Tablet Tradecraft: Rules For Clandestine Messaging on Mobile Tablets

Scenario: You've got a team of pipe hitters you've assembled to do all the things. You're running radio as both a clandestine and tactical organizational net (a la The Guerrilla's Guide to the Baofeng Radio) but there exists a gap. Not all your trigger pullers are sitting beside a radio waiting to get rally point instructions. Mobile devices are a reality of the asymmetric battlefield, and although the example might sound dramatic, if you think about the world in those terms simple security measures become easy. Proper tradecraft permeates all aspects of life and in practice, the very same aims many have for privacy, security and anonymity resonate well with sound practice. 

First things first, break out of the 'all or nothing' mentality. Security tradecraft, and in turn messaging, is an ever evolving continuum in terms of technology. While I understand that technology is beyond the reach of some, simply shutting down or defaulting to one particular tool is absolutely bad tradecraft. Statements like 'well everything is compromised' or 'we're just going to do it this way because so and so won't train' is a non-starter. Those are excuses. Either learn to learn or you will learn to suck, but either way don't complain about the results. 

So let's talk about those mobile devices. Before we even get into the basic operating rules an underlying truth is that the device itself must be open source, easy to source in my working environment, and mitigates the physical RF footprint it emits. What's that mean? WiFi-only Android tablets. I need the ability to configure a device on the fly and get several of them up and running in a hurry. A WiFi tablet has no inherent data connection unless I enable it, and even then its only connecting where I want it. If you've got a cell connection on your tablet, congrats, you just have a big cell phone.

Let's talk messaging apps themselves. The watchword here is decentralization. While no messaging app should be considered completely secure, there are several that work quite a bit better than others. Decentralization means that messages are stored and forwarded through a network of nodes rather than a centralized host. What this does is layer the data in motion between the sender and the recipient. Further, if you're sending via one means and receiving a response on another (otherwise known as backchanneling) you're creating several smokescreens for that data in motion. Impossible to track? No. But a hell of a lot harder than using a centralized platform such as Signal. 

One of the things I do is keep a SD card pre-loaded with the apps I plan to use. This involves downloading the physical APK files themselves from Github - most of developers have a dedicated Github page with a clean install file of the apps you're looking for. We're not using Google for this - the idea is to reduce the amount of metadata as much as possible while keeping in mind the only absolute way is to not use it at all, which doesn't do anything to solve our problem. Loading APK files on the tablet itself is pretty easy, just make sure to click through the 'enable installation from this source' in the system security settings and you're off the races. Make sure that the messaging apps you're installing are routing all of their traffic through Orbot, which is the Android equivalent of Tor. What this is doing is masking your data in motion the same way most people understand a VPN does. Orbot can be configured to activate when the device is turned on, adding layers to the onion that is data in motion. Keep in mind each of these layers is a smoke screen or an obfuscation of the point of entry (or exit in the case of the recipient) into a network. Its not an absolute all-or-nothing; your behaviors and uses are. 

Let's get into where to go from there. 

White, Red, Black: Compartmentalization of Contacts is Key. 

Far and away one of the most difficult concepts for civilians to wrap their minds around is compartmentalization. I'm not talking to everyone via the same means. And on that note, I'm also not setting up a group chat that we all have equal access to. Equality is for communists, effective organization demands hierarchy. The game is mitigating what can be scraped by bad actors and everyone seems shocked every time one of these rather dumb group chats gets its content (and members) leaked online via screenshots. If you're organizing people for purpose, each of those needs to be compartmentalized with as few contacts in the compartment as absolutely necessary. This is a simple counterintelligence technique that goes along way to stymie threat actors. 

Contacts and the method of communications are broken down into three colors: White, Red and Black. White side communications are those where the association between sender and recipient are known and the data itself is not sensitive. While you're not necessarily shouting it in public, the means and method itself is not obscure. Red side communications have a sensitive purpose with an association possibly known between the sender and recipient. This is a more private sidebar where sensitive topics are discussed or short timeframe coordinating instructions are given. Black side communications conceal both the relationship between the sender and recipient. This is where clandestine instructions are being given, with both sender and recipient understanding how to decode the message itself. More on this in a bit - but this is where physical encryption comes into play. 

Practice Wardriving. 

Wardriving is the art of moving around in a working environment looking for open WiFi connections and using them. Normally this carries the act of actually driving in a moving vehicle along with it, but, its not limited to that. for our purposes we're simply sending a message - no network intrusion or stealing credit card numbers. Most public spaces have open WiFi connections even if they're notionally password protected. Coffee shops and fast food joints normally have a very basic password that they hand out to customers. Normally you'd want to avoid these connections like the plague for security reasons, but in this case, this is where we're connecting to the internet to send our message. Once we've made our comms shot, we're disconnecting and moving on. 

Disrupt Your Own Patterns Of Life. 

We all have our own bad habits. As I break down in The Guerrilla's Guide to Signals Intelligence, patterns of life are everything that encompass our daily routine. Humans are creatures of habit and those patterns of life are the timeline by which we conduct our behaviors. This extends to our network of contacts as well. Assume everything is being observed, whether physically or electronically (because in the case of the latter, it absolutely is). What's routine for us becomes known as our baseline. Everything that violates that baseline then becomes a potential action indicator. One of the goals we're accomplishing through using a WiFi tablet for messaging is obscuring our patterns of life as is. None of our tools make a difference if the underlying behaviors haven't changed. 

The first thing this entails is under no circumstances using a device for clandestine purposes from a network node associated with you. This might seem trivial to mention but you'd be surprised how many people manage to mess this one up. I can recall more than one HVI from Afghanistan getting rolled up from us running time-sensitive targeting (TST) on their cell phones that didn't previously have an association with them simply from being powered on at their last known dwelling. Today we have AI tools doing exactly that and its largely non-governmental. Might sound Orwellian but welcome to the tech reality. In order to mask that, you've got to change your own daily habits. Hard, maybe, but functions of the underground aren't easy. 

Don't Rely Exclusively On Electronic Encryption. 

Far and away electronic encryption is the kryptonite of the spec-reciters and otherwise ill-informed. Its no more than a sales buzzword. This is not to say that messengers claiming a specific level of encryption of traffic do not live up to the claims, often they do, but the devil is always in the details. Everything has a weakness ranging from problems in the algorithm to flaws in the user interface to the user himself. No matter how well designed an app may be there's some design issue buried within which becomes an exploit in the attack surface.

The most common one of these has nothing to do with the method of electronic encryption: taking screenshots. Let's say you've set up a Red Side net with three others. One of those is compromised and proceeds to take screenshots of the messages themselves. His handler has you. Whoops. Messenger apps that are truly privacy-conscious have a notification to all users as soon as there's been a screenshot taken. On that note, you should have a setting to sanitize messages on a set period after the recipient has read it. 

On the less dramatic side recognize that without your own audit, you're simply going off 'trust me bro' for what might cost you your life. I'm kinda funny about that personally, not out of a sense of self preservation but rather commitment to cause. Doing things wrong gets people killed but more importantly kills the objective of your movement, which is a reality very few in the US understand. Its not your fault, you've been insulated from consequences for too long and video games made you stupid. But as a friendly warning, all of this stuff is fun and games until you get hurt. 

Clandestine messages, even being sent over 'encrypted' apps, absolutely must be physically encrypted. While there's a ton of different ways to do this I'm a big fan of using trigrams (such as in the appendix of the Guerrilla's Guide to the Baofeng Radio) due to their simplicity. Trigrams are handy due to having a master list that can be used over a longer duration versus One Time Pad, which has a finite number of messages defined by the number of pad keys that both the sender and the recipient have. 

Trigrams are faster and simpler, but suffer from a potential complete compromise if one of the keys is lost or captured. A cryptographer tasked with counterintelligence has to know first a list of words assigned a trigram and second the rotation of the letters. If the key itself is compromised they have both. The strength of One Time Pad (OTP) lay with its absolute robustness of encryption: it is unbreakable if used only once. So while it may take more time (at least at first), OTP is the most robust method even if more labor intensive. 

Another element to physical encryption is simple codewords used as action indicators for short messages. These are most often used to indicate a compromise of a device or an asset, signaling duress or waving off an activity already in motion. 

When Not In Use, Put It Away.

It'd be kinda off to be walking down the street with a radio in your hand, right? Visibility aside, you wouldn't do that due to exposure - when a tool is not in use we put it away. But that said with electronic devices there are tools which can exploit their contained data even when we assume they're powered off. Long story short, this is not usually the case.

Expanding on that concept is the question of whether or not you're really disconnected from that network even if you think so. You may not be. I've encountered public spaces that connected to my devices without my permission during traveling even with all connectivity shut off. The Denver Airport still connected to my phone even though I was running CalyxOS at the time and had all data switched off as I usually do while traveling via air. Now exactly how they connected is another topic for another day, but the bottom line here is that just because you assume one thing doesn't make it so in reality. 

The only way to be sure is to create a physical air gap which is something I do with all of my devices when not in use. Its not that I'm particularly paranoid about technical surveillance or that I have an overbearing fear of an EMP taking our devices offline. Paranoia would imply an unfounded fear, and my concern comes from knowing damn well the capabilities exist in both cases. For this reason I'm a major proponent of using Faraday bags to create a physical barrier between your device and your working environment. This rule absolutely applies to a tablet you've configured for clandestine messaging. When you're done doing business, device goes back in the bag. 

Everything Is Disposable. 

This last rule applies broadly to just about every tool an asset might employ in a working environment from weapons to clothes to electronic devices. Once used its contaminated and needs to be destroyed in the event of a compromise. How you go about that is up to you, but just know the simpler the better. 

This goes back to the original rule above, that one of the necessities of the device itself is that I can source and reconfigure a new one on the fly. If I'm married to one particular device to do all the things, replicating it under duress becomes a major problem. Having all of my files ready to go makes life easy. 

The nice thing about practicing tradecraft techniques with tablets is that you can do it in public and most people won't bat an eye. It costs you very little other than some time and you'll learn a thing or two in the process. Get out there and get after it. -NCS