How to Be Invisible

LAPTOP COMPUTERS

Gone are the days when you need a desktop computer for computing power. I suggest laptops only because they are so much more convenient to conceal.

I take precautions that many of you readers have never dreamed of, yet never for a moment do I fool myself into thinking that the data on my computer is secure. And take note—this chapter discusses neither e-mail nor the Internet. It deals only with a personal, non-networked computer that is never, ever connected to any medium outside the four walls of your home.

Perhaps you have a file or a folder that you wish to keep private because it contains personal letters, financial records, business secrets, pictures, a list of confidential names and addresses, or whatever. Here are some of the ways in which such information could be obtained by others:

• A family member or friend (perhaps of your teenaged children) checks out some of your personal files.

• A thief breaks into your home, steals the computer, and sells it through a fence who in turn sells it to—who knows?

• The local police get a search warrant based on a false complaint and confiscate your computer. Even though you are later proved innocent, they’ll check your hard drive in the meantime with a killer program called EnCase.

• A PI will park his van down the street and—thanks to the “van Eck” emissions from your monitor—will read everything on your screen. Legally.

• The FBI targets you for some ephemeral reason, but does not have hard evidence to obtain a warrant. Instead, they do a sneak and peak, a surreptitious entry to check out the hard drive on your computer. Before they leave, they’ll install a keylogger, which will record every keystroke you make from then on, including passwords … and you’ll never be the wiser.

Do not travel with this laptop. (Use a second “clean” laptop for the Internet, and for when you travel.) More than 700,000 laptops are stolen every year while traveling or commuting. Some are left in taxis by mistake. Some disappear after leaving them too long at the far end of the airport scanning machines. Others are stolen from hotel rooms, or snatched at the airport when the owner set his laptop down for “just a moment.”

ENCRYPTED FILES

For many years I resisted all forms of encryption, assuming that it was either too much trouble, or beyond my capabilities. However, with the help of my PI friend Tim LaTrasse, all my laptops are now encrypted, as well as many of my flash drives. I asked Tim to write a short e-book with instructions so basic that even his grandmother could follow them. By the time you read this, his e-book should be available at CanaryIslandsPress.com.

HIDE YOUR LOCATION

As often mentioned in this book, no one outside your close friends and (perhaps) relatives should know where you live. If investigators cannot find you, they cannot alter, add to, or confiscate your computer. (The same applies if you work in a private office away from home. If you fear surreptitious entry, take the laptop with you when you leave.)

FORTIFY THE ROOM WHERE YOU WORK

This is your second layer of defense. Gerry L., a close friend of mine for the past forty-five years, writes and sells computer programs for small businesses all over Spain. He has a suite of rooms in a high-rise office building on Tenerife Island with a single entrance door. The outside of this door appears normal, but it is backed on the inside with a steel plate. When locked, a remote signal slides iron bars across the back. All windows face the open sea, which protects him against monitoring by laser, and he uses only laptops with screens and fonts designed to foil anyone trying to monitor the low-level radiations.

At home, of course, a steel entrance door may be of little help because of all the windows. However, if your computer is in a room in the basement or on an upper floor, why not install a reinforced door? If you add a keyless electronic access control, you may be able to thwart PIs and/or government agents despite their lock-picking tools and skills.

Often, however, the computer will be kept in a ground-floor guest bedroom that is being used as a home office. If you have a desktop computer, hooked up to one or more printers and perhaps a scanner as well, you won’t want to move it every time you leave the house empty for a short time. In this case, you may wish to install a long narrow table across the back of the closet, and then have a carpenter install secure doors that can lock everything inside.

DO NOT TRUST YOUR NEIGHBORS

Jim and Jane B____, a young working couple with no children, had long planned on a two-week trip to Hawaii. When the time came to leave, they left a key to their home with Jane’s brother, Karl. This was to be used only in the case of an emergency.

Upon their return they picked the key up from Karl and all seemed to be well. Several months passed. One evening, when they returned home from work, they found the computer turned on. Jim was positive it had been off since the previous evening. Alarmed, he checked the history and the cookies and found a sea of child pornography Web sites! He checked all the windows and doors. No trace of a break in. Jane checked the drawer in her nightstand. The money she kept there had not been touched. This had all the markings of an inside job by someone who had a key.

Karl, when contacted, was persuaded to avoid a serious beating by confessing. He’d copied the key they had once left him and had been slipping into their home to use the computer while Jim and Jane were away at work. When an emergency call had come in on his cell phone, in his haste to leave he’d forgotten to clear the history and the cookies and to also turn off the computer.

If you are ever caught in such a situation, the first thing to do is to back up the files you need and then destroy the hard drive. Sand the surface of the disk with a belt sander, melt it down, or hammer it into tiny pieces and then feed them slowly into a fast-moving river. Otherwise, what remains on that drive could someday be used against you.

As for leaving a key behind, here is how we do it when we will be absent for a period of time. A key is hidden outside in such a way that not even the Homeland Security boys will ever find it. If an emergency should ever come up (and so far it never has), our neighbor Maggie has instructions to call my cell number and leave a message. I will then call her back and describe in detail the hidden location of the key. Maggie is in her eighties and doesn’t know a modem from a monitor. In fact, she’ll never see the computers because I leave them in an undetectable secret room.

WHAT ABOUT THE FOURTH AMENDMENT?

The Fourth Amendment to the U.S. Constitution states:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

With respect to criminal prosecution, the amendment applies solely to “the State” and agents of the state. Therefore, if a non-law-enforcement person sneaks into your home and finds what appears to be incriminating evidence, it can be turned over to the police and will probably be admissible in court. The court will want to make sure, of course, that the evidence was obtained without a suggestive direction from law enforcement such as, “We think there might be some evidence in that place but (wink-wink) we’re not allowed to go get it.”

PASSWORDS

If you encrypt a file with a password, you should know that computer forensic experts use password-cracking programs that can pull up any real word in any language. A good friend once used one of these programs to attack a secret file that was protected by a nine-digit password, author unknown. When the English program failed, he went to Spanish, then French, then German, then Italian. The seventeenth language he tried was Pakistani, and the password that unlocked the code turned out to be the name of a relative in Pakistan.

Never store your passwords in your wallet, purse, or a sticky note on the bottom of a desk drawer. Also, be very careful about those password-hint options at Web sites. Make sure the hint won’t be a giveaway to those who know you well. For example, if the question is about your mother’s maiden name, choose a totally different name and memorize it.

In addition, form the habit of never, ever using a real word by itself. Instead, use a phrase. Key in the first letter of each word, followed by an actual word at the end. Eight digits should be your minimum; twelve is better. Example: The phrase “I was born and raised in Dakota” translates to iwbarid.

Next, substitute a symbol for one of the vowels. In the example just given, let’s change the “a” to “@.” Then capitalize the last letter. We now have iwb@riD. Add a four-digit number, perhaps some obscure historical date such as “0654” or “1040.” Any password formed in this matter should certainly be secure … or will it?

Veronica V., a professional paranoid, has a secret office in her home that has triple locks and is protected against CO2-laser-reflective sound being picked up from the window. (She keeps a small massage vibrator on the windowsill, behind the screen, where it can touch the glass.) Two vicious Dobermans patrol the yard behind a chain-link fence.

Veronica—expert in the use of encryption—now compiles a list of names and addresses for a secret mailing list. She protects this list by using PGP encryption that she has compiled herself. She makes sure she’s running a clean version and she chooses as her password “1latfar1ghts1215.” She commits this password to memory (“I love all those Fourth Amendment rights,” substituting the number “1” for the letter “i” and adding a date) so that no one can ever find it even if she’s raided. She never encrypts a message while online, so no one can monitor the data line. She even wipes her swap file so there’ll be no trace of the password anywhere.

No one, no one, she vows, will ever get this password out of her unless they clip wires to her most sensitive parts and crank up the voltage. And, since she lives in the good ol’ USA instead of Mexico, Israel, or North Korea, torture (aka “rubber-hose cryptography”) is not an option.

Nevertheless, unless Veronica protects herself against the dreaded “Tempest” as well, her so-called secret password can be plucked from the air with not so much as a nod to the Dobermans.

TEMPEST AND VAN ECK

Although these two terms are sometimes used interchangeably, they are not the same thing. TEMPEST is a set of standards used by the government to gauge and reduce electromagnetic emanations from electronic equipment. The radiations themselves are often referred to as “van Eck” radiations, named after Dutch scientist Wim van Eck who published an unclassified paper on the subject back in 1985.

TEMPEST frequencies run from commercial AM stations to the upper reaches of 600 MHz, and thus cover transmissions from your TV set, your stereo system, your microwave oven, your wireless alarm system, your cordless phone, and your computer. Your monitor acts as a radio transmitter, sending out signals in the 2 to 20 MHz range. (These resemble broadcast TV signals, although various forms of sync will require restoration.)

So then, your keyboard strokes are transmitted into the air. Any digital oscilloscope, in the hands of a professional, can detect the leaking signals with ease. Therefore, when Veronica types in her password, the man with the van Eck receiver in the Ford van down the street sees that password magically appear on his screen!

Your printer, too, can betray your privacy. The NSA uses a classified technique called digram analysis to assist in eavesdropping on van Eck emanations from printers. Remember, all monitoring of your equipment is passive, and therefore cannot be detected. Unless you take protective measures, an information warrior can, with the proper frequency tuning, antenna manipulation, reintroduction of sync and vehicle location, monitor you anyplace, anywhere, anytime.

Warning: If you live in a terrorist country and are composing a list of freedom fighters, obtain and study the book Desktop Witness, by Michael A. Caloyannides. If you think that mere encryption will solve your problems, Caloyannides will disabuse you of that notion.

QUESTIONS & ANSWERS

How can I dispose of an old hard drive?

If possible, do something similar to what they do in the Marine Corps: sand the top off with a belt sander. Or burn it. At the very least, hammer it into bits and pieces and then drop them off a bridge.

Couldn’t a PI who secretly enters my home to install a keylogger be prosecuted for trespass?

In theory, yes, but according to both a detective I spoke with, and a Harvard-trained prosecutor, since the question is about prosecution criteria, the answer is almost invariably no. Trespass is a minor crime that a prosecutor will seldom mess with, knowing that even if he does file, jurors will seldom convict.

Where should I buy a new laptop?

You might try Best Buy or one of the office supply stores. If you order online, use someone else’s credit card and hand them the money—plus a little extra—up front. (In this case, the computer may have to be shipped to their address, but if not, use your ghost address.) And when you boot up for the first time and must fill in some blanks, don’t even think of using your own name. (You can often get by with an “x” or a zero.)

What if I forget my password and thus lose a file I really need?

The protection against losing a password is to use a personal fingerprint reader such as that found at www.digitalpersona.com. These readers convert your print into a unique digital string that becomes your password. Just don’t lose that finger!