8 Linux Security Tips

Chapter 8 is about how Linux can help you regain security and privacy of your data. It includes the following four sections:

8.1 Linux Security Awareness

8.2 Linux Security Tools

8.3 Get a More Secure Email Address for Free

8.4 Use a More Secure Web Browser

Section 8.1 describes the evolution of attacks on our computers and evidence that the NSA and CIA are behind most of these attacks.

Section 8.2 provides a summary of free Linux tools you can use to defend against and analyze attacks.

Section 8.3 reviews how to add a free secure email service called Protonmail.com to give you the option of encrypting your emails.

Section 8.4 explains how to use the Onion Router (aka TOR) to perform anonymous searches on the Internet.

8.0.01

 

8.1 Linux Security Awareness

We have provided a great deal of evidence that Linux computers, even without taking any security precautions are much safer than Windows computers. Recently, the University of Calgary suffered a ransomware attack and was forced to pay $20,000 Canadian (about $18,000 US dollars) to a hacker to regain access to files stored in 600 of their University computers. Unless the University changes their ways, there is nothing to keep them from getting hacked again and having their computers locked up again as it is likely that the hackers left a persistent calling card embedded in the University completely insecure computer system . Now you may be saying what does this have to do with me? I am using a Linux computer and all the recent ransomeware attacks were directed at Windows computers. But this is my point. Folks think that all they have to do is install Linux on their computer and set up a secure backup system and they are fully protected and do not need to worry about security. Nothing could be further from the truth. In this section, we will review some of the Advanced Persistent Threats (APTs) to Linux computers. Then in the next section, we will review some steps you can take to see if your computer has been attacked (the answer is yes) and steps you can take to improve your Linux security.

This chapter is not just about Linux Mint Security but about computer security in general. Switching from Windows to Linux is a good first step in securing your documents and data, but it is not the only step. Adding secure backups for documents and programs is a good second step but there are still more issues to be aware of in protecting our computer as well as our programs and documents. Earlier we explained how Linux uses a series of keys or security firewalls to protect the core of our computer. The Acer C910 (and all other Chromebooks) takes security even further by switching from the remotely controlled and thus insecure UEFI start up program to the much safer and faster Coreboot program. But we are still at risk if we continue taking dangerous behaviors on the Internet.

Understand Who is Attacking You and Why

I have spent more than 20 years studying the NSA and CIA (aka the Deep State) and the threat they pose to computer security. I am certain that even most Linux users greatly underestimate the power of the Dark Side and the diabolical ways of the Deep State. Researching what the Deep State is up to is an essential part of computer security. If you are not paying attention to the Deep State, then you are not paying attention to those who are bent on accessing and taking down your computer. It is kind of like being in a war in which only one side realizes that there is a war going on. The Deep State wants power and control over us. They do not want us to have a secure computer.

Beginning in 2010, Kaspersky Labs (one of the world’s leading security research labs) started publishing a series of papers about a new generation of computer viruses called Advanced Persistent Threats (ATPs). These included Stuxnet, Duqu, Flame, Gauss, Regin and the Equation Group. Their reports confirmed that these new viruses were related and developed by an un-named very large government. Reading these reports made it obvious that the NSA and CIA were out to gain control over every computer in the world by infecting every Windows computer with NSA/CIA implants.

In June 2013, Edward Snowden released thousands of NSA documents confirming that both Windows and Apple were NSA Prism Partners. Snowden protected himself by using a Linux computer. But he also took several other important security steps some of which we will look at it in this chapter.

In 2015 and 2016, the DNC Windows servers were hacked – leading to the election of Donald Trump. The problem was not merely that the DNC was using Windows servers – meaning a teenager could have attacked their server. Instead, members of the DNC were tricked into allowing hackers access to their computers. The DNC servers were also likely attacked from the inside. For more on this attack, read our January 2017 85 page report called Hack Everything. https://turningpointnews.org/hack-everything-special-report

8.1.01

Our research indicated that the DNC servers were likely attacked by the NSA in addition to other groups as part of the NSA program to literally hack everything. Our research also described for the first time a network of hundreds and perhaps even thousands of NSA/CIA servers both inside of and outside of the USA run by apparently real, but actually fake, businesses which the NSA/CIA uses to have infected Windows computers “call home” to the NSA/CIA. Our report also concluded that the NSA used fake signatures to mislead people into thinking that NSA attack programs were Russian attack programs.

Two months after my report, on March 7, 2017, WikiLeaks published a trove of original NSA/CIA documents that WikiLeaks labeled “Vault 7.” These documents confirmed that the NSA/CIA did in fact try to mislead researchers into thinking that NSA/CIA attacks were Russian attacks. https://wikileaks.org/ciav7p1/

These Wikileaks Vault 7 documents also confirmed that the NSA/CIA have at least 20 backdoors into Windows computer and at least 10 backdoors into Apple computers. These same documents confirmed that as of 2016, the NSA/CIA had no way into a Linux computer – unless they could convince Linux computer owners to grant them access. This chapter is about learning the tricks used to fool us and the steps you can take to avoid granting anyone other than yourself root access to your computer. This will require learning at least something about hacking tools and the Deep State. Don’t worry. We are only going to touch the surface with a quick overview.

On August 31, 2017, Wikileaks published even more NSA/CIA Vault 7 documents, this time about a program called Angelfire, which also targets the Windows operating system and focuses on controlling the boot system.

On November 7, 2017, Wikileaks published what it called Vault 8 which included the source code and logs for an NSA/CIA program called Hive which is basically the system used by the NSA to have your hacked computer “call home” to the NSA/CIA servers once it has been hacked. https://wikileaks.org/vault8/#Hive

Here is a quote from the Vault 8 release: “Each Hive implant anonymously registers at least one cover domain (e.g. “perfectly-boring-looking-domain.com”) for its own use. The server running the domain website is rented from commercial hosting providers as a VPS (virtual private server) and its software is customized according to CIA specifications. These servers are the public-facing side of the CIA back-end infrastructure and act as a relay for HTTP(S) traffic over a VPN connection to a “hidden” CIA server called 'Blot'.”

“Digital certificates for the authentication of implants are generated by the CIA impersonating existing entities. The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server CA, Cape Town. In this way, if the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated.”

Here is a Snowden released image showing the NSA network has over 700 servers around the world.

8.1.02

Xkeyscore is used through over 700 servers at 150 sites around the world.

http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-program-full-presentation

Vault 8 confirmed not only the conclusions in my January 2017 report but also my long held belief that the NSA/CIA were waging a war against Kaspersky. The Deep State claims that Kaspersky is a tool of the Russian government but has provided no evidence to support this claim. In fact, there is a great deal of evidence that Kaspersky is completely independent from the Russian government. This is important because the highly detailed Kaspersky reports over the past 7 years have been one of my best resources for understanding the NSA/CIA hacking programs. It is natural that the NSA/CIA would want to destroy one of the few groups in the world that was exposing what the NSA/CIA Deep State was up to.

On September 13, 2017, the US Department of Homeland Security issued an order directing all US agencies to stop using Kaspersky anti-virus programs claiming, without any evidence, that Kaspersky was connected to the Russian government and was a security risk. https://www.dhs.gov/news/2017/09/13/dhs-statement-issuance-binding-operational-directive-17-01

Quote

b8.1.01

“Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts. Ask yourself one thing: ‘if these recent allegations are true, where’s the evidence?”
Kaspersky reply to the DHS allegations

On October 24, 2017, Kaspersky released a report explaining how they had obtained access to the NSA program known as the Equation Group. Since early 2014, Kaspersky had been investigating a network of NSA attacks on hundreds of computers in more than 40 countries. Kaspersky called these attacks the “Equation Group” and noted in a February 2015 report that the code used by the Equation Group was similar to previous NSA attack codes used by an NSA program called Stuxnet. In February 2015, they published a report linking them all together. Kaspersky publishes a report on the “Death Star of the Malware Galaxy” which it called the Equation Group (which we know is the NSA). The relationship of Stuxnet to other NSA cyber weapons was confirmed in this detailed analysis.
https://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/
https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf

8.1.03

The Kaspersky researchers described a group they called the Equation group which was infecting computers and websites all over the planet. The report noted that the techniques being used were linked to techniques and malware programs previously developed and used by the NSA including the Flame and Stuxnet viruses which the US used to attack Iranian computers.

Here is their diagram of the relationships between the various Equation Group cyber weapons. Note that Stuxnet, Flame and Gauss are all directly related:

8.1.04

Here is a quote from their 44 page report: “All the malware we have collected so far is designed to work on Microsoft’s Windows operating system. The malware callbacks are consistent with the DOUBLEFANTASY schema, which normally injects into the system browser (for instance, Internet Explorer on Windows)… The Equation group uses a vast infrastructure that includes more than 300 domains and more than 100 servers.”

On September 11, 2014, an NSA employee illegally brought home NSA Equation Group documents. He then placed these documents on an insecure Windows computer on which he had installed Kaspersky software. He then disabled the Kaspersky AV program in order to install an insecure “pirated” copy of Microsoft Office. To activate the pirated copy of MS Office, the NSA employee used a pirated “key” program. Unfortunately, the pirated key program had a virus on it that installed a malicious backdoor on his computer. In order to clean this backdoor off of his computer, the NSA employee then enabled the Kaspersky program again which detected the malicious backdoor. Then NSA employee then scanned his computer several times with the Kaspersky AV program in an effort to delete the virus. However, because he had previously set the AV program to send reports any “virus” to Kaspersky, the virus was sent to Kaspersky. Apparently, the NSA Equation group documents got caught up “in the mix” and were also sent to Kaspersky. The version of Kaspersky software used by the NSA employee was the “home version.” When Kaspersky realized that they had been sent top secret NSA documents, they immediately deleted the files.

Significantly, after Kaspersky issued their landmark report on the Equation Group in February 2015, several other similar Equation Group files were sent to them by the same process from the same IP range (same general location) as the 2014 NSA “accidental” document release. This is a quote from the Kaspersky report:

“These seem to have been configured as “honeypots”, each computer being loaded with various Equation-related samples.”

https://usa.kaspersky.com/about/press-releases/2017_preliminary-results-of-the-internal-investigation-into-alleged-incident-reported-by-us-media

A honey pot is where one sets up a cyber trap hoping to frame someone else for doing something bad when really they were simply being trapped. In short, Kaspersky was saying the NSA had been trying to frame them – but that Kaspersky had not fallen for the bait.

Who is telling the truth here… the NSA/CIA Deep State or Kaspersky? Think about this.

Why was an NSA Agent using a Russian anti-virus program in the first place?

Why was an NSA Agent bringing home top secret Equation Group documents?

Why was an NSA agent – who is supposedly a security expert and member of one of the NSA top spy groups - using an insecure Microsoft computer instead of a secure Linux computer at his home?

Key Point

b8.1.02

Why was this highly paid NSA agent who likely is paid more than $100,000 per year, downloading a pirated copy of Microsoft Office – a program he could use online for free or download for a few hundred dollars?

Why did this NSA agent use a pirated key program to activate MS Office when this pirated key program had been known to contain viruses more than one year before he used it?

Why did this NSA agent deactivate Kaspersky to run the pirated key program? Actually, we know the answer to this question – Kaspersky was set to block this known malware program from running. So the only way the pirated key would run was by first disabling Kaspersky. Then after apparently deliberately infecting his computer, the NSA agent turned Kaspersky back on and set the program to send the NSA software to Kaspersky.

The claim by the mainstream media now is that perhaps this guy was dumb. But this guy was a ten-year veteran of the NSA top spy program. So he was anything but dumb. Instead, it is far more likely that he was part of a very carefully planned plot to frame Kaspersky.

On December 2, 2017, the name of this NSA hacker was finally revealed as he was supposedly charged for taking home top secret documents from the NSA. Here is a quote from a Security Week article:

“A member of the US National Security Agency's elite hacking team has been charged with illegally removing top secret materials, in an embarrassing breach for the crucial electronic espionage body. The Justice Department said Friday that Nghia Hoang Pho, 67, a 10-year veteran of the NSA's Tailored Access Operations unit, which broke into computer systems, agreed to plead guilty to a single charge of removing and retaining top-secret documents from the agency.” http://www.securityweek.com/elite-us-government-hacker-charged-taking-secret-information

Do you really believe that a ten-year veteran of the NSA’s top hacking team is really going to use a known infected key to activate a bootleg copy of Microsoft Office on his home computer – right after loading an illegal copy of top secret Equation Group documents to this same computer – and then set the Kaspersky AV program to automatically send the Equation Group documents to Kaspersky – and be so dumb that he failed to understand what he was doing?

Unfortunately, but perhaps not surprisingly, the US and UK governments are willing to believe this ridiculous story. In December 2017, the UK Spy Agency (which is directly linked to the NSA/CIA) issued a warning for UK businesses to stop using Kaspersky Antivirus programs. https://www.ncsc.gov.uk/information/letter-permanent-secretaries-regarding-issue-supply-chain-risk-cloud-based-products

Again, absolutely no evidence was offered to support any of their claims – other than the fact that Kaspersky had been caught red handed with a copy of a top secret Equation Group document – which had been sent to them directly by an NSA agent – six months after Kaspersky already had the Equation Group documents sent to them by computers in 40 different countries.

Why the NSA Framed Kaspersky

Here is a quote about how Kaspersky has been the number one obstacle for NSA spyware programs:

Quote

b8.1.03

“Kaspersky appears to be the sharpest thorn in the side of government hackers. In the past few years, the company has proven to be a prolific hunter of state-sponsored malware, playing a role in the discovery and/or analysis of various pieces of malware reportedly linked to government hackers, including the superviruses Flame, which Kaspersky flagged in 2012; Gauss, also detected in 2012; Stuxnet, discovered by another company in 2010. In February 2015, the Russian firm announced its biggest find yet: the “Equation Group,” an organization that has deployed espionage tools widely believed to have been created by the NSA and hidden on hard drives from leading brands, according to Kaspersky. In a report, the company called it “the most advanced threat actor we have seen” and “probably one of the most sophisticated cyber attack groups in the world.”
Glenn Greenwald, the Intercept, June 2015

If you want security, it is important to know who your friends are and who is trying to attack you. Who is making the malware and who is trying to protect your from malware. It has been clear for years that the maker of the malware has been the NSA. Kaspersky has been protecting us from NSA malware. Sadly, in 2017, things got a lot worse – and will likely be even more difficult in 2018.

8.1.05

Hackers Heaven

On Friday, May 12, 2017, the Wanna Cry Ransomware virus began infecting hundreds of thousands of Windows computers in more than 150 countries. The cyber weapon mainly affects businesses that use local area networks. Once one computer is infected, all the computers on the network are taken over. Businesses from hospitals to banking ATM machines were shut down. The virus encrypts all the data on your computer and demands a payment of $300 if you want your computer back. Here is an image of the screen that appears after the hackers have taken over your computer:

8.1.06

The Wanna Cry virus uses two cyber weapons called Eternal Blue and Double Pulsar. Thanks to the Wikileaks Vault 7 release on March 7, 2017, we know that both of these cyber weapons were developed by the NSA. These cyber weapons were developed by the NSA along with hundreds of other cyber weapons using tax payer dollars. But instead of protecting us, these offensive weapons are being used against us. https://wikileaks.org/ciav7p1/

In August 2016, a group called the Shadow Brokers was able to download a huge number of NSA Cyber Weapons. These weapons have now been released into the wild - meaning just about any computer hacker is now able to set up their own version of the NSA to attack Windows computers. According to one security expert, “It’s a business model that works and you don’t need a lot of investment to actually get a decent return. You can buy ransomware kits on the dark web, you can buy all the tool sets you need to undertake your own ransomware campaign quite easily.”

http://heavy.com/tech/2017/05/wannacry-wannacrypt-decryptor-virus-attacks-microsoft-nsa/

Also thanks to Wikileaks, we know that these cyber weapons take advantage of the open back door in the Windows operating system to infect and take over Windows computers through the Windows Web Browser (which is the open back door). Many security “experts” have described this as a “file sharing” problem. But it is actually much bigger than that. On March 14, 2017, Microsoft issued a “patch” which they claimed solved the Eternal Blue problem. But the patch is merely a band-aid that places some restrictions on file sharing but does not address the underlying problem – which is the open back door in the Windows computer operating system.

8.1.07

Predictably, on May 15, 2017, a stronger mutation of the WannaCry virus began attacking computers. Europol, the European police agency warned, “The hackers have already evolved the malware, and will probably continue to do so.” According to Zero Hedge, “at least a dozen other NSA tools are currently being discussed and worked on as the basis of potential new cyber weapons on hacking forums on the dark web.”

On May 16, 2017, Shadow Brokers issued a statement claiming to have many more hacking tools they will be releasing in the coming months. Here is a quote: “TheShadowBrokers Monthly Data Dump could be being web browser, router, handset exploits and tools, select items from newer Ops Disks, including newer exploits for Windows 10, compromised network data from more SWIFT providers and Central banks.”  

Who is behind the Wanna Cry virus? It could be anyone from a 14-year-old kid with a new laptop to the Italian mob. Cyber blackmailers just need an Internet connection and a laptop plus a little knowledge of how to access the cyber weapons now being given away for free on the Dark Web.

According to a German security expert: “Just because the attacked affected 200,000 computers and 100 countries, there doesn't have to be a large-scale structure behind it. The weapon - the software - is that powerful.”

After a worldwide attack with a cryptoworm called “WannaCry” in May, another attack with a strain of ransomware called “Petya” started in June 2017. Malware has come a long way in the last ten years. According to analysts with IT-security software firm G Data, the number of new malware specimen is likely to reach more than 7.4 million this year alone. According to data provided by IT-security institute AV-Test, ransomware (such as “WannaCry” and “Petya") confirms that the potential for widespread computer damage is growing every year.

8.1.08

https://www.statista.com/chart/10045/new-malware-specimen-and-share-of-windows-based-malware/

“Under the 1994 law, the Communications Assistance for Law Enforcement Act (CALEA), any company considered a “communications provider” has to allow government agencies access when a valid court order is served… the FISA Court issues more than a thousand classified warrants a year for Americans' data. One former NSA analyst likened it to a “kangaroo court with a rubber stamp,” as it keeps very few records, of which many are kept in the utmost secrecy and away from public scrutiny…

FISA warrants issued by the FISA court each year. Nearly every request for data has been granted. The owner of an ISP has disclosed how the FISA order process works: “They wanted to come in and put in equipment on my network to monitor a single customer. The customer they were monitoring was a particular website that was very benign. It seems ridiculous to me. It was beyond absurd. It wasn’t like a guns and ammo website...We had to facilitate them to set up a duplicate port to tap in to monitor that customer’s traffic. It was a 2U (two-unit) PC that we ran a mirrored Ethernet port to. [What we ended up with was] a little box in our systems room that was capturing all the traffic to this customer. Everything they were sending and receiving. I called six months into it and said, “How long is this going to go on?” and they said, “I don’t know.” I went on for nine months. There have been no [related] arrests that I have heard of. We run a Tor node, in some ways as an affirmation of our belief that there are legitimate reasons for being anonymous on the Internet. Some illegal traffic comes in through Tor node and we get a federal request through the FBI or DOJ (Department of Justice). I respond to them and say that this is a Tor node [and therefore inaccessible, even to the ISP]; that is usually the end of it. They realize what that is, and it is a dead end.”

https://www.buzzfeed.com/justinesharrock/what-is-that-box-when-the-nsa-shows-up-at-your-internet-comp?utm_term=.hbQQKA7Lk#.acJVQo2k5

In the summer of 2016, Shadow Brokers dumped some of the stolen NSA tools on the open Internet for all hackers to use. On the same day Guccifer 2.0 -- a character that US intelligence agencies think was created by Russian military intelligence to serve as a conduit for the data stolen from the Democratic National Committee in the run up to the US presidential election, also broke 'his' silence. “The US. intelligence agencies have published several reports claiming I have ties with Russia. I'd like to make it clear enough that these accusations are unfounded. I have no relation to the Russian government. I was acting in accordance with my personal political views and beliefs,” he said.

It is not just Guccifer and Shadow Brokers we have to worry about. Every year, our own government trains thousands of people how to conduct offensive cyber warfare attacks. As just one example, look at the annual NATO cyber warfare game, Locked Shields. Here is a picture of Berylia and Crimsonia fighting each other in the Lock Shields Cyber Warfare game.

“The red team can pretend to be various hacker groups—from stealthy 'advanced persistent threat' actors to noisier less skilled hacktivists—or perhaps both at the same time, depending on the scenario. The attackers will attempt to do things like steal documents which are then leaked to the in-game media.”

In 2014, at a global security conference, Mikko Hypponen, chief research officer at security company F-Secure, said “If someone would have told me ten years ago that by 2014 it would be commonplace for democratic western governments to develop and deploy malware against other democratic western governments, that would have sounded like science fiction. It would have sounded like a movie plot, but that's where we are today.” http://www.techrepublic.com/article/inside-the-secret-digital-arms-race/

If you would like to see cyber warfare and hacking attacks in real time, then visit the following website: https://threatmap.checkpoint.com/ThreatPortal/livemap.html

8.1.09

Note that there are now about 10 million cyber attacks every day. If you want to learn how to protect yourself or your online business from cyber warfare, there are several free courses and free attack analysis tools on the Internet. Here is a link to an article I have written about cyber security for website owners. https://createyourowninteractivewebsite.com/3-security

Sounding the Alarm

We have written numerous articles over the years warning that US spy agencies, including the NSA and CIA, are completely out of control. It is not merely that the NSA and CIA waste billions of tax payer dollars. The cyber weapons they create are so dangerous that they are capable of bringing down the entire US and world economy. Imagine the banking system, transportation and energy computer networks all crashing at the same time.

Caution

b8.1.04

Imagine a 14-year-old kid being able to download everything needed to create the cyber version of a nuclear bomb and getting it all for free in a matter of minutes. This is the kind of danger the NSA has inflicted on all of us by creating these out of control cyber weapons.

Here is a diagram from an article I wrote based on the Wikileaks releases and the earlier Snowden documents. According to various Wikileaks CIA documents, here is what the CIA and NSA are doing:

8.1.10

https://turningpointnews.org/hack-everything-special-report/hack-everything-part-9-wikileaks-finds-cia-fingerprints-on-russian-smoking-gun

In short, thanks to the NSA’s arrogant mis-use of billions of dollars of US tax payer funds, this latest cyber attack is just the beginning of a more long term assault on Windows computers. Over the coming days, weeks and months, we can expect hackers to create more powerful viruses all thanks to the NSA and the Windows open back door.

As computer expert Jacob Applebaum once said, the NSA spying program is “worse than your worst nightmare.” Instead of wasting our time worrying about Russian hackers, we should have been worried about our own NSA – which is after all more than ten times larger than the Russian hacking team.

Five years ago, we wrote a book called Free Yourself from Microsoft and the NSA, in which we described this Windows open back door and NSA cyber weapons. I predicted that this lethal combination would eventually lead to mass attacks by computer hackers. https://freeyourselffrommicrosoftandthensa.org/

Others including William Binney and Edward Snowden (both formerly with the NSA) have also warned against the danger of allowing the NSA to access all Windows computers via the Windows back door. The problem is that any backdoor that can be used by the NSA can also be used by hackers once they gain possession of the NSA cyber weapons.

8.1.11r

Assange noted during his March 9, 2017, press conference that eventually consumers around the world will no longer trust US technology manufacturers – which will also cost US corporations billions of dollars. The mere fact that US corporations like Microsoft and Apple have already been confirmed to be Prism Partners of the NSA should cause folks even in the US to not trust US technology firms. The new Wikileaks revelation that the CIA has compromised 22,000 servers in the US should make it clear that we cannot trust US web servers and web hosts – a fact that I wrote about in a book over a year ago. https://createyourowninteractivewebsite.com/1-start-here/1-3-how-to-protect-your-website

Clearly the NSA and CIA are trying very hard to break into the Linux operating system. But so far, their only success has been by compromising the UEFI startup program. This is why I recommend that even if you are using a Linux computer, you should not use the UEFI startup program and instead to use the COREBOOT startup program. Meanwhile the Apple and Windows pages in the Wikileaks documents are filled with dozens of attacking methods.

Conclusion… It is time for Real Computer Security
These are important security issues that affect every computer user in the entire world. It is time not only to end the NSA and CIA but it also time for every computer user who cares about the future of our economy to move away from unsafe and badly designed operating systems such as Microsoft and Apple and replace them with the free, secure Linux Operating system.

What’s Next?
Now that we have a better idea of the pervasive nature of computer hacking, and that there are some powerful agencies trying to control our computers, let’s look at some free tools for protecting our Linux computers.  

8.2 Linux Security Tools

In the previous section, we provided a massive amount of evidence that your real enemy is not some 14 year old kid trying to hack your computer, but rather it is the most powerful government in the history of the world. This Deep State is using tools most of us could not even imagine. One researcher, Jacob Applebaum, who was given full access to the Snowden documents, described the NSA problem as being “worse than your worst nightmare.”

8.2.01

If you really want to know about what we are up against, watch this 60 minute talk by Jacob Applebaum. https://www.youtube.com/watch?v=b0w36GAyZIA

Should You Use an Antivirus Program on Linux?

There is currently a debate in the Linux community about whether we need to use an Antivirus program on Linux computers. Some claim that AV programs actually reduce security because they require elevated privileges to scan your documents and then “phone home” to report the results to AV companies who issue patches for the viruses. But this claim is only partially true. Not all AV programs “phone home.” And while it is true that your Linux computer is generally protected from AV programs, there are some exceptions.

I will give you two examples. First, I have helped students transfer their files from their former Windows computer to their new Linux computer. When we scan their files in Linux, we often find that the files they have imported from Windows include several hidden malware files. While these files may not execute on a Linux computer, it is still a good idea to get rid of them. Linux allows us to see these hidden files and to delete them.

Second, scanning has also uncovered the fact that some innocent appearing files downloaded from the Internet in fact have malware buried deep inside of them. One recent example was a series of images that had malware script buried inside of the metadata properties section of the images. These images can be cleaned up by using a program to wipe the metadata. But if the NSA can bury malware in an image, then just about anything is possible. So I think as long as we are careful about the kind of Antivirus program we use, then the pluses of the AV program can outweigh the drawbacks. With this in mind, we will download and use a program called Clam to scan our files for problems.

Install and Use Clam Antivirus Malware Scanner

I have tested more than a dozen AV programs. A lot of them do have security problems. But there is one that is safe and easy to use. It is called Clam. There are several versions of this program and several extra tools available. We will use the Mint Software Center to install a version with a Graphical User Interface. It is called ClamTK.

8.2.02

The software center downloads a really old version of ClamTK called 5.20. We can check for the latest version at this site: https://dave-theunsub.github.io/clamtk/

8.2.03

Click on the Debian/Ubuntu DEB file to download version 5.25. Now go back to the Mint Software Center and search for ClamTK again. The software center installed four programs - checked in green:

8.2.04

Now click on ClamTK and uninstall the main program only. Then go back a page. Three Clam programs were left after uninstalling the main ClamTK program. They are checked in green. Now transfer the latest DEB version of ClamTK from your Downloads folder to your apps folder. Right click on it and click Install with the DEB installer. Then open ClamTK from the Mint Menu:

8.2.05

We now have the latest version of ClamTK plus three important plugins installed. Here is the start screen:

8.2.06

Click on the green icon to confirm you now have the latest version. Then click on the Settings icon. Check Scan directories recursively. Scan directories recursively means to include the sub directories or internal folders and files.

8.2.07

Also check Scan files bigger than 20 MB and scan hidden files beginning with a dot. Then click Scan a directory. If you have a lot of files and folders this could take about 10 minutes per GB or 60 minutes for a 6 GB folder.

8.3 Get a More Secure Email Address for Free

“We're past the point where citizens are entirely dependent on governments to defend our privacy, we don't have to ask for our privacy, we can take it back” Edward Snowden, Reset the Net.

“All intelligence services... all of them, are afraid of easy to use, secure communications tools.” - Jacob Appelbaum.

“Security and privacy are fundamental human rights which should be guaranteed for all.” ProtonMail Statement

Most people probably do not need a secure email service. But there are some people who do. This includes attorneys exchanging confidential information with their clients, doctors and nurses exchanging information with their patients, businesses exchanging important information with their staff and customers, journalists exchanging confidential information with whistle blowers and political groups who may want to organize without the constant surveillance of the government. In this article, we will explain why a relatively new email service called ProtonMail is the best solution for these special groups. We will then explain how to set up your own free ProtonMail account.

We begin with a discussion about the corrupting influence of money. As you may know, Google makes money by scanning our Gmail emails and feeding us ads off of what we write about. This need to make money makes Gmail inherently insecure. In 2013, after Edward Snowden released information confirming NSA mass spying on emails, a group of scientists in Switzerland met to discuss how they could create a more secure email service. They decided to build their own system on their own Linux open source servers. In the summer of 2014, they held an online fund raiser and received $550,377 from 10,576 donors. Their business plan is rather simple. They do not use any advertising. Instead, they offer free accounts for most users and then charge only for additional storage space on their servers for those who need a lot of storage space for sending and receiving secure emails. Unlike other secure email services, ProtonMail is very easy to set up and use. The response to ProtonMail has been amazing. In just two years, more than 500,000 people have signed up for their email service. ProtonMail is now the world's largest private email service. Here is a link to their website where you can learn more about them: https://protonmail.com/

8.3.01

ProtonMail has three versions, an app for Android or Apple and a web version. Proton uses end to end encryption – including attachments.

How ProtonMail end to end encryption works

“We encrypt the data on the browser before it comes to the server. By the time the data comes to the server it’s already encrypted, so if someone comes to us and says we’d like to read the emails of this person, all we can say is we have the encrypted data but we’re sorry we don’t have the encryption key and we can’t give you the encryption key. We’ve basically separated the message that’s encrypted apart from the key – all the encryption takes place on your computer instead of our servers, so there’s no way for us to see the original message.”

“One of the key things we want to do is control our servers and make sure all the servers are in Switzerland which will increase privacy because Switzerland doesn’t do things like seize servers or tape conversations.”

ProtonMail also supports messages that self-destruct after a set time period. Recently, from November 3 to 7 2015, ProtonMail was under attack by a “technically advanced group with abilities similar to a state-sponsored group” that made the service largely unavailable to users. They have since installed additional programs to help them fight off future Denial of Service attacks.

Here is a statement from the ProtonMail blog about the attack: “In just three days, the ProtonMail Defense Fund has gathered $50,000 in donations, giving us the resources to resist further attacks against email privacy. By attacking the world’s largest free private email service, the attackers sent a message that they did not want online privacy to succeed. However, we have now sent them back an even stronger message, that online privacy is here to stay. The attackers hoped to destroy our community, but this attack has only served to bring us all together, united by a common cause and vision for the future. The road ahead will surely contain more difficulties, but together, we shall overcome.”

8.3.02

Currently, email storage space is limited to 500 MB (half a gigabyte) with attachments limited to 10 MB. Sent messages are capped at 1000 per month. So this account cannot be used for mass marketing. They plan to eventually have paid plans with more storage space. Their paid accounts will be $5/month and will provide 1GB of storage.

To get a ProtonMail account, you must submit an invite request. There are two kinds of accounts. The common account is This email address is being protected from spambots. You need JavaScript enabled to view it.. A slightly more secure account is This email address is being protected from spambots. You need JavaScript enabled to view it. You sign up at ProtonMail.com to get either account and can choose your account type after receiving your confirmation email.

How to sign up for a ProtonMail account

Go to ProtonMail.com. Scroll down the page to “Get your secure email account.” Enter the username you would like to have. Then click GO to see if it is available. If it is, enter your normal email address. This can be deleted or changed later.

The initial account is for the email address (your name) at protonmail.com. We will switch to the protonmail.ch ending after we create our account because this version of proton mail is more secure than protonmail.com. To create your account, type in a Login Password twice, a Mailbox Password twice and an optional recovery email address.

We will use our Gmail address as a recovery email address. Then click FINISH at the bottom of the screen. There will be a three-second account creation screen followed by your email account screen at this URL: https://protonmail.com/inbox

8.3.05

The initial free storage is only 500 MB. Click on the Welcome email to read it:

8.4 Use TOR... a More Secure Web Browser

How you can be the next Edward Snowden
Not every one needs a more secure web browser to better hide their identity from the prying eyes of the NSA. But some people need as much security as they can get. Do you have inside information on corporate and/or political corruption you would like to get to Glenn Greenwald without getting discovered? Are you the leader of a protest group who would like to set up a secure communications system with other protesters? Do you have a medical condition that you want to research online without your insurance company finding out about it? Do you simply value your freedom and privacy and not want to be tracked by the NSA? Here is how you can set up a secure communication network by combining an encrypted email service with an encrypted web browser with visits to encrypted websites.

8.4.01

Get a Free Proton Mail Encrypted Email Account and access it with TOR
The free fully encrypted email service, Proton Mail has now reached 2 million users. On January 19, 2017, Proton Mail announced that they would provide even greater protection for their users by allowing them to access the login portal for Proton Mail via the TOR browser – thus hiding the IP address and location of the person accessing their Proton Mail account. This comes at a time when the TOR web browser is getting progressively easier to set up and use. The TOR browser is similar to the Google Chrome or Firefox web browser with the additional benefit of routing the path taken between your Home connection to the Internet (and your Home IP address) to the IP address of the website you are visiting by running it through a series of random IP addresses called the TOR network. All someone such as the NSA sees when viewing web traffic is the IP address of the TOR Exit node but not your IP address or the IP address of the website you are visiting.

There are currently about 1000 TOR exit nodes which makes it quite difficult, but not completely impossible for the NSA to monitor you in real time. The NSA would rather you did not use TOR. Proton Mail says they are taking this step to allow their users to take “active measures to defend against State sponsored censorship.” Users of the Tor Browser can now access their Proton Mail account anonymously at the following fully encrypted webpage: https://protonirockerxow.onion

Note that you can also visit this web page using any other web browser such as Google Chromium or Firefox. But visiting this page using a normal web browser will expose your home IP address to NSA server logs. We will therefore explain how to set up the TOR web browser for your Home computer. However, you should be aware that there is a downside to setting up a TOR browser. Sadly, all users of TOR are considered terrorists in the crazy eyes of the NSA. The NSA calls this “going dark.” You will be automatically subjected to increased surveillance simply for using the TOR browser.

8.4.02

There is a new, simple and free alternative started in 2016 which does not use TOR but which does somewhat hide your IP address. This is to download and use a web browser called Opera. Then click on a couple of buttons to set up its free VPS service (instructions are on the Opera website and are very easy).

In a matter of minutes, you can route your web access through Opera servers in several locations throughout the world. I have Opera set up to show Canada as the location of my IP address. The downside of routing your web traffic through the Opera network is that it will slow down access to web pages you visit. Instead of taking one second for a web page to load, it may take 3 to 10 seconds depending on the amount of content on the page. There are also paid services that route your web traffic through thousands of exit nodes. However, there is a downside to VPN’s in that the VPN provider can see all of your traffic and even monitor it. So choose your VPN wisely.

Those most likely to use TOR, Opera and/or a commercial VPN include whistle blowers such as Edward Snowden trying to access reporters such as Glenn Greenwald at the Intercept News Website. Again, there are many other groups of honest people who need privacy such as patients wanting to access their doctor, clients wanting to access their attorney or members of political and social groups wanting to access controversial political or social group websites. It is for these people that we provide these instructions. The more people who have the courage to set up the TOR browser, the harder it will be for the NSA to track whistle blowers and political change advocates. High traffic on the dark web will also make it harder for the NSA to take down TOR and/or Proton Mail – both of which have been attacked by the NSA.