Slashdot Mirror

← Back to Stories (view on slashdot.org)

Snowden Used the Linux Distro Designed For Internet Anonymity

Posted by Soulskill on from the NSA-can't-make-heads-or-something-of-it dept.

Hugh Pickens DOT Com writes: "When Edward Snowden first emailed Glenn Greenwald, he insisted on using email encryption software called PGP for all communications. Now Klint Finley reports that Snowden also used The Amnesic Incognito Live System (Tails) to keep his communications out of the NSA's prying eyes. Tails is a kind of computer-in-a-box using a version of the Linux operating system optimized for anonymity that you install on a DVD or USB drive, boot your computer from and you're pretty close to anonymous on the internet. 'Snowden, Greenwald and their collaborator, documentary film maker Laura Poitras, used it because, by design, Tails doesn't store any data locally,' writes Finley. 'This makes it virtually immune to malicious software, and prevents someone from performing effective forensics on the computer after the fact. That protects both the journalists, and often more importantly, their sources.'

The developers of Tails are, appropriately, anonymous. They're protecting their identities, in part, to help protect the code from government interference. 'The NSA has been pressuring free software projects and developers in various ways,' the group says. But since we don't know who wrote Tails, how do we know it isn't some government plot designed to snare activists or criminals? A couple of ways, actually. One of the Snowden leaks show the NSA complaining about Tails in a Power Point Slide; if it's bad for the NSA, it's safe to say it's good for privacy. And all of the Tails code is open source, so it can be inspected by anyone worried about foul play. 'With Tails,' say the distro developers, 'we provide a tongue and a pen protected by state-of-the-art cryptography to guarantee basic human rights and allow journalists worldwide to work and communicate freely and without fear of reprisal.'"

12 of 171 comments (clear)

  1. The NSA is becoming a new God for "True Believers" by mythosaz · · Score: 5, Funny

    What's that? Have any unknown in your life? Just insert the NSA?

    Don't have the source code? The NSA must be behind it.
    Don't know who spread a worm? Must be the NSA.
    Don't know who authored BitCoin? NSA.
    Don't know who packaged up TAILS? NSA.

    The NSA sent his heavenly son to die for our sins.

  2. Cue NSA infilatration in 3...2.... by NotDrWho · · Score: 4, Interesting

    May want to keep an eye out in the development community of the OS for a sudden influx of programmers "just wanting to help out." Or existing members suddenly driving new sports cars and acting strange.

    --
    SJW's don't eliminate discrimination. They just expropriate it for themselves.
    1. Re:Cue NSA infilatration in 3...2.... by RGRistroph · · Score: 4, Funny

      We, the open source and freedom-loving community, may need an organized task force to keep track of these programmers, track their incomes, and store their communications -- just for future reference in case something comes up and a mole is suspected, not an actual search as the Constitution defines it, of course. Similar to the Apache Foundation and other Foundations for Open Source causes, but tasked with keeping our communications secure, and breaking the other side's communications where feasiable. We'll have to keep the existence of the Association secret as much as possible of course, and thus also hide it's budget in small items spread accross the other Foundations. They'll archive all the repos and mailing lists and IRC channels and any other communication medium, but advances in technology make the storage on that scale cheaper. We might have to rent a large building out somewhere that has cheap land and few pesky curious tresspassers, Utah or something. We'll just refer to it as No Such Association for now. A small and expedient measure given the threats of our times.

  3. Re:Anonymous on the internet? by Midnight_Falcon · · Score: 5, Informative

    Tails bakes in a routing table that makes all traffic go over Tor. It also has built-in I2P support. So, while ISPs can look at your traffic, it becomes quite a tough nut to crack to figure out what you're actually doing. Attacks are possible, but require exponentially more sophistication and resources than just tracking an IP.

  4. Re:NSA boogeyman by Midnight_Falcon · · Score: 4, Informative

    Go on YouTube and listen Jacob Appelbaum's (a Tor developer) videos. Something about NSA agents peering into his girlfriend's window at night and various other intimidation tactics..and that's just him..

  5. Almost by s.petry · · Score: 4, Interesting

    Tails doesn't store any data locally,' writes Finley. 'This makes it virtually immune to malicious software, and prevents someone from performing effective forensics on the computer after the fact. That protects both the journalists, and often more importantly, their sources.'

    Traffic sniffing does not require files on the target and this is the biggest source of data for agencies like the NSA. It may protect you from key loggers being installed (unless they were inserted ahead of time).

    I'm pretty sure that part of Snowden's leaked information showed that exploits are occurring at the hardware level as well as software. Entry points like LOM modules were explicitly called out in the leaked presentations.

    I'd agree that forensics becomes extremely difficult, if not impossible (memory analysis can still occur). I don't agree that the systems are immune to malicious software at least in a general sense. Immunity would require a lot of control for the hardware running the OS, and monitoring to make sure things have not been tampered with. Relying on a repository build of an OS imaged is still a target for potential a MITM attack feeding a user a kitted image.

    It's all good in my opinion, I'm just being picky about the terminology chosen. Immunity implies absolute safety, and very little in the world is absolute.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    1. Re:Almost by lister+king+of+smeg · · Score: 4, Interesting

      Tails doesn't store any data locally,' writes Finley. 'This makes it virtually immune to malicious software, and prevents someone from performing effective forensics on the computer after the fact. That protects both the journalists, and often more importantly, their sources.'

      Traffic sniffing does not require files on the target and this is the biggest source of data for agencies like the NSA. It may protect you from key loggers being installed (unless they were inserted ahead of time).

      All traffic sniffing will do is show they are talking to a TOR entree node. Everything is wrapped in multiple layeres of encryption between you and each of the nodes in between. Maybe they could tell from traffic analysis what type of traffic it is based on traffic profiling, streaming your pr0n over to will have a different profile than browseing a webpage wich will in tun be different than ssh, but they still won't know the end point and what the content is.

      I'm pretty sure that part of Snowden's leaked information showed that exploits are occurring at the hardware level as well as software. Entry points like LOM modules were explicitly called out in the leaked presentations.

      Yes but they would have to have had access to your computer to insert the hardware bugs. If you say pick up a cheap laptop at walmart paid for with cash they won't know who has it, and would not have inserted the bugs as they could not have known who would end up wih the computer.

      I'd agree that forensics becomes extremely difficult, if not impossible (memory analysis can still occur).

      if they are doing memory analysis thy have the computer in their posesion already and you probably have a much larger issues to worry over.

      I don't agree that the systems are immune to malicious software at least in a general sense. Immunity would require a lot of control for the hardware running the OS, and monitoring to make sure things have not been tampered with.

      Technically true. However you have to trust something, and as long as there has been know oppertunity to tamper with the computer you can assume your safe for most things.

      Relying on a repository build of an OS imaged is still a target for potential a MITM attack feeding a user a kitted image.

      That is why we have cryptographic signatures on repositories and iso images. If they can break a 4092 bit key in polynomial time we are f***ed anyway

      --
      ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
  6. Re:Anonymous by lister+king+of+smeg · · Score: 4, Informative

    Incognito Linux did not impress me. You can be more anonymous using Backtrack.

    ah no.

    Backtrack is for cracking not staying anonamous.
    Tails routes all of your traffic through TOR and keeps you anonymous as long as you don't share anything reveling.

    --
    ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
  7. Re:The NSA is becoming a new God for "True Believe by theskipper · · Score: 5, Interesting

    Well, personally my first thought after reading the summary was "but how do you trust the BIOS?" A few years ago I'd have immediately said that's conspiracy theory and dismissed it (along with the other items you listed). But after a year of exposure to the Snowden and RSA revelations and everything else, it pains me to say these NSA questions aren't so far fetched any more.

    Sure they may not be probable but they could be possible. No matter how rational you think you are, it really messes with one's mind. Subtle paranoia, if you will.

  8. Re:The NSA is becoming a new God for "True Believe by MrNickname · · Score: 4, Funny

    That sounds like something the NSA would post.

  9. The government should pass a law! by Vinegar+Joe · · Score: 4, Funny

    Snowden would have had a much harder time had he been using legal Microsoft products.

    --
    "The average reporter we talk to is 27 years old......They literally know nothing." - Ben Rhodes
  10. Re:Anonymous by Midnight_Falcon · · Score: 4, Insightful

    There's plenty of ways to defeat stylometric analysis, notably, running things through a translation engine several times through a few languages.