Security tips for Journalists

Security writings and interviews of Andrew Lih:

Practical Internet Security for Journalists (In 10 Minutes)
Andrew Lih, March 2, 2006

Overview

* Motivations
* Three most practical tools
* Four secondary tools
* Two good practices

Motivations

* Foreign correspondents on the move
* Job needs – investigative journalism, protecting sources, privacy to work, confidential research, prevent blackmail
* Different countries/laws
* Don’t be at mercy of others
* Take matters into own hands…

Typical Scenario

* Journalist with laptop on assignment, plugs into hotel broadband/wireless to work. Risks:
* Password captured
* Email read
* Identity revealed, activity traced
* Laptop physical security, files accessed

Solutions

* Encryption
* Protect personal info
* Security practices
* Password discipline
* Account discipline

Tools

* Three practical steps
* Easy to use
* Free versions of all
* Can be put on USB memory stick

Tool 1 – TrueCrypt

* Makes new “disk” on Windows computer
* Completely encrypted, secure by password
* Store documents, notes, source lists
* AES encryption – 149 trillion years to crack a 128-bit AES key

TrueCrypt

* Country-specific laws
* http://www.truecrypt.org/

Tool 2 – Hushmail

* Web-based, all mail encrypted on disk
* Can send/receive encrypted email
* No personal info, no logs kept
* “Not even Hush can access the encryption keys of individual users”
* Free simple, US $29.99 for full account
* Targeted use

Hushmail

* Anonymous accounts
* Email notification
* http://www.hushmail.com/

Tool 3 – Torpark

* Combination of Firefox web browser and TOR anonymous router
* Easy to use, one-click access
* Conceals IP address, encrypted
* Works around content blocking/monitoring
* Uses The Onion Router – http://tor.eff.org/

Torpark

* http://www.freehaven.net/~arrakis/torpark.html
* May be slow to startup (20-30 seconds)

Practices

* Password discipline
* Email account discipline

Passwords

* Have three types on hand
Trivial (“buddha”)
* Nontrivial (“h@ppybuddh@”)
* Banking strength
(”6eijin9spring!1978″, like Beijing Spring)

Accounts

* Throwaway – Free services (spam collects, reminders, bogus name) junkbox168@yahoo.com
* General (Email, work, personal)
fred.wong@gmail.com
fred.wong@scmp.com
* Secure (Confidential sources, interaction)
fred.wong@hush.com

Internet access

* Home, cafes, wireless, hotels on the road
* Consider extremely insecure
* Who can contact your computer?
* Who can read what you’re doing?
* Passwords in the clear?

More steps (4-5)

* Google mail – https://mail.google.com/mail
- Note the “S” and must be that address!
- Entire session is encrypted
- Yahoo/Hotmail – crypted login, not session
* Firefox browser – http://www.mozilla.com/firefox/
- Clear all private data option
- Blocks malicious popups

More steps (6-7)

* Skype – http://www.skype.com
Secure instant messaging
Encrypted voice conversations
* VPN – http://publicvpn.com, http://www.hotspotvpn.com
Commercial virtual private network
Secures wireless access, hotel access, avoid filters
US $5.95 a month

Review

* If you remember nothing else today…
TrueCrypt
Hushmail
Torpark
Avoid Yahoo/Hotmail
* Put it on a USB memory drive
* Can use in Internet cafes
* http://www.andrewlih.com/securitytips

Retooled

Before

* Internet Explorer
* Yahoo/Hotmail
* Weak password
* Cleartext transmissions
* Documents on disk
* Instant messaging

After

* Mozilla Firefox
Google mail (https)
Hushmail
Strong passwords
VPN or secure email
TrueCrypt volume
Skype

Summary

* Don’t leave digital breadcrumbs
* Don’t let others decide your fate
* Still legal liability – subpoena, state secrets, etc. – but you control your destiny
* Secure email, transmission, disk storage
* Practical steps – encryption

Summary

* Security Tips for Journalists
* http://www.andrewlih.com/securitytips/

Contact
Andrew LIH
site – http://www.andrewlih.com
email – alih@andrewlih.com

13 thoughts on “Security tips for Journalists

  1. Pingback: Andrew Lih » Blog Archive » Google Mail via Secure Connection

  2. Pingback: Andrew Lih » Blog Archive » Internet filtering in US newsrooms

  3. Excellent weblog right here! Additionally your web site loads up very fast! What host are you the usage of? Can I am getting your associate link to your host? I want my web site loaded up as fast as yours lol.

  4. YouTube is world’s leading video sharing web page, no one can defeat it. Every one add video lessons at YouTube afterward obtain embed code and post everywhere.

  5. Hi would you mind stating which blog platform you’re working with? I’m going to start my own blog in the near future but I’m having a hard time selecting between BlogEngine/Wordpress/B2evolution and Drupal. The reason I ask is because your layout seems different then most blogs and I’m looking for something completely unique. P.S My apologies for getting off-topic but I had to ask!

  6. Facility is one thing the camera is on the phone. I think this facility is quite interesting and can be used to photograph objects without them knowing it. This is quite useful technological invention.

  7. It¡¦s actually a cool and helpful piece of info. I am happy that you just shared this helpful information with us. Please keep us informed like this. Thank you for sharing.

  8. The process of selling a timeshare can be complex and technical and many a times will necessitate the presence of a lawyer. This may increase the cost of selling a timeshare due to the payments to be made to the lawyer. This is why most people prefer not to involve lawyers when selling their timeshares. However, due to complications that may arise, it is advisable to consult a lawyer before selling a contract. This answer to how to get out of my timeshare is not the best and has some risks involved.

  9. Spot on with this write-up, I seriously think this web site needs much more attention.
    I’ll probably be returning to read more, thanks for the information!

  10. My family members all the time say that I aam wasting my time here at web, however I know I am getting know-how daily
    by reading such nice articles or reviews.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>