Silk Road forums
Discussion => Security => Topic started by: AussieMitch on March 07, 2013, 03:34 pm
-
I've been thinking a lot lately about the ultimate security setup for doing a variety of dodgy shit on the internet. The problem is that I do a variety of illegal business ventures that require me to access sites outside of Tor, or require me to run Tor and a clearnet browser side-by-side. I've come up with what I think is a perfect security setup, which I thought i'd post here before I invest money in:
►Internet Connection: I use an anonymous prepaid visa card to purchase a wireless internet dongle using fake details and have it delivered to a friends private mailbox (you can't have them sent to drop-addresses as they always require signature in Australia). I can now use the internet without the connection itself having any links to my real identity.
►Computer & OS: I buy a new laptop and manually break the webcam, then use DBAN to wipe the hard-drive and OS, and then install Ubuntu with full-disk encryption.
►Silk Road Access: I run Whonix through VMs that are stored on an encrypted USB stick and access Silk Road this way.
►Clearnet Browsing: I use a VPN that you can pay for with BTC to access any sites that block Tor or that I need faster speeds to access.
►Identity protection: Under no circumstances do I ever access anything that links to my real identity like banking, social media or personal email accounts. Any purchases I make online are done with an anonymous debit card loaded only with BTC and sent to drop-addresses not linked to me.
►General programs: I use OTR for all online chat, GnuPGP for encrypting all emails and Truecrypt for secondary encryption (beyond the full-disk encryption) of any sensitive files.
►Programs that require windows: For any programs that specifically require Windows I use a VM that is contained on an encrypted USB stick. Unfortunately I've been unable to find a label printer that I can run off Ubuntu so this seems to be the only workaround for this to remain secure.
Can any of you technically minded guys find any holes in this set-up?? It seems to me like it covers all the bases and will provide complete protection for any dodgy things I do on my computer.
-
nice thread.
-
I've been thinking a lot lately about the ultimate security setup for doing a variety of dodgy shit on the internet. The problem is that I do a variety of illegal business ventures that require me to access sites outside of Tor, or require me to run Tor and a clearnet browser side-by-side.
Physical isolation of these two states is the most secure. In other words, don't do clearnet and Tor shit on the same computer.
Internet Connection: I use an anonymous prepaid visa card to purchase a wireless internet dongle using fake details and have it delivered to a friends private mailbox (you can't have them sent to drop-addresses as they always require signature in Australia). I can now use the internet without the connection itself having any links to my real identity.
Are you using random wifi hotspots? Otherwise this is irrelevant. MAC addresses are not broadcast over the internet. Only devices physically linked to your dongle know its MAC address. If you're paying for internet service, they still know your identity. If you are connecting directly from home, they know your identity.
Computer & OS: I buy a new laptop and manually break the webcam, then use DBAN to wipe the hard-drive and OS, and then install Ubuntu with full-disk encryption.
Excellent choice! Finally people are getting the importance of FDE. :)
Don't forget to disable the microphone, too.
Silk Road Access: I run Whonix through VMs that are stored on an encrypted USB stick and access Silk Road this way.
Good choice, although lately I've come to the conclusion that an anonymizing middle box is the safest setup. It's a physical device, like a computer in an HTPC form factor, with 2 network interface cards, that sits between your main computer and your home router (let the router be the gateway to the public internet, not the anon middle box). It runs a stripped down Linux or BSD variant with Tor, and transparently proxies all connections over Tor. It's basically Whonix with the Gateway on a separate physical device. Don't get me wrong, your setup is orders of magnitude safer than most, but a gateway on a separate device is safer still.
Clearnet Browsing: I use a VPN that you can pay for with BTC to access any sites that block Tor or that I need faster speeds to access.
VPNs are good for certain use cases, but I've never understood the need to pay with bitcoin. If you connect to the VPN server directly, they know your IP address. LE can deanonymize you if the VPN provider cooperates. I suppose if you live with a bunch of other people, you have some plausible deniability.
Identity protection: Under no circumstances do I ever access anything that links to my real identity like banking, social media or personal email accounts. Any purchases I make online are done with an anonymous debit card loaded only with BTC and sent to drop-addresses not linked to me.
Superficially that seems safe, but don't you think you stand out as being "a weird (presumably young) guy who does nothing of value on the internet?" I think it's safer to maintain two identities. Have one computer with Windows, unencrypted, nothing sensitive. Act normal, have a Facebook/Twitter account, buy shit online, look just like everyone else. On the side (on separate physical devices), you do your dirty work.
I don't know, though. I'm not too familiar with research on social profiling of criminal activity.
General programs: I use OTR for all online chat, GnuPGP for encrypting all emails and Truecrypt for secondary encryption (beyond the full-disk encryption) of any sensitive files.
Sounds good. Just don't use TorChat. That makes you a hidden service which opens you up to new attacks. Run Pidgin over Tor and connect to a separate XMPP server.
Programs that require windows: For any programs that specifically require Windows I use a VM that is contained on an encrypted USB stick. Unfortunately I've been unable to find a label printer that I can run off Ubuntu so this seems to be the only workaround for this to remain secure.
Not sure why you're having problems. Printer support on Linux is pretty good these days. Check out http://www.linuxfoundation.org/collaborate/workgroups/openprinting/database/databaseintro
-
Hi AussieMitch !
Wow ! Nice setup ! I'm no an expert, but this seems really coherent and secure.
A few months ago, when I saw whonix, i instantly thought it would be a great tool to secure Tor and make sure nothing ever leaks on its side. Glad you tryed it out !
Was it hard to configure ? Are the VM expensive in term of memory/cpu usage ?
A few things worth adding to your great setup:
1) Passwords
I would guess you probably already choosed solid passwords, but just in case I think it's worth reminding how important this is.
A good password must follow these guidelines:
- Length: The longer a password is, the longer it will resist a brute force attack (except if it's entropy is low or it's using dictionnary words).
- Entropy: As mentionned, a solid password should include digits, lower case/capital letters, special characters (%^$'"à or simply a space _ )
- DO NOT USE sensible passwords on multiple devices/websites. If you use the same password for multiple encrypted data, you are taking a HUGE risk. It's even more true if you use your encrypting password on clearnet websites. If LE ever needs your password, they could ask to Google or anything for your current password and then copy/paste it everywhere just to see if it works.
Quick tip for a strong and easy to remember password:
- Choose an ~8 chars long password with all the above, special chars, digits and everything. Memorize it. 8 Characters should be quite easy to remember if you have a decent memory :) E.G: 8ç'$";!0
- The above password (fake ofc) has good entropy but is far too short to be strong enough to resist a powerful bruteforce/dictionnary attack.
- Now you should add an english (or any language) sentence in front or after that password to make it a lot longer E.G: " I have a very strong password which is 8ç'$";!0 "
The above password has good entropy and is already 47 chars long. Strong as long as it's not use elsewhere. And strong as long as there is no keylogger on your system (highly suggest using a GNU/Linux system).
2) MAC address:
I saw someone mentionning mac address. It's true that they may let someone track you down in some case. If you ever use a public wifi (which would be a terrible idea already) spoof your mac address everytime you connect. A mac address can be edited on many wifi devices or even on a simple ethernet link. Mac address are a risk for you when LE is already close to you snce this type o address is usually only used for Local Area Networks links.
3) VPN and wireless tricks:
I feel it's much more simple to buy a powerful wifi antenna and try to find weak Access Points (WEP without MAC filtering, WPA with a weak password or WPS hack). You can even use your VPN through a neighbors AP and it should be already very secure. astor is also very right for VPNs. Most VPN keeps detailed logs of people using their service. Most of the time it's sue to legal obligation. VPN service that does not log anything at all are quite uncommon. Maybe it's more secure to pay your VPN in a more standard way but choose a VPN that do respect your privacy by not logging anything.
4) OTP: One Time Passwords
This is probably the future of authentification. If you can implement one time passwords to your setup, it would be even more secured ! One time passwords added to standard passwords are VERY effective. They prevent most attempts of keylogging since passwords are valid for short durations and always change. They force the person authenticating to physically have a device of some sort generating a OTP. Take a look at yubikey. It's quite cool. (Note that you will need to assess privacy on OTP and make sure you don't leak anything sensible by using such devices).
5) Legal training: A secured setup should include also some legal training :) Knowing your rights can be very important if you ever get in trouble. (Offtopic since it's not IT related)
6) DBAN is not only great to prepare an hard drive. It can be a very helpful emergency tool to wipe something in a few minutes. I was wondering if it would be wise to keep your main station 24/24 7/7 online but with everything sensible not mounted. And with a DBAN key on it. If you ever shutdown or reboot the system, it should boot on DBAN and erase everything right ? Could be a very fast way to wipe everything in case of emergency just by pressing your reset button. (Never tested this, and it seems very dangerous but effective).
7) TrueCrypt
I also love Truecrypt for many reasons:
- There is history of truecrypt containers resisting FBI for months until they had to surrender. A well used encrypted container can be very strong !
- Truecrypt is open source, well conceived and well documented.
- Truecrypt offers "hidden containers". An encrypted container inside another encrypted container. This is GREAT. If someone ever puts a lot of pressure on you for revealing your password/key, you can just give a fake one that opens a "fake" container. If you are well prepared, you can just finally give your password while faking you admit defeat and lead LE to some shameful but harmless content.
- You can hide encrypted data amongst unsuspicious data like movies/mp3s/programs. Any file can be an encrypted container (yet its still possible to detect this containers if you got the skills for it).
8 ) Updates:
Updating a secured system is an art on it's own. You got to make sure updates does not add any new security holes. You also got to do security updates very regularly in order to be sure someone won't use some freshly discovered exploits on you.
When updating make sure your downloads won't reveal anything about you.
Well, anyway, your setup is top notch compared to 99% of SR users. It even feels a bit overkill for me but that depends of what you want to hide. Always keep security procedures proportionate to what you are risking. it's not worth reducing your "productivity" by a factor 20 if you just buy 2 grams of weed on SR every few months. Common SENSE.
I will definitely try to improve my own setup with some of your ideas ! Thumbs up and good luck !
-
Quote from: AussieMitch on March 07, 2013, 03:34 pm
Silk Road Access: I run Whonix through VMs that are stored on an encrypted USB stick and access Silk Road this way.
Good choice, although lately I've come to the conclusion that an anonymizing middle box is the safest setup. It's a physical device, like a computer in an HTPC form factor, with 2 network interface cards, that sits between your main computer and your home router (let the router be the gateway to the public internet, not the anon middle box). It runs a stripped down Linux or BSD variant with Tor, and transparently proxies all connections over Tor. It's basically Whonix with the Gateway on a separate physical device. Don't get me wrong, your setup is orders of magnitude safer than most, but a gateway on a separate device is safer still.
Doesnt matter how many gateways you are away from reality, if you get just one trojan on it then your system is fucked. I mean they might not be able to deanonymize you but they can still take all your info which might have the same effect.
Live OS's > Gateways any day of the week.
-
Quote from: AussieMitch on March 07, 2013, 03:34 pm
Silk Road Access: I run Whonix through VMs that are stored on an encrypted USB stick and access Silk Road this way.
Good choice, although lately I've come to the conclusion that an anonymizing middle box is the safest setup. It's a physical device, like a computer in an HTPC form factor, with 2 network interface cards, that sits between your main computer and your home router (let the router be the gateway to the public internet, not the anon middle box). It runs a stripped down Linux or BSD variant with Tor, and transparently proxies all connections over Tor. It's basically Whonix with the Gateway on a separate physical device. Don't get me wrong, your setup is orders of magnitude safer than most, but a gateway on a separate device is safer still.
Doesnt matter how many gateways you are away from reality, if you get just one trojan on it then your system is fucked. I mean they might not be able to deanonymize you but they can still take all your info which might have the same effect.
Live OS's > Gateways any day of the week.
So a live OS is not prone to get a trojan/virus ? Weird. Even if your live OS resets itself and doesn't use physical storage like HDD/SDD, it doesn't make it much less likely to be hackable or to suffer from some sort of exploit. Furthermore, live OS would IMO tend to get outdated since updating them can be an hassle. An outdated system is always at risk, even if it's a live CD with no persistent system.
It's obvious that using Windows and trying to achieve a decent level of security is moronic. On the other hand, some linux based distribution are quite known to be very secured on their own.
Gateways are very important since a LOT of things can LEAK out of Tor if you are not cautious enough. It's no mystery that Tor Browser Bundle includes a "special" firefox with multiple privacy enhancing extensions. Tons of stuff from a standard browser can leak out of the tor proxy. Similarly, a badly configured OS can leak out of its proxy very easily. Whonnix is close to guaranteeing a 100% torified communication with internet which is great !
-
Doesnt matter how many gateways you are away from reality, if you get just one trojan on it then your system is fucked. I mean they might not be able to deanonymize you but they can still take all your info which might have the same effect.
Live OS's > Gateways any day of the week.
We're talking about different threats. Any OS can potentially be rooted, including a Live OS, including Tails. An attacker with root access can disable Tor, iptables rules, and transparent proxying. An anon middle box as a separate physical device protects against that. Of course, if you get rooted, you can be fucked in many other ways, like the attacker reading sensitive files that store passwords or customer info, but your IP address and location will still be safe with a middle box. Obviously, you should never store personal info on the dirty computer.