This article was originally posted at charlescarrollsociety.com.


We have a reoccurring segment on the Charles Carroll Society called the Patriot Darknet.  It is where we share Information Assurance and Cyber Security approaches to help people avoid ungodly and unconstitutional mass surveillance.  I am sorry to introduce you to a new way the Eye of Evil has to find, track and classify you.  Sometimes I get depressed when looking at what we are up against.  Between what the Fed.Gov does, commercial companies do and sell to Fed.Gov, and what “grey” organizations do…we have a giant to slay.  And the only way we will do it, is together.

adobe_coverageYour Microsoft Office documents are keeping an internal database of you, your unique machine fingerprint, which we believe is unique hard drive number, and when you license your Microsoft Office product it potentially includes the unique finger print or MAC address of your computer and dates you modified all of your Microsoft Office documents.  This is why when you change hard drives Office screams that “this is new install.”  It has a finger print of the way your computer was.  Recently the Amazon cloud reader was caught tracking every page you turned of a book and maintaining that database for the government to buy. You can read more in the post Psst, Your Amazon Kindle Is Spying On You.  The EFF has a chart that list all ebook readers and how much data they have been found to keep on you.  Here is a link on Adobe collecting data on users.  Again, the point of all of this is that the US government has “decided” that data held by a 3rd party i.e. your ebook company has no 4th Amendment protections and they can demand that data at any time for any or no reason. And these large crony capitalistic companies are more than happy to sell it.  Thus if you create an Office document the fact that the document was created on your machine is stored and awaiting download by “the powers that be.”  The following is by another Patriot Darknet Operator S. J.  

adobe-plaintext

Anyway, the bad news.  When you create documents (Word, Excel, Power Point, etc.) on a computer, those documents can reveal enough information to identify you.  What the documents primarily Microsoft Office is doing when you create a Word, Power Point, Excel or any other document it harvesting information from your local computer including things like usernames and initials.  This is very similar to photo’s having additional identifying information from your computer including the type of camera used, time, date and GPS locations of where the photo was taken. TAILS does not use Microsoft Office to create documents it uses Open Office. TAILS defeats most of this, not because Open Office which is included with TAILS is inherently more secure, but because it fakes information about your computer.  Thus when Open Office harvest information from your local computer, it is all fake and does not related to your actual physical computer.    Solution:  Use TAILS, that is not connected to any network (air gap) and Open Office to create highly sensitive anonymous documents.

What your computer office documents are saying about you by – S. J. 

On line browsing habits such as using the TOR Browser Bundle (TBB) are a great area of anonymity to focus on, but certainly not the only area. There are additional risks in using other computer software, for example: Microsoft Office (MS Office) if you create (or even open) the document, it may leak information which can lead back to you. When you create (and perhaps open) a MS Office document it uses a structured storage format that internally looks like a file system. That is why MS Office documents seem to grow so quickly. Data “deleted” from file is not necessary removed, just unlinked in the index chain. It is still in the actual file and easily recoverable. There was an example of this several year ago where a Fed.Gov agency sent out supposedly redacted documents or documents where they try to delete parts of it.  They had taken the original document and deleted the redacted sections but did not compact the document (actually remove the deleted data) so it was recoverable by everyone.

defcon-17-tactical-fingerprinting-using-foca-19-728

In other instances the redaction was done by simply making the font color and the background color the same, obscuring the text for normal viewing but again actually leaving it in the document. What does this have to do with the Patriots going dark (Patriot darknet) and Internet browsing? The structured storage format uses UUIDs as identifiers for data in the file, and that UUIDs may be generated using the unique fingerprint of your computer (MAC address).  When you create Microsoft documents and send those Microsoft Office document out, even if you use perfect anonymity in transit (TOR or i2p Hidden Web sites and forums), the document itself can still tie back to traffic logs at an ISP. So the document you sent using an anonymous connection over TOR or I2P may still lead back to you. If you leak documents to the Patriot or Catholic communities using the Charles Carroll Society (CCS) or you use the Radio Free Redoubt (RFR) “See Something Say Something” program or any other program use TAILS and Open Office or ASCII such as created in Notepad or some other text based format that can be easily sanitized.  ASCII looks terrible, but it has much less chance of leaking information about you.

“Office saves document properties including details like the author, subject, title, the date you created a document, when you last modified it, and how long you spent working on the document. These properties will also contain the name of any template you used while creating the document, email headers, and other related information.”  More at HowtoGeek.

The Patriot Darknet group of patriot computer security folks (AmRD) has found TOR or i2p and TAILS to be essential for anonymity.  When you use TAILS, it comes with “Open Office” which is an Open Source implementation that is similar to MS Office. At this time we do not know if it has been specifically patch to make it more anonymous when creating documents, but the very act of creating and opening documents on TAILS which includes the (Amnesic & Incognito technologies) deprives the standard Open Office install any useful data.

adobe-reader-acrobat-cleaner-toolI use Open Office on normal computing operating systems like Microsoft and Apple iOS extensively for technical documentation, and if I create a text document, type a bit in and save it there are some interesting things going on behind the scenes.  First, the Open Office document format is actually an archive. You can open it up with Archive Manager (when using the Linux operating system) and extract the contents, which is a bunch of structured files (in XML format), to a directory then start hacking around. In the meta.xml file you will find your name, the version the software used to create the document, the creation date of the document, the number of times the document has been edited, word counts, etc… And that was creating a new document, typing in 1 line and saving and exit. MS Office is likely far worse. I have not examined the files lately but i would not be surprised to see computer name, user name, etc… I would also not be surprised to see product key information, encrypted or not, in there as well. Which would give away your computer unique fingerprint (MAC address), geographically where you were when you created the document (IP address).  You did buy a legit copy of office and activated it right?

TAILS0The version on TAILS has the same information (I checked), but it only says Debian User. It is not any more secure than the version you install on your desktop, it is just denied the data because you are using TAILS. I did not see anything that looked like a MAC or UUID in the archive, but I only checked a simple document. I’ll have to run some packet captures on a test net and check out the actual Ethernet packets from a running instance of TAILS.

Thus here is what you can do about it.  If you are passing information that has been created on a computer follow these steps:

1. Copy it to Notepad.  This converts it to ASCII or text.
2. Put that ASCII or “text” file on your USB drive.
3. Boot up TAILS, ensure you are not connected to the Internet.
4. Transfer the ASCII or text file.
5. Open the ASCII or TEXT file in an Open Office document (if required) and add to the document if required.  It may harvest information, but TAILS is faking it.
6. Finish your document and pass it on in the most anonymous way we know how. In case of emergency you can also photo copy the document but all phones also try to add unique information.  It still may be better than transferring the original document.

Recommendation for the TAILS project, perhaps we should study and make more changes to Open Office and their PDF creator to make them even more anonymous.  Things like random generation of document properties.

 

Post Views: 7,491