Tuesday, May 15, 2018

Just how hard is it to communicate without NSA listening in?

I touched on this five years ago, and the answer then was "it's really hard but maybe possible if you're very, very careful".  In the last five years there have been a number of new tools introduced that may make this easier.  Perhaps more importantly, there is a growing tradecraft among leakers and the media that provides some useful techniques.

Robert Graham has a quite interesting article that touches on tools, techniques, and operational security that is worth your time. There's quite a lot of technology that can betray people who don't know how it works:
Photographs suffer the same problem: your camera and phone tag the photographs with GPS coordinates and time the photograph was taken, as well as information about the camera. This accidentally exposed John McAfee's hiding location when Vice took pictures of him a few years ago. Some people leak by taking pictures of the screen -- use a camera without GPS for this (meaning, a really old camera you bought from a pawnshop).
But the discussion on burner phones, tails, and open WiFi is interesting and useful.  It's still hard to hide your transmissions from prying eyes, but it may be a bit easier than it used to be.


Jonathan H said...

There are some simple things that can make a difference in your privacy in general - for example, it is easy to turn off geolocation on your phone camera; my new phone came with it turned off by default.

I have my phone's location turned off except when I need it - another easy step.

I read years ago, back before the internet when people were concerned about Echelon, that the most secure communication was a hand written fax, the worse handwriting the better. Even with the advances in OCR, that is still true today - it isn't machine readable, so it has to be manually reviewed, which means they (whichever 'they' you are worried about) have to dedicate a person to review it, which they won't unless you are a priority to them.

A modern update to this is to scan hand written data - the sloppier the handwriting and the worse the scan, the better.
This is best done as a means of communication between people you have an 'open' reason to communicate with, of course.
To take it a step further, you could have a multi page file, say a tiff or pdf, and insert the important information somewhere in the middle. If it is in a similar format, someone reviewing the file could miss it as they gloss over boring or irrelevant page after boring or irrelevant page.

Divemedic said...

The FBI agents who were conspiring against then candidate Trump gave us a handy clue- use VHF HAM radios. The NSA and FCC rarely (reading not at all) monitor them.

Borepatch said...

Divemedic, I'd completely missed that. Holy cow:


Jason VanLanduyt said...

I read someplace that I can just buy a bunch of burner phones and set them to call-forward each other until one reaches my regular phone.

In the immortal words of Harry Houdini: "Ta daa!!"

Borepatch said...

Jason, it's a very bad idea to do what you describe. The calls are all tracked, and this will tell The Man that these burner phones are associated with each other and with your phone.

Jonathan H said...

I agree - if you want to keep a burner phone anonymous, you can never communicate to it from your regular phone AND you can never turn it on in a place where you regular phone is; they will look at records of what phones are nearby.