Decentralized Cell Operations: Can We Learn From Criminals?

One thing the patriot movement dearly loves is big, loud groups with hierarchies and leaders and lots of positions for everyone to aspire to. We’ve talked here before about the concept of leaderless resistance, and how in the situation we find ourselves, it’s arguably a superior structure. The problem with LR, and the decentralized cell operations it deals with, is that people don’t like to mimic anything related to or used by people they don’t agree with ideologically. Go on Facebook and try telling a patriot group that they should study the operations of drug cartels, terror cells and radical environmentalists to get a feel for how tradecraft is done and you’ll see what I mean.

There is seemingly a belief among many in the movement that tactics used by the Left or criminal elements are by default tainted and even wrong, simply because they are used by people and groups we are ideologically opposed to. This is an incorrect view, and those who hold to it are rendering themselves ineffective because they are refusing to use tactics that work. The short answer to the question of whether we can learn from criminals is, quite simply, yes. Even Mike Vanderboegh, founder of the III% movement, used practices and security protocols gleaned from his time as a Communist operative.

The difference between the person who ignores security practices and wants everyone to be loud and proud under one big banner, and the person who understands how to truly effectively operate, is the difference between the “movement” and the resistance.

This document was linked to by Grugq, an OPSEC expert and authority on various matters pertinent to the liberty fight. You’ll notice right away that it’s written by a drug trafficker—and by trafficker, I don’t mean a corner dealer with some connections. This guy is running an operation with multiple facets to it, and doing it fairly effectively. Most people—if they even stopped to read this—would consider him scum of the earth and ignore his advice. Smart folks in the liberty resistance, however, strip the emotion and viewpoints about his product away and see the tactics for what they are. There is a reason why the cartels are operating in all 50 states. There is a reason why people like this guy operate for years without ever being caught. Their tactics work. As Grugq explains about the article in question, “…they are describing a network of cells with compartmentation, strong vetting, training for handling compromises, counterintelligence, and more,” all things that the liberty resistance desperately needs to learn and use on a daily basis.

Have your employees familiar with tails & tor+pgp communications. Anyone minimally professional will take some notes. Make sure all your employees from the top to the bottom is familiar with TAILS and has a secure passphrase. Have them place all their documentation and notes there. Any paper hanging around must be burned.

Encryption works. If it didn’t, then the government wouldn’t be bribing, begging, and forcing companies to build back doors and encryption keys into their hardware and software. Criminals know this, and that’s why they use it. If you expect to stay safe in your operations, then you need to learn how to encrypt. It’s that simple. (By the way, this is why we hold Cryptoparties and classes with experts on how to do just that.) Encrypt everything.

In fact, I’ll go so far as to say that if you’re serious about what you do, you shouldn’t even be dealing with people who are unwilling to learn encryption and digital security. If someone tells you it’s not necessary, don’t deal with them. They aren’t paying attention to some pretty open, basic, critical things. If they tell you it’s too hard to learn, don’t deal with them. There are plenty of free resources out there to teach them—there’s no excuse. If they tell you there’s no point, or that it’s no big deal because they “aren’t doing anything illegal,” then don’t deal with them. If someone doesn’t take their own security seriously, they will not take yours seriously. It’s that simple.

Its everyone’s dream to think its like the movies where we gangsta organise “cartel parties” where everyone is invited. It doesn’t work that way. If someone doesn’t have to meet someone, don’t make them meet. Don’t take the risk of adding up more “heat rating” by creating un-necessary links between individuals who are not directly connected.

“Need to know” is a powerful concept—and a necessary one. Folks are big on networking; perhaps that’s a by-product of social media. You’ll see group leaders encouraging people to recruit, to click that Like button, to bring in more of their friends and push for growth and unity and on and on. In truth, unity is the last thing the liberty resistance needs (more on that later). In fact, the less people you work with, the safer you are. The bigger the group, the more chance there is for everything from infiltration to having some of your people turned. That’s not even counting the guaranteed problems with OPSEC.

In fact, ALF/ELF put out a “Cell Security” manual several years ago in which they state that cells must never mix together. They should “operate on a ‘need-to-know’ basis, with each cell member understanding that not every member needs to know about every detail of every action (ie: sources of funds, homes, safehouses, etc.).” In other words, even within a cell (5 people is about the maximum before splitting and creating a second, independent and autonomous cell), there will be things that some members know and others do not, unless the need arises for them to know it. This protects all of you. Keep in mind that there are people who are literally being paid to keep track of who you associate with, what you post, what you do, who you talk to, and who the members of your group are among other things. Stop making those links for them. If you’re running a group, for the love of all that’s holy, take your leadership hierarchy down off your Facebook page. (Why do you even have a group Facebook page?)

By the way, if you’re thinking that I’m advocating that any of the groups mentioned in this article are doing good things, let me dispel that for you. ALF/ELF are radical environmentalists. I do not agree with their ideology, nor do I agree with their actions. The same goes for drug traffickers, Islamic terrorists, or other criminal elements. They are morally bereft and I despise their belief systems and chosen means of conveying their message. I hold to the III% creed and the Creed of the Order. However, I do not have to like those other groups, or agree with their goals, to understand that their security practices are something to be studied and even modeled after in certain situations. You should seriously consider adopting the same mindset.

We’ll be talking a lot more about decentralized cell operations in the coming days and weeks, but this should get you started thinking. In the meantime, get educated on them and what they are.

There are many places to learn more about decentralized cell operations, and resources to learn tradecraft, digital security, and other skills. Don’t ignore them, take them seriously. These are life and death things—and your screw-up may cost more lives than your own. Take the time to learn—even if the ideology is anathema to what you believe.

 

Guerrilla Support Operations Course May 3-4, 2016

Every guerrilla movement needs a support infrastructure. Supplies, communications, safe houses, contacts, networks. These are the things that often get lost in the never-ending push to “run and gun.” Who supplies those folks? Who makes sure they get to where they’re needed? Who gives them the information they need to operate? How do you cultivate the trusted networks necessary to get things done? This Guerrilla Support Ops class will show you.

Taught by John Mosby of MountainGuerrilla, this class will cover the support operations for your group and network. You’ll learn how to perform the critical functions that make things run, the networks behind the scenes, how to set them up, communicate with them, and get things and people where they need to be. This is not a class you’ll want to miss, whether you’re in an established pyramid style group or an autonomous cell-based group.

 

Please note: This is a weeknight class, broken up into 2 nights.

Tuesday, 3 May 2016
Wednesday, 4 May 2016

Location: Auburn, WA (specific location undisclosed)
Times: 1730-2100

All vetting and security protocols apply. This class will fill up fast, so get in NOW!

For general questions, contact us at towr@whiterose.us.

To apply for entry, email towr@hushmail.com.

 

5 Ways to Improve Your Critical Thinking

Today’s helpful tidbit comes from Lifehacker, who has a great (common sense?) article on improving your critical thinking skills—which, by the way, are often sorely lacking. Next time you see a news article going viral, or someone’s “analysis” on something, stop and follow these 5 steps. You’ll find yourself being a lot more effective in separating the wheat from the chaff.

  • Formulate your question: Know what you’re looking for specifically. If you’re considering going on a diet, for example, know whether you’re trying to lose weight, have more energy, or just to improve your nutrition. Break things down to their base level.

  • Gather your information: Now that you know what’s relevant to your problem or decision, research it. Reach out to an expert, read up on the subject, or talk to people who have experience with the same subject matter.

  • Apply the information and ask critical questions: What concepts are at work? What assumptions exist? Is your interpretation of the information logically sound?

  • Consider the implications: Look beyond the short-term and think about how your decision will shape things in the long-term. Something that will benefit you now may not benefit you in the future. What’s at stake? What can go wrong?

  • Explore other points of view: By understanding other perspectives, you learn more about the subject. You’re also given an opportunity to reflect on the information you have and how you feel. For example, if you learn why people are against the diet you’re considering, that may affect your decision.

 

Watch the TED talk on this here. Also try this article on critical thinking. Remember—facts don’t care about your feelings, your agenda, your likes or dislikes. Follow the truth, no matter where it leads.

Signal vs. Wickr: How Secure is Your Secure Messaging App?

Bottom line: Facebook doesn’t cut it; in fact, if you’re still using Facebook to coordinate, recruit, and communicate about your activities (stop doing roll calls!), then you’re a liability to your contacts–there’s no two ways about it. You need secure messaging. No excuses.

Some of you have a secure messaging app you use—but is it secure? The Electronic Frontier Foundation released a Secure Messaging Scorecard that will tell you, and we’ll flesh those ratings out with information from other experts. Let’s see how two of the more prominent apps stack up.

Secure Messaging Criteria

EFF uses a list of criteria to grade each application on a simple yes/no basis; it uses the simple formula these are the features it should have. Does it, or not? Some of these criteria include whether your password or identifying details are stored on their servers, or whether the provider themselves can access your messages. While even a full green light doesn’t mean the app is completely government-proof, it gives you a good idea as to whether you’ll at least make them work for it, and whether the company is on the right track in terms of their goals and capability.

On FacebookWickr

Perhaps one of the most popular apps used by those in the movement, Wickr claims that their level of security is better than any other app on the market. It’s free to boot, which makes it highly attractive to many. It has a mostly green light from EFF, but the problem is that Wickr is missing two critical components:

  • Its code is not open for independent review and audit.
  • The security design is not properly documented; i.e., public.

One of the most important parts of the security process is ensuring that each app’s code is available for other coders and security researchers to audit. It’s a self-imposed accountability system that allows the community to ensure quality and that apps do what they say they are supposed to do. In addition, developers typically release a white paper or other technical document to explain in detail how their encryption process works–again, for accountability and transparency. If the system’s encryption process is solid, it doesn’t matter if every single line of code is publicly available. Audits like these have caught both backdoors and coding errors—resulting in a better product. When you’re talking about life and death communications, you need to have the most secure app available. Audits help achieve that through public disclosure of both the encryption and the code itself. The keys are what stay private.

Wickr, however, has not released its code (refusing to even consider it), and that’s caused an interesting debate in the security community. Security researcher Brian Krebs puts Wickr in a group of apps “that use encryption the government says it can’t crack” but others aren’t so sure. This video explains some of the reasons why you should perhaps think twice before trusting your secure information to Wickr. The video was made in 2014; it would be a good idea to check some of the documents he’s talking about to see if any of these issues have changed. (I can tell you from experience that his first issue—them storing your password on their server after claiming they do not—is not rectified as of yet. Also, check out his other videos, especially the one regarding your contacts).

Several other security researchers have also voiced concerns regarding Wickr’s lack of open source accountability.

 

“We have a kind of a maxim in our field, in cryptography, which is that the systems should be open,” says Matthew Green, a cryptography researcher and professor at Johns Hopkins University Information Security Institute. […] For Green, that means “if you don’t know how a system works, you kind of have to assume that it’s untrustworthy.” He adds that this is not about being an open source activist. But Wickr, he says, doesn’t even have white papers on its website explaining how the system works…”From my perspective I don’t think the company should be telling us, ‘Trust us, it’s safe,’ ‘Trust us, it’s encrypted,’ or ‘Trust us, it’s audited,'” says Nadim Kobeissi, a cryptographer and founder of encrypted browser-based chat service Cryptocat. “We should be able to verify ourselves.”

Others believe that Wickr’s refusal to make their code open to independent audit is just fine. Dan Kaminsky, a security guru, has said he personally audited Wickr’s code and it’s secure. However, Matthew Green sums it up thusly:

Should I use this to fight my oppressive regime? Yes, as long your fight consists of sending naughty self-portraits to your comrades-at-arms. Otherwise, probably not.

It’s each individual choice whether to use Wickr, and Kaminsky’s admonition that “nothing is 100% secure” is a fair one. I use Wickr myself, but not exclusively, and not for anything critical.

Signal

Another increasingly popular app is Signal (formerly RedPhone and TextSecure). Offering both texting and secure calling, the EFF gives Signal a green light across the board. It has all of the encryption features of Wickr, and also has open source code and documented encryption processes. Matthew Green says that it “does not retain a cache of secrets from connection to connection.” The Intercept also endorses Signal, with the caveat that any app you install is only as secure as the device you install it on. Other endorsers include Bruce Schneier, Edward Snowden, and Laura Poitras (for whatever that may be worth to you personally).

Like Wickr, Signal also has a desktop version. And, since it’s tied to the device, it doesn’t save your password on a server like Wickr does. From Signal’s website:

The Axolotl ratchet in Signal is the most advanced cryptographic ratchet available. Axolotl ensures that new AES keys are used for every single message, and it provides Signal with both forward secrecy and future secrecy properties. The Signal protocol also features enhanced deniability properties that improve on those provided by OTR, except unlike OTR all of these features work well in an asynchronous mobile environment.

For those who would like to audit Signal’s code themselves, you can find that here.

Conclusion

What you choose to use and trust is a personal decision. Nothing is completely secure all of the time; anything critical should be kept to face to face meetings. In addition, all standard OPSEC rules should apply. (For a real world case of security fails and how that ended, read this story.) For those who claim that “we aren’t doing anything illegal,” keep in mind that we have reached a point where that determination is made on a case by case basis these days, and the odds are not in your favor. I also daresay that there are quite a few people recently put in jail who, if they’re smart, are rethinking a lot of their OPSEC and security strategies. Besides, as world renowned information security researcher The Grugq points out that “OPSEC is prophylactic, you might not need it now, but when you do, you can’t activate it retroactively.”

I’ll do a future article on other apps such as Silent Circle, Telegram, Zello, and more. In the meantime, sit down and decide what your critical information is. Do some basic threat analysis. Next, do some research on the above programs and decide what you can afford to compromise in terms of security. For many users of secure chat, it’s a life or death decision. Keep that in mind.

Above all, take the time to research and learn. You don’t have to be a computer wizard, but you do need to learn the basics of encryption and how to protect  yourself. There’s an excellent beginner primer here (add this blog to your daily reads). For those who prefer a classroom setting, we have the Groundrod Primer class coming up in a few weeks. We highly recommend you check out both.

Whatever you do, for the love of Pete, stop using Facebook as a coordination, networking and recruiting tool.

Sophie Scholl: The Final Days

Many people don’t understand why we named this The Order of the White Rose. We encourage you to read the story of the original White Rose Resistance, and to understand who they were and what they stood for.

The 73rd anniversary of the execution of the original White Rose leadership is 22 February. In honor of our namesake, we post this movie about Sophie Scholl, one of the three brave resistance leaders who were beheaded by the Third Reich for daring to engage in free speech and talk of liberty and freedom. Take the time to watch it. We seek to honor their work and sacrifice, and we echo the last words of Hans Scholl, Sophie’s brother and co-defendant:

LONG LIVE FREEDOM!

https://youtu.be/nXtC08tWxqA