Believe nothing, no matter where you read it, or who said it – no matter if I have said it! – except it agree with your own reason and your own common sense.” – Siddhartha Gautama, a.k.a. the Buddha

Bad comms? a little sand may help

Today I am going to give y’all a homework assignment. At least those that would have interest in this one. There will be no test (not on this site anyways) and I don’t even want to see your work. Please DON’T SHOW your work on this one.

I am also going to send you off to another place to check out all the great research Sparks31 has done for you. Study it, Act on it, and KNOW IT. The test is coming, and there will be pockets where this stuff is critical.

Assuming that you are working within a group, and in some role of leadership, this applies. If you aren’t in a place of leadership, study it anyway, you may find you need to know it because the ‘Old Man’ just bought the farm and passed the joy onto you. If you are in a group that has a specific comm group, there are things you can do to improve on what you have, not just in the toys, but in how you talk through them.

And above all, keep things fluid. Don’t use too much of any one thing because even codes based in word substitution can be broken in time given consistency on your part and careful observation by the others. Backups will be critical and closely guarded: not freely distributed until need.

Now, the homework. Sparks mentions getting a topo of your AO. Great advice. Not a digital copy either but a USGS copy and on that polymer stuff that seems to indestructible. Get out there and explore your AO. Find the good spots, the places to avoid, how the land flows, where the streams run, where the culverts are, etc etc etc. Get to know your area like the back of your hand.

Now, on your topo, label those areas. Simple numbers and letters will work. In a separate notebook, keep notes on what each is, using the letters and numbers as keywords. This is your legend for the next step. These points may be simply Rally Points, or Caches sites, or Prime overwatch locations. Doesn’t matter what they are, you are just noting them at this stage. Make this a group effort so that your leaders can get a feel for the AO as well. Plus, more eyes may see a detail you miss or another perspective they need to learn from.

Get another map. One of some country, or even continent; take that to one of the office places, (I would do this at a national chain, not a local place. You’ll understand why in a minute) and have a transparency made of it. One that will cover the size of the topo map you have. Dress nice, and act like a teacher. Fade into something you are not so later, connections will not be made, or at least will be made much more difficult. (its not if you are paranoid, the question becomes, are you paranoid ENOUGH?)

Ok, you have the topo. You have ranged your AO and found some good stuff (hopefully. I hope you haven’t found yourself in a blind alley) and you have your topo labeled accordingly. You have your transparency.

Lay the transparency over your topo. Flip it, reverse it, whatever, or even a combination of half and half;Get creative. Now, through the transparency, find the names of cities or capitols on the transparency that coincide (close is good enough) with the points on your topo. That can be the new code name of that location. Note this on a page in your notebook.

Do it again, but different. Now your areas have different names. That is your first back up.

Do it again and differently again. Second backup.

You may even want to get a different transparency for yet another set of backups.

Now, this is not foolproof. Security of that information is paramount. Keep it close to your chest, and within extraordinarily trusted individuals. Keep the back ups separate in some type of sealed way. There is no need to learn them until the first has been compromised or thought compromised. And learning them will be quick as you are just changing names, not locations.

Use the codes sparingly, again, because regular usage and consistency is dead give-away almost as bad as having a live rat in the cellar. You may even run two codes, on alternate days or every other week, or reverse meanings of key words on alternate days. So long as all parties that NEED to know are aware of the changes, you will be able to communicate a bit more freely, without having to worry about what the otherside is hearing. This won’t be the end all answer of information transfer, but it will ease the element of getting critical movements taken care of without tipping your hat.

Now, carry this creativity into your logistics area. Call ammo, rations, caches, medical stuff, something other than what it is. Use different names for squads, or reaction forces. Its really pretty straight forward, or should I say ‘convoluted on purpose’. You can even set up groupings so that one group of codes can interact freely with other groups of codes and that makes the system even more fluid.

I know this is not new for some people, but I am sure there are others out there that are attempting to get group together and could use a little insight into how communications can be made more secure, without having to resort to encryption that may or may not be secure.

And just like using TOR and TAILS, the less you use it, the more secure you are. Same goes with using numeric encryption such as Kleopatra or PGP or GnuGP. Use it sparingly, and keep your private key complicated and as private as you can get it. Here is a hint for Hushmail users. Yes it has an encryption function for you to use with other hushmail users. Sadly, the encryption is done at the server so what you are reading on your screen is being sent to you as plaintext and can be read by anyone utilizing middle-man attacks. Middle-man attacks are exactly what the NSA uses when tapping into our Net communications. If you are going to decrypt ithat email, make sure that the decryption happens on your machine, and for extra paranoia factor, that you DO NOT decrypt it while you are still connected to the net. Get off line, unplug the Cat7 and turn off your Wi-Fi, THEN decrypt your message. Same thing goes for when authoring and encrypting for transfer. Encrypt first, then connect. And make sure that your original message is not saved in plain text. (Kleopatra has the option of destroying the original after encryption. It writes the encrypted message right over the original. I do not know if the others have that option or not.) I have heard that the PTB and more specifically, the alphabet agencies that are employed to do the dirty work, have successfully hacked certain numeric encryption tools. Seeing how the computers do the encryption, I just can’t see it. The math is extraordinarily complex, and it doesn’t go ‘both ways’. There is a public key to encrypt, and the private key to decrypt. I have not had contact with a friend of mine in some time, but that was her specialty, and she told me (then 2009) that the closest they had come to breaking PGP was 512bit. Most of the encryption tools now are running 4096 bit. And some may be even higher, what with the 64 bit multi-core processors out there. Assuming that they have not cracked that level at this time, it still means that the operator must practice good OPSEC in use of the tool. Give ’em one unencrypted message mirrored by one encrypted and they will have your key. (this is why I like TAILS, you are running an OS separate from the machine you are on, and it will avoid little things like key loggers and other sneaky little tools of hackers. It wipes the RAM when you are done and logging off so even that potential leak is nixed. Some have tried labeling me negatively for proposing the use of these tools, but hey, they are just TOOLS. Use them wisely and they can help you. Screw around and they WILL come back to bite you. Same goes for setting up Radio codes. Sparingly works, jabbering on the air is like swinging a sledge hammer while blindfolded. Use your head.)

Now, time to get busy.  Have fun with it so that it is not a chore.  It also makes things easier to remember if you enjoy it.

Advertisements

3 responses

  1. sparks31

    Reblogged this on Signal Corps and commented:
    Thank you, Dio. 🙂

    January 2, 2014 at 4:43 pm

  2. Have you noticed that the checksum on Tails’ website doesn’t match? Try downloading Tails and then checking it on their checksum and you will see. Therefore I won’t trust Tails until they fix that. Also what do you think of Liberte Linux?

    January 6, 2014 at 4:42 pm

    • Try a different mirror site. The checksum on my download checked fine.
      No, I haven’t checked on that version of linux, yet. Will soon

      January 8, 2014 at 9:37 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s