The Intercept’s “Attention Federal Employees: If You See Something, Leak Something” with its’ ‘how to’ leak, provides potential leakers with some resoundingly bad advice:
“Begin by bringing your personal computer to a Wi-Fi network that isn’t associated with you or your employer, like one at a coffee shop. Download the Tor Browser. (Tor allows you to go online while concealing your IP address from the websites you visit.)
To point one “Begin by bringing your personal computer…” you should NEVER use your personal computer but should have a computer untraceable to you for the specific purpose of secure transfer of unauthorized information. A computer you’ve never used for anything else. A computer you’ve never so much as browsed or emailed from concerning anything else. A computer you’ve taped over the camera lens and disabled the microphone before you booted it for the first time. And then searched it for, and disabled, any GPS or geographic locator programs. A computer you’ve never so much as been online with except as an anonymous person sending off the leaked material away from your home and work (and away from anyone you know.) Why?
As a person with access to sensitive or classified information requiring a security clearance, you’re already a perceived threat and anything goes in the so-called national security state. Your personal computer could already have an undetectable ‘key log’ trojan together with a ‘call home’ (NSA) trigger if you were ever to visit certain sites (like The Intercept or a tor browser download.) DO NOT TRUST your personal device.
What I’m trying to tell the honest leaker reporting crimes and/or unconstitutional behaviors is, you have to beat what a veteran FBI agent had to say in “Spycraft for Hacks”
“[T]he Internet is a sieve, and a goldmine for lawful and unlawful penetration through technical means by law enforcement. Never use the Internet or email for any kind of contact with a source if your beat is national security because it creates too many electronic trails, all of which are traceable and usually recoverable by even the newest rookie FBI cyber-agent”
By using your garage sale or yard sale or used, bought for cash anywhere (or stolen but definitely not a good idea) no one knows to be associated with you laptop, together with creating a counterfeit email account (a random dead person’s details would do) only ever used with the leak computer, you may avoid many plausible and unknown dangers and a few known ones; for instance ‘tor’ having been developed by United States Naval Intelligence and continues to be funded by the USA’s Department of Defense. With taking the proper precautions, you don’t need ‘tor’ or ‘secure drop’ (secure? Belly laugh.)
The intercept goes on: “You can access our SecureDrop server by going to [http://y6xjgkgwj47us5ca.onion/] in the Tor Browser. This is a special kind of URL that only works in Tor. Do NOT type this URL into a non-Tor Browser. It won’t work — and it will leave a record.
Yeah, and using the Naval Intelligence developed ‘tor’ could ‘copy’ you straight to DoD and friends, recalling NSA is run by Department of Defense. Did you have tor when you visited the website to download it? No, or you wouldn’t have go there for the download. Bingo! The NSA has you ‘recorded’ downloading tor on your personal laptop. Dumb shit.
And this next, in the era of ‘warrantless’ searches, is beyond stupid:
“If that is too complicated, or you don’t wish to engage in back-and-forth communication with us, a perfectly good alternative is to simply send mail to P.O. Box 65679, Washington, D.C., 20035, or to The Intercept, 114 Fifth Avenue, 18th Floor, New York, New York, 10011. Drop it in a mailbox (do not send it from home, work or a post office) with no return address”
You just gave up not only your possibly traceable leaked information but as well a postmark, possible DNA and fingerprints to federal law enforcement. The postmark points to possible surveillance video capture, your DNA is in so much as an eyelash hair you missed and you had better have been perfect with not leaving so much as a single fingerprint, not only on the envelope but its’ contents. Who could reasonably expect material addressed to the Intercept would not be intercepted? A naif.
The ‘spycraft for hacks’ author comes up short on this point:
“Use the U.S. mail. Many journalists are unaware of the existence of mail covers, which are formal requests to the Postmaster that allow the postal service to record certain information — but only that information on the outside of the envelope. To get at its contents requires probable cause that evidence of a crime is contained within the envelope and a search warrant. Of course, “accidental” openings can and do occur. So be careful what you say in your letter”
It would be no ‘accident’ if the USA’s FISA court had issued a blanket warrantless (or secret ‘warranted’) search authorization for all of the mail coming to the organization publishing the Snowden NSA revelations. But the ‘spycraft’ article is dated May, 2013 and Snowden’s leaks were not revealed until June. FBI veteran David Gomez might wish he had the article back a mere month following Foreign Policy publishing his Spycraft for Hacks.
“Three people can keep a secret if two of them are dead” –Benjamin Franklin