Silk Road forums
Discussion => Security => Topic started by: hummus21 on April 05, 2013, 08:41 am
-
Hello road travelers, today I thought of something that could help many users of this forum stay safe. Has anyone ever tried using a pre paid Mobile 3G/4G adapter/hotspot? From what I understand they would be able to see trace your general location in a state depending on what signals you were using but there is no way for LE to see the exact location of one of these devices unless its GPS enabled? I know some are GPS enabled but does anybody know of any ones that don't have any GPS capabilities?
I don't think the Cricket ZTE AC3781 has a GPS but I am unsure. http://www.mycricket.com/broadband/datacard/zte-ac3781
I've read that The Virgin U600 has GPS (the version sold by sprint does) can anybody confirm or deny whether the Virgin mobile version could be traced using GPS? http://www.walmart.com/ip/Virgin-U600-3G-4G-Franklin-USB-Stick/21082067
Does anybody know of a mobile broadband modem that definitely has no GPS? I would really appreciate it if somebody could let me know and I might even throw some btc your way if you help me.
-
they can still be triangulated
-
they can still be triangulated
Possibly, but to what extent? If you live in a large metropolis it would be very difficult to triangulate an exact address with certainty.
-
cricket is the way to go. people in your area share IPs on the cricket network. they also dont track what urls you go to, like apple, att, sprint, and verizon. back in 2010 tmobile was in the same boat as cricket but i do not know if they still are.
-
they can still be triangulated
Possibly, but to what extent? If you live in a large metropolis it would be very difficult to triangulate an exact address with certainty.
Generally speaking:
GPS - 7-10 meters.
Wi-fi - 30 meters.
Cell Tower - 500 meters.
-
If you connect to Wi-Fi you could use a directional antenna. Works great in high population areas. Sort of puts you outside the logical physical triangulation area, if you know what I mean.
-
If you connect to Wi-Fi you could use a directional antenna. Works great in high population areas. Sort of puts you outside the logical physical triangulation area, if you know what I mean.
Wasn't this the Iceman's strategy? Anyway, it was the fact he choose the wrong associates that got him. It sounds like a good idea for the first hop.
I think intrusion detection mechanisms (not necessarily computer related) are the best strategy. See, even if the Feds have a 1% chance of interception of your real IP, they also have infinite time to retest their assumptions. So you either make testing those assumptions really expensive and/or you have mechanisms to detect their search so you can adapt. I'm certain plenty of LE agents would work as double agents. Given my recent thread on turncoat hackers, it would be satisfying to see the shoe on the other foot. Tor does a great job of the first, making searching the search space more expensive, but we ideally need a method for the second. Perhaps a SR-Leaks database to pay off LE agents or something. That and an intelligence gathering operation to sort the signal from the garbage in open source intelligence + maybe some signals capture. At the ground level you could have custom things like license plate readers and a list of LE registrations so you can surveil them in your locale (or at the simplest level just pay the local kids to keep an eye out), but most things I can think of are either over the top and also untestable or difficult to test as to their efficiency. Unless you have some ideas, it's probably the human network that you need to hack to provide good intrusion detection consistently.
Put another way, I think vendors would appreciate being approached with data that shows the sharks are circling. That would definitely be worth paying for. It could be a business model. Problem is preventing it turning into a naive protection racket. Maybe some kind of service which is part prediction market (so as to provide data for financial products to vendors like insurance in case of interception, so they have a packet + work waiting for them when they get out, or to cover legal fees), part wikileaks, part direct intelligence gathering, analysis and dissemination. Turning that into a tangible service worth paying for (not even open source wikileaks can run for free) is the key problem. We're not the Mafia, we can't beat up vendors even if it didn't go against our moral code when there is freeriders availing of protection from the information but not contributing to it's production. One way would be for advertisers of other Darknet services to pay us to make product/service placements in the literature produced, that would be quite traditional.
One of the things we haven't seen yet, is a Darknet information market such as this. Sooner or later we'll have to make one in order to scale up. Connected to that is that the education of Darknet vendors needs to become more uniform and more in depth, proper training in tradecraft and black market theory. I wonder if vendors would find it worthwhile paying tuition fees for a serious grounding in a dozen technical aspects of product transport/packaging, op-sec and so on. There's a lot of really experienced people on SR who don't say very much publicly but who have serious knowledge, technical and tacit that needs to be arbitraged to create a more robust community. There's a lot of aspects to it and a lot of ideas to be tried out by different people I think. I know Wikipedia has been capable of depending on altruism and tax breaks so far, but I don't think we can register as a charity (haha!) and I don't like to produce nagware, even for a good purpose.
-
I did a quick search for Iceman. Couldn't find anything about his strategies. Just some people didn't seem to like him all that much.
With regards to Wi-Fi triangulation, a directional antenna gives you distance and a very short "behind you distance". For the lack of a better explanation.
If you combine this with elevation and a busy area (major shopping centre for instance) with lots of signals it's a good thing that may at least buy you time. If they come after you with mobile gear.......................you've been a bad,bad boy/girl.
Make sure your dongle is an anonymous one, if you choose that road. Reloaded from your anonymous debit card.
-
I can tell you from personal research plus speaking with AT&T plus speaking with local LE, if you are visiting websites like the Silk Road on your iPhone there is no way for anyone to find out. They can only see how much data you are using, not what specific sites you've gone to. A few years back when you had Internet on a phone your bill would have a list of websites that were visited, but apparently not anymore.
Of coarse Gps track is there, but if there is no reason for them to look for you, you could run a Silk Road op off a iPhone. Plus on the iPhone 4S or 5 the password actually can't be cracked by police. Plus the pgp apps and tor apps with a jailbroken piece.
Chaos
-
If you connect to Wi-Fi you could use a directional antenna. Works great in high population areas. Sort of puts you outside the logical physical triangulation area, if you know what I mean.
Wifi can be traced all the way back to its source. The attacker just needs to measure signal strength and keep moving until it gets stronger and stronger. Eventually that will lead them right to you. using open or cracked WiFi is great for unlinkability after the fact, but a live WiFi connection can be traced with little resources and in no time.
-
Lots of bad advice in this thread. First off, WiFi can be traced extremely accurately, and the police trace WiFi all the time. Even your local police are extremely likely to have WiFi tracing equipment, it is standard procedure in CP cases these days, to make sure they don't raid an innocent neighbor. Second off, yes Pine is correct that Iceman used WiFi and was traced. Lots of people use WiFi, incorrectly thinking it is somehow magically impossible to trace, and then are traced by the police. There are all kinds of different devices for pinpointing a device transmitting a WiFi signal, but all you really need is a laptop with a sensitive wireless antenna, because the closer you get to the broadcasting device the stronger the signal will appear to be. Using a directional antenna from high elevation might make it harder for the attacker, but they can still see your signal strength from the access point, take a few measurements and have a damn good guess of where you are. In short, using wireless anything is not enough for anonymity. Sure it is better than nothing, and can be layered with Tor, and this is definitely better than using Tor from your home internet, but the WiFi is the weakest link. It only provides protection if you stop using the access point before the police come and try to find you.
Additionally, I don't know where all these "Using Apple products makes you completely invincible, internet from iphone is totally anonymous, imessage is totally impossible to intercept, filevault is not buggy broken shit, blah blah blah" rumors are coming from, but they are total bullshit and actually kind of humorous considering Apples history of broken security software, for example their flawed FDE. Internet on your phone has to work in, essentially, the same way as internet on anything else. You still are routing packets from your phone to a service provider. You still have an IP address associated with the packets arriving at the destination site. Maybe they have something like NAT and all phones share the same IP address. I just find it extremely unlikely that apple does not keep logs of which devices are doing what, even assuming that they all share the same IP address in the first place. Obviously they need to keep track of who has bandwidth available for usage still, etc, so the phones probably have some sort of a MAC associated with them.
-
A directional antenna gives you distance....is what I'm saying. It's a lot better to be parked 600 yards from the access point than accross the road without it. If you happen to be fortunate and see LE then you have a chance to shut down and go home.
So if I was hell bent on using Wi-Fi I would start thinking down that road. I think it's important to include that physical old fashioned RL aspect to your security.
By the way, I have a very good directional antenna with crack software I don't use. Buying it was a mistake. I can list this for sale on SR for anyone wanting to transmit their activities all over the place.
I wouldn't recommend I phones....Just my opinion. :)
This has probably been discussed before. But for me, it's far more important to use anonymous electronics, bought with cash without your face on a shop camera. This gives you a very important physical layer of security. If you combine this with strong encryption and wise practises, nearly all of which are available here, you have a pretty good buyers rig. For example. Buy an old laptop, chuck the hard drive. Buy an anonymous working dongle and use non persistent TAILS. Leave your IPhone in the freezer!
I don't see this as bad advice.
I've often wondered how many people here use equipment purchased with credit cards or in ways where it's easily tracable to them.