zondag 29 april 2012

Een basiscursus lekken

Gawker had begin april groot nieuws: ze hadden een nieuwe medewerker. De Fox Mole zou geregeld stukjes schrijven over de normale gang van zaken bij Fox News. Verder dan één artikeltje is de mol niet gekomen, omdat Fox binnen een dag had achterhaald dat Joe Muto, een producer van The O'Reily Factor het lek was.
Hoe hadden ze Muto zo snel ontdekt?
In the end, it was the digital trail that gave me away. They knew that someone, using my computer login, had accessed the sources for two videos that ended up on Gawker over the past few weeks. They couldn't prove it entirely, but I was pretty much the only suspect.
I denied it, which is why they didn't fire me outright. But two nice gentlemen from security escorted me to my desk to pack up my stuff, and it was pretty obvious at that point that I would not be setting foot back into 1211 Avenue of the Americas again.
Tja, dat was geen succes.
Een dag later publiceerde Wired een lijstje met tips hoe te voorkomen dat je betrapt wordt, onder andere deze:
  • Don’t use your work computer or work phone to communicate with the recipient of your leaks.
  • Give yourself a code name. It won’t help protect you, but it’ll make you feel cool.
  • Don’t give away personal details that are identifying if you want to remain anonymous — like calling yourself the “only liberal working at Fox News.”
  • Be aware that the document you plan to leak could be seeded with information designed to catch a leaker. One parent company we know (which shall remain nameless) used to send slightly different versions of the same leakworthy document to different departments to hone in on the leaker once they were published.
  • Documents you find lying around at the printer or fax machine are far easier to leak anonymously than digital ones.
  • Don’t leak information from inside a media organization owned by Rupert Murdoch, or any other company that employs hackers. They have ways of hearing you talk.
  • Better yet, don’t give the recipient a document at all; read it over the phone. It’s easier to be a source of information, rather than a leaker of documents. Computers leave trails — always.
Om de schade enigszins te beperken heeft Gawker zelf daarna ook nog maar een lijstje met tips gemaakt. Ik heb alleen bij de tip over metadata de volledige toelichting laten staan:
  • Don't tell us who you are
  • Don't read Gawker
  • Don't Use Your Work Computer
  • Create a Dummy, Untraceable Email Account
  • Don't Leak Any Electronic Documents
  • Beware Metadata.
    If you send us a photo, we will make sure it is scrubbed of EXIF data—which contains all manner of information that could help identify who took it, including the GPS coordinates where the picture was taken—before we post it. But it's safest to scrub it yourself. One easy way to do this is to take a screengrab of the image and delete the original. Whatever you do, don't post a photo taken with your phone directly to Gawker, Twitter, or any other web site unless you are fully prepared for everyone to know where and when it was taken. One Anonymous hacker learned that lesson the hard way earlier this month when he was arrested in part on the strength of evidence gleaned from a photo of a women he posted to his anonymous Twitter account. The EXIF data showed that it was taken at the suspect's girlfriend's house. It's not just photos—all manner of digital documents, from text files to movies, contain varying amounts of metadata that could easily help identify their provenance. Strip them out.
  • Use Tor
  • Don't Talk on the Phone
  • Use a Gawker Burner
  • Hand Delivery
  • U.S. Mail
Veertig jaar geleden was lekken veel makkelijker...

Plaatje: Mole van Mick Talbot

Geen opmerkingen:

Een reactie plaatsen