Wednesday, June 12, 2013

How To Hide From The NSA...And Other Little Hacks


Truthout.org has a piece by Cora Currier, Theodoric Meyer and Justin Elliott, and ProPublica  called, "A Timeline of Mass Surveillance in America," that gives us a historical perspective of the current NSA brouhaha:

"On Wednesday, the Guardian published a secret court order requiring Verizon to hand over data for all the calls made on its network on an “ongoing, daily basis.”Other revelations about surveillance of phone and digital communications have followed.

"That the National Security Agency has engaged in such activity isn’t entirely new: Since 9/11, we've learned about large-scale surveillance by the spy agency from a patchwork of official statements, classified documents, and anonymously sourced news stories.

"1978: Surveillance court created

"After a post-Watergate Senate investigation documented abuses of government surveillance, Congress passes the Foreign Intelligence Surveillance Act, or FISA, to regulate how the government can monitor suspected spies or terrorists in the U.S. The law establishes a secret court that issues warrants for electronic surveillance or physical searches of a 'foreign power' or 'agents of a foreign power' (broadly defined in the law). The government doesn’t have to demonstrate probable cause of a crime, just that the 'purpose of the surveillance is to obtain foreign intelligence information.'”


Copyright, Truthout.org. Reprinted with permission


Now for the fun stuff.



"How to Keep the NSA at Bay: The Tricks From Privacy Experts," an essay by Winston Ross at The Daily Beast, asks, "Do government surveillance disclosures have you fearing Uncle Sam’s reach, as Winston Ross looks at PGPs, secret phone apps, and burners like on The Wire to cloak your digital trail.

"It’s a fairly safe bet that most people are in one of four camps about all this National Security Agency-spying-on-Americans business: uninformed, apathetic, pissed off, or paranoid.
"For the apathetic, dude, wake up: you think because you live in the suburbs and you work at an insurance company that Big Brother will never come for you? What about that affair with your office secretary last year? What if her brother gets caught up in some kind of sting operation, and they check his phone records and then her phone records, and then police show up at your door, asking why you called her 50 times last week, while your wife is sitting in the living room? What if they transpose a digit or two and mix you up with a suspected terrorist and break down your door in the middle of the night and shoot your dog? OK, never mind, just flip back to The Bachelor.

"For those of you either pissed off or paranoid, it’s time you understand that there are plenty of ways to cloak yourself from Uncle Sam, especially if they’re not already parked in a white van outside your apartment building (if that’s the case, say even the most clever privacy advocates, you’re probably fucked).

"But wait, you hardly ever use the Internet? Your digital trail is pretty small? Skip on over to Me & My Shadow if you believe that nonsense. There you can find out exactly what kind of a shadow your computer and mobile-phone usage casts. It’s pretty scary and fascinating.

(Check out Me & My Shadow, it's chock full of goodies like, "Things To Know About Recent Changes In Facebook," "How To Stop Getting Tracked In Your Browser," and more -- Joyce, Jnr.)

"For those of you still understandably freaked out, if you just want to avoid getting caught up in the dragnet, having your phone, email, and search histories handed over by some spineless attorney at Verizon or Google or Facebook, there are ways to hide from Uncle Sam:



"Encrypt yourself. If you’re using Facebook and Gmail in the same Pollyannish fashion that most of us do, you gotta wrap that up. Get to know E2E (end to end) encryption, says Dan Auerbach, a staff technologist at the Electronic Frontier Foundation. It doesn’t mean you have to find some obscure email provider and kiss your (online) social networks goodbye, but it does mean if you want to have supersecret communication with certain supersecret people, you both must install software such as OTR to be all stealthy about it. Which software depends on which operating system and device you’re hoping to cloak, of course, but all that info is a few clicks away. 'It’s very easy to use,' Auerbach tells The Daily Beast.

"PGP it. A slightly beefier encryption option: PGP, short for “pretty good privacy.” That refers to software that can encrypt chat communications, emails, and more. Symantec offers one kind of PGP software, but there are many more options out there. Just remember that both sneaky users have to be using it, or it’s pointless.
"The goal of all these tactics is to make it hard for the government to get you."
"Make secret phone calls. Phone calls are a little tougher, Auerbach says. There once was a cool app called RedPhone that could encrypt phone calls, but it’s no longer being maintained. Nowadays, the best bet is probably Silent Circle, which last October released a 'surveillance-proof' smartphone app that lets people make secure phone calls and text messages. The company has released a data-transfer version of the app that lets users send files—photos, spreadsheets, blueprints. The user can set a nifty timer that 'burns' whatever’s sent from both devices after five minutes, or however long you want, Bond style.

"Go even deeper. If you’re already under the microscope, doing whatever you’re trying to secretly do without detection is going to be pretty difficult. Most of what everyone’s in a tizzy about at the moment is the kind of broad, dragnet-style spying where the government gobbles up huge databanks and mines through them for links and clues. But if you’re foolish enough to press on with your evil plans anyway, three words: anonymize, anonymize, anonymize.



"Tor is a good place to start. It’s a free software that routes your communication through a series of intermediaries, explains Smári McCarthy, the executive director of the International Modern Media Institute. It cloaks virtually everything you do on the Web: watch porn, buy drugs on Silk Road, stalk your ex’s Facebook page, watch porn, watch porn in one window while stalking your ex’s Facebook page in another, and so on.

"Get a burner. If you don’t know what a burner is, go watch all five seasons of The Wire and then come back and finish reading this. (It’s great television.) If the NSA really wants to find out what you’re doing, it can make like a hacker and just break right into the software of whatever device you’re on using what’s known as a 'zero-day exploit.' The only surefire way to prevent that is to be constantly changing up your devices.

"The safest way to use a burner is not for very long, but buying a new cellphone, laptop, or tablet once a week can get expensive. If you want to hang on to the same one, advises Nicholas Weaver, a researcher at the International Computer Science Institute in Berkeley, California, just be sure to take it to a crowded place every time you use it, and don’t bring any of your other devices with you. If the government matches up your burner use with a ping from a cellphone tower to your regular phone, you’re screwed.

"More on that, from Weaver, here.

"Cover your tracks.  If you stay logged in to Facebook (like most of us do,) then every single time you visit a Web page with a “like” button on it, that Web page is tattling back to Facebook that you just went there, Weaver says, which means the government can just subpoena Facebook records to figure out where you’ve been. Logging in and out all the time is a nuisance, of course. But so is having a SWAT team rip up your apartment. So at least set up your Web browsers to clear cookies all the time. That’s a start.

"Check out Tails. It’s a little piece of software that can live on a thumb drive or DVD, and it can boot your whole operating system from any computer, any time. So you can set it up with all the encryption software you want, and it’s all preloaded.

"OK, am I cool now? Probably not. If the government wants to get you, they’ll get you. The goal of all these tactics is to make it hard for the government to get you—hard enough that if they really want to muck around with your life, they’re going to have to invest in enough resources to sneak past the firewalls.



“'What you can do is try to make it more expensive for somebody such as the NSA to monitor you successfully,' McCarthy told The Daily Beast. 'If you keep raising the price, they’re either going to have to commit to targeting you as an individual or accept that they’re just not going to get your stuff.'

And from The Troubador at The Daily Kos a piece, "Want to See Your NSA or FBI File? Here's How...

"Have you ever Tweeted a politically subversive message, attended a protest, or signed an oppositional petition? If so, you may have a dedicated file on you kept by the FBI and/or the NSA.

"With a simple Freedom of Information Act (FOIA) request, any U.S. citizen can obtain one's NSA or FBI file, if such a file exists.

"It simply takes a few minutes to fill out the requisite forms and mail them to the appropriate address. An independent site – www.getmyfbifile – will, free of charge, generate the necessary forms for you already filled out.

"Of course, you can also do this directly through the NSA or FBI if you are worried about providing personal information to an independent site.

"While an appropriate level of cynicism may be warranted concerning the level of transparency one should expect from such a request – should your file be substantial – it is the law that your complete file be provided to you upon request.

"Demand that the law be followed, for it is your right as a citizen to know this information.

"My request is going in the mail today
."
And finally, from Wired, a post called, "Hear Ye, Future Deep Throats: This Is How to Leak to the Press," by Nicholas Weaver:

"We now live in a world where public servants informing the public about government behavior or wrongdoing must practice the tradecraft of drug dealers and spies. Otherwise, these informants could get caught in the web of administrations that view George Orwell’s 1984 as an operations manual.



"With the recent revelation that the Department of Justice under the Obama administration secretly obtained phone records for Associated Press journalists — and previous subpoenas by the Bush administration targeting the Washington Post and New York Times — it is clear that whether Democrat or Republican, we now live in a surveillance dystopia beyond Orwell’s Big Brother vision. Even privately collected data isn’t immune, and some highly sensitive data is particularly vulnerable thanks to the Third Party Doctrine.

"So how can one safely leak information to the press?

The parking garage where Deep Throat and Bernstein met.

"Well, it’s hard. Even the head of the CIA can’t email his mistress without being identified by the FBI. With a simple subpoena or warrant, the FBI can obtain historical calling information (and with cellphones, location history); email messages (and records revealing the pattern of where and when the target accessed these accounts); internet activity; and much more.

"Since even separate, innocuous contacts between a reporter and source may be sufficient for the FBI to establish a relationship in its investigations — and who knows what kind of leak triggers a crackdown — here’s my guide for potential leakers.
"Leaking by Email

"The CIA supposedly already provided a guide to secure email, which the Russian Federal Security Service (FSB) translated back to English — convenient, given the situation we now find ourselves in.

(A fun article --> http://rt.com/news/fsb-detain-cia-agent-253/.  Joyce, Jnr.)

"Get a dedicated computer or tablet: the cheapest Windows laptop will do. And pay cash, as our normal laptops have a host of automatic synchronization and similar services. Our personal web browsers also contain all sorts of location-identifying cookies. Even if you’re logged in to but don’t actually visit Facebook’s home page, a subpoena to Facebook can still reveal where you connect and what pages you visit — every 'Like' button reports to Facebook that you are visiting that particular page, at a particular time, from a particular IP address.

"Leave your cellphone, your normal computer, and your metro card (like SmarTrip) at home: anything that speaks over a wireless link must stay behind. Then go to a coffee shop that has open Wi-Fi, and once there open a new Gmail account that you will only use to contact the press and only from the dedicated computer. When registering, use no personal information that can identify you or your new account: no phone numbers, no names.

"Don’t forget: if you get anything at the cafe, or take public transit,pay cash. Be prepared to walk a bit, too; you can’t stay close to home for this.

"Of course, the job still isn’t finished. When you are done you must clear the browser’s cookies and turn off the Wi-Fi before turning off the computer and removing the battery. The dedicated computer should never be used on the network except when checking your press-contact account and only from open Wi-Fi connections away from home and work.
"Leaking Over the Phone



"Again, start by leaving all electronic devices at home. Go to a small liquor store in a low-income neighborhood, and buy a pre-paid cellphone (TracPhone or similar) with cash. Make sure it has enough airtime to not expire for a few months — T-mobile prepaid is particularly good since the pay-as-you-go plan doesn’t expire for a full year if you buy $100 of airtime.

"By the way, I would personally look for a store with security cameras that look old — a continuous tape or similar setup — since once the FBI has the number, the next step is to contact the store that sold the phone. Alternatively, you can get someone else to walk into the store and buy it for you.

"You now own your very own 'burner' phone — remember The Wire? – and this phone must remain off with the battery removed at all times. Because every active cellphone is effectively a continuous GPS, monitoring your location and feeding the information to the phone company which retains this information for weeks, months, even years. Just a warrant-step away.

"Now, to use the phone … Once again, go to a different location without carrying your normal devices, turn on the phone, check your voicemail, make your call, turn it off again, and pull out the battery. Your phone calls are now (hopefully) anonymous so that when the FBI leak-hunt starts, there is no trail for them to follow.

"Of course, the burner laptop or phone could still identify you if it’s ever found, as they both contain network identifiers built into the hardware. So if you ever need to abandon your device, first wipe the device back to its factory fresh configuration using any 'secure erase' options available, then take a hammer and break the device. Put it in some other piece of trash (like an empty McDonald’s sack), go for another stroll, and drop in a public trashcan.

"But if the feds are already following you, you’re caught anyway, so it doesn’t matter if they catch you taking out the trash instead of finding something when they search your home.

***

"All of this may seem like a script for a fictional T.V. show. But it’s the situation we’re in if you want to share information you have the right to — such extreme measures are a modern necessity.

"Does whoever leaked the Justice Department’s memo justifying drone strikes on Americans need to fear prosecution? Should someone even at a seemingly innocuous agency like the FDA need the above precautions before talking to the press or Congress? Yet with prosecution’s like Thomas Drake’s — triggered by his revealing unclassified information about NSA mismanagement — its now become clear that simply leaking embarrassing information carries substantial risk.

"Any future Deep Throat needs to follow these sorts of procedures if he or she wishes to talk to the press … though just imagine if Mark Felt had to do all of the above when leaking to Woodward and Bernstein.



"UPDATED May 15: There’s another option I didn’t originally mention here — leaking over mail. Investigative journalist Julia Angwin of the Wall Street Journal points out that physical mail, dropped in a random post-box with a bogus return address, is perhaps the best way for anonymous one-way communication. Though the U.S. Postal Service will record address information when asked by law enforcement, it doesn’t (at least currently) record this information on all mail. There’s no history. And even if there were, it can only be traced to the processing post office. So perhaps the best use of mail is simply to send the reporter a burner phone pre-programmed to only call your burner."

The older tools mentioned in the articles were used by many of us in the Bush years, and we post these essays in the event that the Conservatives are able to steal yet another Election from us.  Good hunting, and good hiding!



-----------------------------------------------------------------------------------------------------------------------

"You will never be happy if you continue to search for what happiness consists of.
You will never live if you are looking for the meaning of life."

Albert Camus (French Nobel Prize(x) winning author, journalist, and philosopher.
1913 – 1960)

-----------------------------------------------------------------------------------------------------------------------

No comments:

Post a Comment