220 likes | 368 Views
Spycraft: Keeping your sources private. Steve Doig Cronkite School of Journalism Arizona State University. Why spycraft for reporters?. Need to keep identity of confidential sources secret from subpoena. Need to keep identity of confidential whistleblowers secret from corporations.
E N D
Spycraft: Keeping your sources private Steve Doig Cronkite School of Journalism Arizona State University
Why spycraft for reporters? • Need to keep identity of confidential sources secret from subpoena. • Need to keep identity of confidential whistleblowers secret from corporations. • Need to travel in places where governments detain journalists.
What I’ll cover • Keeping internet searches private • Making and receiving untraceable calls • Keeping email private • Encryption/decryption programs • Keeping your computer clean • Tricking keyloggers
Private internet searching • AOL debacle: 36 million search terms of 650,000 users (http://www.aolstalker.com/) • Subpoenas to your IT department or IP provider • Alternative: www.ixquick.com: No IP addresses kept, search terms deleted within 48 hours • Anonymizer.com • Anonymous Surfing ($30)
Keeping identity private in calls • #31# blocks your Caller ID on Vodafone • But doesn’t work on texts! • “Spoof” your Caller ID with SpoofCard (www.spoofcard.com) or other spoofing services -- $10/60 minutes • SpoofCard does international calls • Spoofcard also does voice changing!
Cellphone cautions • GIS-equipped cellphones track your location • Cellphones also track location by cell tower triangulation • Cellphones and wireless phones can be heard by scanners • Cellphones can be bugged
Pre-paid cell phones • No-contract cell phones: Buy with cash, and replenish with cash • Easy in Europe with SIM cards and topping up
Voice over Internet Protocol (VoIP) • Internet voice calls • Beware “man in the middle” attacks • Skype encrypts voice/video data stream • But there may be a back door… • Zfone with VoIP clients like Google Talk and Gizmo5
Keeping identity private in email • Use free “throwaway” email addresses from Yahoo, etc. • Anonymizer.com: Nyms software creates throwaway email addresses that will forward to your real address
Smuggling your text and pictures • Use micro SD cards • 2GB
Cryptography • Avoid simple ciphers, one-time pads, etc. • Public-key cryptography is best • Pretty Good Privacy: www.pgp.com • Email encryption • Disk encryption • Instant-message encryption • Desktop Home edition: $164 • Cryptoheaven.com • Freeware PGP available • Keep data on encrypted thumb drive (Folderlock)
Ciphertext example 15D718115BBCA0949B0CC94FFBCFF186B764DF5E731A2F818E4F16441A4DBE29EE6C2ED1C6CADE59 ECCA5E31E9C66DE7A4AE9FCCFBB6062182022F1C139468636DEB462B79C85996981B2B6FB6148EE2 86F8B620E557BB74489843508F526DDBFB80E47C1729E529EE2AB9456E3CBBD72C73D87BDAD0A99C C302B3416FA6F8C63CE647D7FF34C6C0B1B9412482A0FA5E576603CE951EDE50AD393A44B1391073 13FB985FA83B74BEA21903D0B0E0681F1E2E0C445740EA74BE4A27B54485F7C2330C9A99439498CB 0FEF821A8C5F7FDD
Steganography • Poe’s “Purloined Letter”: Hide in plain sight • Message hidden in “covertext” of some sort: • Plaintext • MP3s, jpegs, video, etc. • Steganos Privacy Suite 12: $70 • stegoarchive.com for shareware programs
Spammimic.com • Turns a short message into spam, which can be decoded “Dear Friend ; Thank-you for your interest in our publication . If you no longer wish to receive our publications simply reply with a Subject: of "REMOVE" and you will immediately be removed from our club ! This mail is being sent in compliance with Senate bill 1816 ; Title 3 ; Section 304 ….
Spammimic.com • Turns a short message into spam, which can be decoded “Dear Friend ; Thank-you for your interest in our publication . If you no longer wish to receive our publications simply reply with a Subject: of "REMOVE" and you will immediately be removed from our club ! This mail is being sent in compliance with Senate bill 1816 ; Title 3 ; Section 304 ….
Cleaning your computer • Deleting files doesn’t destroy them • Need software that overwrites deleted file space, temp files, etc. • Webroot Window Washer: $30 • Deletes whatever you specify • “Bleaches”: Overwrites 3, 7 or 35 times • Can schedule washes as often as every 15 minutes
Beware document watermarks • Government and corporations will use micro watermarks to identify who got each copy of sensitive documents • Invisible watermarking uses variety of techniques: Shift lines, text and/or characters; deliberate misspellings, etc. • Countermeasures: Copy into new document, degrade image, add your own shifts and misspellings
Keyloggers • Hidden program that captures keystrokes and sends them to whoever installed it. • FBI’s Magic Lantern keylogger • Anti-spyware software will detect many – but not all – keyloggers. • Stopgap protection: When typing password letters, type a few random letters elsewhere on window between each • But screenloggers exist, too
Some privacy resources • www.privacy.org • www.epic.org: Electronic Privacy Information Center • www.privacyinternational.org