Compartments

>May 16, 2014

The Internet is forever. Storage is cheap, and as it stands today, you can easily read archived posts written over thirty years ago. Most everything is searchable, too. As well as that, it’s in the best interest of service providers to store personally identifying information on their users, which is done to better serve advertisements that increase revenue for both the advertising company and the service provider.

I divide my online life into compartments. Some of those compartments have been contaminated, this one perhaps most of all, but others remain clean. Certainly by mentioning my compartments, I’ve indirectly compromised them all, but I’m willing to accept the possibility of that total compromise due to my security and the deniability inherent in not elaborating upon those compartments beyond their existence; in this regard, I’m complacent, even if that’s perhaps the first mistake made on the road to failure. Every puzzle piece helps an adversary to understand the whole, but no single compartment scales against every type of adversary — given enough time, everything cracks.

Typically, if a compartment becomes contaminated, the best course of action is to burn it, but this compartment, however, has intermingled with my offline life to a point that I’ve embraced CHKilroy as my primary pseudonym. This compartment has been compromised for years and only becomes more compromised with every post I make, tweet I send, photograph and video I upload, purchase I make on a digital service tied to this alias, person I give my cellphone number to and contract I sign with people who know me by this name. I never started this compartment with intentions to remain as anonymous as possible, and I certainly don’t give some types of informational freely, so I don’t worry too much about people knowing the person behind the pseudonym. If you start something and only attempt to compartmentalize it later, your compartmentalization will be unsuccessful.

Even if you don’t have any personal information, it’s actually pretty simple to comparatively connect identities through a large enough sampling of their writing style. Sentence and paragraph length, vocabulary, spelling, grammar, capitalization, the use of punctuation, numbers, contractions, slang and idioms — all of those are examples of stylometric identifiers that can compromise personal and operational security. A simple trick that can interfere with stylometric inspection is translating your writing multiple times through different languages, which introduces idiomatic changes and possible word choices you may not naturally use; if you want, you can also correct the output for clarity, but keep in mind, it’s fairly insecure to give your original writing to an online translation service you don’t control, across a network you don’t control either.

There are also stylometric programs available for download online, if you wish to trust them. You could always use the downloaded program from an offline system so that it can’t possibly phone home, but by introducing files from an open system to a closed system, you connect and compromise the security of that previously unconnected system. Perhaps your best option in this case is placing the program onto a USB drive connected to a trusted operating system running off of a bootable, non-rewritable compact disc, in a computer physically missing its storage drives and hopefully without outside interference such as a hardware keylogger between the computer and its keyboard. Moving offline files online can be safe if you pay attention to the personally identifying metadata present in those files, but moving online files offline compromises an offline system.

As for going online, there are solutions that make it more difficult and time consuming for an adversary to discern your true identity, but you’re never safe on someone else’s terrain. One example of how to get online somewhat anonymously is similar to the above: Use a specialized computer on a connection different from your own. I would recommend looking for open wireless connections in residential neighborhoods where you do not live, or accessing the Internet from pre-paid aircards and data plans acquired as anonymously as possible, but you should not access the Internet from your home or anywhere else you frequent. When using an aircard, make sure it’s only ever powered on at the location you’re accessing the Internet from, and make certain that it’s powered off before returning to your life. Hopefully all that’s required is unplugging the aircard from your laptop’s USB port, but it would be a good habit to remove the SIM card too, so that it requires multiple conscious steps for you to take before connecting to the Internet.

Before you leave your normal life’s routine to access the Internet, before you even think about picking up your laptop, if you have a cell phone or another cellular device, do not bring it with you, and do not turn it off while you’re away. Maintain as much deniability as possible by limiting the number of detectable deviations from your normal life. Unfortunately, as time goes on, actually moving to where you intend to access the Internet will get harder due to the direction society and its control systems are headed. I would not use your car for transportation; the prevalence of automatic license plate recognition systems is growing, and data storage is only getting cheaper. That said, facial recognition systems are also growing in number, but they’re less reliable than their license plate counterparts. There are also some places where you can acquire masks that look fairly realistic before close inspection, and by wearing a pair of glasses during the day, you can reasonably obscure the fact that your eyes look weird in that mask.

Once you’re at the location where you intend to access the Internet, turn everything on and access the Internet solely through systems that obscure you as much as possible, which you should hopefully already have. Tor is commonly used for this, as it connects you to your target through a number of machines across the globe, obscuring your true origin. Tor isn’t the only solution, but it’s the one with the most users to hide behind, and more importantly, the one that has had the most publicly available research into its security. Tor, however, does not hide your location from the server that immediately connects you to the network, so that server will know where you are, and there’s certainly a chance that every server on the Tor network is compromised. Hopefully, if every server on the network is compromised, they’re compromised by different adversaries who are both unfriendly to one another and not your intended target. The owner of the connection you’re accessing Tor from, the ISP or cellular data provider, will also know you’re connecting to Tor, but hopefully they will only know your location, not who you are. There are many more steps you could take, but I have no intentions of making this a guide — if all you do is follow guides, especially ones sourced from the Internet, your tradecraft is insecure.

Once you’ve completed your business, whatever that may be, calmly return to your life as if it were just another day, nothing special, and remember that all your precautions were for nothing if you boast to others about whatever it is you did. Do not use that contact location again, either. Compartmentalize, blend in, take your time, do not betray your intentions by signaling your advance, assume nothing, change things up, act only when you’re certain of success, and abort at the first sign suggesting possible failure.