Seven, this rule is so underrated
Keep your family and business completely separated
Guerrillas, Terrorists, Narcos, Spooks, and You
Guerrillas, terrorists, narcos and spooks the world over have learned the hard way how to keep their illicit activity safe from their opponents. The same principles of counterintelligence (CI) that help protect them from death can be applied to protect you from your adversary. If you engage in behavior that carries the risk of negative consequences from an adversary, you will need to develop and implement a robust CI program. This post will explain the foundations of strong OPSEC, a critical part of just such a program.
Establish Cells, or Live in One
The cornerstone of any solid counterintelligence program is compartmentation. Compartmentation is the separation of information, including people and activities, into discreet cells. These cells must have no interaction, access, or knowledge of each other. Enforcing ignorance between different cells prevents any one compartment from containing too much sensitive information. If any single cell is compromised, such as by an informant, the limitats of the damage will be at the boundaries of the cell.
Now, compartmenting an entire organisation is a difficult feat, and can seriously impede the ability of the organisation to learn and adapt to changing circumstance. However, these are are not concerns that we need to address for an individual who is compartmenting their personal life from their illicit activity.
Spooks, such as CIA case officiers, or KGB illegals, compartment their illicit activity (spying) from their “regular” lives. The first part of this is, of course, keeping their mouths shut about their illicit activities! There are many other important parts of tradecraft which are beyond the scope of this post. But remember, when you are compartmenting your life, the first rule is to never discuss your illicit activities with anyone outside of that compartment.
Compartmentation For Dummies
This will cover a basic set of guidelines for compartmenting a particular online activity. In our hypothetical scenario there are two people, Alice and Bob (natch), who want to exchange information with each other. They are deathly afraid that the adversary will learn (in ascending order of risk to Alice):
- Two people have been in contact (low risk)
- Bob has been in contact with someone (medium risk)
- Alice has been in contact with someone (high risk)
- Alice has been in contact with Bob (extreme risk)
While this guideline is a starting point for someone who seeks to conduct illicit activity under hostile internet surveillance it is not concrete set of rules. When developing a CI program you must evaluate the threats and risks to yourself and create a custom set of tools and procedures that address your needs. The specific SOP that you develop for will differ from the outline below, but if it is to be resilient against the adversary it must be based on some form of compartmentation.
Step 1: Cleanliness is Next to Not-Being-in-Jailiness.
Alice must purchase new dedicated equipment used exclusively for communicating with Bob. This means, buy a new laptop. Don’t bother with a new virtual machine, that isn’t sufficiently compartmented. Any existing equipment that Alice owns might already be compromised and is therefore not safe against potential monitoring.
The software installed should be the bare minimum of generic utilities required to do the communications. Here is an example setup:
- Laptop (cover the webcam with tape, disable the mic if possible)
- Virtualization Software (VBox, VMware, Parallels, etc)
- Ubuntu installed in the VM (disable all the logging + reporting)
- Recommended Software:
- Tor Browser bundle
- PGP (generate and store new keys on a USB drive)
- OTR enabled chat client
- Snapshot the VM
This is the base platform that Alice will use when contacting Bob. Obviously, Bob should go through the same process (if he faces similar risks, or is concerned about Alice’s wellbeing).
The usernames and hostnames used should be generic, not associated with Alice’s real name, location, place of work, etc. If the VM is compromised, there will be no identifying information, or keys that can be used to decrypt previous comms. If the VM is escaped and the adversary has access to the host, again, there will be no identifying information. The host machine has only the virtualization software on it. Use full disk encryption on the host machine, probably on the VM, use different passwords between the two, and keep the machine fully powered off when not in immediate active use.
Step 2: Take a Trip
Number 5: never sell no crack where you rest at
I don’t care if they want a ounce, tell ‘em “bounce!”
Alice must ensure that every single time she contacts Bob, or checks for contact from Bob, she is in a location which is not linked to her. Additionally, she must use an internet connection which is not linked to her, for example a public WiFi or a prepaid 3G card.
When Alice goes to contact Bob, she must ensure that she does not carry any device which will transmit her physical location. For example, her mobile phone(s). Leave it at home.
Step 3: UnlinkedIn
After Alice has used her dedicated machine to communicate with Bob, she should revert the VM snapshot to the pristine state from right after she installed. This should limit the ability of the adversary to persist after a compromise (provided they didn’t escape the VM).
The converse-with-Bob machine must be used with new accounts created specifically for, and exclusively to, converse with Bob. These accounts must be created from the new machine, and never be used for anything else except Bob related activity. Alice must create new accounts that don’t have any links to her real identity. For email, one option is a TorMail account. For instant messaging there is either Cryptocat over Tor, or create a new Jabber account such as with jabber.ccc.de.
Concluding Thoughts
The core concept to take away here is: separate identity, with equipment and accounts, used only for one activity. The essense of compartmentation is separation without contamination. My strong recommendation is to use: a virgin machine, with virgin accounts, to contact the target. This machine is used exclusively for this one activity: it is compartmented. Associating the activity of that online entity, even with full and complete global internet monitoring (and 0day attacks) with a specific individual should be difficult. [NOTE: don’t count on this if you happen to be the new al Quaida #3].