View
219
Download
1
Embed Size (px)
Citation preview
7/28/2019 anonsec
1/60
ANONYMITYSECURITY
7/28/2019 anonsec
2/60
7/28/2019 anonsec
3/60
Tis is dedicated to all o our tender-hearted co-conspirators in this war againstcivilization. Well meet in the shadows.
TABLE OF CONTENTS
I N R O D U C I O N . . . . . . . . . . . . . . . . . . . . . 3 ANONYMITY
I n t r o d u c t i o n . . . . . . . . . . . . . . . . . 6I S P . . . . . . . . . . . . . . . . . . . . . . . . . . . 7I P . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 0M A C A d d r e s s . . . . . . . . . . . . . . . . . 1 4S e s s i o n D a t a / B r o w s e r S e t t i n g s . . . . . 1 7R e f e r e r . . . . . . . . . . . . . . . . . . . . . . . . 2 0U s e r A g e n t . . . . . . . . . . . . . . . . . . 2 1
8 0 2 . 1 1 N i c k n a m e . . . . . . . . . . . . . . . . . . 2 3S c r i p t s . . . . . . . . . . . . . . . . . . . . . . . . . . 2 4E n c r y p t i o n . . . . . . . . . . . . . . . . . . 2 6
SECURI Y I n t r o d u c t i o n . . . . . . . . . . . . . . . . . . 3 0
S e c u r e D e l e t i o n . . . . . . . . . . . . . . . . 3 0V i r u s e s & M a l w a r e . . . . . . . . . . . . . . . . 3 2
K e y l o g g e r s . . . . . . . . . . . . . . . . . 3 4R o o t k i t s . . . . . . . . . . . . . . . 3 6P a s s w o r d s . . . . . . . . . . . . . 3 8E n c r y p t i o n . . . . . . . . . . . . . . 3 9L i n u x . . . . . . . . . . . . . . . . . . . 4 2L i v e s y s t e m s . . . . . . . . . . . . . . . . 4 4E m a i l . . . . . . . . . . . . . . . . . 4 6S e s s i o n D a t a . . . . . . . . . . . . . . . . . 5 1M e t a d a t a . . . . . . . . . . . . . . . . . . 5 4D e s t r u c t i o n O f H a r d D r i v e . . . . . 5 6
R E S O U R C E S . . . . . . . . . . . . . . . . . . . . . . . . . . .5 7
7/28/2019 anonsec
4/60
7/28/2019 anonsec
5/60
INTRODUCTION
3
Every day we see new evidence o the States surveillance ap- paratus at work. Our cell phones are tracking devices; RFID chipsthreaten to make privacy impossible; surveillance cameras are on ev-ery street corner. Each new technological development brings withit a new encroachment into our lives and a new tool in the States ar-senal o repression. With this techno-development increasing at anexponential rate, it is di cult not to eel lost, paranoid, or caged. Welive in panopticon - even i the States eyes cannot be on us all at once, we can never be sure that we are not being watched at any given mo-ment. Tis psychic omnipresence, coupled with the very real evidenceo the surveillance apparatuss repression o agents o revolt, creates pa-ralysis. Te threat o handcu , court room, and jail cell stay our hand.
It is impossible to ever have per ect security or oolproo anonymi-ty. Te structure o the world as a massive prison prevents our movementsrom ever being invisible and our actions rom ever being risk- ree. Our sit-uation is ar rom per ect - in act, it is rightening - but i we allow the States
surveillance to deter our revolt, we ensure the impossibility o a world reeo domination. We can reject paranoia and employ strategic anonymitythat seeks to inter ere with surveillance and repression wherever possible. While we cannot become invisible, we can evade their eyes where it counts
Tis project is the product o research and sel -education.It grew rom our desire to learn how to increase our digital ano-
nymity and security and expanded rom there. Hours o wading through manuals and websites ull o technological jargon and com-ing back with only a basic idea o how to practically apply any o itmade the necessity o an accessible, comprehensive guide apparent.
Our intention with this guide is to provide a basic outlineo the ollowing: speci c ways in which you can be digitally iden-ti ed and how to anonymize your internet presence; how to se-
cure your computer and make your les or hard drive (theoreti-cally) inaccessible to prying eyes; how to control and e ectively dispose o the records o activity your computer stores; how to pro-tect your computer rom malicious processes and programs; how to
7/28/2019 anonsec
6/60
4
more securely use email; and other issues related to these subjects.Tis guide is designed or beginners and ocuses on the con-
crete skills; we know those were the two things we hoped or in theguides we read when we started our research. We wrote this rom
a subjective point-o -view; it is or our likes, our riends we holddear and those we have not yet met. Were poor, so most o thesetools are ree, and most o what isnt can be pirated. We hate techno-industrial society, so we re use to engage in the techno- etishism o most computer guides; we re use to speak o any technology as lib-erating and reject idea that the internet is democratic - both be-cause we hate alienating technologies and because we hate democracy.
We are not experts; we may be misin ormed about aspects o se-curity and anonymity and this is why with every concept, program, oractivity explained, we provide an extensive list o resources or urtherindependent research, which we encourage and recommend. Te rateat which technology develops also makes in ormation quickly outdatedor impractical, so staying up to date on developments is essential to any understanding o technology and how it a ects us. We know comput-ers can be overwhelming and rustrating to learn about, but we are nothackers and, with some concerted e ort, we went rom a below-averageknowledge o computers to a working knowledge o what a ects usmost about them. Anyone with some time and dedication can gurethis all out, and we hope that this guide can be an aid in such research.
Future editions o this guide may be compiled as we learn moreand expand our knowledge o computers and associated technology.
oward the generalization o tactical knowledge,Anarchists
7/28/2019 anonsec
7/60
ANONYMITY
7/28/2019 anonsec
8/60
INTRODUCTION
Everything you do on the internet can be traced back to thecomputer or internet connection point you use unless you obscureor anonymize aspects o your computer or connection that give away identi ying in ormation. Te identi ers involve so ware and hard- ware, so an approach that takes only one o these into considerationcannot ully obscure your digital identity. In general, the more iden-ti ers you obscure, the more di cult it will be to trace activity back to you. Tat said, nothing should be considered ool-proo , as a vari-ety o errors can occur that break through the digital obscurity youset up. Anything that comes between you and what you seek accessto (in ormation, communications, whatever) increases the chanceo interception; communicating ace-to- ace is always more secure.
Te amount o e ort you choose to employ in obscuring youractivities depends on the nature o those activities. Innocent webbrowsing, accessing anarchist websites, and posting communiqus allrequire di erent levels o security. Utilizing all o these techniques inorder to look up some innocuous in ormation is a waste o time thatcould be spent doing more important things. On the other hand, al-lowing identi ying in ormation slip out when posting a communiqucould cost you your (relative) reedom. Te main idea is to weigh the work required against the outcome o in ormation leakage. I you eela situation requires you to pull out all the stops, then do so. I it does
not, do not. Tis is all subjective and determined by your strategy, situ-ation, and goals. Never let striving or per ect anonymity deter yourom action; such a thing does not exist. Remember that anonymity and security exist as precautions to keep us out o jail and ree to con-tinue attacking the institutions o domination, not as ends themselves.But also keep in mind that the State will do all it can to strip our revolto its orce; ght intelligently and cover your tracks wherever possible.
Notes: We mainly ocus on Linux and Windows operating systemsand Mozilla Fire ox-based web browsers. We recommend switching overto Linux rom Windows or Mac OSx and strongly urge everyone to uti-
6
7/28/2019 anonsec
9/60
lize Fire ox (or a comparable browser) instead o Internet Explorer. Tereis a learning curve or Linux, but it can make anonymizing aspects o yourhardware and so ware much easier, as well as protect your system rom at-tacks. Fire ox o ers a variety o plug-ins and customizations that can aid in
anonymizing your browsing and securing your connection, and generally avoids the holes that IE has in privacy and security i con gured correctly.
We include some links or Mac OSx and Sa ari/Opera/Chrome/IE, so those who use those can still make use o these orms o anonymization.
Te rst our aspects o anonymity we explore (ISP, IP, MACaddress, and session data) are the most important. While the otheraspects can leak in ormation about your browser or computer, theserst our are the easiest ways to trace activity back to you or discov-er your past activity. We recommend ocusing on these to begin withand then learning to mitigate other aspects o in ormation leakage.
ISP
WHA IS I ?An Internet service provider (ISP) is a company that provides access
to the internet. Tis is what you connect to in order to access websites, email,etc. Some examples o this are cable modems, dial-up, DSL, and wireless/wi .
Wireless/wi is the most important to discuss as this is the easi-est to connect to in order to anonymize yoursel . Wireless is either openor closed, either public or encrypted and requiring a password to access.Examples o open networks would be a public hotspot like a library orca e, or an unsecured home network. An example o a closed network would be a home or o ce connection using some orm o encryption.
WHY IS I IMPORAN ?Te location o your internet connection is the nal destina-
tion o any investigation o internet activity. I your activities can betraced back to an ISP, your obscurity is compromisedi you use your home connection. Regardless o how much e ort you put into obscur-
7
7/28/2019 anonsec
10/60
ing yoursel , your in ormation can still be grabbed at the ISP level orcan be traced back to that connection. I your anonymization is com- promised or any reason, you could get caught i you are using a con-nection that can be traced to you or anyone you associate with.
HOW O DEALTe hacker words o wisdom - dont hack on your own connec-
tion - come into play here. I you use a connection that is not related to you or anyone you associate with, even i your other attempts at anonymity ail, investigators will only be led to a dead end. In short: DO NO DOANY HING FROM YOUR HOME CONNEC ION HA YOU WOULD NO WAN INVES IGAORS O KNOW ABOU .
Te easiest way to anonymize your connection is to access a pub-lic wireless hotspot, such as a library or ca e. Tese are generally openconnections and easy to access. I you eel your activities warrant it, picksomewhere with no CC V. (Your anonymization o your IP will prob-ably prevent your activities rom ever being traced back to the wirelessconnection, but it better to err on the side o caution when doing any-thing that could threaten your reedom.) You will also want to utilizeencryption (see section on internet encryption) i logging in to anything on a public connection, since someone with the right so ware could pick up your login in ormation or monitor your activities. It is also vital tochange your MAC address (see section on MAC addresses) to preventlogging o your hardware in ormation in the wireless connections routers.
Another way o getting wireless access is home networks. While this is illegal, anonymizing your hardware in ormation makesgetting caught unlikely. You can drive around with your comput-er looking or open wireless connections (known as wardriving).
Another possibility is to use so ware to hack into encrypt-ed wireless connections. Depending on the type o connection and
the password used, this can be simple. Some programs monitor the wireless connection until it has enough in ormation to crack theencryption; others use lists o words to attempt to discover a pass- word (dictionary attacks). While these require a bit more techni-cal expertise, they can make nding wireless connections a lot easier.8
7/28/2019 anonsec
11/60
I would recommend nding a connection away rom yourhome or added security. Tis can be done by visiting wireless spotsor wardriving, but can also be done in the home by using a wireless an-tenna. Tese magni y your wireless cards strength and can be used to
access internet arther away rom your home than you would be ableto access otherwise. Tese can be bought online or constructed ornext to no money with a ew specialty cables and household products.
I you use an ISP not connected to you, you have es-tablished a major wall in any investigation o your internet ac-tivity. I you also properly alter so ware in ormation andobscure your activity through anonymizers, it is unlikely your activ-ity will be traced back to you unless a major investigation is underway.
LINKS
Generalhttps://secure.wikimedia.org/wikipedia/en/wiki/Internet_service_pro- viderhttp://www.howstu works.com/wireless-network.htmhttps://secure.wikimedia.org/wikipedia/en/wiki/Wireless_LANhttps://secure.wikimedia.org/wikipedia/en/wiki/Wired_Equivalent_Privacy https://secure.wikimedia.org/wikipedia/en/wiki/Wi-Fi_Protected_Ac-cess
Open Wireless & Wardriving https://secure.wikimedia.org/wikipedia/en/wiki/Piggybacking_%28Internet_access%29http://www.wi- hotspotlist.com/https://secure.wikimedia.org/wikipedia/en/wiki/Wardriving
http://www.wardriving.com/http://kismac-ng.org/http://www.netstumbler.com/http://www.kismetwireless.net/
9
7/28/2019 anonsec
12/60
Antennashttp://www.radiolabs.com/Articles/wi -antenna.htmlhttp://www.turnpoint.net/wireless/cantennahowto.htmlhttps://secure.wikimedia.org/wikipedia/en/wiki/Cantenna
http://cru box.com/cru /docs/cantenna.html
Cracking https://secure.wikimedia.org/wikipedia/en/wiki/Wireless_cracking http://www.kismetwireless.net/http://www.aircrack-ng.org/
IP
WHA IS I ?Your IP (Internal Protocol) address is a string o numbers that al-
lows you to send and retrieve data over an internet connection. It consistso our numbers, each o which contains one to three digits, separated by a single dot. Each number ranges rom 0 to 255. An example wouldbe 78.125.1.209. Tis number identi es the location, ISP, and technicaldetails o your connection. It is comparable to a houses street address.
WHY IS I IMPORAN ?An unobscured IP will lead investigators directly to your con-
nection. I you did not use a oreign internet connection, this leadsright to you. Even i you use another ISP to connect to the internet,obscuring the IP will complicate investigation and, depending on typeo obscurity and the persistence o the investigators, probably pre- vent them rom even guring out the connection you used. By ano-nymizing your IP, you are throwing up another wall or investigators.
HOW O DEALTere are a variety o ways to obscure your IP. For the purposeso this guide, we are going to explore proxies and OR - two ree and rel-atively simple ways to increase anonymity. We also include links to VPN
10
7/28/2019 anonsec
13/60
services and SSH tunnels or those who want to investigate alternatives.Proxies are systems or websites that allow you to run your con-
nection through theirs. Rather than connect to the website you wishto connect to, you connect to the proxy server, which then connects to
the website you are trying to access. Te logs o the website you are try-ing to access will then show the proxys IP address rather than yours.
Proxies can be website-based and list-based. With website-based proxies, you access the website and type the URL o what you wish toaccess and it tunnels the connection through the proxy website. Whilethese generally work consistently and are aster than other proxies, theanonymity they o er is negligible. Tey could keep extensive logs o what you view, which could be a major problem i you use them requent-ly. Many are also US/UK based and there ore do not contain the addedrustration o international investigation or the eds. List-based proxiescan be gleaned rom various internet lists and entered in your browserscon guration (generally under network settings in your browsers op-tions). Tese are generally slower and o en do not work, but some o erthe bene t o international proxies, which may complicate investigations.
In general, we do not recommend the use o these one-hop proxies i you wish to protect privacy. Whoever operates the proxy server will have access to anything you view, which is dangerous i it is a honey pot operation (the state operating proxies to catch criminals and hackers)or i they maintain logs. I you are using your home network to connectto a proxy, your ISP will have logs showing that you connected to the proxys IP at a speci c time and your activities can be discovered i the proxy server maintains logs. Some also add something called x_ orward-ed_ or headers that send your actual IP to the websites you connect to. I would only recommend using these one-hop proxies i there are no otherchoices and i you are connected to something other than your homenetwork. Always check i the proxy is working by using an IP checkingsite. You can also look into proxy chaining, which allows or connec-
tion to multiple proxies and will mitigate some o these risks to a degree.OR is a better choice or anonymity. It is a network o prox-
ies run by volunteers with the explicit purpose o maintaining anonym-ity. With OR, your connection goes through three proxies. You con-
11
7/28/2019 anonsec
14/60
nect to OR and each o the three proxies (nodes) you access encrypts your data. No individual node can know what you are connected to and who you are. Te third node decrypts the data and accesses the web-site, sending the in ormation back through the proxies encrypted. While
nothing is oolproo , OR provides a strong anonymity or its users.Te drawbacks o OR are its speed and its exit node. OR,
like many proxies, is very slow, but the anonymity it achieves is worththe time it takes i you want to keep your browsing private. Te un-encrypted exit node is a more serious problem. Te operator o thethird node could see your data (website accessed, login in orma-tion) i you do not encrypt the connection (see section on browserencryption). While this will not personally identi y your connec-tion, it could compromise any accounts you log in to, so encrypt!
OR also o ers a simple ORbutton or Fire ox that al-lows or easy use, a portable browser that can be installed on afash drive so you dont have to install OR on your computerand can use it on any computer, and is present in some LiveSys-tems or security and portability (see section on LiveSystems).
One note o caution: do not do something stupid like log-ging into a personal email address or posting personal in ormation us-ing the same proxy or OR con guration you use or doing anything sketchy. People have been caught this way, so use common sense.
LINKS
Generalhttp://compnetworking.about.com/od/networkprotocolsip/g/ip_pro-tocol.htmhttp://www.webopedia.com/ ERM/I/IP_address.html
Proxy basicshttps://secure.wikimedia.org/wikipedia/en/wiki/Proxy_serverhttp://www.webopedia.com/ ERM/P/proxy_server.htmlhttp://whatismyipaddress.com/using-proxies12
7/28/2019 anonsec
15/60
Proxy listshttp://samair.ru/proxy/http://nntime.com/
Proxy chaining http://www. reeproxy.ru/en/ ree_proxy/ aq/how_create_proxy_chain-ing.htmhttp://www.hackingtricks.in/2011/01/how-to-create-proxy-chain- proxy.html
IP checkershttp://whatismyipaddress.com/http://www.whatismyip.com/http://browserspy.dk/ - checks a variety o in o your browser gives away
SSHhttps://secure.wikimedia.org/wikipedia/en/wiki/ unneling_protocolhttps://secure.wikimedia.org/wikipedia/en/wiki/Secure_Shellhttp://www.chiark.greenend.org.uk/~sgtatham/putty/http://www.openssh.com/
VPNen.wikipedia.org/wiki/Virtual_private_network https://www.openvpn.net/
OR https://www.torproject.org/https://www.torproject.org/projects/torbrowser.html.enhttps://addons.mozilla.org/en-US/ re ox/addon/torbutton/https://secure.wikimedia.org/wikipedia/en/wiki/ or_(anonymity_
network)
13
7/28/2019 anonsec
16/60
MAC Address
WHA IS I ?Te MAC (Media Access Controller) address - also known
as the hardware address or physical address - is a number thatuniquely identi es the piece o hardware connecting to a network.An example o hardware with a MAC address would be your lap-tops wireless card. MAC addresses are 12-digit hexadecimal num-bers, written in the ormat o MM:MM:MM:SS:SS:SS. Terst hal o the address identi es the manu acturer o the adapt-er, the second is the serial number assigned by the manu acturer.
WHY IS I IMPORAN ?Te MAC address speci cally identi es your computer. I
you access the internet, the router may log your MAC address andmaintain that log. I investigators were to read the logs o a router you accessed (say, a public wi rom which a communiqu was sent),and then compare that address with the MAC address o your com- puters wireless card (say, con scated in a raid), youd be connectedto your activity while using that routers connection. I the MACaddress is not changed, there is the possibility o your activity be-ing traced back to you i investigators are persistent or lucky enough.
HOW O DEAL
In order to avoid this, you need to change your MAC address. Teease o doing this depends on your operating system. I you do not wish tolearn these ways, you can use MAC spoo ng so ware to automate the pro-cess. Whether you do that or spoo the MAC yoursel , always double check that the MAC was indeed changed be ore starting your internet activity.
LINUX
One o many advantages o Linux is the simplicity o spoo -ing MAC addresses. It is only a matter o entering a command intothe terminal and creating a new address. Programs exist or Linuxthat will generate and spoo MAC addresses automatically as well.
14
7/28/2019 anonsec
17/60
MAC CHANGE IN LINUX 1. Click erminal2. ype: i con g device name down (with the name o your network-ing device in place o device name)
3. ype: i con g device name hw ether 00:11:22:33:44:55 (with thenumbers being what you wish to change your MAC address to)4. ype i con g device name up5. Check MAC address with i con g
WINDOWS In Windows, the MAC address can be changed in the registry or
by con guring the hardware properties. Tese methods take a bit o work,but should alter your MAC address i executed correctly. Be care ul whenaltering registry or con guring hardware; we would advise reading up onthese ways o changing MAC addresses more be ore you attempt them.Alternatively, there are programs that automate the process in Windows.
O VIEW MAC ADDRESS 1. Start2. Run3. ype: cmd4. ype: ipcon g/all5. Look or your adapter, its MAC address will be listed as Physical Ad-dress
REGIS RY 1. Go to Start2. Run3. ype: regedit4. Navigate as ollows:[HKEY_LOCAL_MACHINE>>SYS EM>>CurrentControlSet>>
Control>>Class>>{4D36E972-E325-11CE-BFC1-08002BE10318]You will see a lot o options like 000, 001, etc under {4D36E972-E325-11CE-BFC1-08002BE10318}. Here you will have to choose the option which matches your current MAC address. For example, i my currentMAC is 00-18-8B-BA-DD-55; I will choose 0018 since the rst our
15
7/28/2019 anonsec
18/60
HEX numbers o the MAC are 00-18.5. Right click the Network Address and choose Modi y 6. In a new window which pops up, write a new MAC under Value data.7. Click OK. Disable and then enable your adapter and check your new
adapter MAC in Command.
HARDWARE PROPER IES Tis will vary depending on the version o Windows you are
using and its orm o navigation.
1. Start2. Control Panel3. Network and Internet4. Network and Sharing Center5. In the side bar, click Change adapter settings6. Find the adapter whose MAC address you wish to change, right click and click Properties7. Go to the Advanced ab OR click the Con gure button and then goto the Advanced tab8. Look or Network Address, MAC Address, or Physical Address9. Change10. Check MAC address in Command
LINKS
Generalhttps://secure.wikimedia.org/wikipedia/en/wiki/Mac_addresshttp://www.wikihow.com/Find-the-MAC-Address-o -Your-Computer
Spoo ng http://www.technitium.com/tmac/index.html
http://www.irongeek.com/i.php?page=security/changemachttp://www.irongeek.com/i.php?page=security/madmacs-mac-spoo erhttp://standards.ieee.org/develop/regauth/oui/oui.txt
16
7/28/2019 anonsec
19/60
SESSION DATA/BROWSER SETTINGS
WHA IS I ?Session data is any log saved on your computer when you do ac-
cess websites or do work online. Session data includes cookies, cachehistory, saved orms and passwords, and orm and search history. Inaddition to this, some browser settings, such as domstorage and geo-location, either save browsing in ormation or identi y your location.
A cookie is in ormation a website saves on your hard drive so it canrecall in ormation about you at a later time. Tere are two types o cook-ies, session and persistent. Session cookies are erased when the browser iclosed. Tese are stored in temporary memory and are not retained a er thesession is terminated. Persistent cookies, or stored cookies, are stored on ausers computer until they expire or are deleted. Tese cookies are used tocollect in ormation, such as what you view online or website pre erences.
Local Shared Object or Flash Supercookie di ers rom the browsercookie. Te supercookie is based in the Flash application and is stored in a di -erent location than browser cookies. Tese are di cult to locate or uninstall.
History is a list o web sites visited, categorized by date.Cache, also known as the temporary internet les older, is a contain-
er o les rom visited websites. Tis allows or aster display o websites, asthe display is retrieved rom the cache, rather than rom the sites web server.
Form and search histories are saved logs o in ormation en-tered in website orms or search bars. Saved passwords are any pass-
words you have set to be saved or easy access in your web browserDOMstorage is a storage eature or organizing per-sistent data. It is built into browsers and enabled by de ault.
Geolocation is a browser setting that allows or geograph-ically-sensitive date to be suggested in searches and queries when you access websites. For example, searching movie times inGoogle will bring up a list o theaters near your perceived location.
WHY IS I IMPORAN ?Most o these mechanisms store in ormation about what you view,
when you view it, and any data you enter while using the internet. Tis
17
7/28/2019 anonsec
20/60
leaves a trace - or a large pool o evidence i you never clear this data - o youactivities. Even i you go all-out with anonymity, i you dont curtail yourbrowsers in ormation storage, your computer will be lled with logs o your online activity. I youre engaging in projects o subversion and revolt
having this in ormation stored on your hard drive could get you locked up.
HOW O DEALIt is not di cult to curb your browsers retention o data. A ew
changes to settings and an add-on or two will go a long way in keepingthis in ormation rom ever being saved in the rst place, and i it is saved,rom being deleted in a timely manner. Besides the solutions o ered, thereis the possibility o running a browser rom a LiveSystem, which will pre- vent all o this in ormation rom ever being saved on your hard drive, asLiveSystems run rom RAM only (see section on LiveSystems). Most othe ollowing is geared toward Fire ox-based browsers. We recommendswitching to one o these because o their customizations and concernor security. Some links will be included to help with other browsers.
Your rst move should be to edit your browsers privacy set-tings. Uncheck any option that remembers in ormation such as searchor orm history, download history, and browsing history. urn o cookies, or set them to expire when you close your browser. Set brows-ing history, cache, cookies, site pre erences, download history, o -fine data, and saved passwords to clear when the browser is closed.
You can also disable some o these manually. ypeabout:con g into the URL. In the lter bar, type what you wishto edit, such as cache or cookies. oggle settings such as browser.cache.disk.enable to alse, and set the value o pre erences such asbrowser.cache.disk.capacity to 0. Check online or various waysto edit your browsers pre erences this way to achieve better privacy.
While we advise doing BO H o the above by de ault,the easiest way to make it so your browser never saves the in or-
mation to begin with is to browse in private mode. Most brows-ers have this capability, and it makes it so your computer does notkeep any record o your browsing history. Always use private mode.
Doing the above should prevent the better known threats to18
7/28/2019 anonsec
21/60
7/28/2019 anonsec
22/60
LSO fash cookiehttps://secure.wikimedia.org/wikipedia/en/wiki/Local_Shared_Ob- ject
http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/https://addons.mozilla.org/en-US/ re ox/addon/betterprivacy/http://netticat.ath.cx/BetterPrivacy/BetterPrivacy.htm
REFERER
WHA IS I ?Te re erer (sic), also known as the re erring page, is the URL o
the page the link was ollowed rom. I you click a link, the website thelink leads to will see the page the link was clicked on, as the re erer is paro the H P request the browser sends to the websites server.
WHY I IS IMPORAN ?Re erers can give a website in ormation about your activities be-
cause they tell what page you were on when a link was clicked. Tis canbe linked with your IP to gain in ormation about your browsing.
HOW O DEAL
Tere are a ew programs or add-ons that help to control the re -erer.In Fire ox, an add-on called Re Control will allow you to cus-
tomize the re erer each site sees. You can customize a speci c re erer ora site, or you can create a de ault re erer setting or all sites. Re Controlcan send no re erer, send the root o the site you are accessing as the re -erer, and can create custom re erers that say anything. We recommend
changing the re erer to the root o the site or blocking it.Another option is to use Privoxy, which is o en packaged withOR. I you set Privoxy settings to do so, they will alter various aspectso your browser identi cation. Like Re Control, Privoxy can be set to
20
7/28/2019 anonsec
23/60
hide the re errer, set it as the root site, and change it to any web address.
LINKS
http://www.privoxy.org/https://addons.mozilla.org/en-US/ re ox/addon/re control/
USER AGENT
WHA IS I ?A user agent is a string o in ormation a web browser sends to a
website to identi y itsel . Tis ts a websites content or that particu-lar browser or operating system. Te user agent consists o six compo-nents: application name, application version, compatibility fag, browsername and version, operating system, and any extensions installed. Eacho these depends on the particulars o your computer (whether youhave Windows or Linux, Internet Explorer or Fire ox, or example).
An example o a user agent would be: Mozilla/4.0 (compatible; MSIE 7.0; Windows N 6.0)
Mozilla designates the application name. 5.0 is the application version. Compatible is the compatibility fag. MSIE 7.0 is the versiontoken. Windows N 6.0 is the operating system.
WHY IS I IMPORAN ?
Disguising your user agent is important i you wish to prevent websites you view rom knowing your particular operating system and webbrowser. Tis in ormation, i accessed by investigators, could aid an investi-gation by narrowing down the possibilities. I your user agent correspondsto one engaged in illegal activities, you could be linked to those activities
HOW O DEAL
o check your user agent and see i it has changed, type about:into the URL. Always double check to make sure your changes worked.Tere are a ew ways o changing a user agent.Tere is a Fire ox add-on called User Agent Switch-
21
7/28/2019 anonsec
24/60
er that will automate the process or you. Tis is very sim- ple and convenient, but be sure not to use the same user agent,even i it is ake, or activities you do not wish to be connected.
Another option is Privoxy, which will allow you to alter your
user agent. You set up Privoxy as a local proxy and it will lter yourconnect through it, changing the user agent to whatever you set it as.
o manually change your user agent, type about:con g into the ad-dress bar. Right click somewhere and in the menu that comes up select New-> String. Enter general.useragent.override as the pre erence name. In the window or the string value, enter the user agent you want the browser to use.
You can nd lists o user agents to switch to online. Certain pages may cease to work i you change the browser or operating systemso you may just want to glean the particulars rom it and leave the ba-sic browser and operating system in ormation intact. I the website you wish to access doesnt ail to work because the user agent does not match your browser, then by all means change it to anything youd like. Com-mon browsers and operating systems are best or increased obscurity.
LINKS
Generalhttps://secure.wikimedia.org/wikipedia/en/wiki/User_agent
User agent checkerhttp://whatsmyuseragent.com/
Switching user agenthttp://www.labnol.org/so ware/change-google-chrome-user-agent-string/4566/http://johnbokma.com/mexit/2004/04/24/changinguseragent.html
https://addons.mozilla.org/en-US/ re ox/addon/user-agent-switcher/http://www.privoxy.org/
List o stringshttp://www.useragentstring.com/pages/useragentstring.php22
7/28/2019 anonsec
25/60
802.11 NICKNAME
WHA IS I ?Te 802.11 nickname is an obscure eature o the wireless con-
nection that sends your hostname (your computers name) to the access provider.
WHY IS I IMPORAN ?I you access, or example, public wi that is later investigated, and
your 802.11 nickname is logged there, this can be matched up with yourcomputers name. Tis will show that you access this wi at a speci c timeand can connect you to activities you took part in while on that connection.
HOW O DEALTe best de ense against this is to choose a common ma-
chine name. Some examples might be de ault, computer, PC,home, and user. It would be di cult to prove that you did some-thing on a public wi connection i the only evidence is that both your computer and the computer in the logs are named computer.
In Windows, there is no easy way to change the 802.11 nick-name. I you dont already have a common computer name, we would recommend reinstalling your operating system and choos-ing a more common name, or better yet, switching to a Linux OS.
In Linux, open terminal.Enter [root@machine ~/dir]# iwcon g ath0 nickname what-
ever name you want
Another way is the ollowing: ype gksudo gedit /etc/ host-name. Change value and save (but make sure you write down the old
value rst i you wish to change it back). Ten type gksudo gedit /etc/ hosts and change that as well.
Tere are also ways to edit the hostname in GUI (Graphic User In-
23
7/28/2019 anonsec
26/60
7/28/2019 anonsec
27/60
ools -> Options -> Content -> Uncheck Enable JavaScript
o disable other scripts in Fire ox:ools -> Add-ons -> urn o Java, JavaScript, Flash, Silverlight
in Extensions and in Plug-ins
Tere are also add-ons which allow you to pick and choose which scripts you run or which you block. Te Ghostery add-on or Fire ox will list the scripts running on a page and allow you to choose which to block should they come up on other web-sites. Tis allows you to choose which to block, but does not au-tomatically prevent scripts rom running, which can be a problemi you do not already have the unwanted scripts or a page blocked.
NoScript is a valuable add-on or Fire ox. By de ault, it blocksall active content, including Flash, Silverlight, JavaScript, and Java. Youcan allow certain scripts temporarily or permanently and also add scriptsto a permanent block list. I used correctly, this signi cantly reducesthe risk o exploitation by malicious scripts. As a warning, it neuters your web experience and requires a ew more clicks on websites i con-tent is blocked - this seems a small price to pay or the bene ts, however.
Adblock, an add-on that blocks advertisements (ban-ner ads, commercials in videos, etc.), is use ul as well. Sub-scribe to the basic lists and most advertisements will be blocked.
One major source o tracking and behavioral analysis is Google.Many websites run Google scripts (Adsense, Analytics, Recaptcha, Apisetc.), and Google keeps logs inde nitely, so avoiding this tracking is ad- visable. An add-on called GoogleSharing will lter your requests rommost Google services through a proxy to anonymize the results and keep
Google rom tracking your online behavior by anonymizing your IP,H P headers, and User Agent. Te service maintains no logs, encryptsconnections, and was developed by an anarchist. (Note: Tis will only o -er basic anonymity and is there ore best or everyday browsing - disablethis and use OR when you are doing sensitive work online.) You can
25
7/28/2019 anonsec
28/60
also use Scroogle, a website that allows anonymizing o Google searching
LINKS
Scipt-blocking http://noscript.net/http://www.ghostery.com/https://addons.mozilla.org/en-US/ re ox/addon/adblock-plus/
Google alternatives/proxieshttps://ssl.scroogle.org/http://www.googlesharing.net/https://addons.mozilla.org/en-us/ re ox/addon/googlesharing/
ENCRYPTION
WHA IS ENCRYP ION?For this section, we are ocusing on encryption o brows-
ing via H PS/SSL encryption. Tere are other orms o en-cryption, some o which o er better security, which can beurther explored by visiting websites in the links section.
Encryption is a way to secure the sending or receiving in orma-tion over the internet. When you access a website, the sent and receivedin ormation travels in plain-text rom your computer, along networks, to
the server you are accessing. Anyone in the middle o these connections(your ISP, the server you are connecting to, eavesdroppers) can view thein ormation. Encryption secures this in ormation by scrambling the data,turning it rom plain-text to a (generally) undecipherable code. H PSencryption is represented by a little lock in the corner o your browser window, as you may have seen when logging in to email or bank accounts
WHY IS I IMPORAN ?Encryption is vital to security. Unencrypted data is like a post-card: anyone between the sender and receiver can view it. SSL encryp-tion, while it does not o er per ect security, is a simple way to improve
26
7/28/2019 anonsec
29/60
the security o a connection signi cantly, protecting rom digital eaves-dropping. I you are using a public wireless connection, this is evenmore vital, since it is impossible to know who is also using the con-nection. (Tere are a variety o tools which enable the the o user
names and passwords rom unencrypted connections with little e ort.)
HOW O DEALSSL encryption is simple. Rather than typinghttp:// into the
address bar, type https://. Not all websites allow SSL encryption, butmany do.
Te Electronic Frontier Foundation has a Fire ox add-on,H PS Everywhere, that automatically encrypts a variety o popular websites such as Google search, witter, PayPal, Wikipedia, Facebook,etc. You can also write your own rule sets to allow automatic encryptiono other websites. Tis is use ul or adding security to everyday browsing and log-ins.
LINKS
SSL/ LS/H PShttps://secure.wikimedia.org/wikipedia/en/wiki/ ransport_Layer_Se-curity https://secure.wikimedia.org/wikipedia/en/wiki/H P_Securehttps://www.e .org/https-everywhere
SSHhttps://secure.wikimedia.org/wikipedia/en/wiki/Secure_Shellhttp://www.openssh.org/http://www.chiark.greenend.org.uk/~sgtatham/putty/
27
7/28/2019 anonsec
30/60
7/28/2019 anonsec
31/60
SECURITY
7/28/2019 anonsec
32/60
INTRODUCTION
Computer security has two main aspects: protect-ing your system rom attacks and securing your data. Te or-mer involves protecting your computer rom viruses, mal- ware, keyloggers, rootkits, and various other threats. Te latterocuses on protecting your data rom anyone who gains access to yourcomputer, by encrypting data, managing logs, and securely deleting les.
Securing your computer and data puts a wall up against po-tential investigators or digital in ltrators. Te amount o in ormationinvestigators mine rom your computer in the case o hacking or a raiddepends solely on the time and e ort you put into the security o yoursystem. We strongly advise dedicating sincere e ort to this, as it is o enthe only thing keeping your computer sa e rom the states prying eyes.
SECURE DELETION
WHA IS SECURE DELE ION?When you delete a le by emptying it rom the recycle bin, the
le is not actually deleted. Te computer has merely marked the space thele takes up as empty so new data can be written over it; the le itsel remains until it is written over. Secure deletion, on the other hand, writesrandom data over a le multiple times, e ectively deleting the original le.
WHY IS I IMPORAN ?Files you delete on your computer remain there, invisible to you.
I this is sensitive data and your computer is con scated, this can be a problem, as computer orensics can uncover the deleted les, sometimeseven i they have been written over by another le. o prevent your de-leted les rom resur acing, it is necessary to securely delete the les.
HOW O DEALTere are a variety o programs and commands which
will automate the process o secure deletion, which we have pro-
30
7/28/2019 anonsec
33/60
vided in the links. In Linux, you need to get the shred program(sometimes it comes with a distributions de ault so ware pack-age); the command (((((((((INSER COMMAND))))))))))shreds the les. For Windows, you will need a shredding program.
How e ective the shredding o les is depends on which algo-rithm is used. In general, the more passes an algorithm makes over thele, the better the chances o wiping all traces. Te more passes, thelonger the shredding will take; but we recommend using Guttman al-gorithm, as this passes over the le 30 or more times. Algorithms thatclaim to be those used by Department o De ense or other govern-ment agencies are mostly hype and make only a ew passes over the le.
In addition, most shredding so ware allows you to shred yourcomputers ree disk space. Tis writes over the entirety o the ree spaceon your computers hard drive, securely deleting any remnants o les thatare being stored there. We recommend shredding ree disk space weekly using a strong algorithm. Combined with a practice o secure deletion,this should prevent orensics specialists rom accessing the les, except per-haps with the use o expensive microscopes, which is possible but unlikely
LINKS
Generalhttps://secure.wikimedia.org/wikipedia/en/wiki/Data_remanencehttps://ssd.e .org/tech/deletionhttps://secure.wikimedia.org/wikipedia/en/wiki/Gutmann_method
Programs/Processeshttp://www.heidi.ie/eraser/
http://www.piri orm.com/ccleanerhttp://bleachbit.source orge.net/http://www. leshredder.org/http://srm.source orge.net/https://secure.wikimedia.org/wikipedia/en/wiki/Srm_%28Unix%29
31
7/28/2019 anonsec
34/60
https://secure.wikimedia.org/wikipedia/en/wiki/Shred_%28Unix%29http://www. reeso waremagazine.com/columns/shred_and_secure_delete_tools_wiping_ les_partitions_and_disks_gnu_linuxhttp://www.gnu.org/so ware/coreutils/manual/html_node/shred-
invocation.html
VIRUSES AND MALWARE
WHA ARE HEY?A virus is a program which, when saved on your computer, rep-
licates by making copies o itsel . It o en causes damage to or inter eres with the operation o your computer. Viruses o en operate without theuser being aware, sometimes attaching to programs or replacing them.Tey can spread to other computers via any trans er o the in ected le(s).
Malware is malicious so ware, designed to secretly in l-trate a system without the users consent. It is o en intrusive and in-ter eres with a computers operation or invades a users privacy. Ex-amples o malware are spyware, adware, worms, and trojan horses.
WHY IS I IMPORAN ?Viruses and malware can inturrupt the proper unctioning o a
computer, damage or destroy les, and erase entire hard drives. Beyondthe annoyance o a ruined computer, anonymity and security are threat-
ened. Anything you do on your computer is compromised when mal- ware or viruses inter ere; state agencies seeking in ormation could createand install the virus and malware in order to compromise your machine.
HOW O DEALAnti-virus programs and anti-malware programs will miti-
gate the threat o viruses and malware. However, the security these o -
er depends on the quality o the program, user security settings, andupdates. We have included a variety o ree and reeware programs inthe links section; pay programs can also be pirated. It should be not-ed that anti-virus/malware programs are based solely on reaction to
32
7/28/2019 anonsec
35/60
threats. So ware is updated when threats are ound, which can some-times be too late i the virus/malware is already on your computer.
Firewalls will urther help prevent intrusion by malware, vi-
ruses, and a variety o other threats. Tese prevent unauthorizedaccess to your computer rom outside sources which do not meetspeci ed security criteria. Much like anti-virus/malware so ware,however, the strength o this depends upon user settings and updates.
Some general tips or protecting yoursel om viruses- Only download les or open email attachments you know thecontents o .- Keep your anti-virus and rewall ully updated.- Set programs to moderate or strict settings.- Make sure programs are running at all times.- Do a ull scan or viruses and malware weekly.
Another option is to use a Linux operating system. Linuxis more secure by de ault, most viruses and malware are designedor Windows and Mac, and security updates are much more com-
prehensive because Linux is open source. While editing rewalls inLinux can be di cult or most (the writers o this booklet includ-ed), there are programs such as Firestarter which simpli y the pro-cess. Linux also o ers an anti-virus program called KlamAV, which we recommend using to scan any les being sent to a Windows ma-chine, as Linux can be a carrier o Windows viruses but be une ected.
LINKS
(We are mostly including reeware programs. You can also pret-ty easily pirate other programs: http://www.thepiratebay.org)
Generalhttp://ubuntu orums.org/showthread.php?t=510812http://www.schneier.com/
33
7/28/2019 anonsec
36/60
Anti-Viruseshttp://www.avast.com/ ree-antivirus-downloadhttp:// ree.avg.com/us-en/homepagehttp://www.avira.com/en/avira- ree-antivirus
http://www.cloudantivirus.com/en/http://www.clamav.net/lang/en/
Anti-Malwarehttp://www.sa er-networking.org/index2.htmlhttp://www.lavaso .de/so ware/adaware/
Firewallshttp:// ree.agnitum.com/http://www.online-armor.com/http://www.comodo.com/home/internet-security/ rewall.phphttp://www.zonealarm.com/security/en-us/zonealarm-pc-security- ree-rewall.htmhttp://www. s-security.com/
Intrusion Detection Systems & Access Controlhttps://secure.wikimedia.org/wikipedia/en/wiki/Linux_Intrusion_De-tection_Systemhttp://www.snort.org/https://help.ubuntu.com/community/AppArmorhttp://www.ossec.net/
KEYLOGGERS
WHA IS A KEYLOGGER?A keylogger is a program or piece o hardware that records every
keystroke you make on your keyboard. It creates a log, which it thensends to a speci ed receiver. Keylogger hardware is a small, battery-pow-ered plug that connects the keyboard to the computer; it o en resemblesthe keyboards plug. Hardware keyloggers generally need to be physi
34
7/28/2019 anonsec
37/60
7/28/2019 anonsec
38/60
http://library.gnome.org/users/gnome-access-guide/stable/gok.html.enhttp://forence.source orge.net/english.htmlhttp://www.microso .com/enable/training/windowsxp/usingkey-
board.aspxhttp://www.lake olks.org/cnt/https://launchpad.net/onboardhttps://addons.mozilla.org/en-US/ re ox/addon/keylogger-beater/http://networkintercept.com/vrkeyboard.htmlhttp://myplanetso .com/ ree/mouse-only-keyboard.php
ROOTKITS
WHA IS A ROO KI ?A rootkit is so ware that allows or privileged access to a comput-
er without the knowledge o the user. Tese are o en designed to actively mask their presence by manipulating the unctioning o an operating sys-tem. Rootkits allow or ongoing intrusion and circumvent authentication.
WHY IS I IMPORAN ?As with spyware and viruses, rootkits sacri ce your anonym-
ity and security. Tey allow a remote user to manipulate your op-erating system and bypass most security setups by subverting the
so ware. Tis compromises anything you do on your computer.HOW O DEAL
Te best protection, as always, is to prevent rootkits rom be-ing installed in the rst place. Practicing good digital security anddiscretion about what you download will go a long way in helping prevent rootkits rom being installed on your computer. Rootkits gen-
erally require some access to your computers administration to gainaccess to your computer. You can help prevent this by restricting ac-cess to root (in Linux) or administrative privileges (in Windows), en-crypting parts or all o your hard drive, using strong passwords (see
36
7/28/2019 anonsec
39/60
section on passwords), and never giving root access or passwords toanyone who does not need them or who you do not trust completely.
Due to the hidden nature o rootkits, detection is di cult,
especially or users without deep knowledge o computers. Some programs, including some anti-malware programs listed in the mal- ware section, have some ability to detect rootkits. Linux has a pro-gram called chkrootkt designed or this exact purpose; Windowshas comparable programs. Besides those options, there is only ana-lyzing your computers memory dump, which requires experience.
I you think you have been compromised by a rootkit, reinstal-lation o your operating system may be the easiest or only way o dealing with the problem. ry to search around or help online rst.
LINKS
Generalhttps://secure.wikimedia.org/wikipedia/en/wiki/Rootkit
Detection & Removalhttp://www.sophos.com/en-us/products/ ree-tools/sophos-anti-root-kit.aspxhttp://www.lavaso .de/so ware/adaware/http://www. -secure.com/en/web/home_global/protection/internet-security/overview http://www.chkrootkit.org/http://www.rootkit.nl/projects/rootkit_hunter.htmlhttp://www.avast.com/ ree-antivirus-downloadhttp://www.ossec.net/http://www.usec.at/rootkit.html
37
7/28/2019 anonsec
40/60
PASSWORDS
WHY IS I IMPORAN ?Te strength o a password, your protocol around passwords,
and your use o passwords can all determine the security o yourcomputer, encryption, and user/email accounts. Simple passwords,loose lips, and indiscriminate password entry on unknown com- puters can all compromise your encryption keys and user accounts.
HOW O DEAL
Some tips on passwords- NEVER tell anyone your password.- Make it at least 15 characters long. Te longer a password is,
the more di cult it is to crack with dictionary attacks, which quickly cy-cle through lists o words, entering each as the pass word until it cracks it.
- Never include your name, user name, or anything related to your li e.
- Never make it a word ound in the dictionary, as this is easily cracked by dictionary attacks.
- Make new, distinct passwords or each account.- Include all o the ollowing: uppercase letters, low-
ercase letters, numbers, and symbols. Tis complicatesany attempt to crack the password via dictionary attacks.
- Make the password the rst letters o a line o asong or poem. For example, Do they owe us a living? O course they ucking do! becomes d7OU@L?0< D!
- Change passwords. Te requency depends on your ideal levelo security.
- I you are logging in on a computer you are not 100% sure o thesecurity o , using a virtual keyboard and/or a LiveSystem can allow you to
use the computer without sacri cing your password to potential threats.-Tere are programs that allow or encrypted storage o passwordsand encryption keys, putting them all under one master password. Tis canalso be accomplished by pasting password in a Notepad le and storing it
38
7/28/2019 anonsec
41/60
7/28/2019 anonsec
42/60
WHY IS I IMPORAN ?Encryption is the nal wall between your les and those who
wish to access them. Encrypting data prevents unwanted access to les,as long as the encryption is not broken and the password is protected.
With every raid on anarchists by the state, we hear o journals, phone books, and computers being con scated and used to orm a case.Te computer is con scated, and all o the les contained on its hard drivebecome evidence; journals and phone books construct a reasonably clear view o a persons networks and activities. Encryption could prevent this.
Instead, lets say an encrypted computer is con scated. Teowner encrypted their important les - phone numbers, encryp-tion keys, personal writings. Investigators hit a brick wall and areunable to access these les. Barring any traces o les on the com- puter, the owner may be able to keep their les secret (even more so i they practiced other security and anonymity methods, or encryptedtheir entire hard drive!). Encryption is vital. Encrypt everything.
HOW O DEAL
Full Disk EncryptionFull disk encryption can be done at the installation o
an operating system (some Linux distributions o er an option),or later on using so ware. As this di ers depending on the op-erating system or so ware, we are avoiding a step-by-step guide,but including a variety o links to other programs or guides.
It is worth noting here that ull disk encryption has one faw which someone with computer expertise can exploit to gain access to your hard drive. With ull disk encryption, a small part o your harddrive must by unencrypted, so it can decrypt the rest o it. Tis sectioncan be manipulated to gain access to your hard drive in a cold-boot attack.A possible way to avoid this is to put the decrypting portion on a fash
drive and hide it. We have provided some resources or how to do this. Encrypted Volumes
Encrypted volumes create a sort o cabinet or your olders andles. All contents o the encrypted volume are unreadable unless the vol-40
7/28/2019 anonsec
43/60
ume is decrypted. A popular program or creating/mounting encrypted volumes is rueCrypt, which we are using as the basis or this section.
With encrypted volumes, you create the volume and then mountit and decrypt it to access the les contained within. Tere is also the
possibility o using a hidden volume. With a hidden volume, you havetwo passwords or the encrypted volume - one or the outer volume(dummy volume), and one or the inner volume (hidden volume). I youare (il)legally orced to give the password to your volume, you can giveup the outer volume and no one will know that there is an inner vol-ume present, thus protecting your les and o ering plausible deniability.
First you create an outer volume. We recommend using astrong algorithm such as AES, as stronger algorithms are much moredi cult to crack. You are given a small box with randomly generatednumbers, which you swirl your mouse around in to create the encryp-tion - the longer you do this, the more di cult the encryption will beto break. Ten you are given the option o adding some les to theouter volume. Tis increases the illusion o it being the real volume i you are orced to give up your password. You then repeat the process,creating the inner volume. It is best to memorize the inner volume password, as this is where you will be storing les you want hidden.
Some ips on Encryption- Always use strong passwords. Your encryption is only as secure
as the password used to protect it.- Be care ul o keyloggers. Use a virtual keyboard, LiveSystem,
or a password manager.- Choose a strong algorithm. ruecrypt even allows or mul-
tiple algorithms.- Create your volume on a fash drive. Tese can be physically hid-
den, which may elude investigators or other thieves. Tis also allows or portability i you keep a portable version o rueCrypt on the fash drive.
- Use in coordination with LiveSystems to prevent traces o lesrom being stored on your hard drive.- When in doubt, encrypt. Te less in ormation investigators can
potentially mine rom us, the better. Tink about whether or not youd wantsomething to be used in court or seen by your enemies. I not, encrypt it.
41
7/28/2019 anonsec
44/60
LINKS
Generalhttp://www.schneier.com/
https://secure.wikimedia.org/wikipedia/en/wiki/Disk_encryption
Programs and Processeshttp://www.maximumpc.com/article/howtos/how_to_encrypt_your_entire_hard_drive_the_easy_way_using_truecrypthttp://www.wisegeek.com/how-do-i-encrypt- les.htmhttps://secure.wikimedia.org/wikipedia/en/wiki/Comparison_o _disk_encryption_so warehttp://www.truecrypt.org/http://www.truecrypt.org/hiddenvolume
Potential problemshttps://secure.wikimedia.org/wikipedia/en/wiki/Cold_boot_attack https://secure.wikimedia.org/wikipedia/en/wiki/Full_disk_encryption#Te_boot_key_problem
LINUX
WHY LINUX?
Linux as an operating system is more secure than Windows by de ault. Tis is due to the act that it is open source: its code is reely accessible. Windows is a proprietary operating system: its updates comerom Windows developers. Linux, being open source, can be main-tained by anyone. Tis generally means that security faws are patchedmuch quicker, and the system is there ore more secure. In addition, Windows and Mac operating systems are generally the target o attacks,
leaving Linux immune to many viruses and other malicious so ware.Linux also o ers a wide array o ree programs and options,many o which aid greatly in security and anonymity. As shown in pre- vious sections, it is much easier to accomplish certain tasks (changing
42
7/28/2019 anonsec
45/60
MAC address or computer nickname) in Linux. Many Linux distribu-tions also come with an option o ull disk encryption on installation.
DRAWBACKS
Te main drawbacks o Linux are the learning curve and incom- patibility.
Most people are amiliar with Windows and/or Mac and how those operating systems unction. Linux can prove more di cult or thoseun amiliar with how it works. One major di erence is that much o Linuxis based in the erminal. With those amiliar with Graphic User Inter aces(GUIs), this command-line way o operation can be con using. One mustknow the lines to type in order to achieve a goal. Commands can be learned,however, and many Linux programs o er a GUI alternative to erminal.
Incompatibility can sometimes be a problem or speci c pro-grams; some programs are just not compatible with Linux. Tere are threesolutions to this problem. First, Linux can run Wine, which packages various basic Windows programs so the user can create Word les or Ex-cel spreadsheets. Second, Linux has comparable programs to a majorityo Windows-and-Mac-only programs, such as Scribus or InDesign andGIMP or Photoshop. Te main complaint is that these are sometimesless power ul than their Adobe counterparts. Tird, the creation o a Win-dows LiveSystem will allow you to run Windows o o the computersRAM while still maintaining Linux as your computers operating system.
CONCLUSIONLinux is the way to go or security and anonymity. It simpli-
es actions which are more complex in Windows and o ers muchstronger security by de ault. Te drawbacks are easily overcome with some research and amiliarization with Linux and its unctions.
LINKS
Generalhttps://secure.wikimedia.org/wikipedia/en/wiki/Linuxhttp://ubuntu orums.org/
43
7/28/2019 anonsec
46/60
Distributionshttp://www.ubuntu.com/http:// edoraproject.org/http://www.opensuse.org/en/
http://www.redhat.com/http://www.knoppix.com/http://www.debian.org/
LIVESYSTEM
WHA IS I ?A LiveSystem is a portable operating system that can boot rom
a CD or fash drive. Te two varieties o LiveSystems are LiveCDs andLiveUSBs. LiveUSBs di er in that they are (depending on the distri-bution) able to save changes to the operating system, where LiveCDsare not. Tese operating systems run rom the computers RAM.
WHY DOES I MA ER?LiveSystems can aid in security and anonymity. By running on
the RAM, LiveSystems can avoid leaving traces o activity on a com- puter, and bypass the computers hard drive and whatever maliciousso ware is installed there. Tis is especially use ul when using a pub-lic computer or any computer you do not maintain yoursel , as these
may contain keyloggers, viruses, and other programs which compro-mise your privacy. By leaving no traces, LiveSystems allow you to avoithe logs and snippets o les le all over your computer by programs.
Some LiveSystems are speci cally designed to aid ano-nymity and security and include services such as OR, anony-mous and encrypted messaging and email programs, encryp-tion so ware, virtual keyboards, wireless hacking so ware, etc.
HOW O DEALCreating a LiveSystem depends on the service you choose, but
mostly just involves downloading and installing/burning. We have
44
7/28/2019 anonsec
47/60
included use ul distributions in the links section.
When choosing a system, look or :- An encryption program (so you can access encrypted les
without leaving traces on your hard drive)- Anonymizing so ware such as OR, MAC changers, various
Fire ox extensions- Email client which supports encryption & email encryption
program- Wireless hacking programs (i needed)- Virtual keyboard
In general, it would be wise to use a LiveSystem when:- Accessing encrypted data. (Tis will prevent log-
ging o encrypted le names, contents, etc. It may also by- pass keyloggers and other threats to your encryption security.)
- Working with sensitive les. (Same reason as the above.)- Using a public computer or a riends computer. (Te security o
these machines may be lacking and they may contain malicious so ware.)- Doing sensitive research. (Another way to prevent traces o your
internet activity rom being le on your hard drive. A LiveSystem withanonymity so ware will also help you anonymize your internet presence.)
LINKS
Generalhttps://secure.wikimedia.org/wikipedia/en/wiki/Live_CDhttps://secure.wikimedia.org/wikipedia/en/wiki/Live_USBhttps://secure.wikimedia.org/wikipedia/en/wiki/List_o _live_CDshttps://secure.wikimedia.org/wikipedia/en/wiki/Comparison_o _Linux_distributions#Live_media
Livesystems designed or anonymity https://tails.boum.org/ (Highly recommended! OR, FireGPG &Claws Mail, H PS Everywhere, Aircrack-ng, Pidgin precon guredor O -the-Record Messaging, onBoard virtual keyboard, lots o open
45
7/28/2019 anonsec
48/60
source so ware.)https://www.privacy-cd.org/ (Cannot connect to the internet. For viewing encrypted material.)http://www.mandalka.name/privatix/ ( ORbutton)
http://www.sabayon.org/ (Allows de ault use o OR on startup.)http://www.polippix.org/ ( OR, MAC changer, GnuPG, tra ck sni er)
General Linux Livesystemshttp://www.livecdlist.com/https://www.knopper.net/knoppix/index-en.htmlhttp://www.debian.org/distrib/https:// edoraproject.org/en/get- edorahttp://www.kubuntu.org/
WHA IS I ?With the proli eration o cellular phones and social network-
ing sites, it seems people are using email less and less to communicateStill, email o ers a quick and easy way to communicate; the develop-ment o a secure practice o emailing can bene t our networks greatly.
WHY IS I IMPORAN ?Like all communication, email can be intercepted. Consider-ing that emails travel over many networks, secure and unsecure, they should not be considered a sa e orm o communication. What au-thorities learn rom this interception varies depending on the con-tents and orm o the email. I a message contains sensitive in orma-tion, it could lead to raids, arrests, or investigations. It is also a simple
way o network mapping: seeing with whom someone is communi-cating, how requently, and about what. Security and/or anonymity practices in this context can limit the risks o email communication.
46
7/28/2019 anonsec
49/60
HOW O DEALHow you go about communicating via email depends on
your needs. In general, you can seek anonymity or security, thoughit is possible to achieve both. Anonymity would involve practic-
ing anonymity when accessing email (see Part I Anonymity andBrowsing), anonymous remailers, or the use o dra olders. Security would involve email encryption and/or use o cryptolects (secret lan-guages). Again, it is possible to attempt both security and anonym-ity - or instance, by using coded language in anonymously sent emails
RemailersAnonymous remailers take a message and orward it to a recipi-
ent without revealing the point o origin. Di erent types o remailersmaintain di erent strategies o anonymity, privacy policies, etc. Televel o anonymity essentially depends on the individual remailer, so weadvise doing some research be ore choosing one to use. Remailers gen-erally operate in a similar way to proxies. Tey take a message, strip it o originating IP and headers, and orward it to a recipient. Some includemore hops, orwarding it to one node, which then orwards to anothernode, etc., be ore arriving at its nal destination.
Tere are a ew general types o remailers- Pseudonymous remailers, which simply give a pseudonym to
the sender in place o your actual email, and allow the recipient to reply.-Cypherpunk remailers, which strip away the senders ad-
dress, send the message encrypted to the remailer, which decrypts itand sends it to the receiving address. Tese allow you to chain remail-ers, adding more hops to the process and increasing anonymity. Tesegenerally do not keep logs. Te recipient cannot reply to the message.
-Mixminion remailers, which use a program to anonymize mail-ing. Tese allow replies.
-Web-based remailers, which are websites that allow you to sendanonymous messages. Tese are simple to use, but provide less anonym-ity than real remailers.
47
7/28/2019 anonsec
50/60
Dra sAnother option is to use the dra older o an email to commu-
nicate. Tis is said to avoid NSA screening o emails, as the messagesare never sent, only stored in the dra older. Te positive aspect o this
is that, unlike remailers, it does not require special so ware, only atten-tion paid to anonymity when accessing the account. Te downside isthat the anonymity o the account requires all with access to have strong anonymity practices; unless you trust the ability o the others to practiceanonymity when logging into the account, this is a bad idea. Also, i theaccount is compromised, the contents o your communication may becompromised as well.
Regardless o whether you are using remailers or dra olders to communi-cate, it is best to ollow the ollowing guidelines:
- Never plan actions over email (or any digital communicationor that matter). Only do this ace-to- ace. Use these communications atmost as a way to plan meet-ups.
- Use vague or coded language. Never put your name or personalin ormation in an anonymous email. Never give the date/time/locationo meet-ups in plain language. Pre-establish code names or places, times,days o the week, etc.
- Utilize anonymity (see Part I Anonymity and Browsing) when accessing email or using remailers to resend email.
- Dont keep emails unless you need them. Delete emails regularly.- Once the email account has served its purpose, clear all emails
and delete the account.
PGP EncryptionEmails are sent in plain text. Tis means that anyone operat-
ing servers your email travels through (or monitoring those servers by sni ng packets) can read the contents o your email. PGP can miti-
gate this harm and protect the contents o your email rom prying eyes.Te basics o PGP are the private key and the public key. You publish your public key, a series o letters and numbers, making it avail-able to anyone who you wish to receive encrypted email rom. You keepthe private key to yoursel , pre erably storing it encrypted in some orm48
7/28/2019 anonsec
51/60
(see section on le encryption). When someone wishes to send youan encrypted email, they use your public key to encrypt it; then, only your private key can decrypt it. o everyone else - servers, investiga-tors and other snoops - it just looks like jumbled numbers and letters.
o con gure PGP in Tunderbird o begin with, youll need Mozillas Tunderbird email program,
an extension or it called Enigmail, and GNUPG so ware (see links).A er you have done this, open Tunderbird. In
the menu, open the OpenPGP option and go to Pre er-ences. Where it says to point to your GNUPG binary, click Browse and nd the GNUPG program you have installed.
Now you generate your public and private keys. In the OpenPGPmenu, choose Key Management. Ten, in the Generate menu, chooseNew Key Pair. Select an email address you want to generate the key orand click Generate Key. A er a ew minutes, your keys will be generated.
You will also be able to generate a revocation certi cate, which will invalidate a public key i the private key is compro-mised. We recommend generating this and saving it encrypted.
When sending an email, you compose it as usual in Tun-derbird. A key in the lower right o the window will allow youto encrypt and to sign a message (this proves it is you by sign-ing with your private key). I these turn green, they are activated.
o search or someone elses PGP key, choose Key Managementunder the OpenPGP menu. In the Keyserver menu, choose Search.Search by name or email address and add the persons public key to your key manager. Tis will allow you to encrypt email to that person.
How secure is PGP? Encryption is typically very di cult to crack. Tere is
evidence that the FBI (and comparable oreign agencies) is cur-rently not able to decrypt modern PGP. Tere is the possibil-ity that complex computers owned by the NSA, or example,may be capable o breaking PGP, but no evidence o this exists.
It should be noted that the Fi h Amendment (protection49
7/28/2019 anonsec
52/60
rom sel -incrimination) has allowed suspects to re use to give away passwords. Still, it is naive to assume investigators will grant you thisright, and it is best to prepare yoursel . Keep your mouth shut, always.
On the other hand, breaking the encryption or orcing a suspect to
reveal a password is o en not necessary. Investigators have used keystrokeloggers and so ware in order to obtain encryption keys and passwords.Te only preventative measure against this is to harden your system againstsuch attacks and practice good security behaviors (See Part II - Security).
Te more ubiquitous the use o PGP, the more invisible ourcommunications will be. Encrypt everything.
(NO E: We see many anarchist groups and individuals whouse Gmail as their email provider. We urge strongly against this. Gmailscans all emails to provide advertisements tted to users interests.Combine this with the amount o in ormation Google has on you viasearches, behavior tracking through scripts, etc, and a serious privacy problem arises.
Gmail has handed over data to investigators in the Mt. HopeIn nity trial, showing Googles true ace as a willing participant in thestates repression apparatus. Evade Google (see section on scripts). Usean email service such as Riseup, which is maintained by anti-authoritar-ians, emphasizes security, and has actively opposed investigators whereGoogle has collaborated.)
LINKS
Generalhttps://secure.wikimedia.org/wikipedia/en/wiki/Anonymous_remailerhttps://secure.wikimedia.org/wikipedia/en/wiki/Cypherpunk_anony-mous_remailer
https://secure.wikimedia.org/wikipedia/en/wiki/Mixmaster_anony-mous_remailerhttps://secure.wikimedia.org/wikipedia/en/wiki/Nym_serverhttp://www.emailprivacy.in o/remailershttp://anonymous.to/tutorials/anonymous-remailers/50
7/28/2019 anonsec
53/60
http://mixmaster.source orge.net/http://mixmaster.source orge.net/ aq.shtmlhttp://www.autistici.org/en/stu /user_howto/anonymity/man_re-mailer.html
https://i2pbote.net/
ENCRYP ION
General in ormationhttps://secure.wikimedia.org/wikipedia/en/wiki/Email_encryptionhttps://secure.wikimedia.org/wikipedia/en/wiki/Public-key_cryptog-raphy https://secure.wikimedia.org/wikipedia/en/wiki/Pretty_Good_Privacy http://li ehacker.com/180878/how-to-encrypt-your-emailhttps://secure.wikimedia.org/wikipedia/en/wiki/Mozilla_thunderbirdhttps://secure.wikimedia.org/wikipedia/en/wiki/Enigmailhttp://web.archive.org/web/20070205025633/dudu.dyn.2-h.org/nist/gpg-enigmail-howto
Programs and Processeshttp://www.gnupg.org/http://www.openpgp.org/https://www.mozillamessaging.com/en-US/thunderbird/http://www.openpgp.org/resources/downloads.shtmlhttps://enigmail.mozdev.org/home/index.php.htmlhttps://addons.mozilla.org/en-us/thunderbird/addon/enigmail/
SESSION DATA
WHA IS I ?
Session data consists o the various traces o activities and lesle on your computer. Examples o this include system logs, accessed programs, thumbnails, recent documents, searches, browser data, andtemporary les.
51
7/28/2019 anonsec
54/60
WHY IS I IMPORAN ?Even i you practice good security and anonymity, traces o les
on your computer can give you away. Logs can contain evidence o youractivities that can potentially compromise your security; thumbnails and
recent documents lists can show what les you have created, stored or ac-cessed; browser data can give a map o what you do online. Data o this sortmust be managed and curtailed i you want to keep your behavior private.
HOW O DEAL
Tere are a variety o ways in which to manage session data on your computer. Secure deletion and shredding ree disk space (see sectionon secure deletion) help to eliminate traces le by deleted les. Deleting browser session data (or not saving it at all) reduces or eliminates traces o your internet activity saved on your computer (see section on session data/browser settings). You can also use a LiveSystem (see section on LiveSytems), which will bypass your hard drive and prevent logs rom being creat-ed in the rst place. It is a good idea to use LiveSystems when accessing lesor programs you do not want to leave traces o on your computer. Encrypt-ing your hard drive will secure log les as well (see section on encryption)
Still, there are other traces le in various places on your comput-er that need to be sorted out and deleted. Linux, again, has advantagesover Windows in that most Linux distributions clear the /tmp older onboot, do not have a registry, and have speci c places in which logs arestored. Most temporary les are stored in /tmp and /var/log.
In Linux, logs can be managed with the logrotate tool. Somedeletion programs, such as BleachBit, can also be installed on Linux.
In Windows, some logs can be manually deleted.1. Click Start and go to the Control Panel
2. Click System and Maintenance/Security and go to the Administra-tive ools section3. Click View Event Logs4. Here you can right click various logs and clear them.
52
7/28/2019 anonsec
55/60
7/28/2019 anonsec
56/60
METADATA
WHA IS I ?Metadata are identi ying attributes embedded in a document.
For example, Microso O ce embeds data in any document you create,such as computer name, company name, etc. What we will ocus on, as we see these as most pertinent to anarchists, are O ce les and images.
WHY IS I IMPORAN ?Metadata can give away your identity. In the case o O ce les,
your computer name and other machine in ormation is given away. Inthe case o images, camera in ormation, time, and even geographical co-ordinates can be embedded. I you want these documents or images to re-main anonymous (in the case o a photo o an action or riot, a submissionto an anarchist zine, a communiqu), you have to remove the metadata.
HOW O DEAL
Microso OfceO ce embeds name, computer name, initials, company name,
and revision in ormation in all documents. While it is advisable to usegeneric, non-identi able names or your hardware and so ware (see sec-tion on 802.11 nicknames), any embedded data can link you to the le.
o remove metadata om an Ofce document, you do the ollowing :1. Right click the document and click Properties2. Go to the Details tab and click Remove Properties and PersonalIn ormation3. Select all and remove the data.
You can also remove data be ore the le is saved by doing the ollowing:
1. Click ools2. Click Options3. Go to the Security tab and check Remove personal in ormation romthis le on save
54
7/28/2019 anonsec
57/60
OpenOfce1. Click File2. Click Properties3. Uncheck Apply User Data & also click Delete
PDFs1. Open PDF le in Adobe Acrobat (you must use Acrobat; AdobeReader cannot be used to edit PDF les).2. Display Document Properties using File | Document Properties. I itsnot already the active tab, move into the Description tab).3. Delete any undesirable text present in the Author, Subject, or Key- words elds.4. Move to the Custom tab and do the same.5. File|Save As to the same name to overwrite, or save to a di erentlename, i desired.
ImagesDigital cameras and photo editors automatically record metadata.
Te easiest way to remove this metadata is to download a scrubbing program. We have included links to a ew o these or Linux/MacOS and Windows.
LINKS
O ce les & PDFshttp://lawyerist.com/how-to-quickly-and-easily-remove-meta-data/https://techpaul.wordpress.com/2009/06/15/how-to-remove-metada-ta- rom-your- les/http://www.microsystems.com/resources/wordtips/wordtip003.php Exi data on images
http://www.geosetter.de/enhttp://www.exi eraser.com/http://www.exi pilot.com/http://www.rellikso ware.com/exi datechanger/http://www.sno.phy.queensu.ca/~phil/exi ool/
55
7/28/2019 anonsec
58/60
7/28/2019 anonsec
59/60
RESOURCES
DIGI ALHackTisZinehttps://www,hackbloc.org Electronic Frontier Foundationhttps://www.e .org Surveillance and Counter-surveillance Guidehttp://anti-politics.net/distro/2009/warriorsecurity-read.pd Snitchwirehttp://www.snitchwire.blogspot.com/NGOinabox https://security.ngoinabox.org/Ubuntu Forumshttp://ubuntu orums.org/ExitTeMatrix http://billstclair.com/matrix/Security Self-defensehttps://ssd.e .org/ Activist Security http://www.activistsecurity.org/Green is the New Redhttp://www.greenisthenewred.com/Hacker10
http://www.hacker10.comNorth Carolina Piece Corpshttps://ncpiececorps.wordpress.com/2600 Magazinehttp://www.2600.com/
BOOKS/MAGAZINES
Beat the Heat Katya Komisaruk Te Art o Deception Kevin Mitnick Te War At Home Brian Glick
57
7/28/2019 anonsec
60/60
