.
Anyone who wishes to be in communication with other Resistance members is going to have to figure out how to receive and transmit information intended only for the eyes of their chosen recipient. Trust and communications go together. If there is no trust, then there is no point to communication. If there are no secure means of communication, then trust cannot be built..Even those militiamen who believe in "leaderless resistance" but who are not so underground that they are acting exclusively upon their own, need secure but reliable communications. In many cases you need to know your targets and the security of those targets. You need to know the status of your own cell and that of your enemy. It is for a reason that Communication, Command and Control are known in military circles as C3. They are so interlinked, that you cannot have one without the other two. A network of cells operating to a common purpose requires C3, but especially communication. It is only a lone cell of one individual which is free of the requirements of communication.
In this day and age of wire-tapped telephones and extensive gubbnmint surveillance, knowing how to encrypt the messages going in and out of your residence with a computer is a vital skill. While the computer and the Internet is the primary tool of the Resistance pamphleteer and agitator, still, for the ordinary rank-and-file Resistance soldier computer skills are secondary only to good rifle marksmanship. Why? By using dummy e-mail boxes and agreed-upon coded messages, communications can take place even when the Resistance soldier has no computer of his own, but can access one by using that of a friend or using a public computer found at a college or university. The Modern Militiaman uses unobtrusive communications technology whenever possible to gain his objectives.
This article shall cover the use of PGP encryption for those who have access to an IBM-type personal computer. The second topic shall be setting up dummy e-mail addresses for those people who have access to a computer, even a public computer, which has Internet access.
Using Pretty Good Privacy (PGP)
.
The best, most common encryption method is the use of Pretty Good Privacy (PGP), touted by the program itself as "encryption for the masses." They are not kidding. This program can be accessed using DOS 3.3 with a 720k floppy disk on an ancient 8088 XT. However, it would be best if your computer is at least a 386sx with a VGA monitor and 4 megabytes of RAM, DOS 5.0 and Windows 3.1. It is still best to use PGP with a floppy disk, however. It is a lot cheaper to destroy a 25 cent floppy than it is to protect your PGP files by destroying your hard drive. Just keep a duplicate floppy in a safe place and do not use them cheap black floppies that you buy by the hundred. Use a name brand floppy.
PGP uses two sets of keys for encryption. One key is your "public" key, which looks like a random jumble of text. You give your public key to some person with which you wish to get in contact. For example, my public key is:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzByVNkAAAEEAMh2M+1FWeDCpSIt/An4ZZjlthsQXVJo1ZLrnwze+lHZfoT+ 8lArm/GgRNRFYTXxlxIItJI7TihIL2DB4R/2HWxbvxrI6hXQdKVPSEC8/+N18dO1 oeUO4JQcApgOlWoD+sB81f4ir7o8aOA9xq/2SPclb+hmwqpcHaiKnJwfgEZ1AAUR tB5NYXJ0aW4gTGluZHN0ZWR0IDwxMDIxNDIsMTY2Nz4= =IyHe -----END PGP PUBLIC KEY BLOCK-----The PGP program generates a "secret" key in conjunction with the public key. You give the persons with which you wish to communicate your "public" key and the "secret" key used with the public key remains on the floppy or hard drive, accessible only if you give out your secret pass phrase.
Many people use a shell instead of the command line favored by PGP. The shell gives a menu of what steps to follow, rather than having to read the command line and follow its prompts. However, since every person will not have access to the same PGP shell program, it would be best to use the command line to show how to use PGP.
So where does one get PGP? The best way to get it is to go to the MIT WWW page and download PGP 2.6.2 directly, as this version is guaranteed to be untampered with by the computer eggheads at MIT. The WWW page to access is:
http://web.mit.edu/network/pgp.html
Answer the questions and read the legalese text then download the 2.6.2 PGP zip file. Using pkunzip 2.04, then place the unzipped files on a 1.2 meg or 1.44 meg floppy.
There are other places to get this program. From BBS's, from CD-ROMs of shareware such as The Software Vault series. If need be, send this author $5 and your address and he will send you back a floppy with PGP 2.6.2 on it, a PGP DOS shell program, and a tutorial on how to use the shell program.
So how do we use the PGP program? Let me run you through the command line of PGP using DOS or a DOS session under Windows:
1. Type pgp
The program will inform you that you do not have a TZ time variable in your autoexec.bat file. For a usage summary (online help) type pgp -h
2. Type pgp -h
Then you will see several screens of confusing screens with various ways to use pgp. If you cannot understand the screens, print out and read the documentation, and hopefully things will become clear.
3. First you will need your own secret/public key pair. The help screen, under key management, said to generate your own unique public secret key pair:
Type pgp -kg
4. The program asks you to select your RSA code size. You want secure communications, 1024 bits.
Type 3 Enter
5. The program asks you to enter your name and maybe your e-mail address. For the purpose of this lesson you are Joe Sixpack. The screen says "Enter a user ID for your public key:"
Type Joe Sixpack
6. The program says "You need a pass phrase to protect your RSA secret key." Then it tells you what is allowable. For this example you will use the following pass phrase:
Type Tastes Great -- Less Filling
Then the program will ask you to "Enter same pass phrase again." Do so, knowing that this program insists that you do it exactly right. If you don't do it right, you will see: "Error: Pass Phrases were different. Type it in again until you get it right.
7. The program then says: "We need to generate XXX random bits . . . Please enter some random text until you hear a beep."
Run your fingers over the keyboard until you hear a beep, then wait.
The computer will generate a line or two of . . . .****. . . . while it thinks and then eventually say, "Key generation completed." and kick you back to the command line prompt.
8. By this time, because our random key strokes were different, our secret keys and public keys will be different. However, we still need to know what our public key is, so we can give it to our friends with whom we shall communicate. We need to generate our public key and put it in an ASCII text file, so we can send it on to friends.
Type pgp -kxa
The program will ask for the user-id. Type in Joe Sixpack, then Enter. When the program asks what file you wish to place the public key, type myfile.txt or sixpack.txt.
9. Now that you have a public key, you will need another person's public key in order to communicate with them. You can go over to myfile.txt or sixpack.txt and send some person your public key or you can initiate the process yourself if you have their public key. Above you have one public key, namely mine. So cut and paste the text of my public key, starting with the first hyphen and ending with the last hyphen,
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzByVNkAAAEEAMh2M+1FWeDCpSIt/An4ZZjlthsQXVJo1ZLrnwze+lHZfoT+ 8lArm/GgRNRFYTXxlxIItJI7TihIL2DB4R/2HWxbvxrI6hXQdKVPSEC8/+N18dO1 oeUO4JQcApgOlWoD+sB81f4ir7o8aOA9xq/2SPclb+hmwqpcHaiKnJwfgEZ1AAUR tB5NYXJ0aW4gTGluZHN0ZWR0IDwxMDIxNDIsMTY2Nz4= =IyHe -----END PGP PUBLIC KEY BLOCK-----and save it to a file named lindsted.txt. Then you must add this public key of mine to your pgp public keyring.
Type pgp -ka lindsted.txt
The computer will ask if you want to certify my key after it is added to your public key ring. To make sure this key is added to your public key ring, type pgp -kv and check it out. Now you know how to add public keys to your floppy and have your own public key, you are ready to start sending pgp encrypted messages.
10. To send an encrypted message to somebody whose public key you have, send them a message with your public key (you do want a response, don't you?) in the clear. Write your message in a word processor. Save the message as a text file. Then encrypt the message as follows:
Type pgp -ea filename.txt his_user-id
The "a" is for e-mail transmission as it sends a message in ASCII characters. Use the "a" suffix whenever you want to ensure that the input or output is in ASCII.
11. To decrypt a message sent to you, you must have the sender's public pgp key on your keyring. This has been covered in #9 above. A new sender should send you his public key. Place the ASCII text on your floppy (hopefully in a work directory) with a new filename. If the new filename is one with the date on it and a "t" for transmission then it should be easy to remember that filename.
Type pgp filename.txt newfilename.txt
The command line should tell you the file is encrypted and that your secret key is needed to read it. The secret key is unlocked by using your secret pass phrase. Remember it?
The above instructions will be augmented if you read the manual, which is on every PGP 2.6.2 floppy. In fact PGP will not work unless the document text files are on the floppy. One can use a 720k floppy by deleting the instructions while keeping the text names on disk, but for most people the reading of the instruction manual is recommended. The quick instructions offered above are a small, minimum overview on how to use PGP.
Is PGP secure? Yes, so far as known. Most people will be compromised by forgetting to unplug the modem when they encrypt/decrypt their messages or by the NSA looking at your fingers, or other such tricks. Other tricks which can be used is to use your PGP to generate a new public key and a new message to be uncovered only by the recipient. This is equivalent to running a PGP "loop" within itself and should add to security. Should anyone rely on PGP to the exclusion of security elsewhere? No. Keep hold of your PGP floppy, run PGP from your hard drive or leave messages archived where government gun goons can get at it and have a step up towards brute numbers crunching and code cracking by having open and encrypted messages to compare. Too much confidence in "uncrackable" codes can be fatal, as the Germans found out with ULTRA and ENIGMA in WWII.
Lacking anything else, secure communications policy means the use of PGP. Using a made-up code in advance in addition to the PGP adds to message security. Encourage everybody to use PGP for even random messages, because the feds never know which message is important and which is routine unless you tell them. If everyone used PGP, then sooner or later the government would have to pack it up insofar as using wiretaps and interception of electronic mail. Their snooper files, indexed to search and save any messages with flag words such as "patriot," "militia," "freeman," "Constitution," "Republic of Texas," etc. will be helpless in scanning jumbles of random text. A patriot's job is always to make it hard for the cowardly prying despot.
Dummy E-Mail Boxes
The greatest use for PGP came with the advent of electronic mail (e-mail). But what if the gubbnmint is aware that a particular e-mail address is the private electronic mailbox of you -- John Q. Radical? A large amount of PGP messages announces to their small bureaucratic minds that both the sender and receiver have something to hide. What then?
Or say you are a deep-underground Resistance agent with Unabomber as your role model. You don't have electricity, much less a computer but you must remain in touch so that funds can arrive and you get your orders from your Council of Hard Men. What then?
So the first question is: what equipment do you have? If you have at least a 386sx computer with 4 megabytes of ram, a VGA monitor, and an 80 meg hard drive running DOS 5.0 and Windows 3.1 software and a 14.4 modem then you are in luck. Today such a setup should cost you $350 or less. You can't buy such a limited system new today because they no longer make such obsolete equipment, referred to as "boat anchors." A thousand dollars will get you a Pentium processor, a one gigabyte drive, Windows95, a 28.8 modem, and a 14 inch VGA monitor. Get local Internet service if you live in a town of over 1,000 people and you are well on your way. Then the world of secure communications can be piped into and out of your very own home.
Free or Inexpensive E-Mail. If you have the abovementioned computer equipment and live in a medium-sized town to large city, chances are you can get an Internet Service Provider (ISP) cheaply or even for free. You access a local telephone number so the only cost is your ISP monthly fees. Do not get on America On Line or CompuServe as their local lines are extremely busy or their service is expensive, costing you by the hour. The best deal is to go for "unlimited service" for a monthly fee of $20 per month or less. In this age every small town and local college boasts that they are on the Internet; you might as well be also.
Internet service usually means that you have electronic mail (e-mail) coming out and going in. It also means you can surf the 'Net with a browser. Usually you also have some space reserved on your ISP's server for a World Wide Web (WWW) page of your own, from one megabyte to ten megabytes. Let us look at e-mail, because that is the most commonly used form of communication and on which this article has its premise.
E-mail is the cheapest form of communication on the planet. How much would it cost for you to send a message to 100 people? Thirty-two dollars in first-class stamps, plus the cost of paper and printing. Faxes, unless a local telephone call, costs the price of a long-distance charge. But e-mail costs almost nothing as your modem sends your message across town or across the globe as fast as an electronic signal down your telephone wire, going first to your ISP and then to the recipient's ISP, waiting for him to read it. The true costs of e-mailing 1,000 people are not much more than the cost of e-mailing one person. This is the true power of the medium of e-mail. Some open militia or Resistance organizations have the e-mail addresses of thousands of Patriots. Chances are you are reading this article via e-mail yourself.
Of course such promiscuous e-mailing is contrary to the good usages of communications security. Some listserving e-mailers openly let everyone they e-mail know everyone else's e-mail address. It gets so bad that once I was sent a message about how the Feds knew every patriot's e-mail address. Three-quarters of that message concerned to whom the sender was sending that message and their e-mail addresses. Two of the list of over 200 e-mail addresses were mine. I sent him back a message with the following subject: Why Should the Feds Keep Track of Our E-mail Addresses When They Have You Telling Everybody What Those Addresses Are?
Most e-mail programs, such as Eudora and Pegasus, or ISP providers furnish a command called black carbon copy or bcc: in addition to the to: or cc: command. Using the bcc: option to address the vast majority of your postings means that the rest of the people who get the message do not know who else received that message. It maintains a "need to know" basis for your communications. It also cuts down on the length of your message, since not everyone needs or wants to read to whom else you sent that message.
Of course all messages must have one recipient to whom the message is sent. I get around that by sending a message to myself at a different e-mail address. This method preserves operational security because all the other people I sent it to using bcc: only know that I and they received that message. This also gives me a record as to when and what message was sent and it confirms transmission of the message as well. To do this, one needs a secondary e-mail system.
JUNO at (http://www.juno.com) is one such system. It used to be a much better system because it offered totally free e-mail, even for those in rural areas without a local ISP. Juno used to offer free 1-800 number calling, to where you would call to their local system using a provided 1-800 number. But since March of this year this free calling has ceased, in favor of using local numbers provided in towns of greater than 100,000 people. If you live in one of the 400-some cities where access is a local call away, then Juno is still a free service. All you have to do is look or not look at the advertising which is displayed while you are downloading and uploading e-mail. Juno has a spell-checker, address book, and, because of its parentage as 1-800-number free e-mail, one of the fastest upload and downloading times. It also has two disadvantages: no bcc: addressing and no file attachment option.
With computers running Win95 as an operating system, you can have more than one JUNO e-mail address running -- one on each hard drive partition if you wish. Make up a number of aliases and conditions, then download and upload e-mail at will.
For someone with a modem-equipped laptop computer, setting up a new Juno account and plugging into a motel room telephone is the acme of portable and secure e-mail communications. Juno accommodates PGP. Coupled with dummy e-mail addresses set up in advance or opened and then abandoned, any halfway competent Resistance communications or intelligence operator could operate a political, propaganda, intelligence or espionage network, seeming to be either a hundred man team or operate quietly as a mole. A Juno account can be easily switched to take advantage of a big-city local telephone number. This author offered to set up a communications link for the first meeting of the 3d Continental Congress in October, 1996 and have half-hourly uplinks to every patriot organization and militia general across the fruited plain. I arranged to borrow a modem-equipped laptop and could well have had such a linkage in operation (in effect e-mail conferenceing ) but the so-called organizers refused to allow such an operation as they had their own private agenda.
The get-your-free-WWW-page servers such as Geocities, Tripod, and Angelfire also come with a free e-mail address. These services offer free server space to store a small WWW page in return for you putting up your own content, then recoup this freebie by placing Internet Advertising every which place they can. (This article is on Geocities right now -- check the bottom of this page.) These free e-mail addresses are really WWW based, and thus not as secure because you must fill out a form easily traced back when you upload your WWW pages. These e-mail services are not as fast as a dedicated e-mail system, and not as discreet as a full WWW page server because you still can be traced down the telephone line to a given computer -- your computer. This hybrid e-mail system is a compromise, because you need to use a computer which can be traced, so it doesn't have the anonymity of full WWW based e-mail systems.
Don't have a computer? Don't worry. If you can get access to an Internet-capable computer, such as is now commonly found in public libraries, colleges or even in Internet coffeehouses (they even have such things in Joplin, Missouri) then you can set up one or one hundred dummy WWW e-mail accounts.
The two major WWW pages are www.hotmail.com and www.rocketmail.com. They are so alike that I sometimes think they are owned by the very same company. At your computer at home or using the one at the local public facility you go to Hotmail.com or Rocketmail.com and set up an account. You can give your real name and address or you can make one up although you are told you are not supposed to in the rules. If an e-mail address can be set up and accessed by anyone on any Internet-capable computer, how is that rule going to be enforced? It can't. A person is only limited in the number of e-mail accounts he can set up by how many addresses and passwords he can memorize. A pencil and a scrap of paper can overcome that limitation.
Having set up one of many e-mail accounts accessible by someone else's computer or your own, what are you going to use a particular e-mail account for? Easy! Infiltration, possibly subversion. There are all manner of silly people operating listservers who just got to advertise their own importance or morality. A WWW-based e-mail account can disguise your identity and location. Then you can listen while all manner of self-righteous people like 'Libertarians,' leftists, policemen, or bureaucrats run their mouths while you quietly amass information on them. In your anonymity, you can occasionally take advantage of these fools by giving them a blast or a flame before you are booted off the e-mail network. But it's best function is in lurking -- staying quiet and listening.
If you have access to a floppy disk on the computer used, you can upload and download PGP files. But uploading and downloading messages and file storage are not these e-mail address' strong suit. Being dependent upon the WWW, these e-mail addresses are not nearly as fast as hard-drive-based dedicated e-mail service.
These anonymous e-mail services are technology's gift to the Resistance communications and intelligence operatives. An e-mail address can be activated, used one time or many, abandoned, or reclaimed in total anonymity. There is no defense or trap which can be set using these electronic drop boxes.
The more cunning of the government tyrants already know the Internet and encryption technology make spying on their rebellious citizens impossible. Instead they will still try to set up new bureaucracies such as the President's Commission on Critical Infrastructure Protection to try enhancing their control over the People's property. They will set up new "laws" to prohibit encryption of the People's private electronic papers heedless of Fourth Amendment guarantee and the fact that their own scientists say that the advance of encryption makes such prohibitions impossible as well as immoral. Regardless of such statist foolishness, our interests mandate that we in the Resistance use our encryption and anonymous e-mail capabilities to full effect in our struggle for freedom against tyranny and despotism.
--Martin Lindstedt
Managing Editor, modern Militiaman
Back to Modern Militiaman #6
Back to The Patriot Coalition?
Back to Patrick Henry On-Line
.