[security-news] Bulletin #3 - August 5, 2002

[security-news-admin at resist.ca]

***************************************************************
Security-news <security-news at resist.ca>
A security bulletin for autonomous resistance movements
Produced by the folks who bring you http://security.tao.ca
***************************************************************

August 5, 2002

It's Bulletin # 3 and an interesting week for it given the raid on an ALF
spokesperson's home last week and continuing Grand Jury investigations in
Portland. Not to mention the news articles we came across this time
around. Submissions, feedback and support can all be sent to us at
secure at resist.ca - please let us know what type of how-to and tips you
would like us to write about in the future! 


**********************************
Security-news: Issue #3 - Contents
**********************************
* Security tip of the week: Office Lock & Key Security
* News Item: Spy Watch - Big Brother Incorporated
* News Item: A New Code for Anonymous Web Use
* How-to: Prepare for a Police Raid *Before* it Happens

*****
Security Tip of the Week: Office Lock & Key Security
*****
When you take over a new space/office/warehouse the first thing
you should do is change all the locks. You have no way of knowing who
still has keys to the place and what benefit they might derive from
continuing access. Your organization should establish a regular re-lock
and keying procedure. Groups concerned about security should change all
locks and keys every six months or once a year. For more information on
building security go to http://security.tao.ca/personal/building.shtml.

*****
News Item: Spy Watch: Big Brother Incorporated
*****

Big Brother Incorporated
by Eveline Lubbers

For years, activist groups in Europe thought that Manfred Schlickenrieder
was a leftist sympathizer and filmmaker. He traveled around Europe,
interviewing a broad spectrum of activists, and even produced a
documentary video, titled Business As Usual: The Arrogance of Power, about 
human rights groups and environmentalists campaigning against the Shell
oil company.

In reality, Schlickenrieder was a spy, and Shell was one of his
clients. His film and his activist pretensions were merely cover designed
to win the confidence of activists so that he could infiltrate their
organizations and collect "inside information" about their goals and
activities.

Schlickenrieder's cover was blown when the Swiss action group
Revolutionaire Aufbau began to distrust him. Its investigation uncovered a
large pile of documents, many of which were put online at the beginning of
2000 (http://www.aufbau.org ).These documents proved that Schlickenrieder
was on the payroll of Hakluyt & Company Ltd., a London-based "business
intelligence bureau" linked closely to MI6, the British foreign
intelligence service. In addition to spying on behalf of multinational
corporations, the documents also indicate strongly that Schlickenrieder 
was working simultaneously for more than one German state intelligence
service.

Full article archived at nettime.org -
http://amsterdam.nettime.org/Lists-Archives/nettime-l-0207/
msg00135.html

Security-news note: This article reports on and analyzes events that
took place in 2000, but it only gets more relevant as "independent
media" is welcomed into activist channels with open arms. Alternative
media definitely has its place in supporting and advancing activism and
global change - but it's never a bad idea to check out the people who you
are allowing to capture all your movements, demos, meetings etc. on
film. Of course, it goes without saying, that you should never allow
activities of an illegal nature to be filmed except in the most
controlled circumstances. 


*****
News Item: A New Code for Anonymous Web Use
July 12, 2002 (code to be released this week)
*****

NEW YORK -- Peer-to-peer networks such as Morpheus and Audiogalaxy have
enabled millions to trade music, movies and software freely. A group of
veteran hackers is about to unveil a new peer-to-peer protocol that may
eventually let millions more surf, chat and e-mail free from prying eyes. 

Hacktivismo, a politically minded offshoot of the long-running hacker
collective Cult of the Dead Cow, will announce the protocol -- called
"Six/Four," after the June 4, 1989 massacre in Beijing's Tiananmen Square
-- in a presentation Saturday at the H2K2 hacker conference in New York
City. 
 
The group will publish the Six/Four code on its website in early August to
coincide with Las Vegas' DefCon security confab. 

Six/Four combines peer-to-peer technologies with virtual private
networking and the "open proxy" method for masking online identities to
provide ultra-anonymous Internet access. 

Article online at
Wired: http://www.wired.com/news/privacy/0,1848,53799,00.html
Hactivismo (and their code) can be found at http://www.hacktivismo.com/



*****
How to: Prepare for a raid *before* it happens
kendra at resist.ca
*****

The RCMP raid of an ALF spokesperson's home last week got me to 
thinking; how would such an event impact me? What would i lose if a
state agency were to raid my home tomorrow? Am I holding any data that
could impact the work of other people? How soon could I get back to work
if my computer, equipment and files were seized? 

To most people, even activists, a police raid seems an unlikely
occurrence. True, it is not something that happens on a regular basis in
North American activist communities - however, that doesn't mean it never
happens. As raids on both David Barbarash and Craig Roseborough show us -
even speaking out in support of direct action can lead to equipment and
materials seizures that can be personally and organizationally 
disruptive. Activists involved in organizing demonstrations and gatherings
have also found themselves on the wrong end of a search warrant in recent
years. Often these warrants are gained on bogus grounds, and searches are
carried out as harassment tactics or "fishing" expeditions. In the last
two years, a number of searches have been carried out against activists
where no charges were ever laid.  

So, in the spirit of this week's events, the following tips are meant to 
assist you in preparing for the worst - a raid on your home, office, or
infoshop. (many of these strategies are useful in defeating surreptitious
data collectors as well)

**Use scenarios to strategize: Only you know the work that you do and what 
specifics would be impacted in a search and seizure operation. Build 
scenarios for yourself - what do you need to access daily that could be
seized, what is your strategy for dealing with that? Do you have other
illegal items (such as drugs) that could be used to bolster police
criminalization of you - do you care about things like this? Walk yourself
through what you would do from the moment that the police show up with a
search warrant, who you would call, what you would do immediately
following the raid to inform people (if you weren't arrested). Scenario
building helps you to mentally and physically prepare for an event like
this - though you will never be fully ready for an invasion of this scale.    

**Encrypt and wipe: All files (not just those that are sensitive) on your
computer hard drive should be encrypted using a program such as PGP disk
(available at www.pgpi.org). This includes cache files, email (your whole
email program should be set up on an encrypted partition), image archives
and text documents. Wipe all free space on your hard drive weekly using a
program such as PGP or Burn (for Macs), this makes retreiving data from
your drives difficult if not impossible. See http://security.tao.ca for
more information on file security.
 
**Backups backups backups: If you lost all your data tomorrow - how would
you function? Your best strategy for getting back to work (and thwarting
organizational disruption), is making regular backups and storing them
with a trusted friend, or in a safety deposit box not connected to 
you. You don't want it to be common knowledge who keeps your backups for
you - as police could obtain a warrant to search that person's home for
materials belonging to you as well. Don't just back-up your computer
files, but make copies of any paper files that you could not live without
and store them in a sealed envelope in a safe place.

**Clean up your desktop and filing cabinets: Ever write down a password on
a piece of paper and then shove it into a file? Ever write down a phone
number of a person you don't want to be officially connected to? All those
little bits of paper start to add up to a lot of information after awhile,
especially if cleaning office isn't your strong point. Go through all
the paper bits on your desk and transfer that data into a secure place
(like an encrypted disk or pda), and then securely dispose of the 
paper. Likewise, go through filing cabinets once every few months and pull
out old phone lists, research that is no longer useful or needed, and
anything else you don't want the police to get their hands on.

**Know your home and it's contents: Had a lot of roomates or travelling
friends over the years? That means that there is a good chance that things
you are unaware of have been left behind in closets. Clean up after
someone stays or moves out, so you aren't storing items you don't want to
be. No one wants to get caught with someone else's stolen goods or
incriminating evidence - so keeping a clean house is essential.      

**Your PDA and Cel Phone: Are all your phone numbers stored on your cel
phone or palm pilot? Where would you get that info if the police had a
warrant to seize those items as well? A back-up zip disk containing 
important information of this type (encrypted) should go along with your
computer backups. 

** Emergency numbers & Support: Keep a lawyer's number on hand, as well as 
the numbers of any people who would support you during and after a 
raid. Make sure that the people you live with know where they can get that
info if  necessary, and also that they know what to do in case of a
raid. If you live in a house with other activists, you should all
participate in planning your security strategy and know what to do, and
how to get in touch with other housemates if they aren't home.

Most important, don't forget that you should not talk to police before,
during or after the raid (whether or not you are being arrested), and you
should contact a lawyer for assistance as soon as possible.

Nothing can truly prepare one for a full-scale invasion of privacy such as
a raid - but taking a few of these steps will help ensure that you don't
compromise your own freedom or that of others in the course of your
activist life. 

For info on last week's raid of ALF spokesperson David Barbarash's home
and support info see 
http://resist.ca/.archive00455.html



***************************************************************
Security-news <security-news at resist.ca>
Good security is no substitute for good sense!
To unsub go to http://resist.ca/mailman/listinfo/security-news
***************************************************************