If you are leaking to the press or broadcast media, they invariably want some documentary proof of what you are telling them, e.g. a document or memo or advance copy of a report, or an email. etc.
- Do not use your @homeoffice.gsi.gov.uk email address from work to pass on whistleblower material to politicians, journalists or bloggers.The Home Office, as your employer, is perfectly within its rights to analyse the log files of its own email systems. They do not need to wait for a “serious criminal investigation” which would require a warrant signed by, wait for it, the Home Secretary, or as recently delegated under the Terrorism Act 2006, any nameless offical that the Home Secretary delegates the renewal of long running intelligence agency or electronic interception warrants, which almost certainly include the “protection” of the Home Office IT systems themselves.
- If you are relatively IT literate, you may be able to master how to send an email through a Mixmaster Anonymous Remailer chain , but, we suspect that the number of people who are confident enough to do this currently working at the Home Office and who might become whistleblowers is very small.
- Similarly, a whistleblower could use Pretty Good Privacy public key encryption, but again, this requires some effort to install the PGP software, on your own PC (not on your Home Office workstation !).PGP encryption will protect the content of of your correspondence with whoever you are whistleblowing to, but not the fact that your are in communication with say, David Davis, or ther Sun newspaper or even a political blog.Unfortunately it is only Spy Blog and a few other technical security and privacy related blogs which publish a PGP Public Encryption Key, something which we encourage other bloggers, journalists and members of Parliament to do as well. – Spy Blog PGP public encryption key
- PGP also does Disk Volume Encryption, which may be of use to a whistleblower’s home PC.
- A good compromise for the non-technical civil servant who wants to be a whistleblower could be a Hushmail account.This has the advantage of being based in Canada, Ireland and the tax haven of Anguilla, and is a web based email system which uses the SSL/TLS encryption used to protect credit card and internet banking transactions from snoopers.You may have to install the Sun version of Java if you have a recent version of Windows XP which no longer supports Java by default.You can sign up for a free , anonymous Hushmail account, (with 2Mb of storage space) which needs to be accessed at least every 3 weeks to keep it active . You can pay $30 a year for a full account.Hushmail to Hushmail traffic is strongly encrypted, but using Hushmail to say, email your Member of Parliament will be plaintext like other emails.Hushmail do have a “pre-shared secret” challenge/response email system called Hushmail Express which can be useful for non-hushmail replies, but it is a bit less secure.
- Do not use your Home Office landline telephone or fax machine for the same reasons as above.
- Do not use your normal mobile phone to contact a journalist or blogger from your Home Office location, or from home.The Cell ID of your mobile phone will pinpoint your location in Marsham Street and the time and date of your call.This works identically for Short Message Service text messages as well as for Voice calls.Such Communications Traffic Data does not require that a warrant be signed by the Home Secretary, a much more junior official has the power to do this, e.g. the Home Office Departmental Security Unit headed by Jacqueline Sharland.
- Buy a cheap pre-paid mobile phone from a supermarket etc..Do not buy the phone or top up phone credit using a Credit Card or a make use of a Supermarket Loyalty Card.Do not switch on or activate the new mobile at home or at work, or when your normal mobile phone switched on (the first activation of a mobile phone has its physical location logged, and it is easy to see what other phones are active in the surrounding Cells at the same time..Do not Register it.Do not store any friends or familiy or other business phone numbers on this dispoable phone – only press or broadcast media or blogger contacts.Set a power on PIN and a Security PIN code on the phone.Physically destroy the phone and the SIM card once you have done your whistleblowing. Remeber that your DNA and fingerprints will be on this mobile phone handset.Do not be tempted to re-use the SIM in another phone or to put a fresh SIM in the old phone, unless you are confident about your ability to illegally re-program the International Mobile Equipment Electronic Identity (IMEI).Just in case you think this is excessive paranoia, it recently emerged that journalists in the USA and in Germany were having their phones monitored, by their national intelligence agencies, precisely to try to tracjk down their “anonymous sources”,Why would this not happen here in the UK ?
- Choose your photcopier carefully. Some of the newer, high end photcopiers, especially colour ones, have built in anti-counterfeit US currency routines in the software.Some combined photocopiers and printers are capable of printing tiny yellow seral numbers (e.g. Canon) on each sheet or a special series of dots (e.g. Xerox DocuColor, which makes tracing which machine was used to help to “leak” a document , if the original printout or photocopy is seized, quite a bit easier.Many typewriters, computer printers and photocopiers do leave characteristic wear and tear imperfections on the documents they produce, which a forensics laboratory may be able to match to a machine a work or your personal machine at home, if it is ever seized as evidence in a “leak inquiry”.
- Redaction or censorship. Adobe .pdf documents have been published online, where some of the personal details e,g, email addresses have been “blacked out” using Adobe .pdf software , which has effectively simply put an extra layer on top of the supposedly censored words. Simply copying and pasting into say Windows Notepad or Wordpad or Word etc. has revealed the hidden data.Anybody publishing such stuff online needs to be aware of this, to protect their Home Office or other sources.
- Similarly Adobe .pdf documents or Microsoft Word documents, Excel spreadsheets etc. may well have Meta information (see the Document Properties) showing the author of the leaked document (which may in turn lead back to the “leak source”).
- Microsoft Word Documents, especially draft documents worked on by several people, often have the Version feature enabled. Sometimes examining the changes made to a document, and by whom gives extra clues about policies or coverups etc.The same feature on a whistleblowe’rs own computer, could, of course betray their identity. by adding their default name propertiesit to any document which they edit or view, before passing it on.
- Older versions of Microsft Word (and other Office products like Excel or Powerpoint) can also betray the MAC Address of the Ethernet card of the computer on which a document was created or edited on, as part of the Global Unique ID data, embedded in the document. Most people will not have changed the MAC addresses of their computers (often possible through software), and there are likely to be inventory records or network logfiles which will pin point which MAC address belongs to which computer either at work or at home.Microsoft do now make available some tools to remove such GUID and other hidden meta data, versios, comments etc. from final published Microsoft Office products. e.g. the Microsoft Office 2003/XP Remove Hidden Data Add-in
- Photo images. Your source or the “anonymous” publisher of a leaked document online may use a Scanner, but they may, nowadays use a Digital Camera.There is often camera make / model identifying Meta data embedded in the raw digital images taken by many types of Digital Camera. These may be used as “evidence” if your Digiital Camera is seized during a “leak inquiry” investigation.
- You wish to blank out or censor items in .jpg or .gif or .bmp graphics image.Again, there is a temptation by the uninitiated to use, say, a Photoshop pixellation or motion blur special effect filter. Remember, that these standard filters effects can often be reversed.Since Digital Camera images and Scans of documents are usually much too large for web pages, you might want to reduce the number of colours and probably the size of the images, before publishing them as thumbnails and even as larger images on a blog or website.Remember to apply your Photoshop pixellation etc. after reducing the image size and number of colors, i.e. after you have thrown away some of the identifying data, so as to reduce the chances of the filter effects being reversed.
- It is possible to literally cut and delete the words from an image or the identifying features of a face or address or car number plate etc. in a photo image.There have been successful guesses / recovery of “censored” words, which have been cut and and deleted from graphics image files, but, not very well, leaving tell tale spaces between words and not completely hiding the presence or absence of the tops and bottoms of individual letters.
- File deletions.Hiding incriminating evidence (either of your “leak” or of the actual malpractice, incompetence, corruption or other criminality which you are trying to draw public attention to) is not as simple as hitting the delete key on your computer keyboard.At a simple level, some people forget that file deletions can be recovered from the “wastebasket”, and with a hexeditor or recovery utilities, many files can be “undeleted”, simply by changing the first character of the deleted file name, provided that it has not yet been overwritten.”Secure” deletion utilities repeatedly write binary patterns over the deleted filespace several times, to try to frustrate even the more sophisticated magnetic disk surface reading equipment, which can pick up the “shadows” of previous patterns of zeros and ones. However this does take quite a long time to do thoroughly.
- Deleting corporate emails e.g. Microsoft Exchange is not a simple mayyer either. Very often deleted emails can be simply recovered from the “wastebasket” deleted folder. Anything that has remained on the system for more than a few hours, is likley to have been backed up to other backup storage media, and so may also be recoverable during a “leak inquiry” investigation.
- Make sure that you delete the Browser History and Temporary Files (Tools / Internet Options / Delete Files / Delete all offline content and Tools / Internet Options / Clear History in the Microsoft Internet Explorer web browser) – it is not just your internet browsing which is monitored, it is yourintranet web browsing, search engine queries and document downloads which are potentially monitored.
- USB keys and SmartMediaThese are useful to spies or to whistleblowers for smuggling out electronic copies of documents. Given the size of the memory capacity these days, which is often larger than hard disks of only a few years ago, a very large amount of data can be carried.They are small and easy to hide, and can also legitamtely be hidden in cameras or MP3 players etc.Some Government Departments e.g. the Ministry of Defence do tend to use modified operating systems software which controls access to floppy disk drives, CDROM, DVD or USB devices, either totally preventing their use, or logging all such uses to a central audit server.We suspect that not every desktop PC in the Home Office is protected in this way.However, if you are caught with a USB key or MP3 player or SmartMedia memory stick or card, which uses Flash Memory, they are nigh on impossible to securely erase, and there is a good chance that data on them , even if “deleted” can be foreniscally recovered
- If you decide to meet with an alleged “journalist” or blogger (who may not always be who they claim to be), or if a journalist or blogger decides to meet with an “anonymous source”, then you should switch off your mobile phones, since the proximity of two mobile phones in the same approximate area, at the same time, is something which can be data mined from the Call Data Records, even if no phone conversations have taken place. Typically a mobile phone will handshake with the strongest Cell Base Station transmitter every 6 to 10 minutes, and this all gets logged, all of the time.
- Similarly choosing a suitable location for a meeting needs some care. Nipping down to a local pub near to to the Marsham Street Home Office complex may be convenient, but your presence and that of the journalist etc. is likely to be noted by some of your work colleagues.
This is not quite a comprehensive list of hints and tips to help with sucessful whistleblowing – do any of our astute readers have any other suitable hints and tips ?
We have kept a few techniques back (email us, using if you want to know more).
None of these tips really matter for a whistleblower, unless it is Top Secret stuff which is being passed on to a politician, journalist or blogger, but they might make it less likely that a whistleblower, or the publisher of their revelations, will be harassed by the Home Office (or other Government Department).
Impressive. Here are some more:
- Become computer literate. That is the one sure way to almost eliminate the risk of getting caught; know what you are doing.
- Stop using Windows, and switch to Ubuntu. Windows is an insecure OS. If you use it, you leave yourself open to attacks both published and unpublished. It is widely held that the NSA has backdoor access to all copies of Windows. Ubuntu is free, secure, has higher performance than Windows and you can do everything (in fact far more) with it that you can do with Windows.
- Install Mozilla Firefox as your browser.
- Install TOR for Mozilla Firefox if you want to leave an anonymous comment on a website or access anonymous webmail. When you are using TOR, you can leave documents anonymously online for retrieval by journalists.
- Install Thunderbird as your email client. It is the best email client out there, and there are security plugins for it that are easy to install, like Enigmail, throug which you can manage GPG.
- Install the Enigmail plugin for Thunderbird. It is simple to do. You will then be able to send and recieve encrypted email seamlessly.
- Use dropload to send files anonymously. Use this from a disposable email address you connect through via TOR.
- Use GhostView to sanitize PDFs. You can use GhostView to sanitize PDFs, and even to remove the security from them so that they can be printed and converted into other formats.
- Create a whistleblower identity for yourself in a separate user account on your computer. Many operating systems set document author fields as the name of the person who is logged in. If you cannot sanitize a document manually, this false name will be used instead of your real name. This goes against No.1 of course. There is nothing like drama to promote your message. Adopting a whistleblower name will propel your story to the front pages.
- Create a GPG keypair that uses this whistleblower name. Then, when you need to send subsequent messages to the media, they can verify that it is indeed you sending the message, and not a Home Office damage limitation agent. This of course needs a computer literate journalist on the other end of the communication…heh good luck.
Wouldn’t it be great if a newspaper published its own GPG key so that people could communicate with it in private? Which paper do you think would be the last one to publish such a key?
And btw if any of this is wrong, please email me so that I can correct it.
updated January 7th 2009
updated September 15th 2013