Phone calls are better than files, generally speaking, and you should be calling from a burner; i.e. a pre-paid phone that is not in your name. You shouldn't even give your real name to the reporter on first contact. Reporters take notes and some of them have to share their sourcing with editors. So be really clear with them how they will treat your real identity, if you choose to share it.
Face to face meetings are sometimes better than phone calls. You should assume, when you're handling highly sensitive information, that the reporter's devices may eventually be hacked, bugged or subpoena'd, so make sure that an electronic trail does not lead back to you.
You should carefully choose the journalists you leak to. The best choice will have to be well sourced. That's because the information you leak to them, in most cases, will have to be confirmed. That is, they will have to call other insiders they know and ask "Is X true?" If they don't have other sources, the information you provide will probably not make it to the public.
Reporters also get contacted by a lot of nut jobs, so early on, do what you must to establish credibility. Trust has to be established both ways.
Face to face meetings sounds preposterous for someone who would risk prosecution under the espionage act for instance. I know that's a rare scenario, but in more common cases there are still clear inherent risks in meeting face to face with a journalist. And that's not even considering the potential time and costs involved in reaching a journalist with national/international reach.
Regarding nut jobs, that clearly sounds difficult to parse. But at the risk of sounding like I'm hounding on you, there seems to be a misunderstanding on the part of journalists of the kinds of risks sources are putting themselves into.
Worse yet, an underestimation of how much journalists – through their expectations and treatment of source data — passively and routinely put their own sources at risk by being illiterate in maters of operational security (encryption, surveillance-self-defense, network security, etc).
Just read the account of how difficult it was for Edward Snowden to reach out to Glenn Greenwald for a perfect demonstration of these issues: https://theintercept.com/2014/10/28/smuggling-snowden-secret...
He had to enlist outside help to get a journalist to stop fucking around with operational security. This in turn is perhaps why Snowden is still free and alive to this day.
I'm talking about what has worked for the confidential sources I had, and the means they chose to communicate with me, which in fact prevented me or my org from knowing who they were. (They were not up against the intelligence agencies of the US, but nonetheless they did not want to be known, and succeeded.)
Investigations usually happen in retrospect, after leaks have been made public. And the data that is most searchable surfaces leads most quickly. Files and emails are the most searchable thing of all. Easy to copy. Stored many times as they travel. That is less true of voice. And even less true of face to face meetings, done right. So sure, use a voice modulator. That's a good idea. Even better: send a paper envelope full of documents printed on someone else's machine; wear latex glove and dab the stamp with tap water rather than saliva.
Journalists have a filtering problem that you don't seem to understand. They are inundated with wackos hawking "news" that's really just a figment of the imagination. Partisan sources pretending to be neutral spin them everyday. A good source, with good information, has to realize that and break through to the reporter by demonstrating authenticity, because the reporter is overwhelmed. If you don't care about breaking through, then don't do it. It's not a misunderstanding on the journalists' part; its the nature of their job. They don't have time to wade through all the crazy claims.
Everything's hackable. People should assume that reporters and their organizations will have a lapse in security, that they cannot withstand the collective efforts of intelligence agencies. Just like any other company in the world and the DNC... And those sources should arrange to protect themselves if their communications are found by someone who's not the reporter.
Snowden met face to face with Glenn Greenwald and Laura Poitras.
Things are improving. Lots of journalists have Signal now.
What's the best way to leak from the press? Suppose a whistleblower inside, say, the NYT, has internal evidence that demonstrates some kind of negligence or malfeasance in the important task of informing the public?
Who would be the right party to leak to, for one thing? Another press institution?
Also, has anything like this ever, like, actually happened? If so, when? If not, why not?
The most recent act of negligence by a journalistic institution that has happened recently was reported by The Intercept (Glenn Greenwald's gig) about the Washington Post's reporting on how Russia was behind the "fake news" propaganda that was unfortunately in itself a sort of propaganda. To discover why, you'll have to read those articles yourself.
In any case, I think journalists typically keep each other in check. And, thankfully, in prestigious institutions you're judged by the quality of your work and whether or not it can be fact checked. Unfortunately, reported facts in the United States are about as big of a hand patting Barack Obama on the back after winning the next election. Everything is irony and nothing is sincerity.
Wouldn't you still be identifiable based on voice biometrics? Or by the security camera video of whichever store you buy the burner phone from? And if meeting in person, you could be trivially shadowed.
It still looks to me like "Phone calls are better than files" is completely backwards. Files can be transferred over onion routing or other darknets, carry less identifiable information and can be digitally signed to establish identity as being the same source over multiple leaks.
And if you're under surveillance, being shadowed, then clearly you're going to have a lot of trouble using any means.
For actual communication that might identify you, sending a plain text file over something like securedrop is much safer than using a burner phone to call an endpoint that is pretty much for sure under heavy surveillance. If you don't know about metadata then you probably shouldn't do this until you are done with the required research.
Is that fairly easy to do? I heard in some countries it is hard to get a sim card without a proper ID. How easy is to get a burner phone in US without raising red flags?
Trivial. I see them all the time at grocery stores, pharmacies, et cetera.
Anyone from governmental agencies who read this article at home or work can now fairly easily be targeted by the relevant surveillance agencies.
Edit: Nevermind — I assume you're referring to this scenario, in which the company installs a root certificate onto your actual computer that allows them to sign certificates for other sites.
From there, everything can be tracked.
Most government employees are not even in a position to access leakable data even they wanted to. Targeting them based on reading an article would be a waste of effort.
It's less common for companies to have content inspection.
HTTPS encrypts the URL as well as the content of the communication. Someone surveilling the conversation with the ability to observe all network traffic but without the ability to decrypt SSL traffic would be able to tell that the end user had viewed something at a particular website (technically, at a particular server), but would NOT be able to tell WHICH article was viewed.
That's the new key point for 2017 pro-privacy architectures.
Proof of work surveillance doesn't scale because requiring it leverages the disparity between the total level of Internet traffic and intelligence agency resources.
Kill the dragnets as step 1, then worry about step 2.
Edit: What Mike is trying to implement is based on https://arxiv.org/pdf/1512.00524.pdf.
You got it right the first time around, the parenthetical correction is wrong. The SNI is transmitted in plain text during the TLS handshake.
What about inspecting traffic pattern? I suspect that each article has different size.
It still might be a better choice, given that the main domain for many sites goes through CDNs and more complex systems in general, increasing the risk of compromise there (which also would expose network details about the submitter, and possibly even more)? A dedicated securedrop site hopefully has dedicated infrastructure and better security.
Potentially, if they're using TLS/SSL with SNI.
but that's my point... if you're not using SNI, there's only one SSL server on that IP address, and if reverse-DNS fails you, you can connect on port 443 and ask it for its certificate and it will give it to you...
That still gives away a lot, many of these secure drop sites are on a subdomain.
https encrypts the contents... not things like source/destination often only a destination IP address is required to get URL categories for many Proxy/URL filtering technologies.
So a surveillance agency could e.g. replace the URLs for the various organizations' leaks landing pages and Tor addresses with phishing pages, and anyone who used them would upload documents directly to the agency.
If you mean "transferring over the network", then yes, HTTPS only shows the server you are connecting to, but not the specific URL.
Then again, that can be deduced from the transfer sizes that are still shown.
> “I’ve lived through many transitions, and I don’t think this is a story,” said a senior E.P.A. career official who spoke on the condition of anonymity because he was not authorized to speak to the news media on the matter. “I don’t think it’s fair to call it a gag order. This is standard practice. And the move with regard to the grants, when a new administration comes in, you run things by them before you update the website.”
Try to save some of your outrage for actual outrageous events.
You can't always stay silent until after something outrageous has happened. Some things are easier to prevent than to undo.
My expectation is increasingly "it is routine that he will do something stupid."
> Even the NYTimes has admitted
I'm not sure what that means. The Times has reported all sides of the spectrum. The broke the Hillary Clinton email server story, for example, and also Trump's tax returns.
> However, one of the consequences of the election is that the new administration now controls what federal agencies say and what side of an issue they take in a debate about, for example, climate change or reproductive rights.
> EPA scientists are executive branch employees so their boss is Trump.
And Trump's boss is the American people. Everyone in the executive branch and throughout the government reports to them, ultimately.
Allowing people to have unfiltered communication might be nice, but it doesn't count for much when you already know they mostly agree with you.
In case I missed it, was the Obama administration fine with employees expressing opinions that conflicted with Obama's views? That would count for something. For example: coast guard employees endorsing off-shore oil drilling, health and human services employees taking pro-life positions, border patrol agents supporting a wall, military generals opposing non-traditional gender in the military, department of education employees opposing evolution, department of labor employees praising right-to-work laws...
I saw it many times. For example, military officers did openly debate the gender issues before a decision was made (I don't know about after).
In those cases, I think those situations were local to Pentagon programs; they were not instructions from the White House; they weren't blanket gag orders for whole departments on every issue.
Outrage exhaustion is easy to create, but it doesn't mean outrageous things aren't still outrageous.
Vice and Intercept made a better choice using a path on a their regular domain:
Sadly, since SecureDrop is decentralized, we cannot enforce this, and some organizations apparently find it very difficult to provision a separate path ("example.com/securedrop" instead of "securedrop.example.com"). for their SecureDrop landing page.
Ideally you'd leave it at the top level since obviously whatever other random junk you put on the subdomain will be lower-traffic than the main domain, but at least here there's plausible deniability (I was just clicking on an easter egg that played pac-man!)
Perhaps. Can you write a better one?
(In this case I would be more concerned about the SecureDrop application and the specific instances becoming too juicy a target for the counter-intel people. Once they decide to infiltrate something, they generally do after a while.)
If not then you can do some conversion routines, like pdf->(list of images)->merged to a single pdf again, and then you can compare the resulting documents from the different accounts.
Fingerprints can be visible, but not obvious, so printing and scanning back could leave them in.
A picture of one showed up on a blog as a leak. The leaker had sensibly put a black box over the sticker.
The thing that neither the leaker nor any of the rest of us knew was that each device also had a series of bumps on the top and bottom of the device which uniquely identified it just as effectively as the sticker. He was fired instantly.
Now imagine fingerprinting is done on the fly by your corporate proxy server.
 - or sober, whatever is the opposite of your typical working state
The media will ask if the document is real and the organisation will correctly claim that the document is a fake (because you used your own words).
A lot of these techniques actually make verifying leaked documents very difficult.
I imagine such a program already exists among top-shelf university student cheating service providers to defeat the academic plagiarism detectors.
(If not, write one, and sell it to leak sites and to cheating service providers. $$$)
Retyping everything would be good.
That is only one type of fingerprinting used.
The actual process is inserting typos and slightly different phrasing in various places. So if someone leaks the entire document or copy/pastes from it or takes a picture or whatever, it's trackable.
And yes, I worked in that space for quite a while.
Retyping is pretty good unless they sent everyone a slightly different version of the document or you retyped information which could identify you.
Not a good idea.
They can't block it, but good luck finding real signal in millions of requests.
Or, more subtly, deliberately leaking easily discredited stuff. Once it gets published, it becomes a propaganda target. As a great example, consider how Dan Rather was taken down by https://en.wikipedia.org/wiki/Killian_documents_controversy. Planting a perfect smoking gun was enough to bring down Dan Rather and make the story of how Bush got his draft deferment toxic in the media.
The ultimate irony there is that the story that Dan Rather reported was actually true. It had all been reported in The Guardian by Greg Palast, and Dan Rather had started with access to his research. It didn't matter, planting perfect fraudulent documents managed to discredit it.
And yes, I am perfectly aware of what Obama did to Manning and Snowden. I objected to that at the time, and still do.
One of the stupidities of overly polarized politics is that people assume that you must be on one side or the other. This would be a bad assumption to make about me.
Hasn't is not correct. The Obama Administration was notoriously terrible towards the press. The below from an article published today:
Obama Admin on Fox News:
“We’re going to treat them the way we would treat an opponent,” said Anita Dunn, the White House communications director, in a telephone interview on Sunday. “As they are undertaking a war against Barack Obama and the White House, we don’t need to pretend that this is the way that legitimate news organizations behave.”
The [Obama] administration sought to deny Fox News' participation in executive branch news-making events -- which only failed after other networks admirably refused to participate if Fox News were excluded.
James Rosen, reported accurate information about North Korea leaked by a member of the Obama State Department, Eric Holder ordered his movements to be tracked, his phone records seized, and went "judge shopping" until he found one willing to grant such a warrant without telling Rosen himself. Holder even told Google to not notify Rosen that the government was monitoring his email.
The New York Times's James Risen was targeted for almost the entirety of Obama's two terms. His crime? Reporting accurate information the Obama Administration didn't want reported. "Along the way, we found out that the government had spied on virtually every aspect of James Risen’s digital life from phone calls, to emails, to credit card statements, bank records and more,"
The Associated Press experienced similar surveillance. For two months, the Department of Justice tracked 20 AP reporters' calls, ostensibly over their reporting into a Libyan terrorist's failed plot. Why was reporting on a failed plot so threatening? The AP said it was because the administration wanted to announce the news itself.
Just pointing out that 'Hasn't' is not correct. Carry on...
Obama waged a campaign against leakers. Most of what you refer to was tied to that. Related, see the fact that he used the Espionage Act more than everyone else. That phrasing is precise, Obama used it more than all other presidents combined.
He also faced a sustained propaganda campaign from Fox News. (The results of which were regular grist for Jon Stewart on The Daily Show.) He therefore treated them as an enemy.
This was unfortunate, but not really comparable to Trump's treating anyone who disagrees with obvious outright lies as an enemy. And Trump's declaring most of the media enemies, and issuing a variety of thinly veiled threats to them.
I wouldn't be surprised to see Obama's unfortunate espionage act record eclipsed as well... :-(
At any rate, whatever. I am not going to be silenced by your keyboard
Anyone who values reality should recognize detailed valid criticism for what it is, and support it. Especially if it is your position being criticized. Statements need to be judged by evidence of accuracy, and not agreement with your preconceptions.
A detailed post, offering correction and full of links and exact quotes should therefore be voted up, not down.
Trump seems to be going after any federal agency that does not pursue goals that he wants.
Seems as if what Trump has initiated is no different than previous administrations upon taking office . Are you sure there's some clear break from past precedent?
Or take the reinstatement of the Holman rule. See https://www.washingtonpost.com/local/virginia-politics/house.... This rule allows politicians to target individual civil servants. This is again not business as normal. This rule was removed under Ronald Reagan in 1983. No administration since has sought its reinstatement. This again fits into the theme of creating "chilling effects" from partisan oversight of what is supposed to be a politically neutral organization.
For a third example, see http://www.salon.com/2017/01/10/please-dont-tell-us-the-trut.... The CBO is widely viewed as neutral, and has been kept that way for many years. It routinely provides estimates for every bill of what that bill's impacts are likely to be, including the estimates of the impact on our deficit. However House Republicans want to repeal the Affordable Care Act and do not wish to be embarrassed by estimates of how much removing some of its inflation limiting provisions will impact our federal deficit. So they are banning the CBO from calculating this number.
I can cite plenty of precedents for all of these actions. They are all before my birth, or in other countries. They are emphatically NOT business as usual in the modern USA.
But it's just a matter of putting up enough of a roadblock to make it unappealing. CAPTCHAs are an easy fix to cut down on some noise.
I guess the guy was the only one on the network using tor, making him easy to identify.
So unless tor gets a huge userbase in DC, it seems like an encrypted url would be safer. (I don't know much about tor; am I wrong?) Everyone reads WaPo; no suspicion getting on that site.
But I think the main difficulty in becoming a leaker is that you have to hide your mental evolution as you decide to become a leaker. By expressing your dissatisfaction to your colleagues before you decide to leak, you make yourself a suspect post-leak. Leakers should be aware that traditional investigative mechanisms are very powerful, and even if the crypto is rock solid, it is still very likely they'll be caught. It's then a question of whether they are willing to 'take one for the team'.
For what it's worth when I was a young jerkoff in college I was spamming on some forums and pissed off a guy who later sent me my college address. I got his IP from the forum, tracked down his ISP, and messaged them and the FBI about it along with the threatening chat logs and never heard from him again. Not that I think they took real action, but it was some script kiddie I wanted to set straight with the threat of real consequences. This was back around 2004 or 2005 when things were a bit more loose in terms of encryption and privacy online.
The hard part when you leak is that you are now in a set of people that knew the information. That usually boils things down to a handful or even one suspect. With US federal agents where in fact it is illegal to lie to them, they will have you in their office by lunch.
This advice is valid whether or not you leaked anything.
Lately there seem to be very few completely open wifi points. Most of them at least require some click through for agreeing to terms. Is there any risk involved here?
My personal favorite open wifi service is the one on Amtrak, and you can buy a paper ticket with cash. Pretty anonymous.
Even my Mikrotik at home logs MACs by default. The log is small and not persisted, but log entries definitely stick around a few days.
Don't count on your MAC not being logged.
They aren't Godlike but I'll admit the Snowden revelations surprised me and I'd been following that stuff for years.
A journalist uses some apple computer. If its new, Tails won't be able to establish a network interface, so maybe there is a usb wifi dongle as well.
When entering boot mode (restart with option key pressed), in order to select Tails, wifi networks are shown.
You are suggesting that Apple is leaking the MAC address of the computer to all AP before Tails is even selected to boot from.
This suggests that any MAC address randomization the user intended to use for the built in computer wifi or the dongle via Tails will be partially defeated.
Many AP will log the original MAC immediately and one (the one chosen for wifi after Tails boots) will log the randomized Tails MAC.
Is this correct assumption?
EDIT: After rereading it sounds like you are saying they DO randomize probe packets and the scenario I describe above does not occur, NO MAC is leaked during Tails boot selection process on apple hardware.
Can anyone confirm this?
Schneier has written about (and sort of advocates) being on the receiving end of this :
I spoke to several lawyers about this, and in their lawyerly way they outlined several other risks with leaving your network open.
While none thought you could be successfully prosecuted just because someone else used your network to commit a crime, any investigation could be time-consuming and expensive.
I mean, mostly, open access APs are set-and-forget amenities. Most places don't even bother to change the default root login for the AP. I really don't think they're suddenly going to care about what someone uploaded from their AP; certainly I can envision law enforcement or federal agencies making a case out of it if it served their needs, but I doubt this is going to be high on their list.
However, the vast majority are either:
1. Completely fake, because someone on 4chan/Reddit/an internet forum/social media wanted to see how many journalists they could prank with false information.
2. Uninteresting or pointless to write about, since they don't describe newsworthy stories.
So the amount of actual, legitimate leaked news stories they receive a year is likely a lot less than the amount of stories they receive through these systems in total.
Hotels can normally link a computer on their network to a room number... Suggesting they use a hotel wifi isn't a good idea IMO (unless you are not actually a guest, and its just an open public wifi network).
> "Use as much caution and good sense as you can about distancing yourself from equipment and network locations you might be connected to."
Possibly an audience who has never heard of Tor before (the target for this piece) needs some more concrete advice about this than "use caution and good sense."
And then there's the fact that most people's MAC addresses are ultimately tied to their identities in a way that a powerful actor could recover it without too much difficulty.
Point taken though, one of the bigger stories of the campaign was the billion dollar loss that Trump claimed on his taxes in the mid-1990s. That came to WaPo and NYtimes via USPS and just landed in their mailboxes.
Panama Papers did in fact arrive on a HD IIRC.
 The "BTK killer" asked in an anonymous letter to the police if they would be able to track him down if he sent subsequent letters on a floppy disk. The police took an ad out in the paper to tell him no, they couldn't, so he sent a disk. He wrote the letter in Microsoft Word and using metadata on the file they were able to track the killer down and arrest him.
Printing them to PDFs might actually do a decent job to strip that data. You might have to make sure your PDF printer doesn't add additional metadata though.
Of course, proving authenticity in such a case is a necessity too, no journalist wants to be responsible for publishing fake leaks.
Vanity addresses, ones that have a name at the beginning, require some processing in order to find the right public key.
Dunno what you're talking about. Plenty of people on these forums have been strongly dissenting about the Obama administrations attitude toward a free and open internet, government surveillance, and drone policy.
I've never been accused of racism for dissenting against Obama or his administration.
2001-2008: Respect the President even if you disagree with him.
2009-2016: Obummer is a Kenyan Muslim dictator.
2017- : Respect the President even if you disagree with him.
Side comment/question: Depending on your operating system, perhaps?