Hacker 10 – Security Hacker

Computer security
Menu
  • Anonymity
  • Encryption
  • Mobile Phone
  • Other
  • Security

Protect your privacy with a no logs VPN!

Join TorGuard
Home
Anonymity
Anonymously submit documents to the press with StrongBox
Anonymity

Anonymously submit documents to the press with StrongBox

John Durret 16 May, 2013

Strongbox is a The New Yorker magazine tool to anonymously submit files and messages to journalist using the tor network, the project was put together by political activist Aaron Swartz, who died a few months ago, and Kevin Poulsen. StrongBox code is called DeadDrop and eventually will be released as open source for news agencies and particulars to implement as they wish. DeadDrop software runs on a hardened Ubuntu environment, it includes set up instructions and scripts, the code is written in Python, accepting document submissions and encrypting them with GPG for storage it then creates a random codename to be able to get back to the submitter anonymously without using email, there are three servers to anonymize the submission process one of them is public containing the interface,  another server stores the encrypted messages and the third server monitors the other two for security breaches.

StrongBox anonymous document leak DeadDrop

StrongBox anonymous document leak DeadDropWiki

The New Yorker public server is also using a plugged in USB dongle to strenghen encryption entropy helping create a pool of random numbers, their journalists use a VPN to download the encrypted data on to a USB thumbdrive, the information is decrypted using a laptop that has no Internet access, to avoid malware infection, and running a live CD to keep temporary files out of the computer hard drive and make data recovery impossible, GPG private decryption keys are contained in a different USB thumbdrive also plugged in the same laptop prior to viewing the documents. It is a smart set up that makes it impossible for a New Yorker journalist to learn the submitter computer IP so they can not be compelled to reveal something they don’t know. The only missing thing is a metadata scrubber, if the documents you are passing on contain metadata, and most government and company files do, the original leak source could be found out, you should use BatchPurifier first to get rid of hidden data before submitting any file.

Visit StrongBox homepage

Reddit
Tweet
Email
Prev Article
Next Article

Related Articles

Tor proxy instant messenger Torsion
Torsion IM (renamed Ricochet in June 2014) is a decentralized real …

Tor proxy anonymous Instant Messenger

Bitmessage encrypted mailing list
Bitmessage is an open source P2P program utilizing a Bitcoin …

Anonymous P2P encrypted messages with Bitmessage

About The Author

John Durret

Leave a Reply Cancel Reply

TorGuard

Pages

  • About
  • Anonymous OS list
  • Email encryption
  • Free VPN
  • Privacy Browsers
  • USB encryption

Blogroll

  • LibertyVPS.net
  • TorGuard VPN

Hacker 10 – Security Hacker

Computer security
Copyright © 2021 Hacker 10 - Security Hacker
Privacy by TorGuard VPN