Hacker 10 – Security Hacker

Author: John Durret

  • Anonymous operating system Whonix

    Anonymous operating system Whonix

    Whonix is an anonymous operating system based on Virtual Box, Debian Linux and tor proxy, Whonix consists of two virtual machines, one dedicated to run a tor proxy acting as a gateway and the second one called Whonix-Workstation located in a completely isolated network.

    The system has been designed to make IP and DNS leaks impossible, not even malware with root access will be able to find out your computer IP, all Internet connections are forced through tor, including applications that do not support proxy settings, this is done using the firewall settings. It is possible to use Whonix with a VPN or SSH tunnel if needed, hardware serial numbers are also hidden. Any operating system able to run VirtualBox can run Whonix, this includes Windows, Mac, Linux, BSD and Solaris.

    Disadvantages of running Whonix are that it will be very slow to update your operating system though tor, it is more difficult to set up than the tor browser bundle and your computer should have a good amount of RAM and modern CPU to run VirtualBox. Whonix advantages are that unlike an anonymous live CD like Tails or Liberté Linux data will be available after reboot due to persistent storage, you can install your favourite software packages using Debian’s packaging tool apt-get, the applications will be torified straight away, you can also save virtual machine snapshots saving a clean one for data recovery if needed.

    VirtualBox setting up Whonix operating system
    VirtualBox setting up Whonix operating system

    Many Whonix default applications come configured to avoid fingerprinting, GPG software for example will not reveal your operating system version and XChat comes with the default torified set up as described in the tor project Wiki.

    In countries where you can be forced to disclosure your full encryption password Whonix can help with plausible deniability if you hide the .ova virtual machine file inside a hidden encrypted container with Truecrypt or store the virtual machine inside a fully encrypted USB thumbdrive that will look like random data to forensics software.

    Visit Whonix homepage

  • Steganography and encryption with StegHide UI

    Steganography and encryption with StegHide UI

    StegHide UI is a GUI interface for Steghide, an open source steganography program to encrypt and hide data inside images (.jpeg, .bmp) and audio files (.wav, .au), it allows users to do everything Stegide can do with a point and click mouse saving you the command line learning curve. There is a tab where you can use this steganography tool in command line mode were you to feel inclined to do so, StegHide UI offers you the best of both worlds, a GUI and command line all in one program.

    There is no need for installation, administrator rights are only needed to change the program settings. You can change the default encryption method, an already secure AES128-bit in CBC mode, set the default output folder or change the command line background colour, font and font colour. The only included help manual consists of the command line tab where you can type “help” and get a list of possible commands. GUI operation is fairly easy, to hide and encrypt files go to the “Embed” tab, select the carrier image or sound where to hide the data and the file you would like to hide, enter a password and choose the encryption algorithm and method using a drop down menu.

    Steganography and encryption StegHide UI
    Steganography and encryption StegHide UI

    To decrypt an steganographic message reverse the process using the “Extract” tab, enter the password and choose the output file with resulting extension, you will need to know what type of file is hidden (.txt, .mp3, .jpg, etc) to get the extension right and be able to view it with the correct program. There is a wide range of encryption algorithms available, the safest are AES Rijndael 128/192/256, Blowfish, TripeDES, Twofish and Serpent, other low strength ciphers like Enigma, Gost, CAST128/256 and Arcfour are included too.

    If you would like to defeat steganalysis, the art of detecting hidden data inside files, make sure to securely erase the original file, comparing two files side by side and looking at their differences it is possible to see that data has been embedded in one of them making the extraction easier for an attacker, but encryption with a strong password should still stop adversaries.

    Visit StegHide UI homepage

  • Send anonymous email through tor with TorBirdy

    Send anonymous email through tor with TorBirdy

    Using Thunderbird, a free open source email and Usenet client made by Mozilla, and the addon TorBirdy you can now send emails through the tor network, the addon will automatically connect to the tor proxy before login in and out of your email account to send SMTP email and retrieve new POP messages, as long as the chosen email provider does not block tor proxies. For extra security you might want to encrypt the email message, Torbirdy won’t do that for you.

    The addon uses SSL/TLS by default for both outgoing and incoming servers setting default server ports, IMAP push email, often used by advertisers, is disabled as it could expose your real IP. The email client itself is cross platform and has versions for Windows, Mac and Linux, forked Thunderbird versions like Ice Dove should also work with the Torbirdy addon, the anonymous live CD Tails has added Torbirdy to their list of future additions.

    TorBirdy Thunderbird anonymous email
    TorBirdy Thunderbird anonymous email

    The developers advice that users do not install any other Thunderbird addon that has not been reviewed by them together with Torbirdy as it could endanger anonymity. Since Thunderbird has a portable version that runs from a USB thumbdrive there is no reason why you should not be able to use Torbirdy as a portable email client to send anonymous messages, it might even get around public computer networks that block port 995 (POP) and 25 (SMTP). There are many free email services offering free SMTP but the sign up normally still has to be done using the web interface, needless to say that you should use tor for that.

    Note: This addon is still in development and might not be stable.

    Visit TorBirdy Thunderbird addon

  • iPhone & iPad steganography app Spy Pix

    iPhone & iPad steganography app Spy Pix

    Spy Pix is an steganographic tool to hide images inside others, the advantage over encryption is that while encrypted data indicates something of value being protected, by hiding data in plain sight an attacker would have to know first what he is looking for. This tool can be used to send secret messages to your friends, they will need to have SpyPix installed to reveal the hidden message.

    The images are saved as .png (Portable Network Graphics), they could be uploaded to flickr or photobucket and your contact download it from anywhere in the world to decode it, the  hidden image can contain a written message with instructions. This system avoids compromising your contacts, if your iPhone is seized by hostile authorities they could work out who you have been emailing with and follow the trail, uploading the image to a public website with thousands of visitors needs some guess work to find out who the receiver is.

    iPhone steganography app SpyPix
    iPhone steganography app SpyPix

    Supporting for the built-in camera Spy Pix can use photographs you take as a carrier to hide other images, use a photo from your album or copy an image from another app, the photos can be easily blended using a slider that allows you to control end image quality, you can send them by email using a single button, the options aren’t amazing but they do everything you need and keeping it simple makes operating this app easy.

    Spy Pix could be greatly improved if encryption was used and a password was asked to decipher the hidden image/message.

    Note: This app is not free, priced at $1.

    Visit Spy Pix homepage

  • US Army Encryption Wizard public edition

    US Army Encryption Wizard public edition

    Developed by the US Air Force Software Protection Initiative, a unit building cost effective cyberdefences against nation-state class threats, Encryption Wizard is a portable program to encrypt files using AES128-bit. Java allows this tool to work across operating systems (Windows, Linux, Mac, Solaris), there is no need for administrator rights to execute it, Encryption Wizard can be carried in a USB thumbdrive.

    Easy to use, dragging and dropping a file inside the window will start the wizard to secure your files, your password will be checked for dictionary words and you will be told how secure it is, a password generator showing the entropy bits is available in a different tab if you need it. After encryption the original files can be kept or securely wiped, additional options include encrypting your files with PKI/X509 digital certificates, or a smart card (CAC/ PIV) and you can choose to add metadata to an encrypted file which will help indexing software to locate it, right clicking on an encrypted file will also show its MD5 and SHA256 checksum hash, the developers claim that if anyone forgets the passphrase it is not possible to decrypt the file.

    US Army Encryption Wizard
    US Army Encryption Wizard

    If you are going to encrypt multiple files you can compress an encrypt them in a single archive that will result in the extension .wza, individual encrypted files use .wzd, encrypted archives work the same way a password protected .rar file would, storing multiple files inside one. The software comes with a brilliant pdf help manual full of screenshots and clear instructions, there is no mention in the manual of being able to use Encryption Wizard to secure top secret documents, the manual recommends its use to encrypt financial information, send emails to soldiers and sharing files in between organizations using incompatible encryption solutions, it gave me the impression that it has been created to encrypt the day to day business of the private soldier (rosters, wages, assignments).

    This tool is included in the US Army Lightweight Portable Security (LPS) secure Linux distribution and there is a Firefox addon to easily encrypt and decrypt files during upload/download. An Encryption Wizard Government Edition FIPS140-2 certified is available for US Federal Government employees and contractors.

    Visit Encryption Wizard homepage

  • Startup analyzer and hijack protector Runscanner

    Startup analyzer and hijack protector Runscanner

    Runscanner is a free antispyware utility that will scan your computer for all running processes, it can detect system changes made by malware, like startup programs that show advertisements and ransomware, page hijackers, accidental misconfiguration or garbage left behind by uninstalled software.

    It only took a couple of minutes to scan my hard drive and all orphan files, registry keys and drivers, where clearly labelled in red making it easy to identify and select them for subsequent erasing. I could not see any evident false positive, only a few files that I did not know what they were for and I decided to keep them. Before deletion, using the “Fix it” button, you are given a clear warning about making sure you know what those files are.

    In advanced mode you will also see a tab called “Extra stuff” where you can edit Windows host file (often modified to show adware), check autostart items, kill processes, see installed software, and restore Runscanner history backups. Reports, using its own .run file extension, can be saved an opened, the tabbed interface has other options like  “Unrated items“, “Item fixer” and “Loaded modules“.

    Free startup and hijack analyzer runscanner
    Free startup and hijack analyzer runscanner

    The main window helps you distinguish files showing the item name, path, description, company and digital signer if any. When you find a suspicious item right clicking on it will allow you to submit the file for scanning to online antivirus “Virus Total” or look up the file MD5 at File advisor, Google or Runscanner database. Another button gives you quick access to a malware discussion forum where to ask questions.

    The advanced mode is potentially dangerous unless you understand what many of the files showing up in the window are, deleting something by accident could render your computer unbootable or without Internet access, the beginner mode only has the “Scan” an “Update” buttons visible, with no tweaking options, making it very hard to cause damage.

    Runscanner has many more features than the popular HiJackThis system analyzer, or Process Hacker, it is a good alternative to them and I would consider this tool for those who have already been infected or just want to make sure that everything is working as it should.

    Visit Runscanner homepage

  • Erase hidden data with the Metadata Anonymisation Toolkit

    Erase hidden data with the Metadata Anonymisation Toolkit

    Metadata embedded in a document or media file can tell a lot about its author, creation time and date, original file author and modifications, location on a computer network where data was created, standards used and custom metadata can all be included in text documents, images, PDFs, spreadsheets, video files, music and others, most people are not even aware that they are leaking information in the documents they publish on the Internet and free tools like Metagoofil, included with Backtrack, can easily extract this metadata and expose who is behind certain document or image and where and when it was taken.

    Supported file formats

    – Portable Network Graphics (PNG)
    – JPEG (.jpeg, .jpg, …)
    – Open Document (.odt, .odx, .ods, …)
    – Office Openxml (.docx, .pptx, .xlsx, …)
    – Portable Document Fileformat (.pdf)
    – Tape ARchive (.tar, .tar.bz2, .tar.gz)
    – ZIP (.zip)
    – MPEG Audio (.mp3, .mp2, .mp1, .mpa)
    – Ogg Vorbis (.ogg)
    – Free Lossless Audio Codec (.flac)
    – Torrent (.torrent)

    Tails Metadata Anonymisation Toolkit
    Tails Metadata Anonymisation Toolkit

    The Metadata Anonymisation Toolkit will remove all metadata in files leaving it empty, however watermarks or steganographic tags won’t be removed but unlike metadata being added by default by many utilities, like Microsoft Office adding author name and smartphones adding GPS coordinates in photographs, watermarks are not usually inadvertently added and the original author will likely be aware of their existence, often inserted to track down forbidden sharing of confidential documents or pre-release movie versions. Summing up, MAT will protect you from accidental metadata leakage but not from customized metadata specifically included to track down the author.

    This software can be found in Tails, JonDo Live-CD and Debian Linux, if you need a Windows or MAC tool check my list of programs to edit Exif data.

    Visit Metadata Anonymisation Toolkit homepage