Whilst creating a Raspberry Pi3B for a friend in Turkey, who want’s to watch German TV programs over the internet and do not want to have the Government monitoring his behaviour (mail, browsing etc.), an idea came to my mind. As my friend only needs a VPN which is maintained by the Raspberry and automatically starts where ever / when ever he is connected to the internet via his DSL Router, I started thinking about people who need more than just a VPN.
Actually – and due to the current (2018) situation in Turkey, Syria, Mali and many other countries – I was specifically thinking about:
Because these people and their contacts, are very often in danger and need strong protection when using the internet.
In another sleepless night, I found another group of people who are in need of such a device:
With other simple words: WE ALL NEED TO PROTECT OUR PRIVACY !
If you want to know more about the SecretPi, click here to get the flyer !
Please keep in mind that I have a career behind me, where I was somehow “on the other side”. I was medium range sniper in the German army in an anti-sabotage-protection group during my service, have consulted and trained government organisations (like…and similar to CIA, FBI, state police and secret service) in many countries in the world for lawful interception, communication behaviour analysis, graphical analysis, text analysis with n-gram algorithms and the visualisation of data. I was actually trained by retired NSA Agents in the US for visualising data. This may scare you, but honestly I was never involved in real actions on data or people, I always used my clean set of demo data. The aim of my trainings was to fight organised crime and terrorism as I started directly after 9/11, and I also like to keep my data and communication under privacy and btw. I have lived also in countries which are still “difficult”.
But knowing “the other side” has a big advantage. I know how and what they can do and can estimate what is technically possible today to harvest information from people, groups or organisations. Therefor I can use my knowledge to make data really private and protect endangered persons, groups or organisations.
Living myself in a kingdom which is known for it’s conservative interpretation of the Quran, I was part of a oppressed society. Especially when it comes to what can happen and how to protect yourself from evil actions of the government, blocked internet connects and so on, I have learned my lesson. So the creation of some scenarios was easy:
Well, that was a hell of topics to solve !! – But I did it !!
After some more sleepless nights, I started the project on a raspberry pi 3B based on the solution for my friend in Turkey, with a VPN. Than I added a lot of stuff:
First of all I implemented an encrypted filesystem which requires a username and password, once activated. If you enter the password several times (definable) wrong, the filesystem destroys itself. Also there is a destroy-user implemented which – when typed in – destroys the filesystem just by the first attempt. This takes care of tampering with the device from a unauthorised person, which tries to guess username and password. Also it takes care if you are arrested and questioned (but your life is not in danger when you fool the interrogator) to use the boobytrap-user to destroy the filesystem. With a function described later the data will be also destroyed, if the SD-card is used on a RaspberryPi, without SecretPi functions. Even if the SD-card is removed from the device and is analysed by the use of a forensic workstation (the boobytrap will not work than), it is encrypted, not easy to make the content visible. This protects you and other people you have communicated with.
The build in VPN (which is compatible to managed VPN providers like nordvpn, hide-my-ass and others) makes sure that everything what comes out of the SecretPi (towards the internet) is encrypted, furthermore you can decide in which country the endpoint of the VPN connection is, that means where you come out of the “tunnel”. This is used to make it look like you are somewhere else and the data in transit can not be read in clear text. Furthermore it is extremely hard to find the IP-Address of the origin of the data geographically. BTW: If you use the SecretPi as a router and you have your network behind the SecretPi, no one is stopping you from using another VPN or encryption mechanism on your home devices like Laptop, PC, Smartphone or Tablet. Than you will encrypt at least twice VPN wise (tunnel in tunnel setup).
The SecretPi is designed for multi-level-encryption when it is used autonomous as a kind of PC. That means a set of data can be encrypted multiple times. The VPN encrypts the data transmitted, with the Nautilus GnuPG File-Manager you encrypt a file manually and send it by Telegram desktop, where it is encrypted again. This gives you 3 different encryptions. Do not forget to give difficult (hard to get by by bruteforce or guessing) passwords in each step or technology used.
As a RaspberryPi housing is quite small, it can easily been hidden. Also I can build it into any kind of housings, glue it under the table or whatever comes to your and my imagination to let it disappear or being visible, without looking like a RaspberryPi. Even the argument, “but there is always at least one cable” can be eliminated, as it can be run in complete wireless mode and can be powered by a power-bank (USB rechargeable battery).
The SecretPi was hardened that it will not answer to any requests from the outside and it is invisible to probing (LAN/WLAN connection to the outside only). This was done by specific firewall settings on the SecretPi and it was tested with professional equipment and human penetration testing. This makes sure that the SecretPi can not be discovered by active scans in the network, but the existence of the SecretPi can be discovered by sniffing the network-traffic.
Actually it is hard to infect a Linux environment (the SecretPi runs on Raspian stretch) and updated to the latest release, it should be pretty safe to get not infected by malware (government use, or regular ones). That prevents together with the stealth mode, that the SecretPi can not be infected for interception or data-harvesting.
The SecretPi was designed for autonomous use. That means you can use it as a standalone device, as it has useful applications “on board”. These applications are the OpenOffice Suite, Telegram Desktop, PGP for file-encryption, a VoIP client for phone calls, Nautilus GnuPG (a file manager to encrypt files or directories), Claws Mail, Teamviewer for remote access and Webmin (for some administrative tasks). If the SecretPi is used without having a LAN or WAN and/or no electric power for the USB adapter is available, you can run with the battery autonomous. That means you can write your articles, messages etc. but they are not send out directly (no internet in this scenario), but directly when you connect to the internet again.
Well, we had debates about Teamviewer as a remote access (support) tool, as it gives – as the name says – remote access, which by definition could be an ingress point to compromise the SecretPi. As good arguments won the battle the decision to use Teamviewer was made, as you cannot use Teamviewer without consent of the SecretPi user. Teamviewer creates each time a randomly generated password for the Teamviewer ID of the SecretPi, which has to be given to the other party. On the other hand it can be used (beside the support functionality) to give someone a look at your device (just the screen is being transferred, which is a safety aspect), files can be transferred etc., in a kind of OOB (out of band) communication, still through the VPN.
A special edition of the SecretPi comes in a rugged version. A full metal housing (aluminium) which acts as a heat sink for the raspberry pi processors, nearly undestroyable for the use in areas where IED’s (Improvised explosive devices) are common, explosives (bombs, grenades, RPG’s (hand-held antitank grenade launcher), etc., are used or other physical stress can affect the device. Right now, there is no waterproof version available (maybe after another sleepless night), at least it comes with a waterproof peli-case for transport and storage. This kit is designed for war-like or disaster environments. Of course, the battery can be used also with this housing, if there is no electric power available. Beside the housing the facts about SD-cards environmental tolerances are very impressive.
Imagine, authorities knock your door and you know what happens next. You have only a very limited time to hide things. Just quickly remove the SD-card and hide it on your body, in one of your socks, in your shoe, in your mouth (SD-cards can stand humidity see here). This can be done in no time. Basically there is no limit where you can hide it, as a micro SD’s are very small. Alternatively you can hide it with a piece of double sided tape anywhere, by just sticking the SD-card to the tape and leave it on premises.
Imagine, someone breaks into your house to take your SecretPi. But “someone” will not be very happy, as I have bound the SecretPi to you and the SecretPi will only start properly if you are around at boot-time. The trick is a NFC (near field communication) device. This can be a credit card style NFC card, a ring (Yes…a NFC Ring for your finger with a build in transponder), a generic NFC transponder which can be glued to anything (i.e. a vase or a box of matches laying/standing on the SecretPi), or even false nails containing a NFC transponder (Ladies listen !). The SecretPi NFC boobytrap expects it’s corresponding NFC transponder at startup. If it can not find it, it will display a fake message like “System was updated, please switch off and on again to boot”. Well, this message is a hoax for those people who do not have the right transponder and have no clue that it is needed to deactivate this boobytrap, cause they do not even know that there is a boobytrap. If the system is started again, it will say “Update completed and verified, booting in 30s” with a countdown. If the “right” transponder is not there within 30s, the system will destroy itself. Well, it will not go onto fire (maybe I should sleep over it), but everything on the SD-card will be wiped, not only the encrypted file-system, but the whole SD-card content.
If you are in an area with power-glitches, frequent power-loss, or non solid voltage or frequency, simply connect the USB-Power Adapter to the Power-Bank for charging and the USB-Power output of the Powerbank to the SecretPi. Now you are safe against power-failures. Make sure, that the power on/off switch is between the Powerbank and the SecretPi, that you can switch it on or off.
Currently I plan to have some more sleepless nights, as I want to make the SecretPi independent of WLAN or LAN Access Points. In the future I want to teach the SecretPi to use also other communication networks; like Satellites, HAM Radio or whatever comes to my mind for OOB Communication. That will make the SecretPi more versatile in hostile environments, where no Internet and electric power is available and also helps to obfuscate data traffic. On top, some managed services are planned which could extend this project to make things even more safe. Stay tuned.
Isn’t it exiting – a RaspberryPi which could even be an addition to James Bond’s arsenal ?
If you want to know more about the SecretPi, click here to get the flyer !
First of all we have planned to bring the actual prototype finalized and ASAP to the market, just the funding for going from prototype to production has to be done. The SecretPi will come in the following configurations:
Prices will be subject to TBD, shipping costs and taxes are subject to the country of delivery.
Backers will get a substantial discount on the product and services which will make them breathless.
Welcome, the SecretPi Idea is currently looking for backers and investors. Most of the important stuff is already done, a prototype without boobytraps exists and runs like a charm and never drops the connection. We reach an encrypted throughput of up to 80Mbit/s on a 100Mbit/s DSL Connection. Now it is time to bring the SecretPi to the market. Some more development, testing and programming has to be done, but it’s already documented. What this project needs are backers and investors. The marketing has already started. The first announcement is this blog-entry.
This is not decided yet, which crowdfunding platform(s) will be our partner. More information will be released soon.
Testers will get a device if they are a backer, with an even higher discount, if they test the device and send us their findings and report errors or other problems. As soon as the first financing round is done, we will call all backers, to become also testers. How we will do that, will be announced shortly after the financing took place.
Just use the contact form in the top right menu or THIS link
In home use you ideally connect the SecretPi by cable (WLAN will also work) to your Internet connection (mostly DSL-Router). You can now use the SecretPi as a privacy router, connecting your devices to the internal WLAN or with the USB/LAN adapter. When using the LAN-Adapter, you should keep in mind that if you want to use multiple devices, you have to use a switch. Dual use (WLAN and LAN) is also possible. The SecretPi also accepts WLAN hotspots like smartphones in tethering mode.
If you have no internet, you can use the SecretPi as your office as office applications (OpenOffice) are on the SecretPi already installed. If you have no electric power, but you bought the “Dissident” version, you have the power-bank and 12V car-adapter to connect to a remaining source.
You can use the SecretPi as described under “Home Use” and “Autonomous Mode”
You can use the SecretPi as described under “Home Use”,”Autonomous Mode” and “Hotel Use”
See Home Use
You need the “War Reporter Version” with the rugged housing. Technically look at “Home Use” and “Autonomous Use”
In a hotel or similar environment (i.e. Guest access in a company you visit), you connect the Secret Pi with the LAN to the hotels internet-connection or you use your smartphone in tethering mode or a portable access point. The SecretPi can not connect to a hotel or similar WLAN’s (guest networks), if the WLAN is open and the authentication to the network is done via an authentication window in the browser. The SecretPi is in stealth mode and will not see the authentication screen in the browser – Never, Ever !
The SecretPi was tested over and over again, every trick and technology I could get hold of was used to find loopholes. There are to my knowledge none. But I do not take any responsibility and can not guarantee that data can/will be intercepted, decrypted and analysed against you. Please keep that in mind.