ASK HN: How to set up a network for getting secret info out of [country X]?
after a quick phone call, i might have some requirements, in order of trickiness
1. someone has some footage on their camera phone they want to get out of the country without being traced, as a one-off. This person isn't very familiar with the publisher, perhaps has only heard of it.
2. a network of correspondents in 2-way communication with the publisher
3. a network of correspondents with peer-to-peer communication
Say that in this country the ISPs are so compromised that requests to unusual URIs would be flagged, tracked and located. Ideally the any computers involved should have as little incriminating information on them as possible, and knowledge of the networks existence and methodology should not cause it to be compromised.
I have a couple of ideas, but I'm wondering what HN can come up with
8 comments
[ 4.1 ms ] story [ 31.5 ms ] threadA better solution is to just use external USB hard drives with Truecrypt and ferry them around via a network or human couriers or through the mail. Truecrypt lets you install a hidden volume on the hard drives so that if the drives are ever captured you have some plausible deniability about what is really on them.
1. First you have to trust the machine in the internet cafe. It might have viruses or keyloggers. You can maybe get around this by using your own laptop, but not allowed in most places.
2. Next you have to trust the network. It could be monitored or logged. You could be vulnerable to MITM attacks or DNS poisoning. SSL is not guaranteed to get you any real protection in this situation.
3. So you have a compromised network - you can get around this by just PGP encrypting whatever you want to send to the receiver (assuming you and your receiver have done some kind of sane, out-of-band key exchange), or using steganography tools to hide your video inside some other file, but..
4. Now you are uploading large encrypted files to 'innocently used domains' (whatever that means) from an internet cafe. And walking around with a laptop with either keypairs or steganography software on it.. That's suspicious.
It's just far easier to use an external drive with TrueCrypt on it to send your sensitive information. You can have a hidden volume containing your really sensitive data, and a main volume where you can store some files that are plausibly sensitive enough to warrant TrueCrypt protection, e.g. a porn stash or some confidential business data.