Here are some examples of how not to protect yourself, your colleagues or your confidential sources.
N.B. whistleblowers & journalists should not be treated like terrorists, but they can sometimes learn from them.
- Email & Mobile phone Privacy for Lovers - UK lessons from the CIA Director Petraeus affair - Gmail security strengths & anonymity weaknesses (.pdf) - presented at Cryptoparty London 3, Wednesday 12th December 2012
Petraeus and his lover supposedly used a Google gmail account, without sending or receiving actual emails (which generate Communications Data log files). They are reported as having usied shared password access to Draft messages or documents in the web mail account to which they both had access.
This trick has also been used by (failed) terrorists and other criminals in the past.
- These terrorists' attempt to evade surveillance, actually ended up providing hard evidence, which convicted them:
12:36pm Wednesday 24th April 2013
Two British-born Islamic extremists used a laptop to hold "silent conversations" about terrorist plans that included Royal Wootton Bassett as a potential target, a court heard today.
Richard Dart and Imran Mahmood tried to avoid surveillance by typing into a Word document on a laptop rather than speaking aloud, prosecutors claim.
Prosecutor Jonathan Laidlaw QC told the court: "The method employed as the police, with the help of computer experts, would subsequently discover, involved Dart and Mahmood sitting together at a computer and opening a Word document on the computer to conduct what in effect was a silent conversation.
"Having had that discussion by typing into the document, the document was then deleted by one or other of the defendants, without having been saved and as far as the defendants were concerned the document would therefore be destroyed forever.
"They plainly were under the misapprehension that the text once deleted could never be recovered."
The tactic suggested that they were aware that they might be under surveillance, the court heard.
(via this Sky News video clip Wootton Bassett Terror Plotter Jailed
The spelling mistakes in the ASCII text conversions from the hexadecimal imply that this has been released by the Police / MI5 rather than faked as some other Tv news clips show (with the incriminating words seemingly being typed into a document)
The Daily Mail
adds this detail:
They would open a Word document and take it in turns to type, before deleting the text and mistakenly assuming that none of it would be stored on the machine.
However forensic experts were able to plough through 2,000 pages of computer code to decipher fragments of what was said.
These included Mahmood making a reference to Wootton Bassett and then adding 'if it comes down to it it's that or even just to deal with a few MI5 MI6 heads'.
Counter-terrorism teams also believe that the pair used the same tactic walking down the street with a mobile phone.
If you really are under close audio or video surveillance, such techniques are likely to fail, because there may be video or even audio evidence of the participants actually typing on a keyboard (much easier to read than what is on the screen).
With the right set up, the characteristic sounds from each key on the keyboard could potentially be analysed.
Why did the terrorists use Word ? Remember that this ususually creates a Temporarary file of each document and may in fact be set to Autsave every 10 minuites or so.
An MSDOS or / CMD.exe command line would have done as well to display words on the screen, with no danger of temporary files (you can change the options to have easier to read colours and fonts than standard)
If you are already under such close surveillance, then you are unlikley to remain unidentified as a whistleblower.