Keeping Secrets from Spies, Reporters, Friends and Family – And Not Letting Them Know That You Are

There’s a dirty little secret about secrets that every competent spy, or the more euphemistically named, intelligence officer, knows that makes their jobs a lot easier.

You are more than halfway to learning a person’s secret

if you know that they hold a secret.

It sounds a little odd, if not simplistic, but it is a powerful principle. Spies and everyone else who want to know something they shouldn’t, don’t start digging at random in your backyard, beam lasers at your windows, or tap into your internet network unless they know that there is some point to doing so.

The moment you let anyone, anyone at all, know that you have something that no one else should know about you are effectively opening the rear gates to your secret castle. You invite skulduggery as surely as if you had painted a sign saying Secret Here!

I can’t get into all the ways of protecting your knowledge and data because that would mean a document that contains treatises on all aspects of life, so I will concentrate on what you likely know is your weakest spot and something you really know that you should be doing something about, but for whatever reason you haven’t and won’t.

Your computers are just about certainly wide open to free access.

Oh sure, you say, you have a password when you turn it on and you might password protect the odd document but I can assure you that your average 16 year old could get past those passwords with at most a few hours of personal time alone with your laptop.

If they are older and slower than the average black-hat hacker there are freely available software applications on the internet that will do the work for them, or they can use the simplest of human psychology.

Do you have any idea how many people write their passwords somewhere on their desks at work? Write them on a piece of paper and put it in their wallet? Use their own name, their city’s name, their dog’s name?

Lots and lots of people do this. There are lists of common passwords on the internet that take moments to use.

If you are curious, the most common passwords for computers, bank accounts, networks, whatever, are:

    #1   123456
    #2   jesus
    #3   password
    #4   love
    #5   12345678

You get the idea.

Lots of people need to keep secrets.

  • Journalists need to keep contacts and information quiet
  • Business people need to keep just about everything secret
  • Ordinary people write love emails, do banking, surf porn sites, say bad stuff about bosses
  • Government people are horrible at keeping secrets and should do better

So what do you do?

The best thing is to keep it all in your head and never tell anyone it is there.

While it is true that some drugs, highly experienced interrogators, and very occasionally but usually not, some torturers can extract the information, they all fail if no one knows that you know something.

Now, if it is on your computer, even if you have locked it down with a 33 word password written backwards in ancient Sanskrit, it is vulnerable and can be got at – for sure.

Believe what I say, it can be got at and not just by the cyber minds at the US National Security Agency but also by the local Podunk Weekly reporter down the street, the not very bright co-worker who wants your job, and definitely by the dozens if not hundreds of commercial espionage agencies infesting the business world.

One simple technique, and one that I have used to get information across hostile borders, is to rename the sensitive files something like S45nutintell.dll or dutellsyuc.com and dump them into one of the hundreds of system folders on a Windows, Mac, or Linux machine. Unless someone has a very good and compelling reason to dig around in those folders and check out every one of the thousands of similar operating files they will not find your information.

But there are two problems. If you forgot what you called your file, or where you put it you are hosed big time.

If someone does find one of the files they have you dead to rights and you have no way of arguing that you know nothing about anything. That is really only a concern when you are up against the security apparatus of a foreign, or domestic come to think of it, foreign government, where mere possession of contraband information is the crime.

The lack of plausible deniability doesn’t matter much in the business world (unless you are the one doing the information stealing).

Of course it does matter a huge hell of a lot if your spouse discovers poorly hidden files on your computer containing god knows what indiscrete matter (let your imagination fill in that bit for you).

This matter of Plausible Deniability and the need to keep information not only secret but hidden in the first place, can be got around by using a software encryption program that locks down and hides your stuff.

There are any number of encryption programs on the market and a lot of them want huge amounts of money for what they do, but there are also many free programs (see here for a partial list of both)

I personally would not buy a commercial product for two main reasons

  • If the company goes out of business and you loose your copy of the program your information is gone
  • I am paranoid enough to wonder about who writes these private enterprise systems.

That last point needs some clarification.

In the eighties and nineties there were many efforts by governments, most notably the U-S government, to limit the effectiveness of encryption programs and even to compel the writers of encryption software to build in backdoor access routes in order to allow government spooks to dig around in your sensitive files.

Those efforts to control the technology have mostly failed with the exception of the backdoor access problem.

I wouldn’t doubt, in fact I would expect, that some of the commercial software available is transparent to the right Master Passwords.

This cannot happen however with software that is written as Open Source. Open Source means that the very bits and pieces, the smallest details, of the software code are open to anyone – well to software experts anyway. Any attempt by someone to alter the code to allow underhand access would be discovered very quickly. And so too would any efforts to weaken the strength of the software.

You can go through the lists and do your own research but I recommend and use TrueCrypt.

  • It is free
  • Open Source
  • The presence of secret files on a computer cannot be detected, even by Spooks
  • It appears to have powerful encryption that exceeds the few military grade systems I’ve been allowed to see.
  • You can use it on a USB stick, CD/DVD, on Macs and Linux.

If you decide to use it, or anything else of decent strength, do yourself a huge favour and study the tutorials and manuals. They may seem difficult but this is a case where effort is necessary.

And by all the gods of the multiverse, please pick, memorize, and use a really good password. Here are some examples

Some people like to use a phrase from Shakespeare, the Bible, or even a Clive Cussler novel on the grounds that the so-called good passwords are too hard to remember.

Don’t do this. There are password cracking programs, and government departments, that shotgun whole libraries of phrases at encrypted material until they get through. If it has been published in any language it is sitting a server somewhere secret and guarded.

If you want to use a memorable phrase then write some bad poetry, or the opening line to your Great Novel, or the lyric to some sickening song you have yet to write, and use that.

This is truly the Golden Age of Information but not for the ease by which you can look up the details of today’s transient celebrity but for the ease by which information-robbers in private companies and in governments can get at just about anything their want.

Big Brother has brought his neighborhood gang with him. Lock your doors.

Previous post:

Next post: