Thursday, November 30, 2017

CyberStalking

 
In July 2017, a Pew Research Center survey found that forty-one percent (41%) of Americans claimed to have experienced some form of on-line harassment. Of those claiming to have been harassed on-line, the majority described this harassment as name calling or intentional embarrassment. Only eighteen percent (18%) of those surveyed claimed to have experienced a more sever type of harassment such as "physical threats, sustained harassment, stalking and sexual harassment". (1)
 
Of all of those who claimed to have been a victim of on-line harassment, fifty-eight percent (58%) claimed that the harassment came through social media (i.e. Facebook and Twitter), twenty-three percent (23%) claimed that the harassment occurred in the comments section of a web-site, while fifteen percent (15%) claimed that they were harassed through a text message or messaging app.
 
The most commonly cited reason for being harassed on-line was because of one’s expressed political views. Of those individuals who claimed to have been the victim of on-line harassment, thirty-five percent (35%) related this harassment was in response their expressed political views. Political harassment was equally likely with both Republicans and Democrats. 
 
To summarize the Pew Research Center data, a small percentage (18%) of Americans claim to be victims of the more sever types of harassment, that harassment most often (58% of the time) is posted to social media, and most commonly (35%) relates to the harassed person’s political views.
 
The video "The Use of Technology to Stalk" highlights how technology may be used in more severe forms of cyberstalking. This 15-minute training video was designed to enhance awareness among professionals working with stalking victims of how stalkers use a vast array of technologies available today. 

Most commonly offered advice for victims of on-line harassment goes something like this: Never respond to the harasser, document everything, file complaints with the Internet Service Provider and with the police. While this is reasonable advice, let’s look at a few other things that we might do.
 
First try to identify the reasons you have become a target for on-line harassment. If you are being harassed on-line, you probably have some kind of an on-line presence. Are you posting comments on-line that others might consider inappropriate, offensive, or harassment from you? Yes, you certainly have a right to express an opinion about controversial topics on-line, but others have a right to respond; and controversial topics often lead to heated discussions, some of which may get out of hand. If you are involved in an on-line debate that is getting out of hand, stop posting and commenting yourself, and let the situation cool down a bit.
 
Avoid making public accusations about the person(s) whom you believe to be harassing you. If you are right, this just feeds the cyberstalker and keeps him/her interested in you (never respond to a harasser). If you are wrong you may find yourself facing a lawsuit for libel and defamation. Generally speaking, your best course of action when dealing with cyberstalkers is to block their ability to contact you, and limit their ability to gather information about you (i.e. employ good personal OPSEC).   
 
On most social media sites, you can block other users from contacting you or accessing your on-line posts. You can also set e-mail filters to block e-mail from specific addresses or domains, and to filter out messages containing specific content (such as profanity). On your cell-phone / smartphone you can block text messages and calls from specific numbers. Blocking works when you know who is harassing you. Filtering works when you want to avoid specific content. Whitelisting is another option where you set your accounts to accept messages only from people that you have specifically approved.
 
Most social media platforms have simple steps that you can take to block another user who is bothering you. Here are just a few examples:
 
 
On-line Safety Tips

 
 
Practice Individual OPSEC and Personal Security on a daily basis. Incorporating good security practices into your life can protect you from on-line harassment as well as mitigating threats that you may face from other sources.
 
While all of the above applies to your personal social media accounts and personal communications, the question arises: Do public officials have the right to block users who insult them or post scathing comments publicly? According to a ruling by at least one court, the answer is no.
 
An interesting August 2017, article on NextGov.Com discusses this question of
 
How Government Agencies Can Protect Their Social Media Accounts - And Employees
 
Government employees are facing an interesting dilemma. They're trying to meet citizen demands for more personal forms of engagement with government. Yet, when they adopt social media channels to do this, they open themselves up to public feedback and criticism.
 
As a public official, do they have the right to block users who insult them or post scathing comments publicly? Apparently not. In July, the American Civil Liberties Union asked Kentucky Gov. Matt Bevin to stop blocking people from following his social media accounts; Michigan state government accounts were reported to have blocked more than 800 Twitter handles, including @POTUS; and the El Paso Police Department's public affairs staff blocked users from the department’s Twitter and Facebook accounts.
 
This culminated recently when a federal court judge ruled against a Virginia official  who banned a user from accessing her Facebook page. The results of this case pose serious consequences that could reach as far as the White House - a similar suit has been filed against President Donald Trump with regards to his personal Twitter @realDonaldTrump.
 
 

Posted by at No comments:

Wednesday, November 29, 2017

VeraCrypt

VeraCrypt  is a free open source disk encryption software for Windows, Mac OSX and Linux; based on TrueCrypt 7.1a. VeraCrypt allows you to (1) Create an encrypted file container, (2) Encrypt a non-system partition / drive (such as a flash drive), and (3) Encrypt the system partition or entire system drive.
 
Once you have downloaded and installed VeraCrypt on your computer, making an encrypted container is very simple. Just run VeraCrypt, click the ‘Create Volume’ button and follow the steps in the wizard to create an encrypted file container. Once created, the VeraCrypt encrypted file container works like another drive on your computer. Choose an unused drive letter, mount your encrypted file container and everything in the container is available to use. When you dismount the container everything in it is encrypted, helping to protect your sensitive files and folders if your computer is ever hacked, seized, or stolen.
 

To mount an encrypted file container, run VeraCrypt and select the file that is your encrypted container. Click the ‘Mount’ button and enter the password for that container (VeraCrypt recommends passwords of at least 20 characters). The container is then decrypted and becomes available. To re-encrypt everything in the container, just select the drive letter for the container and click the ‘Dismount’ button. You can have multiple encrypted file containers on your computer, as long as you have available space on your hard-drive to create them.
 
VeraCrypt has several additional features, all of which are explained in the VeraCrypt User Guide . Take time to read this documentation and learn how you can use VeraCrypt to safeguard your private and sensitive information. I use VeraCrypt and recommend it as an effective means of adding additional security to your digital files and folders.
 
Download Your Copy of VeraCrypt here: https://www.veracrypt.fr/en/Home.html
 



Posted by at No comments:

Tuesday, November 28, 2017

WHONIX

 
Whonix is a desktop operating system designed for advanced security and privacy. Whonix mitigates the threat of common attack vectors while maintaining usability. Online anonymity is realized via fail-safe, automatic, and desktop-wide use of the Tor network. A heavily reconfigured Debian base is run inside multiple virtual machines, providing a substantial layer of protection from malware and IP address leaks. Commonly used applications are pre-installed and safely pre-configured for immediate use. The user is not jeopardized by installing additional applications or personalizing the desktop. Whonix is under active development and is the only operating system designed to be run inside a VM and paired with Tor. Whonix is available for all major operating systems. Most commonly used applications are compatible with the Whonix design. https://www.whonix.org/
 
 
Posted by at No comments:

Monday, November 27, 2017

Carpenter v. U.S

 
When the US Supreme Court Justices return from holiday break this month they are expected to rule on the case of Carpenter v. U.S. At issue is "whether the warrantless seizure and search of historical cellphone records revealing the location and movements of a cellphone user over the course of 127 days is permitted by the Fourth Amendment."
 
Timothy Carpenter argues that his Fourth Amendment rights against unreasonable search and seizure were violated when the government obtained his cell phone location records from MetroPCS and Sprint without a warrant. The government argues that it has the right to obtain this type of cell-phone record without a warrant under the 1986 Stored Communications Act, that allows this type of data to be searched if the government can show reasonable grounds to believe it will be relevant to a criminal investigation. The government further argues that Carpenter lacks a legitimate expectation of privacy because he voluntarily turned his location information over to a third party when he signed up for cell service.
 
Over a dozen companies are urging the US Supreme Court to rule that Fourth Amendment protections apply to the cellphone location data. Apple, Google, Microsoft, Facebook, Verizon, and other technology and telecom companies have filed an amicus brief with the Supreme Court, arguing that the phone data should not be accessed by law enforcement without a warrant or court order.  
 
The decision in this case is likely to have broad and long-term effects on the privacy rights of Americans. It is my belief that we do have a reasonable expectation of privacy in our digital data. As Justice Roberts said in Riley v. California "Modern cell phones are not just another technological convenience. With all they contain and all they may reveal, they hold for many Americans "the privacies of life". The fact that technology now allows an individual to carry such information in his hand does not make the information any less worthy of the protection for which the Founders fought." 


Posted by at No comments:

Free Computer Forensics Tools

 
 
Cyber-security professionals, system and network administrators, and various law enforcement and security agencies may all have a need to conduct a forensic examination of a computer. Skilled computer users (hackers) may want to conduct forensic examinations of their own computer systems to better understand how they work, and how information flows across their home networks.

Below are some of the more popular computer forensic freeware programs. Downloading and learning to use these programs will improve your forensic and security knowledge, and will enhance your ability to secure your own computer systems against attack and against forensic analysis.

Autopsy is a forensic tool which is used by the military, law enforcement, and corporate examiners to investigate what had happened on a smartphone or a computer. The Autopsy has a plug-in architecture which allows the user to find add-on modules or even develop custom modules written in Java or Python. Autopsy analyzes disk images, local drives, or a folder of local files. Disk images can be in either raw/dd or E01 format. E01 support is provided by libewf.  Download a Free copy of Autopsy here: http://www.sleuthkit.org/autopsy/download.php
 
Browser History Capturer is a free tool that allows you to easily capture web browser history from a Windows computer. The tool can be run from a USB dongle to capture history from Chrome, Firefox, Internet Explorer and Edge web browsers. The history files are copied to the chosen destination in their original format, allowing them to be analysed later using your tool of choice. The data captured includes bookmarks, cached files, cookies, downloads, form history, saved logins, searches, website history and more. Download a Free copy of Browser History Capturer here: https://www.foxtonforensics.com/browser-history-capturer/
 
Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998. Download a Free copy of Wireshark here: https://www.wireshark.org/

Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Download a Free copy of Nmap here: https://nmap.org/download.html

HxD - Freeware Hex Editor and Disk Editor is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size. Download a Free copy of HxD here: https://mh-nexus.de/en/hxd/

PlainSight is a versatile computer forensics environment that allows inexperienced forensic practitioners perform common tasks using powerful open source tools.PlainSight has taken the best open source forensic/security tools, customised them, and combined them with an intuitive user interface to create an incredibly powerful forensic environment. Download a Free copy of PlainSight here: http://www.plainsight.info/index.html

FTK Imager is a data preview and imaging tool that allows you to examine files and folders on local hard drives, network drives, CDs/DVDs, and review the content of forensic images or memory dumps. Using FTK Imager you can also create SHA1 or MD5 hashes of files, export files and folders from forensic images to disk, review and recover files that were deleted from the Recycle Bin (providing that their data blocks haven’t been overwritten), and mount a forensic image to view its contents in Windows Explorer. Download a Free copy of FTK Imager here: http://www.accessdata.com/product-download
 
Hiren’s BootCD is a boot disk utility that will help in resolving and making reformatting your computer easy. This kind of compilation software provides a compilation of programs to help resolves most and some uncommon Internet and computer issues like driver failure, intermittent internet connection and other computer malfunctions. Download a Free copy of Hiren’s BootCD here: http://www.hirensbootcd.org/about/
 
Volatility supports memory dumps from all major 32- and 64-bit Windows versions and service packs including XP, 2003 Server, Vista, Server 2008, Server 2008 R2, Seven, 8, 8.1, Server 2012, and 2012 R2. Whether your memory dump is in raw format, a Microsoft crash dump, hibernation file, or virtual machine snapshot, Volatility is able to work with it. Download a Free copy of Volatility here: https://code.google.com/archive/p/volatility/downloads
 
Field Search is a suite of software products designed for use in the field by non-technical criminal justice personnel to allow them to quickly and efficiently search a target computer and create a detailed report of the findings. This approach provides a fast and powerful, yet easy method of examining and monitoring computer use. Field Search blends preview functions with evidence gathering and reporting functions. Download a Free copy of FieldSearch (for LE Agencies) here: https://www.justnet.org/app/fieldsearch/request.aspx
 
Video Previewer quickly processes a video and shows its key frames in a PDF file. It is particularly useful in investigations where watching a video is time consuming. It allows specification to select frames at equally spaced intervals, or to perform intelligent selection of frames based on scene changes. Download a Free copy of Video Previewer here: https://dfcsc.uri.edu/research/videoPreviewer

USB Historian parses USB information, primarily from the Windows registry, to give you a list of all USB drives that were plugged into the machine. It displays information such as the name of the USB drive, the serial number, when it was mounted and by which user account. This information can be very useful when you’re dealing with an investigation whereby you need to understand if data was stolen, moved or accessed. Download a Free copy of USB Historian here: http://www.4discovery.com/our-tools/
 
 
 
 

Posted by at No comments:

Sunday, November 26, 2017

Blind Carbon Copy (BCC) For Privacy


Large e-mail lists are often developed when sending out newsletters, bulletins, or daily announcements. If you send an e-mail to multiple people, a security best practice is to place all of the e-mail addresses on the Blind Carbon Copy (BCC) line of the message. Addresses on the BCC line are not visible to recipients of the e-mail, unlike addresses on the To: and Cc: lines which everyone can see. Everyone listed on the BCC line will receive a copy of the e-mail, but their e-mail address will remain invisible to other recipients of the message.
 
If a message is forwarded, addresses on the To: and Cc: lines are sent with the forwarded message, but addresses on the BCC line remain invisible and are not included with the forwarded message. If someone selects ‘Reply All’ in a message, the sender and everyone on the To: and Cc: lines receive the reply, but addresses on the BCC line do not receive the reply because they are not visible to the system. Of course, everyone on the BCC line is still able to reply to the sender of the message. In general when using BCC to send e-mail to large groups, put your own e-mail address on the To: since everyone will know the message is from you anyway.
 
Keep in mind that many people do not want their e-mail address and other personal information disclosed to someone that they do not know. Using BCC protects individual privacy by not disclosing the e-mail address of every person on a distribution list to every other person on the list. BCC helps to reduce Spam since BCC addresses cannot be seen and harvested by Spammers and BCC messages cannot not be used to develop lists of names of the employees of a company or members of an organization since, again, the names and e-mail addresses of the recipients are not visible.

It should also be noted that NIST Special Publication 800-122, "Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)" lists e-mail addresses as one type of PII. The "OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002" (M-03-22, Attachment A. IIA.b.) also specifically identifies email addresses as PII.  You may have specific legal requirements to safeguard PII, especially if you send information to people in multiple businesses, organizations, or separate government agencies.

According to the U.S. Department of Labor, Personal Identifiable Information (PII) is defined as:
Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). Additionally, information permitting the physical or online contacting of a specific individual is the same as personally identifiable information. This information can be maintained in either paper, electronic or other media.
 
BCC helps to protects the privacy of individuals included in large e-mail groups. It also helps protect you (the sender) since someone who receives a copy of your e-mail is unable to see your entire distribution list. Note however that BCC e-mail addresses are visible to someone with access to the Exchange Server, so BCC does not hide e-mail addresses from your e-mail service provider. Additionally, when using encryption with BCC, the encryption system my expose BCC addresses.  In a Stanford University paper Correcting Privacy Violations in Blind-Carbon-Copy (BCC) Encrypted Email, the authors, "show that many widely deployed email encryption systems reveal the identities of Blind Carbon-Copy (BCC) recipients. For example, encrypted email sent using Microsoft Outlook completely exposes the identity of every BCC recipient. Additionally, several implementations of PGP expose the full name and email address of BCC recipients. Email messages should not reveal the identities of Blind-Carbon-Copy (BCC) recipients. We show that many widely deployed email encryption systems, however, reveal the identities of every BCC recipient to all email recipients and to anyone who examines the email message en route. In most cases, the BCC recipient’s identity is exposed by a unique identifier that also exists in publicly accessible databases on the Internet. In some cases, however, the full name and email address of a BCC recipient is included in the clear in the ciphertext of the encrypted email message... Conclusions: many encrypted email systems mishandle BCC recipients and violate privacy. The most severe violations are in implementations of S/MIME, including Outlook, Mail.app, and Thunderbird, where the identities of BCC recipients are completely exposed to anyone with a text editor."
 
Even though encryption can expose BCC addresses, I still recommend using BCC when sending e-mail to large groups of people. BCC protects you from accidental exposure of your e-mail distribution lists, and prevents multiple e-mail addresses from being displayed in printed copies of an e-mail. Also, most recipients of your e-mail messages are unlikely to be attempting to expose the BCC addressees of your message. So, BCC is still a useful security practice. 
 
If the BCC line is not visible when you open a new e-mail message: In an open message, on the Message Options or Options tab, in the Fields or Show Fields group, click Show Bcc or Bcc. (Applies To: Outlook 2016 Outlook 2013 Outlook 2010 Outlook 2007.)
 
Although BCC is not perfect, it is a simple technique to help improve security of your e-mail.  Consider using BCC the next time you send an e-mail to a large group of people.
 
 


Posted by at No comments:

Saturday, November 25, 2017

PGP and GnuPG

 
CERT at Carnegie Mellon University - Software Engineering Institute has said "We recommend that you encrypt sensitive information in email to protect it from being viewed by unintended recipients. We prefer OpenPGP standard cryptography, which usually means Pretty Good Privacy (PGP) or the GNU Privacy Guard (GnuPG or GPG)." 
 
Having an OpenPGP key-pair allows others, who have a copy of your public key, to send you encrypted messages that only you (with your private key) can read. There are several freeware programs that use OpenPGP. I have listed some of the most popular and easy-to-use programs here:
 
Once you have a PGP key-pair, publish your public key where others can easily access it, such as on your Facebook ‘Contact an Basic Info’ page, on your personal web-page, in your blog (my PGP public key can be found here),  or upload your public key to a PGP Key Server.
 
Even if you regularly use some other means of encrypted communication, having a PGP key-pair has many advantages, such as allowing someone you never met to communicate with you securely (as long as that person has your public key), and allowing people you have never met to validate things that you have digitally signed with your private key.
 
 


Posted by at No comments:

Friday, November 24, 2017

How to Encrypt Your Facebook Messages

 
If you use Facebook Messenger on your phone, please be sure that you have the latest version (to support 'Secret Conversations'). If you haven't done so, go to the App Store / Play Store and re-install / update your version of FB Messenger. Secret Conversations has been available in Facebook Messenger for over a year, but many long-time users of Messenger may not have the most current version on their phones.
 
Updating to the latest version of Messenger will give you the option of using the 'Secret Conversations' function to have end-to-end encryption when sending a FB Message to someone else's phone. Secret Conversations can be turned on when starting a new message within Messenger.  Messages will only be kept secret if both users have the updated versions. If someone is using an outdated version of Messenger they won't be able to send and receive Secret Conversations.
 
A secret conversation in Messenger is encrypted end-to-end, which means the messages are intended just for you and the other person - not anyone else, including us. Keep in mind that the person you're messaging could choose to share the conversation with others (example: a screenshot). Both you and the other person in the secret conversation have a device key that you can use to confirm that the messages are end-to-end encrypted. You can use multiple devices for secret conversations.
 
The Facebook help page provides the following instructions for using Secret Conversations:
 
Secret Conversations also gives people the option to let specific messages within Secret Conversations expire after five seconds or up to a day -- a feature not unlike what's offered on Snapchat.
 
Secret Conversations are currently only available in the Messenger app on iOS and Android, so they won't appear on Facebook chat or messenger.com.
 
 



Posted by at No comments:

Thursday, November 23, 2017

Stingray - How Cops Hack Your Phone

 
Police agencies around the United States are using a powerful surveillance tool to mimic cell phone signals to tap into the cellular phones of unsuspecting citizens, track the physical locations of those phones, and perhaps even intercept the content of their communications. The device is known as a Stingray, and it is being used in at least 23 states and the District of Columbia. Originally designed for use on the foreign battlefields of the War on Terror, "cell-site simulator" devices have found a home in the arsenals of dozens of federal, state, and local law enforcement agencies.

In an article published yesterday (November 22, 2017), Isabella McKinley Corbo discusses "How cops hack into your phone without a warrant" and the upcoming US Supreme Court case involving Timothy Carpenter. At the end of November, however, Carpenter’s lawyers will argue in front of the Supreme Court that the FBI violated his Constitutional rights by searching his cell phone’s location data without a warrant. His case could change how law enforcement goes about finding and using information on Americans’ cell phones. 

Posted by at No comments:

Happy Thanksgiving

 
 
Posted by at No comments:

Wednesday, November 22, 2017

Confidential Tips

 
Whether you are a whistleblower wanting to provide information to a news agency, or a news agency wanting to be able to receive reports from confidential sources, it is important to understand how to securely and anonymously send and receive sensitive information. The Intercept, the Washington Post, and the Guardian each provide instructions on their official web-pages for individuals who wish to provide confidential tips to these news agencies. If you want to set up a way for sources to contact you anonymously and securely; reading the article "Opening Secure Channels for Confidential Tips" may provide you with some good ideas.
 
It’s not just news agencies, however, that may want to receive information from confidential sources. A law enforcement agency may want to receive tips about crime, and a security agency may want to receive suspicious activity reports. Having a way for sources to provide you with information anonymously and securely may result in you receiving information that you might not otherwise get if sources must fear for their safety, or risk exposure in the public eye. Of course, an anonymous report means that you have to work harder to validate the credibility and veracity of the information that you receive, but in many case the reward is worth the extra effort. It may also be that a source is willing to identify himself or herself, but wants to ensure the security of the information that he or she is providing. Secure communication tools such as GnuPG, Signal, and Secure Drop make this possible.  If you work for the DOD, or other government agency, you might consider using Safe Access File Exchange as a way to securely send and receive information. 
 
Dealing with confidential sources and maintaining secure communication is a skill that requires practice, and requires having the necessary protocols set up before you actually need them. So, if tomorrow someone wanted to contact you with time-sensitive, confidential, information would you have a way to receive it and protect your source?
 
 


Posted by at No comments:

Tuesday, November 21, 2017

Underground Tradecraft

 
 
Anarchists, activists, protesters, and dissenters all have their own security culture and employ their own underground tradecraft to protect themselves from surveillance and arrest by the state. There are several guides and manuals that offer advice to these groups. Some of the advice offered is just good general security that may be of interest to anyone regardless of their activities, while other information is specifically aimed at circumventing the law. Whether you are just looking for some security advice for your daily life, or you are trying to understand the tradecraft employed by anarchists, activists, protesters, and dissenters it can be useful to read the security guides and manuals published by and for these groups.
 
The following are just a few of many such guides available on-line:
 
 
 
 
 
 

Email security for Black Lives Matter activists

Surveillance Self-Defense Against the Trump Administration

Cybersecurity for the People: How to Protect Your Privacy at a Protest

Posted by at No comments:

Monday, November 20, 2017

Six Books You Should Read

 

This textbook, at nearly 500 pages, will explain how to become digitally invisible. You will make all of your communications private, data encrypted, internet connections anonymous, computers hardened, identity guarded, purchases secret, accounts secured, devices locked, and home address hidden. You will remove all personal information from public view and will reclaim your right to privacy. You will no longer give away your intimate details and you will take yourself out of 'the system'. You will use covert aliases and misinformation to eliminate current and future threats toward your privacy & security. When taken to the extreme, you will be impossible to compromise. This work contains the Third Edition of Hiding from the Internet in its entirety.
Law professor James J. Duane became a viral sensation thanks to a 2008 lecture outlining the reasons why you should never agree to answer questions from the police—especially if you are innocent and wish to stay out of trouble with the law. In this timely, relevant, and pragmatic new book, he expands on that presentation, offering a vigorous defense of every citizen’s constitutionally protected right to avoid self-incrimination. Getting a lawyer is not only the best policy, Professor Duane argues, it’s also the advice law-enforcement professionals give their own kids. Using actual case histories of innocent men and women exonerated after decades in prison because of information they voluntarily gave to police, Professor Duane demonstrates the critical importance of a constitutional right not well or widely understood by the average American. Reflecting the most recent attitudes of the Supreme Court, Professor Duane argues that it is now even easier for police to use your own words against you. This lively and informative guide explains what everyone needs to know to protect themselves and those they love.
From cyberspace to crawl spaces, new innovations in information gathering have left the private life of the average person open to scrutiny, and worse, exploitation. In this thoroughly updated third edition of his immensely popular guide How to Be Invisible, J.J. Luna shows you how to protect your home address, hide your ownership of vehicles and real estate, use pagers with dumbphones, switch to low-profile banking and invisible money transfers, use alternate signatures, and how to secretly run a home-based business. J.J. Luna divulges legal methods to attain the privacy you crave and deserve, whether you want to shield yourself from casual scrutiny or take your life savings with you and disappear without a trace. Whatever your needs, Luna reveals the shocking secrets that private detectives and other seekers of personal information use to uncover information and then shows how to make a serious commitment to safeguarding yourself.
 
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World
Your cell phone provider tracks your location and knows who’s with you. Your online and in-store purchasing patterns are recorded, and reveal if you're unemployed, sick, or pregnant. Your e-mails and texts expose your intimate and casual friends. Google knows what you’re thinking because it saves your private searches. Facebook can determine your sexual orientation without you ever mentioning it. The powers that surveil us do more than simply store this information. Corporations use surveillance to manipulate not only the news articles and advertisements we each see, but also the prices we’re offered. Governments use surveillance to discriminate, censor, chill free speech, and put people in danger worldwide. And both sides share this information with each other or, even worse, lose it to cybercriminals in huge data breaches.
 
Your every step online is being tracked and stored, and your identity literally stolen. Big companies and big governments want to know and exploit what you do, and privacy is a luxury few can afford or understand. In this explosive yet practical book, Kevin Mitnick uses true-life stories to show exactly what is happening without your knowledge, teaching you "the art of invisibility"--online and real-world tactics to protect you and your family, using easy step-by-step instructions. Reading this book, you will learn everything from password protection and smart Wi-Fi usage to advanced techniques designed to maximize your anonymity.
 
How to Disappear is the authoritative and comprehensive guide for people who seek to protect their privacy as well as for anyone who’s ever entertained the fantasy of disappearing—whether actually dropping out of sight or by eliminating the traceable evidence of their existence. Written by the world’s leading experts on finding people and helping people avoid being found, How to Disappear covers everything from tools for disappearing to discovering and eliminating the nearly invisible tracks and clues we tend to leave wherever we go. Learn the three keys to disappearing, all about your electronic footprints, the dangers and opportunities of social networking sites, and how to disappear from a stalker.
Posted by at No comments:

Secure Your Communications

 
U.S. Justice Louis Brandeis called privacy "the right to be left alone;" the concept that one's personal information is protected from public scrutiny. Having a secure means of communication is essential to preserving our privacy rights and safeguarding our civil liberties.
 
The following programs and applications all provide good security for your on-line communications. I encourage you to review each of these programs adopt the ones that meet your needs.
 
Signal - https://signal.org
Tox - https://tox.chat
Wire - https://wire.com/en/
Wickr https://www.wickr.com/personal/
GnuPG - https://www.gnupg.org
Ring - https://ring.cx
ProtonMail - https://protonmail.com
Tutanota - https://tutanota.com
Jitsi - https://jitsi.org/jitsi-meet/


If you are serious about protecting your private communications, you will probably end up using more than one of these programs. To have secure communications it is necessary that everyone is using the same communication protocol (i.e. everyone chats on Wire, or everyone sends e-mail between ProtonMail accounts). As your number of contacts who use secure communications increases, you may find that not everyone has chosen the use program or application. In this case it will be necessary to agree upon a secure means of communication. Having several secure communications possibilities available, and being familiar with how these programs work, can make it easier to quickly establish a secure communication channel. Finally, while I believe that each of the above programs provides very good security, it is possible that any one of them could be compromised somehow in the future. In this case having redundant secure communications channels allows you to continue to protect your private communications.   
 
 



Posted by at No comments:

Sunday, November 19, 2017

No Skype

 

Some have asked what I think of Skype and whether I use it for personal communications. First, let me say that while Skype provides clear and reliable communication across a variety of platforms; Skype is a communications platform where your private communications are monitored by both Microsoft and by various government agencies. Microsoft (and likely some government agencies) holds the Skype encryption keys, so it has the ability to decrypt and monitor your conversations whenever it wishes. So... No, I do not use Skype for my personal communications, nor do I recommend it to others.
 
Let’s see what others have said about Skype:
 
Skype uses 256 bit AES to encrypt communication between users, although when calling a telephone or mobile, the part of the call over the public switched telephone network (PSTN) is not encrypted. Skype's encryption is inherent in the Skype Protocol and is transparent to callers. Skype is not considered to be a secure VoIP system as the calls made over the network do not make use of end-to-end encryption, allowing for routine monitoring by Microsoft and by government agencies. (Wikipedia)  
 
According to the German web-site DW Akademie "Skype is incredibly popular for making calls and sending instant messages. Part of its attraction is because it’s cheap and easy to use. But many journalists and dissidents also use Skype because they believe it is safe from surveillance and eavesdropping. That simply isn’t true... It is unclear, however, to what extent agencies or governments in other countries apart from the US have been given a backdoor to able to eavesdrop on Skype (although it is clear that Skype in China has been modified to allow for the scanning of certain keywords to filter out messages deemed sensitive by the Chinese government). But even if we play naive and assume Skype isn’t cooperating with other countries, there’s a still a big hole in the belief it can’t eavesdrop on its own services. Earlier in 2013, it was revealed that Microsoft scans Skype instant message (IM) services for URL links. This is a common practice in many companies and isn’t necessarily a bad thing. Companies need to be able to check messages to make sure they aren’t carrying fraudulent links to phishing websites. But in this case, the news that Microsoft was even able scan the messages set off alarm bells in the internet community. This is because it proves the company can convert Skype messages into human readable form even though it has always said it can’t." 

ARS Technica wrote "If you think the private messages you send over Skype are protected by end-to-end encryption, think again. The Microsoft-owned service regularly scans message contents for signs of fraud, and company managers may log the results indefinitely... And this can only happen if Microsoft can convert the messages into human-readable form at will... Still, there's a widely held belief - even among security professionals, journalists, and human rights activists -that Skype somehow offers end-to-end encryption, meaning communications are encrypted by one user, transmitted over the wire, and then decrypted only when they reach the other party and are fully under that party's control. This is clearly not the case if Microsoft has the ability to read URLs transmitted back and forth... So, the next time you use Skype, enjoy the clarity of the voice communications, its generally slick user interface, and its many other benefits. Just don't think the service can't peer into your messages and store indefinitely what Microsoft managers want. It can, and until officials specifically disclose their practices, users should assume it does."
 
Because our private conversations on Skype can be, and we must assume are being, monitored; Skype does not provide an environment that is secure enough to protect sensitive, private, or personal information. This being said, Skype is certainly more secure than a standard telephone call - which isn't secure at all - but being more secure than no security at all isn't any type of recommendation. There are secure alternatives to Skype that allow us to secure our private messages and conversations, and for my personal use I choose to use a platform that provides me this additional security.
 
 
 

Posted by at No comments:

Saturday, November 18, 2017

Wire Encrypted Messenger

 
Wire is a cross-platform, encrypted instant messaging client created by Wire Swiss. It is available for iOS, Android, Linux, Windows, macOS and Web browser clients. It uses the Internet to make voice and video calls; send text messages, files, images, videos, audio files and user drawings depending on the clients used. It can be used on any of the available clients, requiring a phone number or email for registration. It is hosted inside the European Union and protected by European Union laws. Many employees working on Wire have previously worked with Skype, and Skype's co-founder Janus Friis is backing the project. Audio quality is one of Wire's key selling points. https://wire.com/en/

Wire offers end-to-end encryption using the Proteus protocol which is based on the fully audited and secure Signal protocol from Open Whisper Systems. Wire's video and audio calls are protected by SRTP and DTLS and all communication with the server is done over a secure TLS connection. The software uses cryptographic fingerprints that users can compare to assure that their communication is secure and not being intercepted by a "man in the middle".

Wire boasts high quality voice calls, although this is something that has come to be expected from voice messaging apps. It should also be stated that, unlike Skype, Wire is not able to call standard telephone numbers; all calls have to be to other Wire users. It should be noted that also, unlike Skype, calls between Wire users are very secure.

Wire Swiss, the company behind Wire, has progressively made less and less information about its users available to even themselves. Before 23 March, 2017, Wire only stored user generated information for 72 hours after which the logs were scrubbed. As of 23 March, however, the company announced that they no longer store any data about users calling habits, preventing anyone from having even passing access to that information. Unlike Signal, Wire does not require a telephone number in order to sign up meaning that the user can easily sign up to the service and remain near completely anonymous. Since Wire does not store information about users or their calling habits, it is therefore unable to share such information with advertisers and/or law enforcement.

Wire is free for personal use or 5 Euro per month for a business license. Download your copy of Wire here https://wire.com/en/pricing/

I have only recently started using Wire, but so far I have had no issues with it whatsoever. It works well, and the security it adds to one's communications is impressive. As another tool for securing your personal communications, I think it is definitely worth while to add Wire to your communications options.

Read Wire’s independent security review.

And the discussion of that review on TechCrunch: Messaging app Wire now has an external audit of its e2e crypto




Posted by at No comments:

Thursday, November 16, 2017

Signal Private Messenger

 
Signal is a free and open source software application for Android, iOS, and Desktop that employs end-to-end encryption, allowing users to send end-to-end encrypted group, text, picture, and video messages, and have encrypted phone conversations between Signal users. Although Signal uses telephone numbers as contacts, encrypted calls and messages actually use your data connection; therefore both parties to the conversation must have Internet access on their mobile devices.
 
Now, I don't suggest that Signal should be the only secure messaging app that you use, but it absolutely should be one of the secure messaging apps that you have installed on your smartphone and desktop. Signal is well-proven and highly secure. It is cross-platform, so whether you use Android, iOS, or the Desktop application you have secure communications.    
 
Installing Signal - Private Messenger on your iPhone  

Installing Signal on your Android phone 

Installing Signal on your Desktop

Signal, the secure messaging app: a guide for beginners

How to Use Signal Without Giving Out Your Phone Number (Micah Lee, Sept. 28, 2017)

12 Signal App Tips for Secure Chats

Introduction to Signal Private Messenger (Video 16:25 min)


Posted by at No comments:

Surveillance and Counter-Surveillance

Responding to a troubling rise in law enforcement’s use of high-tech surveillance devices that are often hidden from the communities where they’re used, the Electronic Frontier Foundation (EFF) launched the Street-Level Surveillance Project (SLS), a Web portal loaded with comprehensive, easy-to-access information on police spying tools like license plate readers, biometric collection devices, and "Stingrays". Law enforcement agencies at the federal, state, and local level are increasingly using sophisticated tools to track our cell phone calls, photograph our vehicles and follow our driving patterns, take our pictures in public places, and collect our fingerprints and DNA. But the public doesn’t know much about those tools and how they are used. The SLS Project provides a simple but in-depth look at how these surveillance technologies work, who makes and uses them, and what kind of data they are collecting.  
 
https://www.eff.org/issues/street-level-surveillance
 

Security & Counter-Surveillance: Information Against the Police State

 

 
New Hi-Tech Police Surveillance: The "StingRay" Cell Phone Spying Device
Blocked by a Supreme Court decision from using GPS tracking devices without a warrant, federal investigators and other law enforcement agencies are turning to a new, more powerful and more threatening technology in their bid to spy more freely on those they suspect of drug crimes. That’s leading civil libertarians, electronic privacy advocates, and even some federal judges to raise the alarm about a new surveillance technology whose use has yet to be taken up definitively by the federal courts. The new surveillance technology is the StingRay (also marketed as Triggerfish, IMSI Catcher, Cell-site Simulator or Digital Analyzer), a sophisticated, portable spy device able to track cell phone signals inside vehicles, homes and insulated buildings. StingRay trackers act as fake cell towers, allowing police investigators to pinpoint location of a targeted wireless mobile by sucking up phone data such as text messages, emails and cell-site information.
 
(Video: How do Stingray, IMSI Catchers and Cell Tower Simulators Work?)
 
 
 A Secret Catalogue of Government Gear for Spying on Your Cellphone
 
  
Buy On Amazon.Com
          https://goo.gl/qAecai
 
 
 
The Motherboard Guide to Not Getting Hacked
 
Digital Security Low Hanging Fruit
 
Digital Security and Privacy for Human Rights Defenders
 
 


Posted by at No comments:

Wednesday, November 15, 2017

Privacy Resources

 
Maintaining your personal privacy requires that you are aware of the threats to your privacy, have knowledge of the things you can do to safeguard your personal information, and have access to resources to apply that knowledge in an effective manner. The following privacy resources can help you protect yourself from an ever-increasing number of threats that target our private information and infringe upon our right to personal privacy. 
 

New technologies are radically advancing our freedoms, but they are also enabling unparalleled invasions of privacy. National and international laws have yet to catch up with the evolving need for privacy that comes with new digital technologies. Respect for individuals' autonomy, anonymous speech, and the right to free association must be balanced against legitimate concerns like law enforcement.
Perfect for anyone regardless of skill level, this course starts by explaining basic privacy concepts and outlines different steps you can take today to live a more private, secure life. Learn the best practices of passwords, surfing the web, and how to communicate without fear of creepy surveillance.
 
 
 
Posted by at No comments:
Subscribe to: Posts (Atom)