While anonymity on the internet is slowly dying, there remain legitimate reasons for wanting to keep your online identity a secret from
those meddling kids, governments or snooping criminals. From e-mailing leaked documents to commenting on blogs using pseudonyms or even just casual online chatting, utilizing the internet without leaving digital bread-crumbs behind you is a task that is getting more difficult over time, particularly when the big bad wolf that’s chasing you down is a rich and powerful government agency.
But to secure yourself online, you first need to understand whose attacking you, and what techniques they’re using. Adjusting your defense to suit your attacker is not just common sense, it is the only practical way to achieve a semblance of security and anonymity online without losing your mind and going into tin-foil hat wearing paranoia.
For example, if your adversary is the NSA, there’s nothing much you can do. This is a Federal agency so well resourced, they’re building a data-center in Utah that’s bigger than 5 Ikeas.Add to all this, the fact that it hires the cream of the crop from the Ivy-league maths programs, and you have brains and brawn that are orders of magnitude higher than the average person. If the NSA wants to target you, it’s game over. The only reason you’re not targeted by the NSA is that you didn’t factor high enough on the wanted list to merit their attention and taxpayer dollars.
But how about the Malaysian Government? How sophisticated are they and is it Game-over if the Malaysian government were targeting you?
Fortunately, our Governmen isn’t building a Utah data-center, or a Great Firewall and they’re no where close to the NSA, but they’re still a well-resourced organization that has the technical capability and financial muscle to do some serious harm against an ordinary citizen. And in order to secure yourself against them, you’d need to understand their techniques and tools.
Malaysian Government Surveillance 101
Firstly, the government controls the ISP and Telcos, and hence the Government controls the network. The prevention of terrorism act (POTA) permits a Police Officer to waltz into any ISP or Telco and compel them to grant him your communication details without the need for any kind of judicial warrant, it also allows for the Police to place a digital wiretap on your communications (again without a warrant), but also without ever having to reveal the status of that wiretap to any court of law even if they convict of something. So anytime you’re using a Malaysian internet connection, you have to assume that the connection is compromised.
Thankfully, whenever I go into a starbucks, or use the WiFi at KLIA, I already assume the network is compromised–and there’s many ways to secure yourselves over a hostile network.
Secondly, the government has a record of purchasing surveillance spyware (twice!), These are specialized software designed to infiltrate your laptop or smartphone, and start sending all your communication data direct from source. Again, one has to assume there is no judicial oversight over the use of these things.
If your end-device is compromised, and the Government has already installed spyware on your phone, laptop, tablet or even smart TV, there’s nothing you can do on the network end to secure things. So it’s wise to start securing the device before you think about the network, and that’s where we’ll begin.
But there’s a last and final attack-vector that a government can employ. Simply breaking into your home, and taking your laptop and smartphone away from you. Which means that you don’t just need to secure your device and network when you’re using it, but also when you’re NOT using it. In computer-geek circles we call this securing your data at rest, which protects your data while it’s just idling somewhere, and it turns out that’s not entirely easy to do either. Continue reading