How would you set up a computer to protect against state-level actors?

Question

How would you setup your computer to work on a project that may be seen as threatening by state-level actors?See: situation in Russia, China, ... What are your tips?

mytailorisrich · Accepted Answer

If your threat model is the same as an intelligence service, which it basically would if in effect you wanted to protect against state intelligence services, then you would need to follow similar procedures.
AFAIK, it's a common practice to have critical systems disconnected from the internet or external networks and located in rooms protected against human intrusion (duh) but also against remote sensing, which these days includes pretty much anything (RF, sound, light, etc).
You'd also need to take special measures to avoid equipment from being tampered with before it reaches you.
I read articles that the Russians were banning computers altogether in some circumstances and using typewriters instead.
But of course if this is indeed "threatening" you'd be as likely to have an 'unfortunate accident' in any case.

floxy · Answer

1.) Read "Reflections on Trusting Trust": https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref...2.) ???3.) Wallow in despair?

mikequinlan · Answer

The first step would be to not store any confidential information electronically.https://www.theguardian.com/world/2013/jul/11/russia-reverts... for example.

t-3 · Answer

Don't talk about it, and don't give them any reason to look to closely at you. You can't defend yourself from a huge organization as an individual, so you have to avoid catching their attention.

ozirus · Answer

Use phishing resistant 2FA everywhere! (FIDO etc.) - avoid SMS
Limit admin privileges
Install an up-to-date antivirus/HIPS/EDR solution (with web protection)
Keep your OS and apps up-to-date (apply patches)
Periodically scan your system with tools like Loki, Thor Lite scanner etc.
Be careful about your browser extensions and their privileges
Make sure you don't expose any public service to internet (RDP etc.)
Try to avoid Windows (if possible)
Implement application allowlisting
Use file-integrity apps to protect critical files
Monitor continuously (via NSM and EDR), respond ASAP (isolate etc.) when you see a sus. thing on your system/network before they complete their objectives
Read about latest threats, evaluate your posture since threat landscape keeps changing
Read about threat/incident reports regarding state-level actors targeted your industry in the past

rdtwo · Answer

You don&rsquo;t. A state level actor has access to all your data. You basically can&rsquo;t connect to anything and always hold the asset

pyinstallwoes · Answer

Probably not use a computer.

bitxbitxbitcoin · Answer

Are you in Russia or China? If so the answer may be to not use a computer.

presheaf · Answer

Can't be done. The state is the one that produces the chips (Intel is just another branch of the government). Software is just a layer on top that can always be subverted with hardware by someone who knows the sequence of operations that will give them access.

How would you set up a computer to protect against state-level actors?

How would you setup your computer to work on a project that may be seen as threatening by state-level actors?
See: situation in Russia, China, ... What are your tips?

1.) Read "Reflections on Trusting Trust": https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref...
2.) ???
3.) Wallow in despair?

The first step would be to not store any confidential information electronically.
https://www.theguardian.com/world/2013/jul/11/russia-reverts... for example.

Don't talk about it, and don't give them any reason to look to closely at you. You can't defend yourself from a huge organization as an individual, so you have to avoid catching their attention.

You don’t. A state level actor has access to all your data. You basically can’t connect to anything and always hold the asset

Probably not use a computer.

Are you in Russia or China? If so the answer may be to not use a computer.

Can't be done. The state is the one that produces the chips (Intel is just another branch of the government). Software is just a layer on top that can always be subverted with hardware by someone who knows the sequence of operations that will give them access.