Silk Road forums

Discussion => Security => Topic started by: fingertothefbi on September 19, 2013, 04:25 am

Title: Opening files
Post by: fingertothefbi on September 19, 2013, 04:25 am
Opening files that you bought from SR, how do I do this securely? At a minimum I figure I wont be using my man computer that I use for the road, but what else do I need to hide my ip or what ??
Title: Re: Opening files
Post by: Yoda on September 19, 2013, 05:37 am
While I'm not one of the resident experts here...

I'd say they'd recommend using a computer not connected to the internet at all... maybe inside an OS in virtual box on that computer, which is disconnected form all networking/sharing as well.  And to be safe, once done, roll back that OS to the last saved image of that OS just in case that file installed any malware.

At the very least I'd say open it in an OS in virtualbox disconnect from networking, no shared folder, no shared clipboard, no shared drag n drop.  That's got to be better than just opening it on your main computer OS.
Title: Re: Opening files
Post by: sofish89 on September 19, 2013, 05:40 am
Are you saying i might have malware on my computer if i opened files from SR? whats the worst case scenario and what should i do now?
Title: Re: Opening files
Post by: Yoda on September 19, 2013, 06:13 am
Are you saying i might have malware on my computer if i opened files from SR? whats the worst case scenario and what should i do now?

Just because you didn't use a condom once, doesn't mean you have aids. 

For all I know, you're clean.  It's just safer to take precautions, especially with stuff you're unfamiliar with or don't know you can trust 100%.

Worst case scenario?  The NSA has installed not only a keylogger, but remote control abilities to watch everything you do as if they were you sitting at your computer, maybe abilities to use your webcam and microphone at their will to watch you as well.  Idk.

What can you do now?  Once again, I'm not a resident expert here... but I'd say they'd give the unsettling advice that only a hard drive wipe and a reinstall of your OS, is the only true way  to know you're clean.

If you don't want to go through that and want to take the risk... you can do all that you can security wise.  Make sure you have a tight firewall, scan for malware, scan for viruses, open up a process explorer and look for things... of course, maybe the hacker made something to get around all those precautions though, thus why the only real safe way is a total wipe.
Title: Re: Opening files
Post by: astor on September 19, 2013, 01:25 pm
You should use a disposable VM to view untrusted files. Simply disconnecting your computer from the internet prevents a malicious file from phoning home and revealing your IP address to an adversary, but that file could be malware that infects your computer and phones home later. It could also get your MAC address (like the FH exploit did) or hardware serial numbers. A disposable VM with no networking protects against all these things, because it uses virtual hardware with fake MAC addresses and serial numbers. Install a Linux distro, which on its own will protect against 99% of malware, and if you think the file is malicious or has infected the guest OS, destroy the VM and the malware is gone.

There is still a threat from malware that can break out of VMs, but you're increasing the difficulty a lot compared to the common malware that we see. A Linux VM running over Tor would have provided multiple layers of protection against the FH exploit, for example.
Title: Re: Opening files
Post by: astor on September 19, 2013, 01:28 pm
Remember a few months ago when someone was sending PMs to people, claiming they had video of them pulling drugs out of their mailbox, and posting a link to a video site? The site had a Java applet that installed a trojan downloader. I was able to examine that malware in a disposable WinXP VM running behind the Whonix Gateway without compromising my computer.
Title: Re: Opening files
Post by: fingertothefbi on September 20, 2013, 03:42 am
How does one obtain a virtual machine? Do I put it on a flashdrive?

And thank you
Title: Re: Opening files
Post by: Yoda on September 20, 2013, 08:10 am
You download it.  Yeah, you can do that. 

Here are a couple tutorials:

Tutorial: Encrypted and Torified Linux Virtual Machine on a Windows USB Stick
http://dkn255hz262ypmii.onion/index.php?topic=201405.0

HOWTO: Pine's Tutorial on stopping LE malware with a virtual machine
http://dkn255hz262ypmii.onion/index.php?topic=39320.0

Title: Re: Opening files
Post by: astor on September 20, 2013, 01:24 pm
Grab VirtualBox and any 32 bit Linux installation image. Lubuntu, Xubuntu and Linux Mint Mate are good choices. The tutorials above use the first two. I like Mint because it comes with media codecs installed by default, so it's more newb friendly.

To configure it to send all traffic over Tor, take a look at the Whonix documentation:

https://www.whonix.org/wiki/Other_Operating_Systems

I used to have a "How to Torify any OS with the Whonix Gateway" tutorial which was based on that.
Title: Re: Opening files
Post by: kmfkewm on September 21, 2013, 12:44 am
64 bit is more secure
Title: Re: Opening files
Post by: astor on September 21, 2013, 02:49 am
True, and VirtualBox itself will be 64 bit if your host OS is 64 bit, but I don't think it matters that much for the guest OS when it is a disposable VM that is meant to be destroyed. The main advantage of using 32 bit guest OSes is they work out of the box in VirtualBox and they consume much less RAM.