What's new
  • ICMag with help from Landrace Warden and The Vault is running a NEW contest in November! You can check it here. Prizes are seeds & forum premium access. Come join in!

Advanced Computer Security: How to Remove and Sever the Trail of Evidence

Crake

Member
Given my professional experience, I thought I could contribute to the forums by explaining some advanced computer security concepts. I've seen some other mention of computer security, but I wanted to make a definitive thread for reference so there would be no misconceptions floating around. Hopefully those who consider themselves pretty technically savvy may still learn something from this thread. I can't profess to know everything, so please feel free to get involved in the discussion. I'll maintain this thread and make sure the valuable stuff bubbles to the top.

Let's get started!

  • Download Tor. Don't forget that you're putting your security into the hands of people that run the sites you visit. The Patriot Act is a terrifying thing, more so for US citizens. You must assume a visit from your IP is retrievable from any website you access. Scenario: site A says "we don't store your info, promise!", which they don't and you trust them. Owner of site A gets his property confiscated and LEOs decide they'd rather start storing information about site visitors without informing them about it.

  • HTTP Referrer. Every time you click a link on any webpage that leads to a webpage hosted on a different server, something called the HTTP Referrer is sent to the destination webpage. What this means is that when you click a link to youtube in someone's signature on your favorite beast porn forums, youtube knows where you came from and your IP address. Some proxies and browsers remove this information automatically. To manually prevent this from happening, simply copy and paste the URL to your browser so that no referrer is included. To read more about this, go here.

  • Cookies. Let me explain a tactic employed by web marketing agencies to display personalized ads. When you log into paraphernalia site B and you gain a cookie for that site, nothing is preventing site C from seeing that cookie (or embedded advertisement D). Keep your browsing discrete or delete your cookies before and after visiting questionable sites! I really like Incognito Mode in the Google Chrome browser for this.

  • Your IP address. You are surfing the internet leaving your home address every where you go. The banner advertisement B on your supposedly anonymous website P was probably hosted by a site other than P. This advertisement host now knows your IP. Flash advertisement F on your "we-promise-we're-really-secure-but-we're-still-flash-ad-supported" website T just executed some flash code to grab your IP and ship it to marketing company J who owns the company whose Facebook application you just installed that knows all of your personal information. (This same principle goes for cookies and session variables.) You don't know it, but in the immense filing cabinet of data out there, your IP address (or temporary cookie or session ID) has a folder full of what you must assume is everything you have ever done. Worst of all, it is all within reach of the prying fingers of the judicial and executive branch of the government. And to be honest, out of everyone you can trust, I'd say you can trust Google the least. Don't believe me? Read this: "Google CEO Says Privacy Worries are for Wrongdoers" and then every article tagged here: http://slashdot.org/tags/google and you will start to form a different opinion on Google. Google is as evil as any corporate empire. Use with caution. An alternative is to use a privacy friendly search engine like Yauba and do yourself a favor and block google and google-analytics in your hosts file as demonstrated here. I also recommend downloading Privoxy immediatey to aid in this battle.

  • Email accounts. Get an anonymous and private email account (such as one from hushmail) when engaging in any potentially incriminating correspondence.

  • Flash cookies and objects. This is a profound vulnerability and veritable font of evidence. Flash stores all kinds of stuff on your computer. All the flash advertisements on growing site G for seed retailers are cached locally. Get rid of these flash objects by doing this: delete flash shared objects. And use this all too obscure web settings panel to prevent flash from doing things you don't want it to, like storing your browsing history: https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.html

  • File meta information. When you upload certain types of images and files, information about the origin of these files may be included in writable segments of this file. Often times you're able to remove this information by right clicking the file, going to Properties and looking at the Details tab. Make sure any personal information gets removed from these files before you make them public.

  • ipconfig /displaydns. Go to start > run and type "cmd" and press enter. Now type "ipconfig /displaydns" and press enter. There you will see a list of every host (website) you've visited (and probably many you don't realize you did visit). Type "ipconfig /flushdns" to clear out this list.

  • Sandboxes. Your browser may or may not use a method of securing other tabs and windows from accessing each other. This is called sandboxing, which is essentially keeping embedded applications and their componenets such as flash, javascript, session variables, etc from accessing other windows or tabs to perform reconnaisance. To make a long story short, if you are doing something that may incriminate you online, do so with only one web browser open and one tab open in that browser.

  • Saved form data. If enabled, saved form data (including passwords!) are saved in plain text and visible by all users. Don't believe me about the passwords? Dig around in your browser's options for a "view passwords". Don't save form data. If you must, get an addon that encrypts saved form data with a password.

  • Your ISP. For all intents and purposes, your internet service provider hates you and will do everything in their power to bring you down if they get a knock on their door from LEOs. Your ISP is not your ally and you should do everything in your power to encrypt and proxy anything you do because they store history of this stuff.

  • Further securing your computer. If you have unrelenting popups, your home page changes to something else every time you change it, or you don't feel confident about your privacy when you're on your computer, you're probably making a huge mistake by posting pictures of your 6000 watt grow on site Q. But, don't download an anti-spyware program or an anti-virus program. With a little bit of knowledge, we can do a better job than these (untrustworthy) programs can. Let's take a moment out of your time and secure your computer manually. Let me explain how. Firstly, when a "virus", malware or spyware is running on your computer, it isn't some sneaky thing that is beneath your ability to see.

    • The first place you want to clean out and validate is your start up programs (and I recommend doing this frequently). Start > Run > "msconfig". The Startup tab has a list of every program that runs when you start your computer. I recommend disabling most things (simply to speed up your computer). I also recommend going through and verifying what each of these is. That can be done by doing a search for the name of the executable (the .exe file). Is this something that seems logical to have? When you're done, reboot your computer and make sure that none of the things you disabled are enabled again. If anything is renabled, you'll have to remove it from your registry. As this guide doesn't go into that amount of detail, you'll have to learn how from a web search on deleting from the registry.

    • The next thing we're going to talk about is services. If you have a virus, or keylogger or malicious software that keeps rearing its head even after you've disabled all of your msconfig stuff, this is how it's occurring. This is likely a much bigger list. To secure yourself, you're going to have to learn about each of these. Much like msconfig, begin the task of looking up each of these service executable names (which are located in properties, if you right click the service). Look for anything that seems suspicious. Remember that many malicious services are named something that sounds legitimate. If you find something unusual and you've researched it and feel confident that it isn't a required windows component, you may remove this service by going to Start > Run > "cmd" and running the command "sc delete [service name]".

  • Wireless networks. As golden and cannibi mentioned, wireless networks are a potential node of vulnerability. To feel truly secure, one should eliminate this potential by staying wired. If it's impossible to be wired, a home network should use a strong security method such as WPA with a very difficult-to-crack passkey that is changed regularly. Avoid WEP as it is quick and easy to crack.

  • Encryption. Thanks to growcodile for bringing this up. Using encryption methods such as on-the-fly encryption offered by TrueCrypt or full disk encryption from any of the software listed here can keep data stored locally relatively secure. It's also worth mentioning that most IM clients send messages in plaintext and their ports of operation may not be included in some proxies. Using an encryption method such as PGP (pgp.com, open-source implementation: gnupg.org) can keep instant message conversations private without a doubt.

  • Data Destruction. Thanks to ak-51 for this suggestion. In the event that all the evidence on your drive should need to be wiped, deleting files won't cut it. Data is often completely recoverable on your hard drive after being deleted because only the reference to that data is deleted, not the actual data. A boot disk like Darik's Boot And Nuke can be kept handy to not only delete data, but also write a bunch of garbage on top of it so it's completely unrecoverable.

Let me close by saying that ultimately the thing that will get you in trouble more than anything else is your mouth. Keep your mouth closed, even to those you consider your absolute best friends. They do not need to know about these things! Aside from that, be smart. This guide can help you to minimize the evidence against you in a court of law, but ultimately it's your smarts that will keep you out of trouble. Be safe and be smart enough to have nothing to fear!
 
Last edited:

e2k1

New member
Nice post, however if you have to go through great lengths to secure yourself, you're either too paranoid, or shouldn't be growing. In my opinion just using SSL (httpS://icmag.com) is enough security for my purposes on this site. Tor looks very promising as well, i think ill start using it.
 

BlindDate

Active member
Veteran
If the feds are looking for all that stuff on your computer, you are already Fucked.

Torr is sooooo slooooww that it is unusable. Don't waste your time.

Buy a micro computer and keep it with you all the time. Or, when you're finnished surfing, hide it inside your pillow.

Or

Put it inside a small fireproof safe with a cup of Thermite sitting on top. Rig a panic switch to light the thermite and goodby evidence!
 
Last edited:

mini-mota

Member
Thanks for the informative post, Crake. On your suggestion, I installed Sandbox and Tor. Both are working for the most part. However, as BlindDate stated, Tor is extremely slow to the point of being impractical. Also, I am unable to log in to icmag through Tor; polipo/vidalia error messages. This is a shame since I also have limited accessibility through Anonymouse. With Anonymouse, I can log in, but can't see any buttons- although I CAN use some, but not most of them. I'm open to any suggestions.

Thanks,

-mini
 
I

IE2KS_KUSH

Wow that's weird I use vidalia bundle with privoxy and it works just fine, it's slower but not intolerable by any means, although I am not using it when I use my Droid, but I do use the https.
 

bpt420

Member
I don't see why everyone uses Tor. Having worked in IT security for a time I think its safe to assume that if you are wanted bad enough for "them" to look into your internet usage they will still find out its you.
 

dreadvik

Active member
bpt420: I think just to stop them finding it from a casual check rather than a trained op.

I think if they have targeted you it's probably good damage limitation for some. If you do store images you should really encrypt the store if possible too if your security needs to be tight like that :)

Personally I don't have problems with numbers or size :) If anything I think time might be a consideration might something go wrong.
 

Crake

Member
Nice post, however if you have to go through great lengths to secure yourself, you're either too paranoid, or shouldn't be growing. In my opinion just using SSL (httpS://icmag.com) is enough security for my purposes on this site. Tor looks very promising as well, i think ill start using it.
I agree! Going through such great lengths is pretty paranoid. But, it's good to know about these precautionary measures so that next time someone sits down behind your computer they aren't seeing things about your activity you don't want them to.

Torr is sooooo slooooww that it is unusable. Don't waste your time.
I'm sorry you've had trouble with Tor, BlindDate--I notice almost no impact on my speed. Maybe this is a known problem there is a fix for.
Buy a micro computer and keep it with you all the time. Or, when you're finnished surfing, hide it inside your pillow.

Or

Put it inside a small fireproof safe with a cup of Thermite sitting on top. Rig a panic switch to light the thermite and goodby evidence!
Good point! Taking physical measures to reduce your trail of evidence is something everyone should consider!


Thanks for the informative post, Crake. On your suggestion, I installed Sandbox and Tor. Both are working for the most part. However, as BlindDate stated, Tor is extremely slow to the point of being impractical. Also, I am unable to log in to icmag through Tor; polipo/vidalia error messages. This is a shame since I also have limited accessibility through Anonymouse. With Anonymouse, I can log in, but can't see any buttons- although I CAN use some, but not most of them. I'm open to any suggestions.

Thanks,

-mini
Of course, mini--I'm glad you found it useful. Since I haven't encountered the slowness issues or inability to login to icmag with Tor I'm not sure if there's a way to fix it. As I suggested to BlindDate, maybe try the forums? If not perhaps there are other options out there that someone else may be familiar with. Cheers!

Wow that's weird I use vidalia bundle with privoxy and it works just fine, it's slower but not intolerable by any means, although I am not using it when I use my Droid, but I do use the https.
Glad to hear vidalia is working for you. Droids rock! Android is open source! Maybe it's time to write a proxy for it :p Cheers mate!


I don't see why everyone uses Tor. Having worked in IT security for a time I think its safe to assume that if you are wanted bad enough for "them" to look into your internet usage they will still find out its you.
bpt, you raise a valid point! "They" certainly have a lot more power than "we" do. For all we know, our ISPs may have already given them permission to monitor our activity. Who knows! The most ultimate form of protection is always abstinence--as they say in other contexts :biglaugh: Cheers mate.

bpt420: I think just to stop them finding it from a casual check rather than a trained op.

I think if they have targeted you it's probably good damage limitation for some. If you do store images you should really encrypt the store if possible too if your security needs to be tight like that :)

Personally I don't have problems with numbers or size :) If anything I think time might be a consideration might something go wrong.
Definitely, dread! Plus it never hurts to know how to fly below the radar so you can when you need to. Are you familiar with any image store encryptions methods so I can add it to the list?
 

kmk420kali

Freedom Fighter
Veteran
Unless you are having a major grow at your house...I do not see what the difference is....why would it matter if you were posting here?? It is not illegal--
Rather than cover your tracks...maybe just a li'l bit of self control, to not say anything here that is incriminating??
Really...there is nothing here, that I would be afraid of confronting in Court...of course I understand those who live in "Anti" States...but none of you are showing pics, or Grows...why the worry??
 

bpt420

Member
bpt420: I think just to stop them finding it from a casual check rather than a trained op.

I think if they have targeted you it's probably good damage limitation for some. If you do store images you should really encrypt the store if possible too if your security needs to be tight like that :)

Personally I don't have problems with numbers or size :) If anything I think time might be a consideration might something go wrong.

I just think that should your computer be taken in a bust, you'd be getting in trouble for them finding pictures on your hard drive than linking to you posting them on a forum. I'm sure most people either don't delete or just do a regular delete which is easily recovered (again assuming the searcher is trainned/wants you badly).
 

golden

Member
TOR has been compromised and people on TOR hauled to jail.

people get payed to find shit and if you did a no-no on the internet well I hope you did not do it on an iNet account in your name or family, friends names.

Dont make mistakes you cant buy your way out of.

If your being watched and they get your encrypted disk and you dont give up the password then not providing it would be "Contempt of the court" and if they can show you may have any data on there that could harm anyone or thing under the patriot act YOU ARE GOING TO GITMO.

If you think your gonna out think the high payed spooks outthere, better think twice, they have way more toys than you, plus its their job.

Supposing you found the best way to be untraceable while on your pooter, that would be a felony in itself, signal theft, and wire fraud...

Depending on your previous record you will be doing 5 years FED on top of whatever you did wrong when you were trying to hide it.
 
P

PermaBuzz

An alternative to
TOR are paid proxy services
located on servers outside the
US, Canada, or EU countries.
There are also free proxies but
I dont trust them
 

cannabi

Member
You could run also obtain a Virtual Machine application, such as VirtualBox by Sun, which is completely free, in order to launch a something like a simple Fedora LiveCD iso image, which will set you up with a virtualized computer that always boots the exact same way and does not store any files or evidence at all without the hassle of having to reboot your machine every time you want to load this website!
 

TheGreenBastard

Assistant Weekend Trailer Park Superviser
Veteran
You could run also obtain a Virtual Machine application, such as VirtualBox by Sun, which is completely free, in order to launch a something like a simple Fedora LiveCD iso image, which will set you up with a virtualized computer that always boots the exact same way and does not store any files or evidence at all without the hassle of having to reboot your machine every time you want to load this website!

That is a great method, though your IP will be the same.

Still, people tend to forget that this site is hosted in the Netherlands and we have a little something called the Constitution (US).

A warrant can not be issued for another country, which is what would be required if they were to try to bust you. All the info on this site is hosted in A-Dam so it would be impossible for anyone to use the information in court. Also, this is all protected under the the first amendment, so it would be unconstitutional. The only way to have anything on this site incriminate you is if both of the following happened.

A). They were to issue an illegal search warrant, or illegally used the info against you without a warrant.

B). They violated your first amendment by saying what you are doing on this site is illegal.

Both are reasons for having any 'evidence' thrown out of court. Also, if they tried to issue a warrant to search your home based on information found here, the warrant would be illegal and anything found would also be thrown out of court.
 

golden

Member
That is a great method, though your IP will be the same.

Ah, but it's the end-user's job to run IP obfuscating software inside the VirtualBox ;)

what you wanna do is borrow a neighboring wifi connection. so the IP is not an account with your name on it.

IP are not the only identifier, MAC is burned into all hardware that will use TCP.
many MACs may be mapped to 1 same IP as in port overloading PAT or NAT.
If LEO finds an IP he will get the ISP record for it and find the address, not good if theres a grow there.
Then LEO will arrive and look for the computer with particular mac address.
Its actually harder than you think to get this IP business into court. I dont think I have ever heard of growers getting busted by visiting grow sites. If your doing something illegal I would simply bite my tongue when posting about it. If your just a casual surfer, I dont see why you would worry...On google news front page theres a new article about cannabis 2 or 3 times a day.
Cannabis has been the MOST researched substance on the earth. Not that big of a deal...

if you have to out your self atleast borrow an IP and make your own MAC. best to change both every session, and leave nothing on a computer, use a peristant USB for your OS and data.
 

TheGreenBastard

Assistant Weekend Trailer Park Superviser
Veteran
Its actually harder than you think to get this IP business into court. I dont think I have ever heard of growers getting busted by visiting grow sites. If your doing something illegal I would simply bite my tongue when posting about it. If your just a casual surfer, I dont see why you would worry...On google news front page theres a new article about cannabis 2 or 3 times a day.
Cannabis has been the MOST researched substance on the earth. Not that big of a deal...

Exactly, people are WAY to paranoid when it comes to these sites. If arresting people for browsing/posting was as easy as most people think it is than half the people on this and many other sites would be in prison by now.

Infact, I honestly do not believe a single person has ever been arrested for surfing/posting on marijuana related sites. Save for perhaps someone whom would be dumb enough to actually post personal information.
 
Top