privacy and security: computational journalism week 12
Post on 17-Jan-2016
7 Views
Preview:
DESCRIPTION
TRANSCRIPT
Fron%ers of Computa%onal Journalism
Columbia Journalism School
Week 12: Security December 5, 2014
Global Network Censorship
Open Network Ini%a%ve global filtering map -‐-‐ opennet.net
From Protec'ng Consumer Privacy in an Era of Rapid Change, FTC, 2010
Laptop falls into Syrian govt. hands, sources forced to flee
AP source busted through phone logs
.
.
.
Journalism Security Disasters
• Hacked accounts and sites – AP – Washington Post, New York Times, – etc.
• Sources exposed – Vice reveals John McAfee’s loca%on – AP phone records subpoena – Filmmaker’s laptop seized in Syria
What Are We Protec%ng?
• Commitments to sources • Physical safety • Legal concerns • Our ability to operate • Our reputa%on
Two security strategies
• Basic security prac%ce: simple things that protect against many threats.
• Threat modeling: discvoer and defend against specific threats
LinkedIn from June 2012 breach
Gawker from Dec 2010 breach
Two-‐Factor Authen%ca%on
• Something you know, plus something you have
Good Password Prac%ce
• If you use the same password for mul%ple sites, your password is only as strong as the security on the weakest site.
• Don't use a common password. Avoid words in the dic%onary.
• Use two-‐factor authen%ca%on
• Consider passphrases, and password management tools like OnePass
Phishing By far the most common a]ack. Send a message to user tricking them into entering their password. Typically directs users to a fake login page. Protec%on: beware links that take you to a login page! Always read the URL a4er clicking a link from a message.
AP Twi]er Hacked by Phishing
AP Phishing Email
The link didn’t really go to washingtonpost.com!
Read the URL Before You Click!
Spear Phishing
Selected targets, personalized messages.
Syrian Facebook phishing a]ack Arabic text reads: "Urgent and cri%cal.. video leaked by security forces and thugs.. the revenge of Assad's thugs against the free men and women of Baba Amr in cap%vity and taking turns raping one of the women in cap%vity by Assad's dogs.. please spread this."
Defending Against Phishing • Be suspicious of generic messages • Read the URL before you click • Always read the URL before typing in a password • Report suspicious links to IT security
Threat modeling What do I want to keep private? (Messages, loca%ons, iden%%es, networks...)
Who wants to know? (story subject, governments, law enforcement, corpora%ons...)
What can they do? (eavesdrop, subpoena... or exploit security lapses and accidents!)
What happens if they succeed? (story's blown, legal problems for a source, someone gets killed...)
What Must Be Private?
• Which data? – Emails and other communica%ons – Photos, footage, notes – Your address book, travel i%neraries, etc.
• Privacy vs. anonymity – Encryp%on protects content of an email or IM – Not the iden%ty of sender and recipient
Who Wants to Know?
• Most of the %me, the NSA is not the problem • Your adversary could be the subject of a story, a government, another news organiza%on, etc.
What Can the Adversary Do? • Technical – Hacking, intercep%ng communica%ons, code-‐breaking
• Legal – Lawsuits, subpoenas, deten%on
• Social – Phishing, “social engineering,” exploi%ng trust
• Opera%onal – The one %me you didn’t use a secure channel – Person you shouldn’t have told
• Physical – Theh, installa%on of malware, network taps, torture
NYT reporter inves%gated
What Are You Risking?
• Security is never free – It costs %me, money, and convenience
• “How much” security do you need? – It depends on the risk
• Blown story • Arrested source • Dead source
Threat Modeling Scenario #1
You are a photojournalist in Syria with digital images you want to get out of the country. Limited Internet access is available at a café. Some of the images may iden%fy people working with the rebels who could be targeted by the government if their iden%ty is revealed.
Threat Modeling Scenario #2
You are repor%ng on insider trading at a large bank and talking secretly to two whistleblowers who may give you documents. If these sources are iden%fied before the story comes out, at the very least you will lose your sources.
Threat Modeling Scenario #3
You are repor%ng a story about local police misconduct. You have talked to sources including police officers and vic%ms. You would prefer that the police commissioner not know of your story before it is published.
Threat Modeling Scenario #4
You are repor%ng on drug cartels in Central America. Previous sources and journalists have been murdered.
Data at Rest / Data in Mo%on
Securing Data at Rest • How many copies are there? – The original file might be on your phone, camera SD card, etc.
– What about backups and cloud syncing? – Use secure erase products
• Could "they" get a copy? – Hack into your network or computer – Walk into your office at lunch – Take your camera at the border
• If they had a copy, could they read it? – Encrypt your whole disk! – Use TrueCrypt (Windows), FileVault (Mac), LUKS (Linux)
File metadata
Photos, PDFs, documents all have hidden info in the file
Legal Security
In the U.S., the Privacy Protec%on Act prevents police from seizing journalists’ data without a warrant... if you're the one storing it. Third party doctrine: if it’s in the cloud, no protec%on!
Surveillance Law: the U.S. situa%on Do you need a warrant to see who I called? Nope. Supreme court, Smith vs. Maryland, 1979 controls "metadata." Do you need a warrant to read my email (or IM, etc.)? Electronic Communica%ons Privacy Act (1986): Not if it's older than 180 days Department of Jus%ce manual : no, if it has been "opened" U.S. v. Warshak, sixth circuit (2010): yes Do you need a warrant to track someone through their phone? ACLU FOIA of 200 police departments: some say yes, some say no U.S. v. Jones (2012), Supreme Court: can't put a GPS on someone without a warrant. But doesn't men%on the GPS in our phones. Do you need a warrant to look at the data on my phone a4er an arrest? In some states, but not others. Supreme court has been asked to rule.
"In the first public accoun%ng of its kind, cellphone carriers reported that they responded to a startling 1.3 million demands for subscriber informa%on last year from law enforcement agencies seeking text messages, caller loca%ons and other informa%on in the course of inves%ga%ons."
-‐ Wireless Firms Are Flooded by Requests to Aid Surveillance, New York Times, July 8 2012
Google Transparency Report
Twi]er, Facebook have similar. But what about Snapchat? Sina?
Securing Data in Mo%on
• Where does your data physically go between source and des%na%on?
• Which links are encrypted? • Tools you should know – PGP — Secure email – OTR — Off-‐the-‐record messaging protocol – CryptoCat — Easy OTR through your browser – Tor — Anonymity – SecureDrop — Anonymous submission
SSL
Aka, HTTPS. Depends on a system of root cer%ficate authori%es (CAs) that generate cer%ficates (cryptographically sign keys) for sites that use HTTPS. Browsers have CA keys built in, so they can verify that a site has a valid signed key. Works great, except that cer%ficate authori%es can be hacked, and we must expect that most states can easily sign a cer%ficate through a proxy.
Real MITM a]acks
OTR
• Not an app – A protocol for encrypted communica%on, supported by several apps.
• Does not hide your iden%ty! • Many chat programs can speak OTR • Confusing and important – Google Chat and AIM's “off the record” op%on do not use OTR
– Google/AOL can read your messages
Star%ng OTR in Pidgin
Star%ng OTR in Adium
Crypto.cat — Easy OTR
Am I Really Talking to You?
• “Man-‐in-‐the-‐middle” pretends to be someone else
Solu%on: Fingerprints
• Contact your source over a different channel; verify he/she sees the same fingerprint you see
Encryp%on vs. Anonymity
Encrypted message is like a sealed envelope. Anyone can still read the address (metadata)
Torproject.org
Tor Browser Bundle
Mobile Security
• Your phone – Is a loca%on tracking device – Contains all your contacts – Is used for every form of communica%on – Stores a lot of informa%on
Tell-‐All Telephone (zeit.de)
The Guardian Project
Silent Circle
• Commercial service – Secure mobile calls, video, texts – Can hand prepaid cards to sources
Securing your computer
Really only two choices:
• Buy a new computer, never put it on any network
• Use a secure opera%ng system like TAILS Both approaches assume no one has tampered with the hardware (perhaps installing a hardware key logger?)
Security = Model + Tools + Habits There is no tool in the world that will protect you from:
• not protec%ng against the right threats • bad passwords • gullibility (phishing scams, social engineering) • misunderstanding the security model that your prac%ce depends on.
• not doing the secure thing every 'me.
• offline security breaches / physical coercion
From Allen Dulles' 73 Rules of SpycraE
Case study: leaked Cables
Julian Assange gave a password and a temporary URL to Guardian reporter David Leigh. Leigh downloaded the file in encrypted form from the temporary URL. Leigh decrypted the file and reported on the contents. ...but later, all the cables were available publicly, which is not what either Assange or Leigh intended.
The Plan
M E password URL
password E
E M
Assange Leigh
What Assange was thinking
E ???
M E password URL
password E
E M
Assange Leigh
What Leigh was thinking
???
M E password URL
password E
E M
Assange Leigh
What actually happened
!!!
M E password URL
password E
E M
Assange Leigh
password WL Archive
E
M
Basic security prac%ce, in short Use real passwords
Understand and be alert for phishing
Know where your data is and where it goes
Keep your sohware up to date
Understand technical, legal, social, physical threats
Have a plan, make security a prac%ce
Resources Threat modeling for journalists h]ps://source.opennews.org/en-‐US/learning/security-‐journalists-‐part-‐two-‐threat-‐modeling/
Commi]ee to Protect Journalists informa%on security guide h]p://www.cpj.org/reports/2012/04/informa%on-‐security.php
Encryp%on and Opera%onal Security for Journalists Hacks/Hackers presenta%on h]ps://gist.github.com/vaguity/6594731 h]p://www.cjr.org/behind_the_news/hacks_hackers_security_for_jou.php?page=all
top related