Strongbox is a The New Yorker magazine tool to anonymously submit files and messages to journalist using the tor network, the project was put together by political activist Aaron Swartz, who died a few months ago, and Kevin Poulsen. StrongBox code is called DeadDrop and eventually will be released as open source for news agencies and particulars to implement as they wish. DeadDrop software runs on a hardened Ubuntu environment, it includes set up instructions and scripts, the code is written in Python, accepting document submissions and encrypting them with GPG for storage it then creates a random codename to be able to get back to the submitter anonymously without using email, there are three servers to anonymize the submission process one of them is public containing the interface, another server stores the encrypted messages and the third server monitors the other two for security breaches.
StrongBox anonymous document leak DeadDropWiki
The New Yorker public server is also using a plugged in USB dongle to strenghen encryption entropy helping create a pool of random numbers, their journalists use a VPN to download the encrypted data on to a USB thumbdrive, the information is decrypted using a laptop that has no Internet access, to avoid malware infection, and running a live CD to keep temporary files out of the computer hard drive and make data recovery impossible, GPG private decryption keys are contained in a different USB thumbdrive also plugged in the same laptop prior to viewing the documents. It is a smart set up that makes it impossible for a New Yorker journalist to learn the submitter computer IP so they can not be compelled to reveal something they don’t know. The only missing thing is a metadata scrubber, if the documents you are passing on contain metadata, and most government and company files do, the original leak source could be found out, you should use BatchPurifier first to get rid of hidden data before submitting any file.
