5000th post ---> Hack your Privacy

[dmnEPC]

It's hard to imagine I have managed to piss off 5000 posts on WF. I have been struggling with what to do this post on for the last couple of months. I didnt want to do the same old milestone post that everyone does, so I figured I would try something different. Besides I could never compete with some of those epic posts.

So what are we going to talk about here? With all the revelations that have come to note in the last year, privacy is the perfect topic. This post is by no means meant to be all encompassing. Its meant to remind you of things you forgot about, and hopefully show you a few new tricks. I would really love to see this turn into a conversation about ways to maintain privacy. Tips, tricks, tools, scripts, are more than welcome. Just because somethings may seem like beginner stuff to you, your WF brother may have never heard of it before. Well that's about it, here we go.

If you have nothing to hide, you shouldn't have anything to worry about.

Computer

Shadow Copy (also known as Volume Snapshot Service,[1] Volume Shadow Copy Service[2] or VSS[2]), is a technology included in Microsoft Windows that allows taking manual or automatic backup copies or snapshots of data, even if it has a lock, on a specific volume at a specific point in time over regular intervals. It is implemented as a Windows service called the Volume Shadow Copy service. A software VSS provider service is also included as part of Windows to be used by Windows applications.

Shadow Copy technology requires the file system to be NTFS to be able to create and store shadow copies. Shadow Copies can be created on local and external (removable or network) volumes by any Windows component that uses this technology, such as when creating a scheduled Windows Backup or automatic System Restore point.

A number of Microsoft Windows components have been updated to make use of Shadow Copy. Backup and Restore in Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2 operating systems performs block-based backups when doing full system backups. The file backup feature also uses shadow copy but stores files inside ZIP files.

Shadow Copy - Wikipedia, the free encyclopedia

Volume Shadow Copy maintains snapshots of entire volumes. By default, it is turned on for your system volume (C and protects all the data on that volume, including all the system files, program files, user settings, documents, etc.

It doesn’t matter how many times you overwrite the file, the shadow copy will still be there, safely stored on a hidden volume. A partial solution is to delete all the shadow copies (by choosing Control Panel | System | System protection | Configure | Delete) before you wipe the file. This prevents VSC from making a copy of the file right before you overwrite it. However, it is quite possible that one of the shadow copies you just deleted already contained a copy of the file (for example, because it had recently been modified). Since deleting the shadow copies does not wipe the disk space that was occupied by them, the contents of the shadowed file will still be there on the disk.

So, if you really wanted to be secure, you would also have to wipe the blocks that used to contain the shadow copies. This would be very hard to do, as there is no direct access to that area of the disk.

What you should know about Volume Shadow Copy/System Restore in Windows 7 & Vista (FAQ) | Trying To Be Helpful

You can manage your Volume Shadow Copies by running an elevated command prompt (type command in WIN search box, right click, run as admin)

Here are the basic commands to see if you have VSC's on your machine

Vssadmin List Providers: Lists registered Volume Shadow Copy providers. Windows Vista includes Software Shadow Copy Provider 1.0.

Vssadmin List Shadows: Lists existing volume shadow copies, the time the shadow copy was created, and its location.

Vssadmin List ShadowStorage: Lists the volume shadow storage space currently in use, the space that is reserved for future use (labeled as allocated), and the maximum space that might be dedicated. This space is used to store changes while a shadow copy is active. The following sample output was generated using a computer that currently had about 3GB of files stored in a shadow copy, but that might allocate as much as 6.4GB.

Vssadmin List Volumes: Lists volumes that are eligible for shadow copies.

Vssadmin List Writers: Lists shadow copy writers, which support communicating with the Volume Shadow Copy service to ensure that files are captured in a consistent state. By default, subscribed writers include an operating system writer, a registry writer, a WMI writer, and a search service writer, among others. SQL Server also provides a Volume Shadow Copy writer.

Vssadmin Resize ShadowStorage: Resizes Volume Shadow Copy storage. You can use this command to increase the maximum space that might be used by Volume Shadow Copy. Typically, this is unnecessary. However, if you discover that backups are failing on a computer because of an extremely high volume of changes during a backup, and Vssadmin List ShadowStorage reveals that the used Shadow Copy Storage space is at the maximum, you might be able to resolve the problem by manually increasing the maximum size.
Manage the Volume Shadow Copy Service with from the Vssadmin Command-Line

 

[dmnEPC]

Jump Lists
Another set of artifacts easily found right on your start button are jumplists. These show recent documents and programs when you click the start menu. You can modify and remove these from your windows start menu easily.

Right click on taskbar and click properties

You can adjust how many items you want to appear in the jumplists by clicking the customize button on previous image

You may decide not to have any downloads or documents and a few other options show up on your jumplists.

Delete Jumplists
1 Right click each item and delete
2 Deselect the "store and display recently opened items in Start Menu Properties
3 From Windows Explorer navigate to AutomaticDestinations directory and delete Compound Binary Files
4 From Command Prompt "del

C:\Users\Win7x64\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\* /Q’"

Forensics Analysis of shellbags WIN7

ShellBags

"Shellbags" are used to maintain the size, view, icon, and position of a folder and can be used forensically to demolish a plausible deniability argument since they will often detail a route to a removable device, and all folder names in the path.

Shellbags are nothing more than information stored in a set of subkeys in the User registry hive (ie... ntuser.dat & usrclass.dat) to track your user viewing preferences.

Say you have a folder on your TrueCrypt mounted drive labeled “BadStuff” and that folder is in a folder called “SensitiveStuff”. The User data Shellbag will record the path to it if you have accessed that folder as (drive depending on where you monted, will use F for this demonstration) F:/SensitiveStuff/BadStuff. So now, forensically may be used against you.

What about say, Tor on a USB device? Same principle. If you access Tor from within a folder, Shellbag will make a record of the path to it. Not only the name of the folder (typically Tor) but also the date and time of creation and last access. Shellbag will also record that Tor has a /browser folder. Could this be an issue for you?

There are a number of tools to parse your shellbags. Registry Decoder TZworks sbag
and RegRipper

Forensics-and-Incident-Response-Poster

NTUSER.dat holds a treasure trove for anyone wanting to see what you have been upto

 

[dmnEPC]

Your Harddrive
As you already probably know when you delete data from spinning hard drives the data is probably still available. There are tools to wipe the hard drive (overwriting all the sectors) like wipe programs and heavy duty magnets, yet if you're disposing of the drive there is still the potential for recovering the data. While were on the subject of disposing of a hard drive. If you want to really be sure you are safe, your best bet is to wipe the drive, then dissemble the drive and put the platters on a drill press, and turn them into swiss cheese.

Solid state drives are a little different (for now). As of now a solid state drive w/ "TRIM" enabled can be wiped, overwritten, and be unrecoverable.

[ame=http://www.youtube.com/watch?v=zG0orMGf_Go]DEF CON 21 - Sam Bowne - Data Evaporation from SSDs - YouTube[/ame]

Even with that being the case, you still might not want to fully trust the overwrite if you're disposing of a computer or harddrive. The bottom line is destroy, destroy, destroy.

If you ever need to destroy your harddrive (windows) in a hurry this cute little batch script will render it useless

Keep in mind this is no substitute for a secure wipe and drilling the drive, but in a pinch it might save you a lot off hassle. If you ever did run into a situation where you had to run this script, if time exists make sure you yank the power cable after its complete (so you can corrupt the system memory)

Now a days when a computer is seized the first thing a digital forensics examiner (or whoever is on scene) will do is pull the data from memory. One of the best ways to corrupt that data is to simply yank the cord from the wall. If its a laptop yank the battery. This is not fool proof, but it could save you some embarresment (or worse)

One of the great tools that we have availble to make the job of an examiner more difficult is Ccleaner. The writers of this "anti forensics" tool are experts in digital forensics. The program goes along ways in deleting many of the potentially hundreds of thousands of items that could be used against you. It doesn't get it all (like the more than 60 different log files found in windows), but it is a damn good start. Setup a task to have it run weekly.

You might think this is overly paranoid talk. You say you're not a criminal, and have nothing to hide. Well what happens if the local swat team gets sent to the wrong house? Or maybe some internet troll wants to get revenge and calls in a fake call to SWAT and sends them to your house? Mistakes happen. With 10's of thousands of local, state, federal, international laws on the books they are bound to find something. Make it harder for them.

Your Car
Your car is one of the most vulnerable things to your privacy. You could get in an accident, you could have someone call in making a report on your driving, you could get pulled over and searched. Keep your car clean. Dont put mail (your home address in plain view)on the dash or on the seat (unless you need to hide something in it).

Imagine you get falsely accused of drunk driving. Someone calls in your plates and the police show up at your door. One way you might be able to buy some time would be to steal this little gem out of JJLunas book How to be Invisible and have your car registered to your newmexico llc (read the book for more) and the address on record is a "ghost address" (not your home address). This might give you the little extra time needed to make the proper arangements to prove your innocence.

Your Phone

Can you live without your cellphone? I sure cant. Your cellphone is extremely dangerous to your privacy. There are stories everyday about how police seize peoples phones at random traffic stops. What will he find on your phone? There is mobile equipment where sophisticated criminals or alphabet agencies can make a fake cell tower and capture all your data. If you assume everything you do on your phone is public information you will have less to worry about.

One of the best ways to protect yourself if your phone is ever lost or stolen is to password protect it (long passcode W/ data overwrite to avoid brute force attacks).

This just scratches the surface though. Your cellphone tracks your every move. This might not be a big deal, but why not take that privacy back? One of the easiest ways to disrupt that tracking is with call forwarding. Take your SIM card out of your "good phone" and pop it into a cheap no contract phone, pop the no contract phones sim into your main carry phone and forward your calls to the "burner" number. Now anyone tracking your main phone # will see you're sitting at home. It is certainly possible to setup and forward more than 1 number. Maybe you're really paranoid and setup the forwarding to go a few phone numbers deep.

While we are on the topic of phones, why give out your main number to anyone who doesn't really need it? Credit Card companies, doctors, police, tax returns, blind dates, mechanic, schools, attorney's, don't need your main phone number. Setup a free google voice (or the burner) number and have that forwarded to your main number. Nobody will be able to tell the difference. If something ever goes wrong you wont have to stress over your phone ringing all day and night.

 

[dmnEPC]

Social Media

One of the best ways to isolate yourself from prying eyes is to use different usernames. Why do any of these sites need to know who you really are? Setup a spreadsheet (or a password manager) with the pertinent info for identity.

When choosing a username follow a couple basic rules.

1. It must be a username you have never used before.
2. Use common words (no numbers). Using common words like Jones, river, jim, ect makes connecting usernames or searching for the username much more difficult. Its pretty much the opposite of what you're looking for when doing keyword research. Instead of picking the low competition words, you want to choose the highest competiton words for your usernames. That way you can let the SEO'rs battle it out for the first few pages of the Serps. Security by obscurity.

I cant emphasize enough how important it is to your privacy to use a different username on different sites. Even the most innocent law abiding citizens give away a lot of information on the internet. If you make it easy to connect the dots the more vulnerable you become.

While we are on the topic of unique usernames, we should talk about having unique email address's to go with those usernames. You want to put layers between your online personas and your your real life accounts. If you sign up for a new account at lets say a gay webmaster forum and use a simple high competition username, what are you going to use for your email when you register your account? Yourname@email.com? Why not setup a Yourusername@yahoo.com or maybe a yourusername@customdomain.com and have those emails forwarded to a catchall address (not yourname@email.com). You could even go as far as forwarding your catchall email to your main yourname@gmail.com account, but I wouldn't advise that. Remember when setting up these new email address's you need to enter a backup email address. Dont be stupid and enter yourname@email.com as the backup email, this can easily lead to you being outed by a clever opponent.

Never talk about your shiny new electronics on facebook (or any site where your real id is exposed). There have been plenty of cases where criminals have used social media to plan burglaries based off the info on your social media account.

Another aspect to social media worth considering is the idea of misdirection. Sometimes you may want to develop a personality to throw a cleaver opponent off your tracks. You can make a burner id to give up so your opponent thinks he found the real you. This takes some real effort.

Your gaywebmaster identity may need to have a facebook account, an instagram, ect. accounts. Your opponant may want to see pictures of you drinking and partying or looking like an idiot, maybe you can help him find it. These accounts and personalities take time to cultivate. It can be really hard to go back in time and create these things. So there is no time like the present get started now. Figure out a way to automate it. The more info that your opponents can find, the more likely he will buy into it believing its real.

By this point you maybe getting worried about what can be found on your real identity. Start searching around for your usernames. You will be amazed at the shit google will find from 10 years ago. The good news is there is a good chance you can still control those old myspace accounts. You may have also just found a way to go back in time. Change the details as you see fit. Maybe you can change the username? Or maybe you can link it to your alterego? Each situation is different. Dont just go in and delete those old accounts. Use them to your advantage. Stop and think before you do anything.

If you have been using the same username for a decade you are making it very easy to learn everything about you. One of the ways to diminish that is to make it harder to find it. You need to rank an alter-ego (diversion) away from your real identity and that username. This is where you start setting up new accounts w/ the same username and automating with tools like IFTTT you can start to add garbage to the mix. This garbage will need to be able to traced back to the "you" that you want it too. It's important to understand this will only slow down a real professional. Your average internet troll is far to lazy and will more than likely go for the low hanging fruit. Dont underestimate the power of mis-information. There is no way to know when you will become the object of someones desire, so start today.

Ghost Address

As mentioned abouve there can be some real benefits to using another address in place of your home address. You can use a PO box, but there are alot of drawbacks to this. To get a POBox now adays requires name, address, drivers license, ect. Besides good luck trying to ship a package to your PObox. This is where the idea from JJlunas How to be invisible book comes into play. There are all kinds of reasons to have a "ghost address". Imagine you get wrongly accused of some crime? Do you want to get SWAT'd at 3:00am? Even if you're innocent this is going to be a lot of aggravation. Perhaps you didnt get SWAT'd, maybe you suddenly rise to an unwanted fame and have the media camped out on your front lawn. Maybe you have a crazy ex stalking you. There are probably 1000's of reasons you might not want to give your home address.

Luna recommends having at least 2

A ghost address refers to an alternative address you can use, rather than the address where you actually live. I recommend a minimum of two ghost addresses.
1. A local address
This is where you pick up your mail on a regular basis. It may be a nearby PO Box, a box at a commercial mail-receiving agency (CMRA) or perhaps at your place of business.
2. A faraway address
This is an address to use that protects your privacy to a far greater extent.

Where do you find one of these "ghost address's? You start looking around town. Maybe you rent the closet in a local office. Or maybe a farmer who rents storage space in his outbuildings. Some have sweet talked the little lady into renting her some space in the garage. Yes you're going to need to talk to some people. Is it worth the effort? That's for you to decide. Just remember even though most law abiding citizens can come under close scrutiny. All of these measure are about buying you time. You have to decide what level of security you need. But it is well worth your time to potentially avoid embarrassment, criminal charges, ex lovers, crazy stalkers, ect.

Thats it. inb4 tldr;

 

[dmnEPC]

PS I almost forgot about VPN's
It is not uncommon to keep log's of your search habits. Some ISP's have even reported to keeping your internet logs for as long as 5 years. 99% of the time this is not a big deal. But that 1% of the time where it is a big deal, it will be a real big deal.
Using a VPN will go along way in protecting your browsing habits, and if you are into torrenting it just might save you from your ISPs 6 strike rule. You can not only use your VPN to protect your traffic at home, but also on your cellphone. Even on an Iphone you can route your traffic through your VPN and keep your mobile provider in the dark. Let them turn in a blank log. Some have suggested using servers in countries that respect your privacy. It would be a lot of hassle for the police to get your logs from a server in the Netherlands.

 

[lukep]

Vote for Enlightened.

I especially love the social media tips; you don't see much of that kind of advice out there.

Thanks for the great thread!

 

[droplister]

I have "How to Be Invisible." The book boils down to ghosts addresses, like you said, and paying for stuff outright and with cash, if you can.

This thread scares me though.

PLEASE DON'T GOOGLE ME

 

[dmnEPC]

Apparently this thread is unable to pass certain virus scan's. The code snippet for the system d*l must be flagging the thread. If a mod could edit the code snippet, maybe we could just link to the code snippet and pass the AV tests.

 

[AdamC]

good post.

regarding usernames/emails, I wrote a little script to create unique email addresses, passwords and usernames and store them, running in a LAMP vps. All I have to do is put in the domain/site and it creates the rest, ready to copy paste. I recommend everyone use unique details they cannot remember, for everything.

Also, I pay with cash everywhere. One withdrawal per month or as needed, from the same ATM if possible.

Thirdly, i recommend having cycling sim cards in a second phone for things like classified ads, or anything that requires a number in the short term. I use that number for placing ads, or calling up people about theirs. When loose ends are tied up i just throw the sim card away and get another.

People do google phone numbers and I think it's less than ideal if cached classified pages come up in google for that Ricky Martin CD you tried to sell in 1999.

 

[Jameel]

Must be read while listening to this

[ame=http://www.youtube.com/watch?v=6nFKPVfDrgU]Frank Klepacki - Hell March 3 (High Quality) - YouTube[/ame]

 

[Pheasant]

Could someone just make an .exe that takes care of all this in one click for me?

 

[IceToEskimos]

Narcotics Detectives HATE Him...

 

[nator]

Use bitlocker to encrypt your drive.
+long login password to protect against brute force (one that you can't even remember)
+fingerprint reader login
=
makes your win system pretty safe (unless someone forces you to apply your finger, or...)

 

[stockfire]

any suggestions for Nordic/Netherlands VPN's?

In the past I've just used a VPS etc, but its a hassle, wondering if there is a "secure" non-US VPN service - Like hidemyass but non-squealers..

 

[SLO Ur Roll]

any suggestions for Nordic/Netherlands VPN's?

In the past I've just used a VPS etc, but its a hassle, wondering if there is a "secure" non-US VPN service - Like hidemyass but non-squealers..

ipredator.se
airvpn.org
privacy.li
nvpn.net
mullvad.net

 

[conjamuk]

Anti NSA mode

• Use bitcoin to buy hosting and vpns, buy the coins from craigslist
• Avoid windows and OSX use a distro like debian, Gentoo, mint.
• Use a user agent switcher.
  
• Routers can easily be hacked use DD-WRT.
• Don't use any mainsteam browsers use iceweasel instead.
• HTTPs everywhere
• Avoid Intel CPUs.
• Use SSDs they are harder to recover data from and can be destroyed easier.
• Avoid Skype like the plague
• Ditch your cell phone.

And

 

[dmnEPC]

Anti NSA mode

• Use bitcoin to buy hosting and vpns, buy the coins from craigslist
• Avoid windows and OSX use a distro like debian, Gentoo, mint.
• Use a user agent switcher.
  
• Routers can easily be hacked use DD-WRT.
• Don't use any mainsteam browsers use iceweasel instead.
• HTTPs everywhere
• Avoid Intel CPUs.
• Use SSDs they are harder to recover data from and can be destroyed easier.
• Avoid Skype like the plague
• Ditch your cell phone.

And

Great post. Reminded me of a couple more thoughts. When you get your VPN don't just use it on your computer. Set it up on the router level so all traffic gets routed through the VPN. One major tangible benefit, will keep your ISP from throttling your netflix traffic on your xbox one or roku type device.

As conjamuk mentions DD-WRT or tomato are a must. For the truly paranoid stick with a laptop. It's a lot harder to pack up your tower if you need to leave in a rush. Computers are dirt cheap.

Another idea on security is layering. Much like a network should keep your username am password in a seperated database; you could have a computer only for internet. And a seperated one for personal data that's never connected to the internet. You can transfer data via cd or thumb drive.

Pro tip. On you computer that's not connected, why not make it tough on intruders and eliminate USB ports and or optical drives all together. Most modern forensics examiners and criminals would be lost with no USB or Internet connection

 

[microphone head]

Excellent thread!

I have an ongoing argument with a friend about internet privacy (and indeed local data privacy) and how astonished I am that so many people are willing to just put up so much PI about themselves on other people's servers. I am not a criminal but yet I still value my privacy & PI extremely important, and the speed at which I see people being 'found' on the internet just always reminds me how easy it is.
We've witnessed it here multiple times!

 

[SteveGG]

^------- nice.

Micro SD Card Covert Coins - Secret Compartment : [ame="http://www.amazon.com/US-Mint-Quarter-Covert-Compartment/dp/B0036VJHXG/ref=sr_1_3?ie=UTF8&qid=1394293667&sr=8-3&keywords=Micro+SD+Card+Covert+Coin+-+Secret+Compartment"]Amazon.com: US Mint Quarter - Micro SD Card Covert Coin - Secret Compartment US Quarter: Everything Else[/ame]

 

[dmnEPC]

Excellent thread!

I have an ongoing argument with a friend about internet privacy (and indeed local data privacy) and how astonished I am that so many people are willing to just put up so much PI about themselves on other people's servers. I am not a criminal but yet I still value my privacy & PI extremely important, and the speed at which I see people being 'found' on the internet just always reminds me how easy it is.
We've witnessed it here multiple times!

Never underestimate how quickly things can spin out of control. Just look at that reporter that got Dox'd in like an hour after outing satoshi