back to article How to evade the NSA: OpSec guide for journalists also used by terrorists

Privacy guides meant for journalists are being re-purposed by terrorist groups, Trend Micro researchers say. The guides are designed to help hacks avoid surveillance by nation-states and well-resourced adversaries focusing on encryption, operational security, recommended and untrusted platforms. It is one finding of dozens …

  1. Amos1

    Sure, keep on using those custom tools

    In a galaxy long, long ago an astute analyst realized that "random" is not normal on the Internet. That meant that patterns of "random" traffic were in fact encrypted communications. Since all encryption mechanisms can be fingerprinted, the terrorists (and journalists) using those custom applications are saying "Nah, nah. You can't read this!" while JSOC is smiling and saying "Let me know how that works out for you." as the cruise missile is targeted. PGP is especially fingerprintable.

    1. macjules Silver badge

      Re: Sure, keep on using those custom tools

      Mac/iPhone users do not need any more terrorism - they are already cowing under the burden of having to bloody well update any apps/phones/ipads etc etc every time they even blink in the general direction of iTunes.

    2. DougS Silver badge

      Re: Sure, keep on using those custom tools

      Looking at encrypted traffic as suspicious may have worked 15 years ago, but it doesn't work now. More and more sites are using HTTPS. Everyone who connects with their work remotely is using some type of encrypted VPN tunnel. Every iMessage or iCloud backup diff is encrypted. More and more stuff is getting encrypted every day. If you look at "random" and see "not normal" you are living in the past.

    3. PassiveSmoking

      Re: Sure, keep on using those custom tools

      Basically you're saying "encrypted = suspicious"? Wow that's dumb.

      The vast majority of encrypted traffic on the internet is perfectly innocuous. Most of it is probably online-banking, e-commerce payments, etc etc etc.

    4. Naughtyhorse
      Mushroom

      Re: Sure, keep on using those custom tools

      Cruise missiles targeting wapping you say.....

      I heartily approve.

  2. Anonymous Coward
    Anonymous Coward

    When governments are terrorists too

    When governments are terrorists too, we get this weird situation when some have every legitimate reason to protect their privacy, their methods get adopted by terrorists. Oh well ..

    1. Anonymous Coward
      Anonymous Coward

      Re: When governments are terrorists too

      When governments are terrorists, they create other reactionary terrorists.

      1. Anonymous Coward
        Anonymous Coward

        Re: When governments are terrorists too

        Yeah, but some terrorists are just terrorist; it is their religion!

        1. Cynic_999 Silver badge

          Re: When governments are terrorists too

          "

          Yeah, but some terrorists are just terrorist; it is their religion!

          "

          Very true. Both Blair and Bush claimed that God told them to carry out their illegal killing spree in Iraq.

        2. Anonymous Coward
          Anonymous Coward

          Re: When governments are terrorists too

          Well I wouldn't call US free market fundamentalism a religion per se ... ohh you're talking about the Mujahideen.

          It's a convenient media narrative that this irrational enemy simply spontaneously emerged, however global terrorism is a direct result of neoconservative foreign policy.

          If you don't want the whole world to be your enemy, don't go around breaking things which don't belong to you, installing puppet governments, and capitalising on the resultant mess.

  3. Shadow Systems Silver badge

    How to avoid being spied on...

    Step One: don't use anything electronic. Cell phones, computers, tablets, phablets, or anything of the like. If it plugs in or needs to be recharged, don't use it.

    Step Two: Don't write anything down. If you write it, they can read it. You *might* get lucky using a One Time Pad, but that's assuming they weren't watching you draft it in the first place. Better not to write it down.

    Step Three: Don't trust anyone. Ever. Anyone, anytime, anywhere. If you trust someone, that person then becomes potential leverage against you. They can't torture info out of anyone if you never shared that info with them in the first place.

    Step Four: Drop out of society, all of it, everywhere. If you rely on a grocery store for your goods then it becomes a point of failure to be used against you. So grow your own food, build your own goods, make your own medecin, and don't rely on anyone anywhere for anything. Make it all yourself to prevent them from using your need for it as a weapon against you.

    Step Five: Dig yourself a hole, crawl in it, & pull it in over your head. They'll still be able to find you with Ground Penetrating Radar, but at least the resolution of most GPR systems isn't fine enough to read your thoughts... yet.

    If you use anything electronic, write any papers, communicate with others, go to the store, or basicly dare to *EXIST*, then they will spy on you to make sure you're not some sort of terrorist.

    It's why I want off this planet. I keep hoping the Vogons will show up to vaporize it. =-(

    1. Anonymous Coward
      Anonymous Coward

      Re: How to avoid being spied on...

      Cave dwellers .. cool.

    2. Richard Jones 1
      Happy

      Re: How to avoid being spied on...

      +By bye.

    3. macjules Silver badge
      Alien

      Re: How to avoid being spied on...

      I rather think you forgot to add the bit about wrapping any and all existing technology in lead foil, and donning a leadfoil-lined hat so that those pesky quantum, mind-penetrating beams on the KH-series satellites can not read your every thought.

      Personally I would opt for the 'move to within a 1/2 mile of GCHQ/Fort Meade and use their WiFi, then the NSA will never think of watching you'.

    4. allthecoolshortnamesweretaken Silver badge

      Re: How to avoid being spied on...

      Damn. I should have bought that old missile silo in Montana after all.

    5. Stevie Silver badge

      Re: How to avoid being spied on...

      Shadow Systems, I name you Ted Kazinski and claim my five pounds!

    6. Jos V
      Pint

      Re: How to avoid being spied on...

      Shadow.. You made my brain go into an infinite loop.

      "Don't trust anyone. Ever.", so I'll take your advise and not trust you then. But then that means I'm taking your advise, which means I'm trusting you, so I'm not taking your advise, so I don't trust you... ad infinitum.

      Time for a reboot beer.

    7. Vic

      Re: How to avoid being spied on...

      If you write it, they can read it.

      Not with my handwriting, they can't...

      Vic.

  4. Anonymous Coward
    WTF?

    "anonymising (sic)"

    "anonymising (sic)"

    WTF? ¿No hablo inglés señor Reg?

    Also, WTF does the discerning devout hypocrite run those jihadtastic Android apps on, seeing as Android phones are taboo? (Asking for a friend. Honest.)

  5. Arctic fox

    Hmm. If one is an aspiring terrorist......

    .....which os should one use if both android and iOS are (according to the article) to be avoided? I think we should be told.

    1. frank ly Silver badge

      Re: Hmm. If one is an aspiring terrorist......

      Windows 10 with automatic updates enabled !

      1. Mark 65 Silver badge

        Re: Hmm. If one is an aspiring terrorist......

        Windows 10? Is that because it would just shit you to tears so much you just switch it off or destroy it?

    2. Voland's right hand Silver badge

      Re: Hmm. If one is an aspiring terrorist......

      What was used in Paris. Cheap ancient Symbian 40 Nokia and SMS in clear text. No encryption. No technical countermeasures. Nothing.

      1. Arctic fox

        @ Voland's right hand Re: "Cheap ancient Symbian 40 Nokia and SMS in clear text."

        Indeed. Sometimes the lesson is, even for those of us who have no desire to harm anyone but just wish to protect our privacy, keep it simple where you can.

  6. ma1010 Silver badge
    Megaphone

    Technology is a tool

    ANY tool can be used for good or evil. I can use a hammer to do repairs or build projects in my home. Or, if I were so inclined, I could use it to murder someone.

    The "good guys" use encryption tools to smuggle information out of evil nation states. The "bad guys" use these tools to help promote terrorism. Tools aren't good or evil in themselves. The difference is simply how they're used. Be nice if the government could figure that one out.

    1. Anonymous Coward
      Anonymous Coward

      Re: Technology is a tool

      Oh they know... but they'd still rather sequester the world's supply of steel for themselves, while pushing rubber mallets onto everyone else. If it's all the same to you.

      "Look, it's a NIST278493.5867b precision nailwhacker wot we've certified for our own use and everything, just like the best government contractors all use for everything. Toughest nailwhacker in the world. Honest"

    2. a_yank_lurker Silver badge

      Re: Technology is a tool

      "Be nice if the government could figure that one out." - Not going to happen or be admitted. The evil masters need something to keep the peasants in line and terrorism will do nicely (at least that's what they think).

      1. Sir Runcible Spoon Silver badge
        Black Helicopters

        Re: Technology is a tool

        Every authoritarian government creates their own demise.

        By treating everyday citizens as terrorists they are pushing those people into becoming terrorists. And then...Sparticus.

        1. Hollerithevo Silver badge

          Re: Technology is a tool

          Well....not so much. Governments and nations evolve, but the Austrian Empire, which had spies from the 1700s, lasted a very long time. Tsarist Russia had a spy on every corner and a citizen even in remote parts could be bunged in jail for even looking vaguely seditious; how is modern Russia different? The Tudors spied on their own subjects and Her Majesty's (gawdbless'er) Government does it today. Which regimes, having been brought down by the people, are now the non-authoritarian utopias the people dreamed of? Republican France? Republican Mexico? Turkey? India?

          1. Anonymous Coward
            Joke

            Re: Technology is a tool

            The US, or so they keep telling us.

            If you say something often enough it becomes true?

  7. cantankerous swineherd Silver badge

    "Privacy guides meant for journalists are being re-purposed by

    terrorist groups" likewise curtains, whispering in dark corners. get over it.

  8. macjules Silver badge
    Black Helicopters

    iOS Software

    Ah, but there IS (geddit!) an iOS app out there. It's known as Muslim Kids Games and it masquerades as harmless fun teaching your children salat times, movements, iqra and so on. You know there is something wrong with it when halfway through it is asking your children "Would you like to kill Donald Trump, Hillary Clinton or both?"

    1. Mark 85 Silver badge
      Devil

      Re: iOS Software

      You know there is something wrong with it when halfway through it is asking your children "Would you like to kill Donald Trump, Hillary Clinton or both?"

      Then I guess most of the commentards here are terrorists.

  9. Anonymous Coward
    Anonymous Coward

    a bloke in the pub told me that...

    ...the 'unnamed' terrorist group is; The Judean Peoples Front!

    Just doing my bit for Uncle Sam.

    1. Magani
      Pint

      Re: a bloke in the pub told me that...

      Don't you mean the People's Front of Judea?

      1. DeKrow
        Pint

        Re: a bloke in the pub told me that...

        SPLITTERS!

      2. Hud Dunlap
        Joke

        Re: a bloke in the pub told me that...

        Is it the Judean Peoples Front or the Peoples Front of Judea that has the Crack Jewish Suicide Squad?

        I can't keep track

        1. Sir Runcible Spoon Silver badge
          Meh

          Re: a bloke in the pub told me that...

          ..it was the Judean Peoples' Front.

          1. Paul Crawford Silver badge

            Re: a bloke in the pub told me that...

            Didn't the Judean Peoples' Front split from the Judean Peoples Front over some dispute about possessions?

  10. stretch611

    must be difficult...

    Trying to run the android apps while following the rule "...these guides urges readers to avoid Android and iOS phones"

    1. Swarthy Silver badge

      Re: must be difficult...

      Blackberry phones, when they had the Android run-time, but before they went Full Android. The BB10, I believe?

  11. DougS Silver badge

    This also serves as a guide so the NSA knows what to target

    If they see an ISIS training manual saying "use this app available from this third party app store" they're going to hack that third party app store and plant a backdoored version of the app there that p0wns the phone and sends traffic to them. There is probably nothing connected to the internet that could survive a directed attack by the NSA, since they probably have a whole library of 0 days for every conceivable server or device at their disposal, along with other techniques like social engineering or even black bag operations if necessary and the target is high value enough.

    Honestly even if Android and iOS were known for absolute certainty to be backdoored they'd be better off communicating with those using standard tools like iMessage, as they'd be much better off hiding in a sea of billions than using some app off a third party app store that maybe has a few tens of thousand users worldwide and acts as a lighthouse alerting the NSA "I'm likely to be a terrorist" through its use. The NSA probably reads that guide and hopes the terrorists follow it to the letter.

    1. Mark 85 Silver badge

      Re: This also serves as a guide so the NSA knows what to target

      The NSA probably reads that guide and hopes the terrorists follow it to the letter.

      That's a good thing then, right? The more time they spend baiting and trapping the terrorists and their ilk, the less time and resources they have to snoop the rest of us... Oh wait.. this is a government org, they'll just add people and tools. Nevermind.

    2. a_yank_lurker Silver badge

      Re: This also serves as a guide so the NSA knows what to target

      Interesting point, to hide in a large volume of innocuous traffic that is common. Give them a needle-in-a-haystack problem.

      1. Mark 65 Silver badge

        Re: This also serves as a guide so the NSA knows what to target

        Interesting point, to hide in a large volume of innocuous traffic that is common. Give them a needle-in-a-haystack problem.

        In that case swim in a sea of vacuous Tweets and Facebook status updates - an ocean of faecal matter if ever I saw one.

  12. Anonymous Coward
    Anonymous Coward

    Privacy guides meant for journalists are being re-purposed by terrorist groups

    And typewriters once meant for journalists were repurposed by terrorist groups too. And later on, PS/2 and eventually even USB computer keyboards.

    And I have heard from a reliable source that toilet seats designed for law-abiding people have also been used by terrorist groups on more than one occasion.

    So?

  13. Anonymous Coward
    Anonymous Coward

    Typical FUD

    Lazy law enforcement using terrorism as an excuse to not bother with this collecting of actual evidence nonsense. Obviously, virtuous nations (i.e. us/we/the good guys) will deign to provide journos the tools to hang merde on naughty nations (i.e. whoever we want to beat up at the moment).

  14. NormDP

    A bad man will use anything and everything a good man uses. Is the solution to imprision all the good men just in case?

    1. Anonymous Coward
      Anonymous Coward

      Now come on, i don't think anyone's suggesting that. Think of the cost alone!

      No. Just hack off everyone's arms & legs. Just to be doubleplussafe.

    2. Anonymous Coward
      Angel

      The rain falls on the just and un-just alike - there is nothing new under the sun?

  15. This post has been deleted by its author

  16. aberglas

    How would Trend Micro know?

    It is 100% fluff.

    In truth, terrorists mainly just hide in the crowd (facebook, twitter, email) using simple techniques like code words. If you hear that the bride is on time then run!

    That said, when encryption was rare, then it could be profiled. But once everyone start using it then that fails. Ubiquitous encrypted email would be the nightmare. (Encrypted messaging can be compromised at the proprietary servers.)

    There is a real question here. If you discovered that the NSA was making spyware out of dead babies, how would you get the word out without going to jail?

  17. macjules Silver badge
    WTF?

    Err ..

    "Privacy guides meant for journalists"

    These would be the same journalists who could not do a simple search on social media for Labour councillors/MP's with anti-semitic tendencies?

    1. Anonymous Coward
      Meh

      Re: Err ..

      given that not all semites are jewish... I would search for anti-zionist tendencies. - If you get anything with a low noise ratio on either search you'll be very lucky

  18. Anonymous Coward
    Anonymous Coward

    An old argument

    There is a legal aphorism - Abusus non tollit usum - that abuse does not remove legitimise use.

    This was regularly argued in mediaeval Europe since the 12th century, and this aphorism has been confirmed. So those arguing against it are really from the dark ages.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019