In Part 1 of this two-part tutorial, you
learned about the methods that FBI surveillance teams use to crack your
PGP-encrypted email messages. Many of those methods involved breaking into your
home or office without your knowledge. Some methods involved electronic
devices in a communications van located a short distance from your home or
office – across the street perhaps. (If you haven't read Part 1, you might
want to go back and do so now before reading further. Return to our home page
and click on Uncrackable Email 1.)
Uncrackable
Email Part 2 describes ways to protect your email privacy – and the
secrecy of your messages. These methods work against the FBI, BATF, DEA, and
other government agencies, including state and local police.
You'll
learn step-by-step protocols and countermeasures that you can implement. In
some cases, these methods will stop an FBI investigation cold. In other
cases, they will only delay it. Much depends on the circumstances of the case.
A lot depends on your countersurveillance and antisurveillance skills.
Each
solution described in this tutorial is a protocol. You can think of a
protocol as a method, a set of guidelines, or an operating procedure.
Flexibility.
If your goal is to absolutely prevent the FBI from cracking your PGP-encrypted
email, the key to success is flexibility. The content of your email is what
counts. The more incriminating the message, the more precautions you should
take.
Protocol 1:
The firewall method...
The
firewall method is centered on the way you use your computer. This includes
where, when, and how you use your computer. Described here is a step-by-step
method for obstructing the FBI. This is a very rigorous protocol. You likely
won't need to go to this much trouble very often.
Step
1 – Get cleaned up. Scrub your hard disk. The FBI can read deleted
files using an undelete utility. The FBI can read file slack, RAM slack
written to disk, free space, garbage areas, and the Windows swap file using a
sector viewer or hex editor. Return to our main page and click
on Security Software for more on this. Although other packages are
available, we use Shredder™. Then we use Expert Witness™ and HEdit™
to check the hard disk afterwards. (From now on we'll refer to your hard disk
drive as HDD.)
If you have previously used
your computer to work with incriminating data, you should wipe the entire
HDD and reinstall the operating system, application software, and user files.
If surveillance poses a risk to your liberty, you must install a new hard disk
drive. Then disassemble the old HDD, remove the platters, and sand them with
coarse-grit sandpaper.
Once you've got your
computer sterilized, you'll want to keep it clean. Tidy up after each work
session. Thereafter, don't leave your computer unattended.
Step
2 – Get unplugged. During sessions when you're working on secret
messages, you should take measures to frustrate FBI surveillance. This means
physically disconnecting your computer from the AC power supply and from
the telephone jack. You'll need a battery-powered computer – a laptop,
notebook, or subnotebook.
Remaining connected
to the AC power supply is risky. Using equipment attached to your power line
outside your home or office, the FBI can detect subtle changes in the current as
you type on your computer's keyboard.
Likewise,
remaining connected to the telephone line is risky. If the FBI has broken in
without your knowledge, they may have installed counterfeit programs on
your computer. Your computer could be secretly sending data to the surveillance
team over your dial-up connection. Just imagine the damage if you were
unknowingly using a doctored copy of your favorite word processing
program.
Step 3 – Go somewhere else.
In order to frustrate the FBI's electronic surveillance capabilities, you must
relocate away from your usual working area. If you fail to take this step, an
FBI video camera can watch your keystrokes. An FBI audio bug can listen to your
keystrokes. An FBI communications van parked in the neighborhood can detect
both your keystrokes and your display.
Suitable
locations for ensuring a surveillance-free environment are park benches, crowded
coffee shops, busy fast food outlets, on a hiking trail, at a friend's place, in
a borrowed office, at a bus depot waiting area, in an airport lounge, at the
beach, and so on. Be creative and unpredictable. The trick is to select a
location difficult for FBI agents to watch without you becoming aware.
You
may be surprised at what happens the first time you relocate. If you suddenly
find people loitering nearby, you may already be under surveillance.
(More about this later in the tutorial.)
During
your first relocated work session, use PGP to create your secret key ring. Your
passphrase should contain random characters. Do not write down your passphrase.
If you must, jot down just enough hints to help you remember.
Save
copies of the following files from the PGP directory to a diskette – Secring.skr,
Secring.bak, Pubring.pkr, Pubring.bak, and randseed.bin. For
safety, use two diskettes and make two backups. Keep the diskettes on your
person. Delete the files from your HDD.
Step
4 – Get serious. From now on, you've got a new standard
operating procedure. Whenever you need to compose and encrypt a secret message,
you must first relocate to a safe area. (You'll soon begin to appear like a
busy person who checks in often with your contact software or scheduling
software.)
Save the encrypted document to
diskette. Delete all working files. Return to your home or office. Then use
a different computer to email the encrypted messages.
Using
a different computer is vital. It acts like a firewall. It keeps your
relocatable computer sterile. Do not connect your relocatable computer to the
telephone line. Ever. Do not leave your relocatable computer
unattended. Ever. If this means carrying your relocatable computer
with you all the time, then so be it.
For
ordinary working sessions, it's usually okay to connect your relocatable
computer to AC power. However, don't do any sensitive work in this mode.
Always disconnect and relocate first. But if absolutely watertight security
is your goal, the only time you'll turn on your relocatable computer is when
you've relocated. The only time you'll plug it in is to recharge the
battery.
When you receive incoming
encrypted email on your firewall computer, save it as a text file to diskette.
Relocate. Check the diskette with an antivirus program. Load the file into
your sterile computer. Decrypt the ciphertext and read the plaintext. Delete
the plaintext. Return to your regular work location.
Summary.
The firewall method involves nit-picking attention to detail. It is a
methodical system for protecting the privacy of your PGP-encrypted email
messages. It takes perseverance and patience to beat the FBI at this game. But
it's preferable to the alternative. The firewall method will keep you out of
the internment camps.
You'll read
about other protocols later in this tutorial. But if you choose to use the
firewall method, you must follow it rigorously in order for it to be effective.
Slip up once and the goons will nail you. They'll snatch your
passphrase. They'll learn where you keep your key rings. Then it's
interrogation, arrest, indictment, conviction. Or maybe they'll just kick
in the door an hour before dawn and ship you off to the camps.
The
firewall method is watertight, but it only works if you use it.
Protocol 2:
The deception method...
Protocol
2 is based on liveware, not software. Liveware refers to you, the human
element in the countersurveillance scheme. Protocol 2 takes a human approach.
It uses deception.
Most people don't realize
that FBI surveillance teams are vulnerable to deception. It's possible
to mislead and confuse them. That's because most FBI targets are ordinary
Americans with no countersurveillance training. In relative terms,
only a few elite units within the FBI encounter hard targets. (A hard
target is a trained operative who is actively maintaining secrecy and who will
not reveal that he has detected the surveillance team.) So most FBI agents have
never confronted a hard target. They never get any practice. They're
accustomed to playing tennis with the net down.
Deception
provides four ways for you to protect the privacy of your PGP email.
Deception
method 1 – Decoy. This method involves duping the surveillance team
into believing they have cracked your PGP email, when in fact they have
uncovered merely a decoy. Your real protocol continues to run undetected
in the background. This is called layered security.
The
best underground activists worldwide operate in this manner, including guerrilla
movements, freedom fighters, and resistance groups. Inside the USA this method
is mostly used by criminal groups (so far).
The
key to success is carefully and deliberately providing some mildly
incriminating evidence for the FBI to find. This decoy data will often
dissuade them from investigating further. The FBI will eventually downgrade the
24-hour surveillance to perimeter surveillance, then picket surveillance, and
finally intermittent surveillance. They'll keep you on their watch-list
and check up on you two or three times a year. They may drop you entirely.
Here's how to implement this method.
Step 1 – Set up Protocol 1 and then
forget about it.
Step
2 – Use your firewall computer as your primary computer.
Create another set of secret keys. Leave the key ring files and randseed.bin
on your HDD. This increases the chances the FBI will recover them during a
surreptitious entry. Create and encrypt low-grade messages at your firewall
computer. This increases the odds that the FBI will snatch your passphrase.
Step 3 – Use this second configuration of PGP
as a decoy. Use it to send only low-grade messages. In effect, you are
now running two layers of PGP. From time to time you will use Protocol 1
and temporarily relocate in order to encrypt or decrypt high-risk secret
messages.
Step
4 – If you suspect or detect FBI surveillance, keep up the
deception. Perhaps temporarily stop using your relocatable computer. If you
use the technique of plausible denial, you increase your chances of
completely concealing the fact that you've got a second PGP system.
The
principle of plausible denial is well-known in intelligence agencies, urban
guerrilla movements, and resistance groups. Plausible denial means cover.
Cover is spy-talk for innocent explanation. You must take the precaution of
having a plausible, innocent explanation for everything you do. Absolutely
everything. Don't ever do anything until you think up a believable excuse
for doing it.
Even if the FBI surveillance
team discovers the second protocol, you will have purchased yourself some extra
time. Use the time to encrypt, conceal, or destroy incriminating data. Use the
time to warn other members in your group. Use the time to feed
misinformation to the surveillance team.
When
systematically applied, the decoy method provides a good first line of defense
against an FBI surveillance team.
Deception
method 2 – Thwarting cryptanalysis. When using Protocol 1, you can
utilize deceptive techniques to reduce the chances of your message being cracked
by NSA. If the case is serious enough, the FBI will provide NSA with a full set
of your encrypted messages.
The cryptanalysis
experts at NSA will use Statistical Probability Analysis to begin
detecting commonly used phrases, words, punctuation, and layout. The more
footholds you give them, the sooner they'll crack your email. Here are three
ways to use deception to impede their progress.
Step 1 – Disguise the format of your
message. Your goal is to camouflage the layout. Insert a random-length
paragraph of nonsense at the beginning of each message. You do not want
the salutation or other material to appear at always the same location. Your
recipients should be alerted to ignore the first paragraph. You can also use a
text editor to manually strip off the header and footer from PGP
ciphertext. The recipient can likewise use a text editor to manually restore
the header and footer so PGP will recognize the text as code to be decrypted.
Step 2 – Make your content resistant to
heuristic analysis. Heuristic analysis involves informed guessing and
trial-and-error. Deliberately run some words together, eliminating the space.
Intentionally add or delete punctuation. Occasionally insert a carriage return
in the middle of a paragraph. Deliberately introduce spelling errors into your
text.
Step 3
– Write your message in a "foreign" language. You can do this by
using homonyms such as "wood" instead of "would", or
"urn" instead of "earn". Use "gnu" or "knew"
instead of "new". Use "seas" instead of "seize".
Use "mast" instead of "massed". Write numbers and dates out
in full, such as "nineteen ninety eight" instead of 1998. Use code
words such as competition instead of surveillance, competitor
instead of FBI, market survey instead of countersurveillance, and so on.
Use
noms de guerre instead of real names.
When
properly used, these and other anti-cryptanalysis techniques can greatly
increase the amount of time it takes the NSA to crack your PGP-encrypted email.
Deception
method #3 – Diagnostics. You can use PGP to detect the presence
of a surveillance team. Countersurveillance experts refer to this as running
diagnostics. When performed against pavement artists, it is called dry-cleaning.
Here's how it works.
Deliberately encrypt a
provocative, bogus series of messages. Your goal is to use content that will
elicit an aggressive response from the FBI. If surveillance
intensifies, your email may have been cracked – or the FBI may simply be
reacting to your increased traffic. That's spy-talk for the frequency,
volume, and timing of your messages.
On the
other hand, you may notice that the surveillance team seems to know where you're
going and who you're going to meet with. They arrive before you do.
They break into your associate's home or office looking for items you've
mentioned in your email. They're conspicuously nearby as you slip a written
note to your contact, after mentioning the brushpass in your email.
All
these are warning signs that the FBI is reading your PGP-encrypted
email. If you're using a decoy setup, switch to Protocol 1 to send secure
email. If you're already using Protocol 1, you and your correspondents should
create new passphrases. If further diagnostics suggest the FBI is still
reading your email, you and your correspondents should reinstall PGP and create
a fresh set of key rings and passphrases. Exchange the key rings by
face-to-face contact, through live intermediaries, or by human courier.
Tip – Anonymous email addresses activated
through a cyber caf� can be used, but only if you set them up before the
FBI puts you under surveillance. Go out and do it tomorrow.
When
properly applied, diagnostics can keep you one step ahead of an
aggressive FBI surveillance team.
Deception
method #4 – Spoofing. You should routinely send out bogus
encrypted messages. Your goal is to mislead and confuse the surveillance team.
If the FBI is reading your email, you have an opportunity to confuse and mislead
them with misinformation. If the FBI hasn't cracked your email yet, the
traffic in bogus messages will provide cover for your authentic
messages. If a mission requires an increased number of secret messages,
simultaneously reduce your bogus messages, and the FBI won't detect any
increased communication activity.
When used
systematically, spoofing can level the playing field between you and the FBI
surveillance team.
Summary...
Using
deception, you can confuse, mislead, obstruct, and frustrate the surveillance
activities of your adversary. Deception can be very effective against
an FBI, BATF, or DEA surveillance unit. It is particularly effective against
standard police surveillance.
If the deception
techniques of Protocol 2 are used in combination with the firewall
methods of Protocol 1, you boost your chances of stopping an FBI
surveillance team from learning anything at all.
