How to have Better Online Security than the Director of the CIA
Usually, we don’t involve ourselves too much with IT security. There’s just too much stuff being written about it already, there are too many people working in the field, and the “everyman” just isn’t all that interested in the more advanced inner workings of that stuff. That said, we here at SB have used, are using and will use, several tricks to keep prying eyes out of our stuff, and we do realize that many of our readers might find these tips useful in both their work and their play… so to speak.
So. In light of the recent scandal, where the director of the CIA had to step down when leaky email security made it clear he’d been having a bit too much fun with his babe biographer (really… she is), here’s a few tips to make sure you’ve got better security than he did.
1: Don’t use “the cloud”.
Basically, “the cloud” makes sure you can access your files wherever you are, on whatever computer. To be able to do that, you’re placing your files in the hands of someone else, and you have less control over what happens with your information. Just don’t do it.
With access to USB sticks with double or triple digit gigabytes of storage, there shouldn’t be a need for you to upload sensitive files anywhere. It just shouldn’t happen at all, and if you do have to upload a file somewhere, make sure you have control. Do your best to make sure that the file is encrypted, and that it is deleted after download or use.
2: Encrypt your data.
Look, just do it. It’s easy, and safely communicating a password or phrase is much easier than safely communicating a while email or a 200-page ops manual. Or pictures of your willy. Whatever.
Aside from the encryption methods included with any friendly operating system (like Windows) or program (like .rar or .zip programs), there are any number of hardcore encryption tools out there, many of them even free. So use them.
3: Hide your location / IP address.
This is fairly easy too, and this is what caught up to Broadwell and Petraeus in the end. They would log into their shared GMail account without hiding their IP address, and when the FBI subpoenaed the login info from Google, it was easy to build their search warrants from the login info that the two of them had left behind. If they had used a service like Tor to hide their real IPs, the FBI would have had a suspicious email account with a bunch of drafts in them, and nothing more.
Hiding your location is one of the first steps to staying anonymous online, hard as that might seem these days. The strange thing is that not many people do it – they leave tracks the size of Godzilla’s feet out there in the digital world. Remember the movie from the 90’s where the scientist is literally not seeing the tracks because he’s standing in one of them? That’s the size of your digital footprint. We’re not joking.
4: Find, and use, the options available.
Use instant messaging online? That’s fine. Don’t send any files. Use a proxy server (or a service like Tor) to connect to the internet. If you use Google Talk, there’s even an “off the record” option that you can check which makes sure no record is saved to either party’s account. That’s nice right there.
Know the software you’re using to communicate with, and take advantage of the options that work in your favor. It’s not hard at all – it’ll take you minutes to figure out, and it could save you from irreparable damage. Pretty much worth those minutes of fidgeting with settings, huh?
5: Be tactical. Have a plan.
So you want to send an email, and you want to make sure no one else reads it but the person it’s meant for. Here are the steps laid out for you. Remember, skip or forget one, and you’re back to start. Or straight to jail. Whatever.
– Use Tor to securely connect to the internet. Tor will hide your location / IP address.
– Use GPG (open source – free – alternative to PGP encryption). This is easy, and it encrypts your message.
– Do not store the message “in the cloud”. Tell your email client to delete it as soon as possible.
– Attachments that you need to save or take with you, you should download and store on an encrypted USB storage device. Those things can store hundreds of GB of data, there’s no need for the cloud.
That’s it. You’re safer than the director of the CIA. Neat.
Thanks for the article. We ALL need to be more proactive about our personal account security. In this day and age we need to take responsibility of our info. If you don’t trust the site don’t use it. . But one thing that can’t be stressed enough is taking advantage of the 2FA (2-Factor Authentication). Although it’s been around for a while, not enough sites are offering and promoting this option. And the even sadder fact is there are millions of people who are not taking advantage of this awesome functionality that is being offered to them by several sites. I really hope people and companies wake-up to the need to kick this complacent attitude about authentication and passwords. Take advantage of the 2FA which allows us to telesign into our accounts. I know some will claim this make things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure. This should be a prerequisite to any system that wants to promote itself as being secure.