The CIA created a "Snowden Stopper" to catch future whistleblowers


#1

Originally published at: http://boingboing.net/2017/04/29/web-beacons-for-spooks.html


#2

Well of course they did. Would anybody expect them to say, “Aw fellas, let’s play fair! Don’t make it too hard for our mortal enemies! Just make them enter a PIN or something.”


#3

Snowden worked for the NSA. So at best, the CIA has figured out how to make things a little more difficult to keep the NSA out of the CIA.


#4

Their “Snowden Stopper” is a web bug?

That’s the kinda countermeasure an idiot would have on his luggage.


#5

IKR? I expected something insidiously clever in rearranging text every time the source document was fetched from their servers, to fingerprint the leak even if a few paragraphs of text were printed in a newspaper.


#6

Here’s to hoping this works for them


#7

So, basically they have finally implemented some sort of DRM on their documents? Shocking (not shocking) they didn’t do this sooner.


#8

So the best defense against this is to uninstall Microsoft Word? Done!


#9

the best defense is to block all possible network paths prior to working on sensitive documents.
they can’t track request they never receive.

the second best defense is to spider through them all, collect all the links, and flood them from millions of distributed locations making them worthless.


#10

But say a script in the document installs a tool which phones home the next time an internet connection is available? Best thing I can think of is to video a session on a temporary OS, possibly booted from read only media. Then OCR the information you require.


#11

Work through a read-only VM. Allow nothing out. Shut down the VM when done looking. When you start it again, it starts over. And you’re still not letting anything out. I’d take the further step to strip out all text into text files, if text is what you’re after. If it’s pictures, then something like what you describe is in order - a script outside of the VM that screenshots all content inside the VM, page by page or something like that. Probably would put the whole rig on an airgapped machine, too.

Oh and the obvious. Don’t use Microsoft Word to read the Word docs. Use a reader. Or strip the text first, and then read it somewhere else.


#12

Still doesn’t help if the document is salted with something like Officer 1992-26373645 then completed work for the day where the number is tweaked for every user it is delivered to. Wikileaks could strip that out on the basis that it is identifiable information but what about the annual bill for ammunition was 8763.24 or the enemy camp is located at +45.625243265, -113.3635336?

Or you could get really clever with AI generated context sensitive text. Inject a random sentence (seemingly relevant) into every document and keep a record?


#13

Definitely. I was thinking that the documents  would have watermarks in the text itself. If not algorithmically generated content like you mentioned, then stuff like stray spaces or other ascii characters placed in specific time-varying, identifiable patterns, indicating time of document download, account downloaded from, location, etc. So, even if the ‎documents were stripped of all of the stuff mentioned in the OP, they would still remain identifiable by these ascii traces scattered within, unless they were discovered and removed.


#14

So using Linux completely defeats this protection?


#15

This topic was automatically closed after 5 days. New replies are no longer allowed.