Next-Generation SecureDrop: Protecting Journalists from Malware

Tuesday, January 28, 2020 - 5:00 pm5:30 pm

Jennifer Helsby, Freedom of the Press Foundation

Abstract: 

SecureDrop is a whistleblowing platform originally created in 2012 for journalists to accept leaked documents from anonymous sources. It's now currently in use by dozens of news organizations including NBC News, The Washington Post and The New York Times. The goals of the project are to (1) protect the identity of sources while also to (2) provide a secure environment for journalists to read documents and respond to sources. This talk is about is a new QubesOS-based (Xen) workstation for journalists and other users who need to open potentially malicious documents. The threat of journalists opening malware being submitted through a SecureDrop server is handled via compartmentalization, i.e. opening each potentially malicious document in a separate VM. As journalists are increasingly facing attacks—including those we've observed attempting to phish people through SecureDrop—this can make it significantly safer for them to work with source materials.

Jennifer Helsby, Freedom of the Press Foundation

Jennifer Helsby (@redshiftzero) has been Lead Developer of SecureDrop at Freedom of the Press Foundation (FPF) since 2017. Prior to joining FPF, she was a postdoctoral researcher at the Center for Data Science and Public Policy at the University of Chicago. Jennifer is also a co-founding member of Lucy Parsons Labs, a non-profit that focuses on police accountability and surveillance oversight.

BibTeX
@conference {244728,
author = {Jennifer Helsby},
title = {Next-Generation SecureDrop: Protecting Journalists from Malware},
year = {2020},
address = {San Francisco, CA},
publisher = {{USENIX} Association},
month = jan,
}