1 / 22

Spycraft: Keeping your sources private

Spycraft: Keeping your sources private. Steve Doig Cronkite School of Journalism Arizona State University. Why spycraft for reporters?. Need to keep identity of confidential sources secret from subpoena. Need to keep identity of confidential whistleblowers secret from corporations.

austine
Télécharger la présentation

Spycraft: Keeping your sources private

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Spycraft: Keeping your sources private Steve Doig Cronkite School of Journalism Arizona State University

  2. Why spycraft for reporters? • Need to keep identity of confidential sources secret from subpoena. • Need to keep identity of confidential whistleblowers secret from corporations. • Need to travel in places where governments detain journalists.

  3. What I’ll cover • Keeping internet searches private • Making and receiving untraceable calls • Keeping email private • Encryption/decryption programs • Keeping your computer clean • Tricking keyloggers

  4. Private internet searching • AOL debacle: 36 million search terms of 650,000 users (http://www.aolstalker.com/) • Subpoenas to your IT department or IP provider • Alternative: www.ixquick.com: No IP addresses kept, search terms deleted within 48 hours • Anonymizer.com • Anonymous Surfing ($30)

  5. Keeping identity private in calls • #31# blocks your Caller ID on Vodafone • But doesn’t work on texts! • “Spoof” your Caller ID with SpoofCard (www.spoofcard.com) or other spoofing services -- $10/60 minutes • SpoofCard does international calls • Spoofcard also does voice changing!

  6. Cellphone cautions • GIS-equipped cellphones track your location • Cellphones also track location by cell tower triangulation • Cellphones and wireless phones can be heard by scanners • Cellphones can be bugged

  7. Pre-paid cell phones • No-contract cell phones: Buy with cash, and replenish with cash • Easy in Europe with SIM cards and topping up

  8. Voice over Internet Protocol (VoIP) • Internet voice calls • Beware “man in the middle” attacks • Skype encrypts voice/video data stream • But there may be a back door… • Zfone with VoIP clients like Google Talk and Gizmo5

  9. Keeping identity private in email • Use free “throwaway” email addresses from Yahoo, etc. • Anonymizer.com: Nyms software creates throwaway email addresses that will forward to your real address

  10. Smuggling your text and pictures • Use micro SD cards • 2GB

  11. Cryptography • Avoid simple ciphers, one-time pads, etc. • Public-key cryptography is best • Pretty Good Privacy: www.pgp.com • Email encryption • Disk encryption • Instant-message encryption • Desktop Home edition: $164 • Cryptoheaven.com • Freeware PGP available • Keep data on encrypted thumb drive (Folderlock)

  12. Ciphertext example 15D718115BBCA0949B0CC94FFBCFF186B764DF5E731A2F818E4F16441A4DBE29EE6C2ED1C6CADE59 ECCA5E31E9C66DE7A4AE9FCCFBB6062182022F1C139468636DEB462B79C85996981B2B6FB6148EE2 86F8B620E557BB74489843508F526DDBFB80E47C1729E529EE2AB9456E3CBBD72C73D87BDAD0A99C C302B3416FA6F8C63CE647D7FF34C6C0B1B9412482A0FA5E576603CE951EDE50AD393A44B1391073 13FB985FA83B74BEA21903D0B0E0681F1E2E0C445740EA74BE4A27B54485F7C2330C9A99439498CB 0FEF821A8C5F7FDD

  13. Steganography • Poe’s “Purloined Letter”: Hide in plain sight • Message hidden in “covertext” of some sort: • Plaintext • MP3s, jpegs, video, etc. • Steganos Privacy Suite 12: $70 • stegoarchive.com for shareware programs

  14. Stego example: original

  15. Stego example: encoded

  16. Spammimic.com • Turns a short message into spam, which can be decoded “Dear Friend ; Thank-you for your interest in our publication . If you no longer wish to receive our publications simply reply with a Subject: of "REMOVE" and you will immediately be removed from our club ! This mail is being sent in compliance with Senate bill 1816 ; Title 3 ; Section 304 ….

  17. Spammimic.com • Turns a short message into spam, which can be decoded “Dear Friend ; Thank-you for your interest in our publication . If you no longer wish to receive our publications simply reply with a Subject: of "REMOVE" and you will immediately be removed from our club ! This mail is being sent in compliance with Senate bill 1816 ; Title 3 ; Section 304 ….

  18. Cleaning your computer • Deleting files doesn’t destroy them • Need software that overwrites deleted file space, temp files, etc. • Webroot Window Washer: $30 • Deletes whatever you specify • “Bleaches”: Overwrites 3, 7 or 35 times • Can schedule washes as often as every 15 minutes

  19. Beware document watermarks • Government and corporations will use micro watermarks to identify who got each copy of sensitive documents • Invisible watermarking uses variety of techniques: Shift lines, text and/or characters; deliberate misspellings, etc. • Countermeasures: Copy into new document, degrade image, add your own shifts and misspellings

  20. Keyloggers • Hidden program that captures keystrokes and sends them to whoever installed it. • FBI’s Magic Lantern keylogger • Anti-spyware software will detect many – but not all – keyloggers. • Stopgap protection: When typing password letters, type a few random letters elsewhere on window between each • But screenloggers exist, too

  21. Some privacy resources • www.privacy.org • www.epic.org: Electronic Privacy Information Center • www.privacyinternational.org

  22. Questions and ideas?

More Related