add post on security for leftists
This commit is contained in:
Clément Hertling
parent
c213842209
commit
f86a84ca8e
231
content/security_for_the_savvy_leftist,_part_Ⅰ.md
Normal file
231
content/security_for_the_savvy_leftist,_part_Ⅰ.md
Normal file
@ -0,0 +1,231 @@
|
||||
Title: Security for the savvy leftist, Part Ⅰ: OpSec
|
||||
Date: 2020-05-14T19:21-04:00
|
||||
Author: Wxcafé
|
||||
Slug: security_for_the_savvy_leftist_part_Ⅰ_opsec
|
||||
Header_Cover: https://pub.wxcafe.net/img/opsec_cover.jpeg
|
||||
|
||||
Introduction
|
||||
============
|
||||
|
||||
This is the first in a series of post trying to give a few pointers and share a
|
||||
bit of knowledge on securing your online presence and activism, targeted at
|
||||
leftists.
|
||||
|
||||
The motivation behind this series is my own observation of the lack of technical
|
||||
security education and/or interest in leftists circles in the US, and the
|
||||
anxious feeling that it's direly needed.
|
||||
|
||||
These posts are to be considered in the current political context, and also
|
||||
taken with a grain of salt, as I'm not a security professional and while I do
|
||||
have some security knowledge, it is not my primary field of expertise.
|
||||
|
||||
Anyway, here goes
|
||||
|
||||
---
|
||||
|
||||
OPSec
|
||||
=====
|
||||
|
||||
So, OpSec (operation security) is a very generic concept referring to
|
||||
identifying what information is important or even critical to the security of
|
||||
your operation, how it is potentially exposed to your adversary, how to
|
||||
protect it from that adversary, and finally putting all of that into practice by
|
||||
changing the organization of your operation to reduce the exposure to your
|
||||
adversary.
|
||||
|
||||
That's all pretty abstract so far, but basically you can think about it like this:
|
||||
|
||||
- Who's my enemy
|
||||
- What must they absolutely not know
|
||||
- How can they currently learn that
|
||||
- How can I prevent them from doing that
|
||||
- Fix the issue, rinse and repeat
|
||||
|
||||
Who's my enemy
|
||||
--------------
|
||||
|
||||
The purpose of this question isn't to point at specific people, but rather to
|
||||
understand what the scope of the potential attacks you're facing are. If you're
|
||||
organizing a tenant union, your enemy is the landlord, and there's not much they
|
||||
can do to attack your organization. If you're planning revolutionary action on
|
||||
the US government, your enemy is the entire US government and all of its defense
|
||||
branches, which can definitely come after you, in depth, and they *will*, and
|
||||
you'd better be ready — if it's even possible to be ready for that situation,
|
||||
lots of revolutions have failed even without having the full attention of the
|
||||
American empire...
|
||||
|
||||
But the point is that the degree to which you're exposed, and the type of
|
||||
response you'll need to take, depends a lot on who your adversary is and what
|
||||
kind of resources they have access to (and are willing to use against you).
|
||||
|
||||
What must they absolutely not know
|
||||
----------------------------------
|
||||
|
||||
This one should be obvious. If your adversary knows this, your operation is a
|
||||
bust, all your efforts were for nothing, and you might be facing repercussions.
|
||||
To keep going with the examples from the previous point, if the landlord knows
|
||||
you're the one who's organizing the tenant union, they'll find a pretext to
|
||||
evict you, and then you've been organizing for nothing and you're out of a place
|
||||
to sleep. Of course the other example has worse outcomes (i.e. torture or death)
|
||||
but the concept is the same.
|
||||
|
||||
Sometimes though, your adversary knows your identity and your organizing against
|
||||
them is public, yet they can't do anything from just these informations. There
|
||||
are still things that they can learn that would compromise your efforts. Find
|
||||
out what they are.
|
||||
|
||||
---
|
||||
|
||||
**The answers to these two questions ("who's my enemy" / "what must they absolutely
|
||||
not know") is known as your *threat model*, and it's what you're going to use to
|
||||
tighten your security by identifying what are your current problems and what
|
||||
measures are necessary to fix these.**
|
||||
|
||||
---
|
||||
|
||||
How can they currently learn that
|
||||
---------------------------------
|
||||
|
||||
How are you exposed? That's a trick question, of course, because if you knew
|
||||
you'd have fixed it already, but there a few avenues of exposure that are easy
|
||||
to explore and hopefully solve.
|
||||
|
||||
First of all, you could have an involuntary leak. Someone wasn't careful enough
|
||||
about where they were talking about something, or published something they
|
||||
shouldn't have, and now it's been exposed (and by that I don't mean your
|
||||
adversary knows it for sure, I mean it has been exposed in a place where your
|
||||
adversary *could* have seen it. That's enough to be considered a leak). That's
|
||||
human error, and while it will always exist, there's ways to reduce the
|
||||
probability of it happening. This is the most common type of leak.
|
||||
|
||||
Second, you could have a member of your organization voluntarily leaking
|
||||
information. It could be because they're being blackmailed, corrupted, or
|
||||
they've just been flipped, or it could be someone who's infiltrating your org...
|
||||
either way, these are harder to work around, because... well, because they're
|
||||
actively hostile. This is way less common, and mostly happens if you have
|
||||
powerful adversaries (like always, your threat model should tell you what to
|
||||
worry about)
|
||||
|
||||
Finally, you could have a leak that's not within your organization. The company
|
||||
you're using to chat got hacked and all your messages are suddenly public. Your
|
||||
storage space got broken into and documents are missing. Your Internet service
|
||||
provider is just giving all of your data to the government. These things happen,
|
||||
and you can fight them by running your own tech services and securing your data
|
||||
properly, but this is honestly the least common avenue for an adversary. Once
|
||||
again, trust your threat model.
|
||||
|
||||
How can I prevent them from doing that
|
||||
--------------------------------------
|
||||
|
||||
The first and most effective line of defense against potential information leaks
|
||||
in your organization is to **not give the information in the first place**.
|
||||
Always think of OPSec in two layers: there's your opsec as an individual, and
|
||||
then there's your organizational opsec. If you found that your name is
|
||||
compromising, then use a nickname or a fake name in your organization. If your
|
||||
address is compromising, don't tell people where you live, and don't take them
|
||||
back there! Of course, this means not giving anyone access to any online profile
|
||||
where your real name or address is, never letting anything slip, not letting
|
||||
anyone see your ID, etc.
|
||||
|
||||
This is basically creating a new, separate identity, which you will use
|
||||
exclusively in the context of the organization. This isn't always easy, but it
|
||||
can be necessary in some cases, and it's always very effective.
|
||||
|
||||
Not giving information isn't only a tool to protect yourself, though. It can
|
||||
also be a tool inside your organization. The group that works on action A
|
||||
doesn't necessarily need to know about action B. Segment information, it keeps
|
||||
everyone safer. Keep groups small: if you need to, coordinate multiple small
|
||||
groups rather than making a large one, with a single person in each group in
|
||||
charge of coordination. That way, no-one knows everyone. Take whatever
|
||||
precautions are warranted by your threat model.
|
||||
|
||||
Of course, some information you need to share as a matter of running your org.
|
||||
In these cases, the next step in defending against potential information leaks
|
||||
in your organization is its cohesion. If everyone is close to everyone else, not
|
||||
only will everyone be more careful (which is important for accidental data
|
||||
leak), but it'll also be very hard to corrupt/blackmail/flip one of your
|
||||
members, and even harder to infiltrate your organization. Remember, OPSec is not
|
||||
a tech concern, it's a social concern. Find out who in your movement is
|
||||
vulnerable, and take care of them. Think about your onboarding process, how much
|
||||
you evaluate potential members, and how you start sharing information with them.
|
||||
Without falling into paranoia, not telling every detail of your actions at
|
||||
meetings with people you don't know might be a good idea, depending on your
|
||||
threat model (like everything else).
|
||||
|
||||
Your next line of defense should be making it hard to fail. Your processes
|
||||
need to make it clear when sharing information is OK, and who with. You need to
|
||||
establish clear communication lines inside your organization that are safe and
|
||||
dedicated to a subgroup/action. Once again, this isn't about tech, the best
|
||||
encryption won't help you if someone who works for your adversary is added to
|
||||
the group chat about your action plan. At any point, it should be clear for
|
||||
anyone in your organization how they can communicate with other members, and
|
||||
what they can say on which channel. Separate messaging groups for different
|
||||
projects are a good start, but there needs to be enforcement of the separation
|
||||
(meaning reminding people when they start talking about sensitive stuff on the
|
||||
misc channel), and deliberation before including someone in the group.
|
||||
|
||||
Finally, there's damage control. Once something *has* been leaked, you need to
|
||||
have provisions in place to keep your operation going as well as possible. If
|
||||
the leak is the date and place you were planning to have your action, you have
|
||||
to be able to change that, and quickly, while making sure everyone involved
|
||||
knows (i.e. not only have the technical possibility of sending a message to
|
||||
people, but having a mechanism to make sure it's read in a defined amount of
|
||||
time and getting acknowledgment that it has been. Picture having to reschedule
|
||||
two hours before and work from there). If it's someone who's been added to the
|
||||
wrong chat group, or someone who talked in the wrong place, make sure it's clear
|
||||
it shouldn't have happened, do your best to scrub the information from there
|
||||
(disappearing messages with a short-ish lifetime are great for this), and change
|
||||
details if necessary. Sometimes you can't do much, going back to our tenant
|
||||
union example, if your identity leaks before you're ready, you're pretty much
|
||||
done, all you can do is hope and share your knowledge/resources with other
|
||||
members of your org.
|
||||
|
||||
All of these might be way too much for your threat model! If you're only
|
||||
fighting to have a new bike lane installed in your neighborhood, nobody's going
|
||||
to try and coerce the members of your organization into giving up your name.
|
||||
They might try and find when your next action is, though, by walking into one of
|
||||
your meetings. If you're organizing a tenant's union, you probably don't need to
|
||||
organize segmented groups who only communicate through one member: your landlord
|
||||
isn't going to torture anyone to know the names of the co-conspirators... But
|
||||
you might want to be careful about where you organize your meetings, keep the
|
||||
"security" cameras in the building in mind when you're putting up rent strike
|
||||
posters, and maybe don't give your name and unit number to other members even if
|
||||
it's not that risky (they don't really need it anyway!). Your threat model
|
||||
really is what determines the measures you should take.
|
||||
|
||||
Fix the issue, rinse and repeat
|
||||
-------------------------------
|
||||
|
||||
Well, this part really depends on what you found out in the previous steps.
|
||||
Fixing the issue, however, means not only fixing this particular instance but
|
||||
rather changing the system within your org as best you can to make sure that
|
||||
problem doesn't show up again. Some of these you can't fix definitely, as
|
||||
they're inherent to the system outside your organization, but you can orient
|
||||
your group so that they're less likely to happen. Some are entirely your
|
||||
responsability, and you can fix them with a bit of effort, structuring your
|
||||
organization correctly, and never letting your guard down.
|
||||
|
||||
Conclusion
|
||||
==========
|
||||
|
||||
That's it for this post! Always keep in mind: OPSec is something you need to
|
||||
have *before* you actually need it. Like everything else in security, it's a
|
||||
process, not a state: it's basically impossible to tell if you're secure, all
|
||||
you can reliably know is if you're insecure, and most of the time it's because
|
||||
you suddenly have handcuffs, or are being evicted from your appartment. It
|
||||
can require constant vigilance, discipline, and every error can be extremely
|
||||
costly... But it gives you a semblance of security and a fighting chance against
|
||||
your adversaries.
|
||||
|
||||
I hope this post has at least provided a few pointers, and has made you
|
||||
reflect on your organizational and personal OPSec. Don't think it's too late:
|
||||
it's always better to have at least a little bit of OPSec than none at all. And
|
||||
if you don't implement it for yourself, you should at least do it for other and
|
||||
future members.
|
||||
|
||||
Finally, there are more posts like this one coming on other topics, including
|
||||
how to communicate securely, which tools to use, what is effective, what isn't,
|
||||
and how to escape tech-based surveillance, and I hope you'll come back to take a
|
||||
look at these.
|
||||
|
||||
Good luck out there
|
||||
Loading…
x
Reference in New Issue
Block a user