Set up a collection of sock puppet accounts which seem to be communicating conspiring to commit a major crime. The goal is to independently discover which communication channels intelligence bureaus are monitoring, which cryptographic protocols are broken, how prevalent is the use of subpoena or other private-public information sharing. Such violations of privacy are important for the people to know.
While the most obvious "tell" is the Feds busting down your door, a more subtle technique may be a monitored server (sort of a honeypot or canary), which is only mentioned in the messages between the sock puppets. Anyone who accesses it, or any unexpected accesses to it, must have learned about it through eavesdropping. Slightly more sophisticated might be to monitor DNS, watching for who wants to know the IP address of the honeypot.
This is all very straightforward. Has it already been done?
I'm curious if Google or Facebook automatically access (and index?) a site if you mention it in a private message.
(Who watches the watchmen?)
No comments :
Post a Comment