The Whistleblower’s Guide to the Orwellian Galaxy: How to Leak to the Press
version of this article ran in Wired Opinion last month (“Hear Ye, Future Deep Throats: This Is How to Leak to the Press”). It has been updated given recent events and reflects the author’s new findings about government recording of mail.
Daniel Ellsberg, Mark Felt, Jeffrey Wigand, Sherron Watkins, Bradley Manning, and now… Edward Snowden. (He’s just the latest informant caught in the web of government administrations that view George Orwell’s 1984 as an operations manual.)
But while the list of government (and corporate) whistleblowers continues to grow, their options for leaking continue to shrink. It is, as one commenter noted, “a dangerous time to be right when the government is wrong.” We now live in a world where public servants informing the public about government behavior or wrongdoing must practice the tradecraft of spies and drug dealers à la The Wire. Even the head of the CIA can’t email his mistress without being identified by the FBI. And privately collected data isn’t immune, either; highly sensitive metadata is particularly vulnerable thanks to the Third Party Doctrine.
So how can one safely leak information to the press, let alone coordinate a Deep Throat-style meetup? The obvious choices: email, phone, and mail … but you’ve got to be really careful. Here’s a guide.
The CIA supposedly already provided a guide to secure email, which the Russian Federal Security Service (FSB) translated back to English — convenient, given the situation we now find ourselves in.
Get a dedicated computer or tablet: the cheapest Windows laptop will do. And pay cash, as our normal laptops have a host of automatic synchronization and similar services. Our personal web browsers also contain all sorts of location-identifying cookies. Even if you’re logged in to but don’t actually visit Facebook’s home page, a subpoena to Facebook can still reveal where you connect and what pages you visit — every “Like” button reports to Facebook that you are visiting that particular page, at a particular time, from a particular IP address.
Leave your cellphone, your normal computer, and your metro card (like SmarTrip) at home: anything that speaks over a wireless link must stay behind. Then go to a coffee shop that has open Wi-Fi, and once there open a new Gmail account that you will only use to contact the press and only from the dedicated computer. When registering, use no personal information that can identify you or your new account: no phone numbers, no names.
Don’t forget: if you get anything at the cafe, or take public transit, pay cash. Be prepared to walk a bit, too; you can’t stay close to home for this.
Of course, the job still isn’t finished. When you are done you must clear the browser’s cookies and turn off the Wi-Fi before turning off the computer and removing the battery. The dedicated computer should never be used on the network except when checking your press-contact account and only from open Wi-Fi connections away from home and work.
By the way, I would personally look for a store with security cameras that look old — a continuous tape or similar setup — since once the FBI has the number, the next step is to contact the store that sold the phone. Alternatively, you can get someone else to walk into the store and buy it for you.
You now own your very own “burner” phone — remember The Wire? – and this phone must remain off with the battery removed at all times. Because every active cellphone is effectively a continuous GPS, monitoring your location and feeding the information to the phone company which retains this information for weeks, months, even years. Just a warrant-step away.
Now, to use the phone … Once again, go to a different location without carrying your normal devices, turn on the phone, check your voicemail, make your call, turn it off again, and pull out the battery. Your phone calls are now (hopefully) anonymous so that when the FBI leak-hunt starts, there is no trail for them to follow.
Of course, the burner laptop or phone could still identify you if it’s ever found, as they both contain network identifiers built into the hardware. So if you ever need to abandon your device, first wipe the device back to its factory fresh configuration using any “secure erase” options available, then take a hammer and break the device. Put it in some other piece of trash (like an empty McDonald’s sack), go for another stroll, and drop in a public trashcan.
But if the feds are already following you, you’re caught anyway, so it doesn’t matter if they catch you taking out the trash instead of finding something when they search your home.
Believing that the U.S. Postal Service recorded specific mail address information only when asked by law enforcement, I had previously argued that there’s no history with mail — and even if there were, it could only be traced to the processing post office.
However, The Smoking Gun spotted — buried in an affidavit! — that the U.S. Postal Service records the outside of mail. According to the full affidavit (also available on RECAP; see page 5) the machine used to automate mail operations, the Automated Facer Canceler System, contains a “Mail Isolation Control and Tracking” program that photographs every single piece of mail and maintains this information for future access by law enforcement.
Although there’s no mention of optical character recognition to allow indexing by recipient rather than by postmark, leakers must now assume that the U.S. government is indeed recording the outside of everything we mail. A leaker should therefore access a public postbox in the same way s/he uses a burner phone: Leave all devices behind, walk to a remote postbox, and follow all the other guidelines above. But be sure to include a note to the reporter telling him or her to trash the envelope immediately.
***
All of this may seem like a script for a fictional T.V. show. But such extreme measures are a modern necessity if you want to leak information. Any future Deep Throat needs to follow these sorts of procedures if he or she wishes to talk to the press.
Though just imagine if Mark Felt had to do all of the above when leaking to Woodward and Bernstein. Snowden might have been willing to out himself … but not everyone is.
Miscellaneous Commentary from various people commenting on the post in wired magazine follows:
Don't forget not to use any Windows or Apple OS. Download a Linux system in source-code format and compile it yourself. Microsoft has now admitted that they have back-door monitors on all their systems since 1999 and, although they deny it, Apple probably has also.
Leak it to a foreign press agency. Everybody in the US is bought and paid for.
Editor’s Note: An earlier Daniel Ellsberg, Mark Felt, Jeffrey Wigand, Sherron Watkins, Bradley Manning, and now… Edward Snowden. (He’s just the latest informant caught in the web of government administrations that view George Orwell’s 1984 as an operations manual.)
But while the list of government (and corporate) whistleblowers continues to grow, their options for leaking continue to shrink. It is, as one commenter noted, “a dangerous time to be right when the government is wrong.” We now live in a world where public servants informing the public about government behavior or wrongdoing must practice the tradecraft of spies and drug dealers à la The Wire. Even the head of the CIA can’t email his mistress without being identified by the FBI. And privately collected data isn’t immune, either; highly sensitive metadata is particularly vulnerable thanks to the Third Party Doctrine.
So how can one safely leak information to the press, let alone coordinate a Deep Throat-style meetup? The obvious choices: email, phone, and mail … but you’ve got to be really careful. Here’s a guide.
Leaking by Email
The CIA supposedly already provided a guide to secure email, which the Russian Federal Security Service (FSB) translated back to English — convenient, given the situation we now find ourselves in.
Get a dedicated computer or tablet: the cheapest Windows laptop will do. And pay cash, as our normal laptops have a host of automatic synchronization and similar services. Our personal web browsers also contain all sorts of location-identifying cookies. Even if you’re logged in to but don’t actually visit Facebook’s home page, a subpoena to Facebook can still reveal where you connect and what pages you visit — every “Like” button reports to Facebook that you are visiting that particular page, at a particular time, from a particular IP address.
Leave your cellphone, your normal computer, and your metro card (like SmarTrip) at home: anything that speaks over a wireless link must stay behind. Then go to a coffee shop that has open Wi-Fi, and once there open a new Gmail account that you will only use to contact the press and only from the dedicated computer. When registering, use no personal information that can identify you or your new account: no phone numbers, no names.
Don’t forget: if you get anything at the cafe, or take public transit, pay cash. Be prepared to walk a bit, too; you can’t stay close to home for this.
Of course, the job still isn’t finished. When you are done you must clear the browser’s cookies and turn off the Wi-Fi before turning off the computer and removing the battery. The dedicated computer should never be used on the network except when checking your press-contact account and only from open Wi-Fi connections away from home and work.
Leaking Over the Phone
Again, start by leaving all electronic devices at home. Go to a small liquor store in a low-income neighborhood, and buy a pre-paid cellphone (TracPhone or similar) with cash. Make sure it has enough airtime to not expire for a few months — T-mobile prepaid is particularly good since the pay-as-you-go plan doesn’t expire for a full year if you buy $100 of airtime.By the way, I would personally look for a store with security cameras that look old — a continuous tape or similar setup — since once the FBI has the number, the next step is to contact the store that sold the phone. Alternatively, you can get someone else to walk into the store and buy it for you.
You now own your very own “burner” phone — remember The Wire? – and this phone must remain off with the battery removed at all times. Because every active cellphone is effectively a continuous GPS, monitoring your location and feeding the information to the phone company which retains this information for weeks, months, even years. Just a warrant-step away.
Now, to use the phone … Once again, go to a different location without carrying your normal devices, turn on the phone, check your voicemail, make your call, turn it off again, and pull out the battery. Your phone calls are now (hopefully) anonymous so that when the FBI leak-hunt starts, there is no trail for them to follow.
Of course, the burner laptop or phone could still identify you if it’s ever found, as they both contain network identifiers built into the hardware. So if you ever need to abandon your device, first wipe the device back to its factory fresh configuration using any “secure erase” options available, then take a hammer and break the device. Put it in some other piece of trash (like an empty McDonald’s sack), go for another stroll, and drop in a public trashcan.
But if the feds are already following you, you’re caught anyway, so it doesn’t matter if they catch you taking out the trash instead of finding something when they search your home.
Leaking by Mail
Investigative journalist Julia Angwin of the Wall Street Journal pointed out that physical mail, dropped in a random post-box with a bogus return address, is perhaps the best way for anonymous one-way communication. Perhaps the best use of mail is simply to send the reporter a burner phone pre-programmed to only call your burner.Believing that the U.S. Postal Service recorded specific mail address information only when asked by law enforcement, I had previously argued that there’s no history with mail — and even if there were, it could only be traced to the processing post office.
However, The Smoking Gun spotted — buried in an affidavit! — that the U.S. Postal Service records the outside of mail. According to the full affidavit (also available on RECAP; see page 5) the machine used to automate mail operations, the Automated Facer Canceler System, contains a “Mail Isolation Control and Tracking” program that photographs every single piece of mail and maintains this information for future access by law enforcement.
Although there’s no mention of optical character recognition to allow indexing by recipient rather than by postmark, leakers must now assume that the U.S. government is indeed recording the outside of everything we mail. A leaker should therefore access a public postbox in the same way s/he uses a burner phone: Leave all devices behind, walk to a remote postbox, and follow all the other guidelines above. But be sure to include a note to the reporter telling him or her to trash the envelope immediately.
***
All of this may seem like a script for a fictional T.V. show. But such extreme measures are a modern necessity if you want to leak information. Any future Deep Throat needs to follow these sorts of procedures if he or she wishes to talk to the press.
Though just imagine if Mark Felt had to do all of the above when leaking to Woodward and Bernstein. Snowden might have been willing to out himself … but not everyone is.
Miscellaneous Commentary from various people commenting on the post in wired magazine follows:
Don't forget not to use any Windows or Apple OS. Download a Linux system in source-code format and compile it yourself. Microsoft has now admitted that they have back-door monitors on all their systems since 1999 and, although they deny it, Apple probably has also.
It's a matter of jurisdiction and impact - if you turn out to be located in Nigeria, Belarus or some other place where the authorities are uninterested in bringing charges. There's also little value in tracking them down unless they've dinged someone powerful for something of great value.
You may want to change the MAC address of the WiFi NIC after each WiFi use as well, as there is probably a record of your connection with the open hotspot, linked to the NIC's MAC address, and then there is probably a record about which NIC with which MAC address was put into which computer and where was that computer sold. The vendor may then remember a nerdy looking man with glasses and a fledgling beard.
There may be another backdoor in the hardware, perhaps Cisco or whoever manufactured your WiFi NIC, has - on government demand - put in some extra data that is communicated or collected or a chip that remembers which access points you have connected to, and perhaps this chip uploads this information on a regular basis to a certain server that is screened by the CIA.
"The dedicated computer should never be used on the network except when checking your press-contact account"
Never ever log into the same account. They monitor newspapers and once you log in with the same username or send to the same e-mail address they can locate your IP-address/location within seconds or provide you with a faked email service.
Don't even try to establish a two-way communication, just drop the material physically. If you are going to print it out, beware that most printers write identifications numbers that can be tracked
Beware of ~ set up internet cafes where you may be exposed to an email interception programme and key-logging software to spy on delegates use of computers.
Dont go back to the same cafe/brand of cafe after the first email.
Never trust any generation of MS or Apple filesystem/OS.
Something might be waiting for you to log in again.
And...Mind the cameras - even when sending an email from some coffee shop, there is a chance you get picked up by CCTV on your way there. If the authorities have any other indication that it could be you, this might be enough for them to connect the dots.
Buy a wireless dongle using cash. Turn off the laptop wireless completely and use the dongle for wireless, then if the ISP captures the MAC address it will be for the dongle that you dump on the way home.
No comments:
Post a Comment