Chapter 4: Data

Risks:

  • Loss
  • Corruption
  • Interception
  • Theft
  • ‘Deleted’ data recoverability
  • De-anonymising/compromising metadata

InfoSec actions:

  • Back up data
  • Encrypt data
  • Securely share files
  • Securely delete data
  • Delete metadata

When storing or transporting data, there are several risks that require attention: interception/theft, loss, corruption and incrimination. The difference between interception and theft is detectability by the original owner. Interception usually means a data copy has been covertly made while theft would suggest the storage device (laptop, USB-drive or hard-disk) containing the data, or the original data, has been taken. The latter case would be detectable, whereas the former might not be.

If sensitive data falls into the hands of adversaries, there may be severe consequences for sources or the journalist.

To protect digital files there are several options. Simply storing the material on a small device (USB drive, memory card or external hard disk) and hiding it may be effective in certain cases. In such a scenario, the entire security of the material is dependent on the hidden device not being found.

To protect your data from unauthorised access, it is also important to encrypt it. VeraCrypt is an easy-to-use tool for encrypting files and entire disks, and can even hide their very existence.

VeraCrypt
VeraCrypt is open source encryption software.
Download: https://veracrypt.codeplex.com/
(Mac users will also need to download FUSE for OS X: https://osxfuse.github.io/)
There is comprehensive documentation here:
https://veracrypt.codeplex.com/documentation

VeraCrypt allows you to create an encrypted 'container' that acts as a digital strongbox for files, locked by a password. Once this box is created and filled with files it can be moved to an external storage device such as a USB drive, or sent over the internet to others. Even if the file is intercepted, the strongbox will not reveal its contents to anyone who does not have the password.
*Important! Do not forget your password, there is no other way to get to your data once it is encrypted. Losing your password means losing your data!*

Installing VeraCrypt

On the VeraCrypt download page, select your operating system to be directed to the latest download suitable for your system.

Mac users will also need to download FUSE for OS X, which can be found here:
https://osxfuse.github.io/

Encrypt a file with VeraCrypt

  1. Download
    Download VeraCrypt from https://veracrypt.codeplex.com/ (and, if on Mac, FUSE for OS X: https://osxfuse.github.io/) and install on your system like any other application.
    VeraCrypt works the same on Windows, Mac and Linux systems and the encrypted containers are cross-compatible between these systems. This allows you to work securely with other people without having to know what system they use.
  1. Create an encrypted volume
    To create an encrypted 'volume' (like a folder) start the program and click:
  • 'Create Volume' > ‘Create an encrypted file container’ > select ‘Standard VeraCrypt volume’ > select the location where the container will be stored on your computer (it can be moved later) and give the container an (innocuous) name.
    *To encrypt an entire external hard drive such as a USB stick, select 'Create Volume' > Create a volume within a partition/drive' Of course, you will need VeraCrypt to decrypt the USB drive, so if you are planning to decrypt on a computer on which VeraCrypt is not installed, you may wish to just create an encrypted container on the USB drive with your files, and also save VeraCrypt on the USB drive.*
  • The next screen is titled ‘Encryption Options’. The default selections are fine. For the strongest encryption (encrypts multiple times), under ‘Encryption Algorithm’, select ‘AES twoFish-Serpent’, and under ‘Hash Algorithm’, select SHA-512.
     
  • The next screen is titled ‘Volume size’. Select the size of the container (this will determine the maximum amount of data that can be put into it).
     
  • Set the volume password on the next screen. Make a good one (see chapter 8) and Do. Not. Forget!
     
  • The next screen is titled ‘Format Options’. Select FAT.          

Expert info: FAT is compatible with all systems but is limited in the maximum size of files it can contain (individual files cannot be larger than 4 GB). Usually this should not be a problem. If you need to be able to store larger files and are certain that choosing something other than FAT will not create problems with the sharing of the files, you could choose one of the other options.

  • The program will now generate a random dataset to encrypt the volume. Randomly move your mouse around for a moment, before clicking ‘Format’. The program will now create the volume. Depending on the size, chosen encryption algorithm and speed of your computer this will take a few seconds to hours (for very large volumes).
     
  • Once the system is finished press 'Exit' to return to the main program screen. Congratulations - you have created your secure volume!
  1. Put the files you want to encrypt into your new encrypted volume
    Now the volume can be 'mounted' (i.e. activated). Select any slot or drive.
    Click 'Select File' > locate and select the volume you just made > click 'Mount'.
    Now enter the password and click 'OK'.The VeraCrypt container will now appear on your system as a separate drive (much like a USB drive or external hard disk), and you can put files into it in the same way you would a USB drive (go to My Computer or Finder and click and drag files into the container).

    Once you have put the desired files in the container, 'close' the container by clicking 'Dismount' in VeraCrypt. The container will now appear to be just a file on your computer.

 

Hidden encrypted volumes

Hidden volumes are encrypted volumes that sit undetectably within a regular VeraCrypt volume. The purpose of this is to provide plausible deniability, and an extra layer of protection should your password be forced from you.

You will create a password for the regular VeraCrypt ‘outer’ volume – the container that is visible in your directory. Inside this container you will put sensitive files that you could plausibly want to encrypt and keep secret (unless this is a convincing decoy, an adversary could keep pressing for the ‘real’ password) – but that, if worst comes to worst, you are prepared to share with an adversary, should you be subjected to pressure.

However, within that volume is a hidden volume. No one can see it, and as far as we know, even the most sophisticated examination cannot reveal the existence of VeraCrypt’s hidden volumes. Only the creator knows it is there. You access it by entering an alternative password that you create specifically for access to that hidden volume. This is a password that you would be prepared to withhold much longer than the outer volume password.

  1. Create the outer volume
    Start VeraCrypt and click:
  • 'Create Volume' > ‘Create an encrypted container’ > select ‘Hidden VeraCrypt volume’ > select the location where the container will be stored on your computer (it can be moved later) and give the container an (innocuous) name.
    *To encrypt an entire external hard drive such as a USB stick, select 'Create Volume' > Create a volume within a partition/drive*
     
  • The next screen is titled ‘Encryption Options’. The default selections are fine. For the strongest encryption (encrypts multiple times): under ‘Encryption Algorithm, select ‘AES twoFish-Serpent’, and under ‘Hash Algorithm’, select SHA-512.
     
  • The next screen is titled ‘Volume size’. Select the size of the container (this determines the maximum amount of data that can be put into it).
     
  • Set the volume password on the next screen. Make a good one (see chapter 8) and Do. Not. Forget!
     
  • The next screen is titled ‘Outer Volume Format’. The program will now generate a random dataset to encrypt the volume. Randomly move your mouse around for a moment, before clicking ‘Format’. The program will now create the volume. Depending on the size, chosen encryption algorithm and speed of your computer this will take a few seconds to hours (for very large volumes).
     
  • The next screen is titled ‘Outer Volume Contents’ – read this carefully. You must now copy some sensitive looking files into this volume (i.e. copy-paste some files into the VeraCrypt container ‘drive’ which now appears in My Computer/Finder). Then click ‘Next’.
     
  • The next screen is titled ‘Hidden Volume’. Read this, and click Next. 
  1. Create the hidden volume
    Now the outer volume has been created, you will be guided through the creation of the hidden volume. This will take you through the same procedure as in the previous step, but for your hidden volume. You will go through the screens for ‘Encryption Options’, ‘Hidden Volume Size’ (the space availability is the size of the outer volume you created minus the size of the files you saved as your decoy in the outer volume), ‘Hidden Volume Password’ (this must be different to your outer volume password) and ‘Format Options’ (choose FAT).
    Importantly, you must choose a different password for the hidden volume to that of the outer volume. It is with these two different             passwords that you gain access either the outer or the hidden volume.
  1. Put the files you want to encrypt into your hidden volume
    Now the volume can be 'mounted' (i.e. activated).  Select any slot or drive. Click 'Select File' > locate and select the volume you just made > click 'Mount'.
    Now enter either the password for the outer or hidden volume, depending on which you would like to access (it should be the hidden volume), and click 'OK'.

    Note that if you add more data to the outer volume, it may overwrite space/data in the hidden volume.  Ideally, you will not change or add any more data to the outer volume after the creation of the hidden volume.

    The VeraCrypt container for that volume will now appear on your system as a separate drive (much like a USB drive or external hard disk) and you can put files into it in the same way you would a USB drive (go to My Computer or Finder and click and drag files into the container). 

    Once you have put the desired files in the container, 'close' the container by clicking 'Dismount' in VeraCrypt. The container will now appear to be just a file on your computer.

Encrypting hard drives

Mac and Linux systems have inbuilt options to encrypt the entire hard drive.

Linux/Ubuntu:
You will notice in our guidance on Ubuntu installation (chapter 2), we instructed you to opt to ‘encrypt the Ubuntu installation’ and ‘encrypt the home folder’. These options encrypt the entire hard drive and the home directory with separate passwords.

Mac:
Go to System Preferences > Security and Privacy > FileVault > Turn on FileVault

Windows:
The most secure way to encrypt a hard drive on a Windows system is using VeraCrypt.

The method is much the same as those described above, except to begin the process: click 'Create Volume' > select Create a volume within a partition/drive > 'Standard VeraCrypt volume' > Select the hard disk drive.

 

Sharing data securely

Risks:

  • Interception
  • Intervention
  • Destruction of source documents
  • Identification of source
  • Identification of journalist

InfoSec action:

  • Exchange encrypted USB drives or hard drives (if you can meet in person)
  • Exchange small volumes of data via encrypted attachments with encrypted emails
  • Exchange large volumes of encrypted data via a file-sharing service

Physical exchange

The safest way to share large volumes of data is to physically exchange a storage device (ideally a USB drive or hard disk) with the data on it in encrypted form.

The entire device can be encrypted, or several folders stored on the device can be encrypted with separate passwords so that access to them can be given in a controlled manner by the source (who can release passwords over time through secure channels such as encrypted email or OTR-chat – see chapters 5 and 6).

So, all you need to securely exchange data in person is encryption software (such as VeraCrypt) and a USB drive. You can currently buy USB drives with large storage capacity (256GB) for under £30.

Digital exchange
If you cannot physically meet face-to-face with your source to collect the documents, you will need to exchange your documents securely online.

Small volumes of data can be shared as encrypted email attachments, if both of you are using encrypted email (see chapter 5).

Large volumes of data can be encrypted using VeraCrypt, for example, and given an innocuous file name that does not relate in any way to the nature of the data or specifics of the contents. You can then exchange this file via a recommended file-sharing service, and send the recipient a link to the online file and the password(s) to decrypt via a separate, secure channel.

Again, you need a secure system for this to be a safe option. If your hardware or operating system is insecure, the files you exchange and passwords you share may also be insecure – an adversary could potentially have remote access or even control of your computer. Ideally, you will exchange documents between secure systems and both using Tails. For top security, you will only access the documents on an air-gapped machine.

Mega
‘Mega’ (https://mega.co.nz/) is an alternative to popular file-sharing platforms such as Dropbox and Google Drive. Mega runs some encryption inside the browser before the file is uploaded to protect the user against low-level snooping and to legally protect Mega against accusations of facilitating copyright infringement (since they then cannot know the contents of the files being shared). While their encryption should not be considered 'government-proof' it does add a thin layer of protection against snooping on data as it is being transmitted over an open Wi-Fi connection in your chosen anonymous upload café/library. Like most providers of online file storage, Mega will provide 50 GB for every unique email address you have. As with any other aspect of InfoSec, compartmentalisation of data over several accounts that are not relatable to each other is advisable.

SecureDrop
Some journalistic organisations with considerable resources and IT capabilities have implemented their own systems to facilitate the secure sharing of files – notably, SecureDrop. SecureDrop is an open source whistleblower submission system, and it is great news that organisations are using it. However, setting up such systems properly and keeping them secure is not a trivial matter and should not be done without involving specialists with extensive experience and a proven track record. It is not a realistic solution for an independent journalist.

For questions on these matters, contact your organisation's I.T. service provider who may be able to help (but ask them if they have done something like this before, and if not, seek help elsewhere). The CIJ may be able to provide some experienced contacts to get started.

OnionShare
https://onionshare.org

OnionShare is an open source tool that lets you securely and anonymously (over the Tor network) share a file of any size.

OnionShare offers a secure method of file-sharing because it allows users to share files directly from computer to computer, across Tor connections, without uploading files to any third party’s server. Instead, the sender’s computer becomes the server for the purpose of the transfer.

OnionShare is easy to install and use on Windows, Mac, Ubuntu and Tails. Installation on Ubuntu does require minimal use of the command line. You can download OnionShare and find installation instructions here:
https://onionshare.org

Using OnionShare:

To send files using OnionShare, you must have the Tor browser running in the background. You must also use the Tor browser to download files shared via OnionShare.

The sender chooses the files they wish to share, and OnionShare makes the files available for download via a URL, accessible via the Tor browser. As the recipient downloads the file, the sender can see the download progress and completion.

If you are concerned about focused surveillance and attempts to intercept your shared files, you should be careful to share the URL with your contact securely (for example, over encrypted OTR chat or encrypted email) and anonymously (for example, using new anonymous throwaway email accounts created on the Tor browser).

When the download is complete, or when the sender closes OnionShare, the files are completely removed from the internet (unless you untick ‘Stop sharing automatically’ in OnionShare, which enables the files to be downloaded multiple times).

Further instructions for use can be found here:
https://github.com/micahflee/onionshare

Securely deleting files

On most systems, deleting a file does not actually remove the data from the computer’s hard disk (or the USB drive, if that is where it is located). The file still exists but the space it occupies is simply labeled as 'no longer in use', and will eventually be re-used and displaced by other files. However, until then, the ‘deleted’ files can still be retrieved with the correct forensic tools and expertise.

To securely delete files, you can use specific tools that overwrite files with random data several times. This method is very secure, but may take a significant amount of time for large data volumes (e.g. several hours for multi Gigabyte USB drives).

Windows, Linux/Ubuntu
On Linux and Windows systems BleachBit (http://bleachbit.sourceforge.net/) is the premier open source erasure tool that is considered highly trustworthy.

Tails
The Tails system has a secure erase feature that can be easily accessed by right clicking on a file and selecting ‘Wipe’.  You can securely delete all ‘free’ space in a folder by right-clicking on the folder space and selecting ‘Wipe available diskspace’.

Mac
Securely deleting individual files:
The new OS X, ‘El Capitan’, no longer features the ‘Secure Empty Trash’ function due to concerns that secure erasure could not be guaranteed. Therefore, there is now no easy way to securely delete individual files on a Mac, so it is all the more important that you encrypt the hard drive, only allowing access to it with your password.

Securely wiping a USB drive (or any external hard drive):
Insert the USB drive. Launch ‘Disk Utility’ > select the drive you wish to erase (see menu on the left) > select ‘Erase’ tab. Select ‘Security Options’ and set the slider to ‘Most Secure’* > ‘OK’ > “Erase’.

Physical erasure
If an entire disk needs to be wiped there is also the option of physical destruction of the storage device. To be certain that no data can be retrieved afterwards the device needs to be ground up into very small parts no bigger than 1mm. Do not assume that specialised forensic techniques can be defeated by simply breaking a disk with a hammer or immersing the device in water. While this will almost certainly break the functioning of the device, data may still be retrieved if the adversary has the means and time to use advanced methods of data recovery.

Opt for USB drives
Since storing data on the internal disk of a laptop exposes the data to additional risks and possibly makes it harder to securely erase, storing sensitive material on an external storage medium such as a USB drive or external hard disk (for large volumes) is strongly recommended. Encryption of such devices or the files on them is also important to protect against loss or theft by adversaries.

Metadata

Metadata is data about data. Metadata could include the author of a Microsoft Word document, or the GPS co-ordinates of where a photo was taken. Audio, video, and PDF files also hold metadata and hidden data (such as comment or tracking history, file names, etc.). Most colour laser printers print their type and serial number in tiny invisible dots on every square centimetre of paper - so those pieces of paper are traceable if the serial number of the printer is in any way connected to you (e.g. if you ordered the printer online).

Each program used may have specific metadata settings, so you should do some research online (or consult an expert) on whatever program and file you plan to use to be aware of what information is being stored, how you can remove it and how to make sure this information is harmless.

LibreOffice
LibreOffice is a free, open source office suite.
https://www.libreoffice.org/

In LibreOffice, user data can be viewed and cleared by going to:
File > Properties > General tab

  • Click ‘Reset’ to reset general user data (e.g. total editing time, revision number)
  • Uncheck ‘Apply user data’

Then check the ‘Description’ and ‘Custom Properties’ tabs and clear any data you don't want disseminated. Under the ‘Security’ tab, uncheck ‘Record changes’ if not already clear.
Under Edit > Changes > Accept or Reject: you can clear these if the recipient doesn't need them.

If you use the Versions feature, go to File > Versions and delete any older versions of the document that may be stored there.

(Just for Writer) View > Hidden Paragraphs, check that all hidden paragraphs are visible.
(Just for Calc) Format > Sheet, check that there aren't any hidden sheets.

Next page   ➜