[liberationtech] Ubuntu Privacy, malware, Laura Poitras, and cats

Griffin Boyce griffin at cryptolab.net
Wed Nov 6 17:50:26 PST 2013 

Matt Johnson wrote:
> Griffin suggested never connecting a USB stick, or external drive or
> copying PDFs to the air gap computer. I have asked how that air-gapped
> computer would be useful. Apparently the point is too subtle.

  There are a few aspects to this that I'd like you to consider. 
Without knowing what the person intends to use it for, I tend to
recommend on the far side of caution.  Malware that originates from
shared offline media *far* predates the modern internet (and my
existence, incidentally).  It's not that no one should ever connect a
USB to an air-gapped computer, but rather weigh their needs/risks.

  If someone is at a high risk of targeted attack, they may save all of
their documents and email (unopened) to a USB or CD and read them only
on the air-gapped computer.  While that probably sounds like a big
hassle (and it is), for someone like Laura Poitras it's absolutely
necessary.  For a corporate whistleblower, they might use an air-gapped
computer to remove metadata before leaking to the New York Times or to
an ethical publication like The Guardian.  Someone working on a big
proposal in a highly-competitive field may produce it only on a
wifi-disabled Chromebook.  A diplomat might use one to produce official
correspondence.  A physician or pharmacist might be air-gapped to
protect patient privacy.

  As for PDFs: my running joke is to ask someone if they've seen my
paper on PDF malware... which doubles as a good example of PDF malware. 
Acrobat has javascript enabled by default, and it's surprisingly simple
to embed a metasploit payload into an otherwise-normal document.  From
there I can drop a light executable that is set to retrieve a larger
backdoor and install it.  At that point, I have control of your
computer, and can spread customized malware to your external media and
bluetooth drivers.  Or just retrieve data.  Or turn on your camera.

  This is not a hypothetical.  The realities of the marketplace are such
that one's attacker doesn't even need to be a programmer, because it's
cheap and easy to purchase customized "solutions" like this.  I have a
stalker who, in a different case, is accused of doing this.  And this is
happening *enough* that it seems like a good scenario to work from.

  Beyond the realities of activism and journalism and government spying
lies the fact that people do shitty things to each other.

  Everyone has a different risk profile, but if you want absolute
privacy you're gonna have to fight for it.  One can use TAILS/Whonix and
not have to worry as much about the intricacies of their threat model,
while still being well-protected.  That's why I recommend it.  But the
person asking for advice already rejected that suggestion.

all the best,
Griffin

(required disclaimer: these are obviously my opinions and not those of
my employer, funder, lover, or cat)

-- 
Be kind, for everyone you meet is fighting a hard battle.

PGP: 0xD9D4CADEE3B67E7AB2C05717E331FD29AE792C97
OTR: saint at jabber.ccc.de

More information about the liberationtech mailing list