If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Wired)   Want to leak secrets to the press? This is the way you do it   (wired.com) divider line 36
    More: Interesting, Deep Throats, Nicholas Weaver, network connections, synchronizations  
•       •       •

11026 clicks; posted to Main » on 15 May 2013 at 8:59 AM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



36 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread
 
2013-05-15 09:08:08 AM
Not that I have any secrets to share but that all seemed rather obvious.
 
2013-05-15 09:08:09 AM
Hear Ye, Future Deep Throats: This Is How...

Eight words into the headline, this looked like a great article.
 
2013-05-15 09:14:32 AM
I think I saw this same advice in 2600 a decade ago.
 
2013-05-15 09:16:04 AM
OR you could just...and hear me out on this...use snail mail.


Now I know what you're thinking:  "Insaniteus, you be crazy!" but it does save so much cash in the end.  Just don't use a valid return address and tell the reporter to destroy the letter Inspector Gadget style.  Problem solved.
 
2013-05-15 09:17:52 AM
If you're not doing anything wrong, you don't have anything to hide.

</why do people say that?>
 
2013-05-15 09:21:07 AM
and make sure to wrap everything in tinfoil, especially your head.
 
2013-05-15 09:22:17 AM
Even burners have decent web access these days.

/No tutorial on how to set up seven proxies?
 
2013-05-15 09:24:33 AM
FTFA: "...we now live in a surveillance dystopia beyond Orwell's Big Brother vision."

Whoa buddy, reign it in there.
 
2013-05-15 09:24:44 AM
T-mobile does have the best burner phones.  Also when disposing of your burner put an extra $100 on it and give it to a homeless guy with the charger.
 
2013-05-15 09:26:01 AM
Wikileaks?
 
2013-05-15 09:28:54 AM
No, the way to do it is to completely avoid using technology at all.    Pencil and paper combined with things like dead drops are the way to do it.

Why?

Because even *IF* you use a burner phone and laptop, there is always the chance that you'll fark up and forget something, and all it takes is *ONCE* for a ping to show a location at your home for them to identify it as you.

On the other hand, carefully chosen dead drops and brush passes (where you both left your electronics at home) require much more effort to find out, and they can't retroactively connect you if you come under suspicion by checking phone records later.

In other words, in a world where the surveillance is high-tech, using low-tech methods to communicate makes it much harder for those doing the surveillance to figure out who you are and what you are doing.

Also, if you need to encrypt the data you are passing, it's best to use one-time pads that you manually generated using 10-sided dice, or some other mechanical random process.  You *COULD* use a standalone computer combined with a radio tuned to an empty frequency and use the white noise of the static to generate the pads, but you have to make just 2 copies of the pads generated, and ensure that you've destroyed the copies that may have been left on the computer. Using a manual typewriter with a well-used cloth ribbon and a handful of percentage dice is more tedious, but at least you know the data doesn't reside anywhere else.  If you're uber-paranoid, you could always burn the ribbon.

If you follow the few simple rules of manual one-time pads, it's forever unbreakable.
 
2013-05-15 09:30:57 AM
but if the coffee shop has surveillance cameras with a clock, all that is worthless.  Which is why you need to take it one step further:
static.guim.co.uk
 
2013-05-15 09:31:13 AM

I_Can't_Believe_it's_not_Boutros: Hear Ye, Future Deep Throats: This Is How...

Eight words into the headline, this looked like a great article.


This was my thought on the AP crying about the subpoenas for their phone records.  They just released the Watergate movie, and Deep Throat was only revealed until he wanted to be.  If they were that careful in  the 70's how could you be so stupid as to call someone who leaked top secret information, even if you didn't discuss the information (though I bet they did).
 
2013-05-15 09:32:06 AM
D135


FTFA: "...we now live in a surveillance dystopia beyond Orwell's Big Brother vision."

Whoa buddy, reign it in there.

Where did he go to far?
 
2013-05-15 09:32:31 AM
let's not confuse this latest leak to the AP with a legit whistleblower informing the public about govt malfeasance. This was a leak about the foiling of a terror plot and put this CIA agent and his family at risk and quite probably other US citizens who need these people to protect them.
so while it's necessary for the press to protect sources that give them credible info on the govt. this is not the case in this instance. This source should not be protected imo.
 
2013-05-15 09:42:49 AM
Mark Felt (aka Deep Throat) used some pretty impressive tradecraft himself (he had to, Nixon was after him).
http://www.schneier.com/blog/archives/2005/06/deep_throat_tra.html

Also wikileaks.org is still up, so if you are more interested in getting the information out than cultivating a relationship to shape your propaganda there is that way.
 
2013-05-15 09:53:31 AM

Insaniteus: OR you could just...and hear me out on this...use snail mail.


Use a cheap pen, and remember that paper will hold fingerprints, the envelope will have a postmark, and the saliva you may have used to lick it closed/lick the stamp may be genetically identifiable.
 
2013-05-15 09:59:21 AM

Tom_Slick: T-mobile does have the best burner phones.  Also when disposing of your burner put an extra $100 on it and give it to a homeless guy with the charger.


Burner phone isn't going to do you any good, not for a national security investigation.

Burners are great if you are a drug dealer.  Local cops just don't have the resources or expertise to analyze the data necessary to connect all the dots.

Let's take a scenario where you are a leaker.  You purchase a burner phone with cash specifically just to leak info to the press.  The reporter you talked to writes a story, and you among several others come under suspicion because only a limited number of people have access to the leaked information.

They identify a number, say 555-1212, that called the reporter(s) in question but that *NEVER* goes to a residential area.  The 'pings' pop up in an area, the phone makes a call, then it just disappears.  That's pretty farkin' suspicious, no?

They put a pen register on that number so they know immediately when it gets turned on, and where it is.

So they gather all the location data from when and where that phone was, and they discretely check for surveillance cameras in those areas.  If they find any, they try and pull images from before, during, and after the call was made, if they are still available.  If they notice a pattern of calls coming from a certain area, and they are on-going (even if the number has changed), they can place a camera themselves.

All they have to do is see you once on camera in the vicinity of where the calls were made, near the time the calls were made, for them to focus in on you as the leaker.

On the other hand, if you physically mail the information initially there is no real way to connect you with the information if you are reasonably careful.  If you include instructions on how to get the next information via brush passes and dead drops*, and you supply OTPs and instructions on how to use them, that's about as secure as you can possibly get.


*It goes without saying that you leave the electronics at home when you are going to a meeting or a dead drop.
 
2013-05-15 09:59:46 AM

Tom_Slick: T-mobile does have the best burner phones.  Also when disposing of your burner put an extra $100 on it and give it to a homeless guy with the charger.


So he can sell it for meth?
 
2013-05-15 10:01:55 AM
There's always Tor, TrueCrypt, VPN, and proxies in general.
I suppose most people wouldn't be aware of how to use those, though.
 
2013-05-15 10:06:47 AM
Also, remember don't leak it to Wired, because they do have a bit of a record on turning over sources.
 
2013-05-15 10:08:41 AM

MooseUpNorth: Insaniteus: OR you could just...and hear me out on this...use snail mail.

Use a cheap pen, and remember that paper will hold fingerprints, the envelope will have a postmark, and the saliva you may have used to lick it closed/lick the stamp may be genetically identifiable.


1. Of course.
2. Wear cheap plastic gloves like these when handling the writing materials.
3. Post mark only identifies what post office it initially entered the system, and only the approximate time.  They won't be able to tell what mail box it was initially deposited in, or when it was initially deposited (especially over the weekend).
4. Self-sealing security envelopes are cheap enough.
 
2013-05-15 10:10:23 AM

God-is-a-Taco: There's always Tor, TrueCrypt, VPN, and proxies in general.
I suppose most people wouldn't be aware of how to use those, though.


If you happen to get the entire national security apparatus interested in you, I have a sneaking suspicion that they will eventually be able to find you behind your 7 proxies.
 
2013-05-15 10:18:55 AM

OnlyM3: D135

FTFA: "...we now live in a surveillance dystopia beyond Orwell's Big Brother vision."
Whoa buddy, reign it in there.

Where did he go to far?


Unless your TV is watching you, I don't believe we are beyond Orwell's vision.

/Where's this dystopia?  I can't find it on the map...
 
2013-05-15 10:28:13 AM

dittybopper: God-is-a-Taco: There's always Tor, TrueCrypt, VPN, and proxies in general.
I suppose most people wouldn't be aware of how to use those, though.

If you happen to get the entire national security apparatus interested in you, I have a sneaking suspicion that they will eventually be able to find you behind your 7 proxies.


Yeah yeah, the 7 proxies thing is funny, but it's foolish to dismiss all the stuff working in tandem.
Just like a medieval archer wouldn't carry a bow without arrows or a side weapon*, an informant wouldn't rely just on proxies. There's also e-mail services out there for "public" e-mail accounts or accounts that are automatically deleted a few minutes after use.


*Boy, what a crappy analogy that was
 
2013-05-15 10:49:02 AM

God-is-a-Taco: There's also e-mail services out there for "public" e-mail accounts or accounts that are automatically deleted a few minutes after use.


1) Wardrive for an open residential network.
2) Use a burner phone or netbook.
3) Inject the email to an open relay in China, having first used the DNSBL to find a suitable victim.
4) Take your leak.

There's still no effective defense against any of these for a small single-shot anonymous packet.
 
2013-05-15 10:59:58 AM

God-is-a-Taco: dittybopper: God-is-a-Taco: There's always Tor, TrueCrypt, VPN, and proxies in general.
I suppose most people wouldn't be aware of how to use those, though.

If you happen to get the entire national security apparatus interested in you, I have a sneaking suspicion that they will eventually be able to find you behind your 7 proxies.

Yeah yeah, the 7 proxies thing is funny, but it's foolish to dismiss all the stuff working in tandem.
Just like a medieval archer wouldn't carry a bow without arrows or a side weapon*, an informant wouldn't rely just on proxies. There's also e-mail services out there for "public" e-mail accounts or accounts that are automatically deleted a few minutes after use.


*Boy, what a crappy analogy that was


Meh, I've seen worse analogies.

But let me tell you something you may not be aware of:  I'm currently a programmer/analyst, and I used to be a signals intelligence intercept operator.  Now, I don't know any classified information that is less than 24 years old, but I can extrapolate based upon what I know from back then, and the (unclassified) information I have now, and my considered opinion is that anyone who is relying on technology to protect themselves from possible government surveillance is playing a fools game.

Take, for example, Osama bin Laden.  It took us nearly 10 years to find him, because he eschewed modern forms of communication.  He learned that lesson back in the 1990's.  Had he been using more modern forms of communications, we'd have found him much quicker.  His major problem is that he didn't take it far enough:  His couriers still used cell phones, and that led us back to his compound (we identified the location of the courier based upon his cell phone use, then tracked him back to the compound).
 
2013-05-15 11:01:53 AM
This must have been written by the FBI, hoping that people follow it. For just one flaw, all they would have to do to find the emailer is go to the Starbucks whose IP was used and start looking at the surveillance tapes. Something similar was used to find a staffer who snail mailed a videotape of debate prep to a rival campaign.
 
2013-05-15 11:19:51 AM
This has to be a fake
Obama would never let his secret play book fall into enemy hands
 
2013-05-15 11:22:57 AM
Once again - and according to Woodstein in their book - 'Deep Throat' was a composite of several people - not the singular Mark Felt.
 
2013-05-15 12:12:07 PM
dittybopper:
But let me tell you something you may not be aware of:  I'm currently a programmer/analyst, and I used to be a signals intelligence intercept operator.  Now, I don't know any classified information that is less than 24 years old, but I can extrapolate based upon what I know from back then, and the (unclassified) information I have now, and my considered opinion is that anyone who is relying on technology to protect themselves from possible government surveillance is playing a fools game.

Take, for example, Osama bin Laden.  It took us nearly 10 years to find him, because he eschewed modern forms of communication.  He learned that lesson back in the 1990's.  Had he been using more modern forms of communications, we'd have found him much quicker.  His major problem is that he didn't take it far enough:  His couriers still used cell phones, and that led us back to his compound (we identified the location of the courier based upon his cell phone use, then tracked him back to the compound).


I think that, for the time being, the defense is currently beating the offense when it comes to cyber-security. The caveat, of course, is that you actually need to want a defense and that costs effort and/or money. Hell, I bet online child pornography rings are far more secure than defense contractors or various government agencies with an online presence.

It might ultimately boil down to who you know and how willing they are to protect you.
If you catch one hacker, they'll tell you everyone and everything they know in return for a lesser sentence, but bin Laden had people committing suicide attacks for him (not to mention the whole Pakistan thing).
"Trust no one" is probably the ideal message for this stuff.
 
2013-05-15 12:13:10 PM
Or you could buy one of those birthday cards you can record messages in and slip in a tiny data card.

Happy birthday!
 
2013-05-15 12:51:01 PM

God-is-a-Taco: I think that, for the time being, the defense is currently beating the offense when it comes to cyber-security. The caveat, of course, is that you actually need to want a defense and that costs effort and/or money. Hell, I bet online child pornography rings are far more secure than defense contractors or various government agencies with an online presence.


Well, as Donald Rumsfeld said, there are the known knowns, the known unknowns, and the unknown unknowns.

You're not accounting for the unknown unknowns.  You don't know what their technological capabilities are, and neither do I, but by not using technology to communicate, you can at least minimize any technological advantage they might have.

It's an aphorism in the SIGINT community that if you radiate, you can be found, and if you can be found, you can be killed.  So don't farkin' radiate.
 
2013-05-15 01:01:58 PM
So sad that my government would rather protect war criminals and fraudsters because it makes them look bad and instead jail those who would expose their blatant rampant corruption.  I have no respect for our "Justice System" till this is corrected and some of the war criminals start going to trial, and neither should anyone else.
 
2013-05-15 03:44:06 PM
I think TFA completely missed on the camera aspect of things now-a-days.  In just a short walk in my somewhat urban neighborhood I know I am photographed and/or filmed by at least 4 different systems.  Screw the coffee shop.  Wait until you're well away from any cameras, deep into a park or something, then put the battery in and turn on your burner phone.  Then you can use it as a mobile hotspot or make you phone call.  And don't use the same park/location over and over.

There was a guy, Mr. 880, who counterfeited 1 dollar bills that it took the SS years to catch because he NEVER went back to the same store twice.

/if you keep it up long enough you will get caught.
 
2013-05-15 04:24:18 PM
Geeze did anyone watch Matt Damon in the Bourne series? buy 2 burner phones, drop your second phone in the pocket of your contact and then only use it a couple of times, be aware of cameras in your area, pass your info and never ever go back. I would even say to put the info on a little 4gb chip that you can put into a phone and tell him the info is there. Be sure and just use notepad txt file. spoof the origination info on the file header.. easy peasy.
 
Displayed 36 of 36 comments

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »






Report