The Intercept posted an interesting document yesterday designed to help a certain class of would-be-criminals---leakers of classified information---but which will, I would imagine, interest a different group of people too. The document, entitled "How to Leak to the The Intercept" is just what it sounds like---a how-to guide, complete with steps to take and steps to avoid, to leaking sensitive material to the publication without getting caught. The document details technologies to use to avoid detection (Tor, Tails, and The Intercept's own SecureDrop leaking system, which it describes as "an open source whistleblower submission system, to make it simpler and more secure for anonymous sources to get in touch with us.") It details as well things to worry about and things not to do: "Strip metadata from documents," reads one helpful tip. "Compartmentalize and sanitize," says another.
It all culminates with a section usefully entitled, "How to Actually Leak."
It's a snazzy presentation, and if I were a would-be leaker, I'd be intrigued. But I might be even more intrigued if I were, say, representing an intelligence agency. Probably not a U.S. intelligence agency, to be clear. The Intercept folks, after all, are U.S. persons, and there are all these laws and rules preventing our services from spying on such people or hacking their systems---at least without a warrant.
But let's say I were with some other intelligence agency, either one allied with our forces or one hostile to it. I might noticed that The Intercept is trafficking in really neato stolen goods. They're soliciting more. And what's more, they're advertising what could be a really great, so to speak, phishing hole---that is, a mechanism to send them files and maybe get them onto their computers. If I were a foreign intelligence agency, I'd be looking at this as a great way to send enticing-looking documents, maybe even real ones, that contain some nifty bits of executable code that offered visibility for me onto the activities of people with access to the Snowden materials, people who are talking to and recruiting other leakers. Or maybe I'd be drop some honey-pot files, some files that beacon their location. Or maybe I'd just use the opportunity to drop disinformation on journalists who have shown they will believe just about anything if it's disparaging of U.S. intelligence.
To be sure, there are ways The Intercept's "secure drop" might be insulated from the organization's other machines. Let's say, for example, that it is a computer that is connected to the Internet (so that people can send it things) but is air-gapped from any other computer. All it would really need is a printer, configured so that when someone sends it a document, the computer does nothing but print it out. That's certainly possible, but remember that our intelligence services seem to have jumped an air gap against the Iranian nuclear program. The pros are really good, and not all of the pros work for NSA. And even that assumes that SecureDrop is really secure. But is it? I don't know, and neither do the folks at The Intercept.
The Intercept folks make a big deal of their facility with encryption, but the truth is that they're amateurs. And they are amateurs in a world of professionals. [Clarification: ACLU technologist Christopher Soghoian has taken me to task on Twitter for disparaging the security experts employed by The Intercept. To be clear, I am talking here not about those experts but about the journalists in question. I don't believe Glenn Greenwald and Laura Poitras can keep the Russians or the Chinese or any professional intelligence services out of their stuff.] There is nothing they can build that a professional intelligence service can't break. I don't believe there is a SecureDrop they can construct which is secure against someone who has penetrated the computers with which they access it. And without knowing exactly how their system purports to avoid this problem, there is no good reason for a leaker to have confidence that The Intercept's systems have not already been penetrated. This may not expose the leaker, given the way Tor and the drop system work---though it may. But it does mean that the leaker has no reason to have confidence, when he uses these systems to talk to Glenn Greenwald or Laura Poitras, that he's talking only to Greenwald and Poitras.
If I were GCHQ or the PLA or the Israelis or the Russians or the Iranians, I'd already be in there looking around, seeing what I could see, and just waiting to find out who wants to leak what about my rival services---or perhaps about my own. Wouldn't you?