Friday, June 14, 2013

Hiding your data transmissions from the NSA

I guess I should start off with a warning here: it's not at all probable that you really can.  However, people have been pinging me, and I don't like any of the suggestions that I've seen so far.  This is a first cut.

The second warning here is that this is not useful for voice or email protection (mostly), and won't help with GPS geolocation tracking.  It's purely a thought experiment on how to transmit decently large quantities of information without NSA being likely to understand the content, or even that information is likely to be transmitted.

That last point is the key.  Traffic Analysis is pretty terrifying, at least to those in the know, and is by far the biggest issue in the whole NSA brouhaha.  I'm not sure that this solves that problem, but it takes some steps in that direction.  Remember, your mileage may vary, void where prohibited, do not remove tag under penalty of law.

The first thing we need to look at is how to hide data in a way that doesn't make people think that there's hidden data.  XKCD captured the problem for the would-be crypto nerd:

This is actually called the Rubber Hose Attack, and is considered generally effective.  So encrypting your hard disk is A Bad Thing, because it tells anyone who looks that the data is encrypted.  More to the point, encrypting your data communications is A Bad Thing for exactly the same reason.

OK, so no encryption.  How do you keep communications confidential from prying NSA eyes, and ideally make traffic analysis less likely?  This is Borepatch, and so that means that we'll start with a history lesson.

People have been trying to keep secrets secret for pretty much as long as there have been people.  Growing up, there was a pretty interesting book in the Borepatch household library, Hidden Images.  It gave a number of historical examples of how people hid images of things that were considered double plus ungood, typically via distorting perspective or some such.

This was a picture of (IIRC) English King Charles I who had been beheaded by Parliament.  It was dangerous for people to have images of the dead King, and so you had to use a reflective cylinder to make the distorted image of the Sovereign comprehensible.  The problem is that you need the cylinder, and you have a pretty suspicious distorted picture.  Either of these if discovered in a search might result in a Rubber Hose Attack.  We'd like to have our data in a normal image (I'll get to how to hide the "cylinder" in a bit).

There's a modern tool available to do this, called Steganography.  It relies on the fact that many of the data formats in comm use today are "lossy" - you can remove a lot of the original data bits without degrading the original message.  Jpeg image format is one example, MP3 is another.  Stego uses this to introduce loss into the picture without degrading the picture (or into an MP3 without degrading the audio).  The "loss" introduced is your secret message, which can be text, image, audio, or whatever you'd like.  I did this once here:

Crash the Wundercat contains a secret message (well, the picture of Crash does; work with me here).  You need a tool that does Stego to embed the message/data, and the person who wants to extract the message/data needs a Stego tool.  I like OpenPuff (even though it's Windows only) which will embed your data in images, audio, video, and Flash.  It will even encrypt the data and add white noise to make it even harder to detect.  It's free and open source.  Steghide is perhaps your best bet for Linux.

And now we have to peel the onion: how do you get your message distributed?  The answer here is to use your regular methods.  I don't like email, as it's pretty direct (you sent it to someone, which is interesting in an of itself).  Social Media is a much bigger haystack to hide in - Facebook, blogs (hello!), Reddit, Flickr - all of these excel as "dead drop" locations for seemingly innocuous pictures of your cat.  The people you want to read your secret message have to know what password you're using in your stego, but there are a lot of ways to do that - for example, everyone has a copy of Gibbon's Decline and Fall of the Roman Empire and uses the 11th word on the page as the password.  Each day, use the next page.

Sure, NSA will see that people are looking at Reddit, but it's an extra layer of indirection that they're looking at what you posted to Reddit.  It's potentially a very large haystack.

Also, you should see why this isn't any good for voice communications, and why it's not ideal (or likely desirable) for email.  And now to the last layer of the onion - reducing the chance of a rubber hose attack.

Remember the mirrored cylinder that was used to view the picture of King Charles?  That was a give away.  Well, so are steganography tools.  If it comes to an investigation and someone finds that you've, say, installed the Ubuntu version of Steghide, there will likely be a lot of questions.  So how do you hide your stego tools?  I think that the best way is via the Purloined Letter approach - hide them in plain sight.

This is a USB drive.  It will hold a ton of data.  Unfortunately, everyone knows that it's a USB drive, including Mr. Fed.  Should the day come where The Man swoops down to investigate your electronic breadcrumbs, they'll look for stuff like this.  What we want are the electronic guts of the drive, in an innocent looking exterior.  Maybe something like this:

This is a Lego toy.  Actually, it was a Lego toy until someone took a box cutter, dremel, and some manual labor to cut it open and embed a USB drive in it:

You can have a whole Operating System with Stego tools on it.  Boot from it when you need to encode/decode, copy the resulting image/MP3/etc to a different (maybe disposable) USB drive to load onto your regular computer for posting to Reddit/etc.  Just keep it with a bunch of other similar figurines in a bucket of toys in the basement.

Or you could just buy a Lego brick USB drive.  Remember to keep it with your other Lego.

Now it's important to point out here that nothing is foolproof.  NSA will be collecting traffic data showing that you're uploading to Reddit and Facebook.  They will see that other people check Facebook and Reddit.  They will build maps of relationships - who knows who.  Someone might take a look at your facebook page.  If they really want to spend the time with the right people analyzing your pictures (or podcasts, or youtube vids) they might very well sniff something fishy. But they'll have to work a lot harder, and the work will be less automated.

And this will give you a close to "Professional Grade" level of paranoia which is a Very Good Thing.  If I seem that way myself, please remember that I was trained to be that way by the finest minds in the Free World.


Goober said...

They're preparing your bunk at the camps as we speak, Borepatch, you disseminator of ungood knowledge.

It occurs to me that there are a lot of people out there that would claim that "knowledge is power" out of one side of their face, while decrying what you just did here as being near criminal.

Knowledge is power. I don't necessarily think that I'll be needing to hide secret messages from a prying, evil government in my lifetime. In fact, I'm pretty sure of it. But I, like you, take a measure of satisfaction in knowing that I COULD if I had to.

Its the same as training in a self-defense class - you pray to God almighty that you never have to take someone else's life, but you're prepared to just in case.

I've often wondered if stego would work on a site like memebase or failblog. Seems to me that with the traffic that place gets, it would be next to friggin impossible to track who got it and who didn't, much less find the stego encrypted pictures in all that white noise.

Besides, I think it would be the worst kind of torture to make some poor NSA analyst wade through 9,000 pages of cats, using bad grammar to ask for cheeseburgers, in their efforts to find a secret message, so there would be that added bonus.

lelnet said...

I do have to wonder, though, whether the Lego USB drive would actually be an improvement.

"Why are you carrying this USB drive, sir? What's on it?" "Because I'm a sysadmin, and it has a few tools that are handy when people want me to fix their stuff." Then they stick the drive into their Windoze machine, see the FAT32 partition with innocuous tools and miss the small ext2 partition with secret data, and I move along.

"Why is a grown man carrying Lego bricks around in his pocket, sir?" "" Then they take me to a back room and the rubber hoses come out.

When I worked for $megabank[giant] a few years back, there was a handy policy...any employee found storing confidential or proprietary data on an unencrypted filesystem would be immediately and summarily fired. We had so many employees running into trouble at borders because of this that there were two guys in Corporate Security whose main job was to take phone calls from customs inspectors and confirm that yes, that was the rule. Would've been real handy if I'd had some of _my_ data I wanted to protect.

Borepatch said...

lelnet, you don't carry it with you. You keep on the shelves in the basement with the rest of your kid's old toys. A box of Lego surrounded by old children's books, cars, etc won't look suspicious.

SiGraybeard said...

What do you think of TOR? That was designed to thwart traffic analysis (or so I've read). Granted, the question of being caught with TOR tools is still there.

Supposedly, an intended use is for people ducking into Internet cafes in places where they might be in real, physical danger.

Spec-Ops Medic said...

Tor will only hide your location, not what you say or who you send to.
As they say on their web site they will turn over records to authorities
with a valid Canadian court order.
The idea is to use Tor WITH an encryption package which are readily available. But this involves first
having people you can trust to communicate with.

jon spencer said...

Or, you could be like a buddy of mine.
He just does not give a sh*t, and will post and email just about anything.
And he speaks his mind in public too.

kx59 said...

The only way to truly go dark on the net is to disconnect.
That includes your smart phone, your PS3 and your xbox 360.
These days, that might include your smart washer and dryer and the high tech refrigerator with the LED screen on the door.
Oh, I forgot your security system. Particularly the glass break sensors.
They are, after all, highly sensitive microphones.
But, if you don't have anything to hide, you've nothing to worry about.
It's been mentioned before. What you know about Prism, so far, is just the tip of the ice berg.
I suggest getting to know your neighbors.

Goober said...

The problem with tor is the its open source. meaning anyone can participate. Including the gubmint.

Id be pretty shocked if they arent already running a tor server or two...

Spec-Ops Medic said...

They do run Tor, have been for years.
Its a great way to send someone a message if you don't want anyone to know where you're sending from. Add
a layer of encryption on there that only you and the recipient have the key to and I doubt even the Chinese can crack it.

Anonymous said...

It occurs to me that a bootable Linux filesystem (such as one might carry on a thumb drive, for booting on public computers for safe banking) has countless opportunities for squirreling away opaque binary blobs.
I presume the same would be true of a Windows system; after all, viruses manage to hide themselves quite effectively.

Ian Argent said...

Keep a couple of decks of cards handy, and memorize the rules of a curious card game known as pontifex solitaire. useful for short messages only, but...

Chuck Pergiel said...

I'm thinking I want a USB drive made of flash paper. Remember James Bond's briefcase in Goldfinger?