***************************************************************
Security-news <security-news@resist.ca>
A security bulletin for autonomous resistance movements
Produced by the folks who bring you http://security.tao.ca
***************************************************************

August 5, 2002

It's Bulletin #3 and an interesting week for it given the raid on an
ALF spokesperson's home last week and continuing Grand Jury
investigations in Portland. Not to mention the news articles we came
across this time around. Submissions, feedback and support can all be
sent to us at secure@resist.ca - please let us know what type of how-to
and tips you would like us to write about in the future!


**********************************
Security-news: Issue #3 - Contents
**********************************
* Security tip of the week: Office Lock & Key Security
* News Item: Spy Watch - Big Brother Incorporated
* News Item: A New Code for Anonymous Web Use
* How-to: Prepare for a Police Raid *Before* it Happens

*****
Security Tip of the Week: Office Lock & Key Security
*****
When you take over a new space/office/warehouse the first thing
you should do is change all the locks. You have no way of knowing who
still has keys to the place and what benefit they might derive from
continuing access. Your organization should establish a regular re-lock
and keying procedure. Groups concerned about security should change all
locks and keys every six months or once a year. For more information on
building security go to http://security.tao.ca/personal/building.shtml.

*****
News Item: Spy Watch: Big Brother Incorporated
*****
Big Brother Incorporated
by Eveline Lubbers

For years, activist groups in Europe thought that Manfred
Schlickenrieder was a leftist sympathizer and filmmaker. He traveled
around Europe, interviewing a broad spectrum of activists, and even
produced a documentary video, titled Business As Usual: The Arrogance of
Power, about  human rights groups and environmentalists campaigning
against the Shell oil company.

In reality, Schlickenrieder was a spy, and Shell was one of his clients.
His film and his activist pretensions were merely cover designed to win
the confidence of activists so that he could infiltrate their
organizations and collect "inside information" about their goals and
activities.

Schlickenrieder's cover was blown when the Swiss action group
Revolutionaire Aufbau began to distrust him. Its investigation uncovered
a large pile of documents, many of which were put online at the
beginning of 2000 (http://www.aufbau.org ).These documents proved that
Schlickenrieder was on the payroll of Hakluyt & Company Ltd., a
London-based "business intelligence bureau" linked closely to MI6, the
British foreign intelligence service. In addition to spying on behalf of
multinational corporations, the documents also indicate strongly that
Schlickenrieder was working simultaneously for more than one German
state intelligence service.

Full article archived at nettime.org -
http://amsterdam.nettime.org/Lists-Archives/nettime-l-0207/
msg00135.html

Security-news note: This article reports on and analyzes events that
took place in 2000, but it only gets more relevant as "independent
media" is welcomed into activist channels with open arms. Alternative
media definitely has its place in supporting and advancing activism and
global change - but it's never a bad idea to check out the people who
you are allowing to capture all your movements, demos, meetings etc. on
film. Of course, it goes without saying, that you should never allow
activities of an illegal nature to be filmed except in the most
controlled circumstances.


*****
News Item: A New Code for Anonymous Web Use
July 12, 2002 (code to be released this week)
*****

NEW YORK -- Peer-to-peer networks such as Morpheus and Audiogalaxy have
enabled millions to trade music, movies and software freely. A group of
veteran hackers is about to unveil a new peer-to-peer protocol that may
eventually let millions more surf, chat and e-mail free from prying
eyes.

Hacktivismo, a politically minded offshoot of the long-running hacker
collective Cult of the Dead Cow, will announce the protocol -- called
"Six/Four," after the June 4, 1989 massacre in Beijing's Tiananmen
Square -- in a presentation Saturday at the H2K2 hacker conference in
New York City.

The group will publish the Six/Four code on its website in early August
to coincide with Las Vegas' DefCon security confab.

Six/Four combines peer-to-peer technologies with virtual private
networking and the "open proxy" method for masking online identities to
provide ultra-anonymous Internet access.

Article online at Wired:
http://www.wired.com/news/privacy/0,1848,53799,00.html Hactivismo (and
their code) can be found at http://www.hacktivismo.com/



*****
How to: Prepare for a raid *before* it happens
kendra@resist.ca
*****

The RCMP raid of an ALF spokesperson's home last week got me to
thinking; how would such an event impact me? What would i lose if a
state agency were to raid my home tomorrow? Am I holding any data that
could impact the work of other people? How soon could I get back to work
if my computer, equipment and files were seized?

To most people, even activists, a police raid seems an unlikely
occurrence. True, it is not something that happens on a regular basis in
North American activist communities - however, that doesn't mean it
never happens. As raids on both David Barbarash and Craig Roseborough
show us - even speaking out in support of direct action can lead to
equipment and materials seizures that can be personally and
organizationally disruptive. Activists involved in organizing
demonstrations and gatherings have also found themselves on the wrong
end of a search warrant in recent years. Often these warrants are gained
on bogus grounds, and searches are carried out as harassment tactics or
"fishing" expeditions. In the last two years, a number of searches have
been carried out against activists where no charges were ever laid.

So, in the spirit of this week's events, the following tips are meant to
assist you in preparing for the worst - a raid on your home, office, or
infoshop. (many of these strategies are useful in defeating
surreptitious data collectors as well)

**Use scenarios to strategize: Only you know the work that you do and
what  specifics would be impacted in a search and seizure operation.
Build  scenarios for yourself - what do you need to access daily that
could be seized, what is your strategy for dealing with that? Do you
have other illegal items (such as drugs) that could be used to bolster
police criminalization of you - do you care about things like this? Walk
yourself through what you would do from the moment that the police show
up with a search warrant, who you would call, what you would do
immediately following the raid to inform people (if you weren't
arrested). Scenario building helps you to mentally and physically
prepare for an event like this - though you will never be fully ready
for an invasion of this scale.

**Encrypt and wipe: All files (not just those that are sensitive) on
your computer hard drive should be encrypted using a program such as PGP
disk (available at www.pgpi.org). This includes cache files, email (your
whole email program should be set up on an encrypted partition), image
archives and text documents. Wipe all free space on your hard drive
weekly using a program such as PGP or Burn (for Macs), this makes
retreiving data from your drives difficult if not impossible. See
http://security.tao.ca for more information on file security.

**Backups backups backups: If you lost all your data tomorrow - how
would you function? Your best strategy for getting back to work (and
thwarting organizational disruption), is making regular backups and
storing them with a trusted friend, or in a safety deposit box not
connected to  you. You don't want it to be common knowledge who keeps
your backups for you - as police could obtain a warrant to search that
person's home for materials belonging to you as well. Don't just back-up
your computer files, but make copies of any paper files that you could
not live without and store them in a sealed envelope in a safe place.

**Clean up your desktop and filing cabinets: Ever write down a password
on a piece of paper and then shove it into a file? Ever write down a
phone number of a person you don't want to be officially connected to?
All those little bits of paper start to add up to a lot of information
after awhile, especially if cleaning office isn't your strong point. Go
through all the paper bits on your desk and transfer that data into a
secure place (like an encrypted disk or pda), and then securely dispose
of the  paper. Likewise, go through filing cabinets once every few
months and pull out old phone lists, research that is no longer useful
or needed, and anything else you don't want the police to get their
hands on.

**Know your home and it's contents: Had a lot of roomates or travelling
friends over the years? That means that there is a good chance that
things you are unaware of have been left behind in closets. Clean up
after someone stays or moves out, so you aren't storing items you don't
want to be. No one wants to get caught with someone else's stolen goods
or incriminating evidence - so keeping a clean house is essential.

**Your PDA and Cel Phone: Are all your phone numbers stored on your cel
phone or palm pilot? Where would you get that info if the police had a
warrant to seize those items as well? A back-up zip disk containing
important information of this type (encrypted) should go along with your
computer backups.

** Emergency numbers & Support: Keep a lawyer's number on hand, as well
as the numbers of any people who would support you during and after a
raid. Make sure that the people you live with know where they can get
that info if  necessary, and also that they know what to do in case of a
raid. If you live in a house with other activists, you should all
participate in planning your security strategy and know what to do, and
how to get in touch with other housemates if they aren't home.

Most important, don't forget that you should not talk to police before,
during or after the raid (whether or not you are being arrested), and
you should contact a lawyer for assistance as soon as possible.

Nothing can truly prepare one for a full-scale invasion of privacy such
as a raid - but taking a few of these steps will help ensure that you
don't compromise your own freedom or that of others in the course of
your activist life.

For info on last week's raid of ALF spokesperson David Barbarash's home
and support info see  http://resist.ca/.archive00455.html



***************************************************************
Security-news <security-news@resist.ca>
Good security is no substitute for good sense!
To unsub go to http://resist.ca/mailman/listinfo/security-news
***************************************************************