[liberationtech] Ubuntu Privacy, malware, Laura Poitras, and cats

[Matt Johnson]

Griffin,

You described never attaching USB or an external drive and not copying
PDFs. Of course most other document types can include malware too.
What does that leave? Only plain text on a CD? That seems like a tough
life. Maybe it is necessary, but you really have to believe.

Maybe there are use cases where the hassle of an air gaped computer is
worth the considerable effort. The only person I know of who really
maintained an air gap was Osama Bin Laden; look how much good that did
him.

--
Matt Johnson

On Wed, Nov 6, 2013 at 5:50 PM, Griffin Boyce <griffin at cryptolab.net> wrote:
> Matt Johnson wrote:
>> Griffin suggested never connecting a USB stick, or external drive or
>> copying PDFs to the air gap computer. I have asked how that air-gapped
>> computer would be useful. Apparently the point is too subtle.
>
>   There are a few aspects to this that I'd like you to consider.
> Without knowing what the person intends to use it for, I tend to
> recommend on the far side of caution.  Malware that originates from
> shared offline media *far* predates the modern internet (and my
> existence, incidentally).  It's not that no one should ever connect a
> USB to an air-gapped computer, but rather weigh their needs/risks.
>
>   If someone is at a high risk of targeted attack, they may save all of
> their documents and email (unopened) to a USB or CD and read them only
> on the air-gapped computer.  While that probably sounds like a big
> hassle (and it is), for someone like Laura Poitras it's absolutely
> necessary.  For a corporate whistleblower, they might use an air-gapped
> computer to remove metadata before leaking to the New York Times or to
> an ethical publication like The Guardian.  Someone working on a big
> proposal in a highly-competitive field may produce it only on a
> wifi-disabled Chromebook.  A diplomat might use one to produce official
> correspondence.  A physician or pharmacist might be air-gapped to
> protect patient privacy.
>
>   As for PDFs: my running joke is to ask someone if they've seen my
> paper on PDF malware... which doubles as a good example of PDF malware.
> Acrobat has javascript enabled by default, and it's surprisingly simple
> to embed a metasploit payload into an otherwise-normal document.  From
> there I can drop a light executable that is set to retrieve a larger
> backdoor and install it.  At that point, I have control of your
> computer, and can spread customized malware to your external media and
> bluetooth drivers.  Or just retrieve data.  Or turn on your camera.
>
>   This is not a hypothetical.  The realities of the marketplace are such
> that one's attacker doesn't even need to be a programmer, because it's
> cheap and easy to purchase customized "solutions" like this.  I have a
> stalker who, in a different case, is accused of doing this.  And this is
> happening *enough* that it seems like a good scenario to work from.
>
>   Beyond the realities of activism and journalism and government spying
> lies the fact that people do shitty things to each other.
>
>   Everyone has a different risk profile, but if you want absolute
> privacy you're gonna have to fight for it.  One can use TAILS/Whonix and
> not have to worry as much about the intricacies of their threat model,
> while still being well-protected.  That's why I recommend it.  But the
> person asking for advice already rejected that suggestion.
>
> all the best,
> Griffin
>
> (required disclaimer: these are obviously my opinions and not those of
> my employer, funder, lover, or cat)
>
> --
> Be kind, for everyone you meet is fighting a hard battle.
>
> PGP: 0xD9D4CADEE3B67E7AB2C05717E331FD29AE792C97
> OTR: saint at jabber.ccc.de
>
> --
> Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.