Author Topic: COMPUTER SECURITY IS ESSENTIAL: SPYING SCANDAL(I POSTED ON JTF 4 YEARS AGO)  (Read 442 times)

0 Members and 1 Guest are viewing this topic.

Offline White Israelite

  • Ultimate JTFer
  • *******
  • Posts: 4535
Alright guys, I actually posted about this very topic back in 2009 which you can see my original topic (http://jtf.org/forum/index.php/topic,32646.msg332696.html#msg332696)
I know I haven't covered this for a while but being involved in the computer industry for a long time and having posted about this before, I know right now there are huge headlines about data being provided to the government and snooping against citizens and so I want to make a very important post to explain why you need to secure your stuff, what data can be obtained, and why security including sacrifices of conveniences is ABSOLUTELY NECESSARY!

Please understand this is not to scare anyone or make you feel paranoid, but I really believe people need to see the changes that are happening as of this moment and what YOU can do to protect yourself if you want the choice, I offer my knowledge and the tools available with a wealth of information.

I have written this article myself and compiled a lot of it throughout my years of being involved in security, as well as documents I have gone over and given proper credit to. I have a lot of past history being involved with the server industry, networking, and computer forensics (as a hobby), I know quite a bit about how websites can collect your data and how you are not anonymous and what you guys need to protect yourselves.

I'll have a outline of the different things to protect your computer as well as encryption recommendations and what I personally use.

Computers/smart phones/Tablets and overall security
First of all, we've seen a huge demographic shift from computers for the overall market to tablets and smart phones, most tablets/smart phones run on a ARM processor which is different from the traditional x86 processor found in computers and therefore programs/apps are programmed differently to function on these processors, tablets as long as they are kept up to date generally remain secure, however unless the OS running on the tablet you are using is open source and you've compiled it your self, you still have no idea what exactly is running in the background. Essentially if a tablet has built in cloud storage, your data is automatically being uploaded to the cloud and most of these companies have extremely long retention periods of data even after you request it to be deleted. You also need to remember that merely having a tablet does not provide security, your going to be restricted to what you can do to the hardware and modifications you can make to the software. Most people are not familiar that any smart phone/tablet is also susceptible to viruses/trojans just like a computer, jailbroken software or in some cases rooted software, you can get viruses that can data mine your information, leaks confidential emails, or track where you are going without your knowledge. If your primarily using a tablet or smart phone, make sure you fully understand what each app does, take time to learn about viruses/trojans for all OS's of smart phones. I'm not going to be covering smart phones in this article, but PC's.

For PC's, there are several things you have to worry about regardless if your using Windows, Linux, etc. don't fall into the hype that a certain operating system cannot get a virus, that's unfortunately an understatement, all operating systems can and do get viruses and I can outline several scenarios where it has happened, some are not targeted as much as others but it does exist.


I'm going to cover how my setup is and you are free to follow by example.

My Personal Security Configuration

I am running on a custom built PC I put together, primarily because I do not trust OEM's and do not want their software installed on my computer when I do not know what it is doing, I don't want preinstalled anti virus software running in the background, or proprietary drivers bundled for the purpose of a OEM computer. Going OEM insures you know what components your using, if you need to replace a part, you don't need to send it to the OEM who MAY have full access to your data.

I run two operating systems for different purposes, I run Microsoft Windows 7 and Tails Linux, I want to cover anti virus software

Anti Virus
AVG anti virus and Malware Bytes which I keep up to date and scan every other day. Running scans is critical to making sure you are secure, with all the fanciest encryption in the world, malware will leak critical data that you have and can cause you to be part of a botnet forced to send out spam emails, be used as part of a data cluster on a darknet (for possible illegal content!), send out trojans to other users, hijack your hosts and dns file/reroute browser proxy so that you see a spoofed compromised version of specific websites for data mining, keylogging data, stealing passwords, etc. etc. etc. Please make sure your constantly checking your computer, go in safe mode with networking if you run windows, run HiJack This and check your logs on security forums, run anti virus, avoid the mainstream stuff as sometimes it claims certain items to be viruses that are not.

Network Security

Make sure your network is secured, most routers nowadays come standard with WPA 2 + PSK Encryption, the problem with this is some older devices do not support WPA2 encryption and users are forced to compromise for inferior WEP or Open encryption. Do not ever compromise, because if someone uses your internet for illegal activity, you could possibly be held liable depending on your state or your location. I always use WPA/WPA2 + PSK encryption which is a hybrid that allows legacy devices and newer devices to connect without a problem. I also use MAC ID Filtering and lease reservation which allows me to prevent any other MAC ID's from connecting to my network, my desktop is hardwired via ethernet, lease reservation is used to statically assign an IP to your computer so that it doesn't change and I have the ability to see what traffic is coming through my network. Take some time to youtube some videos on securing your router if you haven't, also change your default Wi-Fi password to something random, at least 12-24 characters and a mixture of letters/numbers. You may also want to hide your SSID from broadcasting.

Computer Encryption

If you have data you need encrypted and protected, and you don't want others to get access to it, make sure you use some form of encryption. There are different programs that can be used, for Windows I use Truecrypt (http://www.truecrypt.org/), it is free, open source, and works very well. Some others include PGP (Pretty Good Privacy), and LUKS (Linux Unified Key Setup) I'll also explain some of the vulnerabilities of encryption as well. Truecrypt allows you to create encrypted containers on your computer which you mount via the truecrypt program with a key or a passphrase, this opens a virtual drive in memory, from here you can store your data securely and dismount the virtual drive which the file is a encrypted container. This is very beneficial to protecting data, you can also encrypt an entire harddrive. If you do this, you will be required to enter your key on bootup or you will not be able to boot into the operating system. Cracking the encryption is extremely difficult and if you google news websites on court cases, there have not been any successful attempts to crack truecrypt if used properly which is a testimony to the security, however please understand that there are false senses of security which can compromise your security with truecrypt. If you are infected with malware and it's data mining your keys, essentially your encryption is pointless, the same applies if your being keylogged or someone has physical hardware picking up your keystrokes.

Another critical issue is not using a strong enough password, dictionary attacks can be used on Truecrypt and simple passwords could expose your encrypted content. Another issue is from a forensic standpoint, known as a cold boot attack. When you authenticate and enter a key to open a encrypted container, even if you dismount it, the key and your content that was opened in memory stays there until the computer is powered off, while generally powering off the computer completely (NOT SLEEP MODE!) will clear what is in memory within about 5-15 minutes, a cold boot attack can be used by a physical intruder cooling off the memory to preserve the data while booting up the computer, and performing a memory dump on a usb disk (this can be done if bios is set to boot a usb stick), from there, your key has been exposed.

Some other issues are that even if you encrypt the drive, if you encrypted a drive that's already been used, data can still be recovered that's been possibly corrupted to a degree, information on a bad sector can be recovered, etc. Remember that deleted files are never truly deleted, they can be recovered through various methods such as Encase (http://en.wikipedia.org/wiki/Encase) which is forensics recovery software, or via a Magnetic Force Microscope (http://en.wikipedia.org/wiki/Magnetic_force_microscope)

Other forms of encryption would also be using encryption for your email, I believe PGP is very popular for this which your data looks like just a mesh of pseudo-random garbage unless you have a key, this prevents the email provider as well as others from reading private emails.

Network/Packet Encryption
Next we will talk about network/packet encryption. If your not familiar with how IP addresses work and networking functions, the best way I can explain it is similar to the telephone system, every computer has a IP address similar to how phones have their own phone numbers, a phone number identifies certain information where an individual is located, for example, who owns the number, the area code registers a general area such as a part of a state, while the second set of letters can indicate possibly a town/jurisdiction. Some phones such as VOIP phones contain internal extensions that can only be accessed internally.

With computers, you usually get 2 different IP addresses, you get what is known as a IPv4 address which normally is something like 192.168.1.*** (the *'s indicate numbers), this is a internal IP which means it's not your IP used to access the internet, this is usually issued from a router to a computer directly, your gateway usually indicates your router IP address which it is communicating as a gateway between your modem and your computer. This can also be known as a LAN IP, you also have what's called a WAN IP, a WAN IP is something along the lines of 68.***.***.*** as an example, these are the public IP's that usually are exposed to websites, etc. It isn't common to have a WAN IP issued to a computer unless you are using a switch and your modem is not handling NAT (Network Address Translation). WAN IP's can be passed as well if a modem is set to bridge mode or say someone is running a server.

Here is the primary issue is that when you access any website, or even jtf.org/e as an example, you are making a connection from your computer to a server via http protocol which means most webservers are usually logging that IP address to a log file that will generally look something like this as an example

"64.242.***.*** - - [07/Mar/2004:16:05:49 -0800] "GET /twiki/bin/edit/Main/Double_bounce_sender?topicparent=Main.ConfigurationVariables HTTP/1.1" 401 12846"

As you can see, logs show a timestamp/date/IP Address and what page was requested. This also corresponds with your provider which are known as packet headers, unfortunately I do not have a sample packet header to show, but if you have ever used wireshark or a packet sniffer, you will see TCP/UDP packets being sent back and forth that identify a packet traveling through different nodes to reach the website. Think of packets and data transmission similar to a mailman or the post office, you write a letter, you drop it off in the mailbox, it is delivered throughout different states and delivered to the individual. The same applies with how data is transmitted via the internet.

So, where does the issue come into play? If you live in a hostile country that engages in monitoring packets and attempting to find out what you are doing, say you are accessing political websites as an example, your data is retained and can be used against you. Providers generally are required to retain packets depending on the country for a certain period of time, each has their own policies. There is network encryption that can protect against this and it is legal to do so.

The most common methods of protection are VPN (Virtual Private Network), this is where you pass all packets through your VPN provider, some use VPN's for private network sharing or internal resources which should not be accessed from the outside while nullrouting any other access. The issue with VPN's is that the individual who runs it may also be collecting logs, and so while your data may be encrypted from a ISP provider level, the VPN provider would still have access to your logs which they are required to retain logs as well.

The next option would be TOR project (https://www.torproject.org/) which is also open source, TOR uses what is known as Onion Routing, basically you run software that connects you to a large cluster of nodes, keep in mind that TOR is not a VPN but rather a proxy, the software you run encrypts your data before it communicates with the first node, and then your data is passed encrypted in AES 256 bit encryption, the best way to explain onion routing is that each layer is encrypted and decrypts upon each node until it hits an exit node which is the IP address that's used for your web traffic, upon retrieval, the data is sent back encrypted to you. The only information known is that you sent and received a encrypted packet, but since each node is random and the data's encrypted, they don't know what content they are delivering and who the final destination is. This prevents snooping of data. You can read more about onion routing here.
http://en.wikipedia.org/wiki/Onion_routing

TOR Also contains what is known as the deepnet or the darknet, these are non TLD (Top Level Domains) known as .ONION, they cannot be accessed from outside of TOR, generally this is considered slightly more secure than http traffic for various different reasons. There are various different reasons individuals use the Darknet, and I advise you do research before determining it's use. You can read more about .ONION sites here (http://en.wikipedia.org/wiki/.onion)

There are some vulnerabilities you should be aware of with TOR, first of all you need to realize that even though your data is encrypted, it is decrypted on the exit relay, and so therefore there is some danger that if you are visiting non encrypted websites, your data can be exposed in plaintext to a exit node, this means if your logging into a website that is not using HTTPS, your login information could be exposed, or personal banking information, etc. For this reason, it is very important to always use a HTTPS website if you plan to do anything confidential through TOR and check the security certificates, some other issues are that you are only as anonymous as long as you are willing to sacrifice convenience, this means that even though you are behind a VPN or TOR, certain information can still be exposed if your running flash or javascript/java, etc. Basically Flash can reveal information about you, or software if it's connecting via a different port than say TOR is running and leak critical information. You could disable flash, java, javascript and run firefox with noscript however.

Bundled all together
I understand that having to research and download all of this stuff can be confusing, there is an easy way to get the encryption you need built in that eliminates most of the threats, this is why when I need to access things with encryption, I use software that bundles everything together.

I personally use TAILS Linux (https://tails.boum.org/) which stands for The Amnesic Incognito Live System.

The benefit of TAILS or Linux is that it is open source, you can compile your own version and look over the source code. Linux is not difficult to use if you watch a few youtube videos and have an understanding how it functions.

TAILS Linux basically can run off a Live CD or it can run on a USB stick, data is not written unless you EXPRESSLY permit Linux to write to that media, TAILS Linux has bundled TOR already installed and runs automatically when you start the system, it also has a variant of firefox running with noscript which prevents harmful scripts from running, it disables javascript and flash by default, that means as soon as you run your browser, you are already protected. All traffic by default goes to HTTPS if it's supported.

TAILS Also contains program known as I2p also known as the Invisible Internet Project, this operates somewhat different from TOR in that I2p is designed for internal darknet sites only, all data is encrypted end to end, and you run a virtual router which means you act as a relay. This is beneficial as any data passed through i2p never actually exits to the regular internet, I2p uses what is known as Garlic routing and randomly builds tunnels so that users do not know what data is being delayed or where it's being relayed to. You can view more about i2p here (http://www.i2p2.de/), even the Chinese have managed to use it despite TOR being blocked in China due to the great firewall having access to all the TOR connection points and exit relays.

TAILS being a live CD means that none of your data is actually saved, when you remove the USB or CD, TAILS automatically starts to write memory blocks to wipe the data in memory and safely powers down leaving no trace of any content.

https://www.youtube.com/watch?v=eyi7fBBeMKo

Anyways, this is my guide to security, if you have any further questions please feel free to ask.
« Last Edit: June 16, 2013, 11:41:24 AM by White Israelite »