-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512

A neutral reference for those considering illegal hacking

If you’re interested in computers, you’ve probably considered doing illegal hacking or other blackhat or hacktivist activities. If you’re interested in computer security, you’ve *definitely* considered it.

Unfortunately, there are not many good sources of advice for this issue. This guide attempts to thoroughly explore the question. We do not make any recommendations one way or another, we just present information so that readers are able to make more informed decisions.

Contents:

1. Is it worth it?

1.1. How much time does it take?

1.2. How much money can I make?

1.3. What about working in the security industry?

1.4. Why not both?

1.5. What political outcomes can I achieve?

1.6. Mental health

2. Will I get caught?

2.1. Fundamental principle

2.2. Penalties

2.3. The financial system

2.4. Choosing targets

2.5. OPSEC

3. Ethics

3.1. Legality

3.2. Stealing money

3.3. Exploits

3.4. Surveillance/Privacy/Forensics

3.5. Military

3.6. Blackmail

4. Conclusion

5. References

1. Is it worth it?

1.1. How much time does it take?

It depends on what you are doing, but in general, it will take many hours of dedicated work. Regardless of what you are doing, you will have to spend long hours learning and doing research. You will also have to spend a lot of time coding.

If you’re doing this for money, think of this as requiring the same amount of work as starting a legitimate small business. You don’t get paid per hour, you get paid if and when you get results. If you’re doing this for political reasons, you have more flexibility in the amount of time you spend, but if you want results in a reasonable amount of time, you will need to make this a priority in your life for the duration of your operation.

We have a limited amount of time in a day, and time spent doing one thing is time that cannot be spent doing another thing. If you are considering spending a lot of time on something, it is a good idea to consider multiple options to get the greatest value for your time. This applies to hacking as much as it applies to taking a new job, doing a university degree or getting married.

1.2. How much money can I make?

Popular belief is that blackhat hacking is a glamorous career from which you can make a lot of money. This is true for some people. For example, the ransomware developers behind Gandcrab claimed to have made US$150,000,000 in a year between them (though it is unknown how many developers there were, or how truthful they were being).[1]

However, the number of people for whom this is true is very small, with the vast majority of people earning much less. For example, in a campaign that Flashpoint analysed, the average monthly salary of a distributor was US$600/month, and the average monthly salary of the leader of the group was US$7500/month.[2]

There are other ways that you can make money than ransomware, and if you are considering them you should investigate further, but I expect that the same pattern of a very small number of high-earning people and everyone else earning a small amount (or making a loss) would hold true.

1.3. What about working in the security industry?

Salaries in the security industry tend to be very high, but there can be significant variation depending on the location and the job being performed. According to Glassdoor, the average Salary of a SOC Analyst in Washington D.C., United States is US$59,413/year,[3] and the average salary of a penetration tester in D.C. is US$107,370/year.[4] Getting a job in the industry is a skill in itself, but there are guides on how to do this.[5] Furthermore, there is a shortage of cyber skills at the moment, so it’s much easier to find a new job and negotiate for a higher salary, especially after having a year or two of experience.

Most jobs in the security industry are office jobs, so the culture is different. For example, you can be expected to write reports, and "people" skills are important as well as technical skills. Penetration testing and red teaming are the corporate jobs which involve actual hacking. That being said, defensive jobs still tend to require knowledge of how hacking works, how to detect it and how to prevent it.

If you don’t want to do an office job, you can become self-employed working in bug bounties or exploit development.

Some people earn a lot of money from bug bounties, with six people having made more than US$1,000,000 from Hackerone.[6] The vast majority of people do not make this much, with average yearly earnings among the top 1% of bug hunters being US$34,255.[7] Many people who do bug bounties have full time jobs, and do bounties for a hobby, which also brings in some extra cash.

It can be difficult to get information about income from the exploit market, given the secrecy under which it operates. Zerodium makes its prices public, but I have heard rumours that their prices are below market. The RAND Corporation published a very detailed report on the zero-day market,[8] which found that exploits on the government market tended to sell for US$50,000-US$100,000, but acknowledged that significantly higher and lower figures could be reached depending on the exploit. The time taken to develop an exploit given a vulnerability was, on average, 22 days. The time taken to find vulnerabilities was estimated to be about a month. For some products, researchers were unable to find vulnerabilities, in which case they move on to another product.

The times given in the report do not account for the amount of time spent learning the skills of finding vulnerabilities and creating exploits. Acquiring these skills can take a lot of time.

1.4. Why not both?

In principle, there is no reason that you cannot work in the security industry and do illegal stuff in your spare time. In fact, there are people who do just this.

Your employer is unlikely to find out if you do illegal hacking outside of work, and as long as you do your job they should be happy. If you get caught and get a criminal record, there is a good chance that you will lose your job.

If you already have a job, it is possible that money will be less of a motivator for you. You may also want to have other parts of your life that don’t involve security, and you may not have the time for hacking outside work. On the other hand, you might still want to do it.

When you are first introduced to the security community, it can seem that large numbers of people in the community do illegal hacking. Statistics on this are difficult to find, since most people will say that they don’t do it, and there is no way to verify whether they are telling the truth or not. There is definitely a non-zero percentage of the community who hack illegally, or who have done so in the past, but my guess is that it is less than half, and probably much less than that.

It is fun to cosplay as a hacker and pretend that you are a Mr. Robot character, but it’s a mistake to interpret this as people actually having a secret underground life. Regardless of the percentages, you can never say - or even imply - that you hack illegally in a job interview, and there are lots of good, legitimate, free options to help you learn hacking, so it’s also a mistake to think that hacking illegally will help you get a job in the industry.

1.5. What political outcomes can I achieve?

There are several ways which you can do political action through hacking. These can broadly be categorised into website defacement/denial of service, release of information and disruption of critical infrastructure. (There is also stealing money to donate, but this is covered under the sections on financial hacking.)

For political action, it’s important to plan out what you’re going to do, and model the likely impact of it. This is because it is easily possible for your action to have no impact, or to make matters much worse for your cause. This is a situation where studying politics and international relations would really help. Every situation is different, and I have not studied these fields, however I will offer some general observations which you can accept or reject.

I do not think that website defacement is an effective method of change. Your target will not change their behaviour because their website has been defaced. You can place a manifesto on the website explaining your problems with the target, and you may even get some news coverage, but it’s hard to see what comes after this.

I have similar thoughts about denial of service. You may be able to slow an organisation down for a short time before they fix it, which can result in large financial loss, but once everything is working again, why won’t they continue behaving as they did before?

Information release has great potential to affect change, but the information actually has to be valuable. By far, the best information is that which provides evidence of wrongdoing on the part of your target. Key intellectual property being released can also significantly damage a company. Phineas Phisher’s action against Hacking Team directly lead to the company’s collapse.

My expectation is that blackmailing people with the release of their information is unlikely to be effective in making policy change, and can also affect public opinion when you actually do decide to release the information.

Doxxing is also a type of information release, but I’m much less certain of its effect and for this reason don’t recommend it. I suspect that doxxing people is unlikely to make the people being doxxed change their behaviour, and is likely be perceived negatively by the public. Potentially, seeing people within an organisation being doxxed may serve as a deterrent to others considering joining that organisation, but this may not be the case unless there is a consistent pattern of doxxing (so it cannot be dismissed as a one-off event), and the people being doxxed actually suffer negative consequences as a result.

Critical infrastructure is infrastructure which society depends on to function, and disturbing it can have disastrous consequences. For this reason, it is particularly useful for military applications, as evidenced by Stuxnet. As an individual, it is more difficult to see how this can be used to make political change. Terrorism has a low success rate. Your target’s reaction is likely to be that they should increase their security for next time, not that they should consider negotiating with you.

1.6. Mental health

Doing blackhat activities can have an impact on your mental health for several reasons.

The first reason is that you will never be completely sure that you have gotten away with your activities, and this can lead to paranoia (which may or may not be justified depending on the circumstances). You can find it much harder to trust people.

The second reason is that good OPSEC dictates that you don’t tell anyone what you have done. However, humans generally aren’t good at keeping secrets, and you can’t accurately guess how you will feel until you are in the situation. Reasons for wanting to tell others vary, but they could be as simple as exhibiting great technical skill and wanting to get credit for it, or wanting to be open with a partner.

2. Will I get caught?

2.1. Fundamental principle

Nobody does hacking without taking steps to stop themselves from getting caught. Yet people are caught all the time. If you think that you have a system which offers protection against getting caught, you should remember that other people who have been caught would have thought the same thing.

2.2. Penalties

When considering the likelihood that you will get caught, it is also useful to consider what the likely consequences of getting caught are. As with everything, it depends on the circumstances surrounding your crime, and the jurisdiction you are in.

Because I cannot compile information for all countries here, you will have to do your own research. People can and do go to jail for computer crimes,[9] but this is not always the case.[10] When searching, it is a good idea to try to find recent cases, not cases from 30 years ago.

In addition to working out the most likely penalty, it is important to work out the worst possible penalty. If you are not prepared to accept this possibility, you should not go ahead with the illegal activity.

In addition to the formal legal penalties, having a criminal record can severely limit your rights and employment options in most countries, which is something else to consider. It would also be useful to consider the effect that your activities being known would have on your reputation.

2.3. The financial system

The financial system is heavily monitored, and it is difficult to make anonymous transactions.

In terms of purchases (such as hosting, VPN services, hacking tools), prepaid credit cards are a popular method. The location that you bought the card from is recorded and people have been identified from CCTV footage, so you would have to wait enough time before the footage is cleared before using it. Many sellers will check the location associated with your IP address to see that it matches the location you bought the card from.

Cryptocurrencies are another method, but it is harder to find somewhere to get these using cash. Regardless of what method you choose, the person you are purchasing from has to accept that method of payment, and due to high rates of fraud, many sellers don’t accept these methods.

If you are hacking for financial gain, then you will need to be able to get money out of the system into a form that you can spend. The main problem with this is that, except for purely digital goods, when you buy something you will need to collect it at some point. Much can be said about PO Boxes and abandoned houses but realistically, this cannot be compartmentalised well. The methods of converting money into a spendable form are dependent on what you are converting from, what you are converting to, and what you want to spend the money on.

2.4. Choosing targets

In terms of the government’s motivation and ability to investigate an incident, the target chosen can make a big difference. If your target is in a country which does not have good relations with your own country, this makes the investigation more difficult. If your target is an individual or small business which has only suffered a small loss, then the government may not want to devote the resources to investigating thoroughly. If your target is a government department, a major company or politically sensitive, the government may be willing to devote a large amount of resources to the investigation.

None of this provides a guarantee that you will or won’t get caught, it just influences the probabilities.

2.5. OPSEC

OPSEC is the idea of maintaining good anonymity practices. It includes technical controls, such as VPNs, and social controls, such as not telling anyone about your activities.

An OPSEC plan can be perfectly designed, but in practice, mistakes happen. You might do a perfect run a few times, but you are eventually going to make a mistake, and a single mistake can be enough to identify you.

It is difficult to establish the effectiveness of technical controls, since we do not know government capabilities. For example, the government may be able to break modern encryption methods – the academic literature on cryptography moves quickly, and the government can pay much more than universities would. There is lots of talk about VPN providers being bought or compromised, but people talk much less about traffic correlation attacks, which are also an issue for Tor. For some capabilities (such as zero-days), the government may only choose to use them on certain specially selected targets, to reduce the likelihood of them being burned.

Aside from not telling anyone about your activities, another good social control to be aware of is compartmentalization. Compartmentalization is a separation of your regular online activities and your secret online activities, which means no re-using browsers, usernames, email addresses, etc. There are lots of ways your information can accidentally leak, which is why it may be a good idea to get a new computer for your secret activities. This sounds simple, but lots of people get it wrong. Dread Pirate Roberts asked questions related to the Silk Road under his real life name on Stack Overflow.

3. Ethics

3.1. Illegality

If you’re considering illegal activity, you need to decide whether you are morally comfortable with it. For most people, I would expect that legality and morality are separate. For some laws made under oppressive regimes, breaking them is the only moral option (provided you are sure that you can get away with it). Even in modern liberal democracies, laws relating to jaywalking and copyright are routinely ignored. This does not mean that you should behave without regard to laws – you should definitely take into consideration punishment and likelihood of getting caught – but it does mean that your analysis should go further than saying something is wrong purely because it is illegal.

3.2. Stealing money

The impact of stealing money can vary wildly depending on who it is stolen from, how it is stolen and what you do with the money.

It is important to realise that the effects of stealing money are not just limited to the transfer of cash. The person who has the money stolen from them, when they discover this, is likely to experience negative emotions such as anger, fear and guilt. They may end up with a more cynical approach to life and find it more difficult to trust people.

In general, stealing money from poor people is difficult to justify. Even very small amounts of money can make a big difference to the life of someone without much – losing money can mean having to skip meals, being evicted or worse.

It is easier to justify stealing money from rich people, on the reasoning that they don’t need the money.

If you do this, it is important that you correctly identify them. Looking at a country’s average income is not enough to do this. For one thing, there is great variation of income within a country, and for another thing, prices can be much higher in wealthier countries, which significantly increases the cost of living.

Another thing is, it is difficult to estimate how much money someone needs, and what they would use it for otherwise. A rich person could need their money to pay for their child’s medical treatment. They may have taken out lots of loans and need the money to make repayments. Doing research on individuals can help ensure that only people who don’t actually need the money would be affected.

On the other hand, you could look at this as being a tradeoff worth making. 1.2 billion people live on less than US$1.25/day, and millions die of easily preventable diseases, so donating money to these people may end up doing more good than the harm caused to the person stolen from.

If you need money for your own immediate survival, then ethics aside, hacking is not a good idea as there is a significant time cost to get to the stage where you can start making money, even if you already have the technical skills.

Taking money from large corporations is easier to justify than stealing from people, since the money isn’t directly owned by anyone. It is possible that someone may be fired as a result of the theft once the company discovers it. If the amount of money stolen is particularly large, then it is possible that there may be broader effects on the company and stockholders, but for smaller amounts this is not likely.

With credit card fraud, people often have the ability to dispute transactions and get their money back, so the loss is felt by the bank instead of the person whose account the money was taken from. That being said, the process for disputing transactions can be difficult, especially if you are on a low income, some people might not know that the process exists, some people might need the money immediately and not have enough time to wait for the money to be refunded, and the process might not be available in all circumstances.

3.3. Exploits

When you develop and sell exploits, you don’t know who the buyer is or how they will use them. The common assumption is that the buyers are government intelligence agencies. Authoritarian governments have been have been known to use the exploits that they purchase to kill people for criticising them.[11] Conversely, they can be used to help fight terrorism.[12]

The primary ethical problem for you to deal with if you are thinking of trading in exploits is how much risk you are willing to accept due to the uncertainty, the relative benefit gained from good usage of the exploit versus the harm done due to bad usage of the exploit, and what you think the probabilities of each are.

3.4 Surveillance/Privacy/Forensics

Both legally in the security industry, and illegally in the blackhat space, there are opportunities to make money by invading people’s privacy.

The impact of this can vary depending on the circumstances. To take one example, let’s say that you create and sell a RAT on a hacking forum. Maybe it even allows people to use the camera without turning the light on. You can be fairly certain that it will be used to hurt people.

- From the whitehat side, consider the case where you work in forensics for law enforcement. Your findings can play a part in sending people to jail. This can be a good thing, for example in cases of child exploitation, but it’s possible that you will be assigned to a case where you are collecting evidence against someone for a law that you disagree with, such as whistleblowing. There are similar considerations when considering working in the surveillance programs of intelligence agencies.

In the corporate space, you could be recording employees’ locations through MDM software. You could also be recording emails and web traffic logs, which can be an enormous help for incident response. However, all of this information can be used to provide evidence against employees at the request of management, even for matters not related to network security.

To decide whether a privacy violation is justified, there are some things to consider. Firstly, if the person being monitored is made aware of the monitoring and consents to it (as in the corporate example), then they are able to act accordingly. Secondly, if the privacy violation is done for a good purpose then you may also be able to justify it.

3.5. Military/Intelligence Agencies

The military, and intelligence agencies in particular, are always looking to hire people with cybersecurity skills. As with everything, it depends what you are doing for the organisations, but your work could end up helping to kill people.

Whether or not you this is a good thing is up for debate. There are definitely some wars which are justified, such as the Union side of the US Civil War (which was able to achieve the abolition of slavery), and nations need military forces to protect themselves from invasion.

Whether or not your country's forces are doing the right thing is a question you will have to investigate. Because of the secrecy associated with intelligence agencies, this may be difficult. If you think that there is a reasonable chance of your country's forces doing good, then you may wish to consider joining to see if you can find out. Of course, it would be a good idea to have a plan for what you are going to do if you find out that they are not doing good.

3.6. Blackmail

Blackmail is particularly pernicious in my mind and I find it difficult to conceive of a realistic situation in which it would be justified.

The primary reason for my strong view on this issue is that blackmail operates by creating emotional suffering through the abuse of a power imbalance. Moreover, this suffering is not resolved through agreeing to the blackmailer's demands, because the blackmailer still has the information and is able to release it.

If you think that the person being blackmailed is legitimately bad, you may want them to suffer. But even then, I would say that blackmail is not the way to do this. A person will not pay a blackmail threat unless they believe that the information being released would hurt them more than making the payment would. So if you really want them to suffer, then you should just release the information without giving them the chance to get out of it. Bad people should not have the option to pay their way out of punishment just because they are rich.

If you blackmail someone, it ruins your ability to get political change. If they comply, and you don't release the information, then nobody else knows about it, so the impact is limited. If you release the information (whether or not they comply), then the fact that you attempted blackmail would also likely come out, ruining credibility and providing a distraction from the information.

You should also consider that the other person's suffering is not a good goal to have, even if they are actually a bad person. Revenge is something that sounds good when you are powerless, but when you actually carry it out, it is unsatisfying. Also reflect on your judgment as to whether the person truly deserves the suffering which you are considering imposing. When you can gain financially from blackmailing someone, you may be inclined to think that they should suffer greatly, when this is not the case for the vast majority of people.

As a final note, sexual blackmail (such as threatening someone with the release of explicit images) is sexual abuse. It is as simple as that. Our communities, whitehat and blackhat, should not tolerate people who do this, or argue in support of it.

4. Conclusion

As someone with skills in infosec, I've often wondered if I was missing out on great opportunities to use my skills for good - get lots of money to distribute to charities, overthrow rogue governments and so on. I created this guide as a way for me to set out the research that I was doing, and thought that it would be helpful to distribute to others.

After doing this research, I've come to the conclusion that the risk is too great, and the likely reward too little, but that is just me. This is anonymous, so I'm not writing this on behalf of the security industry or to gain personal cred. I'd love to hear about any extra information you have, or where you think I might be wrong. Write in comment sections where you see this article referenced and I should hopefully be able to see it. I can't confirm that I will respond, but if I do, my response will be signed by the key attached to this message.

If this guide has helped you, and you'd like to show your appreciation, then to follow the example of vim, I would encourage you to donate to the ICCF in Uganda.[13]

Have a Merry Christmas and a Happy New Year.

5. References

[1] https://krebsonsecurity.com/2019/07/whos-behind-the-gandcrab-ransomware/

[2] https://www.neowin.net/news/how-russian-cybercrime-bosses-crafted-a-ransomware-empire-out-of-an-economic-crisis

[3] https://www.glassdoor.com/Salaries/washington-dc-soc-analyst-salary-SRCH_IL.0,13_IM911_KO14,25.htm

[4] https://www.glassdoor.com/Salaries/washington-dc-penetration-tester-salary-SRCH_IL.0,13_IM911_KO14,32

[5] https://gist.github.com/mubix/5737a066c8845d25721ec4bf3139fd31

[6] https://www.hackerone.com/blog/meet-six-hackers-making-seven-figures

[7] https://blog.trailofbits.com/2019/01/14/on-bounties-and-boffins/

[8] https://www.rand.org/pubs/research_reports/RR1751.html

[9] https://en.wikipedia.org/wiki/Roman_Seleznev

[10] https://en.wikipedia.org/wiki/Marcus_Hutchins

[11] https://www.middleeastmonitor.com/20190112-snowden-if-israels-nso-had-refused-sale-to-saudi-khashoggi-would-be-alive/

[12] https://en.wikipedia.org/wiki/2015_San_Bernardino_attack#Phone_decryption

[13] http://www.vim.org/iccf/

[13] http://iccf-holland.org/

[13] http://www.iccf.nl/

-----BEGIN PGP SIGNATURE-----

iQHJBAEBCgAzFiEEzevp2r/2EkNeukKJCS0RcsldjrwFAl38xdQVHHBvcnRpYUBh

bGxzYWZlLmxvY2FsAAoJEAktEXLJXY68rFkMALVdEaNR6uJSUzWvc5KBhQQNjlVM

bmwWu1u/fT6Sv7Nr3C9qe6BUu+8d2LngQ40viWvopVSDEgz2TxVvm3BtL3KY4ao1

mlo0HzpWpQyaruh646TNeQ9QrZOm8iedKFMV9qkRC1IL77F9ebvHGUtXZF3GdzDr

3QYa2MjQG0dBoCC+iwyLy1rxze2p3pIgkJhyxuDZ7H+qLGmMgFktr30jW3I9sy91

bXYEySep2hMS1fCxny1f5zlps+JebXjQyNhPiR32egy9sJpkdN+UTjkSh9uNdkSr

TAuFqDHi/kl0rebi5nXFvkVsoutOZ/Vld4MUbxGDOEe7fzvxbq7SffhkFdyZQWOK

vwcAlNYnhoAfMs42IdYnME+bU16kXzAE+ftt2MkD4axdcT8IcPJFoFEPWSgjNqcb

UNwBhYzDPnQP0I0t2tblnKKuNn3/2qkU44A/8jjxcZyzlX4cl3Z6tROFOz/dSfGm

7nt0LNeiDj/6eXaWsxfQRKJ4u2bLXQpu+7liHg==

=iVo2

-----END PGP SIGNATURE-----

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGNBF38pDwBDADH3Mjmak+yZ1mCMUMsXo92NGtCfjHHBSdj6S6jFJpOZ+09Xgy7

Jw0p7mLWArKJJtDU7wfw6P6ALgmzV6KuoJaeRidkyxTRO3Z16T+BzZRL5nMcbWN4

RA6BCsUwGIm+LB0bSCT/1hNQD+JGmRruJRDDgWL/3Wi5+NUk7wuZtAT1g0RhaEuw

oicGqgX4r68In6w3rrnf4pAbsDHeePtzVnEX2ajqPfoNdoKT4tABMyExlCr+LZm2

lWgz71hdDke1rCQmt5+zHEPoEJvI/7nAKnKQoYImvVzP5eKApf19g7pCW6eoFqF5

SEd7nglSfRHSEA7mdJsMT1YodLJf1O82tGSlShW1Id6lp8lJH7Ai6zuIFsnjDyiC

lxmnzFPK2NmLuA0eJonCPp/i6MZD0+DK16/i4mLRv61G4O2aGlpMl1LKLsjxrYco

/EaE05y2+XMhjhJI2eg0h/AbyducvwryIO1yPcoTJt2sc4gtqcEt4WrPUobKB5RO

esdJqUiW25fl4QsAEQEAAbQsQWxsc2FmZSBDeWJlcnNlY3VyaXR5IDxwb3J0aWFA

YWxsc2FmZS5sb2NhbD6JAdQEEwEKAD4WIQTN6+nav/YSQ166QokJLRFyyV2OvAUC

XfykPAIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAJLRFyyV2O

vD9SDADE4TEHJLa88NUgprnyA3bBx6+fO10xsShCT2ExEadkxUgwD5oRCokNhBnA

ii98PHHsnpIRyWBk+vmrLOrynzytObmRUrswMPJipJRN70mNSLlEty0+sdAxOV0a

MOi+Vx6QqnwNdFcobD2eqv+k2HtXPIf9zE1zGtlwCRFMVmrIQRK2uJMYFkzbhwS7

DPWltoxWD04lrvmm2GryXo4793OeCyBaZ0fylkoFeh7Ek7BOzA8DGyle0lQ0TcmV

+XPyh5Yhl5S2nri2ANaOvRhNIDeQ8HSzLvKokYClgfDDs/llnUTWIR4Z6PvWpo3l

HXPE39h+3DsQfV5R15mTB8eerZg6JFt9c7ru4o67eDufynh1r66BfOYI8VBp08vp

KzZQKmgNs6sCMeobsZKREx7F0ppk0NqQV1JR22qET422oP0bRLPSVMIaEu6cE8ep

Claqh1qDQ5unAJHz4kapHGIqXtV8NRYHZAeiYcSsX8eGKLL4FeM0XVj16ZuAm/z1

b+clzeS5AY0EXfykPAEMANyuZvyqkEokO+j+ePgrrNdfr+l4DhYgCxgJVHvfsj+n

vNFBNEdfrYSazZE+Iit01iQ2kvnFwHhDPLUBgwogYV8OKQqvrvhNXCmuEH4WZwvh

C9od5FNV2Y5zuLrpdzXFTsOlhbTSyubN5BD19AG4B/845UoThDsWnQSBErwLmbWK

ejAc5O5cbA777RvHNmm3wFaT0IeqPU9o/+J7T1PHhj0VTHRAgUaxBEOJfi4AN+Xa

seFHs2iDytp2CWIZft2K8kZd4wi4eXDOwi4hhO1F+AV2lPOFu7bvuoCH8emqO20P

xrm5i1kDMOStxTctRDtrCL16cQrTow0Txs1PHHliso/FRek6y43SVVubCAG9l13g

6pBmwb39Nx3gtd+/e2CrZu9IfpLtNsvf5kjvdpSLdbtYC+J8MdvnEWcFrM9q8suh

cSykpJXwc4CE1nI5FNSDauIPckhGLspL/WPLwVRGW+BybiS4whL+XfUEEUol8IfN

AkxzVUzlVrNnlybKIScVAQARAQABiQG8BBgBCgAmFiEEzevp2r/2EkNeukKJCS0R

csldjrwFAl38pDwCGwwFCQPCZwAACgkQCS0RcsldjryaAQv/WOJkMXpCsSIFw7x8

ijpvY/WvPJ3OyHWR/xtaZCAb7mJW0bjU6+OE/KkVQi/FuZFquTKaaxb5H5EAn32D

CFVIWLV+RfESEWuXlq6SDeUrfeFEl0JtmO4gvAykG3AV2a/hQzjriUzbK2n61oV8

jbRd8pHc+IC2emTohGAkh+u/i3D7nw2E9/rLQE9VfsVEA6Q+ur0tqMP4zIC9UU0q

vHPxk7w+y2SOJJUZ+OWPubjhHM/2ykh1fdAGlybekcdoWnP9mnMewbNq6janIq1q

0jbrIkQxGry115gJnNRTsVtYjvwd67qQ3/6JDudWljaiTU4Eg6WKUQcwY98N0Zv3

Lc4TIGudJF3TMNeezGtMNFhJfSXhTvavzEK8NudSqQ+PEUcdQYahWig18EwuD/1u

wvCHv8rafCWVLRma3pxK/uKWJsUb8s5CczYqBCmF/Fhxc6himi2I1JF4VsvIFDQy

kT3WnVx3ccahY/+DVx18GAqStipEiXGO1P8AbHGg9JEX8AAx

=tc3T