Search Mailing List Archives
[liberationtech] Ubuntu Privacy, malware, Laura Poitras, and cats
griffin at cryptolab.net
Wed Nov 6 17:50:26 PST 2013
Matt Johnson wrote:
> Griffin suggested never connecting a USB stick, or external drive or
> copying PDFs to the air gap computer. I have asked how that air-gapped
> computer would be useful. Apparently the point is too subtle.
There are a few aspects to this that I'd like you to consider.
Without knowing what the person intends to use it for, I tend to
recommend on the far side of caution. Malware that originates from
shared offline media *far* predates the modern internet (and my
existence, incidentally). It's not that no one should ever connect a
USB to an air-gapped computer, but rather weigh their needs/risks.
If someone is at a high risk of targeted attack, they may save all of
their documents and email (unopened) to a USB or CD and read them only
on the air-gapped computer. While that probably sounds like a big
hassle (and it is), for someone like Laura Poitras it's absolutely
necessary. For a corporate whistleblower, they might use an air-gapped
computer to remove metadata before leaking to the New York Times or to
an ethical publication like The Guardian. Someone working on a big
proposal in a highly-competitive field may produce it only on a
wifi-disabled Chromebook. A diplomat might use one to produce official
correspondence. A physician or pharmacist might be air-gapped to
protect patient privacy.
As for PDFs: my running joke is to ask someone if they've seen my
paper on PDF malware... which doubles as a good example of PDF malware.
to embed a metasploit payload into an otherwise-normal document. From
there I can drop a light executable that is set to retrieve a larger
backdoor and install it. At that point, I have control of your
computer, and can spread customized malware to your external media and
bluetooth drivers. Or just retrieve data. Or turn on your camera.
This is not a hypothetical. The realities of the marketplace are such
that one's attacker doesn't even need to be a programmer, because it's
cheap and easy to purchase customized "solutions" like this. I have a
stalker who, in a different case, is accused of doing this. And this is
happening *enough* that it seems like a good scenario to work from.
Beyond the realities of activism and journalism and government spying
lies the fact that people do shitty things to each other.
Everyone has a different risk profile, but if you want absolute
privacy you're gonna have to fight for it. One can use TAILS/Whonix and
not have to worry as much about the intricacies of their threat model,
while still being well-protected. That's why I recommend it. But the
person asking for advice already rejected that suggestion.
all the best,
(required disclaimer: these are obviously my opinions and not those of
my employer, funder, lover, or cat)
Be kind, for everyone you meet is fighting a hard battle.
OTR: saint at jabber.ccc.de
More information about the liberationtech