Information Is Power And Information Security Is Paramount
In the modern age of political activism, there is no more important concern than securing of electronic information. I speak from experience, as a lax attitude towards security brought me to the brink of financial ruin and significantly impacted my activism, when hackers were able to infest my cell phone, which led to my computers, tablets, and even Roku and DVR being infested with malware that was able to propagate itself – without internet connection. Clean one device, it was dumped back into it by another. The ability to divert phone calls and emails and prevent my ability to communicate with the outside world ruined my business and severely curtailed my political activities, and culminated last October with a situation where I was involved in a motorcycle accident, and could not even dial 911 from multiple cell phones on my person.
Forensic investigation showed that the malware was installed just days after a rival resigned from the Libertarian Party, and it was 8 months later until we became aware of it. Looking back, there were numerous instances where opposition seemed to know our next moves, and successfully outflanked us. The effect of the Allies breaking the Enigma codes in World War 2 is well documented. The interception of enemy communications has always been a fundamental intelligence goal in any war, from the days when scouts carried battle plans on horseback to the modern days of satellites and encrypted email. I have often said that politics is war, and to know the enemy’s next move is the greatest advantage one can gain on the battlefield.
In years past a hacker had to be a fairly sophisticated individual. Today, the bulk of hacking only requires fairly rudimentary computer knowledge. Hacking tools such as Kali Linux are readily available and free, and the tools contained within are sufficient to penetrate nearly anyone not making a concerted effort to avoid them. The individual employing the tools to hack no longer has to write the scripts and create the programs; they are already made, cheap or free.
Imagine the first few decades that firearms were deployed on the battlefield, and how unprepared you would be to attempt a war with sword and bow on a foe armed with the musket if you had no understanding of these new weapons. This is what the modern information warrior is doing in many cases. Whether you blog, podcast, or are attempting to take a role in a political party or run for office, you must undertake a study of electronic warfare. No longer is skill with the martial arts, the rifle, the blade, and the pistol enough to consider yourself a modern warrior. You must add an understanding of the electronic means of war and intelligence to your skill set or you will be unprepared and vulnerable.
This is a very basic primer. You will need extensive study to become competent. Here are a few things to begin your journey to electronic security.
1) Physical Security of Devices
Do not ever leave your devices unattended, especially in public areas. The easiest means to gain access to your device is to plug a cable into your phone or a USB stick into your computer and dump malware into it. If you must leave your laptop out at a convention, public event, etc., to go to the bathroom for example, or to go speak on stage, leave a trusted individual who understands this concept to guard it. The same goes for a charging cell phone. Laptops, cell phones, and tablets all have WiFi and Bluetooth, so they can all infect each other once one device is compromised, and do not need an active internet or cellular connection to do so.
2) Unsecured WiFi and public networks
While there is an element of anonymity using such networks when traveling, think of them like a random hookup on the road, you do not know where they have been or who frequents them. While slightly less risky as far as political enemies may go, the risk of credit card fraud and other information breaches is very high. Avoid logging in to any sensitive accounts on such networks.
3) Operating System
Traditional advice is that OSX/Mac is safer than Windows, which is true for the sort of annoying run-of-the-mill viruses people get surfing porn sites and such. For our purposes, OSX/Mac is equally as terrible a choice as Windows. You want to be using a non-contract Android phone and a Linux or Unix based operating system like Ubuntu, FreeBSD, or Debian. Windows is extremely non-secure, and there are an endless amount of exploits. I personally believe the government keeps it popular for that reason.
OSX/Mac is essentially a Linux/Unix knock-off that does not allow the user control, and they rape the consumer by staying outside the open source licensing system and charging for all manner of things. With Linux/Unix-based OS’s, the resource use is generally lower so there is more performance with the same hardware, and you have the terminal to issue direct commands. Software is free, so you can wipe and reinstall without spending any money.
If you have software that requires windows, you can run windows in a virtual machine within Linux. I use Oracle’s VirtualBox, which is free, and a virtual machine is likely the closest to being a slightly safe platform you can run Windows on, and you can shut it off as soon as you are done with it.
The reason I suggest a non-contract Android cell is that you can get them dirt cheap and throw them away if infected. Swap the Sim card and the new one is instantly working. I can get a decent 4G Android for $25 and be back in business instantly. A compromised $400 I-Phone tends to get carried around and used anyways, infecting more of your compatriots. Max’s dad bought him an I-Phone, and within 3 minutes of being in the house it was compromised. You cannot access the phone to clean it out, as “i”- anything is designed to force you to take it in for expensive repairs with proprietary equipment. You cannot even remove the battery to render it safe, so his ended up wrapped in lead inside an ammo can.
As a side note I had a Chromebook that was still able to go online, even when all the other computers could not. It is not a full-featured computer, but for basic communications it is far better than anything Windows or Mac based. Brandi doesn’t do all the podcasting, video editing and DVD burning that I do. I do feel that it was compromised as far as their ability to intercept communications and download locally stored files, but I must note it would go online when nothing else would at the height of the attacks.
There are new options like SubGraph OS, Qubes, and others. Parrot is another newer OS with penetration testing ability. Most are Linux/Unix based and designed for security. You can boot these off of USB sticks in some cases, and some have persistence, meaning they will store files and settings over subsequent re-boots. I would suggest you familiarize yourself with a basic Linux/Unix distro like Ubuntu, FreeBSD, or Debian, and branch out into these. The Linux bootloader, known as “Grub”, will support having multiple options on the same computer, and you can chose one at boot time. I absolutely love Ubuntu Studio, and would suggest 16.04, the long term support edition. I record and edit music and video, podcast, do slideshows and graphic arts and much more with it. I have replaced over $1000 in Windows Software for free, and prefer many of the tools.
4) Penetration Testing
You must ultimately recruit or task someone to learn penetration testing if you have an organization of any importance. If you succeed in making a difference you will be attacked. One weak link and you will all be vulnerable, so somebody must make regular attempts to hack your team, in order to find and fix weaknesses or keep careless team members on their toes. This individual will also form the offensive security team and perhaps find vulnerable individuals among the opposition, and provide you with valuable intelligence on your opposition, perhaps eventually heading a team. Kali Linux is free to download and there is training available on their site.
The TOR Project is designed to allow whistle blowers, activists in danger zones, and those facing intrusive surveillance to use the web anonymously and bypass restrictions by countries that censor the internet. There are browsers and various chat and email programs that take advantage of the technology. It is a good idea to take advantage of TOR, and use it whenever possible.
6) VPN’s and Firewalls
Virtual Private Networks, or VPN’s, are another tool that can help hide your IP address and encrypt your traffic. Improperly set up they can actually reduce your security, so make sure you know what you are doing or seek competent help. A firewall can also help prevent intrusion, although it is by no means a cure-all. Consider these extra tools to increase your security and make it a little more difficult on the enemy.
Remember it only takes being careless once. Computer and other electronic security is as important as firearm security as far as the ramifications of being lax go. Catastrophic failure awaits those who are flippant in regard to this issue. The weapon of the future is information.