STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources...
-
Upload
leona-booth -
Category
Documents
-
view
216 -
download
2
Transcript of STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources...
![Page 1: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/1.jpg)
Steve DoigCronkite School of Journalism
Arizona State University
Spycraft: Keeping your sources safe
![Page 2: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/2.jpg)
Why spycraft for reporters?
Need to keep identity of confidential sources secret from subpoena or government snooping.
Need to keep identity of confidential whistleblowers secret from corporations.
Need to travel in places where governments detain journalists.
![Page 3: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/3.jpg)
Examples
National Security Agency revelations from Snowden
Barry Bearak of the NY Times in ZimbabweHewlett Packard board leaksSecret subpoena of AP phone recordsFox News reporter’s email contents
![Page 4: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/4.jpg)
What I’ll cover
Keeping internet searches privateMaking and receiving untraceable callsKeeping email privateEncryption/decryption programsKeeping your computer cleanTricking keyloggers
![Page 5: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/5.jpg)
Private internet searching
NSA monitors search termsAOL debacle: 36 million search terms of 650,000
users (http://www.aolstalker.com/)Subpoenas to your IT department or IP providerAlternative: www.ixquick.com: No IP addresses
kept, no cookies, search terms deleted within 48 hours
DuckDuckGo.com: nothing keptAnonymizer.com?: Anonymizer Universal ($80)
![Page 6: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/6.jpg)
Torproject.org
TOR enables anonymous browsingBounces your browsing through a worldwide net of
relaysGet through national firewallsUsed by journalists, activists, bloggers, NGOs,
companies, et al.
![Page 7: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/7.jpg)
Keeping identity private in calls
*67 blocks Caller ID in U.S.Old NYT caller ID: 111-111-1111“Spoof” your Caller ID with SpoofCard
(www.spoofcard.com) -- $10/60 minutesCrazycall.net (international)Also do voice changing
![Page 8: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/8.jpg)
Cellphone cautions
GIS-equipped cellphones track your locationCellphones also track location by cell tower
triangulationCellphones and wireless phones can be heard by
scannersCellphones can be bugged
![Page 9: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/9.jpg)
Cellphone spyware
Listen to calls, extract SMS, view photos, read call logs ($60) (but not iPhones)
![Page 10: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/10.jpg)
Pre-paid “burner” cell phones
No-contract cell phones and SIM cardsIMPORTANT: Buy with cash, and replenish with
cashCommon outside the U.S. Phones as cheap as $10-$20Pre-paid cards as cheap as 10 cents/minute in US
![Page 11: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/11.jpg)
Voice over Internet Protocol (VoIP)
Internet voice callsBeware “man in the middle” attacks (NSA, for
instance)Skype encrypts voice/video data stream
But there is an NSA back door…
Use Jitsi.org instead of SkypeZfone with VoIP clients like Gizmo, GoogleTalk,
Magic Jack
![Page 12: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/12.jpg)
Silent Circle
Started by PGP inventor Phil ZimmermanApp for iPhone or AndroidEncrypts phone, text, video chatBut secure email server has been shut down!$10/monthPrepaid “Rōnin card” – get service anonymously
![Page 13: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/13.jpg)
Blackphone
Use with Silent CircleSecure phone, text, wirelessAnonymous search/browsingRemote wipe if lost
![Page 14: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/14.jpg)
Texting and chat
TextSecure from WhisperSystems: (for Android, but IOS soon?)...encrypted end to end
ChatSecure: Use for Facebook chat, Google Hangouts, et al....works on any platform
![Page 15: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/15.jpg)
Keeping identity private in email
Use free “throwaway” email addresses from Yahoo, Gmail, etc.
Anonymizer.com: Nyms software creates throwaway email addresses that will forward to your real address ($20/yr)
Other remailers: Mixmaster, QuickSilver, et al.
![Page 16: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/16.jpg)
Email without sending email
Trick used by CIA director David Petraeus and mistress Paula Broadwell
Create an anonymous Gmail accountWrite messages as drafts, but don’t send
them
![Page 17: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/17.jpg)
Smuggling your text and pictures
Use micro SD cardsUp to 128 GB
![Page 18: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/18.jpg)
Cryptography
Use code to make files on disk, phone, etc., unreadable
Avoid simple ciphers, one-time pads, etc.Public-key cryptography is bestTrueCrypt.org: not secure!!TrueCrypt to be replaced by CipherShed Boxcryptor: encrypt files in the cloud GnuPG 2.0 also open sourceUse a strong passphrase!Keep data on encrypted thumb drive
![Page 19: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/19.jpg)
Hidden USB drives
![Page 20: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/20.jpg)
Email encryption
MS Outlook will encrypt email
Better: GnuPG 2.0 (free) Uses public-key crypto
Can be built into GmailEnigmail extension for
Mozilla Thunderbird
![Page 21: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/21.jpg)
Cryptonerd’s fantasy
![Page 22: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/22.jpg)
Steganography
Poe’s “Purloined Letter”: Hide in plain sightMessage hidden in “covertext” of some sort:
Plaintext MP3s, jpegs, video, Flash, etc.
www.jjtc.com/Steganography/tools.htmlOpenPuff 4.0 – deniable encryption using less
secret data as a decoyNew – hiding files in the silence of Skype
conversations!
![Page 23: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/23.jpg)
Stego example: original
![Page 24: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/24.jpg)
Stego example: encoded
![Page 25: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/25.jpg)
Hiding directories
Create hidden “safes” on computer“Safes” can be on USB drives, DVDsEspionageapp.com
![Page 26: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/26.jpg)
Watermarking, fingerprinting
Related to steganographyHidden information embedded in filesInvisible watermarking uses variety of techniques: Shift
lines, text and/or characters; deliberate misspellings, etc.Used to verify copyright, reveal image tampering, traitor
tracingWatermarker.com: “IceMark” invisible watermark ($50)Strategy: Retype the document, adding your own
variations…
![Page 27: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/27.jpg)
Spammimic.com
Turns a short message into spam, which can be decoded
“Dear Friend ; Thank-you for your interest in our publication . If you no longer wish to receive our publications simply reply with a Subject: of "REMOVE" and you will immediately be removed from our club ! This mail is being sent in compliance with Senate bill 1816 ; Title 3 ; Section 304 ….
![Page 28: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/28.jpg)
Spammimic.com
Turns a short message into spam, which can be decoded
“Dear Friend ; Thank-you for your interest in our publication . If you no longer wish to receive our publications simply reply with a Subject: of "REMOVE" and you will immediately be removed from our club ! This mail is being sent in compliance with Senate bill 1816 ; Title 3 ; Section 304 ….
![Page 29: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/29.jpg)
Cleaning your computer
Deleting files doesn’t destroy themNeed software that overwrites deleted file space,
temp files, etc.CyberScrub Privacy Suite ($60)
Overwipes data files, erases other traces
Ccleaner (free), Eraser 6.0, other freewareDarik’s Boot and Nuke (CD wipes all drives)Blancco: industrial-grade data wiping
![Page 30: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/30.jpg)
Keyloggers
Hidden program that captures keystrokes and sends them to whoever installed it.
Common at internet cafes!FBI’s Magic Lantern keyloggerAnti-spyware software will detect many – but
not all – keyloggers.Stopgap protection: When typing password
letters, type a few random letters elsewhere on window between each
![Page 31: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/31.jpg)
Hardware keyloggers
Insert between keyboard and computer ($50-$200)
![Page 32: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/32.jpg)
Software keyloggers
Installs software in 5 seconds ($99)
![Page 33: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/33.jpg)
GPS tracking
GPS Trackers with cell SIM cards can update location every minute
![Page 34: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/34.jpg)
Recommendations
Assess the risk to your source Who wants your source’s identity? What are their capabilities?
Discuss security with your sourcesMake security decisions sooner rather than
laterConsider low-tech face-to-face meetings
![Page 35: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/35.jpg)
Some privacy resources
www.privacy.orgwww.epic.orgwww.privacyinternational.orgwww.journalistsecurity.net/www.securityinabox.org
![Page 36: STEVE DOIG CRONKITE SCHOOL OF JOURNALISM ARIZONA STATE UNIVERSITY Spycraft: Keeping your sources safe.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649daf5503460f94a9cd2c/html5/thumbnails/36.jpg)
Questions and ideas?