The Connecticut Survivalist Alliance Intelligence Unit (CSAIU)
is an all volunteer group of security analysts who provides
intelligence information to Connecticut Survivalist Alliance
(CSA) members and selected information to the public in
bulletins and blog postings.
The CSAIU works to develop leads and investigate rumors sent
to us nationwide, the CSAIU's goal is to provide the highest
quality information to our members that's possible.
The CSAIU's highly skilled members believes in using what
works to enhance our members and affiliates tactical skills
and experience and to increase their safety and
effectiveness on the Internet or on the street.
The terrorist attacks of September 11, 2001 revealed the
life-and-death importance of Intelligence Operations.
Effective Intelligence Operations applied to terrorist
threats is not the CSAIU's only area of responsibility.
The CSAIU has a sweeping Counter Intelligence Program (COINTELPRO)
that infiltrates organizations suspected of being a threat
to the Patriot, Militia and Survivalist communities.
General Computer Security
1. Install and regularly update anti-virus and firewall
software. Free programs such as AVG (www.avg.com)
and ZoneAlarm (www.zonealarm.com)
are available for Windows. The important feature is that
live update is activated so they are continually up-to-date.
2. Install spyware detector programs such as Ad-Aware which
is free from
3. Deleting a file does not remove it from your hard drive,
etc. In order to do this it needs to be properly wiped,
using a program dedicated to doing this. Recommended ones
Disk Security and No
4. Encrypt any sensitive files on your computer, CDs or
floppy disks using a program such as
(use an older version of
(before the NSA interest, and suspected algorithms of the
current versions) and use at least a 2048 bit RSA Key.
Ideally, you will stuff all files in to one big archive
(e.g. using WinZip or RAR) and encrypt that. This means that
even the file names are hidden. Wipe the original files.
This should be done every night when you’ve finished using
the computer. Alternatively use disk encryption
5. Chose passwords that are effective, Password protected
computers are not secure to the prepared infiltrator so
encryption of anything sensitive is a must.
(a) Do not base them on the names of family, pets or
dates of birth.
(b) Include non-dictionary words or sequences of
which are essentially random.
(c) Really sensitive material should be protected with
passphrases of a minimum of 30 characters from the entire
including upper and lower cases, numbers and any permitted symbols.
(d) Change them on a regular basis.
(e) Do not write them down and stick them under your chair
or desk ,
these are the first places that an intruder will look.
6. Back up your computer in case it is stolen,
but keep the back-ups secure somewhere else.
7. Consider switching away from Windows to other operation
systems such as Linux or Mac which have better security
8. Avoid wireless keyboards as they transmit quite a
distance as well as to your computer.
9. Keep important/sensitive data and
keys on removable media,
such as thumb drives.
There are devices available which can be attached to your
computer and will record everything you type, including
passwords. The chances are that you will not be able to find
them. However, they are unlikely to use these except in
major cases. If you suspect that you are going to attract
this sort of attention, then you need to strongly reconsider
if you should be using your computer at all, or have a
set-up that the computer is never left unattended at any
1. E-mails are totally insecure, and very easy to monitor.
To keep them private, use
Don’t say anything in an e-mail you would not be prepared to
justify in court.
2. If you want to contact another person without those
watching you knowing who it is you are in contact with set
up fake email accounts on free webmail sites and use them
instead. Consider using it as a mail drop system.
3. You can also look into using ‘remailers’.
4. Be aware of spam – unsolicited e-mails, even if they look
genuine, such as from a bank. Never buy anything, or even
click on the links to websites contained in unsolicited
e-mails. Messages from banks, eBay, PayPal, even warning you
that you have a virus are all fakes.
If in doubt ask someone who knows about computers, but err
on the side of caution.
5. If someone sends you an attachment you are not expecting,
do not open it, even if you know and trust that person.
E-mail the person, asking if they really did send the
attachment to check it is not a virus.
6. Avoid using Outlook or Outlook Express for your e-mails.
Consider using an alternative such as
Pegasus. Outlook is
notoriously buggy and a significant agent of virus
7. Avoid using Internet Explorer to surf the Internet – use
an alternative such as
Firefox. If you cannot avoid using Internet Explorer,
switch off Java and ActiveX.
8. Every time you access the internet you leave a trace that
can be used to tie back to you. If visiting a website you
don’t want people to know you are interested in, use an
anonymizer website or an Internet café. If you suspect you
are being monitored, do not do anything sensitive from your
home computer. Watch out for CCTV in Internet cafes so pick
small, obscure ones.
9. Avoid using details that can be traced back to you. Use
pseudonyms and e-mail addresses with fake details were
possible, when posting messages, etc. Do not try to be
ironic by using something that ties back to you, even
"Participating With Safety" (March 2002)
'Participating With Safety' was a project created by the
Association for Progressive Communications that sought to
develop a training package for activists, journalists and
human rights workers on using information and communications
Introducing Information Security
Passwords and Access Controls
Using Encryption and Digital Signatures
Using the Internet Securely
Living Under Surveillance
Oppositional forces are trying to prevent individuals from
using strong encryption techniques. Some people complain
that ALL newer versions of commercial encryption
products are worthless because the National Security Agency
(NSA) or other major world governments have either mandated
built-in back doors or have the processing power to decode
all encrypted messages sent through cyberspace.
The NSA's current Cray supercomputer, code-named the "Black
Widow", can performing hundreds of trillions of calculations
per second, searching through and reassembling passwords and
passphrases, across many languages.
The security of an encryption system depends upon a lot more
than the encryption
algorithms used. We use the RSA cipher which some consider
infeasible, but security depends upon the user, weak
passphrases (passwords) are the most common weakness.
Using any passphrase that's ever been published,
is the inexperienced users first mistake.
Passphrases differ from passwords only in length. Passwords
are usually short ,
six to ten characters. Short passwords are not safe for use
with encryption systems. Passphrases are usually much
longer, typically 20 to 40 characters, sometimes more. Their
greater length makes passphrases more secure. Modern
passphrases were invented by Sigmund N. Porter in 1982.
Picking a good passphrase is one of the most important
things you can do to preserve the privacy of your computer
data and e-mail messages. A passphrase should be:
Known only to you and never have appeared in print.
Long enough to be secure
Hard to guess -- even by someone who knows you well
Easy for you to remember
Easy for you to type accurately
Do NOT use any word as a password,
contained in this file.
This is just a small dictionary attack file,
you can obtain more at:
Tor - Anonymous browsing
Tor is a decentralized network of computers on the Internet
that increases privacy in Web browsing, instant messaging,
and other applications. Estimates are that there is some
30,000 Tor users currently, routing their traffic through
about 200 volunteer Tor servers on five continents. Tor
solves three important privacy problems: it prevents
websites and other services from learning your location; it
prevents eavesdroppers from learning what information you're
fetching and where you're fetching it from; and it routes
your connection through multiple Tor servers so no single
server can learn what you're up to. Tor also enables hidden
services, letting you run a website without revealing its
location to users.
Individuals use Tor to keep websites from tracking them and
their family members, or to connect to news sites, instant
messaging services, or the like when these are blocked by
their local Internet providers. The
Electronic Frontier Foundation
(EFF) is backing Tor's development as a mechanism for
maintaining civil liberties online. Corporations use Tor as
a safe way to conduct competitive analysis. A branch of the
U.S. Navy uses Tor for open source intelligence gathering,
and one of its teams used Tor while deployed in the Middle
East. This diversity of users helps to provide Tor's
free/open source software and unencumbered by patents.
That means anyone can use it, anyone can improve it, and
anyone can examine its workings to determine its soundness.
It runs on all common platforms: Windows, OS X, Linux, BSD,
Solaris, and more. Further, Tor has extensive protocol
documentation, including a network-level specification that
tells how to build a compatible Tor client and server;
Dresden University in Germany has built a compatible
client, and the European Union's PRIME project has chosen
Tor to provide privacy at the network layer.
Of course, Tor isn't a silver bullet for anonymity. First,
Tor only provides transport anonymity: it will hide your
location, but what you say (or what your applications leak)
can still give you away. Scrubbing proxies like
Privoxy can help here
by dealing with cookies, etc. Second, it doesn't hide the
fact that you're *using* Tor: an eavesdropper won't know
where you're going or what you're doing there, but she or he
will know that you've taken steps to disguise this
information, which might get you into trouble -- for
example, Chinese dissidents hiding from their government
might worry that the very act of anonymizing their
communications will target them for investigation. Third,
Tor is still under active development and still has bugs.
And, since the Tor network is still relatively small, it's
possible that a powerful attacker could trace users. Even in
its current state, though, we believe Tor is much safer than
Please help spread the word about Tor, and give the Tor
developers feedback about how they can do more to get this
tool into the hands of people who need it, and what changes
will make it more useful. Also, consider donating your time
and/or bandwidth to help make the Tor network more diverse
and thus more secure. Wide distribution and use will give us
all something to point to in the upcoming legal arguments as
to whether anonymity tools should be allowed on the