SlideShare una empresa de Scribd logo

Help! I am an Investigative Journalist in 2017

Gabor Szathmari
Gabor Szathmari

Sensible combination of cryptography, privacy tools and OPSEC practices that could help investigative journalists protect their information souces in the age of mass-surveillance and metadata retention

Tecnología
1 de 50
Descargar para leer sin conexión
Help! I am an Investigative Journalist in 2017 Whistleblowers Australia Annual Conference 2016-11-20
About me Gabor Szathmari @gszathmari • Information security professional • Privacy, free speech and open gov’t advocate • CryptoParty organiser • CryptoAUSTRALIA founder (coming soon)
Agenda Investigative journalism: • Why should we care? • Threats and abuses • Surveillance techniques • What can the reporters do?
Why should we care about investigative journalism?
Investigative journalism • Cornerstone of democracy • Social control over gov’t and private sector • When the formal channels fail to address the problem • Relies on information sources
SnowdenManning
Tyler Shultz
Paul Stevenson
Benjamin Koh
Threats and abuses
 against investigative journalism
Threats • Lack of data (opaque gov’t) • Journalists are imprisoned for doing their jobs • Sources are afraid to speak out
Journalists’ Privilege • Evidence Amendment (Journalists’ Privilege) Act 2011 • Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015
Recent Abuses • The Guardian: Federal police admit seeking access to reporter's metadata without warrant ! • The Intercept: Secret Rules Makes it Pretty Easy for the FBI to Spy on Journalists " • CBC News: La Presse columnist says he was put under police surveillance as part of 'attempt to intimidate’ #
Surveillance techniques
Brief History of Interception First cases: • Postal Service - Black Chambers 1700s • Telegraph - American Civil War 1860s • Telephone - 1890s • Short wave radio -1940s / 50s • Satellite (international calls) - ECHELON 1970s
Recent Programs (2000s - ) • Text messages, mobile phone - DISHFIRE, DCSNET, Stingray • Internet - Carnivore, NarusInsight, Tempora • Services (e.g. Google, Yahoo) - PRISM, MUSCULAR • Metadata: MYSTIC, ADVISE, FAIRVIEW, STORMBREW • Data visualisation: XKEYSCORE, BOUNDLESSINFORMANT • End user device exploitation: HAVOK, FOXACID
So how I can defend myself?
Data Protection 101 •Encrypt sensitive data* in transit •Encrypt sensitive data* at rest * Documents, text messages, voice calls etc.
Old Times • Ancient history: Caesar cipher, Polybus square, Scytale cipher • 15th century: Vigenére cipher, Cipher disk, Cipher square • 17th century: Jefferson disk cipher • 20th century: One-time pads, Rotor machines (Enigma, Lorenz)
Lorenz SZ42
Modern Uses • PGP (1991), PGPfone (1995) • HTTPS (1994) • OpenVPN (2001), IPSEC (1995) • Tor (2002) • Skype (2003, early days) • Disk encryption: 
 TrueCrypt (2004), BitLocker • End-to-end encryption (2010s) • Signal, ChatSecure • Messenger, WhatsApp, Google Allo
How all this applies to an investigative journalist?
Data Protection 101 • Encrypt sensitive data* in transit • Encrypt sensitive data* at rest * Documents, text messages, voice calls etc.
Encrypt the Data in Transit • Web: HTTPS, DuckDuckGo • Email: PGP • Text and voice calls (e2ee): 
 Signal, Threema • Group chat (e2ee):
 Semaphor, ClearChat, Crypho • Video calls (e2ee):
 Wire, Tox.im
Encrypt the Data at Rest • Local hard-disks and USB drives • macOS: FileVault, Windows: BitLocker,
 Linux: LUKS • Cloud file storage • Zero-knowledge services:
 Sync.com, TresorIt, SpiderOak
Data Protection 101 •Encrypt sensitive data* in transit •Encrypt sensitive data* at rest * Documents, text messages, voice calls etc.
???? What did we miss?
Why? • Metadata retention • State sponsored hacking
What about metadata? • Mass collection • Retained for 2 years • Links you to the information source • Easy to apply link analysis
IBM i2 Analyst's Notebook
What about gov’t hacking? Tailored Access Operations (TAO) • Backdooring routers, switches, and firewalls • Backdooring laptops purchased online • Backdooring your laptop by phishing • Backdooring your laptop by exploits (“FOXACID”)
On a Security Conference
How all this applies to an investigative journalist? Round 2
Data Protection 101 (for journalists!) • Encrypt sensitive data in transit • Encrypt sensitive data at rest • Work in a secure environment
 (i.e write articles and communicate with info sources) • Hide the metadata • Compartmentalise your work • Solve the first contact problem
Secure environment Work on a device that is free of backdoors: • Anonymity: Tails operating system • Security: Qubes OS • Security & Anonymity: Qubes OS + Whonix
Hide that metadata Chat: • Ricochet IM File Exchange: • OnionShare
Compartmentalise Limits the damage done when you are hacked
Compartmentalise (cont’d) • Separate laptop for research & comms • One email address per source • One USB drive per source • Unique password on any website
First contact problem • Allow information sources contact you anonymously • SecureDrop • GlobaLeaks
Two actually …
A word on smartphones Your phone is a spying machine: • Doesn’t matter what model it is • Leave your phone at home
The most secure tool •Pen •Paper
Wrapping it up
Security and privacy is hard… • Surveillance is very sophisticated as technology has advanced • Metadata retention practices and data mining technologies will link you to the info source • The Peeping Toms are on your smartphone and laptop
…but not hopeless • Encrypt everything • Use a secure operating system • Use pen and paper • Hide the metadata • Compartmentalise • Leave your smartphone home • Solve the first contact problem
Further info • Tweet me on @gszathmari • CryptoAUSTRALIA (soon): https://cryptoaustralia.org.au • Join a CryptoParty: https://cryptoparty.in/sydney • https://www.privacytools.io • https://prism-break.org • https://privacyforjournalists.org.au
Questions?
Sources • The History of Information Security: A Comprehensive Handbook • https://en.wikipedia.org/wiki/Cabinet_noir • http://blogs.lse.ac.uk/mediapolicyproject/2016/02/15/a-very-brief-history-of-interception/ • https://inforrm.wordpress.com/2016/02/21/a-very-brief-history-of-interception-in-the-britain-bernard-keenan/ • https://en.wikipedia.org/wiki/List_of_government_mass_surveillance_projects • http://www.computerworld.com/article/2476515/network-security/the-security-flaws-in-tails-linux-are-not-its-only-problem.html • https://freedom.press/blog/2014/04/operating-system-can-protect-you-even-if-you-get-hacked • https://www.theguardian.com/world/2016/apr/14/federal-police-admit-seeking-access-to-reporters-metadata-without-warrant • https://www.techdirt.com/articles/20160829/06300835377/australian-government-using-data-retention-law-to-seek-out-journalists-sources-hunt-down-whistleblowers.shtml • https://theintercept.com/2016/06/30/secret-rules-make-it-pretty-easy-for-the-fbi-to-spy-on-journalists/ • http://www.cbc.ca/news/canada/montreal/journalist-patrick-lagace-police-surveillance-spying-1.3828832 • https://en.wikipedia.org/wiki/Telephone_tapping • http://www.nytimes.com/2015/03/01/nyregion/a-short-history-of-wiretapping.html

Recomendados

Cryptoparty like it's 1999
Cryptoparty like it's 1999Cryptoparty like it's 1999
Cryptoparty like it's 1999mgohr
 
Darknet
DarknetDarknet
DarknetShubham Dwivedi
 
The Deep Web
The Deep WebThe Deep Web
The Deep WebMelody Chiaoco
 
Deep web (amatuer level)
Deep web (amatuer level)Deep web (amatuer level)
Deep web (amatuer level)Ali Saif Mirza
 
Tor project and Darknet Report
Tor project and Darknet ReportTor project and Darknet Report
Tor project and Darknet ReportAhmed Mater
 
CryptoParty Belfast July 2015 Online Privacy Tips
CryptoParty Belfast July 2015 Online Privacy Tips CryptoParty Belfast July 2015 Online Privacy Tips
CryptoParty Belfast July 2015 Online Privacy Tipspgmaynard
 
CryptoParty Belfast 11 Nov 2014 - Tor
CryptoParty Belfast 11 Nov 2014 - TorCryptoParty Belfast 11 Nov 2014 - Tor
CryptoParty Belfast 11 Nov 2014 - Torpgmaynard
 
Tor Browser
Tor BrowserTor Browser
Tor BrowserHamza Khan
 

Recomendados

Cryptoparty like it's 1999
Cryptoparty like it's 1999Cryptoparty like it's 1999
Cryptoparty like it's 1999mgohr
 
Darknet
DarknetDarknet
DarknetShubham Dwivedi
 
The Deep Web
The Deep WebThe Deep Web
The Deep WebMelody Chiaoco
 
Deep web (amatuer level)
Deep web (amatuer level)Deep web (amatuer level)
Deep web (amatuer level)Ali Saif Mirza
 
Tor project and Darknet Report
Tor project and Darknet ReportTor project and Darknet Report
Tor project and Darknet ReportAhmed Mater
 
CryptoParty Belfast July 2015 Online Privacy Tips
CryptoParty Belfast July 2015 Online Privacy Tips CryptoParty Belfast July 2015 Online Privacy Tips
CryptoParty Belfast July 2015 Online Privacy Tipspgmaynard
 
CryptoParty Belfast 11 Nov 2014 - Tor
CryptoParty Belfast 11 Nov 2014 - TorCryptoParty Belfast 11 Nov 2014 - Tor
CryptoParty Belfast 11 Nov 2014 - Torpgmaynard
 
Tor Browser
Tor BrowserTor Browser
Tor BrowserHamza Khan
 
Dark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniDark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniPraneshKulkarni22
 
Cybersecurity and the DarkNet
Cybersecurity and the DarkNetCybersecurity and the DarkNet
Cybersecurity and the DarkNetJames Bollen
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark WebMiteshWani
 
Deep web
Deep webDeep web
Deep webRawin Windygallery
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityAbhimanyu Singh
 
Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchavinod kumar
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generationTony Lauro
 
Dark web
Dark webDark web
Dark webaakshidhingra
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityKeshavBhardwaj19
 
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...Nicholas Davis
 
The Darknet and the Future of Everything*
The Darknet and the Future of Everything*The Darknet and the Future of Everything*
The Darknet and the Future of Everything*PeterNBiddle
 
The Dark Web
The Dark WebThe Dark Web
The Dark Webjamiecornista
 
Deep web, the unIndexed web
Deep web, the unIndexed webDeep web, the unIndexed web
Deep web, the unIndexed webNitish Joshi
 
The Dark Net
The Dark NetThe Dark Net
The Dark NetPaige Rasid
 
Darkweb
DarkwebDarkweb
DarkwebCHANDRESH PAL
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and PrivacyBrian Pichman
 
Encryption is for everyone!
Encryption is for everyone!Encryption is for everyone!
Encryption is for everyone!Jillian York
 
Illuminating the dark web
Illuminating the dark webIlluminating the dark web
Illuminating the dark webJisc
 
Revision Terrorist And Rebel Use Of It (David & Jorge)
Revision Terrorist And Rebel Use Of It (David & Jorge)Revision Terrorist And Rebel Use Of It (David & Jorge)
Revision Terrorist And Rebel Use Of It (David & Jorge)itgsabc
 
Deep web
Deep webDeep web
Deep webMayank Chaudhari
 
Safe Browsing in 2016
Safe Browsing in 2016Safe Browsing in 2016
Safe Browsing in 2016Gabor Szathmari
 
UPIU Investigative Reporting Workshop for UTAR Feb 2012
UPIU Investigative Reporting Workshop for UTAR Feb 2012 UPIU Investigative Reporting Workshop for UTAR Feb 2012
UPIU Investigative Reporting Workshop for UTAR Feb 2012 BronUPIU
 

Más contenido relacionado

La actualidad más candente

Dark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniDark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniPraneshKulkarni22
 
Cybersecurity and the DarkNet
Cybersecurity and the DarkNetCybersecurity and the DarkNet
Cybersecurity and the DarkNetJames Bollen
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark WebMiteshWani
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityAbhimanyu Singh
 
Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchavinod kumar
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generationTony Lauro
 
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...Nicholas Davis
 
The Darknet and the Future of Everything*
The Darknet and the Future of Everything*The Darknet and the Future of Everything*
The Darknet and the Future of Everything*PeterNBiddle
 
Deep web, the unIndexed web
Deep web, the unIndexed webDeep web, the unIndexed web
Deep web, the unIndexed webNitish Joshi
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and PrivacyBrian Pichman
 
Encryption is for everyone!
Encryption is for everyone!Encryption is for everyone!
Encryption is for everyone!Jillian York
 
Illuminating the dark web
Illuminating the dark webIlluminating the dark web
Illuminating the dark webJisc
 
Revision Terrorist And Rebel Use Of It (David & Jorge)
Revision Terrorist And Rebel Use Of It (David & Jorge)Revision Terrorist And Rebel Use Of It (David & Jorge)
Revision Terrorist And Rebel Use Of It (David & Jorge)itgsabc
 

La actualidad más candente (20)

Dark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniDark web by Pranesh Kulkarni
Dark web by Pranesh Kulkarni
 
Cybersecurity and the DarkNet
Cybersecurity and the DarkNetCybersecurity and the DarkNet
Cybersecurity and the DarkNet
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark Web
 
Deep web
Deep webDeep web
Deep web
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet Anonymity
 
Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar ancha
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generation
 
Dark web
Dark webDark web
Dark web
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
 
The Darknet and the Future of Everything*
The Darknet and the Future of Everything*The Darknet and the Future of Everything*
The Darknet and the Future of Everything*
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
 
Deep web, the unIndexed web
Deep web, the unIndexed webDeep web, the unIndexed web
Deep web, the unIndexed web
 
The Dark Net
The Dark NetThe Dark Net
The Dark Net
 
Darkweb
DarkwebDarkweb
Darkweb
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and Privacy
 
Encryption is for everyone!
Encryption is for everyone!Encryption is for everyone!
Encryption is for everyone!
 
Illuminating the dark web
Illuminating the dark webIlluminating the dark web
Illuminating the dark web
 
Revision Terrorist And Rebel Use Of It (David & Jorge)
Revision Terrorist And Rebel Use Of It (David & Jorge)Revision Terrorist And Rebel Use Of It (David & Jorge)
Revision Terrorist And Rebel Use Of It (David & Jorge)
 
Deep web
Deep webDeep web
Deep web
 

Destacado

UPIU Investigative Reporting Workshop for UTAR Feb 2012
UPIU Investigative Reporting Workshop for UTAR Feb 2012 UPIU Investigative Reporting Workshop for UTAR Feb 2012
UPIU Investigative Reporting Workshop for UTAR Feb 2012 BronUPIU
 
Douglas Crockford - Ajax Security
Douglas Crockford - Ajax SecurityDouglas Crockford - Ajax Security
Douglas Crockford - Ajax SecurityWeb Directions
 
How to make an interactive light display to show how a robot is feeling
How to make an interactive light display to show how a robot is feelingHow to make an interactive light display to show how a robot is feeling
How to make an interactive light display to show how a robot is feelingNeil Winterburn
 
Learning Outcome 5
Learning Outcome 5Learning Outcome 5
Learning Outcome 5kals9
 
Women in journalism ppt
Women in journalism pptWomen in journalism ppt
Women in journalism pptbrittanyklein
 
Diseño de bocatoma
Diseño de bocatomaDiseño de bocatoma
Diseño de bocatomaRAYCCSAC
 
Nonprofit 101 training 3 2011
Nonprofit 101 training 3 2011Nonprofit 101 training 3 2011
Nonprofit 101 training 3 2011501Commons
 
Four steps to hypothesis testing
Four steps to hypothesis testingFour steps to hypothesis testing
Four steps to hypothesis testingHasnain Baber
 
Young adulthood
Young adulthoodYoung adulthood
Young adulthoodTqah Noh
 
Annual campus journalism seminar workshop
Annual campus journalism seminar workshopAnnual campus journalism seminar workshop
Annual campus journalism seminar workshopalner adulacion
 
Investigative reporting
Investigative reportingInvestigative reporting
Investigative reportingJimi Kayode
 
Browser Security 101
Browser Security 101 Browser Security 101
Browser Security 101 Stormpath
 
Adulthood Human Growth and Development
Adulthood Human Growth and DevelopmentAdulthood Human Growth and Development
Adulthood Human Growth and DevelopmentRHSHealthScience
 
Robots Replacing Humans: Our Automated World
Robots Replacing Humans: Our Automated WorldRobots Replacing Humans: Our Automated World
Robots Replacing Humans: Our Automated WorldSean Robinson
 

Destacado (20)

Safe Browsing in 2016
Safe Browsing in 2016Safe Browsing in 2016
Safe Browsing in 2016
 
UPIU Investigative Reporting Workshop for UTAR Feb 2012
UPIU Investigative Reporting Workshop for UTAR Feb 2012 UPIU Investigative Reporting Workshop for UTAR Feb 2012
UPIU Investigative Reporting Workshop for UTAR Feb 2012
 
Douglas Crockford - Ajax Security
Douglas Crockford - Ajax SecurityDouglas Crockford - Ajax Security
Douglas Crockford - Ajax Security
 
Acueductos final
Acueductos finalAcueductos final
Acueductos final
 
How to make an interactive light display to show how a robot is feeling
How to make an interactive light display to show how a robot is feelingHow to make an interactive light display to show how a robot is feeling
How to make an interactive light display to show how a robot is feeling
 
Report ko hd Young Adulthood
Report ko hd Young AdulthoodReport ko hd Young Adulthood
Report ko hd Young Adulthood
 
Learning Outcome 5
Learning Outcome 5Learning Outcome 5
Learning Outcome 5
 
"How Do [They] Even Do That?" Myths and Facts About the Impact of Technology ...
"How Do [They] Even Do That?" Myths and Facts About the Impact of Technology ..."How Do [They] Even Do That?" Myths and Facts About the Impact of Technology ...
"How Do [They] Even Do That?" Myths and Facts About the Impact of Technology ...
 
Women in journalism ppt
Women in journalism pptWomen in journalism ppt
Women in journalism ppt
 
Diseño de bocatoma
Diseño de bocatomaDiseño de bocatoma
Diseño de bocatoma
 
Nonprofit 101 training 3 2011
Nonprofit 101 training 3 2011Nonprofit 101 training 3 2011
Nonprofit 101 training 3 2011
 
Four steps to hypothesis testing
Four steps to hypothesis testingFour steps to hypothesis testing
Four steps to hypothesis testing
 
Young adulthood
Young adulthoodYoung adulthood
Young adulthood
 
Annual campus journalism seminar workshop
Annual campus journalism seminar workshopAnnual campus journalism seminar workshop
Annual campus journalism seminar workshop
 
Investigative reporting
Investigative reportingInvestigative reporting
Investigative reporting
 
Browser Security 101
Browser Security 101 Browser Security 101
Browser Security 101
 
Adulthood Human Growth and Development
Adulthood Human Growth and DevelopmentAdulthood Human Growth and Development
Adulthood Human Growth and Development
 
Adulthood
AdulthoodAdulthood
Adulthood
 
Harriet Tubman
Harriet TubmanHarriet Tubman
Harriet Tubman
 
Robots Replacing Humans: Our Automated World
Robots Replacing Humans: Our Automated WorldRobots Replacing Humans: Our Automated World
Robots Replacing Humans: Our Automated World
 

Similar a Help! I am an Investigative Journalist in 2017

Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?hackdemocracy
 
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...Andrew Schwabe
 
Threat Modeling for Journalists
Threat Modeling for JournalistsThreat Modeling for Journalists
Threat Modeling for JournalistsGabor Szathmari
 
Tails os and Tor Proxies
Tails os and Tor ProxiesTails os and Tor Proxies
Tails os and Tor ProxiesBrijesh Kukreja
 
The Dark Web : Hidden Services
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden ServicesAnshu Singh
 
Demystifying Secure Channel
Demystifying Secure ChannelDemystifying Secure Channel
Demystifying Secure ChannelViral Parmar
 
An Introduction to Surviving in a Surveillance Society
An Introduction to Surviving in a Surveillance SocietyAn Introduction to Surviving in a Surveillance Society
An Introduction to Surviving in a Surveillance SocietyMatt Imrie
 
Cybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationCybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationHinne Hettema
 
Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Kenneth Carnesi, JD
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Cain Ransbottyn
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Marcus Leaning
 
Reining in the Data ITAG tech360 Penn State Great Valley 2015
Reining in the Data ITAG tech360 Penn State Great Valley 2015 Reining in the Data ITAG tech360 Penn State Great Valley 2015
Reining in the Data ITAG tech360 Penn State Great Valley 2015 Andrew Schwabe
 
Recommending information security measures
Recommending information security measuresRecommending information security measures
Recommending information security measuresManish Singh
 
Tor network seminar by 13504
Tor network seminar by 13504 Tor network seminar by 13504
Tor network seminar by 13504 Prashant Rana
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorAcpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorJack Maynard
 
2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous Communication2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous CommunicationFabio Pietrosanti
 

Similar a Help! I am an Investigative Journalist in 2017 (20)

Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?
 
The Deep and Dark Web
The Deep and Dark WebThe Deep and Dark Web
The Deep and Dark Web
 
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
 
Threat Modeling for Journalists
Threat Modeling for JournalistsThreat Modeling for Journalists
Threat Modeling for Journalists
 
The Darknet Emerges
The Darknet EmergesThe Darknet Emerges
The Darknet Emerges
 
Tails os and Tor Proxies
Tails os and Tor ProxiesTails os and Tor Proxies
Tails os and Tor Proxies
 
Encryption
EncryptionEncryption
Encryption
 
The Dark Web : Hidden Services
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden Services
 
Demystifying Secure Channel
Demystifying Secure ChannelDemystifying Secure Channel
Demystifying Secure Channel
 
An Introduction to Surviving in a Surveillance Society
An Introduction to Surviving in a Surveillance SocietyAn Introduction to Surviving in a Surveillance Society
An Introduction to Surviving in a Surveillance Society
 
Cybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationCybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generation
 
Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR
 
Reining in the Data ITAG tech360 Penn State Great Valley 2015
Reining in the Data ITAG tech360 Penn State Great Valley 2015 Reining in the Data ITAG tech360 Penn State Great Valley 2015
Reining in the Data ITAG tech360 Penn State Great Valley 2015
 
Recommending information security measures
Recommending information security measuresRecommending information security measures
Recommending information security measures
 
Tor network seminar by 13504
Tor network seminar by 13504 Tor network seminar by 13504
Tor network seminar by 13504
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorAcpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using Tor
 
Cryptoparty: encryption and data security for journalists
Cryptoparty: encryption and data security for journalistsCryptoparty: encryption and data security for journalists
Cryptoparty: encryption and data security for journalists
 
2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous Communication2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous Communication
 

Más de Gabor Szathmari

Iron Bastion: Preventing business email compromise fraud at your firm
Iron Bastion: Preventing business email compromise fraud at your firmIron Bastion: Preventing business email compromise fraud at your firm
Iron Bastion: Preventing business email compromise fraud at your firmGabor Szathmari
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyGabor Szathmari
 
Hacking law firms with abandoned domain names
Hacking law firms with abandoned domain namesHacking law firms with abandoned domain names
Hacking law firms with abandoned domain namesGabor Szathmari
 
How to manage your client's data responsibly
How to manage your client's data responsiblyHow to manage your client's data responsibly
How to manage your client's data responsiblyGabor Szathmari
 
How to protect your clients and your law firm from money transfer scams
How to protect your clients and your law firm from money transfer scamsHow to protect your clients and your law firm from money transfer scams
How to protect your clients and your law firm from money transfer scamsGabor Szathmari
 
Phishing stories from the trenches
Phishing stories from the trenchesPhishing stories from the trenches
Phishing stories from the trenchesGabor Szathmari
 
CryptoParty Tor Relay Workshop
CryptoParty Tor Relay WorkshopCryptoParty Tor Relay Workshop
CryptoParty Tor Relay WorkshopGabor Szathmari
 
Privacy for journalists introduction
Privacy for journalists introductionPrivacy for journalists introduction
Privacy for journalists introductionGabor Szathmari
 
Privacy for Journalists Introduction
Privacy for Journalists IntroductionPrivacy for Journalists Introduction
Privacy for Journalists IntroductionGabor Szathmari
 
When the CDN goes bananas
When the CDN goes bananasWhen the CDN goes bananas
When the CDN goes bananasGabor Szathmari
 
PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)Gabor Szathmari
 

Más de Gabor Szathmari (11)

Iron Bastion: Preventing business email compromise fraud at your firm
Iron Bastion: Preventing business email compromise fraud at your firmIron Bastion: Preventing business email compromise fraud at your firm
Iron Bastion: Preventing business email compromise fraud at your firm
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data Responsibly
 
Hacking law firms with abandoned domain names
Hacking law firms with abandoned domain namesHacking law firms with abandoned domain names
Hacking law firms with abandoned domain names
 
How to manage your client's data responsibly
How to manage your client's data responsiblyHow to manage your client's data responsibly
How to manage your client's data responsibly
 
How to protect your clients and your law firm from money transfer scams
How to protect your clients and your law firm from money transfer scamsHow to protect your clients and your law firm from money transfer scams
How to protect your clients and your law firm from money transfer scams
 
Phishing stories from the trenches
Phishing stories from the trenchesPhishing stories from the trenches
Phishing stories from the trenches
 
CryptoParty Tor Relay Workshop
CryptoParty Tor Relay WorkshopCryptoParty Tor Relay Workshop
CryptoParty Tor Relay Workshop
 
Privacy for journalists introduction
Privacy for journalists introductionPrivacy for journalists introduction
Privacy for journalists introduction
 
Privacy for Journalists Introduction
Privacy for Journalists IntroductionPrivacy for Journalists Introduction
Privacy for Journalists Introduction
 
When the CDN goes bananas
When the CDN goes bananasWhen the CDN goes bananas
When the CDN goes bananas
 
PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)
 

Último

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 

Último (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 

Help! I am an Investigative Journalist in 2017

  • 1. Help! I am an Investigative Journalist in 2017 Whistleblowers Australia Annual Conference 2016-11-20
  • 2. About me Gabor Szathmari @gszathmari • Information security professional • Privacy, free speech and open gov’t advocate • CryptoParty organiser • CryptoAUSTRALIA founder (coming soon)
  • 3. Agenda Investigative journalism: • Why should we care? • Threats and abuses • Surveillance techniques • What can the reporters do?
  • 4. Why should we care about investigative journalism?
  • 5. Investigative journalism • Cornerstone of democracy • Social control over gov’t and private sector • When the formal channels fail to address the problem • Relies on information sources
  • 10. Threats and abuses
 against investigative journalism
  • 11. Threats • Lack of data (opaque gov’t) • Journalists are imprisoned for doing their jobs • Sources are afraid to speak out
  • 12. Journalists’ Privilege • Evidence Amendment (Journalists’ Privilege) Act 2011 • Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015
  • 13. Recent Abuses • The Guardian: Federal police admit seeking access to reporter's metadata without warrant ! • The Intercept: Secret Rules Makes it Pretty Easy for the FBI to Spy on Journalists " • CBC News: La Presse columnist says he was put under police surveillance as part of 'attempt to intimidate’ #
  • 15. Brief History of Interception First cases: • Postal Service - Black Chambers 1700s • Telegraph - American Civil War 1860s • Telephone - 1890s • Short wave radio -1940s / 50s • Satellite (international calls) - ECHELON 1970s
  • 16. Recent Programs (2000s - ) • Text messages, mobile phone - DISHFIRE, DCSNET, Stingray • Internet - Carnivore, NarusInsight, Tempora • Services (e.g. Google, Yahoo) - PRISM, MUSCULAR • Metadata: MYSTIC, ADVISE, FAIRVIEW, STORMBREW • Data visualisation: XKEYSCORE, BOUNDLESSINFORMANT • End user device exploitation: HAVOK, FOXACID
  • 17. So how I can defend myself?
  • 18. Data Protection 101 •Encrypt sensitive data* in transit •Encrypt sensitive data* at rest * Documents, text messages, voice calls etc.
  • 19. Old Times • Ancient history: Caesar cipher, Polybus square, Scytale cipher • 15th century: Vigenére cipher, Cipher disk, Cipher square • 17th century: Jefferson disk cipher • 20th century: One-time pads, Rotor machines (Enigma, Lorenz)
  • 21. Modern Uses • PGP (1991), PGPfone (1995) • HTTPS (1994) • OpenVPN (2001), IPSEC (1995) • Tor (2002) • Skype (2003, early days) • Disk encryption: 
 TrueCrypt (2004), BitLocker • End-to-end encryption (2010s) • Signal, ChatSecure • Messenger, WhatsApp, Google Allo
  • 22. How all this applies to an investigative journalist?
  • 23. Data Protection 101 • Encrypt sensitive data* in transit • Encrypt sensitive data* at rest * Documents, text messages, voice calls etc.
  • 24. Encrypt the Data in Transit • Web: HTTPS, DuckDuckGo • Email: PGP • Text and voice calls (e2ee): 
 Signal, Threema • Group chat (e2ee):
 Semaphor, ClearChat, Crypho • Video calls (e2ee):
 Wire, Tox.im
  • 25. Encrypt the Data at Rest • Local hard-disks and USB drives • macOS: FileVault, Windows: BitLocker,
 Linux: LUKS • Cloud file storage • Zero-knowledge services:
 Sync.com, TresorIt, SpiderOak
  • 26. Data Protection 101 •Encrypt sensitive data* in transit •Encrypt sensitive data* at rest * Documents, text messages, voice calls etc.
  • 27.
  • 29. Why? • Metadata retention • State sponsored hacking
  • 30. What about metadata? • Mass collection • Retained for 2 years • Links you to the information source • Easy to apply link analysis
  • 31. IBM i2 Analyst's Notebook
  • 32. What about gov’t hacking? Tailored Access Operations (TAO) • Backdooring routers, switches, and firewalls • Backdooring laptops purchased online • Backdooring your laptop by phishing • Backdooring your laptop by exploits (“FOXACID”)
  • 33. On a Security Conference
  • 34. How all this applies to an investigative journalist? Round 2
  • 35. Data Protection 101 (for journalists!) • Encrypt sensitive data in transit • Encrypt sensitive data at rest • Work in a secure environment
 (i.e write articles and communicate with info sources) • Hide the metadata • Compartmentalise your work • Solve the first contact problem
  • 36. Secure environment Work on a device that is free of backdoors: • Anonymity: Tails operating system • Security: Qubes OS • Security & Anonymity: Qubes OS + Whonix
  • 37. Hide that metadata Chat: • Ricochet IM File Exchange: • OnionShare
  • 39. Compartmentalise (cont’d) • Separate laptop for research & comms • One email address per source • One USB drive per source • Unique password on any website
  • 40. First contact problem • Allow information sources contact you anonymously • SecureDrop • GlobaLeaks
  • 41.
  • 43. A word on smartphones Your phone is a spying machine: • Doesn’t matter what model it is • Leave your phone at home
  • 44. The most secure tool •Pen •Paper
  • 46. Security and privacy is hard… • Surveillance is very sophisticated as technology has advanced • Metadata retention practices and data mining technologies will link you to the info source • The Peeping Toms are on your smartphone and laptop
  • 47. …but not hopeless • Encrypt everything • Use a secure operating system • Use pen and paper • Hide the metadata • Compartmentalise • Leave your smartphone home • Solve the first contact problem
  • 48. Further info • Tweet me on @gszathmari • CryptoAUSTRALIA (soon): https://cryptoaustralia.org.au • Join a CryptoParty: https://cryptoparty.in/sydney • https://www.privacytools.io • https://prism-break.org • https://privacyforjournalists.org.au
  • 50. Sources • The History of Information Security: A Comprehensive Handbook • https://en.wikipedia.org/wiki/Cabinet_noir • http://blogs.lse.ac.uk/mediapolicyproject/2016/02/15/a-very-brief-history-of-interception/ • https://inforrm.wordpress.com/2016/02/21/a-very-brief-history-of-interception-in-the-britain-bernard-keenan/ • https://en.wikipedia.org/wiki/List_of_government_mass_surveillance_projects • http://www.computerworld.com/article/2476515/network-security/the-security-flaws-in-tails-linux-are-not-its-only-problem.html • https://freedom.press/blog/2014/04/operating-system-can-protect-you-even-if-you-get-hacked • https://www.theguardian.com/world/2016/apr/14/federal-police-admit-seeking-access-to-reporters-metadata-without-warrant • https://www.techdirt.com/articles/20160829/06300835377/australian-government-using-data-retention-law-to-seek-out-journalists-sources-hunt-down-whistleblowers.shtml • https://theintercept.com/2016/06/30/secret-rules-make-it-pretty-easy-for-the-fbi-to-spy-on-journalists/ • http://www.cbc.ca/news/canada/montreal/journalist-patrick-lagace-police-surveillance-spying-1.3828832 • https://en.wikipedia.org/wiki/Telephone_tapping • http://www.nytimes.com/2015/03/01/nyregion/a-short-history-of-wiretapping.html