misc. edits
This commit is contained in:
arcanedev
parent
b17bb1d7bd
commit
cbd857c101
80
README.md
80
README.md
|
|
@ -7,7 +7,7 @@
|
|||
- [Hardware Selection](#hardware-selection)
|
||||
- [Operating System](#operating-system)
|
||||
- [Disable Logging](#disable-logging)
|
||||
- [Clear Caches](#clear-caches)
|
||||
- [Clear Caches](#clear-caches)
|
||||
- [Secure Deletion](#secure-deletion)
|
||||
- [MAC Randomization](#mac-randomization)
|
||||
- [Traffic Manipulation](#traffic-manipulation)
|
||||
|
|
@ -57,7 +57,7 @@
|
|||
- [References](#references)
|
||||
|
||||
## Introduction
|
||||
The digital age has ushered in a dystopia, at least for those unwilling to circumvent or stretch the bounds of the law. There is a significant gap in literature in regards to circumvention, largely due to this being an underground activity. It is pseudo-illegal; authors would be afraid that creations today will come back to haunt them. Exposing anti-forensic procedures will erode some of their operational security (OPSEC) in the process. This being said, not all of my tactics, techniques, and procedures (TTP) will be sand-grain granular. However, I hope the ideas described can be applied to help disguise yourself in the sandswept dunes.
|
||||
The digital age has ushered in a dystopia, at least for those unwilling to circumvent or stretch the bounds of the law. There is a significant gap in literature in regards to circumvention, largely due to this being an underground activity. It is pseudo-illegal; authors would be afraid that creations today will come back to haunt them. Exposing anti-forensic procedures will erode some of their operational security (OPSEC) in the process. This being said, not all of my tactics, techniques, and procedures (TTP) will be sand-grain granular. However, I hope the ideas described can be applied to help disguise yourself in the sand-swept dunes.
|
||||
|
||||
### General Premise
|
||||
Several concepts will be reiterated throughout this work as security is a process that acts in layers (think about the layers of an onion that is commonly alluded to). Here is a layout of the general concepts that will be explained in further detail throughout this work:
|
||||
|
|
@ -69,13 +69,13 @@ Several concepts will be reiterated throughout this work as security is a proces
|
|||
|
||||
|
||||
## Philosophy
|
||||
There is now a concerted effort with the primary goal as follows: control the flow of information to expand the current power structure. If one controls the information, they control the perception, and subsequently the questions being asked. If those in power have you asking the wrong questions, you no longer are a threat to the system. If the language can be altered to prevent various forms of dissent from occuring, this manipulation will take the form of Orwellian double-speak. Double-speak is used to control our symbolic creation of thought. For example, freedom is slavery, ignorance is strength. As the Nazi propagandist, Joseph Goebbels, recorded in his diaries, "It would not be impossible to prove with sufficient repetition and a psychological understanding of the people concerned that a square is in fact a circle. They are mere words, and words can be molded until they clothe ideas and disguise." If we lack the capacity to understand what concepts such as freedom are, how could an individual defend the foreign concept? As Camus once said, "It is the job of the thinking people not to be on the side of the executioner," hence the conception of this book. The goal is to preserve freedom and autonomy by means of disrupting investigation.
|
||||
There is now a concerted effort with the primary goal as follows: control the flow of information to expand the current power structure. If one controls the information, they control the perception, and subsequently the questions being asked. If those in power have you asking the wrong questions, you no longer are a threat to the system. If the language can be altered to prevent various forms of dissent from occurring, this manipulation will take the form of Orwellian double-speak. Double-speak is used to control our symbolic creation of thought. For example, freedom is slavery, ignorance is strength. As the Nazi propagandist, Joseph Goebbels, recorded in his diaries, "It would not be impossible to prove with sufficient repetition and a psychological understanding of the people concerned that a square is in fact a circle. They are mere words, and words can be molded until they clothe ideas and disguise." If we lack the capacity to understand what concepts such as freedom are, how could an individual defend the foreign concept? As Camus once said, "It is the job of the thinking people not to be on the side of the executioner," hence the conception of this book. The goal is to preserve freedom and autonomy by means of disrupting investigations.
|
||||
|
||||
From a technological standpoint, they will redirect internet traffic and inject malware into your devices as disclosed from the Snowden revelations (e.g. NSA's TURMOIL program). Not only will they create passive attack mechanisms against you, they have extensive disinformation and suppression campaigns. They control the flow of information in a multitude of ways. "Private" (I say this loosely) contractors will collaboratively process censor requests on behalf of governmental institutions. Platforms will unilaterally censor dissident journalists and news outlets across various platforms. These cases are difficult to record as the vast majority are not conducted in the light of day. Even in this new age of technological censorship of anything that does not cater to the system's narrative, the activity falls behind a veil of private companies acting on ambiguous "policy" violations.
|
||||
|
||||
While I have primarily focused on examples solely with the tech-industry, financial blockades are also leveraged to censor and snuff out organizations. Wikileaks was perhaps the first example of the integrated power dynamic with both the tech and financial industry alike. They lay out an excellent chronology of the events on their site, but the summary is that their servers being hosted by AWS were pulled, Apple removed their application from the App Store with Paypal, and a financial blockade was set in place between VISA, Mastercard, Bank of America, and Western Union. Bank of America commissioned proposals for a systematic attack against their computer systems with firms of the intelligence community such as Palantir, Berico, and HBGary. Palo Alto, the parent company of Palantir, even came out publicly to apologize and severed all relations with HBGary.[^1] It seems this set the stage as they were the test run.
|
||||
|
||||
More systematic censorship was witnessed in mid 2018 where sites and individuals such as InfoWars, RTNews journalists, and many more were banned without reason from Youtube, Facebook, Instagram, Twitter, Disqus, Flickr, Vimeo, Tumblr, Paypal. They will control Domain Name Service (DNS) records from the main root servers. They will have search engines such as Google blacklist the DNS resolution for websites. An example of this occurred in early February, 2019 where CodeIsFreeSpeech.com was hidden from public domain. The government's relationship with tech-industry oligarchs have become even more apparent in early January, 2021 where the President of the United States (POTUS) was silenced.[^2] The platform Parlor, while insecurely coded, offered a censorship resistant platform (by policy). Not only will Google/Apple remove access to platforms such as these, but even those hosting web services (predominantly Amazon and Digital Ocean) can and will pull the plug to shutdown the platforms. Most occurences come from recollection as there is no journal detailing the cases of censorship at large; my recollection is largely incomplete. This being said, we have collectively facilitated their bulk data collection, aggregation, surveillance, and censorship to where it is mere child's play.
|
||||
More systematic censorship was witnessed in mid 2018 where sites and individuals such as InfoWars, RTNews journalists, and many more were banned without reason from Youtube, Facebook, Instagram, Twitter, Disqus, Flickr, Vimeo, Tumblr, Paypal. They will control Domain Name Service (DNS) records from the main root servers. They will have search engines such as Google blacklist the DNS resolution for websites. An example of this occurred in early February, 2019 where CodeIsFreeSpeech.com was hidden from public domain. The government's relationship with tech-industry oligarchs have become even more apparent in early January, 2021 where the President of the United States (POTUS) was silenced.[^2] The platform Parlor, while insecurely coded, offered a censorship resistant platform (by policy). Not only will Google/Apple remove access to platforms such as these, but even those hosting web services (predominantly Amazon and Digital Ocean) can and will pull the plug to shutdown the platforms. Most occurrences come from recollection as there is no journal detailing the cases of censorship at large; my recollection is largely incomplete. This being said, we have collectively facilitated their bulk data collection, aggregation, surveillance, and censorship to where it is mere child's play.
|
||||
|
||||
This is being observed more clearly in modern day where the auspices of surveillance in the name of safety have been habitualized in the public eye. And one should note that this is solely a case example pertaining to American-based companies. There are plenty of private-public engagements in other countries such as the NSO with the Israeli government.[^3] Coupling the private-public engagements, embedded relations between other foreign intelligence agencies brings a new depth of maliciousness to light. Think 5 eyes, 9 eyes, 14 eyes, etc. Global collaborative surveillance is an early panacea to the long held prospects of the "New World Order," or stated differently, a global institution subjugating the common man to despotism.
|
||||
|
||||
|
|
@ -94,9 +94,9 @@ The digital side of forensics has taken off in recent years. This is multi-facet
|
|||
What is to come throughout this book consists of not only methods of strong cryptographic implementations, automated tasking, and obscurity, but underlying concepts for increasing the time expended on investigations. If you make a large enough splash against the system, they will come after you with all of their resources. If you dive deep enough, you can at least reach the bottom and muddy the waters. Successful operations often depend on how long you can hold your breathe.
|
||||
|
||||
## Identifiers
|
||||
Before diving deep into the concepts, I must layout some of the identifiers that stand to deanonymize systems. Users must understand what they are trying to defend before they lay a target on their back.
|
||||
Before diving deep into the concepts, I must layout some of the identifiers that stand to de-anonymize systems. Users must understand what they are trying to defend before they lay a target on their back.
|
||||
|
||||
There are identifiers that pertain to hardware, software, and networking. Hardware identifiers that can be used to fingerprint a system include (and are not limited to) the computer model, CPU information, motherboard information via the system BIOS, USB interaction with the system DBUS, type and amount of RAM, connected HDD/SSD drives. Software identifiers are vast and include any software that attempts to beacon home to services with telemetry to create a profile on the user. Network-based identifiers include the IPv4 address, IPv6 address (if enabled), Domain Name Resolution (DNS) communication, and MAC address (can be randomized). Any, if not all of these identifiers can be used to fingerprint or deanonymize a host.
|
||||
There are identifiers that pertain to hardware, software, and networking. Hardware identifiers that can be used to fingerprint a system include (and are not limited to) the computer model, CPU information, motherboard information via the system BIOS, USB interaction with the system DBUS, type and amount of RAM, connected HDD/SSD drives. Software identifiers are vast and include any software that attempts to beacon home to services with telemetry to create a profile on the user. Network-based identifiers include the IPv4 address, IPv6 address (if enabled), Domain Name Resolution (DNS) communication, and MAC address (can be randomized). Any, if not all of these identifiers can be used to fingerprint or de-anonymize a host.
|
||||
|
||||
## Hardware Selection
|
||||
This section has been prioritized as hardware is at the core of your operations. A supply chain attack resulting in embedded hardware or inherently vulnerable hardware can compromise your operation before it has even begun.
|
||||
|
|
@ -116,7 +116,7 @@ GNU/Linux is one of the few operating system baselines that will not phone home
|
|||
|
||||
One more factor to consider for the OS selection is the service manager being used. There are plenty of security enthusiasts who justifiably denounce the use of the SystemD service manager (used to spawn processes like networking, scheduled tasks, logging, etc).[^8] There are a variety of service managers that have less bloat and a more simple codebase - OpenRC, runit, etc. The fact that most of these OSs are open-source results in the problem of funding. A side-project that has peaked a developer's interest often go long durations (if not permanently) without any efforts to maintain/patch. Some recommended OS alternatives without systemD at the time of writing include Artix (Arch variant)[^9], Void Linux[^10], and Alpine Linux[^11].
|
||||
|
||||
>Note: Ideally, an operating system running a microkernel (minimal core) such as seL4 could be in the running. These alternatives are still too adolescent to advise with little community support.
|
||||
>Note: Ideally, an operating system running a micro-kernel (minimal core) such as seL4 could be in the running. These alternatives are still too adolescent to advise with little community support.
|
||||
|
||||
For mobile devices, options are extraordinarily limited. Phones are designed to constantly ping telecommunications infrastructure and receive incoming packets by design. The core purpose is to be reached. Google, Apple, and other players in the telecommunications industry have taken this to an intrusive extent. Android stock phones home an average of 90 times per hour. Apple accounts for at least 18 times per hour.[^12] Both operating systems do not operate in a manner that is conducive to privacy. It seems that the only remaining options are to disable all sync capabilities on iPhone, or flash an open-source operating system to an Android.
|
||||
|
||||
|
|
@ -140,7 +140,7 @@ systemctl disable systemd-journald.service
|
|||
|
||||
While it is wise to reduce your logging footprint locally on your device, full disk encryption (FDE) is a sufficient anti-forensic mitigation for logging. If the attacker obtains access to your device as it is running (either physical or remote via a security compromise), logging is likely the least of your concerns.
|
||||
|
||||
## Clear Caches
|
||||
### Clear Caches
|
||||
There are various caches containing sensitive information on both mobile devices and GNU/Linux systems. Linux systems have the tendency to push most logs to the /var/log/ directory. This is a simple deletion process.
|
||||
|
||||
Due to Android sandbox implementations, caches can no longer be centrally erased; caches must be cleared on individual applications. System logging is also sprawled across various directories. Reducing locally generated logs on Android is comparable to removing telemetry from Windows OS variants. Clearing caches on Android provides no serious benefit, but it does remove the amount of data present on the device. For proper privacy, only trusted applications should be used - preferably Free and Open-Source (FOSS).
|
||||
|
|
@ -190,17 +190,17 @@ As it stands today, there are three avenues for anonymization and encryption of
|
|||
Each avenue possesses pitfalls. Virtual Private Networks (VPN) can provide privacy from the local internet service providers (ISP). Internet traffic will be encrypted based on designated configurations and protocols. OpenVPN is subject to various attacks.
|
||||
Wireguard is currently the most secure. Unfortunately, it has faced little scrutiny. Often security defects are uncovered with the right amount of time. Disregarding its adolescence, the Wireguard protocol has been formally verified. Also, the reduced complexity of the protocol makes it easier to properly implement than OpenVPN. Easier implementation reduces room for error that could lead to compromise. The primary issue with VPNs today lies with the inherent trust given to the provider. If you decide a VPN is desired for your operation(s), you should be searching for a provider that has strict privacy laws, a no logging policy, and jurisdiction being outside of the known growing number of eyes (collaborative government intelligence community). This intelligence community went from 5 eyes to 9 eyes to 14 eyes. I suspect the number will continue its pattern of growth as discussed in the Philosophy section of the book. VPNs are rarely suitable against powerful (government or corporate) attackers; VPNs cannot grant anonymity.[^20]
|
||||
|
||||
The Onion Router (TOR) has faced the most scrutiny of all protocols and provides the most anonymity. While facing the most scrutiny from various individuals and governments, TOR has many overarching issues yet to be addressed. Someone with a God's eye view of the telecommunications traffic could deanonymize users by sending out certain sized packets to different destinations. This is something to keep in mind while hosting infrastructure, however the standard user sending out typical sized packets from web requests has little concern of this deanonymization tactic. TOR does not add timing obfuscations or decoy traffic to hinder traffic pattern analysis which can be used to deanonymize users.
|
||||
The Onion Router (TOR) has faced the most scrutiny of all protocols and provides the most anonymity. While facing the most scrutiny from various individuals and governments, TOR has many overarching issues yet to be addressed. Someone with a God's eye view of the telecommunications traffic could de-anonymize users by sending out certain sized packets to different destinations. This is something to keep in mind while hosting infrastructure, however the standard user sending out typical sized packets from web requests has little concern of this de-anonymization tactic. TOR does not add timing obfuscations or decoy traffic to hinder traffic pattern analysis which can be used to de-anonymize users.
|
||||
|
||||
Both of these channels have some pitfalls, so why not combine them for layered security? There have been numerous articles published by Whonix[^21] and TAILS[^22] developers along with other Information Security professionals highlighting the ineffectiveness of the VPN / TOR combination. The synopsis of their articles is that at best it doesn't help you, at worst, it hurts you. I find it useful if I am trying to mask the fact that I am using TOR from the ISP. Bridges can also be used for this purpose, but they are likely easier to identify by the Intelligence Community (IC). While on public WiFi, I recommend solely using TOR.
|
||||
|
||||
I2P[^23] or the Invisible Internet Project spawned in 2003. This is an encrypted private network layer designed to mask user identity. I2P is not the same idea as TOR, although some concepts cross over. I2P users cannot officially communicate with clearnet sites like TOR users can; all I2P traffic stays internal to the I2P network. Without having the exit of traffic via exit nodes or outproxies to the internet, this reduces usability and enhances privacy. I2P can prove useful at limiting the information captured by global passive adversaries. I should note that some mixnets have called I2P legacy technology claiming that it opens up users to a number of attacks that can isolate, misdirect, and deanonymize users. Therefore I2P should not be solely relied on. If one is adament about using I2P, there are configurations that facilitate the use of I2P via TOR.
|
||||
I2P[^23] or the Invisible Internet Project spawned in 2003. This is an encrypted private network layer designed to mask user identity. I2P is not the same idea as TOR, although some concepts cross over. I2P users cannot officially communicate with clearnet sites like TOR users can; all I2P traffic stays internal to the I2P network. Without having the exit of traffic via exit nodes or outproxies to the internet, this reduces usability and enhances privacy. I2P can prove useful at limiting the information captured by global passive adversaries. I should note that some mixnets have called I2P legacy technology claiming that it opens up users to a number of attacks that can isolate, misdirect, and de-anonymize users. Therefore I2P should not be solely relied on. If one is adament about using I2P, there are configurations that facilitate the use of I2P via TOR.
|
||||
|
||||
Mixnets have the goal of anonymizing packets through uniformity. The design is to obscure and craft packets of the same size despite the amount of data being transmitted. Often times mixnets have technology that address time-based attacks, provide decoy or cover traffic, and implement uniformity of packets, however the pitfalls tend to be lack of scrutiny and adoption. Anonymity loves company, and most mixnets lack that component, especially in their early conceptions. Due to the lack of scrutiny with early conception and lack of adoption, I cannot provide any recommendations. Even if one is to involve themselves with the use of a mixnet, they should be on guard. Intelligence agencies are not ones to shy away from a good honeypot. While not a perfect example as this wasn't a mixnet, the FBI ran an operation with an operating system called ArcaneOS and a built-in messaging platform called anom[.]io[^24] designed for organized crime.
|
||||
|
||||
ANOM was an application that opened as a calculator which had the user enter a pin to reach the hidden messenger. All communications were intercepted. The morale of the story is that the slightest amount of skepticism into the website communications, hosting platform, or the closed-source application could've prevented the downfall of multiple criminal enterprises globally. The same skepticism should be applied to any organization unwilling to address their shortcomings and model their potential attack vectors. Many are willing to route your traffic, and node-based cryptocurrency projects with a model that resembles that of a ponzi-scheme could always be a source of both black budget funds and traffic analysis for letter agencies. I have no fingers to point or organizations to accuse. However, it is far from a half-cocked conspiracy that intelligence agencies would engage in this type of activity.
|
||||
|
||||
In regards to implementation, there are a variety of options. Host-based virtualization with pre-configured systems like Whonix can be used. This routes all of the Whonix workstation's traffic through the Whonix gateway to prevent leakage. A bootable TAILS USB is also preconfigured to allow only TOR traffic, excluding the exempt or whitelisted insecure browser designed for getting your device through WiFi portals. Open-source operating systems, such as OpenWRT, on a travel router can force certain subnets to use a VPN configuration or route via TOR.
|
||||
In regards to implementation, there are a variety of options. Host-based virtualization with preconfigured systems like Whonix can be used. This routes all of the Whonix workstation's traffic through the Whonix gateway to prevent leakage. A bootable TAILS USB is also preconfigured to allow only TOR traffic, excluding the exempt or whitelisted insecure browser designed for getting your device through WiFi portals. Open-source operating systems, such as OpenWRT, on a travel router can force certain subnets to use a VPN configuration or route via TOR.
|
||||
|
||||
As previously stated in the Traffic Leakage section, software-based routing should not be relied on. If it is to be implemented, it should be viewed as adding an additional layer of security. There are applications such as Orbot[^25] which allows the use of the TOR network, a variety of VPN applications (which are primarily wrappers for OpenVPN), and there are scripts that configure local packet filters to "torrify" all traffic. While I have no basis in saying all software-based leak prevention mechanisms are prone to failure, historically leak prevention has been inadequate. Even Whonix reports that they "cannot do the impossible and magically prevent every kind of protocol leak and identifier disclosure." [^26] Hardware routing adds more architecture into the mix, but it provides the bulletproof assurance that there is no leakage of traffic. For critical operations, consider hardware mechanisms. For the privacy-centric individual, software-based kill switches should be more than sufficient.
|
||||
|
||||
|
|
@ -225,10 +225,10 @@ DuckDuckGo (DDG)[^31] has long been used as an alternative to Google. It is wort
|
|||
#### Searx
|
||||
Searx instances[^32] are decentralized search engines that can be stood up by anyone. Decentralization with Searx doesn't remove the issue of inherent trust that must be placed in the instances, but it ensures that you have control in where you place your trust. This also enables people to stand up their own instances and configure them with better protections. Decentralization is preferred, however some of the instances are likely ran by intelligence agencies.
|
||||
|
||||
>Note: There are certainly more variants of search engines that I have not covered that are further from the beaten path. The landscape is often changing, and it is advised to practice due dilligence when researching alternate search engines.
|
||||
>Note: There are certainly more variants of search engines that I have not covered that are further from the beaten path. The landscape is often changing, and it is advised to practice due diligence when researching alternate search engines. Many of the self-hosted options provide a safer alternative over centralized providers with a monetization model.
|
||||
|
||||
## Live Boot
|
||||
Live media (USB or CD) can be booted from in a process called Live Boot. Data is prevented from being stored on the hard drive of your computer (so long as you do not attempt to decrypt your hard drive that is detected). Nothing lives in permenance from the live boot. This is a useful tool for the privacy conscious as there is little to no cleanup process of your actions. Some operating systems such as The Amnesiac Incognito Live System (TAILS)[^33] are forensicly conscious and wipe the data from the device's physical memory once the USB is removed or the system is shutdown. This is not always the case for live media. Be conscious of network activity living on in permenance. This is where the use of strong cryptography can come into play from Virtual Private Network (VPN) configurations to the use of TOR. Live booting reduces the effectiveness of the Cold Boot attacks. Cold boot is heavily reliant upon data that is temporarily stored in Random Access Memory (RAM).
|
||||
Live media (USB or CD) can be booted from in a process called Live Boot. Data is prevented from being stored on the hard drive of your computer (so long as you do not attempt to decrypt your hard drive that is detected). Nothing lives in permanence from the live boot. This is a useful tool for the privacy conscious as there is little to no cleanup process of your actions. Some operating systems such as The Amnesiac Incognito Live System (TAILS)[^33] are forensic-minded and wipe the data from the device's physical memory once the USB is removed or the system is shutdown. This is not always the case for live media. Be conscious of network activity living on in permanence. This is where the use of strong cryptography can come into play from Virtual Private Network (VPN) configurations to the use of TOR. Live booting reduces the effectiveness of the Cold Boot attacks. Cold boot is heavily reliant upon data that is temporarily stored in Random Access Memory (RAM).
|
||||
|
||||
>Note: Cold boot attacks require a system to be under attacker control. DDR3 memory modules lose data within 3 seconds of losing power under normal circumstances. DDR4 loses data within 1 second (more like a fraction of a second) after losing power under normal conditions. Sufficient mitigation against cold boot attacks is generally to simply remove memory before control of the system is released. Linux allows this via the "magic" SysRq combo SysRq+o. This is available by default on some OSs, but needs to be enabled manually on others. Parrot enables many SysRq commands by default. Among those allowed by Parrot include SysRq+o (immediate poweroff, with no shutdown cycle).
|
||||
|
||||
|
|
@ -277,7 +277,7 @@ For systems with TRNGs, the /dev/random and /dev/urandom devices provide no secu
|
|||
### Key Usage
|
||||
Properly implemented cryptographic usage of keys provides a substantial barrier to overcome for the assigned analyst. Key usage renders bruteforce password cracking ineffective. The randomness or entropy contained in the key allows for much stronger encryption than could be created by a simple or complex password (especially since the keys are typically password protected in implementation).
|
||||
|
||||
For the justified paranoid, keep a hardware-based key or a separate USB/MicroSD for the sole purpose of key storage. Create hundreds of keys varying in bit length. Take mental note of the key (or keys) that you decide to use. Only connect designated key storage device into the system when the volume decryption is necessary.
|
||||
For the justified paranoid, keep a hardware-based key or a separate USB/Micro-SD for the sole purpose of key storage. Create hundreds of keys varying in bit length. Take mental note of the key (or keys) that you decide to use. Only connect designated key storage device into the system when the volume decryption is necessary.
|
||||
|
||||
### Cryptographic Software
|
||||
While we would love to maintain idealism and believe that we could write something that would retain relevance in perpetuity, we understand that this is not the nature of the technological system. To successfully orchestrate safe operations, I must address software-based cryptographic solutions.
|
||||
|
|
@ -287,7 +287,7 @@ Chances are most operations will be conducted remotely, and there is a chance th
|
|||
|
||||
Pretty Good Privacy (PGP) is a timeless tool for message verification. One can create a key pair, and use this key pair to sign and encrypt/decrypt messages.
|
||||
|
||||
To start using PGP, one must generate a keypair:
|
||||
To start using PGP, one must generate a key pair:
|
||||
```
|
||||
gpg --full-generate-key
|
||||
> Enter 1 for default value
|
||||
|
|
@ -369,7 +369,7 @@ Limit the use of these Cellular protocols with the following setting alteration:
|
|||
|
||||
Every introduced system creates a larger fingerprint and attack vector, ultimately leading to more trust in more systems and services. The most anonymizing and secure operations require minimal architecture and physical security.
|
||||
|
||||
>Note: Cellular radio modules lack randomization, rendering mobile devices inadequate for anti-forensics. This has been a pain point to many operations and has often been the sole cause of deanonymization.
|
||||
>Note: Cellular radio modules lack randomization, rendering mobile devices inadequate for anti-forensics. This has been a pain point to many operations and has often been the sole cause of de-anonymization.
|
||||
|
||||
## Automated Shutdown Procedures
|
||||
Depending on your threat model, not all operations can be conducted from a coffee shop. There are an increasing amount of cameras, and facial recognition technology is already being deployed, along with license plate scanners at every street light. If operations are sensitive and must be conducted from the same location consistently, preparation should always lean towards the worst-case scenario.
|
||||
|
|
@ -392,7 +392,7 @@ Hypothetically, if the algorithm/hash combination is known by the attacker, here
|
|||
|
||||
>Note: VeraCrypt does not keep encryption/hashing algorithms secret. Keeping such information secret would break the functionality of VeraCrypt (unless the user were to enter such information on every boot, comparably to how PIMs work). An attacker will never need to attempt multiple combinations. They will simply need to attempt cracking a single, different, algorithm.
|
||||
|
||||
Leveraging Veracrypt
|
||||
Leveraging Veracrypt:
|
||||
1. Generate keyfiles: `veracrypt --create-keyfile`
|
||||
2. Create a Normal volume: `veracrypt -t -c /home/user/crypt/vault --volume-type=Normal --encryption=Serpent-Twofish-AES --hash=Whirlpool --filesystem=FAT --pim=<INSERT VALUE> -k </PATH/TO/KEYFILE> --random-source=</PATH/TO/RANDOMSOURCE>`
|
||||
3. Create a Hidden volume: `veracrypt -t -c /home/user/crypt/vault --volume-type=Hidden --encryption=Serpent-Twofish-AES --hash=Whirlpool --filesystem=FAT --pim=<INSERT VALUE> -k </PATH/TO/KEYFILE> --random-source=</PATH/TO/RANDOMSOURCE>`
|
||||
|
|
@ -428,7 +428,7 @@ While jamming isn't the best route for sniffing/snooping, the creation of excess
|
|||
|
||||
|
||||
## EMF Shielding
|
||||
EMF Shielding, otherwise known as a faraday cage, is essential to maintaining privacy. Certains fabrics, paints, and foam with the proper alloys can prevent the infiltration and exfiltration of device traffic. If you're on a tight budget, purchasing the material from reputable vendors and making a DIY project out of it may be the best option. However, if you mess up the material with stitching or have any loose points where traffic can travel, it could end up being more costly than purchasing a pre-made faraday bag. Try to store the faraday caged items next to a ground. Electromagnetic energy wants somewhere to go; it looks for a path. When the radio waves contact the structure, it is best to provide them an easy path that leads them away from the shielded device.
|
||||
Electro-magnetic frequency (EMF) shielding, otherwise known as a Faraday cage, is essential to maintaining privacy. Certain fabrics, paints, and foam with the proper alloys can prevent the infiltration and exfiltration of device traffic. If you're on a tight budget, purchasing the material from reputable vendors and making a DIY project out of it may be the best option. However, if you mess up the material with stitching or have any loose points where traffic can travel, it could end up being more costly than purchasing a pre-made Faraday bag. Try to store the Faraday caged items next to a ground. Electro-magnetic energy wants somewhere to go; it looks for a path. When the radio waves contact the structure, it is best to provide them an easy path that leads them away from the shielded device.
|
||||
|
||||
|
||||
## Noise
|
||||
|
|
@ -437,7 +437,7 @@ Generating excess noise through logging or traffic can be an excellent method to
|
|||
If the operation is mobile (I suspect it would be if you cannot remove radio transmitters), best practice is to store each item in its own faraday bag and then store them inside a larger shielded bag. When you add or transfer items, the devices don't leak signal when the outer bag is opened. Think two is one, one is none.
|
||||
|
||||
## Optimization
|
||||
Ultimately you may find that many of these precautions are far out of your scope or threat model. You may find them to be immensely inconvenient.
|
||||
Ultimately, you may find that many of these precautions are far out of your scope or threat model. You may find them to be immensely inconvenient.
|
||||
|
||||
Every intricacy added for security reduces operation uptime and as a result, productivity. For such extensive security mechanisms to be used, there must be a practical method of implementing given procedures.
|
||||
|
||||
|
|
@ -466,15 +466,15 @@ Often times a double-edged pendulum comes to swing. If an investigator were to b
|
|||
|
||||
You will likely not come out unscathed from the psychological toll of withholding secrets. Not only do fabrications add unneeded complexity into your relationships by forcing you to drain energy keeping narratives intact, but they place you in a state of isolation from others. All tyranny stems from deceit, and your own psyche can stand to be a worse tyrant than the state. Make sure the endeavor is worth the burden.
|
||||
|
||||
"As we have seen, every personal secret has the effect of a sin or of guilt—whether or not it is, from the standpoint of popular morality, a wrongful secret. Now another form of concealment is the act of "withholding"—it being usually emotions that are withheld. As in the case of secrets, so here also we must make a reservation: self-restraint is healthful and beneficial; it is even a virtue. This is why we find self-discipline to have been one of man's earliest moral attainments. Among primitive peoples it has its place in the initiation ceremonies, chiefly in the forms of ascetic continence and the stoical endurance of pain and fear. Self-restraint, however, is here practised within the secret society as something undertaken in company with others. But if self-restraint is only a private matter, and perhaps devoid of any religious aspect, then it may be as harmful as the personal secret." - C. G. Jung, Modern Man in Search of a Soul[^49]
|
||||
"As we have seen, every personal secret has the effect of a sin or of guilt—whether or not it is, from the standpoint of popular morality, a wrongful secret. Now another form of concealment is the act of "withholding"—it being usually emotions that are withheld. As in the case of secrets, so here also we must make a reservation: self-restraint is healthful and beneficial; it is even a virtue. This is why we find self-discipline to have been one of man's earliest moral attainments. Among primitive peoples it has its place in the initiation ceremonies, chiefly in the forms of ascetic continence and the stoical endurance of pain and fear. Self-restraint, however, is here practiced within the secret society as something undertaken in company with others. But if self-restraint is only a private matter, and perhaps devoid of any religious aspect, then it may be as harmful as the personal secret." - C. G. Jung, Modern Man in Search of a Soul[^49]
|
||||
|
||||
|
||||
## False Compromise
|
||||
Malware with computing is still in the early stages. It truly is the wild west in many regards. For an extra layer of plausible deniabilty, embed a tailored backdoor or malware variant. This method will not protect you if there are logs that correlate your activity and no logs correlating connection attempts.
|
||||
Malware with computing is still in the early stages. It truly is the wild west in many regards. For an extra layer of plausible deniability, embed a tailored backdoor or malware variant. This method will not protect you if there are logs that correlate your activity and no logs correlating connection attempts.
|
||||
|
||||
The vast majority of cases related to online operations become unsolved mysteries in the archives of law enforcement. Most happenings become heresay or mere hunches. Take APT groups and nation-states as an example; the majority of cyberwarfare that occurs today is between state-funded APT groups with a primary focus of non-attribution. Despite how many correlating clues lead back to the APT groups and their communications with nation-states, the water remains murky. In replacement or in conjunction with the killswitch, consider weaponizing your own variant of ransomware. You could create a maintain ownership of the key or you could accept the loss of your data. The malware could also perform shred functions as with any script that you could program. Not only does the embedded malware render your data inaccessible, but it provides another level of plausible deniability. "I was not aware my infrastructure was being used for that." Technically, "malware" implies the application of code that will create adverse or undesired action to the system. This is not truly malware, but rather programmed code designed to mimic malicious function.
|
||||
|
||||
On GNU/Linux, there are many ways to embed malware on the system. Some of which leverage crontabs or other variants of scheduling tools. Aliases can be altered to perform malicious functions rather than the desired results. System process in `bin/` directories can perform unintended tasks, or simply be swapped out and/or linked to alternate processes. Some files such as `/etc/rc.local` or `/home/$USER/.bashrc` can contain commands to execute upon booting to the disk or logging into a user account respectively. Analyzing the newest trends of threat actors can useful to determine indicators of compromise (IOC). Kinsing[^50] and other threat actors that leverage new vulnerabilities to compromise internet-facing systems and embed cryptominers provide insight into the world of persistence, along with a competitive nature that stunts competition. The sub-sections listed below identify remnance that could indicate past compromise.
|
||||
On GNU/Linux, there are many ways to embed malware on the system. Some of which leverage crontabs or other variants of scheduling tools. Aliases can be altered to perform malicious functions rather than the desired results. System process in `bin/` directories can perform unintended tasks, or simply be swapped out and/or linked to alternate processes. Some files such as `/etc/rc.local` or `/home/$USER/.bashrc` can contain commands to execute upon booting to the disk or logging into a user account respectively. Analyzing the newest trends of threat actors can useful to determine indicators of compromise (IOC). Kinsing[^50] and other threat actors that leverage new vulnerabilities to compromise internet-facing systems and embed crypto-miners provide insight into the world of persistence, along with a competitive nature that stunts competition. The sub-sections listed below identify remnant items that could signal a past compromise to forensic analysts.
|
||||
|
||||
### Cron example
|
||||
`echo "*/30 * * * * sh /etc/.newinit.sh >/dev/null 2>&1" > /etc/$crondir`
|
||||
|
|
@ -484,8 +484,8 @@ Make a file under `/etc/systemd/system/$service_name.service`
|
|||
|
||||
If using a runit service manager, create a file under `/etc/sv/$service_name`.
|
||||
|
||||
### /tmp/ executions
|
||||
Many hardened systems append the flag `noexec` to the `/tmp/` partitions to prevent malicious code from being executed in that partition. For the sake of compromise, consider creating files that appear to be reference points from a past compromise. Some files in crypto-mining cases have names such as `.zsh`, `.zshs`, `kdevtmpfsi`, `libsystem.so` under the `/tmp/` directory.
|
||||
### Executions from temporary directories
|
||||
Many hardened systems append the mount the `/tmp/` and `/dev/shm/` partitions with `noexec` to prevent malicious code from being executed in those partitions. For the sake of compromise, consider creating files that appear to be reference points from a past compromise. Some files in crypto-mining cases have names such as `.zsh`, `.zshs`, `kdevtmpfsi`, `libsystem.so` under the `/tmp/` or `/dev/shm/` directory.
|
||||
|
||||
### Placing SSH keys under the root user
|
||||
Unexpected SSH keys can be a sign of compromise, and they typically do not belong under `/root/.ssh/` directory as they are primarily controlled by a less-privileged user account.
|
||||
|
|
@ -499,7 +499,7 @@ There are a few concepts to touch on this topic.
|
|||
There is no perfect solution here, and procurement can quickly become intricate. This landscape undergoes constant change, therefore I have refrained for diving into minute detail. The traditional cash route, preload cards, and cryptocurrencies with strong cryptography and privacy features stand to be the best options to date.
|
||||
|
||||
### Cryptocurrency
|
||||
Similar to how cryptography is a monolith of a concept to tackle, cryptography with blockchain-based payment methods also becomes intricate. Many associate cryptocurrency as untraceable forms of money, when in reality most cryptocurrencies that exist today are more susceptible to correlation than cash. Most altcoin derivatives (along with Bitcoin) have public ledgers (viewable to any party). This seemed like the easiest method to maintain integrity of the chain. There are a few cryptocurrencies that fall in line with privacy: Monero (XMR), Zcash (ZEC), and Pirate Chain (ARRR).
|
||||
Similar to how cryptography is a monolith of a concept to tackle, cryptography with blockchain-based payment methods also becomes intricate. Many associate cryptocurrency as untraceable forms of money, when in reality most cryptocurrencies that exist today are more susceptible to correlation than cash. Most alternative coin (altcoin) derivatives, including Bitcoin, have public ledgers (viewable to any party). This appeared to be the simplest method to maintain integrity of the chain. There are a few cryptocurrencies that fall in line with privacy: Monero (XMR), Zcash (ZEC), and Pirate Chain (ARRR).
|
||||
|
||||
Zcash (ZEC) was ground-breaking in the implementation of a protocol known as Succint Non-Interactive Zero-Knowledge Proofs (zk-SNARKs). The protocol enabled the use of what they refer to as shielded "sapling" addresses. This facilitates anonymous payment from one party to the other. The pitfall to Zcash is that it also allows the use of transparent addresses. The vast majority of Zcash is held in a completely transparent blockchain. When amounts are exchanged via the shielded private addresses, the scope is narrowed on those making the transactions. Money going in and out of the private sapling addresses becomes trivial to correlate.
|
||||
|
||||
|
|
@ -507,7 +507,7 @@ Monero is often hailed as the privacy king of cryptocurrency. While it has comme
|
|||
|
||||
"The fundamental problem of coin mixing methods though is that transaction data is not being hidden through encryption. RingCT is a system of disassociation where information is still visible in the blockchain. Mind that a vulnerability might be discovered at some point in the future which allows traceability since Monero’s blockchain provides a record of every transaction that has taken place."
|
||||
|
||||
This operates similar to a mixnet where it is difficult to discern the originating address from a transaction. One of Monero's developers publicly admits that "zk-SNARKs provides much stronger untraceability characteristics than Monero (but a much smaller privacyset and much higher systemic risks)." Intelligence agencies have placed their eyes on Monero for some time. The United States has even brought in a private firm called CipherTrace who claims to have built tools capable of tracing transactions.[^51] At the time of writing, these are unsubstantiated claims; there is no evidence to suggest that Monero has been deobfuscated.
|
||||
This operates similar to a mixnet where it is difficult to discern the originating address from a transaction. One of Monero's developers publicly admits that "zk-SNARKs provides much stronger untraceability characteristics than Monero (but a much smaller privacy set and much higher systemic risks)." Intelligence agencies have placed their eyes on Monero for some time. The United States has even brought in a private firm called CipherTrace who claims to have built tools capable of tracing transactions.[^51] At the time of writing, these are unsubstantiated claims; there is no evidence to suggest that Monero has been de-obfuscated.
|
||||
|
||||
Pirate Chain's ARRR addresses the fungibility problem of Zcash by removing the transparent address schema (t-tx) and forcing all transactions to use Sapling shielded transactions (z-tx). "By consistently utilizing zk-SNARKs technology, Pirate leaves no usable metadata of user’s transactions on its blockchain." This means that even if the blockchain was compromised down the line, the adversary would obtain little to no useful metadata. The transactions contain no visible amount to no visible address from no visible address. The underlying cryptography would have to be broken or the viewing/spending keys would have to be intercepted in order to peer into the transactions. For an adversary without key possession, the trace is baseless. "A little bit of math can accomplish what all the guns and barbed wire can’t: a little bit of math can keep a secret." - Edward Snowden
|
||||
|
||||
|
|
@ -534,11 +534,11 @@ The more persistence desired for the operation increases the complexity of the h
|
|||
|
||||
This wouldn't be a complete work on anti-forensics without some mention of physical precautions. While wireless transmitters are ill-advised, wireless technology can prove useful when larger proximity is needed. Directional antennas could allow you to stay hidden from cameras and remotely authenticate to a network.
|
||||
|
||||
With nuances added from the modern surveillance state, traffic cameras force your hand by revealing every intersection which you have passed through. There are a few methods to circumventing this privacy infringement. Darkened weather covers for your license plate (Warning: This method could result in a fine with the wrong officer) or a well-rigged bicycle rack could prevent cameras from picking up your plate number. Alternatively, if a destination is within a few miles of proximity you could either ride a bicycle (with a disguise), or decide to become a motorcyclist. With motocycles, the plate numbers are significantly smaller and could even be blocked by your feet on certain bikes. The helmet would stand to mask facial features, and the jacket would cover any identifiable features such as tattoos. Palantir has been involved in "predictive policing" leveraging footage obtained from traffic cameras to profile individuals.[^63]
|
||||
With nuances added from the modern surveillance state, traffic cameras force your hand by revealing every intersection which you have passed through. There are a few methods to circumventing this privacy infringement. Darkened weather covers for your license plate (Warning: This method could result in a fine with the wrong officer) or a well-rigged bicycle rack could prevent cameras from picking up your plate number. Alternatively, if a destination is within a few miles of proximity you could either ride a bicycle (with a disguise), or decide to become a motorcyclist. With motorcycles, the plate numbers are significantly smaller and could even be blocked by your feet on particular bikes. The helmet would stand to mask facial features, and the jacket would cover any identifiable features such as tattoos. While on the subject of tattoos, it is worth mentioning that Palantir has been involved in "predictive policing" leveraging footage obtained from traffic cameras to profile individuals.[^63]
|
||||
|
||||
Vehicles and privacy are starting to become a wicked problem ushered in by manufacturers. Almost every vehicle following 1996 has embedded systems, Onstar or the more modern Starlink, that have a default opt-in policy. They proceed to parade this "convenience" as a feature. Nearly all modern vehicles have multiple cameras, sensors, and Data Communications Modules (DCM) that accept/transmit GPS and cellular signals. Many vehicles report back your odometer reading in real-time. If you opt-out of their service, the data collection does not stop. There are only a few avenues out of nightmare. The first option is obtain the source code (assuming it's not black box code), gut the telematics, and proceed to flash the firmware to your vehicle via USB. Unlike flashing a cellphone where you run the risk of bricking the device and losing a menial 300-500 USD, here you are playing with an object that could run you anywhere from 10-40k USD. The second option is to disconnect the DCM and run the risk of losing base functionality to radio and speakers. This could also create certain hazards for your vehicle as many of the sensors tie in with the DCM. The third option is to become your own mechanic and maintain old vehicles from the 80's and 90's.
|
||||
|
||||
Vehicles aside, it should go without saying that any tech devices that you purchase will have some identifier that could lead back to you. Make this a moot point and procure every device (even USBs) anonymously with cash. If you're out on a distant roadtrip, make some of your purchases. Wear a hat accompanied with some baggy clothes. Perform a slight change in your gait as you walk (uncomfortable shoes could help with this). Alternatively, pay that bum off the street to do your bidding.
|
||||
Vehicles aside, it should go without saying that any tech devices that you purchase will have some identifier that could lead back to you. Make this a moot point and procure every device (even USBs) anonymously with cash. If you're out on a distant road trip, make some of your purchases. Wear a hat accompanied with some baggy clothes. Perform a slight change in your gait as you walk (uncomfortable shoes could help with this). Alternatively, pay that bum off the street to do your bidding.
|
||||
|
||||
|
||||
## Use Cases
|
||||
|
|
@ -550,11 +550,11 @@ Anonymous activism may be seem counter-intuitive as activism typically implies a
|
|||
|
||||
Unfortunately all workarounds for this require money and time. Many legacy accounts have bypassed these practices by being fathered in. If these platforms must be used, your options stand to either purchase a legacy account from someone anonymously with cryptocurrency, or buy a burner SIM card and phone for the purpose of verification. If the goal is anonymity, based on where the traffic is coming in from alone, you will likely be flagged as suspicious, and a code will be sent to your number for verification. If they offer TOTP for accounts, turn it on. Likely if there is a flag for suspicious activity, you can leverage an offline password database for TOTP and the hassle with constant phone verification will be reduced. If phone verification is enforced solely, your options are to store the dumb phone without the battery and inside of an EMF shield faraday bag. Only use this in public locations (you can see why key-generated TOTP can save a lot of time). That addresses phone activation.
|
||||
|
||||
Another problem you may run into is that certain platforms do not provide a way of access without a mobile application (i.e. Instagram). While stronger permission controls have been imposed on applications in more recent mobile builds, correlation can still be made in a number of ways, even if on a segmented device. The best solution to mitigating correlation is to run an emulated Android on a hardened linux base. Consider finding the APK file to install the platform from the mobile device's browser to avoid the use of Google. If Google framework is not required to make the application run properly, do not flash it.
|
||||
Another problem you may run into is that certain platforms do not provide a way of access without a mobile application (i.e. Instagram). While stronger permission controls have been imposed on applications in more recent mobile builds, correlation can still be made in a number of ways, even if on a segmented device. The best solution to mitigating correlation is to run an emulated Android on a hardened Linux base. Consider finding the APK file to install the platform from the mobile device's browser to avoid the use of Google. If Google framework is not required to make the application run properly, do not flash it.
|
||||
|
||||
If the virtualized Android is too close to home being on your host, there is no reason you can't stand up the emulation on a Virtual Private Server (VPS) hosted by another organization that you pay in cryptocurrency. When evaluating VPS providers, make sure to consider country of origin, payment methods, and their logging policy. It is easier to conceal the origin of traffic by using the VPS as a makeshift proxy rather than running the virtualized Android system on your host device. Your host can then use torrified traffic to interact with the VPS unimpeded by suspicious flags that are invited by the use of TOR.
|
||||
If the emulated Android system is too close to home operating from your host, there is the option to stand up the emulation on a Virtual Private Server (VPS) hosted by another organization that you pay in cryptocurrency. When evaluating VPS providers, make sure to consider country of origin, payment methods, and their logging policy. It is easier to conceal the origin of traffic by using the VPS as a makeshift proxy rather than running the virtualized Android system on your host device. Your host can then use torrified traffic to interact with the VPS unimpeded by suspicious flags that are invited by the use of TOR.
|
||||
|
||||
Anonymity and activism are difficult to go hand-in-hand, albeit they need to. Playing on a platform of the adversary means conforming to their rules, and circumvention can be costly. Decentralization can mitigate issues with SIM correlation, hostile communication, and the need for an emulated Android system. However, adoption rates and exposure will significantly decrease.
|
||||
Anonymity and activism are difficult to go hand-in-hand, albeit their balance is consequential. Playing on a platform of the adversary means conforming to their rules, and circumvention can be costly. Decentralization can mitigate issues with SIM correlation, hostile communication, and the need for an emulated Android system. However, adoption rates and exposure will significantly decrease.
|
||||
|
||||
### Journalist
|
||||
|
||||
|
|
@ -563,9 +563,9 @@ For all intents, the use-case of journalism varies widely, therefore I will isol
|
|||
2. Freedom of speech / lawful protection does not apply.
|
||||
3. Being caught could land you anywhere from imprisonment to death.
|
||||
|
||||
It's evident that poking powerful players could result in irreversable consequences. Therefore many of the concepts described in this book should be applied with the emphasis on encryption, signal restriction, and minimal infrastructure.
|
||||
It's evident that poking powerful players could result in irreversible consequences. Therefore many of the concepts described in this book should be applied with the emphasis on encryption, signal restriction, and minimal infrastructure.
|
||||
|
||||
The OS selection should be oriented towards amnesia. TAILS could be leveraged with a USB, and the drive in the system could simply be a dummy (filled with insignificant data, vacation pictures, etc). The physical wireless chipset should be removed and replaced with a wireless dongle and attached only when needed. While I prefer hardware mitigations over software mitigations, you may not wish to fry the USB ports or desolder the SATA ports. The BIOS should be password-protected, and the USB ports at the very least can be disabled from the menu. If you will be operating from public locations, consider running a blank keyboard with a privacy screen covering the LED.
|
||||
The OS selection should be oriented towards amnesia. TAILS could be leveraged with a USB, and the drive in the system could simply be a dummy (filled with insignificant data, vacation pictures, etc). The physical wireless chipset should be removed and replaced with a wireless dongle and attached only when needed. While I prefer hardware over software mitigations, you may not wish to fry the USB ports or de-solder the SATA ports. The BIOS should be password-protected, and the USB ports at the very least can be disabled from the menu. If you will be operating from public locations, consider running a blank keyboard with a privacy screen covering the LED.
|
||||
|
||||
Fortunately, amnesiac solutions are growing. One can run TAILS with the HiddenVM project.[^64] HiddenVM is precompiled VirtualBox binaries to allow running virtual machines without an installation directly on TAILS. HiddenVM leverages the TAILS amnesiac system with Veracrypt's hidden partitions for plausible deniability. In this way, Whonix can be ran from TAILs and there will not be an overlapping use of TOR.
|
||||
|
||||
|
|
@ -573,15 +573,15 @@ If a live USB with minimal processing power is not your niche, consider running
|
|||
|
||||
>Note: Amnesiac computing is highly advised for journalists with state targets on their back. Most malware will not be able to persist through different sessions, and often they will have to interact with hostile platforms and networks.
|
||||
|
||||
If a mobile device is deemed a necessity, leverage GrapheneOS on a Google Pixel. Encrypt all communications through trusted services or peer-to-peer (P2P) applications like Briar.[^67] Route all device traffic through TOR with the use of Orbot. Keep the cameras blacked out with electrical or gorilla tape. The concept of treating all signals as hostile should be emphasized here as the hardware wireless chipset cannot be desoldered. Sensors and microphones can successfully be disabled, but the trend with smaller devices is that they run as a System on a Chip (SoC). In short, multiple functions necessary for the system to work are tied together in a single chip. Even if you managed not to fry the device from the desoldering process, you would have gutted the core mechanisms of the system, resulting in the newfound possession of a paperweight.
|
||||
If a mobile device is deemed a necessity, leverage GrapheneOS on a Google Pixel. Encrypt all communications through trusted services or peer-to-peer (P2P) applications like Briar.[^67] Route all device traffic through TOR with the use of Orbot. Keep the cameras blacked out with electrical or gorilla tape. The concept of treating all signals as hostile should be emphasized here as the hardware wireless chipset cannot be de-soldered. Sensors and microphones can successfully be disabled, but the trend with smaller devices is that they run as a System on a Chip (SoC). In short, multiple functions necessary for the system to work are tied together in a single chip. Even if you managed not to fry the device from the de-soldering process, you would have gutted the core mechanisms of the system, resulting in the newfound possession of a paperweight.
|
||||
|
||||
### Market Vendor
|
||||
Let's assume the vendor is selling some sort of vice found on the DEA's list of schedule 1 narcotics. Fortunately in this use-case, unlike that of the anonymous activist (or the journalist in some cases), OPSEC is welcomed with open arms. In fact, vendors are even rated with their stealth (both from shipping and processing) as one of the highest criteria in consideration, along with the markets being TOR friendly, leveraging PGP, and ensuring full functionality without Javascript. Given the ongoing nature of these operations, and that they are tailored towards privacy and security, a more persistent system will likely be the best fit.
|
||||
Let's assume the vendor is selling some sort of vice found on the DEA's list of schedule 1 narcotics. Fortunately in this use-case, unlike that of the anonymous activist (or the journalist in some cases), OPSEC is welcomed with open arms. In fact, vendors are even rated with their stealth (both from shipping and processing) as one of the highest criteria in consideration, along with the markets being TOR friendly, leveraging PGP, and ensuring full functionality without JavaScript. Given the ongoing nature of these operations, and that they are tailored towards privacy and security, a more persistent system will likely be the best fit.
|
||||
|
||||
The same recommendation for the journalist with a persistent setup using VMs for isolated processes on a hardened hypervisor is ideal. A completely amnesiac system is less necessary when you are not forced to interact with hostile sites that can arbitrarily run code via the use of JavaScript. While I would give a nod to those that take such precaution and exist solely in volatile memory, it is likely unnecessary and more of a hassle than the degraded performance is worth.
|
||||
|
||||
## Conclusion
|
||||
As stated earlier, relevancy in the tech industry is difficult to maintain in perpetuity. The proposed concepts applied with adequate discipline and mapping stand to render investigations ineffective at peering into operations. Most mistakes take place in the beginning and come back later to haunt an operation. The success stories are never highlighted. For instance, there are plenty of vendors across marketplaces that have gone under the radar for years. OPSEC properly excercised would not leave a trail for the intelligence community; thus obscure and cryptographic implementations like steganography or FDE would not have to be relied on. I hope to learn that some of this material aids dissidents and journalists to combat regimes rooted in authoritarianism, coupled with privacy-minded individuals who have the desire to be left alone. Freedom and privacy have never been permitted by the state, nor are they achieved through legislature, protests, petitions; they are reclaimed by blatant non-compliance, loopholes, and violence. Every man possesses the right of revolution, and every revolution is rooted in treason, non-conformity, and ultimately to escape from subservience.
|
||||
As stated earlier, relevancy in the tech industry is difficult to maintain in perpetuity. The proposed concepts applied with adequate discipline and mapping stand to render investigations ineffective at peering into operations. Most mistakes take place in the beginning and come back later to haunt an operation. The success stories are never highlighted. For instance, there are plenty of vendors across marketplaces that have gone under the radar for years. OPSEC properly exercised would not leave a trail for the intelligence community; thus obscure and cryptographic implementations like steganography or FDE would not have to be relied on. I hope to learn that some of this material aids dissidents and journalists to combat regimes rooted in authoritarianism, coupled with privacy-minded individuals who have the desire to be left alone. Freedom and privacy have never been permitted by the state, nor are they achieved through legislature, protests, petitions; they are reclaimed by blatant non-compliance, loopholes, and violence. Every man possesses the right of revolution, and every revolution is rooted in treason, non-conformity, and ultimately to escape from subservience. In a world where they proclaim that you should have nothing to hide, respond with "I have nothing to show."
|
||||
|
||||
For the dissidents:
|
||||
|
||||
|
|
@ -633,9 +633,11 @@ For the hollow men (federal agents or contractors) who stumbled upon my work by
|
|||
```
|
||||
|
||||
## Contact Us
|
||||
Email: x0ptoutx@protonmail.ch
|
||||
Feel free to reach out with any critiques, alterations, questions, or consulting opportunities.
|
||||
|
||||
Do note that there is end-to-end encryption (e2ee) implemented between protonmail users. The keys can be adjusted in settings to use Elliptic Curve Cryptography (ECC) or RSA-4096.
|
||||
Email: `x0ptoutx@protonmail.ch`
|
||||
|
||||
> Do note that there is end-to-end encryption (e2ee) implemented between ProtonMail users. The keys can be adjusted in settings to use Elliptic Curve Cryptography (ECC) or RSA-4096.
|
||||
|
||||
```
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
|
@ -757,7 +759,7 @@ Donations to support projects under https://git.arrr.cloud/WhichDoc are welcome
|
|||
[^56]: DISA STIGs - https://public.cyber.mil/stigs
|
||||
[^57]: KSPP - https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
|
||||
[^58]: Whonix Host - https://www.whonix.org/wiki/Whonix-Host
|
||||
[^59]: PlagueOS- https://git.arrr.net/whichdoc/plagueos
|
||||
[^59]: PlagueOS- https://0xacab.org/whichdoc/plagueos
|
||||
[^60]: BubbleWrap Sandbox - https://github.com/containers/bubblewrap
|
||||
[^61]: SalamanderSecurity's PARSEC repository - https://codeberg.org/SalamanderSecurity/PARSEC
|
||||
[^62]: Linux Hardening - https://madaidans-insecurities.github.io/guides/linux-hardening.html
|
||||
|
|
|
|||
Loading…
Reference in New Issue