Export thread
Choose Your Clandestiny
#1
PatrThom
PatrThom
"Compassion hurts. When you feel connected to everything, you also feel responsible for everything. And you cannot turn away. Your destiny is bound with the destinies of others. You must either learn to carry the Universe or be crushed by it. You must grow strong enough to love the world, yet empty enough to sit down at the same table with its worst horrors." -- Andrew Boyd
I've been asked to put together a primer of sorts to educate what methods of communication are available in order to stay in touch, coordinate, and just generally communicate in situations where the sender and/or receiver wish to ensure their communications are not being intercepted, are not being tampered with, and also possibly that they not be traced back to their source and/or location, and when to use them. To that end, I am creating this thread as a central location and reference for anyone who has need of slipping something to someone else on the sly, on the down-low, or maybe just doesn't want Uncle Charlie listening in on their private conversations. I intend for this thread to be a living document, full of edits and changes as the world trundles on and I discover more about the subjects. Links may go dead. Technology may change. Laws may be rewritten. If these or other things happen, I (or presumably the admins/mods) will edit or adjust the thread as necessary (if we can). Also if anyone spots any inaccuracies or knows of any good alternatives, please chime in and they will be added/adjusted, if appropriate.
It is NOT my intent for this thread to be used as a guide on how to violate whatever laws may exist in your jurisdiction(s), but most/all of these tools are just that...tools, and as such have as much potential to be abused as they do to keep people safe. Neither I nor @Dave nor any representative of Halforums condone and/or encourage the circumvention of laws and/or protections put in place to keep people or property safe from abuse or harm. Things that are bad/wrong are still bad/wrong even if nobody can tell you're doing them, and this guide should in no way be interpreted to imply the opposite.
Now that that's all out of the way, let's begin. I will try to break this up into sections so that similar topics (and tools) can be grouped together, but first let's talk a little about common sense:
I've been asked to put together a primer of sorts to educate what methods of communication are available in order to stay in touch, coordinate, and just generally communicate in situations where the sender and/or receiver wish to ensure their communications are not being intercepted, are not being tampered with, and also possibly that they not be traced back to their source and/or location, and when to use them. To that end, I am creating this thread as a central location and reference for anyone who has need of slipping something to someone else on the sly, on the down-low, or maybe just doesn't want Uncle Charlie listening in on their private conversations. I intend for this thread to be a living document, full of edits and changes as the world trundles on and I discover more about the subjects. Links may go dead. Technology may change. Laws may be rewritten. If these or other things happen, I (or presumably the admins/mods) will edit or adjust the thread as necessary (if we can). Also if anyone spots any inaccuracies or knows of any good alternatives, please chime in and they will be added/adjusted, if appropriate.
It is NOT my intent for this thread to be used as a guide on how to violate whatever laws may exist in your jurisdiction(s), but most/all of these tools are just that...tools, and as such have as much potential to be abused as they do to keep people safe. Neither I nor @Dave nor any representative of Halforums condone and/or encourage the circumvention of laws and/or protections put in place to keep people or property safe from abuse or harm. Things that are bad/wrong are still bad/wrong even if nobody can tell you're doing them, and this guide should in no way be interpreted to imply the opposite.
Now that that's all out of the way, let's begin. I will try to break this up into sections so that similar topics (and tools) can be grouped together, but first let's talk a little about common sense:
- First and foremost, DO NOT assume your communications (or methods) are foolproof! As MC frontalot explains, Everything can be broken/hacked, given enough time and effort. EVERYTHING. The best that you can hope for is to delay the inevitable revelation of your information until such time as it is no longer of value to the people you are trying to hide it from.
- Secondly, every chain is only as good as its weakest link. You may be careful not to write anything down where it might be found, but all it takes is one careless member of a group who allows themself to be shoulder-surfed or who decides to set their phone passcode to "1111" and the whole communication network could potentially be brought down and possibly everyone connected with it, as well. Loose lips sink ships, and all that.
- And thirdly, DO NOT divulge excess/irrelevant details, or chat more often than you need to. Chatting excessively with the same people (or publicly following the same group of people across multiple social media platforms) will still indicate a relationship even if nobody can read your messages. Use aliases/handles instead of real names when possible. When discussing sensitive topics, do not discuss more than you absolutely have to. None of this "I didn't quite get the plan. Can we go over it again more slowly, and could you please speak towards this flower in my lapel?" stuff. Smartphones these days are compact and have very good microphones, and frequently come with enough storage to record literal hours of audio.
- Lastly, there is a very real possibility one (or more) of the people you are trying to communicate with may eventually be compromised, either willingly (e.g., a stool pigeon or turncoat) or unwillingly. Try to be prepared for these eventualities. Have a canary or an agreed-upon duress code so a person is able to surreptitiously reveal that they have been compromised but without arousing suspicion of their captors or anyone who may be listening in, and avoid keeping all your eggs in one basket (or on one hard drive), so to speak, so no one person has the ability to shut down or "out" the entire network.
#2
PatrThom
PatrThom
The first thing to talk about is exactly how many things you are trying to protect. Is it:
Everyone is going to have a need to store something and keep it safe at some point. Tax/medical records, secret family recipes, employee data, whatever. And sometimes you're going to want to pick this information up and move/send it to someone else...via email, by sharing it on a site like Dropbox or Google Drive, or even just by loading it onto a flash drive and hand-delivering it (or leaving it at a dead drop where someone will find it). If this information is something that could hardly be considered sensitive, then no real care need be taken to prevent it from being discovered, intercepted, altered, etc. Likewise, if all you really need to do is keep this information, then maintaining physical custody by locking it in a closet or in a fire safe bolted to the floor and away from prying eyes may be enough.
But what if these data are going to be left where others might stumble over them? Worse yet, what if there are people actively looking for this stuff, or if being caught with it will put you or others you know/care about at risk? We'll talk a bit more later about ways to hide or protect the times when you are moving the data, but next we will discuss the need to somehow render data useless to anyone who is not supposed to possess or view it.
- A block of data "at rest" (documents, pictures, emails)?
- A more immediate, "live" block of data (text messages, phone calls, a broadcast/livestream)?
- Metadata (location/origin data, timestamps, identity)?
Everyone is going to have a need to store something and keep it safe at some point. Tax/medical records, secret family recipes, employee data, whatever. And sometimes you're going to want to pick this information up and move/send it to someone else...via email, by sharing it on a site like Dropbox or Google Drive, or even just by loading it onto a flash drive and hand-delivering it (or leaving it at a dead drop where someone will find it). If this information is something that could hardly be considered sensitive, then no real care need be taken to prevent it from being discovered, intercepted, altered, etc. Likewise, if all you really need to do is keep this information, then maintaining physical custody by locking it in a closet or in a fire safe bolted to the floor and away from prying eyes may be enough.
But what if these data are going to be left where others might stumble over them? Worse yet, what if there are people actively looking for this stuff, or if being caught with it will put you or others you know/care about at risk? We'll talk a bit more later about ways to hide or protect the times when you are moving the data, but next we will discuss the need to somehow render data useless to anyone who is not supposed to possess or view it.
#3
PatrThom
PatrThom
Your primary means of protection, and in fact what most people probably first think of when you say you want to hide something from prying eyes, is going to be the protection of what I'm going to call "inactive" or "at rest" data. This could be something like a handwritten message on a Post-It Note, an address book, a file on a computer/phone/thumb drive, an email you want to send, a message left on someone's voicemail, a tweet, or really anything that is no longer actively "in your hands," so to speak. There are many options to choose from, and which one(s) you use might be different depending on each situation. It is FAR beyond the ability of one short thread on some Internet forum to give you the optimal combination for every possible situation, so you will have to make some determinations on your own as to which and how many methods to use/combine. Just remember that making something more complicated does not guarantee that it will also be more secure.
Now, on to the methods:
ENCRYPTION - A process by which an original message (called the "plaintext") is transformed into something unreadable without knowing how to transform it back to its original form. This is probably the first thing people think of using when they want to hide something. There are two main types: CODES, where specific words/phrases are replaced with other, different phrases/words (or "tokens"), and CIPHERS, where the plaintext is subjected to some sort of content-agnostic process in order to transform it into gobbledygook (called the "ciphertext"). Codes can be much harder to break, but they are also significantly more complex to implement, as they require the use of a huge dictionary to translate back and forth. Data compression is a kind of code which tries to replace larger bits with smaller tokens in an attempt to save space. Unfortunately, the creation and use of effective codes is way beyond the scope of this thread, so I will instead focus on ciphers.
Most people are familiar with ciphers in one way or another. For English-speakers, ROT13 is a very popular shift (or "Cæser") cipher. Many of you may have also played with A1Z26, the Pigpen cipher, or even Morse Code at some point in your life. These are all very easy to remember, but they should never be considered "secure" unless the only people you are hiding things from still have all their baby teeth, and even then there's no guarantee. And while even the added complexity of polyalphabetic ciphers such as Vigenère or WW2's famous Enigma machines may be more than the average human can reliably solve by hand, they are still no match for the ability of even the simplest of modern computers.
There are two main types of cipher algorithms: Symmetric and Asymmetric. With a symmetric cipher, you use the same "key" (or "password") for both encryption and decryption, but with an asymmetric cipher, you use one key to encrypt, but a different key to decrypt. All of the examples linked in the previous paragraph are symmetric. Asymmetric methods are more complex to implement, but that alone does not guarantee they are more secure. Again, you should be matching the method to the need. These days, the strongest widely-available symmetric systems use either Triple DES or AES-256 (preferred), and the most popular asymmetric methods usually ride on top of OpenPGP or GnuPG (probably preferred).
If you are encrypting things you are going to store on your own computer/phone/whatever, then you probably want to use 3DES or AES256 just for simplicity's sake due to requiring just the one password for both encryption and decryption. If you are encrypting things you will be sending to another person/location, then one of the PGP variants would probably be better, mainly because PGP has the built-in benefit of authenticating the source, so you can be sure the file is coming from who you think it is. A more thorough explanation of why you probably want to do this can be found at the Email Self-Defense site. The site gives steps for setting up PGP with a specific email application, but there is nothing saying you have to use that one. It is the process that is important.
ENCRYPTION TOOLS:
AES
All: AESCrypt - simple AES-256 tool available for most any platform.
PGP
Windows: Gpg4win v3 (Win7 and up)
Mac: GPG Suite (10.13.x or newer)
Linux: GnuPG (via your package manager of choice, or compile from source)
3DES apps are not really recommended unless there is no choice, as 3DES is slower and less secure than AES256, plus there are issues when trying to encrypt more than 32GB of data.
Additionally, many file compression utilities either natively support added encryption or can use some form of encryption plugin:
7-Zip (Free - WinXP/2k or newer, macOS 10.9 or newer via keka)
WinRAR ($30 - GUI on Windows XPSP3 and newer, but only command line tools for Linux, FreeBSD, macOS)
WinZIP ($30 - Vista and up/macOS 10.10 and up)
File compression utilities make it easy to bundle together multiple files together into one archive, and they can even make the resulting archive smaller and easier to store/transmit. HOWEVER... many compression utilities may default to an older, weaker file format or form of encryption for backward compatibility reasons. Make sure you explicitly select the AES256 (or PGP, or 3DES if there's nothing else) option before encrypting your file(s). Also, if you have any concerns that the manufacturers of these programs may have injected their own secret key to recover your encrypted documents, you can always use the compression part by itself and then use one of the other encryption tools listed in the previous section as a second step on the compressed archive(s).
There are two other things I would like to talk about, and they are:
STEGANOGRAPHY - The practice of hiding something unobtrusively within something else.
This could be something as simple/dumb as hiding a stupid message via the first letter of each line, or even with only bolded letters. It is most frequently associated with hiding one picture inside of another, but can also be used to hide information inside of MP3s or just about any audio using phase cancelation. This could also be something like hiding a bunch of porn inside of a folder named "Thanksgiving Recipes."
There are many software tools of varying sophistication available for steganographic purposes. I will not go into all of them here, but be aware that when you embed secret data inside of other, public-facing data, the public data will be subtly changed, possibly in a manner that attracts the attention of an attacker who may not know exactly what is going on, but who can tell that something is definitely going on. For instance, while it is technically possible to hide an entire feature-length DVD rip of Broken Arrow inside of a 640x480 .JPG file of Mt. Rushmore, anyone who finds it is going to be suspicious why such a low-resolution image takes up something like 1.5GB of disk space.
MASKING/PADDING - Mehtods off obsufcarting uh massage thet wood fuel uh masheen butt knot uh hooman. This includes things like using homonyms, l33tsp34k, CaMeL cAsE, Typoglycemic text, Rail fence/zigzag/scytale/route ciphers, or even jxust ixnsertxing suxperfluxous chxaractexrs (also called "nulls"). You may recognize these as some of the same techniques that many unsolicited emails use to evade spam filters.
By themselves, these methods don't really do a whole lot to hide a message, but if a message is first subjected to one (or more) of these techniques and then subsequently encrypted, the added layer of complexity will make it significantly harder for a computer attack to break, as it will likely be looking for more recognizable content.
Now, on to the methods:
ENCRYPTION - A process by which an original message (called the "plaintext") is transformed into something unreadable without knowing how to transform it back to its original form. This is probably the first thing people think of using when they want to hide something. There are two main types: CODES, where specific words/phrases are replaced with other, different phrases/words (or "tokens"), and CIPHERS, where the plaintext is subjected to some sort of content-agnostic process in order to transform it into gobbledygook (called the "ciphertext"). Codes can be much harder to break, but they are also significantly more complex to implement, as they require the use of a huge dictionary to translate back and forth. Data compression is a kind of code which tries to replace larger bits with smaller tokens in an attempt to save space. Unfortunately, the creation and use of effective codes is way beyond the scope of this thread, so I will instead focus on ciphers.
Most people are familiar with ciphers in one way or another. For English-speakers, ROT13 is a very popular shift (or "Cæser") cipher. Many of you may have also played with A1Z26, the Pigpen cipher, or even Morse Code at some point in your life. These are all very easy to remember, but they should never be considered "secure" unless the only people you are hiding things from still have all their baby teeth, and even then there's no guarantee. And while even the added complexity of polyalphabetic ciphers such as Vigenère or WW2's famous Enigma machines may be more than the average human can reliably solve by hand, they are still no match for the ability of even the simplest of modern computers.
There are two main types of cipher algorithms: Symmetric and Asymmetric. With a symmetric cipher, you use the same "key" (or "password") for both encryption and decryption, but with an asymmetric cipher, you use one key to encrypt, but a different key to decrypt. All of the examples linked in the previous paragraph are symmetric. Asymmetric methods are more complex to implement, but that alone does not guarantee they are more secure. Again, you should be matching the method to the need. These days, the strongest widely-available symmetric systems use either Triple DES or AES-256 (preferred), and the most popular asymmetric methods usually ride on top of OpenPGP or GnuPG (probably preferred).
If you are encrypting things you are going to store on your own computer/phone/whatever, then you probably want to use 3DES or AES256 just for simplicity's sake due to requiring just the one password for both encryption and decryption. If you are encrypting things you will be sending to another person/location, then one of the PGP variants would probably be better, mainly because PGP has the built-in benefit of authenticating the source, so you can be sure the file is coming from who you think it is. A more thorough explanation of why you probably want to do this can be found at the Email Self-Defense site. The site gives steps for setting up PGP with a specific email application, but there is nothing saying you have to use that one. It is the process that is important.
ENCRYPTION TOOLS:
AES
All: AESCrypt - simple AES-256 tool available for most any platform.
PGP
Windows: Gpg4win v3 (Win7 and up)
Mac: GPG Suite (10.13.x or newer)
Linux: GnuPG (via your package manager of choice, or compile from source)
3DES apps are not really recommended unless there is no choice, as 3DES is slower and less secure than AES256, plus there are issues when trying to encrypt more than 32GB of data.
Additionally, many file compression utilities either natively support added encryption or can use some form of encryption plugin:
7-Zip (Free - WinXP/2k or newer, macOS 10.9 or newer via keka)
WinRAR ($30 - GUI on Windows XPSP3 and newer, but only command line tools for Linux, FreeBSD, macOS)
WinZIP ($30 - Vista and up/macOS 10.10 and up)
File compression utilities make it easy to bundle together multiple files together into one archive, and they can even make the resulting archive smaller and easier to store/transmit. HOWEVER... many compression utilities may default to an older, weaker file format or form of encryption for backward compatibility reasons. Make sure you explicitly select the AES256 (or PGP, or 3DES if there's nothing else) option before encrypting your file(s). Also, if you have any concerns that the manufacturers of these programs may have injected their own secret key to recover your encrypted documents, you can always use the compression part by itself and then use one of the other encryption tools listed in the previous section as a second step on the compressed archive(s).
There are two other things I would like to talk about, and they are:
STEGANOGRAPHY - The practice of hiding something unobtrusively within something else.
This could be something as simple/dumb as hiding a stupid message via the first letter of each line, or even with only bolded letters. It is most frequently associated with hiding one picture inside of another, but can also be used to hide information inside of MP3s or just about any audio using phase cancelation. This could also be something like hiding a bunch of porn inside of a folder named "Thanksgiving Recipes."
There are many software tools of varying sophistication available for steganographic purposes. I will not go into all of them here, but be aware that when you embed secret data inside of other, public-facing data, the public data will be subtly changed, possibly in a manner that attracts the attention of an attacker who may not know exactly what is going on, but who can tell that something is definitely going on. For instance, while it is technically possible to hide an entire feature-length DVD rip of Broken Arrow inside of a 640x480 .JPG file of Mt. Rushmore, anyone who finds it is going to be suspicious why such a low-resolution image takes up something like 1.5GB of disk space.
MASKING/PADDING - Mehtods off obsufcarting uh massage thet wood fuel uh masheen butt knot uh hooman. This includes things like using homonyms, l33tsp34k, CaMeL cAsE, Typoglycemic text, Rail fence/zigzag/scytale/route ciphers, or even jxust ixnsertxing suxperfluxous chxaractexrs (also called "nulls"). You may recognize these as some of the same techniques that many unsolicited emails use to evade spam filters.
By themselves, these methods don't really do a whole lot to hide a message, but if a message is first subjected to one (or more) of these techniques and then subsequently encrypted, the added layer of complexity will make it significantly harder for a computer attack to break, as it will likely be looking for more recognizable content.
#4
PatrThom
PatrThom
Placeholder - Protected comms/"live"
-TLS/SSL, E2E
-Signal/WhatsApp/Allo/iMessage/SMS/Wickr/etc
-WEP/WPA
-TLS/SSL, E2E
-Signal/WhatsApp/Allo/iMessage/SMS/Wickr/etc
-WEP/WPA
#5
PatrThom
PatrThom
Placeholder - Protected/obfuscated origin/"meta"
-VPN
-DNS
-EXIF/Geo
-Cookies
-Tor
-File properties/embedded (Word) - printer dots
-VPN
-DNS
-EXIF/Geo
-Cookies
-Tor
-File properties/embedded (Word) - printer dots
#6
PatrThom
PatrThom
Placeholder - Overall best practice, enhancement techniques, and wrap-up
-Passwords/passcodes
-Division
-Passwords/passcodes
-Division