Friday, March 2, 2018

Covert Communications


Covert communication channels are used for the secret transfer of information. Encryption only protects communication from being understood by unauthorized parties, whereas covert communication channels aim to hide the very existence of that communication.

The Electronic Frontier Foundation (EFF) has an excellent web-page about "Communicating with Others". The page discusses communication in detail, and makes an argument for the importance of end-to-end encryption of our communications. A very important part of this page is the section that describes what encryption does not do. The EFF points out that while end-to-end encryption will protect the content of your communication, it does not protect your metadata. Metadata can provide extremely revealing information about you even when the content of your communication remains secret.

Metadata can give away some very intimate and sensitive information. The EFF provides the following examples:
  • They know you rang a phone sex service at 2:24 am and spoke for 18 minutes, but they don't know what you talked about.
  • They know you called the suicide prevention hotline from the Golden Gate Bridge, but the topic of the call remains a secret.
  • They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour, but they don't know what was discussed.
  • They know you received a call from the local NRA office while it was having a campaign against gun legislation, and then called your senators and congressional representatives immediately after, but the content of those calls remains safe from government intrusion.
  • They know you called a gynecologist, spoke for a half hour, and then called the local Planned Parenthood's number later that day, but nobody knows what you spoke about.

To communicate covertly you must hide any connection that you have with the person with whom you are communicating. This means no direct communications - no telephone calls, no exchange of e-mails, and no communication through messaging apps.

Let us assume that Bob wants to communicate with Alice. Unfortunately, Eve is able to monitor Bob’s activity and recover the metadata from his communications. Bob uses strong encryption so Eve is unable to read the content of Bob’s messages, but she really only needs to show a connection between Bob and Alice to make her case.

One possible way for Bob and Alice to communicate is through Alt.Anonymous.Messages
Both Bob and Alice can post anonymous, encrypted, messages to this newsgroup. Users of Alt.Anonymous.Messages all download the latest group of posted messages, but can only read those messages encrypted with their own PGP public key. While Bob and Alice might be shown to both be using Alt.Anonymous.Messages, so too are thousands of other people - so there is no direct connection between Bob and Alice that Eve can see.

Bitmessage is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. It uses strong authentication which means that the sender of a message cannot be spoofed, and it aims to hide "non-content" data, like the sender and receiver of messages, from passive eavesdroppers like those running warrantless wiretapping programs. Bitmessage uses the blockchain concept for communication. Using Bitmessage you download an entire block of messages, but are only able to read those messages that are encrypted to you.

Ricochet Chat App uses the TOR network to reach your contacts without relying on messaging servers. It creates a hidden service, which is used to rendezvous with your contacts without revealing your location or IP address. Because Ricochet operates on the TOR network, someone monitoring your activity can see that you are connected to TOR, but is unable to see any of your connections inside of the network.

TOR -  Whenever possible communication should be made through the TOR Network. TOR helps to anonymize your on-line activities and prevents anyone who might be monitoring your activities from seeing what you are doing.



A technique used by CIA Director General David Petraeus & US Army Intelligence Officer Paula Broadwell was to have shared access to an on-line e-mail account. Both Petraeus and Broadwell knew the user name and password to the e-mail account. Each could log-in and write a message to the other, but instead of sending the e-mail they just saved the draft in the account. No e-mail was ever sent or received from this account, they just logged-in, read the draft message and replied with another draft message. The downfall to this communication plan was that both Petraeus’ and Broadwell’s IP addresses were associated with this account. Had they accessed the e-mail account always through the TOR network, and had each draft message been encrypted before being saved, this technique would have been more secure.

Steganography involves techniques for concealing the fact that a secret message is being sent as well as concealing the contents of the message. There are several steganography programs available, and one that I recommend is Open Puff.  Using steganography, messages can be encrypted and hidden in graphic or audio files that are posted to a public area (such as a blog or podcast). Anyone can see and download the container file, but only those who are aware of the hidden message and have the program necessary to reveal and decrypt the message can retrieve it. When posting to a public site, it is important to make sure that the posted files are not altered (compressed) thus destroying the hidden message. For example, posting to Facebook usually destroys any message hidden in a photo because compresses all uploaded photos.

Regardless of the covert communications channel you choose to use, you will have to have some type of an initial meeting with your communication partners to set-up and test this channel. Take extreme precautions here, because a mistake at this time can later reveal a connection. If you set up a shared e-mail account, the IP address used when creating the account is probably recorded. If that IP address can be tied to you, that could disclose your identity.

You will need to share encryption keys and passwords. These keys and passwords should only be used inside of the covert communications channel. If you use a PGP key for covert communication and also use that key for other communications you have established a link between your overt and covert communications. 

Covert communications channels help hide the existence of communications and connections between specific individuals, but it is also important that those channels are secured in case the are discovered. Assume that even covert communications channels are being monitored, and always take precautions to keeps your messages inside of those channels secure.
 
Dead Drops

Another form of covert communication is the dead drop. A dead drop or dead letter box is a method of espionage tradecraft used to pass items or information between two individuals (e.g., a case officer and an agent, or two agents) using a secret location, thus not requiring them to meet directly and thereby maintaining operational security.

The location and nature of the dead drop must enable retrieval of the hidden item without the operatives being spotted by a member of the public, the police, or other security forces - therefore, common everyday items and behavior are used to avoid arousing suspicion. Any hidden location could serve, although often a cut-out device is used, such as a loose brick in a wall, a (cut-out) library book, or a hole in a tree.

The Black Scout Survival YouTube channel has a short video about dead drops: Black Scout Tradecraft- How to Use a Dead Drop, and ITS Tactical also provides information about using dead drops in their articles: Pass Information Like a Spy with Dead Drops and DIY Dead Drop Devices to Hide and Pass Messages like a Spy.

 
 


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.