Monday, June 17, 2013

If I Were Whistleblower Edward Snowden

The Art of Hiding and Being Undetectable

The world knows by now that Edward N. Snowden, the former private contractor for the National Security Agency who leaked revelations of massive US clandestine electronic surveillance and eavesdropping programs, is still at large in Hong Kong.

The global headlines continue to swivel on the case, questioning how the US and Hong Kong authorities work out extradition treaty on him, speculating whether the Chinese authorities might intervene, debating on whether he is hero or traitor, whistleblower or double agent, and whether he has more classified information, such as how Hong Kong and China targets were searched by the US eavesdropping organs. But the fact is Snowden, the spy who came in from the cold, remains a fugitive.

You might wonder how Snowden has managed to remain obscure both in the physical and cyber spheres. Hong Kong, a former British colony now a major global financial center and Special Administrative Region of China, is one of the most densely populated areas in the world with a population of over 7 million spread over 1,104 sq km across three main territories (Hong Kong Island, the Kowloon Peninsula and the New Territories).

But it is precisely for these reasons that Hong Kong may be the ideal place. One can be easily spotted or located or one could capitalize on the dense crowd and modern infrastructure to negotiate unnoticed in the physical, digital and cyber dimensions - and Snowden sure knows how to do that.

So let's entertain ourselves with this thought: what would you do if you were Snowden or if you, not the technological expert, simply need to hide and remain undetectable for a period of time?

Snowden would need a local contact cum sidekick. Chief among his concerns is a safe Internet connection that he could use without being traced by the NSA and the likes - note Snowden obviously did not use the hotel wifi or he would have been tracked down before he checked out last week.

With his face splashed across the front page of almost every newspaper on earth, Snowden does not have the luxury, unless disguised, of using an Internet café. Hence, he needs a portable encrypted router for the four laptops he brought along from his home in Hawaii. For costs and security reasons, he should opt for one subscribed locally rather in Hawaii. But subscribing for a local portable encrypted router means he needs to provide his personal identifiers, whether it is the usual 2-year contract or short-term account for tourists offered by some local phone and Internet service providers.

That is where his local contact comes in, who can subscribe or borrow one or more of such devices for him.

Using more than one such device interchangeably reduces the risks of being traced but not absolutely safe over a period of time since the IP addresses on these routers are not concealed. I wrote in an earlier column how using a Linux operating system like Tails would come handy.

One only needs to install a live CD to boot Tails, which would become the temporary operating system. The connection to the Internet would then be channeled to a network called Tor, a free open-source software designed to protect your online activities by bouncing your communications around a random distributed network of relays.

This way, it prevents anyone watching your Internet connection from finding out what sites you have visited and also prevents the sites you visited from knowing your actual physical location.

Snowden may know more sophisticated methods but Tails would work just fine for most people.

But taking measures on one end can protect you only thus far. The other parties that Snowden needs to contact would have to be advised on some measures to undertake, including the setup of multiple dummy email accounts. Each account is to be created using an IP address not to be traced to the individual, such as an Internet café free from registration of personal identifiers - or just register under another person, go figure out how - and security cameras or the use of Tor, and each to be used only once.

If need be, train your contacts on the use of word substitution to obfuscate the true meaning of your messages.

But how is a fugitive in hiding to let anyone know when to expect an email? Recall how Deep Throat informed Washington Post reporter Bob Woodward about secret meetings? One way to do so in this modern cyber age is to drop a codified message in a Reader's Comment page of some unrelated web site, such as those for various hobbies, sports, movie and book reviews, etc, which the contacts have previously been told to check regularly.

Snowden would also need to have multiple spare low-value SIM cards and old-fashioned cellular phones, with each card used once and discarded. If for any reasons a spare SIM card is to be reused, insert it into another phone.

When meeting someone covertly - recall Snowden met some reporters - make sure everyone had their SIM cards removed to prevent any electronic eavesdropping. And never meet the contacts in your hidden nest. The local contact can drive you, say in a van, to meet in a safe location.

There are many other things one can do, such as disguises but the above would be suffice to remain in contact with the outside world and yet safe from leaving any digital or cyber footprints. Oh one more thing, have loads of cash on hand and never use a credit card for the time being.

(Vanson Soo runs an independent business intelligence and commercial investigations practice specialized in the Greater China region. Blog: Another version of this runs in The Standard of Hong Kong)

No comments:

Post a Comment