Hacker 10 – Security Hacker

Category: Anonymity

Internet anonymity

  • Uncensored decentralized search engine YaCy

    Uncensored decentralized search engine YaCy

    YaCy is an open source community based search engine written in Java with no central server indexing the results, search queries are produced using a worldwide peer to peer computer network, in the same way that torrent downloads work, the quantity and quality of the results will depend on the number of peers connected at the time, on top of the search results YaCy lets you know how many peers are providing them, it can be used to search text or images. Unlike Google or Bing, where the company managing the search results is open to subpoenas and censoring links (e.g. DMCA complaint, offensive images, etc), YaCy results can not be censoredas no single central authority is responsible for them and there are thousands of servers (personal computers) in multiple countries providing results, with some seed list servers including accurate p2p node information to be found in the source code.

    You will need to download YaCy software to your computer to use it, during installation Windows default firewall will be configured to allow YaCy queries pass through, if you are using a different firewall you will have to set it up manually to allow YaCy to connect to the Internet. The search engine will be accessed in your browser clicking on YaCy’s logo or visiting http://localhost:8090 (default port can be changed), YaCy can be set up to crawl an specific website or FTP server creating your own search index, the crawling can be scheduled to as often as you like or limited to a single time to save computer resources.

    yaCy anonymous search engine
    yaCy anonymous search engine

    To protect your privacy after performing a search the words used are sent to a peer in the form of distributed hash tables, peers store crawled search results as cryptographic hashes and these are all mixed in between peers, making it impossible to pinpoint search queries to a certain host. Search is not limited to the public Internet, YaCy can be used in Intranets, the configuration settings had so many options that it can take a long time to understand what everything is for, the best is to leave the defaults.

    In my experience YaCy Internet results were not very good, with a tendency to link to deep pages instead of the main portal, my main predicament is that it did not have too many pages indexed and it took a couple of seconds to finish each search query, this can be improved once YaCy manages to reach a sizable number of users/peers. Until then, this search engine will be better suited for Intranets or custom crawling of forums and wikis, admittedly, their plan is not to beat Google results, but to provide a truly private search engine experience. There is no need to erase logs, because there are no logs and companies do not have to rely on a third party server to run their private search queries. In the future the developers plan on indexing tor node pages and Freenet sites.

    Visit YaCy search engine homepage

  • Computer IPv6 addresses & privacy

    Computer IPv6 addresses & privacy

    The current 32-bit IPv4 protocol, created in 1981, can have up to 4 billion of IP addresses, every device connected to the Internet needs one of them, including mobile devices, going beyond everyone’s foresight, the Internet is now running out of IP addresses, by the end of 2012 all available IPv4 addresses could have been given.

    IPv6 is a brand new version of Internet Protocol set to succeed IPv4, it isn’t an upgrade since networks using both protocols are largely incompatible at packet level and can not communicate in between them, IPv6 is based on 128bit addresses, it will provide users with a near inexhaustible number of IP addresses. You can easily identify an IPv6 address because unlike IPv4 composed of four groups of numbers separated by dots, an IPv6 address is composed of eight groups of alphanumeric characters separated by colons.

    Tip: Some IPv4 routers can be converted to IPv6 with a simple firmware update.

     IPv6 addresses advantages

    Efficiency: Data packet headers and packet forwarding through routers has been simplified to make it more efficient

    Multicast: The transmission of a packet to multiple locations in a single send operation, aka multicast, is a base specification in IPv6 (optional in IPv4)

    SLAAC (Stateless Address Auto Configuration): A standard IPv6 feature that allows IPv6 hosts to autoconfigure when connected to an IPv6 router, it is able to automatically assign IP addresses and device numbering.

    Jumbograms: A jumbogram is a transmission data packet exceeding the standard Maximum Transmission Unit (MTU) IPv6 jumbograms contain a payload larger than the IPv4 limit of 65,535 eight-bit bytes (aka octets).

    Geolocation:  IPv6 address have more geolocation options than IPv4, the new IPv6 latitude and longitude system can be scaled down to nearly microscopic pinpointing.

    Computer IPv6 address
    Computer IPv6 address

    IPSec (Internet Protocol Security): Originally designed for IPv6, and later expanded to IPv4, this Internet protocol secures communications encrypting and authenticating data packets for each session, IPSec is optional in IPv4 and mandatory in IPv6.

    Mobile IPv6 (MIPv6): The MIPv6 protocol enables a mobile device to switch between networks, mobile devices are identified by their home address regardless of physical location, IPv4 sends the data packets to a proxy server for relaying to the target device.

    IPv6 address examples: 2001:db8:ffff:1:201:02ff:fe03:0405  OR 2607:f298:1:109::7ba:1bd8 OR 2001:41d0:1:1b00:213:186:33:87

    Note: IPv6 addresses will be rolled out progressively and they are expected to coexist side by side with IPv4 networks for a long time, it is the ISP responsibility to implement IPv6, not the user.

    IPv6 privacy concerns

    When an IPv4 user reboots the computer a new IP address is assigned by his Internet Service Provider DHCP server, with IPv6 making billions of IP addresses available there will be no need to request a new IP when the computer boots up and dynamic IP addressing (DHCP) should eventually disappear. The first half of an IPv6 address is static, identifies the network and it never changes, it can be stored, the second half of the IP is created by an IPv6 enabled device (i.e. your computer+operating system).

    IPv6 128bit computer address
    IPv6 128bit computer address

    IPv6 stateless configuration uses the hardware device unique MAC address to create the IP last 64 bits, this means that your computer MAC address is exposed to the Internet, since any website you visit logs your IP they can also figure out your physical network card MAC address. IPv6 has something called Privacy Extensions (RFC 4941), enabled by default in Windows (not enabled in Linux and Mac OS X before Lion), it uses a random number generated by a computer algorithm to dynamically assign a varying address block when creating the IPv6 address so that your computer MAC address is not used and remains hidden.

    Example of traceable IPv6 computer address 2001:0db8:1:2:60:8ff:fe52:f9d8

    • Take the last 64 bits (the host identifier) and add leading zeros: 0060:08ff:fe52:f9d8
    • Strip the ff:fe part from the middle. If these bytes are not there, then there’s no MAC address.
    • For the first byte: complement the second low-order bit (the universal/local bit; if the bit is a 1, make it 0, and if it is a 0, make it 1). So: 0x00 (00000000) becomes 0x02 (00000010).
    • Result: 60:8ff:fe52:f9d8 translates back to computer MAC address 02:60:08:52:f9:d8

    Tip: If you see the characters “ff:fe” in the middle of your IPv6 address then your network card MAC address has been used to create it, if the characters are not there, privacy extensions is enabled and you do not need to worry.

    IPv6 useful websites 

    Test IPv6: Runs a quick test giving you all kind of technical information on your IPv6 address indicating a score of your IPv6 and IPv4 stability and readiness

    IPv6 Test: Checks your IPv6 and IPv4 speed and diagnoses connection problems, it tells you if  a computer is using IPv6, it can test your ping latency and compare IPv4 against IPv6 performance, it can also test if a website is reachable using IPv6.

    TunnelBroker: Free Tunnel Broker service enabling people to reach the IPv6 Internet by tunneling over existing IPv4 connections from an IPv6 enabled host or router to one of their IPv6 routers.

    SixXS: Offers IPv6 Tunnel Broker managing and a number of IPv6 Tunnel Servers to end users.

  • Review free VPN provider HotSpotShield

    Review free VPN provider HotSpotShield

    If you are getting a product and not paying for it then you are the product being sold, all ‘free’ VPN services I know of provide you with very limited speed and bandwidth, they advertise a barely usable VPN as if it was free when in reality it feels like a test VPN, their business model is to get users to upgrade to their paid for VPN, since their free one is full of restrictions it is highly likely that most people will upgrade, if nobody did they would go out of business very soon.

    HotSpotShield is the most used free VPN service out there, browser independent, available for Windows and MAC, they claim to have over 10 millions of users, HotSpotShield finances its free VPN service injecting third party advertising banners on top of the browser in every single page you visit and trying to sell you an upgrade to their ‘elite’ ad-free VPN. HotSpotShield will attempt to install a toolbar and change your homepage when you install it, make sure to uncheck the boxes during installation, however you will have to agree to their terms and conditions and this means making your personal information available to a third party (advertising company).

    HotSpotShield free VPN
    HotSpotShield free VPN

    HotSpotShield will give your computer a US IP, this will allow you to watch USA TV and listen to USA restricted music radio stations, it worked flawlessly with the most popular online TV and radio sites like Hulu, Crackle and Pandora, however Slacker Radio and Rdio.com both detected I was behind a proxy and did not allow me to play music, showing me a message saying that the service is only available in the US and Canada. If you ever pay for a VPN try to make sure they have more than one server, this way if a company blocks one of them a quick server switch solves the problem, with HotSpotShield free version there is not such luxury.

    I was impressed with the VPN speed, I expected it to be overloaded since it is free, but it wasn’t, the ping is on the low side but acceptable, the New York server, measured from Europe it gave 3.5MB of available bandwidth and a 300ms ping rate, this is more than enough to stream online videos, the minimum bandwidth needed for video streaming is around 1MB.

    I have been unable to see any kind of bandwidth restriction mentioned in HotSpotShield terms and conditions, what they do mention is that they can terminate your service wherever they feel like it, I would imagine that there is some kind of bandwidth limit but officially nothing is said about that on their website.

    HotSpotShield will be fine for people living in countries that censor the Internet and can’t really afford to pay $5/month for a proper VPN, or for those on a weekend trip needing the occasional VPN, but I would not bother downloading this VPN service for anything else, frequent VPN users will end up paying for the service anyway, HotSpotShield banner can become quite annoying, it takes up part of the screen forcing you to scroll down and it slows down your Internet browsing waiting for the banner to load, the adverts can be stopped using the AdBlock Plus Firefox addon but even then I did not feel at ease knowing that my personal data was being sold to a third party.

     Visit HotSpotShield VPN

  • Send & receive anonymous email with Tor Mail

    Send & receive anonymous email with Tor Mail

    Tor Mail is an anonymous email service running on the Electronics Frontiers Foundation Tor anonymity network, Tor Mail is an independent project and not endorsed by the EFF, it works as a hidden service inside the network, a hidden service protocol needs to advertise its existence before people can find it, it does so by sending its public encryption keys to introduction points, everything is proxied in a decentralized way which causes delays but secures your online anonymity, the advantage of a Tor hidden service is that the server location can not be found this makes it impossible to seize that server and keeps the user and the server operator identities safe.

    After signing up for Tor Mail you will get a @tormail.org email address where people can reach you, messages can be accessed through Webmail, SMTP, POP3 and IMAP, Tor Mail is composed of several servers relaying email in and out of the anonymous Tor network, no logs or user information is stored, the developer claims that they will not help anyone to identify users and since they hold no data any subpoena forcing them to do that would be useless.

    tor hidden service diagram network
    tor hidden service diagram network

    How to access Tor Mail

    The only way to sign up for a Tor Mail email address is through a .onion URL (http://jhiwjjlqpyawmpjx.onion/) , a .onion website is a 16 character long alpha numeric URL Base32 encoded 80 bits long automatically generated by a public encryption key, .onion has been designated by Tor to identify hidden services, you can only access it if you have Tor anonymity software installed in your computer, using the Tor network to browse the Internet not only will hide your IP but also get around ISP Internet filtering and monitoring, someone watching your activities online will not be able to see or log what you are doing other than connecting to a Tor network server.

    If you do not want to install Tor in your computer you can use a live DVD like Tails. To find out about more Tor hidden services like IRC networks,  Wiki, SSH server, Usenet and others, visit Anarchopedia list of Tor network links.

    Visit TorMail information homepage

    UPDATE: August 2013>> Tormail hosting admin has been arrested

     

  • HMA VPN user arrested after IP handed over to the FBI

    Cody Andrew Kretsinger, a 23 year old from Phoenix, Arizona (USA) is now facing 15 years in prison after being arrested by the FBI, an alleged member of malicious hacker group LulzSec in which he used the moniker “recursion”, he is believed to be involved in the hacking of Sony Pictures Entertainment servers using a SQL injection to obtain confidential information and post it on the Internet, British based Hide My Ass VPN  handed over his home IP on receiving a court order, according to the indictment Cody Kretsinger Hide My Ass VPN username was “recursion“, the same nickname he used in the hacking group, allegedly he also completely wiped clean his computer hard disk after hacking Sony Pictures.

    On a side note, for LulzSec to launch a denial of service attack against the UK Serious Organised Crime Agency (SOCA) website and use a British based VPN service does not come across as the kind of idea that the brightest candle in the shop would have.

    All VPNs keep connection logs 

    Anyone believing a VPN can be used for criminal activities and get away with it, is living in cuckoo land, all VPNs keep logs, if they didn’t they would not be in business for long, law enforcement or their dedicated server provider would shut down their business, you need to cover your ass and so do VPN companies, legally VPNs do not have to keep any logs but if a VPN is continuously used to commit crimes and they do not take any action to stop it they could be the ones facing court, HMA can track you down if you break the law.

    It is a common misconception that when a VPN claims “we do not keep logs” people assume they can not be tracked down, many users do not realize that there is no need for a VPN to know what sites they visit to track them down, all a VPN needs to protect their own ass is to know the user’s connection and disconnection time, for example if user A has been using IP 1.2.3.4 on Monday 25th Sept. at midnight and a company or LEA claims that IP 1.2.3.4 was used to carry out an illegal action on Monday 25th at midnight, all that the VPN needs to do is to look up who was using the IP at the time, the logs detailing the user bad deeds can be taken by the company owning the server where the hacking/posting occurred.

    What a law enforcement agency, aka LEA, can not do is to pursue a VPN company and ask them what websites have been visited by user A, VPNs do not normally keep that data, it is impossible for the FBI to go on a  fishing expedition asking for a user Internet activities hoping to find something illegal, if the FBI asks for a VPN company logs, they already have evidence that a crime was committed otherwise no subpoena could be issued.

    The next time you see a VPN claiming that they do not keep logs, always assume they are talking about visited websites logs, connection logs, the ones used to track you down, are always created on the VPN otherwise it wouldn’t work, privacy is a matter of how long do they keep connection logs for, in HMA VPN case, this can be found in their tiny terms and conditions, it used to be one week, then they changed it to 30 days (without notifying users of this change), then it changed a second time (without notifying users once again) and now it is at 30 days connections logs but do not be surprised if tomorrow this changes without notifying anyone like it has been done in the past.

  • Telex, the anticensorship network infrastructure

    Telex, the anticensorship network infrastructure

    Researchers from the University of Michigan (US) and Waterloo (Canada), have developed a new anti-censorship tool called Telex to stop Governments from blocking websites, it can help people to access the most commonly blocked websites, at the moment Facebook, Google, Youtube, Twitter and Telex.cc, the list can be expanded according to needs.

    One of the main differences of Telex in comparison to a tor proxy is that it does not alert people watching traffic that a censorship circumventing tool is being used and unlike proxy sites, it can not be blocked. After a user has installed Telex software in his computer when he wants to visit a censored website a secure SSL connection is established to a non blacklisted server outside the censor’s network, that connection is secretly marked as a Telex request using a hidden cryptographic tag in the headers, data requests go through various ISPs routing traffic, if some of those ISPs implement Telex stations to detect hidden cryptographic messages in the headers, they can then serve banned content to a user without anyone knowing.

    Telex stations are able to see what page you are requesting, this tool will not make you anonymous but it can be used in conjunction with a tor proxy or VPN. One possible counter attack against Telex would be for a censor country to run its own Telex station but because the requests use steganography with public/private encryption keys, without the real private encryption key they would be unable to detect or block Telex tagged requests, the idea would be to keep a central Telex authority banning certain ISPs or to change the private encryption key every 5 minutes only with those who have been whitelisted.

    Telex anticensorship network
    Telex anticensorship network

    In order for Telex to work it is necessary the participation of ISPs which means some kind of state level support, at the moment there is a single ISP at the researchers lab that works and it can be easily blocked, no real ISP has implemented Telex as of yet,  the software has only been released for testing and it is unsafe for real world use, the researchers have already managed to make it work from within China to stream banned YouTube videos.

    Visit Telex homepage

  • Firefox addon ShareMeNot stops social media tracking buttons

    Firefox addon ShareMeNot stops social media tracking buttons

    Social media sharing buttons included in blogs allow companies to track your surfing habits even if you do not click on them, some of these buttons will insert a tracking cookie in your browser and when you visit other sites it will be notify them of other places you have been visiting, some companies will even create your online profile justifying it saying that they want to serve you targeted advertising, the problem with the scheme is that the user has never consented to Internet browsing habits tracking, many people do not realize that in order to have a cookie from site A they don’t really need to visit site A, third party cookies can be inserted in user’s browsers by visiting any site.

    ShareMeNot Firefox privacy addon
    ShareMeNot Firefox privacy addon

    Unlike other Firefox privacy addons like NoScript or Ghostery, ShareMeNot will not remove the social media sharing buttons, it keeps them usable while blocking their tracking cookies unless you specifically approve them in the settings. The supported social media buttons at the moment are Facebook, StumbleUpon, LinkedIn, Twitter,Google +1 and Digg, this addon is part of a research project from the University of Washington (US).

    Visit ShareMeNot Firefox addon homepage