Matt Johnson wrote: > Griffin suggested never connecting a USB stick, or external drive or > copying PDFs to the air gap computer. I have asked how that air-gapped > computer would be useful. Apparently the point is too subtle.
There are a few aspects to this that I'd like you to consider. Without knowing what the person intends to use it for, I tend to recommend on the far side of caution. Malware that originates from shared offline media *far* predates the modern internet (and my existence, incidentally). It's not that no one should ever connect a USB to an air-gapped computer, but rather weigh their needs/risks. If someone is at a high risk of targeted attack, they may save all of their documents and email (unopened) to a USB or CD and read them only on the air-gapped computer. While that probably sounds like a big hassle (and it is), for someone like Laura Poitras it's absolutely necessary. For a corporate whistleblower, they might use an air-gapped computer to remove metadata before leaking to the New York Times or to an ethical publication like The Guardian. Someone working on a big proposal in a highly-competitive field may produce it only on a wifi-disabled Chromebook. A diplomat might use one to produce official correspondence. A physician or pharmacist might be air-gapped to protect patient privacy. As for PDFs: my running joke is to ask someone if they've seen my paper on PDF malware... which doubles as a good example of PDF malware. Acrobat has javascript enabled by default, and it's surprisingly simple to embed a metasploit payload into an otherwise-normal document. From there I can drop a light executable that is set to retrieve a larger backdoor and install it. At that point, I have control of your computer, and can spread customized malware to your external media and bluetooth drivers. Or just retrieve data. Or turn on your camera. This is not a hypothetical. The realities of the marketplace are such that one's attacker doesn't even need to be a programmer, because it's cheap and easy to purchase customized "solutions" like this. I have a stalker who, in a different case, is accused of doing this. And this is happening *enough* that it seems like a good scenario to work from. Beyond the realities of activism and journalism and government spying lies the fact that people do shitty things to each other. Everyone has a different risk profile, but if you want absolute privacy you're gonna have to fight for it. One can use TAILS/Whonix and not have to worry as much about the intricacies of their threat model, while still being well-protected. That's why I recommend it. But the person asking for advice already rejected that suggestion. all the best, Griffin (required disclaimer: these are obviously my opinions and not those of my employer, funder, lover, or cat) -- Be kind, for everyone you meet is fighting a hard battle. PGP: 0xD9D4CADEE3B67E7AB2C05717E331FD29AE792C97 OTR: sa...@jabber.ccc.de -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
