Perhaps not every device, but maybe just one device you use for reading encrypted mail and the like. It could be a Raspberry Pi you carry in a knapsack, or something.
n > On Oct 7, 2013, at 12:14, yersinia <yersinia.spi...@gmail.com> wrote: > >> On Mon, Oct 7, 2013 at 5:16 PM, Eugen Leitl <eu...@leitl.org> wrote: >> >> http://www.wired.com/opinion/2013/10/149481/ >> >> Want to Evade NSA Spying? Don’t Connect to the Internet >> >> BY BRUCE SCHNEIER 10.07.13 6:30 AM >> >> Photo: Ariel Zambelich / WIRED; Illustration: Ross Patton / WIRED >> >> Since I started working with Snowden’s documents, I have been using a number >> of tools to try to stay secure from the NSA. The advice I shared included >> using Tor, preferring certain cryptography over others, and using >> public-domain encryption wherever possible. >> >> I also recommended using an air gap, which physically isolates a computer or >> local network of computers from the internet. (The name comes from the >> literal gap of air between the computer and the internet; the word predates >> wireless networks.) >> >> But this is more complicated than it sounds, and requires explanation. >> >> Since we know that computers connected to the internet are vulnerable to >> outside hacking, an air gap should protect against those attacks. There are a >> lot of systems that use — or should use — air gaps: classified military >> networks, nuclear power plant controls, medical equipment, avionics, and so >> on. >> >> Osama Bin Laden used one. I hope human rights organizations in repressive >> countries are doing the same. >> >> Air gaps might be conceptually simple, but they’re hard to maintain in >> practice. The truth is that nobody wants a computer that never receives files >> from the internet and never sends files out into the internet. What they want >> is a computer that’s not directly connected to the internet, albeit with some >> secure way of moving files on and off. >> >> But every time a file moves back or forth, there’s the potential for attack. >> >> And air gaps have been breached. Stuxnet was a U.S. and Israeli >> military-grade piece of malware that attacked the Natanz nuclear plant in >> Iran. It successfully jumped the air gap and penetrated the Natanz network. >> Another piece of malware named agent.btz, probably Chinese in origin, >> successfully jumped the air gap protecting U.S. military networks. >> >> These attacks work by exploiting security vulnerabilities in the removable >> media used to transfer files on and off the air gapped computers. >> >> Bruce Schneier is a security technologist and author. His latest book is >> Liars and Outliers: Enabling the Trust Society Needs to Survive. >> >> Since working with Snowden’s NSA files, I have tried to maintain a single >> air-gapped computer. It turned out to be harder than I expected, and I have >> ten rules for anyone trying to do the same: >> >> 1. When you set up your computer, connect it to the internet as little as >> possible. It’s impossible to completely avoid connecting the computer to the >> internet, but try to configure it all at once and as anonymously as possible. >> I purchased my computer off-the-shelf in a big box store, then went to a >> friend’s network and downloaded everything I needed in a single session. (The >> ultra-paranoid way to do this is to buy two identical computers, configure >> one using the above method, upload the results to a cloud-based anti-virus >> checker, and transfer the results of that to the air gap machine using a >> one-way process.) >> >> 2. Install the minimum software set you need to do your job, and disable all >> operating system services that you won’t need. The less software you install, >> the less an attacker has available to exploit. I downloaded and installed >> OpenOffice, a PDF reader, a text editor, TrueCrypt, and BleachBit. That’s >> all. (No, I don’t have any inside knowledge about TrueCrypt, and there’s a >> lot about it that makes me suspicious. But for Windows full-disk encryption >> it’s that, Microsoft’s BitLocker, or Symantec’s PGPDisk — and I am more >> worried about large U.S. corporations being pressured by the NSA than I am >> about TrueCrypt.) >> >> 3. Once you have your computer configured, never directly connect it to the >> internet again. Consider physically disabling the wireless capability, so it >> doesn’t get turned on by accident. >> >> 4. If you need to install new software, download it anonymously from a random >> network, put it on some removable media, and then manually transfer it to the >> air gapped computer. This is by no means perfect, but it’s an attempt to make >> it harder for the attacker to target your computer. >> >> 5. Turn off all auto-run features. This should be standard practice for all >> the computers you own, but it’s especially important for an air-gapped >> computer. Agent.btz used autorun to infect U.S. military computers. >> >> 6. Minimize the amount of executable code you move onto the air-gapped >> computer. Text files are best. Microsoft Office files and PDFs are more >> dangerous, since they might have embedded macros. Turn off all macro >> capabilities you can on the air-gapped computer. Don’t worry too much about >> patching your system; in general, the risk of the executable code is worse >> than the risk of not having your patches up to date. You’re not on the >> internet, after all. >> >> 7. Only use trusted media to move files on and off air-gapped computers. A >> USB stick you purchase from a store is safer than one given to you by someone >> you don’t know — or one you find in a parking lot. >> >> 8. For file transfer, a writable optical disk (CD or DVD) is safer than a USB >> stick. Malware can silently write data to a USB stick, but it can’t spin the >> CD-R up to 1000 rpm without your noticing. This means that the malware can >> only write to the disk when you write to the disk. You can also verify how >> much data has been written to the CD by physically checking the back of it. >> If you’ve only written one file, but it looks like three-quarters of the CD >> was burned, you have a problem. Note: the first company to market a USB stick >> with a light that indicates a write operation — not read or write; I’ve got >> one of those — wins a prize. >> >> 9. When moving files on and off your air-gapped computer, use the absolute >> smallest storage device you can. And fill up the entire device with random >> files. If an air-gapped computer is compromised, the malware is going to try >> to sneak data off it using that media. While malware can easily hide stolen >> files from you, it can’t break the laws of physics. So if you use a tiny >> transfer device, it can only steal a very small amount of data at a time. If >> you use a large device, it can take that much more. Business-card-sized >> mini-CDs can have capacity as low as 30 MB. I still see 1-GB USB sticks for >> sale. >> >> 10. Consider encrypting everything you move on and off the air-gapped >> computer. Sometimes you’ll be moving public files and it won’t matter, but >> sometimes you won’t be, and it will. And if you’re using optical media, those >> disks will be impossible to erase. Strong encryption solves these problems. >> And don’t forget to encrypt the computer as well; whole-disk encryption is >> the best. >> >> One thing I didn’t do, although it’s worth considering, is use a stateless >> operating system like Tails. You can configure Tails with a persistent volume >> to save your data, but no operating system changes are ever saved. Booting >> Tails from a read-only DVD — you can keep your data on an encrypted USB stick >> — is even more secure. Of course, this is not foolproof, but it greatly >> reduces the potential avenues for attack. >> >> Yes, all this is advice for the paranoid. And it’s probably impossible to >> enforce for any network more complicated than a single computer with a single >> user. But if you’re thinking about setting up an air-gapped computer, you >> already believe that some very powerful attackers are after you personally. >> If you’re going to use an air gap, use it properly. >> >> Of course you can take things further. I have met people who have physically >> removed the camera, microphone, and wireless capability altogether. But >> that’s too much paranoia for me right now. > > I like Bruce much, i have read all of him, every book, mostly article, from > years. But no normal person would follow these advice, all smartphones should > be turned off, each tablet, and every pc should be turned in a anonyomous > client of an anonymous network. Sure, who believe in the paranoia model > definitely find comfort in these indications, for example i am one. But those > who follow this model, really, are following it also not in only the > cyberspace, but also in the real life, every day ? Really? Internet is > perhaps evil but perhaps also our world is not so a sane and secure place, > sometime (or every time, depend). > > Best
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
