Dominathan
Well-Known Member
Forward
With great power comes great responsibility, and knowledge is power. Remember that 100% anonymity allows you to do whatever you want, but it doesn't mean you should. Using anonymity is a great way to work around laws, but please remember that laws exist for a reason. Crimes against another human are still crimes, whether you get caught or not. Using this knowledge to cause chaos is counterproductive, and will prove that humans aren't responsible enough to handle full anonymity. If you can't, then please don't even read on. I hope that all usage of the following information will only be used ethically, and not to cause harm.
Digital security is the practice of protecting yourself for any reason, in a purely digital environment. Although we all use the internet, not all of us are aware of what steps we can take to protect our physical identity from being extracted by our digital identity. In this thread, I'll cover the basics of protecting yourself against "Eaves-droppers" (Spammers, Hackers, Law Enforcement, etc*).
Contents:
I. Tor
II. Bitcoins
III. PGP
IV. Proxies
V. Full Drive Encryption
VI. Spoofing MAC Address
VII. Ophcrack
VIII. AirCrack
I. Tor
Oh jeez, how do I explain this? Lemme give it a shot:
Imagine the internet as a piece of paper, with tons of dots randomly put all over it to represent computers. Now imagine a black circle in the middle of the paper. This black circle is a lot like Tor. By running web traffic through Tor on your computer, you are moving your little dot into the black circle. Browsing through Tor bounces all information back and forth before it goes out of an "Exit Node" (it's important to understand that there is a finite number of exits from Tor and to the "normal" internet) and into the free and uncovered dots. Not only is this useful for navigating to all those dots outside of the black circle, but now imagine if your destination was in the black circle itself!
This is a very clever to host a sensitive website, too. Since nobody in the world will ever be able to pinpoint where you are running your web service from, you are able to create a digital page that can not be physically tied to you. Tor proved itself extremely useful during the revolutions in both Egypt and Libya, and has a myriad of other uses.
NOTE : The fastest way to get somewhere is "as the crow flies", and Tor DOES NOT fly the fastest route. Normal web pages load slightly slower in Tor. Using Tor to connect to a Tor hosted site can be very slow, but it's the price you pay for anonymity.
So how can you use Tor?
IMPORTANT:
Tor will not anonymize all of your internet traffic. Configuring Firefox to run Tor will only anonymize traffic going through Firefox, and only while Tor is enabled. Eventually, I will include a segment on running other applications through Tor.
II. Bitcoins
Bitcoins is a form of currency specifically designed to meet the needs of a global economy. Instead of using paper bills, many prefer bitcoins for the instant digital transfer it provides. So how much is a BTC (Bitcoin) worth? Whatever people are will to pay for them! The idea seems funny at first, because it's something with no value whatsoever. That's what currency is though. It's an otherwise useless measuring stick on which we value everything else in our lives. Due to their rise in popularity, BTC have now become worth more per unit than the US dollar.
Some advantages to using BTC:
First time users may find it hard to obtain BTC, however. Mtgox.com is the only TRUSTED Bitcoin currency exchanger I know of. However, users will still find they can't simply enter a credit card number and buy BTC (yet).
Some uses for BTC would be:
So how can you use Bitcoins?
Special notes:
Users who would rather have their Bitcoin wallet in the cloud (accessible by your computer, but not stored on your computer) have the option of doing so too. MyBitcoin is a great site to have a bitcoin wallet on. It allows you to send and receive payments instantly, and being on another computer means that you could access it through Tor for yet another layer of security. Best of all? 100% free.
IMPORTANT:
Bitcoins a completely digital currency, and as such is subject to fluctuation in value. Also, it is extremely important that you back up your bitcoin wallet if stored on a personal computer. If for some reason the hard drive fails, you don't also want to lose all your e-currency.
III. PGP
PGP, or "Pretty Good Privacy" is an idea used to encrypt and decrypt messages that were intended for only one recipient. PGP works by generating two separate "keys". The keys are paired algorithms, with one key requiring a "Pass phrase" to work. This key is called the "Private Key". Users of PGP make their public key widely available (generally have it posted in profiles on anonymous forums, or e-mail it to their correspondent). In fact, the more people that have your public key, the safer you are. Using the public key to encrypt a message is easy, and only requires two fields (Public key, message). However, decrypting can ONLY be done with the paired algorithm ("Private" key) and pass phrase. Many pass phrases are simply a sentence highlighted from a book.
How do I actually use PGP?
Well, PGP is software, and must be paid for. Like everyone else though, I hate paying for what isn't tangible. GnuPG is a free replacement that one can use for PGP security.
Why use PGP?
Many anonymity networks operating on Tor require users to send messages in PGP. This way, even if they are intercepted, they cannot be read.
Free PGP programs:
IV. Proxies
Though this may seem novice to some of use, proxies are a great stepping stone into private browsing. Proxies are pretty simple to use and understand. Basically, put a computer between you and where you are going on the internet. Proxy servers are numerous, but also very slow. It's important to note that your proxy is not hidden, and serious violations can result in a subpoena forcing the proxy server to reveal you're information. That's why it's important to use a proxy server that runs on a machine that is physically housed in another country.
Different types of proxies include :
So how can you use Proxies?
IMPORTANT:
Using a proxy does not guarantee anonymity. Proxy servers in your country can be court ordered to give out your IP address. Even if the proxy is physically housed in another country, your activity can still be connected to you. If they have a court order for your internet activity (meaning whatever you did had an obvious connection to you), and the receiving internet activity, they can match yours going to the proxy, and the receiving coming from the proxy.
V. Full Drive Encryption
You never know when your computer is going to be seized, and if it is you could very well wish you had encrypted your hard drive beforehand. Simple hard drive encryption (encrypting the entire drive with PGP) is savvy, but possibly fruitless. This is because a fully encrypted hard drive throughs up red flags in a courtroom (and you may be forced to provide you're passphrase). Failure to comply is a larger charge than possession of marijuana in some areas, so keep that in mind! So, if encrypting our entire drive isn't enough, what do we do? Truecrypt! Truecrypt is a fantastic open source (free) encryption tool that allows you to hide an additional OS (Operating System) in a hidden partition of your drive. If done right, it's impossible to prove that a hidden operating system exits. The way this works is by having a "dummy" operating system that is engaged by using a seperate password. Giving up that password would satisfy the needs of any court or demanding wife, while slyly maintaining the truly "hidden" OS.
So, how can I use Truecrypt to create a hidden OS?
BOOM! That's it! Now you're protected from all the just and unjust things that could happen by someone taking your computer! I use my decoy operating system primarily, that way it's not just a shell of an OS, and it's believably occupied.
VI. Spoofing your mac address
This is a little trick that has some useful applications. Basically, a wireless router assigns what is known as the ARP (Address Resolution Protocol). If you've ever tinkered with the network, you know that computers on it are assigned protocol like: 192.168.2.1 This is what we are spoofing. We make ISP logs appear to come from a machine that is not ours. This is useful when at a public location that is anonymous but unsecure (Starbucks, etc*), or even on a home network.
How do I spoof my Mac address?
Well, if you're running linux, you're in luck! Two simple commands:
ifconfig eth0 down hw ether 00:00:00:00:00:01
ifconfig eth0 up
For macs you need to be using Tiger OS or earlier editions. A patch is needed to spoof the address, however http://slagheap.net/etherspoof/ . Once installed, use a command such as:
sudo ifconfig en0 lladdr 00:00:00:00:00:01
For windows, I reccomend Mad Macs (lol). It's a free program that will randomize your hostname and mac address with every boot. Download it here, and install!
VII. Ophcrack
Ophcrack is a handy tool used to crack windows passwords. It works by decoding "hash's" (a string of characters that a password is translated to through an algorithm) with Rainbow Tables. It also has a "Brute-Force" feature for simple passwords (guess and check password recovery). It's a powerful tool that only requires a CD to be popped into a computer, if you want acces to it.
So, how do I use Ophcrack?
(This is a very good reason NOT to use windows. The password system on it is a joke, made to keep out young children and old grandparents.)
VIII. AirCrack
Aircrack is a great tool for cracking WEP and WPA-PSK keys. This is handy if you find yourself in need of the internet, but can't find any public networks. It could also be used in combination with Mac spoofing to do discreet searching on another network (If the mac address is spoofed, it's unlikely anything will happen to the other networks administrator). Aircrack works by capturing data packets from a wireless network, and then "Attacks" the network to recieve the keys. Not all wireless cards work with it though. The Nokia N900 phone has been modified to run packet capturing and packet injection with Aircrack, so that's a great mobile option.
So, how do I use Aircrack?
I hoped you all enjoyed reading this as much as I enjoyed writing it! And remember to mouse-attack my reputation!
-DomiNate
With great power comes great responsibility, and knowledge is power. Remember that 100% anonymity allows you to do whatever you want, but it doesn't mean you should. Using anonymity is a great way to work around laws, but please remember that laws exist for a reason. Crimes against another human are still crimes, whether you get caught or not. Using this knowledge to cause chaos is counterproductive, and will prove that humans aren't responsible enough to handle full anonymity. If you can't, then please don't even read on. I hope that all usage of the following information will only be used ethically, and not to cause harm.
Digital security is the practice of protecting yourself for any reason, in a purely digital environment. Although we all use the internet, not all of us are aware of what steps we can take to protect our physical identity from being extracted by our digital identity. In this thread, I'll cover the basics of protecting yourself against "Eaves-droppers" (Spammers, Hackers, Law Enforcement, etc*).
Contents:
I. Tor
II. Bitcoins
III. PGP
IV. Proxies
V. Full Drive Encryption
VI. Spoofing MAC Address
VII. Ophcrack
VIII. AirCrack
I. Tor
Oh jeez, how do I explain this? Lemme give it a shot:
Imagine the internet as a piece of paper, with tons of dots randomly put all over it to represent computers. Now imagine a black circle in the middle of the paper. This black circle is a lot like Tor. By running web traffic through Tor on your computer, you are moving your little dot into the black circle. Browsing through Tor bounces all information back and forth before it goes out of an "Exit Node" (it's important to understand that there is a finite number of exits from Tor and to the "normal" internet) and into the free and uncovered dots. Not only is this useful for navigating to all those dots outside of the black circle, but now imagine if your destination was in the black circle itself!
This is a very clever to host a sensitive website, too. Since nobody in the world will ever be able to pinpoint where you are running your web service from, you are able to create a digital page that can not be physically tied to you. Tor proved itself extremely useful during the revolutions in both Egypt and Libya, and has a myriad of other uses.
NOTE : The fastest way to get somewhere is "as the crow flies", and Tor DOES NOT fly the fastest route. Normal web pages load slightly slower in Tor. Using Tor to connect to a Tor hosted site can be very slow, but it's the price you pay for anonymity.
So how can you use Tor?
- Download Firefox 3.6 (The Tor extension doesn't work in firefox 4...yet)
- Install Torbutton
- Enable Torbutton
- Check to make sure you're running Tor by visiting here
- Browse the internet!
IMPORTANT:
Tor will not anonymize all of your internet traffic. Configuring Firefox to run Tor will only anonymize traffic going through Firefox, and only while Tor is enabled. Eventually, I will include a segment on running other applications through Tor.
II. Bitcoins
Bitcoins is a form of currency specifically designed to meet the needs of a global economy. Instead of using paper bills, many prefer bitcoins for the instant digital transfer it provides. So how much is a BTC (Bitcoin) worth? Whatever people are will to pay for them! The idea seems funny at first, because it's something with no value whatsoever. That's what currency is though. It's an otherwise useless measuring stick on which we value everything else in our lives. Due to their rise in popularity, BTC have now become worth more per unit than the US dollar.
Some advantages to using BTC:
- 100% anonymous if used with Tor
- Instant transfers
- Impossible to counterfeit
- Is Peer2Peer (Meaning there is no central issueing unit, so no chance of corruption)
First time users may find it hard to obtain BTC, however. Mtgox.com is the only TRUSTED Bitcoin currency exchanger I know of. However, users will still find they can't simply enter a credit card number and buy BTC (yet).
Some uses for BTC would be:
- Anonymously making donations
- Buying illicit or "black market" goods or services
- Buying legal goods or services
So how can you use Bitcoins?
- Download the application here.
- After downloading and installing, you'll automatically be given a bitcoin address. For example, one of my addresses is "15aS6tvdBWASoTSgkcBHkmKghuBx9NJWyV". If you want to practice sending money, that'd be a great start . For the techno-impaired, remember that you're bitcoin address is no more private than you're public address.
- Use Bitcoins as you would any other currency!
Special notes:
Users who would rather have their Bitcoin wallet in the cloud (accessible by your computer, but not stored on your computer) have the option of doing so too. MyBitcoin is a great site to have a bitcoin wallet on. It allows you to send and receive payments instantly, and being on another computer means that you could access it through Tor for yet another layer of security. Best of all? 100% free.
IMPORTANT:
Bitcoins a completely digital currency, and as such is subject to fluctuation in value. Also, it is extremely important that you back up your bitcoin wallet if stored on a personal computer. If for some reason the hard drive fails, you don't also want to lose all your e-currency.
III. PGP
PGP, or "Pretty Good Privacy" is an idea used to encrypt and decrypt messages that were intended for only one recipient. PGP works by generating two separate "keys". The keys are paired algorithms, with one key requiring a "Pass phrase" to work. This key is called the "Private Key". Users of PGP make their public key widely available (generally have it posted in profiles on anonymous forums, or e-mail it to their correspondent). In fact, the more people that have your public key, the safer you are. Using the public key to encrypt a message is easy, and only requires two fields (Public key, message). However, decrypting can ONLY be done with the paired algorithm ("Private" key) and pass phrase. Many pass phrases are simply a sentence highlighted from a book.
How do I actually use PGP?
Well, PGP is software, and must be paid for. Like everyone else though, I hate paying for what isn't tangible. GnuPG is a free replacement that one can use for PGP security.
Why use PGP?
- Protect trade secrets
- Have a truely "one on one" conversation online
- Sending private messages in an unsecure network
- Encrypt entire hard drives
Many anonymity networks operating on Tor require users to send messages in PGP. This way, even if they are intercepted, they cannot be read.
Free PGP programs:
- GPGWin (Windows)
- GNU Privacy Guard (Mac)
- PGP mirror (Linux)
IV. Proxies
Though this may seem novice to some of use, proxies are a great stepping stone into private browsing. Proxies are pretty simple to use and understand. Basically, put a computer between you and where you are going on the internet. Proxy servers are numerous, but also very slow. It's important to note that your proxy is not hidden, and serious violations can result in a subpoena forcing the proxy server to reveal you're information. That's why it's important to use a proxy server that runs on a machine that is physically housed in another country.
Different types of proxies include :
- Socks : A fairly new type of proxy that allows for more types of data transfer.
- Anonymous : Proxy does not reveal information about the computer making requests.
- Transparent : These are the snitches of the proxy world. Avoid them.
So how can you use Proxies?
IMPORTANT:
Using a proxy does not guarantee anonymity. Proxy servers in your country can be court ordered to give out your IP address. Even if the proxy is physically housed in another country, your activity can still be connected to you. If they have a court order for your internet activity (meaning whatever you did had an obvious connection to you), and the receiving internet activity, they can match yours going to the proxy, and the receiving coming from the proxy.
V. Full Drive Encryption
You never know when your computer is going to be seized, and if it is you could very well wish you had encrypted your hard drive beforehand. Simple hard drive encryption (encrypting the entire drive with PGP) is savvy, but possibly fruitless. This is because a fully encrypted hard drive throughs up red flags in a courtroom (and you may be forced to provide you're passphrase). Failure to comply is a larger charge than possession of marijuana in some areas, so keep that in mind! So, if encrypting our entire drive isn't enough, what do we do? Truecrypt! Truecrypt is a fantastic open source (free) encryption tool that allows you to hide an additional OS (Operating System) in a hidden partition of your drive. If done right, it's impossible to prove that a hidden operating system exits. The way this works is by having a "dummy" operating system that is engaged by using a seperate password. Giving up that password would satisfy the needs of any court or demanding wife, while slyly maintaining the truly "hidden" OS.
So, how can I use Truecrypt to create a hidden OS?
- Download Truecrypt here
- Download Parted Magic here
- Unzip and install both files
- Run a "Disk Defrag" by doing this (Windows) or this (Mac)
- Use Parted Magic (Or any other disk partitioning service) to create a new partition. We can partition it either as NTFS, or FAT32 (Fat32 is unable to store files larger than 4gb, so I go with NTFS). If it's NTFS, make your partition 2 times larger than the other partition. If using FAT32, make the new partition 5-10% larger.
- Launch Truecrypt, go to the "System" tab, and choose to create a hidden operating system
- Choose single boot vs. multi boot (If you are going to only run windows, you choose single boot. To use multiple OS's, use multi boot)
- Set up "Outer volume" (Decoy OS) by choosing your encryption type. (AES works fine)
- It should accurately predict the partition you wish to use for your hidden volume, if not, correct it.
- Choose a password for the outer volume, choose an data type (NTFS or FAT32), and accept the disclaimer telling you all you're files in that partition are going to die.
- Wait around for it to format...
- Move some documents to the outer volume (Truecrypt prompts you to do so, and provides a GUI interface for it)
- Truecrypt now prompts you to create passwords for the hidden OS, and encrypts it.
- Create passwords for the decoy OS, format it.
- At this point, you can put a disk in your computer and Truecrypt will create a rescue disk (an .iso file used to restore your computer should something go wrong).
- After the computer reboots, enter both the hidden and decoy operating system passwords.
- When the decoy operating system loads, have truecrypt encrypt it (it will prompt you to do so).
BOOM! That's it! Now you're protected from all the just and unjust things that could happen by someone taking your computer! I use my decoy operating system primarily, that way it's not just a shell of an OS, and it's believably occupied.
VI. Spoofing your mac address
This is a little trick that has some useful applications. Basically, a wireless router assigns what is known as the ARP (Address Resolution Protocol). If you've ever tinkered with the network, you know that computers on it are assigned protocol like: 192.168.2.1 This is what we are spoofing. We make ISP logs appear to come from a machine that is not ours. This is useful when at a public location that is anonymous but unsecure (Starbucks, etc*), or even on a home network.
How do I spoof my Mac address?
Well, if you're running linux, you're in luck! Two simple commands:
ifconfig eth0 down hw ether 00:00:00:00:00:01
ifconfig eth0 up
For macs you need to be using Tiger OS or earlier editions. A patch is needed to spoof the address, however http://slagheap.net/etherspoof/ . Once installed, use a command such as:
sudo ifconfig en0 lladdr 00:00:00:00:00:01
For windows, I reccomend Mad Macs (lol). It's a free program that will randomize your hostname and mac address with every boot. Download it here, and install!
VII. Ophcrack
Ophcrack is a handy tool used to crack windows passwords. It works by decoding "hash's" (a string of characters that a password is translated to through an algorithm) with Rainbow Tables. It also has a "Brute-Force" feature for simple passwords (guess and check password recovery). It's a powerful tool that only requires a CD to be popped into a computer, if you want acces to it.
So, how do I use Ophcrack?
- Download it HERE
- Burn the .iso file to a disk
- Boot up the computer with the disk in
- Run it, and find all the windows passwords on the system!
(This is a very good reason NOT to use windows. The password system on it is a joke, made to keep out young children and old grandparents.)
VIII. AirCrack
Aircrack is a great tool for cracking WEP and WPA-PSK keys. This is handy if you find yourself in need of the internet, but can't find any public networks. It could also be used in combination with Mac spoofing to do discreet searching on another network (If the mac address is spoofed, it's unlikely anything will happen to the other networks administrator). Aircrack works by capturing data packets from a wireless network, and then "Attacks" the network to recieve the keys. Not all wireless cards work with it though. The Nokia N900 phone has been modified to run packet capturing and packet injection with Aircrack, so that's a great mobile option.
So, how do I use Aircrack?
- Determine if your wireless card/driver is compatible here
- Download the Aircrack program here
- Install, and run the program!
I hoped you all enjoyed reading this as much as I enjoyed writing it! And remember to mouse-attack my reputation!
-DomiNate
Enjoy!