 Čakaj, boš za svojo invitacij, taj pristidžen konferens, ki sem nekaj BSD, nekaj komputationalnj linguist. Pristim in drugim friljansk jurnalist. Have you not done any of the other questions that you have asked? I don't know. I'll leave it to you, I'll leave it to you. Thank you. So, my talk will be much more relaxed, much more relaxed technically speaking, because I'm a journalist. And I will speak about technology applied to modern investigative methods in journalism, in začniti inonimuslje documentov. Imam tukaj reprezentacij, moj website, bevo.bg, kaj je investigativ, in tukaj imam spolksman v Balkan Leaks, nekaj je sestem, kaj ima inonimuslje documentov. Tukaj smo videli, v srečnih ljudi, nekaj kratični, kratične, zeločne informacije, včešljenje z vrštih, včešljenje z vrštih informacijov, da je to jedno z vrštih informacijov, včešljenje z vrštih informacijov, za vrštih vrštih vrštih vrštih. Zeločne informacije, začaj v korobitosti, zeločne informacije, zeločnje informacijov, zeločnje informacijov, za vrštih informacijov, zeločnje informacijov, in pripravljenje. Zato smo videli, da je izgleda izgleda z Wikileaks, izgleda z Nordena, že tehnologija, zelo tehnologija, je zelo več vsočen, da je zelo vsočen, vse ležite, ki ne... Tako. Vse je vse vse vse občajno, z vsej poslutih, z NSA, cia, I have Russians, Chinese and any kind of secret services, you can imagine. Journalists are also on the street, the case of Blaine Greenwald from the Guardian, who was investigated for his collaboration with Edward Snowden. Vseh vič nekaj lokali, v spotsi kaj najbolj skandal, nekaj nekovaljnjih vseh politizilske in vseh svaljnih, zelo galerijno skandal. Vsi možemo zelo dovoljati, nekaj nekaj globalni skala. So, another simple to understand advantage of whistleblowing is that compared to freedom of information act request is that it's much more difficult to get documents exposing official corruption z bilem zaveljenju informaciju, da tako na kraju na boljbiji zelo, evočnješč ne according in evočnih samih neudi valjčnih. Zatažila n Jerk,electronicne je začala, in tako vzdi so priboj, po nej pri prosecutioni, ki so načine zelo prizvodili. Iga se vseh početjeva drugi vziv. Vseh nekaj je ovečen počet, kako se početjeva na vseh početjeva. Profesija je zelo obiljo, da je napravila počet. Tako je počet, zanimamo selektronikov. Je to več izpečniko, bo bila početja, prejšelo močno od njak kuze lezovbooka, ker vseh je tudi po te postati, ki se puno razredno izgleda, kar se sedaj vo sveti zboj vznečiti, tudi vstupiti stran genulimiti, svar i začne, in to je veš zelo veliko lepo, ker se kot izlogi, ki im Misli pošla, in tudi ne bomo vznikati, ki je zelo, da ne bomo vznikati, da je nešto vznikati, da zelo, da je začetati, da je začetati dokument in da je začetati, da je začetati, da je začetati. Premače, da je vznikati, da je vznikati. Tako vidimo, da je tudi v klasiku in vznikovih systemov, kaj je kriptomi in inzivno od 96, je pravdu 20 let. In zelo je začeljno vsega, da je tudi vznik, način je zelo vznik, da je tudi vznik. Then it was the classic, I named it the classic system, because it had all the the features of actual modern systems for anonymous submissions, but unfortunately it disappeared. So Wikileaks started a Tor submission system, in tudi je bilo vse vse vse sretičen, bilo odkazati trafik. In, da Julian Assange in Daniel Domšit Berg sprili, očetek z sistem izgleda in vsekoli začeli počutki. In to je zelo jezik na vsega osoba. Zato je jezik vsega vsega, da vsega bljoma vsega vsega vsega vsega vsega vsega, in da je nekaj vsega vsega vsega vsega vsega vsega internet. And to provide further security that was covered traffic generated between the workstation and the first node of the Tor system. If you are listening to the communication, you cannot tell at what moment exactly the leak is traveling off the network. Daniin we had this vapour wear coming from open leaks, which never worked. It was a promise, but it never actually appeared. In da se lahko je izbojila z viki leks, zelo sa balkonleks, nekaj nekaj list zimi leks, nekaj problem je, da ne zelo leks. Zelo, bualkonleks je nekaj, ki je vse bojev, nekaj nekaj nezelo, In in Samj je odličil, da je to ena z odličenosti kropikac. Tako sem, da so izgledali, da imamo točno nekaj modem zelo, da je zelo izgleda. Pa izgleda se z njom s ledem. To je zelo poznitok z vseženjav. Zelo je zelo, da možemo pomoći v izgledanji, ali začelj, da je spoljsmansk. Zelo, da sem vseženjava, bo je odgledanj, da je odgledanj, da je zelo izgledanj v Bulgaria. Zelo, da je vsega izgleda, da je vsega izgleda, da je zelo vsega system. in to ne so, da je pravda, najvej sej na modelu, zvedanje v New York, v Forbes, v nekaj zelo, vseh medijelnih vsečov, nezajem vsej na svojo, anonimno, vsečovu systemu in zelo se vseče vseče. had some success stories, including information about the Masonic lodge in the judicial system, it's a big problem because of course the judges had to be in partial, and they are not. We got confidential documents about the Balan and Nuclear Power plant and we got leaks about the criminal past of former prime minister. in vič nekaj zelo, da se je zelo na websitea. Vse smo zelo načine, da smo našli zelo, da smo zelo načine zelo na vsej srečje, zato smo nekaj zelo načine zelo načine, da smo zelo načine zelo načine, ker smo prišličali naši prišlični stav. Osobi je zelo vso vsobi, da smo prišlični, da smo pošlični, da smo prišlični. Tako, zelo vsobi, skupno, smo početili vsečen drop, Zvuk je Arne Svart's finačne projekte, nekaj sem videl. Zvuk je izgleda z Fredem of the Press Foundation in je izgleda na tor, in izgleda pgp. In iz medjela in iz medjela, ki je odpravljali v SequrDrop, imaš New Yorker, Forbes in drugi. To je vse opensorje in je odpravljala v Piton. in je bilo še nekaj kratko, kako se všel, začal je je vsečen, in je bilo vsečen, in je bilo vsečen, vsečen, vsečen, in vsečen, vsečen, tako, kako je se vsečen, ... and call them, and they will talk to you ... ... to help you to set up your servers and they are teaching sessions too, for journalists to learn how to work with PGP and so on. So Wo Testing is hidden here, of course he has to be. Zato je jevalo, da je vzelo na aplikacijskih servijov, da vse bude vrla, in počutil in v ramu na disk, več je vse zelo monitorin, zelo vsega srednjaj, Zato je vsobičen, da je zvrên, ki mi je rezervat, da je vsobičen, ko se za Grelu, kot na plikacja dej, s obrženom, in pripovrdu vza. In to ne distressiva in se prišla v zelo, da je pravno, da je zelo prišla, na res kakovosih bolje napravno vzelo, usb. drive to a laptop, air gap to workstation, running tails, secure operating system. So the laptop is the place where actual reading of the documents occur. So this securing model is very strict, and also it is expensive because for a small organization there is a problem of affordability. We need two servers, air gap laptop, it costs around 3,000 dollars. We need also competent IT staff, even if freedom of the press foundation provides training. And also training for people who are technically curious to learn how to use PGP, how to decrypt and decrypt information, and to using, of course, using Tor, the Tor browser, which is probably the easiest part. So now there is an ongoing fundraising campaign by including Balkan Lakes is one of the selected organizations who will receive probably hardware for implementing the next version of SecureDrop, which is expected to be, to go public next month. There is also Cryptom and Government Accountability Project in fardoglake.com. We are, as far as I know, the only European based organization using SecureDrop. Another system used by Italian and Hungarian media is Global Lakes. Global Lakes is a concurrent SecureDrop, but we started using it, but very fast we discover and we were warned that there are security issues, which are very serious, so we decided to stop using it, and even though it's a very flexible system, much more flexible than strongbox, but it's much more complicated. The code is, there is a lot of code, so a big attacking space for Global Lakes. SecureDrop is tighter and well audited by security experts like Bruce Schneider, Jacob Apelbaum, and others. So we dropped support for Global Lakes and we are working now only with SecureDrop waiting to see the futures we need. For example, we need to receive leaks, which will be re-routed to competent journalists. If the leak is described as financial data, we need to send it to the journalist who is savvy with financial data, and if it's energy sector or organized crime data, we have to give it to the right person. For now, we have to decide after we read the data who will be the best person to work with this material. Well, so far so good, we have the leaks, but then comes the after leak time, and it's not easy to, because we got the mega leak or we got the mega foyer data, and now what? We have hundreds, if not millions of documents, and we have to build a system which will comprehensively index those documents and allow us to search inside, to search in emails, to search in PDFs, any kind of data. So we had such experience, and every time we had to build a custom parser for this kind of data, then we used the Sphinx indexer to make the interface for searching the data, and depending on if this is open to public or not, we use hidden Tor services to browse the data, of course, secured with password, and even better with Tor RC, a special distribution we give to the run from with tails to be sure that this is the only one person or only few persons can access this data. So we have also to solve the problem of sharing and searching in the sensitive material, searching encrypted data. We have some case studies, for example, we built a searchable database of solid citation and the word notices from the US government obtained by the Sunlight Foundation, and this is used by many journalists around the world to see who is, the organizations in their country who received grants from the US government, and the original data was in CSV format, and it was something like 400 gigabytes. So you cannot give this to journalists, they don't know what to do with this. You have to build the search engine and to give them the interface to look inside. So I will try to open it. It's not switching call. Okay, so another case study is searchable database of leaked emails from one Bulgarian party, so-called basic pay leaks, exposing a lot of cases of corruption, misuse and so on. So we got an inbox, many inboxes actually in inbox format, and we had to export the emails and to index them with Sphinx and building this search engine. Another tool we developed is a JavaScript-based encrypted data searching tool. We call it the Project Michalia. It has a specific meaning in Bulgarian to run after Michalia. It means you're losing your time for nothing. So if you try to break, this system is open. I mean, it can be installed anywhere. It's just encrypted files served through HTML, but there is no way, because it's encrypted to know what kind of searches you do and what kind of information you have. And it's an interesting concept, because it uses a JavaScript-based search engine. On the server side, you have only files, index files and data files, and all the logic is implemented in the browser, including the encryption engine, which is probably not the best solution, but for working with, this was the only thing we found to work remotely from different locations and to have a search engine and sharing facilities and sharing encrypted information too. So it's an open source, of course. You can find it on GitHub, and the search is working this way. You send a request to the server to find encrypted words. You retrieve the indexes, then the indexes give you the list of documents, where the words are found, and at the second step, when you click on the link, you retrieve the data. And this happens in the browser. So the data process is using the local storage when you work on the text, and you have to redact names, for example, clear some sensitive data, which is not, you are not allowed to publish, for example, deleting the names of individuals who can be heard. So you have to save your work, you save it encrypted in local storage, and you can then send only the ID of the document to other journalists, and you can send them. We had such a custom Firefox modified to work with big local storage, and having all the database inside, because you can, local storage is limited to 10 megs, but we managed to work with 500 megabytes, a portable Firefox on a USB drive. So you give this, it's air-gapped, and you work with this locally, with the modified documents. So this is one of the systems we want to develop further, to make possible searches with, now we have simple word search, we want to make logical searches, like and, or exclude, and so on, and to provide an easy interface to encrypt data, because the actual interface is written in Perl, and we want to build it in Node.js and to distribute a package, so people who journalists who need to share sensitive material, they can encode it, they can index it and encrypt it themselves. So, other perspectives, we have to address the single point of failure problem, because even if you use SecureDrop, the storage is on a given place, and if you are victim of attack, you can simply lose your data. So we want to extend SecureDrop with distributed storage, using the whole LAFC as, and we have some progress on this site, but it's not yet ready to be distributed. And another interesting document, conception, I strongly advise you to read this from Deleand Delčev, who worked with us on this Michale system and also to secure our installation. He wrote about possible distributed infrastructure for leaks using DHT, and this is a very interesting concept, but we lack time and people to develop on this. OK, so let me show you. Here we have, this is the search engine for the solicitation and the word notices. So you search for a country, you have a list of documents of all kind of grants awarded by U.S. government. You have this, it's a Bessiper leaks, search engine, which gives a link to a static HTML generated by a hypermail. So here is the encryption, that's bad. Let me see if I can move it, no way. OK, let's try a search here. You can explore it at www.balkmalix.eu slash mihalija. The password is test test, so you enter the system and I search for audio. I just wanted to show you how it works with encrypted audio. It's decrypted locally, also it works with PDF files. And with images, of course, and of course with text. So here you see the indexes retrieved, it's the bug to see how many documents you retrieve. So those are the documents retrieved from the web server to perform this search. And to display the results. You can find this on GitHub, of course. And let me show you how we work with the submission system, secure drop. So the tower browser gives an onion address here. So you open this onion address. You are the whistleblower, actually. So if it's your first time sending documents, you click here. You have a unique code name. You have to copy it if you want to read the answers by the journalists, because the system is two ways. Communications between the whistleblower and the journalist, if you want to have more data or some details on the submission, you can contact the whistleblower if you want so. So you copy the code, then you continue. Here you can put or copy paste the message. Here you can send a file. And you are submitting this. So the file is now submitted. And you can close the browser and run away from the place you are, where you are. So for example, the global system is using a different logic. And it takes twice the time to make a submission, because it's asking for some questions about what kind of submission you are sending, the category, and so on. And this is no good, because when you whistleblower, you are stressed, and you have to be comfortable with the system that it's not asking too much from you. I'll just send it and forget about it. OK, so from the journalist's side, we have another Tor instance. You connect with the password, which is written in the Torrc file. And we, because we know how to use it, we use tails. We are not asking to whistleblowers to use tails, because it's too restrictive. If you have to burn your system on a USB drive, or DVD, and so on. But to retrieve the data, we use tails. OK, so we have, of course, other sources. We are working with classic sources, meeting people. Not everything received is usable, because we have a lot of fakes. And the journalistic work on the leaks is very... We have to be very careful, because sometimes you receive data, which is not, which is real. You have to check twice, and to submit this to experts, to verify, to corroborate, of course. Before, you cannot publish, if you are not sure, 100 persons, that what you see is a real leak, and not something fake. So thank you. We're still running for the next big leak. And if you have questions... One announcement before the questions. There will be no break after this talk. We will start the closing session immediately after the questions. So go ahead. This is a picture from the last year protest, where a person with a leak was intercepted by the police. Yes, a really simple question. The website you show is the real one, to drop documents. And talking about user comfort. I'm not really sure people are really comfortable with you. We're trying to push documents to you. They open a website with a big logo on the top saying, hey, I'm sending documents to... Yes, this is not... Yeah, but you cannot write it in small letters. Sure, but if I imagine someone sending documents, someone comes on the desk is trying to push the windows to the other side or minimize it, but we have on the top, I'm leaking documents from inside. Yeah, sure, we can work on this to provide some innocent title. For example, my vacation in Greece or something like this, which changes dynamically at every window you open. This is a good idea. Or something like a regular website. Yeah, like New York Times or CNN. Yeah, that's a good suggestion. You mentioned the two-way communication system. Security drop provides. How many people use it actually? In our organization? No, I mean, how often do you have to get back to someone who leaks? Yeah, it's not very often. To be honest, I have only one such case in my practice, but I cannot, of course, speak for the others who are using this. Let's say, from five leaks, only one person exchanged information further. Yeah, this is, yeah, because it's not a surprise, because you are increasing the risk. If you come back to the, speak, talking to the journalists, you have to keep the code, so it's not very comfortable. Okay, so thank you once.