DOCSLIB.ORG

Anonymous Online Purchases with Exhaustive Operational Security Vincent Van Mieghem, Johan Pouwelse

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

1 Anonymous online purchases with exhaustive operational security Vincent Van Mieghem, Johan Pouwelse Abstract—This paper describes the process of remaining anonymous online and its concurrent operational security that has to be performed. It focusses particularly on remaining anonymous while purchasing online goods, resulting in anonymously bought items. Different aspects of the operational security process as well as anonymously funding with cryptocurrencies are described. Eventually it is shown how to anonymously purchase items and services from the hidden web, as well as the delivery. It is shown that, while becoming increasingly difficult, it is still possible to make anonymous purchases. Our presented work combines existing best-practices and deliberately avoids untested novel approaches when possible. Index Terms—OPSEC, online anonymity, bitcoin, hidden web, Tor, Dark Markets. F INTRODUCTION of incriminating evidence on those assets. Op- E present a detailed approach to anony- erational security, hereafter OPSEC, plays a W mously purchase goods and services on- critical role in remaining anonymous online. line. Anonymity does not work retroactively. At As human life shifts towards the world wide the beginning of an anonymous operation, the web, the interest of large Internet companies anonymity of all the assets involved have to and government agencies in the Internet in- be thought of very carefully. The environment creases significantly. Remaining anonymous on that will protect the anonymity has to be set up the Internet has ever before been as hard as it is thoroughly, from the beginning. The following today. Every webpage visited, every file down- subsections go into depth on the principles that loaded, every email or message sent, every ensure a high level of anonymity. purchase made, can be traced back and read by other parties. This paper describes the methods of remaining anonymous on the Internet and 1.1 Compartmentation the concurrently required operations security One of the key principles of OPSEC is applying processes. The first section explains the basic arXiv:1505.07370v1 [cs.CR] 27 May 2015 compartmentation. Compartmentation is the principles and tools regarding the operations limiting of the ability for persons or entities security, also known as OPSEC. Thereafter, the to access information needed to perform cer- process of obtaining anonymous bitcoins is de- tain tasks and isolating information as much scribed and finally the methods of purchasing as possible. In this case it means that all the online goods is explained. digital evidence and information should be (if possible physically) separated from each other 1 EXTENSIVE OPERATIONAL SECURITY so that linking pieces of information is hard Remaining anonymous on the internet is a and cannot be used to extend the image of though process. Anonymity cannot be obtained the anonymous identity that a person is using. through just the usage of certain tools or ser- Straight forward examples are: vices. It is a process that comes by keeping ev- • Possessing and using different online ac- ery single asset involved in the anonymous op- counts (i.e. Facebook or IRC nicknames) to eration, anonymous and minimise the amount sign up for anonymous services online. 2 Fig. 1. Elements of anonymous purchasing process. • Using different anonymous (prepaid) in OPSEC. credit card accounts to make purchases. • Removing XMP metadata (that may con- 1.2 Online identity tain geolocation data) from photo’s that a person uploads during the operation. Depending on the kind of operation, the fake LulzSec member W0rmer was exposed by identity that will be used, has to be as authen- not removing XMP data from a picture that tic as possible. A layered approach is used, contained geo-location of his girlfriend [7], meaning that one would create a fake online which linked to his real identity. identity and completely compartmentise this identity from its real identity. This fake iden- But compartmentation goes as far as: tity would then be used to create other fake • Using numerous hardware, i.e. mobile identities. It ensures that if one fake identify phones, laptops and CD-R’s (USB-devices gets compromised, it would not lead to de- contain microcontrollers that can be re- anonymization of the person’s real identity, but programmed into a spying device[8]), for instead just one ‘layer’ or ‘compartment’ of the doing different operations or components identity protection would have been ‘peeled of an operation. off’. In practice this means that created email • Spoofing MAC-addresses that are used to addresses point consequently only to the email identify hardware.[9] address of its previous ‘layer’ and not layers • Using different physical internet connec- beneath its previous ‘layer’. tions for different parts of an operation, As in other OPSEC practices, avoiding i.e. bars, hotels, open or hacked WiFi net- contamination and profiling between the works. LulzSec hacker Jeremy Hammond ‘wrapped’ identities is vital. was caught by identifying his laptop using the MAC-address found on his personal 1.3 Linking assets in real life WiFi network[9]. The purchase of online goods will in almost • Doing parts of an operation in differ- ent timezones, including never discussing every case, involve the physical contact of the environmental aspects, i.e. weather con- person with entities that may be able to gen- ditions. Hammond also revealed a large erate identifying material of the person’s real amount of profiling information during identity. In general one should always try, for IRC chats, that were used to personally every asset involved, to prevent purchases in identify him.[9] stores with camera surveillance and, obviously, never use electronic payment methods that • Removing any type of logs, i.e. syslog, chat logs from the operating system. may link to the real identity. It should not be possible for an observer of a 1.3.1 Purchase of hardware persons online activity to link properties of dif- In general, purchasing any kind of hardware ferent compartments to each other. Every step via online marketplaces12 is good practice (un- or move online has to be advised of not linking less the hardware is already blacklisted due compartments and extending the online image to past usage in compromised operations). of the real identity. This effect is referred to as contamination. To prevent this, the general 1. http://marktplaats.nl principle ‘proactively paranoid’ is often used 2. https://ebay.com 3 Second hand hardware has reduced tracking the easiest component to perform correctly in perspectives which otherwise may lead to the an anonymous operation. In general, open- de-anonymisation of the person’s real iden- source software projects that are end-to-end tity. By purchasing hardware in stores, the encrypted are used for secure communication. person becomes vulnerable to in-store camera The methods described in the following sec- systems. To minimise exposure, only purchase tions are, as of the moment of writing, ex- from small local stores and start to use the tremely secure, as concluded from N.S.A. doc- hardware only a few months after. If unique uments from the Snowden-leaks[1]. hardware ID’s may link to the time and lo- cation of purchase, the probability that the 1.4.1 Email owner of the store has already removed video One or multiple anonymous email accounts are evidence of the moment of purchase, is larger. required that do not have personal linked in- Making purchases in extreme weather condi- formation in them. Safe-mail3 is a provider that tions and dressing accordingly, may provide provides email with minimal personal informa- extra cover without drawing attention, i.e. sun- tion upon sign-up. Gmail also allows for easy glasses/scarf and cap. If hardware is bought sign-up, although is more monitored[11] and online, it must never be delivered to the per- sign-up over Tor requires phone verification. son’s address or be paid with electronic pay- This email account will be used together with ment systems other than anonymous prepaid GnuPG encryption of e-mails. Usage of keys credit cards and anonymised cryptocurrencies. longer than 4096-bit is important and authenti- It should be noted that spendings of prepaid cation tokens to protect the GnuPG private key credit cards are monitored[10]. provide an extra layer of security. Descriptive subjects should be avoided, as subjects of e- 1.3.2 Mobile Phones and SIM cards mails are not encrypted. Only when usage of mobile phones in an operation is mandatory, they should be used. 1.4.2 IM Due to easy localisation[4] and decryption of For Instant Messaging, a protocol named Off- communications[3], this medium is considered The-Record (OTR)[5] can be used. This is a insecure. Mobile phones should be disposable, XMPP-based protocol, that can be used to com- featuring a minimal OS and functionalities, re- municate over Jabber services, i.e. securejab- sulting in a reduced attack surface. The phones ber.me or CCC.de XMPP service4. Password should be used in combination with multiple renewal on regular basis is important practice. sim cards. Phones that will not be used any- XMPP services that provide self-signed certifi- more should be completely destroyed. While cates, signed with their GnuPG private key, phones are not used, the devices should be provide an extra layer of security against PKI battery unplugged or stored in a leaden box to attacks[2]. prevent emission of signals, especially when a 1.4.3 Voice smartphone or WiFi device is used. The phones should never be used to make phone calls Open Whisper Systems is a group of open- under the real identity of the person. Again, source contributors that build end-to-end compartmentise and avoid contamination of secure communication tools. RedPhone/Signal those compartments.
Recommended publications
  • Consensgx: Scaling Anonymous Communications Networks With

    Consensgx: Scaling Anonymous Communications Networks With

    Proceedings on Privacy Enhancing Technologies ; 2019 (3):331–349 Sajin Sasy* and Ian Goldberg* ConsenSGX: Scaling Anonymous Communications Networks with Trusted Execution Environments Abstract: Anonymous communications networks enable 1 Introduction individuals to maintain their privacy online. The most popular such network is Tor, with about two million Privacy is an integral right of every individual in daily users; however, Tor is reaching limits of its scala- society [72]. With almost every day-to-day interaction bility. One of the main scalability bottlenecks of Tor and shifting towards using the internet as a medium, it similar network designs originates from the requirement becomes essential to ensure that we can maintain the of distributing a global view of the servers in the network privacy of our actions online. Furthermore, in light to all network clients. This requirement is in place to of nation-state surveillance and censorship, it is all avoid epistemic attacks, in which adversaries who know the more important that we enable individuals and which parts of the network certain clients do and do not organizations to communicate online without revealing know about can rule in or out those clients from being their identities. There are a number of tools aiming to responsible for particular network traffic. provide such private communication, the most popular In this work, we introduce a novel solution to this of which is the Tor network [21]. scalability problem by leveraging oblivious RAM con- Tor is used by millions of people every day to structions and trusted execution environments in order protect their privacy online [70].
  • Online Media and the 2016 US Presidential Election

    Online Media and the 2016 US Presidential Election

    Partisanship, Propaganda, and Disinformation: Online Media and the 2016 U.S. Presidential Election The Harvard community has made this article openly available. Please share how this access benefits you. Your story matters Citation Faris, Robert M., Hal Roberts, Bruce Etling, Nikki Bourassa, Ethan Zuckerman, and Yochai Benkler. 2017. Partisanship, Propaganda, and Disinformation: Online Media and the 2016 U.S. Presidential Election. Berkman Klein Center for Internet & Society Research Paper. Citable link http://nrs.harvard.edu/urn-3:HUL.InstRepos:33759251 Terms of Use This article was downloaded from Harvard University’s DASH repository, and is made available under the terms and conditions applicable to Other Posted Material, as set forth at http:// nrs.harvard.edu/urn-3:HUL.InstRepos:dash.current.terms-of- use#LAA AUGUST 2017 PARTISANSHIP, Robert Faris Hal Roberts PROPAGANDA, & Bruce Etling Nikki Bourassa DISINFORMATION Ethan Zuckerman Yochai Benkler Online Media & the 2016 U.S. Presidential Election ACKNOWLEDGMENTS This paper is the result of months of effort and has only come to be as a result of the generous input of many people from the Berkman Klein Center and beyond. Jonas Kaiser and Paola Villarreal expanded our thinking around methods and interpretation. Brendan Roach provided excellent research assistance. Rebekah Heacock Jones helped get this research off the ground, and Justin Clark helped bring it home. We are grateful to Gretchen Weber, David Talbot, and Daniel Dennis Jones for their assistance in the production and publication of this study. This paper has also benefited from contributions of many outside the Berkman Klein community. The entire Media Cloud team at the Center for Civic Media at MIT’s Media Lab has been essential to this research.
  • How to Use Encryption and Privacy Tools to Evade Corporate Espionage

    How to Use Encryption and Privacy Tools to Evade Corporate Espionage

    How to use Encryption and Privacy Tools to Evade Corporate Espionage An ICIT White Paper Institute for Critical Infrastructure Technology August 2015 NOTICE: The recommendations contained in this white paper are not intended as standards for federal agencies or the legislative community, nor as replacements for enterprise-wide security strategies, frameworks and technologies. This white paper is written primarily for individuals (i.e. lawyers, CEOs, investment bankers, etc.) who are high risk targets of corporate espionage attacks. The information contained within this briefing is to be used for legal purposes only. ICIT does not condone the application of these strategies for illegal activity. Before using any of these strategies the reader is advised to consult an encryption professional. ICIT shall not be liable for the outcomes of any of the applications used by the reader that are mentioned in this brief. This document is for information purposes only. It is imperative that the reader hires skilled professionals for their cybersecurity needs. The Institute is available to provide encryption and privacy training to protect your organization’s sensitive data. To learn more about this offering, contact information can be found on page 41 of this brief. Not long ago it was speculated that the leading world economic and political powers were engaged in a cyber arms race; that the world is witnessing a cyber resource buildup of Cold War proportions. The implied threat in that assessment is close, but it misses the mark by at least half. The threat is much greater than you can imagine. We have passed the escalation phase and have engaged directly into full confrontation in the cyberwar.
  • Doswell, Stephen (2016) Measurement and Management of the Impact of Mobility on Low-Latency Anonymity Networks

    Doswell, Stephen (2016) Measurement and Management of the Impact of Mobility on Low-Latency Anonymity Networks

    Citation: Doswell, Stephen (2016) Measurement and management of the impact of mobility on low-latency anonymity networks. Doctoral thesis, Northumbria University. This version was downloaded from Northumbria Research Link: http://nrl.northumbria.ac.uk/30242/ Northumbria University has developed Northumbria Research Link (NRL) to enable users to access the University’s research output. Copyright © and moral rights for items on NRL are retained by the individual author(s) and/or other copyright owners. Single copies of full items can be reproduced, displayed or performed, and given to third parties in any format or medium for personal research or study, educational, or not-for-profit purposes without prior permission or charge, provided the authors, title and full bibliographic details are given, as well as a hyperlink and/or URL to the original metadata page. The content must not be changed in any way. Full items must not be sold commercially in any format or medium without formal permission of the copyright holder. The full policy is available online: http://nrl.northumbria.ac.uk/policies.html MEASUREMENT AND MANAGEMENT OF THE IMPACT OF MOBILITY ON LOW-LATENCY ANONYMITY NETWORKS S.DOSWELL Ph.D 2016 Measurement and management of the impact of mobility on low-latency anonymity networks Stephen Doswell A thesis submitted in partial fulfilment of the requirements of the University of Northumbria at Newcastle for the degree of Doctor of Philosophy Research undertaken in the Department of Computer Science and Digital Technologies, Faculty of Engineering and Environment October 2016 Declaration I declare that the work contained in this thesis has not been submitted for any other award and that it is all my own work.
  • Threat Modeling and Circumvention of Internet Censorship by David Fifield

    Threat Modeling and Circumvention of Internet Censorship by David Fifield

    Threat modeling and circumvention of Internet censorship By David Fifield A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor J.D. Tygar, Chair Professor Deirdre Mulligan Professor Vern Paxson Fall 2017 1 Abstract Threat modeling and circumvention of Internet censorship by David Fifield Doctor of Philosophy in Computer Science University of California, Berkeley Professor J.D. Tygar, Chair Research on Internet censorship is hampered by poor models of censor behavior. Censor models guide the development of circumvention systems, so it is important to get them right. A censor model should be understood not just as a set of capabilities|such as the ability to monitor network traffic—but as a set of priorities constrained by resource limitations. My research addresses the twin themes of modeling and circumvention. With a grounding in empirical research, I build up an abstract model of the circumvention problem and examine how to adapt it to concrete censorship challenges. I describe the results of experiments on censors that probe their strengths and weaknesses; specifically, on the subject of active probing to discover proxy servers, and on delays in their reaction to changes in circumvention. I present two circumvention designs: domain fronting, which derives its resistance to blocking from the censor's reluctance to block other useful services; and Snowflake, based on quickly changing peer-to-peer proxy servers. I hope to change the perception that the circumvention problem is a cat-and-mouse game that affords only incremental and temporary advancements.
  • Changing of the Guards: a Framework for Understanding and Improving Entry Guard Selection in Tor

    Changing of the Guards: a Framework for Understanding and Improving Entry Guard Selection in Tor

    Changing of the Guards: A Framework for Understanding and Improving Entry Guard Selection in Tor Tariq Elahi†, Kevin Bauer†, Mashael AlSabah†, Roger Dingledine‡, Ian Goldberg† †University of Waterloo ‡The Tor Project, Inc. †{mtelahi,k4bauer,malsabah,iang}@cs.uwaterloo.ca ‡[email protected] ABSTRACT parties with anonymity from their communication partners as well Tor is the most popular low-latency anonymity overlay network as from passive third parties observing the network. This is done for the Internet, protecting the privacy of hundreds of thousands by distributing trust over a series of Tor routers, which the network of people every day. To ensure a high level of security against cer- clients select to build paths to their Internet destinations. tain attacks, Tor currently utilizes special nodes called entry guards If the adversary can anticipate or compel clients to choose com- as each client’s long-term entry point into the anonymity network. promised routers then clients can lose their anonymity. Indeed, While the use of entry guards provides clear and well-studied secu- the client router selection protocol is a key ingredient in main- rity benefits, it is unclear how well the current entry guard design taining the anonymity properties that Tor provides and needs to achieves its security goals in practice. be secure against adversarial manipulation and leak no information We design and implement Changing of the Guards (COGS), a about clients’ selected routers. simulation-based research framework to study Tor’s entry guard de- When the Tor network was first launched in 2003, clients se- sign. Using COGS, we empirically demonstrate that natural, short- lected routers uniformly at random—an ideal scheme that provides term entry guard churn and explicit time-based entry guard rotation the highest amount of path entropy and thus the least amount of contribute to clients using more entry guards than they should, and information to the adversary.
  • Mass Surveillance

    Mass Surveillance

    Mass Surveillance Mass Surveillance What are the risks for the citizens and the opportunities for the European Information Society? What are the possible mitigation strategies? Part 1 - Risks and opportunities raised by the current generation of network services and applications Study IP/G/STOA/FWC-2013-1/LOT 9/C5/SC1 January 2015 PE 527.409 STOA - Science and Technology Options Assessment The STOA project “Mass Surveillance Part 1 – Risks, Opportunities and Mitigation Strategies” was carried out by TECNALIA Research and Investigation in Spain. AUTHORS Arkaitz Gamino Garcia Concepción Cortes Velasco Eider Iturbe Zamalloa Erkuden Rios Velasco Iñaki Eguía Elejabarrieta Javier Herrera Lotero Jason Mansell (Linguistic Review) José Javier Larrañeta Ibañez Stefan Schuster (Editor) The authors acknowledge and would like to thank the following experts for their contributions to this report: Prof. Nigel Smart, University of Bristol; Matteo E. Bonfanti PhD, Research Fellow in International Law and Security, Scuola Superiore Sant’Anna Pisa; Prof. Fred Piper, University of London; Caspar Bowden, independent privacy researcher; Maria Pilar Torres Bruna, Head of Cybersecurity, Everis Aerospace, Defense and Security; Prof. Kenny Paterson, University of London; Agustín Martin and Luis Hernández Encinas, Tenured Scientists, Department of Information Processing and Cryptography (Cryptology and Information Security Group), CSIC; Alessandro Zanasi, Zanasi & Partners; Fernando Acero, Expert on Open Source Software; Luigi Coppolino,Università degli Studi di Napoli; Marcello Antonucci, EZNESS srl; Rachel Oldroyd, Managing Editor of The Bureau of Investigative Journalism; Peter Kruse, Founder of CSIS Security Group A/S; Ryan Gallagher, investigative Reporter of The Intercept; Capitán Alberto Redondo, Guardia Civil; Prof. Bart Preneel, KU Leuven; Raoul Chiesa, Security Brokers SCpA, CyberDefcon Ltd.; Prof.
  • In the Depths of the Net by Sue Halpern | the New York Review Of

    In the Depths of the Net by Sue Halpern | the New York Review Of

    Font Size: A A A In the Depths of the Net Sue Halpern OCTOBER 8, 2015 ISSUE The Dark Net: Inside The Digital Underworld by Jamie Bartlett Melville House, 308 pp, $27.95 freeross.org Ross Ulbricht, who was recently sentenced to life in prison for running the illegal dark-Net marketplace Silk Road Early this year, a robot in Switzerland purchased ten tablets of the illegal drug MDMA, better known as “ecstasy,” from an online marketplace and had them delivered through the postal service to a gallery in St. Gallen where the robot was then set up. The drug buy was part of an installation called “Random Darknet Shopper,” which was meant to show what could be obtained on the “dark” side of the Internet. In addition to ecstasy, the robot also bought a baseball cap with a secret camera, a pair of knock-off Diesel jeans, and a Hungarian passport, among other things. Passports stolen and forged, heroin, crack cocaine, semiautomatic weapons, people who can be hired to use those weapons, computer viruses, and child pornography—especially child pornography—are all easily obtained in the shaded corners of the Internet. For example, in the interest of research, Jamie Bartlett—the author of The Dark Net: Inside the Digital Underworld, a picturesque tour of this disquieting netherworld—successfully bought a small amount of marijuana from a dark-Net site; anyone hoping to emulate him will find that the biggest dilemma will be with which seller—there are scores—to do business. My own forays to the dark Net include visits to sites offering counterfeit drivers’ licenses, methamphetamine, a template for a US twenty-dollar bill, files to make a 3D-printed gun, and books describing how to receive illegal goods in the mail without getting caught.
  • The Qanon Conspiracy

    The Qanon Conspiracy

    THE QANON CONSPIRACY: Destroying Families, Dividing Communities, Undermining Democracy THE QANON CONSPIRACY: PRESENTED BY Destroying Families, Dividing Communities, Undermining Democracy NETWORK CONTAGION RESEARCH INSTITUTE POLARIZATION AND EXTREMISM RESEARCH POWERED BY (NCRI) INNOVATION LAB (PERIL) Alex Goldenberg Brian Hughes Lead Intelligence Analyst, The Network Contagion Research Institute Caleb Cain Congressman Denver Riggleman Meili Criezis Jason Baumgartner Kesa White The Network Contagion Research Institute Cynthia Miller-Idriss Lea Marchl Alexander Reid-Ross Joel Finkelstein Director, The Network Contagion Research Institute Senior Research Fellow, Miller Center for Community Protection and Resilience, Rutgers University SPECIAL THANKS TO THE PERIL QANON ADVISORY BOARD Jaclyn Fox Sarah Hightower Douglas Rushkoff Linda Schegel THE QANON CONSPIRACY ● A CONTAGION AND IDEOLOGY REPORT FOREWORD “A lie doesn’t become truth, wrong doesn’t become right, and evil doesn’t become good just because it’s accepted by the majority.” –Booker T. Washington As a GOP Congressman, I have been uniquely positioned to experience a tumultuous two years on Capitol Hill. I voted to end the longest government shut down in history, was on the floor during impeachment, read the Mueller Report, governed during the COVID-19 pandemic, officiated a same-sex wedding (first sitting GOP congressman to do so), and eventually became the only Republican Congressman to speak out on the floor against the encroaching and insidious digital virus of conspiracy theories related to QAnon. Certainly, I can list the various theories that nest under the QAnon banner. Democrats participate in a deep state cabal as Satan worshiping pedophiles and harvesting adrenochrome from children. President-Elect Joe Biden ordered the killing of Seal Team 6.
  • Articles & Reports

    Articles & Reports

    1 Reading & Resource List on Information Literacy Articles & Reports Adegoke, Yemisi. "Like. Share. Kill.: Nigerian police say false information on Facebook is killing people." BBC News. Accessed November 21, 2018. https://www.bbc.co.uk/news/resources/idt- sh/nigeria_fake_news. See how Facebook posts are fueling ethnic violence. ALA Public Programs Office. “News: Fake News: A Library Resource Round-Up.” American Library Association. February 23, 2017. http://www.programminglibrarian.org/articles/fake-news-library-round. ALA Public Programs Office. “Post-Truth: Fake News and a New Era of Information Literacy.” American Library Association. Accessed March 2, 2017. http://www.programminglibrarian.org/learn/post-truth- fake-news-and-new-era-information-literacy. This has a 45-minute webinar by Dr. Nicole A. Cook, University of Illinois School of Information Sciences, which is intended for librarians but is an excellent introduction to fake news. Albright, Jonathan. “The Micro-Propaganda Machine.” Medium. November 4, 2018. https://medium.com/s/the-micro-propaganda-machine/. In a three-part series, Albright critically examines the role of Facebook in spreading lies and propaganda. Allen, Mike. “Machine learning can’g flag false news, new studies show.” Axios. October 15, 2019. ios.com/machine-learning-cant-flag-false-news-55aeb82e-bcbb-4d5c-bfda-1af84c77003b.html. Allsop, Jon. "After 10,000 'false or misleading claims,' are we any better at calling out Trump's lies?" Columbia Journalism Review. April 30, 2019. https://www.cjr.org/the_media_today/trump_fact- check_washington_post.php. Allsop, Jon. “Our polluted information ecosystem.” Columbia Journalism Review. December 11, 2019. https://www.cjr.org/the_media_today/cjr_disinformation_conference.php. Amazeen, Michelle A.
  • Wikileaks - NSA Helped CIA Outmanoeuvre Europe on Torture

    Wikileaks - NSA Helped CIA Outmanoeuvre Europe on Torture

    WikiLeaks - NSA Helped CIA Outmanoeuvre Europe on Torture https://wikileaks.org/nsa-germany/?nocache (on 2015-07-20) Top German NSA Targets (/nsa-germany/selectors.html) (https://www.wikileaks.org/) Top German NSA Intercepts (/nsa-germany/intercepts/) Partners Libération - France (http://www.liberation.fr) Mediapart - France (http://www.mediapart.fr) L'Espresso - Italy (http://espresso.repubblica.it) Süddeutsche Zeitung - Germany (http://www.sueddeutsche.de (WikiLeaks_NSA_Intercepts_Foreign_Minister_Cartoon.gif) Today, Monday 20 July at 1800 CEST, WikiLeaks publishes evidence of National Security Agency (NSA) spying on German Foreign Minister Frank-Walter Steinmeier along with a list of 20 target selectors for the Foreign Ministry. The list indicates that NSA spying on the Foreign Ministry extends back to the pre-9/11 era, including numbers for offices in Bonn and targeting Joschka Fischer, Vice Chancellor and Foreign Minister from 1998 to 2005. Foreign Minister intercepted on CIA Renditions Central to today's publication is a Top Secret NSA intercept of the communications of Foreign Minister Steinmeier. The intercept dates from just after an official visit to the United States on November 29th 2005, where FM Steinmeier met his US counterpart, Secretary of State Condoleezza Rice. According to the intercept, Steinmeier "seemed relieved that he 1 of 10 20/07/2015 19:47 WikiLeaks - NSA Helped CIA Outmanoeuvre Europe on Torture https://wikileaks.org/nsa-germany/?nocache had not received any definitive response from the U.S. Secretary of State
  • Help I Am an Investigative Journalist in 2017

    Help I Am an Investigative Journalist in 2017

    Help! I am an Investigative Journalist in 2017 Whistleblowers Australia Annual Conference 2016-11-20 About me • Information security professional Gabor Szathmari • Privacy, free speech and open gov’t advocate @gszathmari • CryptoParty organiser • CryptoAUSTRALIA founder (coming soon) Agenda Investigative journalism: • Why should we care? • Threats and abuses • Surveillance techniques • What can the reporters do? Why should we care about investigative journalism? Investigative journalism • Cornerstone of democracy • Social control over gov’t and private sector • When the formal channels fail to address the problem • Relies on information sources Manning Snowden Tyler Shultz Paul Stevenson Benjamin Koh Threats and abuses against investigative journalism Threats • Lack of data (opaque gov’t) • Journalists are imprisoned for doing their jobs • Sources are afraid to speak out Journalists’ Privilege • Evidence Amendment (Journalists’ Privilege) Act 2011 • Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 Recent Abuses • The Guardian: Federal police admit seeking access to reporter's metadata without warrant ! • The Intercept: Secret Rules Makes it Pretty Easy for the FBI to Spy on Journalists " • CBC News: La Presse columnist says he was put under police surveillance as part of 'attempt to intimidate’ # Surveillance techniques Brief History of Interception First cases: • Postal Service - Black Chambers 1700s • Telegraph - American Civil War 1860s • Telephone - 1890s • Short wave radio -1940s / 50s • Satellite (international calls) - ECHELON 1970s Recent Programs (2000s - ) • Text messages, mobile phone - DISHFIRE, DCSNET, Stingray • Internet - Carnivore, NarusInsight, Tempora • Services (e.g. Google, Yahoo) - PRISM, MUSCULAR • Metadata: MYSTIC, ADVISE, FAIRVIEW, STORMBREW • Data visualisation: XKEYSCORE, BOUNDLESSINFORMANT • End user device exploitation: HAVOK, FOXACID So how I can defend myself? Data Protection 101 •Encrypt sensitive data* in transit •Encrypt sensitive data* at rest * Documents, text messages, voice calls etc.