Fri. Dec 13th, 2019

Information Security

This will be a brochure in the coming days, so make adjustments, comments and constructive criticism.

Today I will publish general safety principles, tomorrow I will have a text describing specific programs and tools.

For whom is information security important?

Information security is important for everyone. If you are not an activist, holes in your protection can damage your reputation or finances, they can ruin your relationship with friends or upset your privacy.

Your social media accounts may be used by scammers to extort money from your friends and family, and your bank accounts may fall into the wrong hands. And a banal, harmless spamming on your account will damage your reputation.

Even for a person who is not engaged in protest activity, the lack of basic ideas about information hygiene is unforgivable. You don’t need to be a surgeon to wash your hands before eating.

But if you are a political activist, negligent security can be a threat to your life and freedom, as well as that of your comrades. Neo-Nazi cops, intelligence agencies or ill-wishers can all use the contents of your mailbox or social network account in their own way.

Weak system protection can lead not only to information leakage, but also to the fact that you will be “planted” files containing prohibited information or fake the history of activity on the Internet. Remember that information can be a reason for arrest and criminal prosecution – it is even easier to plant a pornography or “extremist call” file than drugs or weapons.

The human factor

The weakest part of any system is a human being. You can scare a person, you can recruit him or her, you can outsmart him or her.

If you have a conscious “rat” in your social circle or mailing list, no conspiracy will protect you from it. Therefore, do not speak too much and, importantly, do not seek to learn too much. No one can fully vouch for his silence, so sometimes it is better not to know than to give it away.

Remember that a fool is sometimes worse than a traitor. If information is passed on to many people, its secrecy will depend on the level of protection of the most vulnerable element. One person without an antivirus, with a weak password or with a long tongue can substitute dozens of people.

Train yourself and your comrades to make remarks to each other for violation of security culture – mistakes make everyone and it is not a shame, it is really shameful not to work on mistakes and not to try to prevent them.

Don’t brag without the need for the Internet or personal conversations. A beautiful photo with a Molotov cocktail (even a staged photo) can become evidence in court.

Technical factor

The hardest thing to intercept is what was said in a quiet, one-on-one voice. If you don’t want to use the Internet and your phone when discussing important issues, don’t use them.

If you are using text communication, be sure you are actually talking to your conversation partner and have a few test questions ready.

Public places and data interception

If a user forgets to log out of his or her account at work/university/internet cafe/visitor, there is a chance that his or her hostile colleagues will take advantage of it. The chance to be “hacked” in this way is greater than it may seem.

This is especially true for civil servants and students, but there may also be rats in the office, especially if you are involved in trade union activism and enter into conflicts in the workplace.

Train yourself to use anonymous browser mode on other people’s computers (e.g. Chrome and Firefox), so that all your information will be removed from the computer after you finish your work. If you’re likely to lose your laptop or home computer, use this mode there too, it’s better to enter your password again than to give it to the police.

There is a small possibility that on public computers in Internet cafes there may be programs “keyloggers” recording all entered information, including passwords. So don’t trust them with critical information, change passwords as soon as you get to a secure computer.

Be cautious with public wife-fighting, especially during mass protests, when police and special services actively track down unwanted people. Remember that any unencrypted data can be easily intercepted. Use WPA2 encryption with a complex password [on passwords below]* on your home network.

The point of this is not so much to protect against neighbors stealing traffic as to protect against data interception. If you deserve the personal attention of the intelligence services, then reading your Wi-Fi point signal is a very real scenario.

Post Office

E-mail protection should be one of the top priorities. At registration on sites you specify the post address so the burglar, having received access to it, automatically gets access not only to your correspondence, but also to your pages in social networks, sites, and in the most started cases – electronic purses.

How do I protect myself from mail hacking?

  • Do not put all your eggs in one basket. Create separate mailboxes for social networking, separate ones for all questionable forums, separate ones for correspondence with people, separate ones for mailing lists. Divide policy, work and privacy. If possible, delete emails after reading, which will upset the virtual archaeologists of the future, but may save your reputation or freedom.
  • Use secure passwords [about passwords – below]*. Remember that the “secret question” is still the same password, it should not be guessed or picked up by brute force (your mother’s maiden name can be found in old phone books, your passport number can be found during the search, and the name of the first pet can be found while browsing through photos in contact, be unpredictable).
  • Do not open letters of dubious content, do not run programs from applications to the letter, do not download and do not open files if you are not 100% sure about their purpose. Do not believe messages that ask you to re-enter your password.
  • Use secure email services. Gmail isn’t perfect, but it’s perfect for work, harmless personal communication, and political issues that aren’t against the letter of the law. For more risky tasks, use activist services. Forget about domestic providers, getting your personal information from them is easier than from foreign providers. If possible, use two-step authentication with the use of SMS, but use a separate sim card for this purpose, do not use it for calls.

Social networks

As a rule, social networks are hacked after the mail. But sometimes there are exceptions. Facebook, Twitter, and Facebook all contain the ability to connect applications, sometimes behind these applications are spammers or hackers.

Most of the hacking on social networks is not related to intelligence or enemy intrigues, it’s pure commerce, victims’ accounts are used to send obsessive advertisements.

But think about it – if you can be fooled by a brainless robot, a specially trained person has a much better chance.

  • Never post on social networks what you would not like to say loudly and publicly in the presence of a policeman. Privacy and “just for friends” in social networks are not protection, remember that protection of the system is equal to protection of its weakest link. Even if you only have 12 friends, there may be one among them who will cause a leak.
  • Don’t abuse social networking games, don’t open apps that you don’t know their purpose, never enter your password in apps.
  • Be careful about clicking on the links you receive in private messages. If the link leads to an unfamiliar site and is not accompanied by an explanatory message, or is accompanied by something inaudible, ignore it or ask the other person what they mean. Make sure you talk to the real person and only then follow the link. If you are asked to enter a password while clicking on the link, it’s most likely a hacking attempt.
  • Take care of your mail related to the social network. Ideally, no one should know your email address linked to your account.
  • Remember, passwords should be complex and unpredictable.
  • In case the social network asks for phone activation, agree, but do not use your primary number.

Mobile devices

As a rule, many modern mobile devices are always connected to social networks and mail. Thus, if your mobile phone is “squeezed out”, neither complex passwords nor multistep authorization can help you.

Screen lock and protection against theft can protect your information from a dull gopher, but not from the police and especially not from the intelligence services.

You can give some advice:

  • Phones are easily tapped and readable. Don’t trust the phone connection with anything really important.
  • Do not use smartphones where they are not needed. Get a simple phone that supports a long-term charge and go promotions with it.
  • If it is important for you to write to social networks all the time, take pictures, etc. – Make sure that your smartphone does not automatically access private information from your smartphone by capturing its cops should not know more than is already written on your blog/social media page.
  • Do not use unnecessary applications. The less programs you have, the better. Where spam and intrusive advertising leaks out, something more serious can also leak out.
  • Turn off geolocation, it not only lowers the battery, but also makes it easier for you to track down. However, even with the geolocation turned off, you can easily be tracked with the help of a mobile operator, so if you want to be unnoticed, just turn off your phone.
  • Think of a way to quickly destroy information on your smartphone. Sometimes it is better to smash your phone against a rock than to let a friend you photographed take a picture of in a confrontation with the police sit down. But if you have a few minutes – it is possible to reset the device to the factory settings with simultaneous deletion of all information – do not hesitate to read the instructions to your gadgets.
  • When you break the phone, take care of the fate of the memory card.
  • Remember that you can be identified not only by your phone number, but also by your unique IMEI phone number. If you have used the same sim card with two phones, both phones can be identified with you if you wish. The same thing – if you have inserted two SIM cards into one phone. When conspiracy is necessary (for example, it is necessary to hide the location in a certain place) it is necessary to create a separate phone for a separate simcard, and in any case not to move them. At the same time, your “activist” phone should not be switched on if it is near the ordinary one.

Viruses, Trojans, keyloggers

A virus is an automatically multiplying computer program that can perform malicious actions or control your computer. A Trojan is a virus that is disguised as something useful. Keylogger – A program that records keystrokes in a system can be a Trojan.