E-Mails and Files are at Risk — but you can Fight Back

This weekend Investigative reporters noted that, worldwide, they are between a rock and hard spot. The material on their computers may be open to everyone from unfriendly hackers to unfriendly governments. Some see the release of the e-mails, from the head of the Democratic National Committee to the search of Huma Abedin’s computer, as the tip of an iceberg that threatens to sink investigative journalism. What to do, what to do?

When we were queried this weekend, we answered that the fact the Internet wasn’t created with security in mind makes it nearly impossible to craft an easy but iron-clad method of fending off all intruders. Nonetheless, it is possible to make intrusions and thefts far more difficult.

First, use, and ask that correspondents use, end-to-end encryption of e-mails. We also advise people to encrypt all sensitive files on any computer connected to the Internet. Encryption reduces, but doesn’t eliminate, the danger of spillage.

That is a start, and a good one. There are good, but not foolproof, security techniques. It’s nearly impossible to steal, at a distance, e-mails or files from computers that are off-line. Therefore any saved e-mails or sensitive files are safer if they are located on a computer or device that is never or seldom hooked to the Internet.  Theoretically a computer that is not hooked to the Internet cannot be accessed by hackers. (Obviously an insider attack is always possible.)

Our next suggestion — and we welcome other ideas — is based on the assumption that having no Internet connectivity improves security: Hook a hang-on hard drive (or a throw-away computer that does not have Internet connections) to the on-line computer. Transfer to, and store the e-mail or files, to that hang-on drive (or off-line computer.) The safest way of making the transfer is to use a second computer, burn the transferred information onto a disk and use an air-gap transfer, but a direct connection to a hang-on hard drive, for a limited time, is usually acceptable.

Then unhook the hang-on drive.

From then on, review and work with the e-mails or sensitive files only on the hang-on hard drive (reconnected to the on-line computer for short periods) or offline computer.

When the transfer to the hang-on drive or second computer is complete, delete ALL the e-mails or sensitive files from the on-line computer.

But remember, just hitting “delete” on a computer email or file does not actually physically remove it from a computer’s electronic memory; it just changes the name/identity so it cannot be accessed normally. “Delete” effectively hides it from most computer operations, but the file or e-mail remains on the computer and can be accessed by any reasonably competent fifth grader who can get on the system. Since hackers or others with knowledge can still access a deleted file or e-mail, most researchers consider hitting a delete button to be about as secure as putting a document in a drawer and closing it. Since the file or email still exists electronically on the online computer it has to be TRULLY eliminated.

On the computer that is hooked to the Internet run a program that has the capability of overwriting even the “free space” where the bulk of all former files and erased e-mails are found. The conventional wisdom is that three overwrites (the program puts in 1s and 0s in all places that are considered “clean,” does it a second time, and does it a third time) make certain it leaves no shreds of the original message.

It is important to use a shred technique to actually get information off the system and thwart any retrieval. Programs like Ccleaner, KCleaner, BitKiller, and WipeFile, or anti-virus security programs like Avast do this job.

Improving security is possible, but it is a multi-step job that is neither easy nor foolproof.

I Didn’t Bring Down the Internet — or Did I?

Friday’s attack against US computer infrastructure using a botnet crafted from the Internet of Things (IoT) appears to be a shot across the bow, demonstrating the power of the hacking team — and those behind that team. Unfortunately I, and many of us, may have unwittingly played a role in the attack. Our computer devices may have been used to send the signals that overwhelmed the computer servers on Friday.

The IoT attack was not unanticipated by many of us. In June  2015 some of us began unclassified discussions with personnel from a major university about the IoT problem. Everything from cars and refrigerators to medical devices are being “computerized” with IoT software and firmware. We foresaw serious security problems in this.

For the most part there is no security screen on IoT devices, allowing hackers easy entry to them. We recognized that any of us could inadvertently be part of the problem because we had no way to prevent IoT devices we already have, and those we will acquire in the future, from being infected with malware. Earlier this year there was some public recognition of one part of the IoT problem when it became known that a medical device had virtually no protection and, in certain circumstances, had the potential of being manipulated to kill the patient using it. There have been reports and claims of IoT threats to cars (potential to affect braking, speed, steering, etc.) There have been claims about the ability to affect control of commercial airliners through attacks against on-board entertainment systems.

IoT security is virtually non-existent at present and is unlikely to be effective even in the future because A) there is no totally effective anti-virus/anti-malware system available for or designed for IoT devices, B) security is not legally required and manufacturers won’t spend money they are do not have to, C) IoT security would not only be more expensive, in some cases it would interfere with the working of the IoT device, D) retrofitting devices and systems already in use would be improbable if not impossible, and E) IoT security would generally have to be configured when the device was brought on-line, and most people wouldn’t take the time or expend the effort — even if they were capable of doing so.

There are some indications, from the size, severity, and markers of the attack, that this could have been a state-sponsored effort. However it appears that only a small part, perhaps as low as 10 percent, of the available capability was used. There is a possibility this may have been a shot across the bow rather than an all-out attack

From the discussions that started in June of 2014 I am not confident that we have a way of thwarting distributed denial of service attacks such as we saw Friday, or dealing with other attacks carried out through the IoT. These attacks use the very design of the Internet — and us, our cameras, our cars, our refrigerators — for their success.


Mark Monday
mark@theresearchschool.com

Oppo Research Popular “New” Job Area?

Following the Watergate scandal that destroyed Richard Nixon’s presidency, a flood of people wanted into the journalism profession. With the leaks and reports coming out during today’s election season Opposition Research (OPPO) may prove to be a very attractive – if unexplored– field for many, as journalism was after Watergate.

OPPO is one of five major, distinct but similar, areas within major job fields.

  • Open Source Intelligence (OSINT) of Intelligence and Law Enforcement
  • Computer-assisted Reporting (CaR) of Journalism
  • Information Literacy (IL) of Library Science
  • Competitive or Competitor Intelligence (CI) of Business
  • Opposition Research (OPPO) of politics and political science

 

Other fields, such as law and lawyers also use versions of it.

The various fields try to institutionalize the knowledge – create unique knowledge sets that apply to their own field – and that is part of the problem. They lack the overall view, and the tools and techniques that come with all of the other fields. All the fields have strengths and each has its weaknesses. By looking at all the fields and filling the weaknesses of one by using the strengths of the others theresearchschool.com is creating a much more robust capability in all the fields – including OPPO.

For those who want to independently explore only OPPO we can recommend: We’re with Nobody by Alan Huffman and Michael Rejebian. This is a book of case studies. While it is not a how-to book, it does offer a good look at the field and shows some of the techniques that are useful. The Opposition Research Handbook by Larry Zilliox is more of a manual on how to conduct OPPO research using a computer. How Do Private Eyes Do That? by Colleen Collins is not strictly OPPO, but has some useful material that would-be political opposition researchers may find useful.

Mark Monday at theresearchschool.com

Ease Your Social Media Searching

For many things and at many times, social media may provide quick and useful answers. But getting answers from many social media sites can be time-consuming.. Researchers may want to try https://www.social-searcher.com/
If you have additional sites you have found that make social media searches easier and quicker, please e-mail them to mark@theresearchschool.com and I will post them