Run, Snowden, run! A pro's advice for escaping the grid

Edward Snowden's flight from the authorities got us thinking about what it would take to escape.

Shortly before revealing his identity, confessed NSAwhistleblower Edward Snowden split town and headed for Hong Kong. While Snowden's current whereabouts within the semi-autonomous city-state aren't known, it's clear he isn't exactly trying to dissappear from the world--indeed, he's been granting media interviews.

However, Mr. Snowden's plight got us thinking: If he really wanted to avoid prosecution, what would be the best way to slip off the grid and make an escape forever? Regardless of how you feel about Snowden's actions, it's a provocative question--especially in today's climate where so many people are worried about their own digital trails. We reached out to a professional vanisher for answers.

Frank Ahearn is the author of How to Disappear and proprietor of a "professional deception service." Early in his career, Ahearn used his acumen for harnessing the shady "underground network of information" to help the mob locate people who owed them money. He later moved on to the comparably upstanding world of tabloid media, where he helped locate bashful celebrities including Monica Lewinsky at the height of the Clinton scandal. "Uh, yeah. I did a lot of crazy stuff back in the day," he told TechHive. "Basically my forte was finding people and getting information. My philosophy back then was if you can afford it, I can get it."

These days Ahearn is still in the information business, but uses his powers for good. He helps clients who "need to disappear because they find themselves in a precarious situation." (He clarifies that he doesn't work with criminals, but rather victims avoiding stalkers, and businessmen who've entered "a bad situation and are fearful for their safety.")

So any future would-be whistleblowers might wish to take heed. While some of this advice, if not flat-out illegal, certainly walks right up to the line of legality. But wat do you care? You're going to have the NSA, CIA, FBI or some other acronym after you. Our takeaway from the conversation with Ahearn: It's increasingly difficult to just disappear from the modern world, but it's not impossible.

Lesson one: Extradition treaties are meaningless

From recent media appearances, it seems Snowden expects that he will be prosecuted eventually. Still, he told The Guardian that he chose Hong Kong because "they have a spirited commitment to free speech and the right of political dissent."

Despite that "spirited commitment," the semi-independent-ish city of Hong Kong does have an extradition treaty with the United States, even if China does not. However, it may be the case that Snowden has done his due diligence and knows that the Hong Kong High Court recently ruled that the government must create an official procedure for dealing with political asylum seekers--and until they do, all asylum seekers are free to stay.

But all this talk of treaties may be a big hollow hullaballoo. Thinking you can rely on another country for sanctuary is "a big misconception," says Ahearn. "Just because two countries don't have an extradition treaty doesn't mean they won't extradite you. It comes down to what you've done. If you've robbed a bank of a few million bucks, there are places in the Middle East you can go. But it's an always-changing thing. I've worked with people after the fact who have committed a crime in another country where there was no extradition treaty--and they were extradited.

"My advice is if you're going to do something stupid, or do something where you will have a predator, you need to go off the grid totally. Don't depend on another country to hide you. Because they may change their tune."

Lesson two: Money leaves a digital fingerprint

Even if you successfully make a physical escape from the grid, your fiduciary life is likely still tied up in the Internet. There will be no more credit cards, bank accounts, or online payments for you. All the paperless payment systems that we take for granted will point a big digital finger directly at you.

Money can be tricky. While it isn't his forte, Ahearn gives the following advice: "If I had to deal with that myself, I'd load my money on prepaid gift cards. Because you don't have to provide any identifiers for that. And then I would sell my prepaid gift cards to whoever. You can't carry your money in a bag anymore because of the metal strips [embedded in the newly designed bills, which you can read up on here]. If you've do anything financially, it's easy to trace. You might try to send it offshore, but it might not get there in time and might be seized."

Lesson three: Learn the art of anonymity

Initially, Snowden ran up "big bills" from a reportedly "plush hotel," but has since moved on to an unknown location. So, where would you live if you officially no longer existed?

"Disappearing to me is to become a virtual entity where you have no physical connections," said Ahearn. "You can open a corporation in one state not using a real identity and then use that corporation to open a charitable account--you don't need identification for a corporation to open a bank account. There are many ways to do it. You can just tell a potential landlord you work for said corporation and have them sign the lease. You can also sublet an apartment. Subletting is the best way, because that can happen under the radar, without any identification."

The most important part of a disappearing act is making sure you don't stick out. "You got to make sure it's a place you can acclimate to. You don't want to be Johnny Miami in Des Moines, Iowa. You'd want to go to another big city like New York, Los Angeles, or Chicago. Somewhere you can disappear into."

Lesson four: Correspond online without leaving a trail

As the PRISM story broke, we offered up ways to protect your PC from NSA surveillance and make your computer invisible online. However, with a little creative thinking, even a ghost can use the Internet to communicate--in a roundabout way.

"My philosophy is if you hit send, enter, or download, you've created a footprint, said Ahearn. "And if you're going on the run, you don't want to contact the world behind you."

But that doesn't mean you have to shut off all communications--as long as you're talking with people you can really really trust. "For example, if you want to contact your brother, you can have a system set up where you use Craigslist or some other message board, where you know if you see a 1967 pink Chevrolet for sale in Iowa, all you have to do is look for that ad and you guys can communicate via that ad."

But that advice comes with a big caveat: "If your brother is lazy or dumb and accesses the message board from home, someone can track the IP address. Your security is only good as the people you contact."

When I asked if Craigslist is secretly filled with encoded messages, he relayed the following story. "For example, a victim of a stalker I worked with wanted to call her mother. So they each have prepaid phones, and they dump them every so often. What will happen is that when the daughter gets a new prepaid cell phone, she'll put an ad up on Craigslist with the special code. And her mother will just go to her local Internet café and find her daughter's ad where there will be a phone number with the last two numbers inverted. So the mother will just reverse them and she'll have her daughter's new prepaid phone number. There's no voicemail, no email, nothing traceable."

Into thin air

It is increasingly difficult to escape the all-encompassing hug of modernity--whether you are on the lam or simply want to shed your always-connected lifestyle. However, even today, with just a bit of foresight and creativity, even the most connected person can make a quiet exit from the grid.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about FBINSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Evan Dashevsky

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place