Hacker 10 – Security Hacker

Category: Anonymity

Internet anonymity

  • Anonymous operating system Whonix

    Anonymous operating system Whonix

    Whonix is an anonymous operating system based on Virtual Box, Debian Linux and tor proxy, Whonix consists of two virtual machines, one dedicated to run a tor proxy acting as a gateway and the second one called Whonix-Workstation located in a completely isolated network.

    The system has been designed to make IP and DNS leaks impossible, not even malware with root access will be able to find out your computer IP, all Internet connections are forced through tor, including applications that do not support proxy settings, this is done using the firewall settings. It is possible to use Whonix with a VPN or SSH tunnel if needed, hardware serial numbers are also hidden. Any operating system able to run VirtualBox can run Whonix, this includes Windows, Mac, Linux, BSD and Solaris.

    Disadvantages of running Whonix are that it will be very slow to update your operating system though tor, it is more difficult to set up than the tor browser bundle and your computer should have a good amount of RAM and modern CPU to run VirtualBox. Whonix advantages are that unlike an anonymous live CD like Tails or Liberté Linux data will be available after reboot due to persistent storage, you can install your favourite software packages using Debian’s packaging tool apt-get, the applications will be torified straight away, you can also save virtual machine snapshots saving a clean one for data recovery if needed.

    VirtualBox setting up Whonix operating system
    VirtualBox setting up Whonix operating system

    Many Whonix default applications come configured to avoid fingerprinting, GPG software for example will not reveal your operating system version and XChat comes with the default torified set up as described in the tor project Wiki.

    In countries where you can be forced to disclosure your full encryption password Whonix can help with plausible deniability if you hide the .ova virtual machine file inside a hidden encrypted container with Truecrypt or store the virtual machine inside a fully encrypted USB thumbdrive that will look like random data to forensics software.

    Visit Whonix homepage

  • Anonymous messenger chat with jTorchat

    Anonymous messenger chat with jTorchat

    jTorchat, standing for Java Torchat, is a rewrite of Torchat, a decentralized anonymous P2P messenger that works over the tor network. Being written in Java means that the code is easily carried across platforms, jTorchat should work in any operating system that has Java installed (Linux, Windows, BSD, etc), it can be used in portable mode but my Windows7 OS asked me for administrator rights to grant access to Java and allow the application through the Windows firewall, it will possibly won’t work in computers where you do not have admin rights (i.e. library, internet cafe).

    Anonymous Internet chat jtorchat
    Anonymous Internet chat jtorchat

    The settings allow you to change language interface, make links clickable, sync your buddy list and automatically start file transfers saving them to the Downloads folder, the rest of the messenger has expected basic features consisting of announcing status as away or online, adding contacts, request buddies, blacklist people and what they call “Holy contact” which means whitelisting someone, a flashing message on the Windows taskbar will warn you everytime someone joins the chat.

    At the moment there are no chatrooms but you can easily interact with other people who have marked themselves as online or broadcast a message to a whole group marked with an specific hashtag, like #linux, #torchat-help, #public, #privacy. It is also possible to use other chat commands like /nick or /help and retrieve a webpages from your buddy using the /page command but there is no support for images or html, only .txt.

    JTorChat settings
    JTorChat settings

    All users get a unique alphanumeric string randomly created by tor, based on the .onion address of a hidden service, this string is used to communicate with your buddies so that tor knows where to send the messages. jTorchat  local port can be changed to any unused one and it can work with obfsproxy, a tool  hiding the nature of the traffic to circumvent tor proxy blocking at  ISP level  by some countries.

    There wasn’t too many users when I visited jTorchat but they are relatively new and as the tool is better known it could change, something to be aware of is that you will still be browsing the Internet with your home IP, jTorchat will only route through the tor network your online chat session, be very careful if you click on a link posted by someone else in the chat.

    Visit jTorchat homepage

  • Host a tor server entirely in RAM with Tor-ramdisk

    Host a tor server entirely in RAM with Tor-ramdisk

    Tor-ramdisk is a tiny Linux distribution (5MB) developed by the IT department at D’Youville College (USA) to securely host a tor proxy server in RAM memory, it can run in old diskless hardware and it will stop a forensic analysis from people stealing or seizing a tor server. In the event that a tor server is seized due to ignorance or calculated  harassment, and it would not be the first time, the end user would still safe because the chained nature of the tor proxy network makes it impossible to find out someone’s computer IP by seizing a single server but other data, even if meaningless, can still be recovered, running tor in RAM is an extra security step that can help convince people that the machine is merely acting as a relay as it contains no hard drive.

    When a Tor-ramdisk server is powered down all the information is erased with no possibility of recovery, the tor configuration file and private encryption (torrc& secret_id_key) in between reboots can be preserved exporting and importing them using FTP or SSH making the life of a tor node operator easy.

    tor server proxy diagram
    tor server proxy diagram

    One disadvantage of running a tor node entirely in RAM memory is that it can not host hidden services as that requires hard drive space, other than it is a fully functional entry,middle or exit tor node. I would advise you to block all ports (USB,Firewire) in the server with epoxy, there are computer forensic tools that can be plugged into the USB port and make a copy of the RAM memory on the fly. You might have heard about the cold boot attack where someone with physical access to a recently switched off server or computer can still retrieve data remanence from RAM memory, this is not easy to achieve and the recovery timespan is comprised of a few seconds.

    Visit Tor-ramdisk homepage

  • FBI seizes anonymous remailer from Rise Up Network facilities

    FBI seizes anonymous remailer from Rise Up Network facilities

    A server physically located in a collocation facility in New York shared by left leaning organizations Rise Up Networks&May First/People Link was seized two days ago, 18th April, by the FBI turning up with a search warrant. The server belonged to the “European Counter Network“, an Italian group defining itself as “antifascist“,  it provided email accounts, mailing lists, website hosting for activists and remailing to the public. It appears that an anonymous person sent more than 100 bomb threats over a period of months through the mixmaster remailer network to the University of Pittsburgh leading to numerous building evacuations while the police cleared all false alarms. No arrests have been made so far but the investigation remains open.

    Riseup press release calls the server seizure an attack on free speech that has left artists, historians, gay rights groups, feminists and others without mailing lists and email accounts, various websites have also been taken offline as a consequence of the seizure. Riseup claims that while sympathizing with the University of Pittsburgh community they do not understand why the FBI has taken the server when “authorities knew that the server contained no useful information that would help in their investigation“.

    Anonymous remailer
    Anonymous remailer

    Mixmaster remailers resemble the tor proxy network in that they do not log anything and work in chain mode, normally three servers in different jurisdictions are involved routing an email before being finally delivered to an inbox, however more servers could be involved if the sender specifies it in the settings. Mail servers running open source Mixmaster software remove header information to make it impossible finding out the sender, messages are deliberately held for some time to avoid time based attacks and it can take days or hours before an anonymous email is finally delivered.

    A Mixmaster remailing server has been designed to make it impossible to trace emails back to the original source for the system to fail it would be necessary to seize all of the servers involved sending a message and recovering erased logs, assuming they ever existed. A new protocol called Mixminion is in development and intended to replace Mixmaster in the future.

    More information: EFF article about remailer seizure

  • Code Talker Tunnel disguises tor traffic as Skype video calls

    Code Talker Tunnel disguises tor traffic as Skype video calls

    Countries like Iran and China routinely block public tor IP addresses, to get around this problem relays called tor bridges are not made public and only facilitated to users living in repressive countries after request. According  to recent research from Internet security firm Team Cymru, China’s Great Firewall can distinguish in between normal traffic and tor traffic using SSL deep packet inspection, one factor used by the Great Firewall of China to detect tor traffic is the tor proxy SSL cipher list, in between others. Communications can not be read because they are encrypted but a bot attempts to connect to the suspected tor server IP passing itself of as a user, when it confirms it is a tor bridge via a successful connection the tor server IP is added to the list of blocked IPs in the firewall.

    Iran has also been reported in the past for having an Internet censorship system able to identify the beginning of a tor proxy SSL handshake and interrupting the handshake.

    SkypeMorph disguises tor proxy traffic
    Code Talker Tunnel disguises tor proxy traffic

    SkypeMorh renamed Code Talker Tunnel uses traffic shaping to convert tor packets into UDP (User Datagram  Protocol) traffic preventing deep packet inspection of tor data from being recognized as such. Code Talker Tunnel traffic shaping mimics the sizes and packet timings of a normal Skype video call, the developers of this tool at the University of Waterloo in Canada chose a VoIP client to hide tor traffic because the flow of data packets, sending a request and waiting for a response with a long pause during transmission resembles how a tor proxy server works.

    SkypeMorph Code Talker Tunnel is a pluggable transport that will work with the own tor project developed obfsproxy a program for Mac, Windows and Linux users masking tor traffic as a different protocol specified using pluggable transports.

    Visit Code Talker Tunnel homepage

  • Services to send self-destructing email and notes

    Services to send self-destructing email and notes

    Sending a self-destructing note or email is a good way to  to make it difficult for someone to forward your message, saving it to a hard drive or stop a third party email server from keeping the message archived for years. The only way around for someone to copy a self-destructing email would be taking a screenshot, the message would still have to be associated with the sender to compromise your privacy, some of the services below make it difficult to make a readable screen grab.

    OneShar.es: Allows you to compose a text only message on their servers via SSL, you are then given a unique URL that can be copied into any email message, IM or chatroom, after someone views the URL to read the message it will automatically self-destruct. i.e. erase itself from the server

    PrivNote: Web service using SSL to send secure self-destructing notes without any registration needed. The text message will be made unavailable through the link after someone reads it once, there are no configuration options other than leaving your email address to be notified when someone reads the note.

    QuickForget: Designed to compose an online note through a SSL connection from your browser to their severs and easily set it up to expire after a specific number of views or length of time after which your note will be purged from the database for ever.

    QuickForget secure online note
    QuickForget secure online note

    OneTimeSecret: After creating a self-destructing note you will be given two links, one that will display the message once and another link for you that will inform you if the message has been read when you visit it. Optionally you can set up a password to protect the message.

    BurnNote: Mobile phone app only for Android and iPhone, Burn Note displays a count down when the recipient opens a message and automatically destroys when it reaches zero, this guarantees that if someone only one person is able to read the data. You can send messages to other Burn Note users, an email address or get a link to your message that you can post or send via Instant Messenger.

    BurnNote self-destructing note
    BurnNote self-destructing note

    StealthNotes: Message can have a maximum of views before self-destructing or a date can be set up for the message to be erased. Messages can be composed using text or HTML code, there is no SSL.

    Crypt-A-Byte: Online dropbox that allows you to send PGP encrypted messages or send a self-destructing message that is erased after the recipient reads it. The message is encrypted in the browser and the passphrase never stored in the server, it is impossible for Crypt-A-Byte to read or decrypt your notes.

  • How to use tor proxy with the Advanced Onion Router

    How to use tor proxy with the Advanced Onion Router

    Advanced Onion Router is a free portable tor proxy server and client for the Onion Routing network, a distributed proxy network run by volunteers designed to anonymize traffic and bypass Internet filters. Advanced Onion Router is meant to be an all in one application replacement for the classic Tor+Vidalia+Privoxy Windows bundle, highly configurable, it can fake your browser headers and operating system, as well as the computer regional settings which can be used to pinpoint your location by looking at something like local time.

    There is support for encrypted SSL connections, Socks4/5, corporate NTLM (NT Lan Manager) proxies, banning of addresses and routers, plugin support, hotkeys, multilingual, circuit length can be determined from 1 up to a chain of 10 proxies with priorities set, separate browsing profiles can be set by erasing identities cookies and creating new fake browser and operating system headers. You can use this tool to help the onion routing network donating some bandwidth for others or host your own hidden service, it only requires some easy re-configuration to make sure that your real location is not revealed and create your own .onion address. A tor hidden service is a way to host your own content making it impossible for a Government or powerful enemy to take it down.

    Advanced Onion Router tor proxy
    Advanced Onion Router tor proxy

    Advanced Onion Router lets you add your favourite program to a list making sure that when you start it all traffic will be forced through a tor proxy tunnel, each program can have its own separate settings running inside a sandbox. Configuration files can be encrypted using AES, adding another layer of security against noisy people, even better is the read only mode, where you can run this portable tor proxy from read only media, like a CD-Rom, and no personal data (history, cookies, etc) will be stored anywhere.

    Visit Advanced Onion Router homepage