The Connecticut Survivalist Alliance Intelligence Unit (CSAIU) is an all volunteer group of security analysts who provides intelligence information to Connecticut Survivalist Alliance (CSA) members and selected information to the public in bulletins and blog postings.

The CSAIU works to develop leads and investigate rumors sent to us nationwide, the CSAIU's goal is to provide the highest quality information to our members that's possible.

The CSAIU's highly skilled members believes in using what works to enhance our members and affiliates tactical skills and experience and to increase their safety and effectiveness on the Internet or on the street.

The terrorist attacks of September 11, 2001 revealed the life-and-death importance of Intelligence Operations. Effective Intelligence Operations applied to terrorist threats is not the CSAIU's only area of responsibility.

The CSAIU has a sweeping Counter Intelligence Program (COINTELPRO) that infiltrates organizations suspected of being a threat to the Patriot, Militia and Survivalist communities.



General Computer Security

1. Install and regularly update anti-virus and firewall software. Free programs such as AVG (www.avg.com) and ZoneAlarm (www.zonealarm.com) are available for Windows. The important feature is that live update is activated so they are continually up-to-date.

2. Install spyware detector programs such as Ad-Aware which is free from www.lavasoft.com.

3. Deleting a file does not remove it from your hard drive, etc. In order to do this it needs to be properly wiped, using a program dedicated to doing this. Recommended ones are Clean Disk Security and No Trace III.

4. Encrypt any sensitive files on your computer, CDs or floppy disks using a program such as PGP (use an older version of PGP, (before the NSA interest, and suspected algorithms of the current versions) and use at least a 2048 bit RSA Key. Ideally, you will stuff all files in to one big archive (e.g. using WinZip or RAR) and encrypt that. This means that even the file names are hidden. Wipe the original files. This should be done every night when you’ve finished using the computer. Alternatively use disk encryption

5. Chose passwords that are effective, Password protected computers are not secure to the prepared infiltrator so encryption of anything sensitive is a must.

(a) Do not base them on the names of family, pets or dates of birth.
(b) Include non-dictionary words or sequences of letters/numbers,
 which are essentially random.
(c) Really sensitive material should be protected with passphrases of a minimum of 30 characters from the entire range available,
 including upper and lower cases, numbers and any permitted symbols.
(d) Change them on a regular basis.
(e) Do not write them down and stick them under your chair or desk ,
these are the first places that an intruder will look.

6. Back up your computer in case it is stolen,
 but keep the back-ups secure somewhere else.

7. Consider switching away from Windows to other operation systems such as Linux or Mac which have better security features.

8. Avoid wireless keyboards as they transmit quite a distance as well as to your computer.

9. Keep important/sensitive data and PGP keys on removable media,
 such as thumb drives.

There are devices available which can be attached to your computer and will record everything you type, including passwords. The chances are that you will not be able to find them. However, they are unlikely to use these except in major cases. If you suspect that you are going to attract this sort of attention, then you need to strongly reconsider if you should be using your computer at all, or have a set-up that the computer is never left unattended at any time.

Internet Privacy

1. E-mails are totally insecure, and very easy to monitor.
To keep them private, use PGP encryption.
Don’t say anything in an e-mail you would not be prepared to justify in court.

2. If you want to contact another person without those watching you knowing who it is you are in contact with set up fake email accounts on free webmail sites and use them instead. Consider using it as a mail drop system.

3. You can also look into using ‘remailers’.

4. Be aware of spam – unsolicited e-mails, even if they look genuine, such as from a bank. Never buy anything, or even click on the links to websites contained in unsolicited e-mails. Messages from banks, eBay, PayPal, even warning you that you have a virus are all fakes.
If in doubt ask someone who knows about computers, but err on the side of caution.

5. If someone sends you an attachment you are not expecting, do not open it, even if you know and trust that person. E-mail the person, asking if they really did send the attachment to check it is not a virus.

6. Avoid using Outlook or Outlook Express for your e-mails.
Consider using an alternative such as Thunderbird (recommended), Eudora or Pegasus. Outlook is notoriously buggy and a significant agent of virus transmission.

7. Avoid using Internet Explorer to surf the Internet – use an alternative such as Firefox. If you cannot avoid using Internet Explorer, switch off Java and ActiveX.

8. Every time you access the internet you leave a trace that can be used to tie back to you. If visiting a website you don’t want people to know you are interested in, use an anonymizer website or an Internet café. If you suspect you are being monitored, do not do anything sensitive from your home computer. Watch out for CCTV in Internet cafes so pick small, obscure ones.

9. Avoid using details that can be traced back to you. Use pseudonyms and e-mail addresses with fake details were possible, when posting messages, etc. Do not try to be ironic by using something that ties back to you, even indirectly.
 

"Participating With Safety" (March 2002)

'Participating With Safety' was a project created by the Association for Progressive Communications that sought to develop a training package for activists, journalists and human rights workers on using information and communications technology safely.
.
Introducing Information Security 135 kilobytes

Backing-up Information[ 208 kilobytes

Passwords and Access Controls 30 kilobytes

Using Encryption and Digital Signatures 53 kilobytes

Computer Viruses 38 kilobytes

Using the Internet Securely 64 kilobytes

Living Under Surveillance 64 kilobytes



Oppositional forces are trying to prevent individuals from using strong encryption techniques. Some people complain that ALL newer versions of commercial encryption products are worthless because the National Security Agency (NSA) or other major world governments have either mandated built-in back doors or have the processing power to decode all encrypted messages sent through cyberspace.

The NSA's current Cray supercomputer, code-named the "Black Widow", can performing hundreds of trillions of calculations per second, searching through and reassembling passwords and passphrases, across many languages.

The security of an encryption system depends upon a lot more than the encryption
algorithms used. We use the RSA cipher which some consider infeasible, but security depends upon the user, weak passphrases (passwords) are the most common weakness.

Using any passphrase that's ever been published,
 is the inexperienced users first mistake.

Passphrases differ from passwords only in length. Passwords are usually short ,
six to ten characters. Short passwords are not safe for use with encryption systems. Passphrases are usually much longer, typically 20 to 40 characters, sometimes more. Their greater length makes passphrases more secure. Modern passphrases were invented by Sigmund N. Porter in 1982.

Picking a good passphrase is one of the most important things you can do to preserve the privacy of your computer data and e-mail messages. A passphrase should be:

Known only to you and never have appeared in print.
Long enough to be secure
Hard to guess -- even by someone who knows you well
Easy for you to remember
Easy for you to type accurately

Do NOT use any word as a password,
contained in this file.

dictionary_english.zip[MISSING]

This is just a small dictionary attack file,
you can obtain more at:

http://www.insidepro.com/eng/download.shtml

Tor - Anonymous browsing

Tor is a decentralized network of computers on the Internet that increases privacy in Web browsing, instant messaging, and other applications. Estimates are that there is some 30,000 Tor users currently, routing their traffic through about 200 volunteer Tor servers on five continents. Tor solves three important privacy problems: it prevents websites and other services from learning your location; it prevents eavesdroppers from learning what information you're fetching and where you're fetching it from; and it routes your connection through multiple Tor servers so no single server can learn what you're up to. Tor also enables hidden services, letting you run a website without revealing its location to users.

Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. The Electronic Frontier Foundation (EFF) is backing Tor's development as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis. A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East. This diversity of users helps to provide Tor's security.

Tor is free/open source software and unencumbered by patents. That means anyone can use it, anyone can improve it, and anyone can examine its workings to determine its soundness. It runs on all common platforms: Windows, OS X, Linux, BSD, Solaris, and more. Further, Tor has extensive protocol documentation, including a network-level specification that tells how to build a compatible Tor client and server; Dresden University in Germany has built a compatible client, and the European Union's PRIME project has chosen Tor to provide privacy at the network layer.

Of course, Tor isn't a silver bullet for anonymity. First, Tor only provides transport anonymity: it will hide your location, but what you say (or what your applications leak) can still give you away. Scrubbing proxies like Privoxy can help here by dealing with cookies, etc. Second, it doesn't hide the fact that you're *using* Tor: an eavesdropper won't know where you're going or what you're doing there, but she or he will know that you've taken steps to disguise this information, which might get you into trouble -- for example, Chinese dissidents hiding from their government might worry that the very act of anonymizing their communications will target them for investigation. Third, Tor is still under active development and still has bugs. And, since the Tor network is still relatively small, it's possible that a powerful attacker could trace users. Even in its current state, though, we believe Tor is much safer than direct connections.

Please help spread the word about Tor, and give the Tor developers feedback about how they can do more to get this tool into the hands of people who need it, and what changes will make it more useful. Also, consider donating your time and/or bandwidth to help make the Tor network more diverse and thus more secure. Wide distribution and use will give us all something to point to in the upcoming legal arguments as to whether anonymity tools should be allowed on the Internet.