|
4.2 Case Study 2
Communication channels
Outline
The global NGO ‘Human Rights for All’ (HQ) based in Europe has requested that one of its international branches (the Bureau) performs an investigation into cases of torture at the hands of the local government. The selected country ‘N’ has long become notorious for using torture against prisoners and especially human rights defenders. The Bureau is located in the capital of ‘N’ and employs a number of skilled people with many years experience of working in difficult situations. They can collate the necessary information for the report on torture but worry that the government will stop at nothing to prevent them from doing so. ‘N’ has a very tight policy on controlling information and making sure that the outside world knows as little as possible about its internal activities.
HQ decides to publish the report, based on the information they will receive from the Bureau, themselves. They need to establish a secure channel of communication with the Bureau and make sure that the project continues until completion, or for as long as possible. There is an understanding that security is a primary issue here and they have allocated a budget of 5,000 USD to the Bureau especially for this cause. The project needs to survive attempts by the local forces to compromise, restrict or destroy it completely. The Bureau is to undergo a review of its methods of collecting and communicating information as well as of building a security policy for all staff to implement.
It is decided that all staff undergo information security training by a local expert and do their own study and research in security issues on the Internet. Case studies, witness reports and other information on torture cases they may uncover will be stored on paper and in electronic format. Field reporters will communicate their findings by bringing back a collection of notes taken during the mission, and by making daily reports from an Internet café. In other words, all information will be duplicate in physical and electronic format.
The office comprises a rented apartment in the centre of the city. There are two computers and an Internet connection. The staff are well-acquainted with the neighbours and enjoy their support. The office had previously been broken into, although nothing of importance was taken.
Threats
To get an understanding of what elements the Bureau will need to secure this project, they first decide to list all the threats they may face. The project work area is shared by HQ, the Bureau’s office and the field workers. Each face their own particular threats and these must be dealt with separately. Likewise, the threats themselves are separated into those affecting office, information and communications security101.
HQ
Office threats: minimal
Information threats: Reports could be lost due to virus damage or hacking
Communication threats: The communications link with the Bureau could be broken, or reports could be spoofed (falsified by malicious intrusions).
The Bureau
Office threats: Vandalism to equipment, theft, electricity faults, fire
Information threats: Computers are confiscated, data is corrupted by virus attacks or hackers
Communication threats: Office internet is disconnected, email does not send or arrive, HQ website and email address blocked, communications monitored
Field workers
Information threats: reports are lost or confiscated
Communication threats: field workers cannot access Internet café, the Bureau’s or HQ’s website become blocked from access within N.
Solutions
Communication
Communication between the different players in this project is essential to its survival. Therefore the participants devise several standards and methods of establishing and continuing this communication.
Three distinct channels of communicating with HQ are established. There is an open channel, where information is communicated in an insecure fashion – by telephone, post and regular email. It is important to have an open channel, so that the monitoring bodies can be satisfied of having ready access to the project communications. Information passed through the open channel is not sensitive and would include typical administrative and organisational data.
A private channel will provide for sensitive and secure communications. It will be used for exchanging information about cases, witness reports and organisational strategy. It is decided to use a secure webmail solution and Gaim with OTR plug-in for instant messaging102. No sensitive information will be passed by telephone, fax or insecure email. The private channel will not be used regularly so as not to attract too much attention.
The above channels require a functioning Internet connection for communication. It is agreed that HQ will not suffer from Internet shortages and a backup channel is devised for the Bureau and their field workers, in case the Internet stops working or is disconnected. The backup channel will involve the Bureau workers using a nearby Internet café.
A graphical schematic for the Bureau’s communications system
Information
All data recorded and collected by the staff will be kept on paper and electronically. This will require necessary safety measures to ensure that the data is not lost, stolen or damaged. It will be very important to create and maintain a backup procedure that will outlive possible attacks. Likewise, the backup medium itself will need to be secure, as it creates an additional copy of sensitive documents.
To make sure that no field reports are lost before they are transmitted back to Bureau, a laptop will be purchased. Field workers will record information on paper and duplicate it to laptop. They will communicate this information to the Bureau from an Internet café on a daily basis (or as often as possible).
Office
Office security will include a rigorous policy for the staff, strengthening of entry points to the building and general upkeep to make sure that the chances for computer crashes are reduced. Physical documents will need to be kept in a safe, and wasted paper will need to be properly destroyed. It must be taken into account that computers and other office equipment could be damaged or confiscated, so a reserve fund is maintained to allow the organisation to purchase new equipment and resume work should this occur.
Detailed responses to threats
After developing a general idea of how to operate when dealing with possible disruptions to their work, the staff attempt to counteract all of the individual threats listed in the diagram. They undergo security training and perform their own research into electronic security on the Internet.
Information threats
Multiple layers of data backupconfiscated, the documents can at least make it back to the office
- Files, reports lost or confiscated: To prevent the loss of data,
regular backup is made of the information on computers and laptops. A
re-writeable CD drive (CD-RW) is sourced for 200 USD and installed on
one of the computers. Information backup is implemented by using the
DeepBurner and Freebyte programs available on the NGO in a Box –
Security Edition CD. Every second day a backup is made of all the user
documents, put on a CD and taken off-site. The person to maintain this
backup rotates 2 CDs, one of which is always in the office and the other
- at his/her house. At the end of every month, an additional backup is
made and given to another person to keep at home. This way, should the
computers in the office be damaged and the daily backup system be
compromised (quite difficult to orchestrate), there will be a third tier
of information backup from the previous month. Backup for field workers
is done on a USB memory stick. The stick contains a copy of all recent
documents, made by reporters since they last visited the office. If the
laptop is lost or
- Virus attacks or hacking: To prevent the
loss of data through a virus attack or hacking, the Bureau installs the
Avast4 anti-virus software on all computers and laptops. The software is
free for non-profit organisations and updates automatically when the
computer is connected to the Internet. They also install Spybot to
counteract other malicious software and the ZoneAlarm firewall to
prevent hackers from intruding into their computers. All software and
explanations are found on the Digital Security Toolkit
CD. A
strong policy on viruses is introduced, ensuring that nobody opens
suspicious-looking email messages or uses an external diskette in a
computer without scanning it with the anti-virus software first.
- Computers confiscation: If the computers are confiscated with
official warrants or otherwise, the organisation must have the means to
continue its operation. It will be necessary to purchase new computers,
and money must be allowed in the budget for this. Even one computer will
suffice if the circumstances demand it. The staff source a computer
retailer who will sell a new computer for 1000 USD. Needless to say, a
backup of the files and documents will be required to bring the
organisation back to its original state and allow the project to
continue.
- Theft of documents, equipment: A strict key policy
is introduced and only those in need of possessing office keys are given
a copy. No additional copies can be made without general consensus. All
computers are switched off at night and a safe for files is purchased at
300 USD. All CDs, diskettes and paper with sensitive information on it
is kept in the safe. Measures are implemented to make sure that no
unwanted persons could sneak into the office. The windows are within
ground level and will be protected with metal bars. The door is also
strengthened and a peep hole installed. A local company agrees to do
both services for 500 USD.
- Loss of Internet connectivity: It
is possible that the Internet is disabled from use for the Bureau. This
could be the result of pressure on the Internet Service Provider or a
malfunction of the network itself. To counteract, the staff decide to
use an Internet café. Should the interruption to the office Internet
connection prove long-term, 500 USD is set aside as emergency fund to
for using the Internet café. A USB memory card will be used to transmit
files between the office and the Internet café.
- Communications
monitored: If the surveillance infrastructure of N is sufficiently
advanced, they will be monitoring email that comes in and out of the
country. The Bureau has a suspicion that their email is sensitive enough
to warrant its monitoring and switch over to using a secure SSL webmail
service. They register two accounts at
https://www.riseup.net103 and use one for communicating with
HQ and one for the field workers. All information is passed to the
headquarters daily via email. Since the connection to the webmail client
is over SSL (HTTPs), it is encrypted. The Bureau staff research the
possibility of Man-in-the-Middle attacks and are careful checking the
certificates presented by the website.
- Website and email
blocked: If the government decides to block Internet access to the HQ
website and to the RiseUP webmail, an alternative must be found. The
Bureau employees can find other secure webmail providers or employ a
number of circumvention methods to bypass these blocks. It is decided to
purchase such software either through http://www.anonymizer.net or the
‘Internet Anonym’ package from http://www.steganos.com. These tools will
give the office computer anonymous access to the HQ servers. Bureau
staff research and find many similar organisations offering such access
from a fixed computer as well as as from public ones they may need to
use in an Internet café. Money for this has been allocated in the
emergency budget and 200 USD has been put aside for it.
- Computer technician: A previously tried and tested consultant from a
computer company will visit the office twice a month for general
administration and will be on call for emergency situations. The fee
will be 1,000 USD for 6 month.
Budget |
Bars on windows and door strengthening | 500 USD |
CD re-writer and 10CDs | 200 USD |
Safe | 300 USD |
2 USB memory cards | 100 USD |
Laptop | 1,000 USD |
Computer Technician | 1,000 USD |
|
Total | 3,100 USD | |
|
Emergency money: 1000 for PC, 500 for Internet |
café, 200 for Circumventing Website blocks | 1,700 USD |
Budget Total | 4,800 USD |
|