Spycraft: Keeping your sources private Steve Doig Cronkite School of
22 Slides377.50 KB
Spycraft: Keeping your sources private Steve Doig Cronkite School of Journalism Arizona State University
Why spycraft for reporters? Need to keep identity of confidential sources secret from subpoena. Need to keep identity of confidential whistleblowers secret from corporations. Need to travel in places where governments detain journalists.
What I’ll cover Keeping internet searches private Making and receiving untraceable calls Keeping email private Encryption/decryption programs Keeping your computer clean Tricking keyloggers
Private internet searching AOL debacle: 36 million search terms of 650,000 users (http://www.aolstalker.com/) Subpoenas to your IT department or IP provider Alternative: www.ixquick.com: No IP addresses kept, search terms deleted within 48 hours Anonymizer.com Anonymous Surfing ( 30)
Keeping identity private in calls #31# blocks your Caller ID on Vodafone But doesn’t work on texts! “Spoof” your Caller ID with SpoofCard ( www.spoofcard.com) or other spoofing services -- 10/60 minutes SpoofCard does international calls Spoofcard also does voice changing!
Cellphone cautions GIS-equipped cellphones track your location Cellphones also track location by cell tower triangulation Cellphones and wireless phones can be heard by scanners Cellphones can be bugged
Pre-paid cell phones No-contract cell phones: Buy with cash, and replenish with cash Easy in Europe with SIM cards and topping up
Voice over Internet Protocol (VoIP) Internet voice calls Beware “man in the middle” attacks Skype encrypts voice/video data stream But there may be a back door Zfone with VoIP clients like Google Talk and Gizmo5
Keeping identity private in email Use free “throwaway” email addresses from Yahoo, etc. Anonymizer.com: Nyms software creates throwaway email addresses that will forward to your real address
Smuggling your text and pictures Use 2GB micro SD cards
Cryptography Avoid simple ciphers, one-time pads, etc. Public-key cryptography is best Pretty Good Privacy: www.pgp.com Email encryption Disk encryption Instant-message encryption Desktop Home edition: 164 Cryptoheaven.com Freeware PGP available Keep data on encrypted thumb drive (Folderlock)
Ciphertext example 15D718115BBCA0949B0CC94FFBCFF186B764DF5E73 1A2F818E4F16441A4DBE29EE6C2ED1C6CADE59 ECCA5E31E9C66DE7A4AE9FCCFBB6062182022F1C13 9468636DEB462B79C85996981B2B6FB6148EE2 86F8B620E557BB74489843508F526DDBFB80E47C172 9E529EE2AB9456E3CBBD72C73D87BDAD0A99C C302B3416FA6F8C63CE647D7FF34C6C0B1B9412482A 0FA5E576603CE951EDE50AD393A44B1391073 13FB985FA83B74BEA21903D0B0E0681F1E2E0C44574 0EA74BE4A27B54485F7C2330C9A99439498CB 0FEF821A8C5F7FDD
Steganography Poe’s “Purloined Letter”: Hide in plain sight Message hidden in “covertext” of some sort: Plaintext MP3s, jpegs, video, etc. Steganos Privacy Suite 12: 70 stegoarchive.com for shareware programs
Stego example: original
Stego example: encoded
Spammimic.com Turns a short message into spam, which can be decoded “Dear Friend ; Thank-you for your interest in our publication . If you no longer wish to receive our publications simply reply with a Subject: of "REMOVE" and you will immediately be removed from our club ! This mail is being sent in compliance with Senate bill 1816 ; Title 3 ; Section 304 .
Spammimic.com Turns a short message into spam, which can be decoded “Dear Friend ; Thank-you for your interest in our publication . If you no longer wish to receive our publications simply reply with a Subject: of "REMOVE" and you will immediately be removed from our club ! This mail is being sent in compliance with Senate bill 1816 ; Title 3 ; Section 304 .
Cleaning your computer Deleting files doesn’t destroy them Need software that overwrites deleted file space, temp files, etc. Webroot Window Washer: 30 Deletes whatever you specify “Bleaches”: Overwrites 3, 7 or 35 times Can schedule washes as often as every 15 minutes
Beware document watermarks Government and corporations will use micro watermarks to identify who got each copy of sensitive documents Invisible watermarking uses variety of techniques: Shift lines, text and/or characters; deliberate misspellings, etc. Countermeasures: Copy into new document, degrade image, add your own shifts and misspellings
Keyloggers Hidden program that captures keystrokes and sends them to whoever installed it. FBI’s Magic Lantern keylogger Anti-spyware software will detect many – but not all – keyloggers. Stopgap protection: When typing password letters, type a few random letters elsewhere on window between each But screenloggers exist, too
Some privacy resources www.privacy.org www.epic.org: Electronic Privacy Information Center www.privacyinternational.org
Questions and ideas?
