6

What is the proper way for two parties, say A and B, to communicate securely where:

  • Communication between A and B must be secure so that only they know the content of the communication.

  • A isn't necessarily endangered if it is known that they communicate anonymously with 3rd parties.

  • Knowledge that B is communicating anonymously with a 3rd party would endanger B.

More specifically, lawyers needs to communicate with a client, the client cannot be known to be in communication with the lawyers.

mcgyver5
  • 6,844
  • 2
  • 26
  • 46
AntoineG
  • 163
  • 5
  • Might be related topic: [Is there a secure way to transfer data outside the Internet?](http://security.stackexchange.com/q/109477/32746) (however the answers there may or may not fully satisfy the third requirement "*Knowledge that B is communicating anonymously with a 3rd party would endanger B*"). – WhiteWinterWolf Jan 24 '16 at 14:33

4 Answers4

5

Tl;dr: both using Tor via Whonix, share a single webmail account hosted by a Tor-facing .onion email provider, in which you communicate by putting pre-browser encrypted PGP messages in the body of unsent items in the Drafts folder (without ever sending it as an actual email), before quickly deleting each PGP message from the other party as you receive it.

Initial considerations...

A lot depends on your threat model - are you wanting to hide the communications (and knowledge of them), from the NSA, or from adversaries with less network surveillance and anti-encryption resources than that?

Let's assume it is a powerful NSA-level adversary, where you truly do want your lawyer-client communication to be both secure, AND secret.

For Internet communication, where it is between only two parties (and I assume it needs to be 'asynchronous', i.e. both parties are not connected to each other in real time online, i.e. usually email or other server-stored communication instead of instant messaging / P2P communication typically secured by OTR) and where, luckily, you don't need to share a publicly discoverable or broadcastable 'username', IM alias, or email address given there's only two parties that need to even know how to do this communication, then I would advise the following extremely anonymous, very secret, and highly secure setup for covert two-way communication:

Instructions

  • All parties use Tor. This is only one small part of the protection, specifically to very securely hide the IP addresses of you and your lawyers, but also, to use a Tor hidden service which will side-step the entire infrastructure of DNS itself and thus not leak what website you are using to communicate, to the NSA. (as end-to-end HTTPS server-client encryption does not hide the fact of you doing this, from the NSA.)

  • As for how to use Tor, rather than the simple Tor Browser on your (most likely) insecure Windows, OS X, or even default Linux system, I suggest doing this communication either using the Tails live boot OS, or, with longer setup but arguably better suitability for the way in which you will be securely communicating in this guide, Whonix. Graphical Linux is actually not that difficult to use, Whonix's particular chosen desktop (KDE) actually is quite similar to Windows in its interface. Whonix is a marvellous equivalent to Tails where it's not 'amnesic' like Tails but it is in the form of a Virtualbox-hosted VM, so you can securely store messages you receive from your lawyers OFFLINE on your computer and not leave them on the webmail server that you'll be using, and that will be crucal to this guide.

  • So, install Virtualbox, and download and install Whonix. This Tor OS works by having two VMs, the 'Gateway' VM to be the 'Torifier', then the 'Workstation' where you do the Tor browsing and communication in. It has the effect of NO IP address leak even being possible inside Whonix-Workstation due to its network interface being routed through the Whonix-Gateway VM, so even JavaScript or Flash could leak your real IP in Whonix - and yet, the VM is also instantly deletable when you need to as well. But still, please, disable JavaScript in Tor Browser once you are up to it.

  • So once Whonix is installed in Virtualbox (follow Whonix.org's excellent guides if need be, but it's all remarkably self-explanatory, make sure LUKS encryption is set up during the VM installation wizards) - and you get used to how it runs (you just thenm on at the same time (or better, in order), first wait for Gateway to set up its Tor connection, do its checks, do sudo apt-get update and sudo apt-get dist upgrade in Terminal if you need to, then once workstation is on and connected, same in there too), you are ready to move on to your super secret, lawyer-client communication.

  • Firstly, do NOT use the Tor browser for ANYTHING other than this exclusive lawyer communication on Tor (this applies to the lawyers too, obviously). Do not go to a SINGLE other website in Tor on Whonix. Even if your IP is hidden, that IP will still be correlated to ANYTHING else done in that same Tor session (and by that browser's unique or fairly linkable fingerprint), in the eyes of those running the Tor exit node, the NSA who's most likely listening somewhere along the path between your Tor exit node and the websites you'd connect to, or other malicious parties who have the ability to monitor or sniff.

  • The service we will be using for communication is a SINGLE webmail inbox (hosted on a Tor hidden service), that you SHARE with the lawyers and both log into with the same credentials (shared in person), and write PGP-encrypted messages in the DRAFTS folder - this will keep it ultra-private by never even having the communications leave the single webserver of the email host due to not actually sending emails (and involving other email servers and parties), at all.

  • It is crucial you pick a Tor webmail provider that you can log into the inbox only on a Tor .onion address. Consult this page to select and choose what looks good to you. Use one that can offer SquirrelMail login and not just Roundcube, as that way you won't need to turn on JavaScript in Tor Browser to do this. The reason to login exclusively on an .onion address, is for several anonymity and security reasons: again, you avoid DNS lookups taking place out there on the Internet and instead use Tor's highly encrypted/obfuscated hidden service protocol method of lookup instead, and you also avoid HTTPS MITM attacks by the Tor exit node, or anyone else between you and a DNS-hosted webmail address, who can, EVEN with HTTPS, potentially hijack the session (and easily systematically, not just as a targeted attack), to gain your login credentials, read the traffic and collect your PGP messages you'll be sending to each other, or even modify the pages and messages to absolutely anything they see fit.

  • To communicate your PGP messages in the least risky way possible, do the following: SHARE the same PGP key (ed.: unless it is better to have separate PGP keys? comments welcome), do NOT write your draft messages that you'll leave for each other INSIDE the browser, and encrypt your message content with the PGP client in in Whonix BEFORE pasting the encrypted blob into the webmail compose box each time you do it.

  • How to encrypt and decrypt the messages in Whonix: the easiest way is to use Whonix's pre-installed PGP client, KGpg, with its on the Desktop. If you use KGpg, first delete all Key Servers in Settings > Configure KGpg, so that no uploading of your key accidentally occurs at any time of your use of the program. To use, first setup up your key (Key > Generate Key Pair or Ctrl+N), securely share it and the passphrase with your lawyers (right click on the key in main window > Export Secret Key...), either in person or by some other non-Internet or -telephony means - UNLESS again it is better to have separate keys to each other, I am not sure - and then to encrypt for composing, or decrypt when reading, simply go to File > Open Editor and it is all easily done in there for either party once you have the key stored in KGpg.

  • To make the communication to each other practical in the drafts folder: good practice is to firstly, NOT leave ANY telling information outside the PGP blobs in the message body, and if you must differentiate between each other give the subjects or via a little text above each (new) blob, some random letter or number to indicate whether the blob was from you, or from your lawyers. Better than starting a new draft per new message, is just leaving a new PGP blob in one single draft, which is merely updated continually.

  • This is crucial: DELETE each PGP message from the other party in the webmail as soon as you receive and decrypt it in your PGP client. This means the communication is not stored on the webmail's servers to get leaked, hacked, modified, or otherwise breached for any longer than it needs to. Save any correspondance that needd to be kept for longer, locally in your (encrypted and secured) computer - (preferably within the Whonix installation with LUKS wholly inside the VM container file) - or even archived on an air-gapped, encrypted computer if need be.

Caveats

  • With this setup you have to trust the .onion-hosted email provider not to modify, make up, or erase any of the draft messages you leave for each other in your inbox on the server, and also not to leak any of it. Even with PGP, it is still data that could be decrypted later all the same.

  • If the NSA or another high-powered, global adversary were lucky, they be able to may de-anonymize your (or the lawyers') IP address via timing/traffic correlation attacks where they compare size of the packets being requested and sent between you and the webmail's server, IF they own (or have capability to directly sniff the traffic at) enough locations/nodes on the Tor network. However this particular form of de-anonymization (and especially if you are connecting to an .onion hidden service where, you actually avoid the need for a Tor exit node entirely), is extremely unlikely and requires enormous resources which appear only viable for them when trying to surveil someone they already know is a target, and not random Tor users, per se. But the random possibility, always exists.

However, I would advise a pre-Tor VPN connection to hide your 'real' IP as an extra precaution, even so. There are plenty of free VPNs around and I would advise no money to be involved so as to not involve financial trails to this communication in any way possible. Make sure you use a different free VPN to what the lawyers use at their pre-Tor end, as a correlation could be made otherwise. This also would be good for de-correlating the fact that both you and your particular lawyers (i.e. your real IP address and their real IP addresses), from the point of view of the NSA, even use Tor. VPNs are much more common than Tor, at this point in time anyway, and would distance suspicion between your real IPs and Tor even more. Obfs3 when connecting to Tor and also VPN obfuscation (especially with LEAP VPN technology) also can be put into use.

  • PGP, ordinarily, does not have perfect forward secrecy (like OTR, and TextSecure, do). This means if the encrypted blobs SOMEHOW leak at a later time, whether by a malicious webmail admin, via an unencrypted routine server backup, or if webmail provider turns out not to have the best opsec/server security and is hacked in general, is specifically targeted by NSA due to other high target communications taking place on the same server and then any messages you have still stored in your drafts folder are seized (which is why I urge you to delete them as soon as they are received), or you / your lawyers storing any messages are raided / equipment is stolen and things progress all the way to someone actually accessing your 'blobs', AND then you or your lawyers are forced to give up the (single) PGP password for your commuication (or additionally your opsec isn't as vigilant as it should be), then standard PGP will not save you from such a leak, and ALL your messages under the one key will be decrypted in one foul swoop.

I read somewhere that the PGP spec CAN include PFS key exchange, though do not know what client could be configured to do this. Someone feel free to edit this and give instructions (even in my main bullet-point guide, and then edit out this caveat), you'd be welcome.

Additionally, if someone knows of a simple, offline, portable, serverless, PFS-providing robust crypto implementation with a GUI that could replace a PGP client for communicating covert blobs in a scenario like this, that would be even better.

3

If you're really serious about the security of these communications you have to take all the layers into account.

  • Physical security: Shoulder surfing, access to computer by other individuals. Make sure your physical environment is secure.

  • Clean slate: Both the Lawyer and Client computers should be free of malware. (Keyloggers and the like will defeat any security and privacy you are implementing over the wire) Utilize Malware detection software, and antivirus programs. Or use something like Tails (https://tails.boum.org/index.en.html) which is a live CD operating system built for privacy.

  • Private Network: Man in the middle attacks are a major security problem. All networks are susceptible to some kind of promiscuous sniffing and man in the middle attacks. Public Wifi especially.

  • VPN: Use a private VPN to secure & obscure your traffic. Such as (privateinternetaccess[dot]com)

  • Encryption: Check out GNUPg for encrypting the content of your E-Mails. (https://www.gnupg.org/)

  • Disposable e-mail addresses: guerrillamail[dot]com

To me it seems that the client should utilize something like Tails and a separate e-mail address with encrypted messages to communicate with the lawyers.

Alex Urcioli
  • 382
  • 2
  • 10
  • 1
    Of course, you haven't given any advice on *how* to bootstrap things such as establishing a VPN between the parties or asserting each the parties identities without violating the requirement of a client not being known to be in communication with a lawyer. – Stephen Touset Jan 21 '15 at 00:37
  • @StephenTouset actually, you don't really need to establish a VPN between the client and lawyer. Just that the client should use a VPN to tunnel his connection, this provides the added benefit of encrypted communications and confidentiality on what internet sites you are visiting. – Alex Urcioli Jan 21 '15 at 14:55
2

So if the lawyers and the client are technologically savvy, I'd recommend PGP + a disposable email address created by the lawyer.

If not, then a burner cell phone (purchased by the firm), anonymous snail mail (no return address on the messages from the lawyer, and client's mail gets sent to a PO box owned by the firm), and encrypted Instant messaging (I personally use the OTR plugin with Pidgin) are all good methods of communicating well.

The strongest is PGP, but the hardest. If I had to deploy one of these solutions, it would be Pidgin + anonymous IM accounts + the OTR plugin. Hopefully this keeps your client safe, but I can't make any promises because I am a fallible human. Please don't sue me :)

Ohnana
  • 4,727
  • 2
  • 24
  • 39
1

For two parties to communicate securely over a network, there needs to be a secure stack of protocols constructed using multiple cryptographic primitives. A lot can go wrong in security.

Good examples of secure communication protocols are; ZFone for VoIP, DarkMail for email, and TextSecure for SMS.

rook
  • 47,004
  • 10
  • 94
  • 182