0

Consider this scenario:

Alice is a typical corporate shark. She wants to get ahead in her organisation. Alice has a sensitive information security scenario, she needs expert consultation but she doesn't know any experts. Due to whatever she's consulting on, she needs to be completely untraceable. Same goes for the consultant too. She doesn't care where the consultant is from, Romania or wherever, just that he is capable, and as far removed from her as possible so as to avoid any compromising situations. She also doesn't care about the consultant, only that there is a complete separation between the consultant and her. His methods also do not concern her in any way.

Bob, her bestie, a little tech minded but not much, advices her to:

  1. Set up Tor
  2. With Tor, Register for a completely secure email account outside of the US.
  3. With Tor, create accounts on security forums (with the email) and post job requests.
  4. Conduct discussions+ by connecting to the email account [via TOR].
  5. She might obtain attachments that she might have to transfer to her computer [via TOR]
  6. For payments, use a crypto currency++.

I'm wondering how can one or all of 3 hostile entities - Her organisation, Her country security apparatus, and the security consultant - establish a link between her and anything related to the scenario. Worst case scenario is that the consultant is sloppy and makes a big mess and gets himself traced, in the early stages, during or later (an year later maybe).

What are the problems with the above approach, in regards to stealth, deniability, being compromised etc?

Update: Also, she & her computer, are the central nodes that know the whole picture. I'm thinking, cash only 2nd hand laptop, wipe it, use from crowded wifi hotspots. Keep moving. Once achieved overall aim, wipe & reinstall (change the network card too?) & sell away.

+ Please ignore the specific contents of Alice's emails. As @Schroeder said in comments below, it's probably too much for this question. I'll open a separate question on crafting/sending/receiving/handling data through properly established secure channels. Also please advise me regarding deeper technical aspects that I should open separate questions for. Thanks.

++ I'll open a separate question on obfuscating/removing digital currency trails. (thanks @Philipp)

Disclaimer: Purely theoretical question. However I'm keen on learning more on the subject. Yes I'm a responsible adult and I know all the legal stuff, so please don't lecture me on ethics.

a20
  • 198
  • 7
  • Define "digital currency". Many are not as untraceable as often believed. But there are many forms of digital currency which all work differently (cryptocurrencies like bitcoin are just one form of digital currency, by the way). An in-depth privacy consideration for *all* forms of digital currencies which exist would go much too far. It might even be too broad for a single question, but in this case it's just a sub-topic of a much larger question, so please narrow this down. – Philipp Sep 25 '14 at 13:58
  • Hi Philipp, I've changed digital currency to cryptocurrencies (CC). I'm aware of a lot of things regarding CCs but don't know about anonymity aspects. So if you suggest some that I should restrict the scenario to, I would do so. – a20 Sep 25 '14 at 14:42
  • The big vulnerability is the communication with the hired consultant. Everything else is technical, but the content of the communication with the consultant is the biggest area of risk in the given scenario. It's so big, that it should either be removed from the scenario, or made the central focus. – schroeder Sep 25 '14 at 16:29
  • Thanks for the comment @schroeder. I see two bidirectional links between the two: Data & Currency (*is there more?*). Why do you say communication (data) is the bigger risk (why not the other)? What did you mean by "*Everything else is technical*"? – a20 Sep 25 '14 at 16:36
  • 1
    Tor, external email, crypto-currency, these are all technical controls. They work as well as they are implemented. Once these secure channels are set up (correctly), they allow for communication to commence. But if Alice does not craft the communication properly, then the consultant knows everything and the secure channel is useless. The content is not technical, the secure channel is. Alice's content is the biggest source of threat, not the channel. Ever heard the expression, "the operation was a success but the patient died"? Either focus on the content first, or ignore it for the question. – schroeder Sep 25 '14 at 16:45
  • Nice, illuminating. I'll ignore the content here, and open a different question for that, thank you again @schroeder – a20 Sep 25 '14 at 16:48
  • np - these are all important questions on secure comms theory. – schroeder Sep 25 '14 at 16:49

2 Answers2

1

  1. Alice should definitely do this on her home PC and not on her work computer. It might be compromised by various spying methods by corporate IT. Also, when the corporate IT admins aren't grossly negligent, they wouldn't allow a TOR node to operate from within their corporate network anyway. A sufficiently configured corporate network doesn't allow workstations to connect to anything in the outside world except via the corporate HTTP proxy. TOR doesn't work under this conditions.

  2. Many email providers do not allow registrations via TOR or other anonymizers to avoid abuse. But let's assume Alice finds one which allows this.

  3. In order to give proper consultation, the consultant will need accurate information about what Alice wants to do, what technology they use and what their main problems are. Alice likely won't get around to send the consultant confidential documents from her corporation. She could try to anonymize them as good as possible, but when the consultant is smart, he might put together all the hints and be able to guess who Alice might be working for. This might be enough to deanonymize her and rat her out.

  4. Alice should check her email client to make sure it is properly configured and doesn't leak any private information in the mail headers.

  5. Attachments from untrusted sources can be dangerous. Alice would be well-advised to examine the attachments carefully and only open them with programs which are sufficiently patched.

  6. Contrary to popular believe, cryptocurrencies aren't untraceable. Bitcoins and its many, many derivates have a blockchain which securely documents the transaction history of every single wallet. This makes it possible to trace accurately which wallet moved how much money to which other wallet and when. Then all you need to do to deanonymize transactions is to find out which wallet belongs to whom. The identity behind a wallet becomes easy to know as soon as the owner tries to convert cryptocurrency into real currency or vice versa, because this usually requires a conventional money transfer between a currency exchange and their private bank account. Another situation where a wallet gets compromised is when it is used to order physical goods which need to be delivered to an existing post address.

Philipp
  • 48,867
  • 8
  • 127
  • 157
  • Wow, good answer. Let me comment on each. **1** yes agree. Risky to be based from home too. Perhaps use a highly trafficked wifi connection? Starbucks at airport? **2** How did Snowden do it? **3** "Scenario" can be internal / vendors / competitors etc **4** Good tip. **5** Yes. Not just legally incriminating, it can be a "beacon" or trojan. At some stage the consultant may also have incentive / coercion to trace her back. Would stipulating purely text & no binary reduce risks? **6** How about the webshops that claim they can wash/clean/remove tracks? Bounce through few multi-national ones? – a20 Sep 25 '14 at 16:20
  • 1
    @a20 that cryptocurrency tracing and laundering thing is a quite complex topic which is too broad to discuss in comments. You could open a new question about it, either here or on https://bitcoin.stackexchange.com – Philipp Sep 25 '14 at 16:26
  • Okey I'll open a separate question for it. Prefer here because the answers would be more security oriented. – a20 Sep 25 '14 at 16:50
0

A real security expert with a sense of professionalism would advise Alice to use above-board means to achieve her goals. The scenario above could work, however she would then be basing career advancement on a lie which she wouldn't have the knowledge to defend if she needed to. Chances are Alice could learn what she needed with some effort, she's better off using above-board methods to solve her own problems than risking professional (and possibly legal) consequences.

GdD
  • 17,291
  • 2
  • 41
  • 63