I spend a lot of time thinking about how to become invisible on the Internet. Because I’m not going to lie; I am one of those paranoid types who thinks the CIA is out to get me. Sometimes I believe it, sometimes I don’t. I still have an inkling suspicion that my dentist embedded a CIA probe in one of my fillings, which is the main reason why I switched to a different clinic. I still have to get the X-rays from the office to see if any of the results were fabricated.
But who knows? The CIA has been known to target people who are a threat to their power. They’re basically like the Mafia; only difference is the government doesn’t try to stop them, because they basically are the government. Remember that whistleblower who “committed suicide” via two gunshot wounds to the back of the head? That could be me. I am somewhat of a political activist after all, and a lot of my activism is anti-censorship, anti-surveillance, and anti-war, none of which will go over well with the military-industrial complex that runs my country.
Honestly, considering everything that’s been happening in the world recently, I don’t think I’m even paranoid. When you’re dealing with an organization that is legitimately evil and also very powerful, not being paranoid is more of a mental illness than being paranoid. It’s far better to err on the side of paranoia these days. So rather than trying to fix my psychosis, I prefer to justify it with a Matrix analogy. I think of it as taking the Red Pill. I’m unplugging from the Matrix. The Matrix in this case is the fantasy world where the government is your friend, corporations can be trusted, the media never lies, rich people never collude with each other, and you can trust that everything is 100% as it seems. All empirical evidence indicates that this is a fiction. And it’s up to us to take the journey down the rabbit hole, discover the truth, and respond accordingly.
I’ve put a lot of thought into how to conduct business of an activist nature in secret without any information being leaked to the CIA. Of course the fact that I’m talking about it here makes me infinitely less secure, but I figure I can largely resist their espionage by keeping a low profile and not drawing too much attention to myself. I’m subscribed to TunnelBear, which is an elite VPN that I keep on at all times; and it’s not one of those VPNs that tracks what sites you go to so they can bombard you with ads either. It’s a paid VPN that only collects a bare minimum of information needed to conduct business. Is it enough to obscure my presence online? I’m sure if the CIA tried hard enough, they could find me no problem, but the VPN in combination with staying off the radar and not using Google or Facebook services should keep me safe for the time being, until I’m able to modify my body and become a cyborg with bulletproof skin and a million other neat features that will give me a fighting chance against the war machine that rules over us.
Basically, I know that anything I do on an Internet-connected computer can be leaked and somehow find its way to NSA or CIA servers. This includes keylogger data, acoustic cryptanalysis data, web browsing history, tracking cookies, images of my screen, etc. What I want to focus on here are the various physical mechanisms by which information could leak from my computer to the outside world. In analyzing the risks I basically came up with a few broad categories of leaks:
- Leaks through a wired network connection – The most obvious one on the list and probably the easiest way to spy on people.
- Leaks through radio-frequency electromagnetic radiation – This would include either WiFi or any residual EMF radiation generated by the electronics of the computer
- Leaks through visible light or higher frequency radiation – This basically means the residual radiation generated by the picture on the monitor, which can be picked up through a novel method called Van Eck phreaking. Basically, someone could install a sniffer on the power lines across the street to pick up trace increases and decreases in current caused by residual electromagnetic radiation from nearby displays. It could then use these subtle variations in current to reconstruct the picture on the screen, which, combined with OCR, could get you labelled a dissident and put a bright red dot over your house. This vulnerability mainly concerns CRT screens, since they produce a much higher and more detectable level of EMF, including X-rays, but there’s a lower yet still detectable amount of radiation produced by LCD displays as well.
- Leaks through the power mains – This is the other wired connection through which a computer will inevitably be connected to the outside world. Noise from power mains can still be separated out if there’s a sniffer on the power lines. It’s important to consider all possible channels through which a signal would travel, even if there’s no networking protocol for sending data through those channels.
- Leaks through sound – This is how a lot of air gap jumping viruses work, and it’s something that has been a hot area of research by the CIA according to Wikileaks. Basically how this works is a malware program will signal to an air-gapped machine through a series of ultrasonic beeps. Humans can’t hear this beep pattern, and will be completely unaware that they have two infected devices communicating with each other behind their back. This is why if you do set up an air-gapped machine, it’s important to make sure it never goes online, not even once.
- Leaks through sneakernet – Air gap jumping viruses can also travel via USB flash drives, SD cards, and other portable memory devices. This is why it’s important as well to not share portable mass storage devices between machines if you want one of them to be properly insulated.
I’m going to examine the technological remedies I propose for each of these:
- Wired network leaks – Pretty simple to guard against this one. Just don’t connect to any Ethernets. This is the first step towards creating a proper air-gapped system.
- Power mains leaks – This is a little trickier, because you have to get power from somewhere. The solution I’ve come up with is a portable rechargeable battery pack. They sell these on Amazon. You plug the pack into a wall outlet to charge it up, then you unplug it and plug it into the air-gapped device, and the device draws power from the battery pack the same way it would draw power from an outlet. Thus the device is powered without having to ever be physically connected to the power mains.
- WiFi leaks – The most obvious solution is to not connect to any WiFi networks. But this is not enough, because someone else on the WiFi network could forcibly connect your device to the network remotely. I don’t know exactly how this would be done, but as a general rule of thumb, if you have physical proximity to a device, you don’t need the Internet to be able to hack it. So it’s probably best to disable the wireless card entirely, or better yet, get a device with no wireless card. Some versions of the Raspberry Pi ship without built-in WNICs, which is why you need a special WiFi dongle to connect them.
- Other EMF leaks – Other than a WiFi connection, someone could pick up residual signals from your computer using Van Eck phreaking or an equivalent technique. To stop this you have to construct a shield that blocks all radiation below a certain frequency. Because this shield would have to cover the monitor as well, it’s best to use some kind of wire mesh. If you construct a mesh out of metal wire, where none of the holes are large enough to let radio waves escape, and the mesh surrounds your entire device, this is what’s called a Faraday cage. The technique works for phones as well. Got a phone that doesn’t have a removable battery, and want to prevent people from triangulating on your position? Just wrap the thing in tinfoil, and your phone will become invisible to all cell towers. This is where the idea of a tinfoil hat comes from.
- Acoustic leaks – The bad news about acoustic air gap jumping is that it’s next to impossible to disable it entirely. The good news is that it can only take place between two machines that are already infected, or are in some way programmed to communicate through ultrasonic beeps (which computers typically aren’t by default, which is why they have to be infected first). So the way you prevent acoustic air gap jumping is simple: Never ever ever connect your air-gapped machine to the Internet for any reason. Never even share a Flash drive between it and a connected machine. Which brings me to the next one.
- Sneakernet leaks – This is actually fairly easy to avoid in theory. But the question remains, how to do you actually transfer data between machines? Well, you could do what the CIA does and use the ten-finger interface – meaning you physically sit there reading the text from one computer’s display while typing it into the other computer by hand. I also had an idea where I could transfer information via printed copy, and then use a scanner combined with OCR to read the data and convert it into plain text format. Remember that this can be used to transfer not just plain text but also source code, which means it’s possible to install new software on the air-gapped machine without ever connecting it to the Internet.
So this is basically going to be my system when I finally build my air-gapped machine. I’m currently trying to save up enough money so I can actually get all the necessary components, as well as the materials to build a Faraday cage. Currently this project is entirely in the planning phase; I haven’t done anything with it physically. At the moment I’m writing all my sensitive information down on paper – the one place where the government and corporations can’t get it. I’m relying on the Fourth Amendment to keep these papers safe, and hopefully my government won’t succeed in repealing the Constitution while I’m still using this system.
I went through several stages in planning a tinfoil hat for my computer, and I did quite a few experiments with tinfoil as well. My original idea was to cover my entire walls with tinfoil. I quickly realized this was not feasible, not just due to the physically cumbersome nature of installing the tinfoil, but also because I would need holes in the Faraday shield for things like the power outlets and whatnot. And also, I didn’t feel like blocking off my windows or covering my floor with tinfoil either. You gotta remember that there have to be no holes larger than the wavelength that you’re trying to block. In my case I’m trying to block wavelengths in the radio and microwave frequencies, so any holes would have to be no larger than about a centimeter.
I did some experimenting with my computer, wrapping my entire laptop in tinfoil and then trying to issue commands from a remote control mini-keyboard that I have. Unfortunately the signal wasn’t blocked, probably because there were cracks. In this case we’re dealing with infrared waves, which are considerably shorter than microwaves or radio waves, so having any cracks whatsoever is not permissible.
I then did some experimenting with my cellphone. I wrapped it in tinfoil and tried calling the number from a portable phone. I found that when the cellphone was completely covered, the signal was successfully blocked. I then made a small hole in the tinfoil. Still blocked. So I gradually made the hole bigger until I was able to get a signal through. I found that the hole started letting in signals once it got to be about an inch wide. Of course mileage will vary with the exact frequency of the signal you’re trying to block. The higher the frequency, the harder it is to block the signal.
At one point I was toying with the idea of putting up a big lead shield in my room, right in front of the computer screen. Now lead shielding is somewhat different from a Faraday cage, because whereas a Faraday cage actually deflects the signal, a lead shield will simply absorb it. This means no signal bouncing around and finding its way to the Van Eck sniffer in a roundabout way. Also, lead will absorb pretty much any frequency, including very high frequencies like X-rays. So if I have a lead shield in front of my screen, it will at least absorb any visible light being emitted and prevent the picture from being reconstructed that way. I figure the visible light signal is what would be used to reconstruct the picture anyway, so if I block that, I’m probably safe. Of course the question remains: Where will I even find a lead shield and how will I afford the exorbitant price?
I also did some speculating on what it would take to block brain waves, either for the purpose of preventing Big Brother from reading our minds, or for the purpose of blocking government mind control signals. A tinfoil hat obviously won’t work here, because there’s a big hole in the bottom. But on the other hand, brain waves have an extremely low frequency, only up to about 12 Hz. which means as long as there’s some sort of enclosure around the brain then any signals should be effectively blocked. A tinfoil hat doesn’t work because brain waves can still travel through the base of your skull. However, maybe you could wear some sort of mesh covering your entire head, kinda like what beekeepers wear. Would that keep the government out? Hard to tell. I will have to do more research on this to determine the best solution.