his odds of beating extradition are slim, Clark remained in high spirits during his July day-trip to the courthouse. He even slipped in a brag or two on the way. “Normally a senior person signs an extradition order, but my order was signed and stamped by John Kerry,” he said, adding that the order came with a blue silk ribbon. “Very few people ever have an extradition signed by John Kerry.” (In the past, Clark has proven to be an eccentric interviewee who has made bold, unsubstantiated claims, such as having access to helicopters and being guarded by members of the Thai Tourist Police, the Khmer Palace Guard, and the Vietnamese Special Forces.) Clark is fighting for his life any way he knows how.

But one thing he’s sure of: he won’t go down like Ulbricht, laptop open and unencrypted.

During a series of recent interviews from prison, Clark bragged about how his machines, when seized by Thai police last year, were all cryptographically secured. Enlarge / Bangkok Remand Prison, where Clark is being held as he awaits the outcome of his extradition hearing. Sam Cooley "They found my three notebooks closed and encrypted" Silk Road functioned for years as a sort of “Amazon.com for drugs.” Equipped with the proper software, users around the world could log into Silk Road and cruise through hundreds of drug listings, read reviews, and decide to purchase a kilogram of heroin off someone named “BigDaddy24”—all without leaving their bedrooms.

During its lifetime, from 2011 to 2013, Silk Road’s user base exploded. Ulbricht eventually had to hire administrators to keep things running smoothly—and Clark is believed to have been one of the most important. In 2013, Ulbricht was captured red-handed in a San Francisco library with his laptop open and logged into Silk Road—and on that laptop was a photograph of Clark. (To this day, the photograph functions as one of the few public pieces of evidence linking Clark to the “Variety Jones” name.) Also on Ulbricht’s computer was a 2011 journal entry paying tribute to Variety Jones’ influence on Silk Road. “He has helped me better interact with the community around Silk Road, delivering proclamations, handling troublesome characters, running a sale, changing my name, devising rules, and on and on,” Ulbricht wrote. “He also helped me get my head straight regarding legal protection, cover stories, devising a will, finding a successor, and so on. He’s been a real mentor.” This evidence, in part, led investigators to suggest that Clark was in fact Variety Jones and that he had advised Ulbricht “on all aspects of the [Silk Road], including how to maximize profits and use threats of violence to thwart law enforcement,” according to a press release issued after Clark’s arrest in Thailand. On the Internet, Variety Jones came across as a bit of a tough guy.

According to seized chat logs, Jones may have been instrumental to Ulbricht’s decision to commission the killing of one of his workers whom he believed had defected. (The “killing” was actually faked by a corrupt—and now-convicted—DEA agent.) That toughness came through in prison, where Clark periodically receives visitors. When the buzzers rang at the visitation segment of Bangkok Remand Prison this June, Clark took a seat at a row of telephones to discuss his predicament during a series of interviews with co-author Sam Cooley. (Disclosure: Cooley purchased two containers of Pringles and three cartons of soy milk for Clark before one interview.) “Guilt is a technical term,” Clark said, adding that he won’t be taken by the FBI the same way Ulbricht was in 2013. “They don’t have shit on me.
I’m not going [to the US].
It’s an impossible circumstance.” “They might have caught Ross with his notebook opened, as they claim, but they found my three notebooks closed and encrypted,” Clark added, claiming his home was raided without a warrant on the Thai island of Koh Chang in December 2015. “Forensics could spend 30 years trying to decrypt those hard drives and still not get anywhere; so in a way, those hard disks are a headache,” he said. “The longer they need to open them, the longer I can relax here in Bangkok.

They would rather deny that they seized all this evidence.” For the past 20 years, Clark says he’s been living internationally—though most recently on the concrete floor of the jail, where he’s been held for the past nine months. Clark shook his head when asked if he was mistreated. He laughed, saying the only people who complain about the conditions are foreigners—and that he wasn’t about to do so over a jail telephone. “My chances of survival are zero if I go to the US,” he added. Clark also repeated a previous claim to have knowledge about a so-far undiscovered dirty FBI agent—information which he said he’s keeping “under (his) hat” until the right opportunity presents itself. Enlarge / A Thai prison guard. Sam Cooley "39 words exactly" During Clark's July appearance at Ratchada court, an officer of Thailand’s Ministry of Foreign Affairs functioned as a liaison between the US government and its Thai counterparts. Discussion in court that day—all of it in Thai, which was interpreted into English by co-author Akbar Khan—revolved around domain registration and whether the prosecution could provide information about the official registrant of the Silk Road domain name.

Given the complexities of Silk Road’s operations, which formerly existed in the semi-public darknet, prosecutors were forced to concede they did not have a copy of the domain registry. Clark’s defence team responded by launching a barrage of strategic questions which could, at the least, prolong the extradition process.
Shortly afterwards, the court session concluded and Clark was shuffled back to prison. (The hearing was attended by only one other person, a slick-looking Chinese man who described himself as a law student.) As for Clark's newest gambit to save himself from extradition, it comes right out of a spy movie. He said that he recently requested a meeting with an intelligence official close to Thailand’s Prime Minister, Prayut Chan-ocha, because Clark has “top secret information” for the military government. “I am going to write (the information) on a piece of paper for them and hand it to them to read.
It’s not even going to be 40 words; it’s just going to be 39 words. 39 words exactly,” he told me. “The deal can only be done within six days after the verdict has been read, and I have no idea how long this is going to drag on for.” Freelance journalist Sam Cooley tweets at @samcooley. Listing image by Sam Cooley