Let's say you're David Petraeus. No wait, here's a better one: let's say you're New Jersey governor Chris Christie. And let's say it's come to light that some of your aides may have engineered a massive traffic snarl as an act of political revenge, one that ended in the death of an elderly woman after ambulances were delayed.
Now, we at SecurityWatch don't condone underhanded deals (unless we get to write about them), but this story hinges on emails obtained by subpoena and we know a thing or two about how to keep your emails safe.
Leave No Evidence
If you must carry out clandestine activity over email, then you had better make sure that those emails can't be connected to you after the fact. Even the header information embedded in emails can be examined to find your IP address, not to mention the message's content.
To keep your real IP address off your email messages, try using a Virtual Private Network (or VPN) service to connect to the internet. This re-routes your traffic and keeps your IP out of your messages. If you're willing to spend a little money, take a look at our Editors' Choice award winners Norton Hotspot Privacy or VPN Direct.
But even a VPN will leave the content of your messages readable. Remember, the emails surrounding "bridgegate" were obtained by subpoena. Though the NSA may have messed up encryption, an encrypted message is probably going to be a major roadblock for investigators. For encrypting email, PrivateSky does local encryption and decryption, keeping your messages safe from start to finish.
Destroy Everything
Encryption may render a message unreadable, but you know what's better than unreadable? Destroyed. While it's hard to run emails through a paper shredder, Send 2.0 will encrypt your messages and destroy everything every few days. However, VaporStream goes further and destroys messages as soon as they're read—no chance to copy or forward, either.
Off The Grid
No matter how hard you try to keep emails secure they still leave a trail. So consider going old-school and carrying out your clandestine operations with face-to-face meetings and voice calls. While a bit more time consuming, they require an observer to do more legwork in order to get your information. Also, cycling through disposable "burner" phones will make your communications that much harder to track.
If that's too old-fashioned, there's always texting. From looking over documentation regarding text message interception, most phone companies don't seem to sit on a stockpile of your SMS messages—though they can still be intercepted. But some services, like iMessage and TextSecure, encrypt your messages to keep them safe. Other text messaging services like the newly announced Confide make it harder to copy messages with a screenshot, and Wickr uses clever encryption strategies and self-destructing messages to keep private messages private.
Speaking in Tongues
Though the email messages of bridgegate were occasionally oblique, they could have done better. If you're giving orders for potentially illegal activities, consider using code words to further mask your operations. The best clandestine communications are disguised as everyday speech, so instead of ordering a traffic snarl on the George Washington Bridge, try asking to have your "laundry delivered."
A really well thought-out coded message could be innocuous enough to post anywhere. Instead of writing an email, sending a text, or making a phone call, you could simply make a cryptic statement on Craigslist. Perhaps that's the real function behind the Montclair pirate radio station?
Stay Silent
Even with the best efforts to secure a message, there's always a way for it to come out. Perhaps careful analysis of your Web traffic can be correlated with real-world activities, or someone in your organization snitches on your illegal activity. Sometimes the best way to keep your illicit activies secret is just to have no illicit activities.
No comments:
Post a Comment