Breaking and Entering in the Age of Encryption

CIA copy.png

This post was originally planned to be a basic user guide to encryption and how to build and run a TOR router at your home. However, on 7 March 2017, Wikileaks published the “Vault 7” documents as part of their “zero days” campaign - where it alleges the CIA has the capability and intention for massive hacking of encrypted consumer and international data and messages. The manner in which these documents are reported are intended to create a fuzzy cloud to many who do not adequately understand these systems. I am by no means an expert, this also allows me to speak in more plain terms help you understand why this is, indeed, news - and the implications this has to our society.

One part legalese, two parts coding - 100% power. It’s difficult to comprehend just how vast the information available to us is. Many have heard it, only 4% of the total information of the internet is index for anyone to search. True - but why is that?

The Allegory of the Town

Imagine the entire internet is your town or city. You live in a home that you own or rent - this is your computer or devices. Regardless of that status, everyone has certain rights for those spaces. You have a key for your home, one which you may keep for yourself or offer (or refuse) to anyone who asks for it - this is encryption. Similarly, other homes and warehouses in your town have the same capabilities. When an officer or law enforcement agent arrives at your doorstep, they are not allowed to enter without your permission or a warrant granted by a court - this is a subpoena for information. If neither is obtained, you have certain rights - and any information obtained while unlawful entry is not usable by law- this unlawful entry is hacking.

Simple enough, right?

Let’s take this further now. When you leave your home and go into town, you take certain risks. Imagine the entire town writes town everywhere you go, share or sell the information with each other and so on. If you are travelling to town to go to the bank, or shop, or read a newspaper - this works just fine for you. However, you open yourself to attack or for other townspeople to steal from you - or worse steal the data collected on you from others. On the opposite end of the spectrum, if you try to steal from someone else, everyone will be documenting your whereabouts.

Now imagine instead, you created a tunnel, which allowed you to travel from one house to another without being exposed - this is a VPN (an encrypted tunnel that allows you to get to wherever you need, protected).

Or instead, you had a mask that no one in town could recognize who you are - this is TOR (scrambling your IP to not show who you are).

Hacking

When someone hacks a server, it is legally the same as breaking and entering. If a government hacks a private encrypted server/device without a warrant - the information obtained cannot be legally used. However, if the government can find an open door in your system in the same way an officer may find an open door at your home - they are free to walk in as they please and all bets are off.

However, what if the government isn’t honest about its method of entry... What if they broke your door down? What if they tricked you into opening the door for them by not telling you they are law enforcement? What if they are the ones wearing a mask?

Most importantly, what this shows us is just how strong (or weak) the locks we use... Just how strong are the walls and masks if the government can break them easily? How does this keep us safe from those who want to break them for even more nefarious purposes?

Hacking into a network isn’t hard, but the barrier does and must continue to exist.

It’s not paranoid to lock your door when you leave your home, it’s common sense. Encryption is no different.

The demystification and working process is necessary to see that. We currently use language and you can read this article because we have a recognized and agreed upon set of rules to communicate in the ideas that you want. Mathematics is the same except in numerical terms. Every so often language and mathematics go through radical change. New ideas can hijack language, shift the meaning of words and even change grammatical rules - or a new theorem changing how we view calculations as a whole.

Just the same way, coding is a language agreed upon universally. Like a nation of immigrants to a strange new land, most of us stare out eyes glazed-over and mouths agape at the mere mention of code. It’s simple, remarkably simple - but the baby steps are necessary to shine a light through the world. Instead of listening, most choose to not look into the world, look away and continue their lives in this capacity. And just the same way, others can hijack for their own means.

Need for education and law

raspberrypi.jpg

Aside from the usefulness of learning a language to communicate, it is the language itself that allows you to understand why this is all incredibly necessary. The magnitude of power is impressive here, and by educating yourself, you will better understand these systems - what steps you need to take to protect yourself and what your rights are.

Code isn’t difficult. But by mystifying it and not discussing it, we have no idea how to keep people, institutions, and governments to account. Furthermore, if our population does not understand this world - how can we ever recognize the injustices that happen.

What can you do?

Find out more about coding and understand how systems operate.

Encrypt everything. It’s not paranoid to lock your door when you leave your home, it’s common sense. Encryption is no different. Don’t leave a door open for others to access and steal your stuff. Just the same, don’t allow any law enforcement to access this information without the proper legal steps.

Use encrypted mobile messaging services such as Wickr or Signal. Password protect all your devices with 8+ character alphanumeric passwords. Ensure two step verification for online accounts and most of all, never keep your signals open!

TOR, VPN, and other tools

TOR Network Setup

Most of these are easy to do. There are many VPN services online set to the consumer market. Most are only a few dollars a month and block ads, offer advanced security against malware, and most importantly do not store any of your data. IPVanish is among the best out there.

If you want more, you can download TOR Browser from torproject.org. This sends your signal through 3 layers of encryption before arriving to the website. This essentially make you anonymous while browsing the internet (however, if you login to any account while there - people can find you all the same!) Therefore, your traffic will not be tracked.

If you want even more anonymity you can get this:

Abbildung-2_lightbox.png

A Raspberry Pi easily hooks up to any modem and connects you to the TOR network. Any traffic that network will be anonymized. With about $50 in parts, and an hour or two - you can get this up and running in your own home. Guides are available on Makezine and YouTube.