Git-Mirrors
/
into-the-crypt
mirror of https://0xacab.org/optout/into-the-crypt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Various tweaks, citation staging

This commit is contained in:
arcanedev 2023-01-31 02:54:52 +00:00
parent 38febafe69
commit 8b088d25ce
No known key found for this signature in database
GPG Key ID: 13BA4BD4C14170C0
1 changed files with 47 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
README.md
View File

@ -69,7 +69,7 @@ Several concepts will be reiterated throughout this work as security is a proces
- Prioritize Communications Security (COMSEC)
- Operate with minimal architecture
> For uninterested parties regarding the [philosophy](#philosophy) on why this was created, along with details on malfeasance / blatantly criminal activity of institutions (state-sponsored actors and NGOs), I recommend skipping this section and proceeding straight to the [Identifiers](#identifiers) section.
> For uninterested parties regarding the [philosophy](#philosophy) on why this was created, along with details on malfeasance / criminal activity of institutions (state-sponsored actors and NGOs), I recommend skipping this section and proceeding straight to the [Identifiers](#identifiers) section.
## Philosophy
There is now a concerted effort with the primary goal as follows: control the flow of information to expand the current power structure. If one controls the information, they control the perception, and subsequently the questions being asked. If those in power have you asking the wrong questions, you no longer are a threat to the system. If the language can be altered to prevent various forms of dissent from occurring, this manipulation will take the form of Orwellian double-speak. Double-speak is used to control our symbolic creation of thought. For example, freedom is slavery, ignorance is strength. As the Nazi propagandist, Joseph Goebbels, recorded in his diaries, "It would not be impossible to prove with sufficient repetition and a psychological understanding of the people concerned that a square is in fact a circle. They are mere words, and words can be molded until they clothe ideas and disguise." If we lack the capacity to understand what concepts such as freedom are, how could an individual defend the foreign concept? As Camus once said, "It is the job of the thinking people not to be on the side of the executioner," hence the conception of this book. The goal is to preserve freedom and autonomy by means of disrupting investigations.
@ -86,13 +86,9 @@ When their suppression campaigns prove incapable to pull something from the publ
*"Think of the press as a great keyboard on which the government can play."* - Joseph Goebbels
While federal agents certainly aren't possessors of divine power and are largely inefficient, there are layers of loosely-spoken private contractors who can play many suits with their ever-expanding budgets funded by various forms of hacking (or selling products to various extremist groups). They can form at-will layers of subsidiary Limited Liability Companies (LLC) with no connection to the umbrella organization. These organizations can perform various tasks that violate legal boundaries and are dismembered once a task is accomplished. The term I use for this activity is incestual contracting. It is unlikely that you will be unable to find substantial material into this activity for reasons that are self-explanatory.
While federal agents certainly aren't possessors of divine power and are largely inefficient, there are layers of loosely-spoken private contractors who can play many suits with their ever-expanding budgets funded by various forms of hacking (or selling products to various extremist groups). They can form at-will layers of subsidiary organizations with no connection to the umbrella organization. These organizations can perform various tasks that violate legal boundaries and are dismembered once a task is accomplished (if they needed to be formed at all). The term I use for this activity is incestual contracting. It is unlikely that you will be unable to find substantial material into this activity for reasons that are self-explanatory.
While we understand that circumvention is not a simple nor passive process, it doesn't take billions of dollars in black budget funds to orchestrate. The vast majority of the work is placed in security procedures such as network traffic encryption, local disk encryption, and communications security.
Anti-forensics, or the reduction, removal, and obscuration of forensic data, has been around for quite some time. There are a variety of methods for stifling both private and public investigations. From the physical side, this could include any action that removes traces such as fingerprints, hair samples, etc.
The digital side of forensics has taken off in recent years. This is multi-faceted from network traffic to random access memory (RAM) to disk storage, and ultimately ties back into physical security.
While we understand that circumvention is not a simple nor passive process, it doesn't take billions of dollars in black budget funds to orchestrate. The vast majority of the work is placed in security procedures such as network traffic encryption, local disk encryption, and communications security. Anti-forensics, or the reduction, removal, and obscuration of forensic data, has been around for quite some time. There are a variety of methods for stifling both private and public investigations. From the physical side, this could include any action that removes traces such as fingerprints, hair samples, etc. The digital side of forensics has taken off in recent years. This is multi-faceted from network traffic to random access memory (RAM) to disk storage, and ultimately ties back into physical security.
What is to come throughout this book consists of not only methods of strong cryptographic implementations, automated tasking, and obscurity, but underlying concepts for increasing the time expended on investigations. If you make a large enough splash against the system, they will come after you with all of their resources. If you dive deep enough, you can at least reach the bottom and muddy the waters. Successful operations often depend on how long you can hold your breathe.
@ -382,7 +378,7 @@ PIM is treated as a secret value that controls the number of iterations used by
>Note: Larger-value PIMs also increase the time complexity of attacks, at the expense of time taken to perform password hashing. Most cryptologists would argue that a PIMs should not be treated as a secret parameter (or at least, such secrecy should not be relied on). The user's own password should be the source of security. Password hashing, in general, is a mitigation for users with less-than-secure passwords. As a person who values security against the world's most powerful attackers, one should make a point to not rely on password hashing for security.
## Obscurity
Security professionals will often preach that security through obscurity is an inadequate method of security and should never be a way of addressing your current threat model. The original basis is the distinction "security through obscurity" vs "security by design," often cited as "Kerkhoff's Principle," which concludes a secure cryptosystem should be secure even if everything about the system, except the key, is public knowledge. Kerckhoff's Principal is sometimes cited in terms of Shannon's Maxim: "One ought to design systems under the assumption that the enemy will immediately gain full familiarity with them," or more simply "The enemy knows the system." With the maxim in mind, "security though obscurity" is specifically a cryptographic principal which has been extended to include any system designed with security. It is not discouraged to use security through obscurity. However, it is discouraged to rely on security through obscurity instead of relying on security by design. Obscurity can be used as an additional layer, but security should be guaranteed by the design, with obscurity used only as a padding against unforeseen vulnerabilities.
Security professionals will often preach that security through obscurity is an inadequate method of security and should never be a way of addressing your current threat model. The original basis is the distinction "security through obscurity" vs "security by design," often cited as "Kerkhoff's Principle," which concludes a secure cryptosystem should be secure even if everything about the system, except the key, is public knowledge. Kerckhoff's Principal[^] is sometimes cited in terms of Shannon's Maxim[^]: "One ought to design systems under the assumption that the enemy will immediately gain full familiarity with them," or more simply "The enemy knows the system." With the maxim in mind, "security though obscurity" is specifically a cryptographic principal which has been extended to include any system designed with security. It is not discouraged to use security through obscurity. However, it is discouraged to rely on security through obscurity instead of relying on security by design. Obscurity can be used as an additional layer, but security should be guaranteed by the design, with obscurity used only as a padding against unforeseen vulnerabilities.
A threat model with the application of anti-forensics should not adhere strictly to one distinction of security vs design. Cryptographic software can perform means of obscurity. For instance, Veracrypt produces cryptographically secured volumes that contain differential hidden volumes for plausible deniability. These hidden volumes can hinder the effectiveness of an amateur (and perhaps well-versed) investigator. We are not claiming the process to be systematically flawless, however security has never been fault-less. If you have applied some of the cryptographic advice heeded in the book like full-disk encryption (FDE), and the adversary has managed to gain unbridled, decrypted access to your computer regardless, it becomes self-evident that obscurity is friend when the design has been bypassed or simply failed.
@ -400,7 +396,7 @@ Another example is the use of stylometry in forensic linguistics to identify the
In recent years, stylometry has been used to identify the authors of fake news and propaganda. For instance, researchers at University of California Berkeley used stylometry to identify the authors of fake news articles and bots on social media platforms.
The Unabomber, Ted Kaczynski, was de-anonymized using stylometry. Kaczynski was a domestic terrorist who sent a series of letters and package bombs to universities and airlines between 1978 and 1995, resulting in three deaths and 23 injuries. In 1995, he sent a 35,000-word manifesto called "Industrial Society and Its Future" (also known as the "Unabomber Manifesto") to several newspapers, promising to stop the bombings if the manifesto was published. The FBI and the U.S. Department of Justice were able to use stylometry to identify Kaczynski as the author of the manifesto by comparing it to a set of writing samples from Kaczynski's personal papers. One of the key pieces of evidence was the use of the word "you" which Kaczynski used quite frequently in his manifesto as well as in his personal writings. The analysis also revealed that Kaczynski had a preference for short, simple words and that he used similar grammatical structures and sentence patterns in both his manifesto and his personal writings.
The Unabomber, Ted Kaczynski, was de-anonymized using stylometry. Kaczynski was a domestic terrorist who sent a series of letters and package bombs to universities and airlines between 1978 and 1995, resulting in three deaths and 23 injuries. In 1995, he sent a 35,000-word manifesto called "Industrial Society and Its Future" (also known as the "Unabomber Manifesto") to several newspapers, promising to stop the bombings if the manifesto was published. The FBI and the U.S. Department of Justice were able to use stylometry to identify Kaczynski as the author of the manifesto by comparing it to a set of writing samples from Kaczynski's personal papers. One of the key pieces of evidence was the use of the word "you" which Kaczynski used quite frequently in his manifesto as well as in his personal writings. The analysis also revealed that Kaczynski had a preference for short, simple words and that he used similar grammatical structures and sentence patterns in both his manifesto and his personal writings[^].
In addition to the stylometry, the FBI also used forensic linguistics to analyze the language and grammar used in the letters and manifesto and found that they matched the writing style of Kaczynski's known writings. In April 1996, the FBI searched Kaczynski's cabin in Lincoln, Montana, and found evidence linking him to the Unabomber crimes, including bomb components and a typewriter used to type some of the Unabomber letters. Ted Kaczynski pleaded guilty in 1998 and was sentenced to eight life sentences without the possibility of parole.
@ -414,7 +410,7 @@ Journalists and other writers who are operating in a hostile environment can als
- Use a variety of writing styles and formats, such as handwriting, dictation software, and text-to-speech software.
- Use synonyms and vary sentence structures.
- Use a different writing medium for different projects.
- Use stylometric anonymization tools, like JStylo, Anonymouth, and Stylo.
- Use stylometric anonymization tools such as JStylo[^], Anonymouth[^], and Stylo[^].
It is important to note that these countermeasures don't guarantee the anonymity but it makes the identification process more difficult. These techniques are constantly evolving and changing, so it's important for journalists and writers to stay informed about the latest developments in stylometry and anonymization techniques.
@ -423,6 +419,11 @@ It is important to note that these countermeasures don't guarantee the anonymity
Standard security mechanisms are inadequate for the purpose of anti-forensics. Nation-States and Advanced Persistent Threat (APT) groups do not play by the rules. All bets are on that no matter how hardened your system kernel is or how safe your OPSEC precautions may be, there is always a point of compromise. An unpatched vulnerability is waiting to be exploited against your system. If your device is emitting traffic, all bets are on that with enough resources, these groups will be able to decrypt the traffic. Maybe it won't be today, but it certainly will be in the not-so-distant future. If you are a target, chances are that you are already compromised. Use the masses as cover; open deviation is ill-advised.
#### SSID Naming Conventions
As stated in the beginning, a common theme throughout this writing has been to avoid unique identifiers. Regardless of your chosen router setup, avoid using unique naming conventions for service set identifiers (SSID) broadcasting. Typically, wardriving would be hostile to the aims or privacy. However, catalogues of wardriving submissions such as Wigle can provide valuable intelligence which can then be applied to broadcasted SSIDs. A prime example of leveraging intelligence submitted to Wigle can be observed from their statistics page[^], showcasing the most common SSID names. At the time of writing along with the foreseeable future, `xfinity` leads the pack, with variations of preset names such as `NETGEAR##` following behind.
While providing a use-case for naming conventions regarding SSID broadcasting, I should make it clear that blending should be applied across the board for any device that is broadcasting.
## Minimal Attack Surface
While living in the "end of trust," we must follow standard system hardening practices. These practices emphasize the reduction of software and hardware needed throughout the operation. There is no purpose of strong keys in cryptography if the underlying system operations have compromised you via keylogging and other variants of malware. You can create an intricate system of firewalls, intrusion prevention/detection systems (IPS/IDS), event log management to detect compromises, proxies, virtual private networks, TOR, I2P, but your must recognize the underlying fingerprint of these systems. Minimal architecture should not be limited to solely software and hardware, but also the signals being used; treat all signals as hostile. On mobile devices, consider the different Cellular protocols such as 3-5G variants and LTE. In times of unrest, the state has the power to disable and manipulate the protocols available for use. Most modern devices allow you to select settings such as LTE only or whitelist specific towers. You may go offline in times of unrest, but at least they aren't leveraging legacy protocols, potentially engaging in packet injection, and redirecting your device like a good puppet following dictates of its puppeteer.
@ -854,7 +855,7 @@ IOxa+y6OYfAfltw=
```
## Donations
Donations to support projects under https://git.arrr.cloud/WhichDoc are welcome with Monero (XMR) and Pirate Chain (ARRR) in the spirit of anti-forensics.
Donations to support related projects under `0xacab.org/optout/`` are welcome with Monero (XMR) and Pirate Chain (ARRR) in the spirit of anti-forensics.
- Pirate Chain (ARRR): `zs1wjw05nmfc0x8l0wd75ug0xj8q9fjta4ch0kak0ulnvnt2y8j3hevq0q8f62ma62kk5pd6z4h8zr`
- Monero (XMR): `47w2kanKMnzFkRGnSvbYjjPYac9TAsAm2GzmPBprdqM41zVXHSgkkSmVJMrY6o1qoYLdVJabcBupnJbABMxu4ejrMArAEue`
@ -901,31 +902,38 @@ Donations to support projects under https://git.arrr.cloud/WhichDoc are welcome
[^39]: Veracrypt - https://www.veracrypt.fr/code/VeraCrypt/
[^40]: KeepassXC - https://keepassxc.org
[^41]: USB dead man's switch - https://tech.michaelaltfield.net/2020/01/02/buskill-laptop-kill-cord-dead-man-switch/
[^42]: USBKill - https://github.com/hephaest0s/usbkill/blob/master/usbkill/usbkill.py
[^43]: Silk Guardian - https://github.com/NateBrune/silk-guardian
[^44]: Centry Panic Button - https://github.com/AnonymousPlanet/Centry
[^45]: USBCTL - https://github.com/anthraxx/usbctl
https://download.whonix.org/developer-meta-files/canary/canary.txt
https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-template.txt
[^46]: Elcomsoft Forensics - https://blog.elcomsoft.com/2020/03/breaking-veracrypt-containers/
[^47]: Jumping Airgaps - https://arxiv.org/pdf/2012.06884.pdf
[^48]: Geofence Requests - https://assets.documentcloud.org/documents/6747427/2.pdf
[^49]: Jung, C. G. (1955). Modern Man in Search of a Soul - https://p302.zlibcdn.com/dtoken/aeb0b1ef15cc3ecac1f6febcf966248a
[^50]: Kinsing Crypto-Miner - https://blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability
[^51]: CipherTrace - https://ciphertrace.com/ciphertrace-announces-worlds-first-monero-tracing-capabilities/
[^52]: ZkSnarks - https://z.cash/technology/zksnarks
[^53]: Monero Whitepaper - https://www.getmonero.org/resources/research-lab/pubs/whitepaper_annotated.pdf
[^54]: Pirate Chain Whitepaper - https://pirate.black/files/whitepaper/The_Pirate_Code_V2.0.pdf
[^55]: CIS - https://www.cisecurity.org
[^56]: DISA STIGs - https://public.cyber.mil/stigs
[^57]: KSPP - https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
[^58]: Whonix Host - https://www.whonix.org/wiki/Whonix-Host
[^59]: PlagueOS - https://0xacab.org/whichdoc/plagueos
[^60]: BubbleWrap Sandbox - https://github.com/containers/bubblewrap
[^61]: SalamanderSecurity's PARSEC repository - https://codeberg.org/SalamanderSecurity/PARSEC
[^62]: Linux Hardening - https://madaidans-insecurities.github.io/guides/linux-hardening.html
[^63]: FOIA request for Palantir operations - https://www.documentcloud.org/search/projectid:51061-Palantir-September-2020
[^64]: HiddenVM - https://github.com/aforensics/HiddenVM
[^65]: KVM - https://www.linux-kvm.org/
[^66]: Oracle VirtualBox - https://virtualbox.org
[^67]: Briar P2P Messenger - https://briarproject.org
[^42]: Kerckhoffs, A. (1883). La cryptographie militaire. Journal des sciences militaires, 9, 538, 161191.
[^43]: Shannon, C. E. (1949). Communication theory of secrecy systems. Bell System Technical Journal, 28(4), 656-715.
[^44]: "Stylometry and the Unabomber: An Exploration of Authorship Attribution" by J. Pennebaker, J. Mehl and R. Niederhoffer (2003)
[^45]: Koppel, M., Schler, J., & Argamon, S. (2009). Stylometry with audience annotations: determining the audience of non-individualized text. Journal of the American Society for Information Science and Technology, 60(6), 1123-1139.
[^46]: Koppel, M., Schler, J., & Argamon, S. (2008, August). Anonymouth: A stylometry-based tool for authorship anonymization. In Proceedings of the 17th ACM conference on Information and knowledge management (pp. 713-720). ACM.
[^47]: Eder, M., Kestemont, M., & François, T. (2015). Stylometry with R: a package for computational text analysis. Journal of Statistical Software, 63(6), 1-29.
[^48]: Wigle - https://wigle.net/stats#ssidstats
[^49]: USBKill - https://github.com/hephaest0s/usbkill/blob/master/usbkill/usbkill.py
[^50]: Silk Guardian - https://github.com/NateBrune/silk-guardian
[^51]: Centry Panic Button - https://github.com/AnonymousPlanet/Centry
[^52]: USBCTL - https://github.com/anthraxx/usbctl
[^53]: https://download.whonix.org/developer-meta-files/canary/canary.txt
[^54]: https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-template.txt
[^55]: Elcomsoft Forensics - https://blog.elcomsoft.com/2020/03/breaking-veracrypt-containers/
[^56]: Jumping Airgaps - https://arxiv.org/pdf/2012.06884.pdf
[^57]: Geofence Requests - https://assets.documentcloud.org/documents/6747427/2.pdf
[^58]: Jung, C. G. (1955). Modern Man in Search of a Soul - https://p302.zlibcdn.com/dtoken/aeb0b1ef15cc3ecac1f6febcf966248a
[^59]: Kinsing Crypto-Miner - https://blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability
[^60]: CipherTrace - https://ciphertrace.com/ciphertrace-announces-worlds-first-monero-tracing-capabilities/
[^61]: ZkSnarks - https://z.cash/technology/zksnarks
[^62]: Monero Whitepaper - https://www.getmonero.org/resources/research-lab/pubs/whitepaper_annotated.pdf
[^63]: Pirate Chain Whitepaper - https://pirate.black/files/whitepaper/The_Pirate_Code_V2.0.pdf
[^64]: CIS - https://www.cisecurity.org
[^65]: DISA STIGs - https://public.cyber.mil/stigs
[^66]: KSPP - https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
[^67]: Whonix Host - https://www.whonix.org/wiki/Whonix-Host
[^68]: PlagueOS - https://0xacab.org/whichdoc/plagueos
[^69]: BubbleWrap Sandbox - https://github.com/containers/bubblewrap
[^70]: SalamanderSecurity's PARSEC repository - https://codeberg.org/SalamanderSecurity/PARSEC
[^71]: Linux Hardening - https://madaidans-insecurities.github.io/guides/linux-hardening.html
[^72]: FOIA request for Palantir operations - https://www.documentcloud.org/search/projectid:51061-Palantir-September-2020
[^73]: HiddenVM - https://github.com/aforensics/HiddenVM
[^74]: KVM - https://www.linux-kvm.org/
[^75]: Oracle VirtualBox - https://virtualbox.org
[^76]: Briar P2P Messenger - https://briarproject.org