1. Home
  2. Electronic Security – BosnianBill's LockLab

Electronic Security – BosnianBill's LockLab

As you travel to and from bad places you are under constant threat of identity theft. This includes not only your credit cards and passport, but your laptop, memory sticks, emails, texts, and voice communications.  You can be SURE that other countries are watching what happens in bad places and their intelligence services are active in the physical, as well as electronic world.

The question you should be asking yourself is not “what happens IF my laptop is stolen”, but “What happens WHEN my laptop is stolen?”

As a self-assessment, ask yourself what would happen if a certain piece of equipment was stolen.  Obviously, your laptop contains a wealth of information about you, your accounts, contacts, communications and emails.  If it’s a work laptop, there’s every chance proprietary and sensitive information would be compromised.  How about memory sticks – what if one of them is “borrowed”.  What data did it contain?  Even your phone’s camera could contain sensitive information – faces of team mates, tickets, inside buildings or compounds, family members, etc.

In my travels members of my team have lost laptops, phones and cameras while traveling.  These have been stolen out of our vehicles, offices, hotel rooms, and while in transit in airports.  The question you should be asking yourself is not “what happens IF my laptop is stolen”, but “What happens WHEN my laptop is stolen?”

Here are some of the security measures I’ve found effective.  Will they keep out the NSA?  Probably not, but they will prevent a common thief from accessing my data and exploiting other sensitive information.  Yes, I may lose another laptop, hard drive or memory stick but I won’t have to worry about a security breach or loss of personal data.

Laptops, Hard Drives, and Memory Sticks.  One word: encryption.  If you’re walking around with unencrypted sensitive data, then you’re taking a terrible risk with your personal data. 

Once your device is stolen or lost, your sensitive information is “in the wild”.  Fortunately, encryption is free and fairly easy.  There are a number of different free encryption programs and I use VeraCrypt for a number of reasons.  First, it’s free.  Second, the code is open source, guaranteeing there’s no hidden malicious code in it.  Third, it’s very easy to use and quick to set up by following the simple directions on their website.

VeraCrypt128x128To begin using VeraCrypt you’ll create an encrypted “volume”.  A volume is nothing but an encrypted folder, so don’t get concerned with the terminology.  You’ll store all of your sensitive stuff in the volume.   It’s encrypted all of the time so even if someone steals the device containing the encrypted data (laptop, external drive, or memory stick) they can’t access it without the decryption password.  With a strong enough password even the NSA will have difficulty decrypting it.

You might want to make it a habit to turn all your external storage drives and memory sticks into encrypted drives.  Yes, it’s a pain in the butt to have to type your password every time you want to access the drives, but you’ll be 100% stress free when one of them goes missing.

Your volumes may be either visible, just like a folder, or invisible.  If you’re traveling to really bad places where there is a high chance your laptop will be targeted for infiltration, you should consider using the invisible option.  If you do this, be sure to provide your spouse or someone you trust with the name of the volume and how it can be accessed, just in case you get wacked.  It would be a shame if you took all the bank information, retirement accounts, credit cards, investment portfolios, etc. to the grave with you, because that’s where they’re going if you don’t share the info.

An encrypted volume is preferable if you travel through foreign airports that might ask you to turn on your computer to prove it works.  I’ve been asked to do this many times, but never received further scrutiny.  Others have had security officers play with the mouse to make sure it works, and perhaps activate a program or open a file.  To the uninformed, your encrypted volume will appear harmless unless you name it something like “Secret Stuff”.  Use common sense and give it an innocuous looking name like “Lpropert.dll”.

Remember though that even if someone steals your laptop with the encrypted volume, they still have a fully functional computer – minus your encrypted volume. To REALLY devalue your laptop or memory device, at least in a criminal’s eyes, why not encrypt the entire hard drive?  To boot up you’ll have to enter your (hopefully) long and complex password.  Without that password, it’s a brick.  To further protect yourself, you could have an encrypted volume within an encrypted drive.  Basically double encrypted with two different passwords. If the device is stolen, the thief’s only option is to reformat the drive and reinstall a new operating system – further guaranteeing that your data will never be accessed.

SkypeNon-Secure Voice Communications.  

Every hotel on the planet uses their in-house phones as a profit center and charge astronomical prices for overseas calls.  Using the hotel phone should be your absolute last choice.  Instead, use one of the free voice over IP (VOIP) software packages.  I use Skype on both my laptop and iPad and provided there’s enough bandwidth available it works fine.  Unfortunately, you’ll find that bandwidth in bad places is a rare commodity and there’s never enough.  I’ve found the best thing to do is turn off the video camera on Skype, leaving you with only voice communication.

There are a lot of VOIP software packages available but Skype is the most popular.  The software is free and available for Android, iPad, Windows, Linux and MAC OS.  Talk time from any point on the planet is only a few cents per minute.  Skype does claim to contain proprietary encryption software but most experts don’t consider it secure.  It’s the most full-featured VOIP package and offers file transfer, Skype to Skype, Skype to phone, whiteboard, and video or voice teleconferencing.  I’ve made hundreds of calls from bad places using Skype on both my iPad and laptop and have been completely satisfied.  When there’s’ not enough bandwidth it gets a little jittery and drops a lot of video frames, but still holds the voice link with a slight lag.  For non-secure communications I’ve found nothing better.

Secure Voice Communications (Signal).  For truly confidential or sensitive conversations and texts you’ll want to use a dedicated program like Signal (https://whispersystems.org/).  Signal is a fairly new program that lets you send secure texts, photographs, video, and voice messages.  It’s free and available for both Android and iPhone (sorry, no laptop version yet), is easy to install, peer reviewed, and simple to use.  The interface displays a confirmation pass phrase on the screen as protection against man-in-the-middle attacks.  The entire interface it extremely well thought out and intuitive.  Now the downside:  both ends of the conversation must have Signal installed.  Unlike Skype you cannot call standard telephones or other non-Signal VOIP users.

Secure Emails.  For years I used a standalone program called PGP, but it was a clunky and difficult to use public key encryption program.  Things changed with the introduction of a new program called “Mailvelope” (https://www.mailvelope.com/).  Mailvelope is available for Chrome and Firefox and integrates seamlessly with several popular email programs, to include Gmail.  Once installed the Mailvelope icon appears on the top bar, ready to use.  You’ll need to perform a one-time generation of a “key pair”, which creates your public and private keys.  Once you generate these keys, the first thing you’ll need to do is save them to a safe location on your encrypted drive.  The program works in the background, recognizing incoming messages as containing the sender’s public key and offering to save it.  Once you’ve shared public keys with the people you’d like to communicate with, simply clicking the “encrypt” button will scramble the contents so if it’s intercepted not even the CIA can unscramble it.  When you receive an encrypted message, Mailvelope prompts you to input your private key to decrypt the message.

A major problem with Mailvelope is that it does NOT encrypt attachments.  You’ll need to cut and paste entire documents into the body of your message if you wish to keep it confidential.  It also does not encrypt the address information, so anyone intercepting the message will know the addresses of both the sender and recipient.  So, sending messages to will not turn out well for you.

Forwarding Email Services.  I always flinch when a form requires me to enter an email address because I know why they want it: Spam.  They’ll use it in their own advertising and ultimately sell it to an information broker.  Recognizing that, I never give out my real email address.  Instead, I use a mail forwarding service that not only obscures my real address, but tells me who sold my information.  My free service is called 33 Mail (http://www.33mail.com/) and here’s how it works.

You can have addresses for home, business, a P.O. Box, and a fake address – all pre-loaded. With a single click Blur populates the form with your chosen address.

Go to the 33 Mail site and establish a free account and choose a custom domain name.  In my case I might choose MyDomain.33mail.com.  Now suppose I go to a company named SpamKing and they demand an email address.  I enter .  Whenever SpamKing sends me an email, 33 Mail forwards it to my real address. If I begin receiving emails from other senders that use the SpamKing prefix, then I know SpamKing shared my information.  If I get tired of getting emails from SpamKing or if they sell my pseudo address to other spammers, I can permanently block all of them with a single click on the “block” button.  Nice and clean.  I’ll never hear from SpamKing or any of his spamming buddies ever again.  33 Mail is an excellent way to protect the privacy and integrity of your REAL email addresses.

BlurPreserving my Privacy.  Recently I started using “Blur”. This is a great new service that offers both a free and subscription version and has several privacy preservation tools for email, addresses, telephone, and credit cards.

Masked Emails.  Blur automatically detects most forms requiring an email address and pops up the “masked email” icon.  If it doesn’t, you can activate it with the right mouse button.  If you click the icon Blur fills in the form with a randomly generated email address that looks something like this:  .  Any mail sent to that address gets forwarded to your real address and will give you the option of blocking it forever with a simple mouse click.  Beautiful.  You can use a different masked email addresses for each of your online accounts.

Masked Addresses.  Blur automatically detects forms requiring an address and gives you the option to fill them out with a single click, like Window’s “autofill”.  However, Blur gives you the option to create several templates containing different addresses.  You can have addresses for home, business, a P.O. Box, and a fake address – all pre-loaded.  With a single click Blur populates the form with your chosen address.

Masked Phone Number.  When you register with Blur you have the option of registering your actual phone number to receive a masked phone number.  This is useful as a disposable phone number to fill out online forms or questionnaires. At any time you can discard the old number and, for a small fee, receive a brand new masked number from Blur.

Masked Credit Cards.  The Internet is a nasty place and I’m always suspicious of online merchants don’t accept PayPal and insist on my credit card. Whenever I encountered one of these in the past I just refused to buy anything from them.  Then Blur entered the picture and offered “Masked Credit Cards”.  Here’s how it works:  When I get to the checkout cart of an online order and get the order total, I click Blur’s “Create a Masked Credit Card” button.  It asks me for the amount, adds a $2 fee, and generates a onetime use credit card in the exact amount.  I enter that credit card number, expiration date, and CCV code on the checkout form.  Once the masked credit card is used, it’s dead and can never be used again.  If the online merchant is compromised or sells my information, it’s a dead end and no further charges can be made on the card. At only $2 per use, I consider this cheap insurance and use masked cards for every online transaction.

Cookie Killing.  A major benefit of using Blur is the built-in tracker blocker.  A lot of websites collect information about you, where you shop, where you surf, as well as personal data.  They use that data to send you customized advertising and sell your data to brokers.  Ever notice how eBay starts showing you similar items to what you just searched for on Amazon?  That’s a tracking cookie at work.  Those cookies are persistent and remain on your computer for a long time, sending data home to report your activities.  What I do online is none of their business and Blur blocks all of the cookies, preventing them from gathering data about me, my shopping habits, or where I surf.

These are just some of the electronic techniques I use to protect my sensitive information and preserve my personal privacy.  You may not want or need them all during your travels, but I believe it’s better to be safe than sorry.  If you LIKE receiving Nigerian scam emails, or are actually in a position to help foreign nationals obtain a visa into your country, then go ahead and use your real addresses for everything.