What's new
  • ICMag with help from Landrace Warden and The Vault is running a NEW contest in November! You can check it here. Prizes are seeds & forum premium access. Come join in!

Advanced Computer Security: How to Remove and Sever the Trail of Evidence

dreadvik

dreadvik

Active member
Hrm I fail to see why a random hacking an icmag account is a problem! What does the poster a few above keep in his account? Mines the same crap you can all see publically and a hushmail account only used here :)

Feeling this truecrypt idea! I was wondering how you get by the "passwords please prisoner" request without somehow faking memory loss or insanity. I ponder if they will assume all truecrypt partitions contain a hidden since that probably truecrypt biggest selling point tho. I had an idea but it's long! I wanted to play with swapfs under linux so it will read a volume similar to the truecypt volume with the swap partition really only being the first half then the latter half being an encrypted volume i can mount and unmount on the fly :) I'd also need to be faking info in any userland tools that report swap. It's a concept tho :)
 
dreadvik

dreadvik

Active member
Loved the jokes and giggles about spoofing MAC and CPE earlier on ;)

For those who don't get the joke:

MAC addresses belong to L2 and L2 info stops at the edge of that L2 network, which in most cases here is your broadband router. So if you want to spoof MAC you would be needing to spoof the MAC on your router(which is possible with some opensource router distros). I don't think this can be fool proof though as although you no longer have the MAC they gave you and probably have on file, in the case of cable here only pre registered MACs seem to work, and I would have thought a MAC would be physically locatable on their network as on most of mine, so after being given the IP to trace resolving it to MAC they would try to locate that MAC physically.

Loving this thread tho :)
 
G

growcodile

lo dreadvik .. some points about truecrypt

- no selling points, freeware :p

- hidden volumes CAN exist but they are not proofable to you .. so you can imho always deny its existence (and also your knowledge of the hidden volume pass/key)

- no need for a swapfs hack imho

check it out at http://www.truecrypt.org/
 
G

growcodile

yeah true true .. your MAC doesnt end up here at icmag servers :p
the only one that knows your MAC mostly is your ISP and he only knows the one of your border router as you stated
 
H

h&r

Member
growcodile said:
ooops dude! you seriously have no (technical) understanding of the concept truecrypt / hidden volumes have ... too bad for you, could have saved YOUR ass too! :dunno:
Click to expand...

huh?, my ass needs no saving....I have no use for encryption....I have no reason to use encryption which piques the interest of spooks. Steganography is much better for me if i needed to hide something. Which I do not..

I understand enough about truecrypt to see that since the concept is right there on their webpage, that when the spooks figure out you have truecrypt they are gonna say well whats the hidden volume password, since thats the major point it uses to garner interest from people.

You cant hide the fact that TRUECRYPT exists on the drive....

And it has never been proven to work for anyone.

What has been proven is that if you encrypt some shit, they can demand the password, throw you in jail, and even when you give the password you may have to stay in jail just for the original act of not giving the password in the first place.
ask terry childs hes been down with no trial for nearly 2 years, that is if you can get a visit to see him in jail.
 
G

growcodile

sorry, im tired of the debate without you understanding the main points ..

h&r said:
I understand enough about truecrypt to see that since the concept is right there on their webpage, that when the spooks figure out you have truecrypt they are gonna say well whats the hidden volume password, since thats the major point it uses to garner interest from people.

You cant hide the fact that TRUECRYPT exists on the drive....
Click to expand...

WRONG ... you can 100% hide the fact you have a hidden volume !!!

h&r said:
And it has never been proven to work for anyone.
Click to expand...

thats your assumption .. any proof ? i havent heard of anyone that had to give access to his hidden truecrypt volume ..

h&r said:
What has been proven is that if you encrypt some shit, they can demand the password, throw you in jail, and even when you give the password you may have to stay in jail just for the original act of not giving the password in the first place.
ask terry childs hes been down with no trial for nearly 2 years, that is if you can get a visit to see him in jail.
Click to expand...

WRONG ... you are repeating that point ever and ever again .. it stays WRONG :)

also all your cited media articles are not treating hidden volumes ..
 
Crake

Crake

Member
I'm still maintaining this and am happy to make edits to include valuable information to the list.
 
-~Wind Walker~-

-~Wind Walker~-

Active member
Crake said:
[*] ipconfig /displaydns. Go to start > run and type "cmd" and press enter. Now type "ipconfig /displaydns" and press enter. There you will see a list of every host (website) you've visited (and probably many you don't realize you did visit). Type "ipconfig /flushdns" to clear out this list.
Click to expand...

Crake and others,

Thanks for the info. Bookmarked the thread.

When I was in the command prompt I tried the "ipconfig /flushdns" command and received this response: "The requested operation requires elevation."

How do I resolve this?

TY

-~WW~-
 
P

Preacharound

New member
Maybe this had been covered already but your MAC more dangerous than your IP address. Don't register your network hardware!!

Each and EVERY network adapter has a unique address fixed to it called a MAC address. No two cards are alike and EACH manufacturer has it's own combination of numbers in the start of the MAC address. If you register your network adapter it is very easy to identify you.

I would imagine that if you own a Dell or a Gateway and bought it from the manufacturer you're probably more at risk. As the author mentioned, the Patriot Act has given the US gov. the power to spy on any US citizen or entity at will. But I would imagine that American companies like Dell, Gateway, and Microsoft willingly share information anyway.

IP addresses won't track you down to an individual home or residence in most cases, but to an area.
 
dreadvik

dreadvik

Active member
Preacharound said:
Maybe this had been covered already but your MAC more dangerous than your IP address. Don't register your network hardware!!

Each and EVERY network adapter has a unique address fixed to it called a MAC address. No two cards are alike and EACH manufacturer has it's own combination of numbers in the start of the MAC address. If you register your network adapter it is very easy to identify you.

I would imagine that if you own a Dell or a Gateway and bought it from the manufacturer you're probably more at risk. As the author mentioned, the Patriot Act has given the US gov. the power to spy on any US citizen or entity at will. But I would imagine that American companies like Dell, Gateway, and Microsoft willingly share information anyway.

IP addresses won't track you down to an individual home or residence in most cases, but to an area.
Click to expand...

This is a damn good point!

Generally the MAC of your PC won't be passed to the ISP and will remain within the local network behind the DSL router or modem and the MAC of the DSL router or modem gets passed on instead.

However when buying that shiny new DSL/FW/WIFI router most people tend to register the MAC of the device by registering the device for support etc and when given free by the ISP I'm sure they often make a note especially in the case of cable.

So if you are in need of total security I suggest if you where given a free router or you registered yours with the manufacturer that you go buy a new one and don't register it with anyone!

In the case of UK cable this fails as the MAC needs to be on their permit list for it to connect to their network :( So ditch the cable broadband too if your a UK virgin cable subscriber and get ADSL.

Oh those of you configuring routers especially non commercial ones want to ensure you not enabling arp_proxy or you will expose the MACs on your local LAN!
 
Last edited:
R

real food

Member
dreadvik said:
This is a damn good point!

Generally the MAC of your PC won't be passed to the ISP and will remain within the local network behind the DSL router or modem and the MAC of the DSL router or modem gets passed on instead.
Click to expand...

wrong, call your isp now and ask them what your computers MAC is..or your wifi SSID...

They will tell you...

Go in your ISP provided router and look, BAM all connected devices are listed with MAC, you think ISP cant see?.

They run a network and need the info many reasons..

They see way more details about you than you even know to look for...

Its their JOB
 
dreadvik

dreadvik

Active member
Crake,

Think that MAC stuff should get added under connection equipment or some such I reckon :)

Might also be worth talking about data exposure. This could be protocols that reveal information about the user of the machine that are open to the public, from samba to websites. Just incase they are trying to link a IP to a person where the ISP has inadequate logging or they don't have enough for a warrant yet. They could possibly get profiles off other sites you visit with this IP too so again use a secure proxy method for all browsing etc. Probably all pretty obvious though but I dunno :) Probably comes near to talking about firewalls, I think you did?
 
dreadvik

dreadvik

Active member
real food said:
wrong, call your isp now and ask them what your computers MAC is..or your wifi SSID...

They will tell you...

Go in your ISP provided router and look, BAM all connected devices are listed with MAC, you think ISP cant see?.

They run a network and need the info many reasons..

They see way more details about you than you even know to look for...

Its their JOB
Click to expand...

My ISP does not have access to my self purchased connection equipment. To gain access would be unlawful in my country. So whatever you see on the management url they can't see unless you have ISP managed connection equipment which again is an obvious no no!

The ISP do not need the MAC of any machine on the other side of the CPE unless you have some kind of L2 bridged network which is uncommon these days.

The ISP will never need your SSID unless instructing your lame ass how to connect to your WIFI or just incase they swing round your are and fancy a wank in their car outside ;)

They see way less actually ;) On the whole most the people doing the looking have less knowledge than myself. There is a chance someone with my knowledge at the ISP may look into something but only with good reason and again they have to act lawfully!

It's a job for many ;) You forget ICMag is a community made up of many people from many backgrounds and there is vast knowledge here, often more than you find in business especially as it's so varied and there's so many of us!
 
R

real food

Member
ok dude whatever, if you people question what i said and your on a major network like verizon, ATT, etc call and ask for you comps mac and wifi ssd.....
 
dreadvik

dreadvik

Active member
real food said:
ok dude whatever, if you people question what i said and your on a major network like verizon, ATT, etc call and ask for you comps mac and wifi ssd.....
Click to expand...


That's why if you read my post it suggests you ditch the ISP provided equipment and buy your own *duh* THat would be like me giving you a machine and you using it without a wipe fully trusting! If you can't provide your own equipment and keep the MAC to yourself then change ISP. On provided equipment I note the SSID is set to a ISP known value but you could change this not that there is much point as they have the MAC and if you want total security you just failed.

On the note about the ISP not knowing your IP to you just the area. That's not quite right as most the time you have a unique username and password you login to PPP with and this will log the IP generally that is assigned, or I have seen it do so anyway. If the ISP doesn't keep enough logs or have unique username/passwords or just for some odd reason chooses not to log this info, or the feds have no warrant, you might get lucky :)
 
dreadvik

dreadvik

Active member
real food said:
regular peeps arent gonna ditch the provided ISP quip
Click to expand...

Regular peeps generally don't need the full level of security this guide and thread goes into :)

Regular peeps if doing irregular things are going to get busted with the ISP provided equipment hence why this guide is here to help those who don't have security qualifications and field knowledge to ensure they are as secure as they need to be online. There are many great setup guides for installing your own equipment, some ISPs even provide them and it is not expensive so I feel if you find the info here you will use it.

IMHO if your commercial in any way and you on a forum like this full stop your probably asking for trouble in some way but that's just a personal opinion as there are many steps shown here which do reduce the risk to very minimal. The pics aspect and extra contents in them still worries even myself as a personal grower.
 
dreadvik

dreadvik

Active member
Regular peeps also won't wear a vest in the ends but then perhaps regular peeps should not shot in the ends or shot period ;)
 
You must log in or register to reply here.

Latest posts

Latest posts

Top