Uncrackable email Uncrackable part 1 Copyright 1998 Lee Adams. All rights reserved. Quoting, copying, and distributing is encouraged. (Please credit us as the source.) Links to our home page are welcome. Names of characters, corporations, institutions, organizations, businesses, products, and services used as examples are fictitious, except as otherwise noted herein. No resemblance to actual individuals or entities is otherwise intended or implied. Assumption - You are a typical American. Question - Is the FBI reading your encrypted email? Answer - Probably not. Now the same question, but this time a different assumption. You are an American under surveillance by the FBI. Question - Are they reading your encrypted email? Answer - Yes. Absolutely. Dissidents pose no danger to the country. It is the conformist who poses the greatest danger to our freedoms. How surveillance is triggered... If you are involved in anything like advocacy, dissent, or protest, then you are inviting surveillance. Anything that challenges the status quo - no matter how mild - is viewed with suspicion by the authorities. Sometimes the simple act of expressing an honest opinion or writing a letter to the editor is all it takes for a security service like the FBI or BATF to start nosing around. Independent thought is becoming a rare - and dangerous - attribute in America. Bureaucrats don't understand that dissent poses no danger to the country. On the contrary, it is the conformist who poses the greatest danger to freedom. There are thousands of regulations, prohibitions, rules, restrictions, laws, bylaws, codes, and statutes designed to regulate your behavior. It's common knowledge that any cop worth the badge can find something to arrest you for. More than ever, ordinary Americans are finding it necessary to shield their activities from a government whose red tape can prevent you from earning a living, developing your land, etc. etc. etc. The Thought-Police. Once you're under surveillance, the simple act of encrypting your email is all it takes for the FBI to label you dangerous, perhaps a threat to national security. Like many repressive regimes worldwide, the US government doesn't understand that people who want privacy aren't necessarily hiding anything. You put letters inside envelopes, don't you? Well then, doesn't it make sense to encrypt your email? Otherwise it's like sending a postcard. Anybody can read it along the way. PGP is under attack. PGP is considered the best encryption software available for use with email. But despite its robustness, PGP is regularly beaten by the FBI. Surveillance teams routinely read PGP-encrypted email. That's because most people aren't using PGP correctly. If you are one of them, you are vulnerable. The FBI possesses the means to mount a sophisticated covert campaign against you. They can choose from an arsenal of proven methods for cracking your PGP-encrypted email. Those methods are described in this document. Assessing the threat. When the FBI succeeds at decrypting your messages, it is unlikely you will realize that you have been compromised. But having your email decrypted and read is not the prime threat. You face an even greater danger from an FBI surveillance team - especially if you are a member of a group that is targeted by the FBI. The FBI has decades of experience. They have learned to wring every possible advantage from each situation. They play by Big Boys' Rules. The FBI's goal is not only to get you, their goal is to wreck your entire group. How do they manage to do this? By deception. Once they've cracked your PGP email, they will begin to create forged messages. They will impersonate you. The FBI team will send bogus email messages that seem to come from you. They will systematically work to create confusion, suspicion, and paranoia throughout your group. This is the real nature of the threat. If the FBI cracks your communication they won't stop at getting you. They want the whole group - or organization, team, cell, family, squad, or whatever it's called. How they do it. In this tutorial you're going to learn about the different methods that the FBI uses to crack your PGP system. Some of these attacks may come as a surprise to you. Many of these attacks are also used by other agencies like the BATF, DEA, CIA, and even local police. What you can do about it. This tutorial will show you different ways you can use PGP. These protocols reduce - and occasionally eliminate - the ability of the goons to crack your messages. And as a bonus, you're going to learn how you can use your email to conduct aggressive antisurveillance against the FBI - perhaps exposing a surveillance team that you didn't realize was watching you.. How the FBI cracks PGP email... The FBI has resources and expertise. Their methods fall into four categories. Method 1 relies on their ability to break into your home or office undetected. Method 2 relies on their ability to bug your home or office. Method 3 uses electronic equipment that detects signals your computer makes. Method 4 is used in cases involving national security, where they rely upon the cryptanalysis capabilities of NSA. Know where you're vulnerable. The weakest part of your email security is you, the user. The mathematical algorithms that form the underpinnings of PGP are very robust. It is the manner in which you use them that creates vulnerabilities. The most vulnerable point is the manner in which you create and store your original plaintext message. The next weakest element is your passphrase. Next are the PGP files on your computer's hard disk. (From now on we'll refer to your hard disk drive as HDD). In a typical surveillance operation, the FBI will utilize the attacks described here. The ten attacks are listed in approximate order of increasing difficulty. It is standard operating procedure for the FBI surveillance team to use the simplest attacks first. In practice, their choice depends on the circumstances of the case. Attack #1 - Plaintext recovery. An FBI or BATF surveillance team will break into your home or office without your knowledge. Once inside, the agents will read the plaintext files on your hard disk, diskettes, or paper printouts. Local police also use this method. It is very effective. If you're like most people, you're probably thinking to yourself, "Aww, there's no way they could get in here without me knowing. I'd spot it right away." Yeah, right. That's exactly the attitude the FBI wants you to have. So dummy up. FBI penetration agents love people like you. You are the ideal target. Over confident. Easy to deceive. This is important enough for us to pause for a few moments and talk a bit about how surveillance teams really operate. What you are about to read has never been published before. The government does not want you to know this. Background - How they get inside. Many people are amazed to learn their home or office can be entered without their knowledge. And not just once, but repeatedly. A surveillance team often requires multiple entries in order to thoroughly pick through all your stuff. Good quality locks on your doors and windows are generally useless. The penetration team ignores them. They've found an easier way to get inside. Perhaps an example is the best way to illustrate the point. Top: Dislodged block, exterior wall. Below: Cabinet against exterior wall. Case Study. Ever since we launched Spy & CounterSpy, we have been involved in running battles with FBI surveillance teams trying to get inside our offices. Because of our experience we are not an easy target. Their operations were complicated by the fact that the FBI is operating illegally in Canada and must act covertly at all times. The setup. Our former office was situated in an industrial park. We were located in a cindercrete masonry building equipped with high-security locks. We concluded it would be difficult for an FBI surveillance team to conduct a surreptitious entry without our knowledge. Our building abutted a similar cindercrete building next door - a welding shop. The bathroom cabinet sink is located against this wall. The arrangement provided a perfect opportunity for surreptitious entry. The photos tell the story. It's easy for FBI agents to enter a building next door and remove a few cindercrete blocks from two sets of exterior walls - and then enter our office through the back of the bathroom cabinet. Repair experts. Most people aren't aware that surveillance teams routinely break in through walls, ceilings, and up through floors. This is standard operating procedure. The FBI's restoration specialists can repair a damaged area in under 90 minutes using patch drywall, quick-drying compound, and special paint. Apartments and houses are a snap for these guys. This is your own government doing this to you, folks. My first experience with this sort of entry was when I was helping Vickie deal with 24-hour surveillance by US Naval Intelligence. (Return to our home page and click on About Us for more on this.) I showed her how to seal her house - doors, windows, attic panel, everything. But they tunneled over from the house next door. They came in under the driveway and broke through behind a false wall next to a fireplace in the downstairs family-room. They moved along a short crawlspace and entered the livingspace just behind the furnace. Their cover was clever. They used a ruse of major renovations next door to conceal the sound the tunnel crew made. Their mistake? Not enough attention to detail. They didn't match the original panel when they replaced the wall behind the furnace. Vickie and I had done a complete inspection of her house two months earlier. We both spotted the bogus panel immediately. She still becomes furious when she talks about it. The reason the goons like to break in through walls is simple - it's extremely difficult to defend against. But simply being able to detect that you've been penetrated gives you an advantage, especially if you don't reveal you're on to them. Now that you've got a better understanding of how resourceful and cunning these government agents are, let's return to the different attacks they use to crack your encrypted email. We've already covered Attack #1, plaintext recovery. Their goal is to grab your secret key and your passphrase so they can use any copy of PGP to read your email. Attack #2 - Counterfeit PGP program. After breaking into your home or office, FBI agents will install a counterfeit copy of PGP on your HDD. Encrypted messages created by this modified program can be decrypted with the FBI's master key. It can still be decrypted by the recipient's key, too, of course. A variation of this attack is the FBI's bot. Acting similar to a virus, the bot is a key-trap program. (Bot is an abbreviation of robot.) The bot intercepts your keystrokes without your knowledge. When the opportunity arises, the bot uses your Internet dial-up connection to transmit your passphrase to the surveillance team. FBI agents often hide bots in counterfeit copies of your word processing program, and so on. Attack #3 - PGP's working files. After entering your premises in your absence, FBI agents will make copies of certain PGP files on your HDD, especially the files containing your secret keys. The agents will then attempt to find where you've written down your passphrase. They'll methodically search your papers, desk, safe, filing cabinets, kitchen drawers, and so on. They'll use deception to gain access to your wallet, purse, money belt, briefcase, and pockets. Their goal is to grab your secret key and your passphrase so they can use any copy of PGP to read your encrypted email messages whenever they want. If their search fails to turn up your passphrase, they'll use cracker software to deduce it. This works because most people use passwords and passphrases consisting of words and numbers with special meaning like birth dates or pet names. Unfortunately, it's a simple matter for the FBI to collect information about you like your birth date, your mother's maiden name, the number of a PO Box you rented 10 years previous, the license plate of your vehicle, names of pets past and present, and so on. Here's how the FBI's cracker software works - it combines and recombines all these words and numbers and keeps submitting them to the PGP program. (They copy your entire HDD and do this work at their office.) They routinely crack the passphrases of PGP-users who fail to use random characters in their passphrase. Attack #4 - Video surveillance. After breaking into your home or office without your knowledge, FBI specialists will install a miniature video surveillance camera above your work area. The lens is the size of a pinhead. It's extremely difficult to detect. The FBI surveillance team watches your fingers on the keyboard as you type in your passphrase. Local police and private investigators have also been known to use this method. Attack #5 - Audio surveillance. This method is a variation of Attack #4. FBI technicians install an audio bug near your computer. The sounds generated by the keyboard can be analyzed. By comparing these sounds with the noises made during generation of a known piece of text, the FBI can often deduce your passphrase - or come so close that only a few characters need to be guessed. Attack #6 - AC power analysis. Using equipment attached to your outside power lines, the FBI can detect subtle changes in the current as you type on your computer's keyboard. Depending on the user profile in your neighborhood, the FBI's equipment can be located some distance from you. Attack #7 - EMT analysis. EMT is an acronym for electromagnetic transmission. Computer CPUs and CRTs operate somewhat like radio transmitters. CPU is an acronym for central processing unit. This is your Pentium chip. CRT is an acronym for cathode ray tube. This is your display. The FBI surveillance team uses a communications van (or motor home) parked across the street to capture the electromagnetic transmissions from your computer. This threat can be eliminated by a shielding system called Tempest. In many jurisdictions you need a special permit to buy a Tempest system, however. Attack #8 - Coercion. The previous seven attacks are quite easy for the FBI to implement. In fact, they use almost all of them on a routine basis. Even the local police in major US cities have access to vans that can pick up your computer's EMT. From this point on, however, things start to get very time-consuming and expensive for the FBI in their attempt to crack your PGP-encrypted email. So they may decide to take a more direct approach. They'll simply bend your thumb back. Until it breaks, if that's what it takes. Before they start, they'll make sure they've got enough biographical leverage on you to blackmail you into becoming an informant. Biographical leverage is spy-talk for blackmail information. The main defense against this threat is deception. An appropriate strategy is discussed later in this tutorial. Attack #9 - Random numbers. After breaking into your home or office without your knowledge, FBI agents will make a copy of PGP's randseed.bin file. PGP uses the pseudorandom data in this file to help it generate a unique block that it uses for creating a portion of the ciphertext. This type of attack borders on true cryptanalysis. It is time-consuming. It is expensive. It is generally worth neither the FBI's nor NSA's time, except in cases of national security. Attack #10 - Cryptanalysis. It is ridiculously easy for anyone, including the FBI, to intercept email on the Internet. After collecting a sampling of your encrypted email, the FBI submits the data to NSA for cryptanalysis. Cryptanalysis is egghead-talk for using mathematics, logic, and problem-solving skills to crack an encrypted message. It's all done with computers - and NSA has some monster computers. The best information available to us indicates that NSA can indeed crack PGP email, but a brute force attack is required. A brute force attack involves a lot of informed guessing. It's mostly just trial-and-error. Cracking a message can take weeks, months, years, or decades depending on the content, format, and length of your message. Later in this tutorial you'll see how to make your messages more resistant to this attack. Very few domestic cases warrant the involvement of NSA. Besides, FBI agents are usually successful in cracking your email using one of the other attacks, especially break-and-enter. So NSA devotes its resources to cracking the messages of other countries' governments and their intelligence agencies. Thinking outside the box... The preceding ten attack-scenarios are based on thinking inside the box. When we use this type of reasoning, we are staying within a set of fixed assumptions. We are, in effect, boxed in by our rigid assumptions - hence the phrase, thinking inside the box. The preceding attack-scenarios make two assumptions. First assumption - You've got an authentic copy of PGP. Second assumption - NSA has not yet discovered a mathematical method for decrypting PGP ciphertext. Neither assumption is necessarily correct. Counterfeit software. We have received one report about this. We must caution you that it is only one report, and we have been unable to verify it through other sources. Our contact says an FBI agent bragged to him that the CIA has been distributing doctored copies of PGP freeware over the Internet. According to our source, the FBI routinely decrypts messages encrypted with these doctored copies. It is our view that if this happened it was not over a wide-scale. Many copies of PGP are digitally signed by the manufacturer, who is no dummy. We believe that the fragmentary and decentralized character of the Internet prevents this type of ruse from succeeding - especially against savvy targets like the folks at PGP. Mathematical algorithm. It is unlikely that NSA has developed a mathematical algorithm for decrypting PGP ciphertext - not impossible, but unlikely. Because the algorithm and the source code for PGP are widely known and freely available, PGP has been subjected to rigorous testing and attacks by some of the brightest minds in the scientific community. This is called a review by your peers. It is a powerful method for vetting new ideas and methods. None of these bright scientific minds have come close to cracking the PGP algorithm, which is based on a complicated one-way math function. Sizing up your adversary... Clearly, FBI and BATF surveillance teams are a force to be reckoned with. They possess a lethal arsenal of capabilities that they can bring to bear against you and your email privacy. Their methods range from the simple to the sublime. They can break into your home or office without your knowledge and use your computer. They can use sophisticated electronic equipment to read your keystrokes - over the AC electrical connection, over the telephone line, or over the airwaves. And, finally, if these types of methods fail - which isn't very often - NSA will be called in to crack your PGP-encrypted message. Is the FBI difficult to beat? Yes. They've been at this game a long time. They've learned many lessons over the years. Can the FBI be beaten? Yes, you can beat them. It is easy? No, not at first, but it gets easier as you build up self-discipline. Beating the FBI requires that you stop thinking inside the box. Part 2 of this tutorial will show you how to stop the FBI from reading your PGP-encrypted email. Uncrackable email part 2 In Part 1 of this two-part tutorial, you learned about the methods that FBI surveillance teams use to crack your PGP-encrypted email messages. Many of those methods involved breaking into your home or office without your knowledge. Some methods involved electronic devices in a communications van located a short distance from your home or office - across the street perhaps. (If you haven't read Part 1, you might want to go back and do so now before reading further. Return to our home page and click on Uncrackable Email 1.) Uncrackable Email Part 2 describes ways to protect your email privacy - and the secrecy of your messages. These methods work against the FBI, BATF, DEA, and other government agencies, including state and local police. You'll learn step-by-step protocols and countermeasures that you can implement. In some cases, these methods will stop an FBI investigation cold. In other cases, they will only delay it. Much depends on the circumstances of the case. A lot depends on your countersurveillance and antisurveillance skills. Each solution described in this tutorial is a protocol. You can think of a protocol as a method, a set of guidelines, or an operating procedure. Flexibility. If your goal is to absolutely prevent the FBI from cracking your PGP-encrypted email, the key to success is flexibility. The content of your email is what counts. The more incriminating the message, the more precautions you should take. When used properly, the firewall method can completely frustrate an FBI surveillance team. Protocol 1: The firewall method... The firewall method is centered on the way you use your computer. This includes where, when, and how you use your computer. Described here is a step-by-step method for obstructing the FBI. This is a very rigorous protocol. You likely won't need to go to this much trouble very often. Step 1 - Get cleaned up. Scrub your hard disk. The FBI can read deleted files using an undelete utility. The FBI can read file slack, RAM slack written to disk, free space, garbage areas, and the Windows swap file using a sector viewer or hex editor. Return to our main page and click on Security Software for more on this. Although other packages are available, we use Shredder(TM). Then we use Expert Witness(TM) and HEdit(TM) to check the hard disk afterwards. (From now on we'll refer to your hard disk drive as HDD.) If you have previously used your computer to work with incriminating data, you should wipe the entire HDD and reinstall the operating system, application software, and user files. If surveillance poses a risk to your liberty, you must install a new hard disk drive. Then disassemble the old HDD, remove the platters, and sand them with coarse-grit sandpaper. Once you've got your computer sterilized, you'll want to keep it clean. Tidy up after each work session. Thereafter, don't leave your computer unattended. Step 2 - Get unplugged. During sessions when you're working on secret messages, you should take measures to frustrate FBI surveillance. This means physically disconnecting your computer from the AC power supply and from the telephone jack. You'll need a battery-powered computer - a laptop, notebook, or subnotebook. Remaining connected to the AC power supply is risky. Using equipment attached to your power line outside your home or office, the FBI can detect subtle changes in the current as you type on your computer's keyboard. Likewise, remaining connected to the telephone line is risky. If the FBI has broken in without your knowledge, they may have installed counterfeit programs on your computer. Your computer could be secretly sending data to the surveillance team over your dial-up connection. Just imagine the damage if you were unknowingly using a doctored copy of your favorite word processing program. Step 3 - Go somewhere else. In order to frustrate the FBI's electronic surveillance capabilities, you must relocate away from your usual working area. If you fail to take this step, an FBI video camera can watch your keystrokes. An FBI audio bug can listen to your keystrokes. An FBI communications van parked in the neighborhood can detect both your keystrokes and your display. Suitable locations for ensuring a surveillance-free environment are park benches, crowded coffee shops, busy fast food outlets, on a hiking trail, at a friend's place, in a borrowed office, at a bus depot waiting area, in an airport lounge, at the beach, and so on. Be creative and unpredictable. The trick is to select a location difficult for FBI agents to watch without you becoming aware. You may be surprised at what happens the first time you relocate. If you suddenly find people loitering nearby, you may already be under surveillance. (More about this later in the tutorial.) During your first relocated work session, use PGP to create your secret key ring. Your passphrase should contain random characters. Do not write down your passphrase. If you must, jot down just enough hints to help you remember. Save copies of the following files from the PGP directory to a diskette - Secring.skr, Secring.bak, Pubring.pkr, Pubring.bak, and randseed.bin. For safety, use two diskettes and make two backups. Keep the diskettes on your person. Delete the files from your HDD. Step 4 - Get serious. From now on, you've got a new standard operating procedure. Whenever you need to compose and encrypt a secret message, you must first relocate to a safe area. (You'll soon begin to appear like a busy person who checks in often with your contact software or scheduling software.) Save the encrypted document to diskette. Delete all working files. Return to your home or office. Then use a different computer to email the encrypted messages. Using a different computer is vital. It acts like a firewall. It keeps your relocatable computer sterile. Do not connect your relocatable computer to the telephone line. Ever. Do not leave your relocatable computer unattended. Ever. If this means carrying your relocatable computer with you all the time, then so be it. For ordinary working sessions, it's usually okay to connect your relocatable computer to AC power. However, don't do any sensitive work in this mode. Always disconnect and relocate first. But if absolutely watertight security is your goal, the only time you'll turn on your relocatable computer is when you've relocated. The only time you'll plug it in is to recharge the battery. When you receive incoming encrypted email on your firewall computer, save it as a text file to diskette. Relocate. Check the diskette with an antivirus program. Load the file into your sterile computer. Decrypt the ciphertext and read the plaintext. Delete the plaintext. Return to your regular work location. Summary. The firewall method involves nit-picking attention to detail. It is a methodical system for protecting the privacy of your PGP-encrypted email messages. It takes perseverance and patience to beat the FBI at this game. But it's preferable to the alternative. The firewall method will keep you out of the internment camps. You'll read about other protocols later in this tutorial. But if you choose to use the firewall method, you must follow it rigorously in order for it to be effective. Slip up once and the goons will nail you. They'll snatch your passphrase. They'll learn where you keep your key rings. Then it's interrogation, arrest, indictment, conviction. Or maybe they'll just kick in the door an hour before dawn and ship you off to the camps. The firewall method is watertight, but it only works if you use it. Protocol 2: The deception method... Protocol 2 is based on liveware, not software. Liveware refers to you, the human element in the countersurveillance scheme. Protocol 2 takes a human approach. It uses deception. Most people don't realize that FBI surveillance teams are vulnerable to deception. It's possible to mislead and confuse them. That's because most FBI targets are ordinary Americans with no countersurveillance training. In relative terms, only a few elite units within the FBI encounter hard targets. (A hard target is a trained operative who is actively maintaining secrecy and who will not reveal that he has detected the surveillance team.) So most FBI agents have never confronted a hard target. They never get any practice. They're accustomed to playing tennis with the net down. Deception provides four ways for you to protect the privacy of your PGP email. Deception method 1 - Decoy. This method involves duping the surveillance team into believing they have cracked your PGP email, when in fact they have uncovered merely a decoy. Your real protocol continues to run undetected in the background. This is called layered security. The best underground activists worldwide operate in this manner, including guerrilla movements, freedom fighters, and resistance groups. Inside the USA this method is mostly used by criminal groups (so far). The key to success is carefully and deliberately providing some mildly incriminating evidence for the FBI to find. This decoy data will often dissuade them from investigating further. The FBI will eventually downgrade the 24-hour surveillance to perimeter surveillance, then picket surveillance, and finally intermittent surveillance. They'll keep you on their watch-list and check up on you two or three times a year. They may drop you entirely. Here's how to implement this method. Step 1 - Set up Protocol 1 and then forget about it. Step 2 - Use your firewall computer as your primary computer. Create another set of secret keys. Leave the key ring files and randseed.bin on your HDD. This increases the chances the FBI will recover them during a surreptitious entry. Create and encrypt low-grade messages at your firewall computer. This increases the odds that the FBI will snatch your passphrase. Step 3 - Use this second configuration of PGP as a decoy. Use it to send only low-grade messages. In effect, you are now running two layers of PGP. From time to time you will use Protocol 1 and temporarily relocate in order to encrypt or decrypt high-risk secret messages. Step 4 - If you suspect or detect FBI surveillance, keep up the deception. Perhaps temporarily stop using your relocatable computer. If you use the technique of plausible denial, you increase your chances of completely concealing the fact that you've got a second PGP system. The principle of plausible denial is well-known in intelligence agencies, urban guerrilla movements, and resistance groups. Plausible denial means cover. Cover is spy-talk for innocent explanation. You must take the precaution of having a plausible, innocent explanation for everything you do. Absolutely everything. Don't ever do anything until you think up a believable excuse for doing it. Even if the FBI surveillance team discovers the second protocol, you will have purchased yourself some extra time. Use the time to encrypt, conceal, or destroy incriminating data. Use the time to warn other members in your group. Use the time to feed misinformation to the surveillance team. When systematically applied, the decoy method provides a good first line of defense against an FBI surveillance team. Deception method 2 - Thwarting cryptanalysis. When using Protocol 1, you can utilize deceptive techniques to reduce the chances of your message being cracked by NSA. If the case is serious enough, the FBI will provide NSA with a full set of your encrypted messages. The cryptanalysis experts at NSA will use Statistical Probability Analysis to begin detecting commonly used phrases, words, punctuation, and layout. The more footholds you give them, the sooner they'll crack your email. Here are three ways to use deception to impede their progress. Step 1 - Disguise the format of your message. Your goal is to camouflage the layout. Insert a random-length paragraph of nonsense at the beginning of each message. You do not want the salutation or other material to appear at always the same location. Your recipients should be alerted to ignore the first paragraph. You can also use a text editor to manually strip off the header and footer from PGP ciphertext. The recipient can likewise use a text editor to manually restore the header and footer so PGP will recognize the text as code to be decrypted. Step 2 - Make your content resistant to heuristic analysis. Heuristic analysis involves informed guessing and trial-and-error. Deliberately run some words together, eliminating the space. Intentionally add or delete punctuation. Occasionally insert a carriage return in the middle of a paragraph. Deliberately introduce spelling errors into your text. Step 3 - Write your message in a "foreign" language. You can do this by using homonyms such as "wood" instead of "would", or "urn" instead of "earn". Use "gnu" or "knew" instead of "new". Use "seas" instead of "seize". Use "mast" instead of "massed". Write numbers and dates out in full, such as "nineteen ninety eight" instead of 1998. Use code words such as competition instead of surveillance, competitor instead of FBI, market survey instead of countersurveillance, and so on. Use noms de guerre instead of real names. When properly used, these and other anti-cryptanalysis techniques can greatly increase the amount of time it takes the NSA to crack your PGP-encrypted email. Deception method #3 - Diagnostics. You can use PGP to detect the presence of a surveillance team. Countersurveillance experts refer to this as running diagnostics. When performed against pavement artists, it is called dry-cleaning. Here's how it works. Deliberately encrypt a provocative, bogus series of messages. Your goal is to use content that will elicit an aggressive response from the FBI. If surveillance intensifies, your email may have been cracked - or the FBI may simply be reacting to your increased traffic. That's spy-talk for the frequency, volume, and timing of your messages. On the other hand, you may notice that the surveillance team seems to know where you're going and who you're going to meet with. They arrive before you do. They break into your associate's home or office looking for items you've mentioned in your email. They're conspicuously nearby as you slip a written note to your contact, after mentioning the brushpass in your email. All these are warning signs that the FBI is reading your PGP-encrypted email. If you're using a decoy setup, switch to Protocol 1 to send secure email. If you're already using Protocol 1, you and your correspondents should create new passphrases. If further diagnostics suggest the FBI is still reading your email, you and your correspondents should reinstall PGP and create a fresh set of key rings and passphrases. Exchange the key rings by face-to-face contact, through live intermediaries, or by human courier. Tip - Anonymous email addresses activated through a cyber café can be used, but only if you set them up before the FBI puts you under surveillance. Go out and do it tomorrow. When properly applied, diagnostics can keep you one step ahead of an aggressive FBI surveillance team. Deception method #4 - Spoofing. You should routinely send out bogus encrypted messages. Your goal is to mislead and confuse the surveillance team. If the FBI is reading your email, you have an opportunity to confuse and mislead them with misinformation. If the FBI hasn't cracked your email yet, the traffic in bogus messages will provide cover for your authentic messages. If a mission requires an increased number of secret messages, simultaneously reduce your bogus messages, and the FBI won't detect any increased communication activity. When used systematically, spoofing can level the playing field between you and the FBI surveillance team. You can boost your chances of stopping an FBI surveillance team from learning anything at all. Summary... Using deception, you can confuse, mislead, obstruct, and frustrate the surveillance activities of your adversary. Deception can be very effective against an FBI, BATF, or DEA surveillance unit. It is particularly effective against standard police surveillance. If the deception techniques of Protocol 2 are used in combination with the firewall methods of Protocol 1, you boost your chances of stopping an FBI surveillance team from learning anything at all. --original by: spy&counterspy, ascii conv. by: mrf