Computer Security and counter-forensics

Armed_Penguin
Computer Security is essential in the wake of police repression against Internet activsts involved in things like the campaign to shut down Huntingdon “Death” Sciences.

Given that most web hosts record your IP (electronic address) when you post-and that the FBI or other enemies could copy your posts to a second server that does in real time, it is up to you to protect yourself when posting anything the cops might want to use against you.

Basic rules of conputer security

1: Never put anything in a computer that could put someone in jail unless there is NO other choice! Don’t take pictures or otherwise record any illegal activity unless every participant accepts the risk and it is for a public claim of responsability.

2: Never use a home Internet connection to post anything that could allow the cops to charge you with a crime or subpeona you to a grand jury. Even Tor can be used incorrectly.

3: Always encrypt any emails concerning subjects that cannot be told directly to the cops without causing an action to fail or a person to be arrested.

4: Encrypt you fucking hard drive! Cops just love to steal computers in raids on people’s homes-but good encryption drives them NUTS. If they have 20 encrypted computers to try and crack, and only one has the files they “need,” they have a real problem on their hands.

We will be offering information here on encryption(to protect your data after police raids or other burglaries) secure browsing with everything on RAM and wardriving(so you don’t arrested because your ISP snitched).

If you have suggestions or scripts you believe will be useful for securing activst computers against the enemy, post them here as text comments. WARNING: all scripts will be checked, malicious code will be deleted for obvious reasons.

Advertisements

4 Responses to Computer Security and counter-forensics

  1. dcdirectactionnews says:

    Here is a script for linux computers that allows you to use Firefox to access the Internet without leaving any “evidence” behind on your hard disk.

    I’ve used it for months on a number of Ubuntu machines. you need sudo (root) access to use it, like on your own machine where shit left behind on disk could be recovered by file recovery software ewven after deletion. Two defenses exist: surfing on RAM, as in this script, or using an encrypted home directory.

    ###BEGIN SCRIPT;

    ### Firefox_private.sh ####

    # get username for /home/(username)
    USER=$(whoami)

    #set up ramdisk on volatile memory
    sudo mkdir -p /mnt/RAMDISK
    sudo mount -o size=25% -t tmpfs tmpfs /mnt/RAMDISK

    #copy settings, plugins, etc from normal .mozilla directory
    cp -R /home/$USER/.mozilla /mnt/RAMDISK/.mozilla

    #mount mozilla(firefox) directories on volatile memory
    sudo mount -o bind /mnt/RAMDISK/.mozilla /home/$USER/.mozilla

    #set permissions on mozilla directories
    chown -R $USER /home/$USER/.mozilla
    chmod 700 /home/$USER/.mozilla
    chmod 744 /home/$USER/.mozilla/plugins

    #open firefox brower and hold teminal open
    firefox

    #Revert to normal .mozilla directory on close and remove volatile directory
    sudo umount /home/$USER/.mozilla
    sudo umount /mnt/RAMDISK
    sudo rm -R /mnt/RAMDISK

    #sudo swapoff -a #UNCOMMENT IF USING ENENCRYPTED SWAP or whenever maximum security
    # is needed

    #WARNING: SHUT OFF MACHINE if there is any danger of enemies recovering information from memory
    #on a running machine!

  2. anonymous says:

    HOW TO PUT YOUR ENTIRE HOME DIRECTORY INTO RAM IN UBUNTU;

    1:Create a new user named “ram” . This user should be given sudo priviliges so you can intentionally save a file if needed, using sudo nautilus

    2: copy the script below to the desktop and make it executable

    3: click on it, select “run in terminal” and letr it run-you will need to log back in as ram to use the volatile(nothing stored on disk) home directory.

    ####Begin script
    #
    # Home_on_Ram.sh
    ################### Home_on_Ram #######################
    #
    #This script is for secure browsing and file handling with nothing left on disk
    #unless deliberately saved other than to home or /tmp

    # IT IS NECESSARY TO LOG BACK IN AFTER RUNNING THIS SCRIPT!

    echo “Before you can use this script you MUST create user account ‘ram’ ”
    echo “WARNING:”
    echo “you are going to be logged out-please save all work and close all programs”
    echo ” ”
    echo “log back in when this script completes as ram”
    echo “You can save files to your normal /home/(username) directory with sudo nautilus”
    echo “but NOTHING will go to disk by default”

    #set up ramdisk on volatile memory
    sudo mkdir -p /mnt/RAMDISK
    sudo mount -o size=50% -t tmpfs tmpfs /mnt/RAMDISK

    #Create directories within Ramdisk
    sudo mkdir /mnt/RAMDISK/TMP
    sudo mkdir /mnt/RAMDISK/VAR_TMP
    sudo mkdir /mnt/RAMDISK/VAR_SPOOL
    sudo mkdir /mnt/RAMDISK/VAR_MAIL
    sudo mkdir /mnt/RAMDISK/home
    sudo mkdir /mnt/RAMDISK/home/ram

    #mount home and temp directories on volatile memory
    sudo mount -o bind /mnt/RAMDISK/home/ram /home/ram
    sudo chown ram /home/ram
    sudo chmod 744 /home/ram
    sudo mount -o bind /mnt/RAMDISK/TMP /tmp
    sudo chmod 1777 /tmp
    sudo mount -o bind /mnt/RAMDISK/VAR_TMP /var/tmp
    sudo mount -o bind /mnt/RAMDISK/VAR_SPOOL /var/spool
    sudo mount -o bind /mnt/RAMDISK/VAR_MAIL /var/mail
    sudo chmod 1777 /var/tmp
    echo “Setting up all home and temp directories in ram”
    sleep 5

    sudo swapoff -a

    sudo killall Xorg #kill X to force logout and back in so temp files will
    #write to new mountpoints

  3. Anonymous says:

    I found this website, very helpful in some respects but I need some advice on the powers and extent that police will go to track phones (specifically phones) and laptops

    • dcdirectactionnews says:

      How far will they go? Depends entirely on who and what they are investigating. I suppose the heirachy goes like this, from least motivated to most motivated:

      Prank/school
      civil matters (e.g. lawsuits over adverse reviews on Yelp)
      misdemeanor
      felony
      major felony
      national security/ routine wartime events
      something that could change the course of a war or cause regime change in one or more countries

      How far CAN they go depends on how good a hacker you are, and on how good their hackers are.

      Phones are the most easily tracked, and so many new exploits keep coming up that even a hardened phone with no cloud (Google/Apple etc) accounts, no Facebook app, no Google Maps, no Google Play services, and all ad supported apps removed is still easily tracked by whoever you get phone service from, and thus by anyone who can get a judge to sign a warrant. Don’t screw around with phones: if tracking or audio monitoring is an issue, turn phones ALL THE WAY OFF by removing the batteries or leave them home. We don’t call them “pocket snitches” for nothing. If you need to use a phone under these conditions, only a burnphone is safe, and it’s only safe until it has made one call or non-Signal text to a number that is being watched. Does not take much motivation to send a subpoena to a phone company, hell a civil lawyer can do this in a fucking file sharing lawsuit if those ever start back up.

      A laptop used only with public access wifi is harder to track unless they can get spyware on it AND it is ever used with an account tracable to you or from an IP address associated with you. That takes a lot more motivation, but if it is ever used at home, watching that is as simple as watching your ISP, provided you are not using Tor. If you are, it takes a lot more work and a lot more effort, and usually but not always investigations into activities over Tor will fail.

      Tracking computers that can’t be found due to Tor usage and being able to use it in court requires first getting a warrant to tamper with your computer. This is probably a lot harder to get than a subpeona to your phone or cable company. Then they have to sucessfully break into your computer (or phone). In many countries commercial software sold by scumbags like Gamma Group, the Hacking Team, etc is used to do this. The FBI calls their in-house developed payload a “CIPAV” or computer internet protocol address verifier, but still has to use the same exploits the private hackers use to get in. Be alert on both phones AND on computers for links send by any unknown or untrusted party, whether in an email to you, on some social media site you run, etc etc etc. A malicious link is often used to direct a target computer to a website customized for installing spyware. All this assume either you block ads and trackers, or courts never decide that data purchased from the ad networks is good enough to use in court! If you let websites show ads, you are being tracked and ANYONE can buy the data on the open market, for any reason.

      If you care about tracking, STOP RIGHT NOW and install Adblock (with “acceptable ads” turned OFF) and NoScript, and learn to use them. Stop using your phone for web browsing entirely, its browser does not accept the extensions necessary to stop the tracking(and the hacking).

      If you are known as a hacker, that is known to often deter at least the FBI from planting their CIPAV spyware. This is because they have no way of knowing the machine they are seeing is not a honeypot set up to trap their spyware so it can be analyzed, decompiled, and the resulting source code published. This may be how they got burned in the Freedom Roads Hosting case. In that case they attacked ALL Windows machines connecting to any site hosted on that .onion platform, and one was a hacker’s machine (probably a well planned honeypot) and captured their exploit. The exploit used to get in was a cross-platform weakness in older version of Firefox, but the payload was Windows-only. Keep in mind, Apple is maybe 5% of desktop and laptop machines, Linux maybe 1%, and things like FreeBSD a tiny fraction of that.

      Needless to say, if the outcome of a war, whether or not a war or revolution starts in the first place, or probably even the outcome of an election might be changed by what they are investigating, your opponents should be considered limited only by what they physically and technically are capable of doing. No requirement for a warrant and no budgetary limitation is worth jack shit if any head of state is staring at the danger of his worst enemy’s boots marching in triumph into his national capital.

      In WWII, the Nazis had the Eniegma cipher machine that was almost as easy to use as a typewriter. In response, Polish engineers invented a machine known as a bombe (because it sounded like a ticking time bomb) that took up a whole room, and in a whole day could work out the key for a message that took seconds to send on a machine costing maybe a millionth as much to produce. The British had to rely on entire buildings full of these machines to crack the German naval communications, but because they did so and it worked they were able to take the edge off the U-boat (submarine) blockade and survive long enough to win instead of lose WWII. Needless to say, a corrupt banker using one of these machines (they were sold commercially before the war) could consider his communications probably secure, as nobody in British intelligence could have spared tying up the roomful of code breaking machines long enough to deal with a single crooked banker, and the local police department (or even the SEC) probably could not afford to pay for a duplicate of what the British were using a GCHQ to defeat the Nazi codes.

Leave a Reply --WARNING: do not "Comment using Facebook" or using Twitter-you expose your information to 3ed party tracking

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.