Cybersecurity Journalism/Editorial

Journalist? Secure your communications – or pay a high price

Deep Web for JournalistsDeep Web for Journalists, by Alan Pearce – a review

Journalists typically see digital tools such as the laptop and smartphone as essential parts of the work armoury, even some occasionally wonder about the level of compromise involved in their use. Yet even a cursory perusal of Alan Pearce’s new eBook “Deep Web for Journalists” is liable to convince that such convenience comes at a high cost.

This short epublication explains how insecure such tools are, and why simply using them carelessly can provide some of the worst and most unscrupulous people in the world with details about your personal life that you would not choose to give to anyone.

As Pearce says, “In the old East Germany under the Stasi secret police, people didn’t talk openly because they didn’t know who was listening. Now we have the same situation on the internet. And the ability to speak openly was one of the best things about the internet. In many ways, they [those using the net to spy] have ruined something that was truly marvellous.”

That other indispensable digital companion, the smartphone, is apparently equally treacherous. “If you want to be monitored 24/7 and followed wherever you go, buy a smartphone. Mobile espionage, long the preserve of law enforcement and specialised investigators, has now evolved into a fully-fledged cybercrime industry.”

Pearce points out that in 2011, “Kaspersky Labs detected nearly 5,300 new malicious programs for all mobile platforms. By 2012, the total number of unique malicious files exceeded six million – the vast majority aimed at Android.” In 2015, the sheer number out there is hard to quantify.

And just to confirm that Edward Snowden was right all along, “Mobile devices are also the preferred target of intelligence agencies, with the NSA boasting that it can “own” or control any handset.” Many of the apps available, he says, “will track your locations, browsing and downloads, and collaborate with other apps to build up a detailed profile. Some will intercept incoming calls or activate the microphone. Many apps harvest contacts, some collect passwords … worse still, there are apps that run even when the phone is switched off.”

However, your smartphone can also be turned into “a high-tech spy tool and counter-surveillance device to rival anything that Ian Fleming’s Q might have dreamt up. You can secretly record, access banned content and communicate securely …”.

Which is the real point of the book. It is not just about the Deep Web, but lists the methods that journalists can use to communicate more securely while using the internet and telecom nets. The tools available for laptop and smartphone, how to browse the web anonymously, how to keep everything off-radar using certain mobile apps, how to connect to social networks and websites blocked by government, even a self-destruct feature that will destroy any content once it is unscrambled and viewed. The book lists dozens of sites and services, some paid and some free.

The content can be somewhat depressing, since it makes clear that if your communications are of sufficient interest to the security services, then there is nothing you can do to protect your content from external surveillance. Hacking wifi or broadband modems is routine, but more sophisticated approaches include microwave surveillance of a room with an airgapped computer, i.e. one that is never connected to the internet.

Most journalists might tend to feel that this is little problem. What the book makes clear, however, is that if your work could embarrass powerful people, even if they have no legal authority, then your communications are supremely vulnerable. And that in this 21st century, covering sensitive issues is likely to drag you into an ongoing cyber-warfare scene that will suck up time and resources, to the point where you will understand that investigative journalism is either for the well-resourced staff of publications such as The Guardian, or for a few principled (or fanatical) people who are prepared to stand for their beliefs come what may.

In which case you may come to the conclusion that for content that has to be secure from no-matter-who, then you need to go offline completely. Face-to-face meetings and paper records. There are rumours that the more secretive parts of Russian intelligence have gone back to using typewriters for this reason. And apparently, one third of the population of the US neither uses the internet nor feels the need of it. Although whether that is a related issue who can say!

But it does perhaps go to show that life is possible without the internet, surprising as that may seem to a generation raised with it. This reviewer is old enough to remember going travelling when there were no mobile phones. When it was a case of “I’ll send a postcard, see you when I get back Mum”.

Perhaps life was simpler then. Whether it was better I don’t know – the jury is probably still out. In the meantime we have our digital world. We just have to look to our digital defences.

© Philip Hunt, 2015.