The author of these articles is writing these works on request of RijnDael for the MF and VR forums due to recent events. He, as well as the other members of our team has never had anything to do with any illegal actions. He got his knowledge in his lab, he sits on a dozen of thematic resources, blogs and channels and soaks up the information and makes experiments. At his request, this article will be edited by trusted people so that he cannot be linked to these articles by his linguistic handwriting.
We do not pretend to be absolute truth, we write for fun, for you and for the forums. All your questions after reading the article you can ask in this topic. The following articles will be written after we find out your interest in the author’s works.
To begin with the main question, of course, what can we do to have fewer problems?
We can learn linux and shell, react and webdev, design, seo, traffic, mailing lists, meta with cobaltstrike and other industries, and earn legally from them, but not here and now, but later, when you read a couple of books and invest 1500-3000 hours of your time, or little more, or less, and you won’t have to worry about being walked over, shackled and taken away.
But if you still don’t find yourself in the white business for whatever reason, this article is for you.
Linux was mentioned for a reason. Because the basic idea of achieving maximum security, privacy and anonymity is to remove corporations from your life, and also to understand how you will be found. And whether they will even spend time and resources on you. And who will be doing it. These are questions to keep in mind.
Let’s start with the most frequent question that troubles the minds of many newbies, and the answer to which some very categorical and pessimistic old-timers have long since given for themselves.
This question is whether it’s true that if they want to, they will.
Just a yes/no answer would be stupid in a security article.
It should be noted here that those looking for criminals are not a superpower, they are not an ephemeral concept, that can do literally anything and gain access to any door and server.
These are ordinary people like you, and there are dozens if not hundreds of them on this forum.
But we are not talking about them, but in general about those who are on the other side. And on the other side can be both total dummies and professionals of ethical and not so much hack, who in combination with the powers of a comrade major can almost everything.
You have to be aware that sometimes you will be opposed by the elite of the technical world, so you are basically always behind. And you have to start with that, that you are not two steps ahead of them, but they are. But it’s worth noting that this doesn’t apply to all of the groups that will be leading the search for anyone. It applies to a portion of those groups. And the time and resources for all of those groups may and most likely simply won’t exist.
So in this unfair and unfair game, you have to be like David who stood up to a much stronger and tougher opponent, Goliath. The best thing you can do is to study your opponent, learn his methods, and figure out how to make his job so difficult that Goliath will just drop his hands, and go taunt another character who’s stalling and spending another looted million. The most zealous among you will say, and rightly so, that if you’ve done something super hard, there’s no getting away from you. But if you do it right, there is still a chance. Especially if you lay low in time. Change your virtual identity completely, at root, and merge with other, real personalities. The second way to avoid such problems, as written above just do not do this shit, and learn, for example to grow potatoes, start a greenhouse, buy some more seedlings or learn something else, which will help you not to die of hunger.
If you do decide to encrypt, the first thing to do is to make a threat model and decide from that whether you are more comfortable trying to disappear completely, or trying to blend in with other legitimate network inhabitants. It is suggested that you do both. True, it will be extremely difficult to completely disappear from big brother’s radar. But it is possible. This paranoid option we might consider sometime later.
[Next we will use the concepts of real and virtual identity][/DATAENCODE
So we will mix both approaches. Firstly, it is recommended to permanently discard proprietary devices [at least in virtual person], which may (and many are) stuffed with all sorts of code following you, called trackers. Their task is not to watch your every word, but only to record certain patterns and report to the server, that so-and-so phrase was spoken or a certain behavioral pattern was followed, so this user will be shown such-and-such advertising (but imagine if a group will get control over the corporation’s server or the corporation will voluntarily give this group access). Someone will argue with this, but the author does not care. The literate reader probably understands that for security such devices should not be at least at work, and the work should not be in the place of permanent residence. When you move from one place (from work) to another, the reader should have the phone, which is not necessary on the move, turned off. Better yet, it should be left where it is used. At work. Or at home, if the reader travels to work.(And how in that case to contact your loved ones is a question left in the void, I will only note that if you are at work, then from a work phone on a virtual identity you should not have any intersections with a real person, first of all patterns of movement by gsm signal)
If you have people on your team who bring their iPhones, Samsungs, Shiomis, and other proprietary devices to work, the least you can do is put them in the bathroom in a box after they’re completely off, turn on the water, and close the door on the mop. Better yet, they should leave all the devices at home too. And home devices would be nice to encrypt too, but about that later.
Let’s move on to more technical issues. Maximum security configurations are plentiful, but all such have a system. Let’s tell briefly how we see it:
Suppose you have the opportunity to buy a prepaid or regular SIM card, registered to some people. Here it is worth mentioning that the sim card in the device with which you go online should be changed every 2-4 weeks. The main thing is to buy SIM cards from different operators and from different batches. As for fiber optics, it is better to give it up. Even if you have a bum who signs the contract for himself. Why? Because it leaves a rough trail, namely the cable leading to your place of work. On top of that you have switches on the roof and floor that you can connect to and sniff your encrypted or not so encrypted traffic. Which is not good already at this stage. The goal is just not to get to that point.
From here we have two variants: to use a device with possibility to change having, which can be many models that can be searched by searching LTE router with programmable IMEI or we can take and get root to some Xiaomi, clean it manually from proprietary stuff and install software for changing having. This phone will act as a router. There is one more variant – permanent purchase and subsequent sale (or better disposal) of disposable 3g LTE modems, we will not consider this variant.
The next step in our algorithm is an additional router. We recommend to use OpenWRT firmware because it is stable and easily configurable Linux with lots of packages on a relatively cheap machine (it is possible to use Malinka, but it is more expensive and wifi modules in Malinka are very bad, if you use Raspberry, then via usb-ethernet adapter, it is assumed that our main ethernet will be connected to LTE router with possibility to change having. Or buy an external wifi adapter)
The system that will be described in this article will look like this:
LTE modem with IMEI change capability –
OpenWRT router that will automatically connect to WireGuard/Ovpn –
Main host system (which can be any OS, but the looser the system, the better) At this stage, if your input channel and ipn speed on the router are enough, you can raise second ipn channel. You can, but it’s optional and for the paranoid (which is a plus in our case) –
Whonix Gateway is the gateway through which we will let the guest(virtual machine) traffic. It is recommended to install the version without gui in order to consume less host machine resource. Download the gateway here https://www.whonix.org/wiki/VirtualBox/CLI –
This is the virtual machine which will be our main system, it needs to have one more VPN channel installed (this is not optional, it is required and I will describe why later). As an example and by request of some forum users, we will choose a wonderful operating system based on Debian Kali Linux. But you can use absolutely anything you like. And sometimes it is necessary, for example for Vinda when working with antics which were not ported to Linux.
A few recommendations right away. Leave the host machine alone, do not install anything on it other than the following programs:
VirtualBox or any other hypervisor. Try to avoid software like VMware, Parallels and other similar suites as they ask too much rights and permissions to work. Also, they are code locked which means we can’t use them.
Complex for data encryption(on top of host system encryption), the easiest to master would be Veracrypt.
A program to uplink ovpn (it’s embedded in many axes) or you will have to be prepared to uplink a WireGuard tunnel via a command line(1 line of code). Extreme option clients like OpenVPN.
Firewall with smart rules (if you can’t handle iptables configuration on openwrt)
Everything else should only be used on the guest machine, which we will store on a cryptoparty (which will lie on a removable csd drive).
In case of Veracrypt it is recommended to create big enough partition (up to 100 gb) and use the mechanism of hidden partitions. Next, we need to create a fairly long password up to 32 characters long, which we will generate with any password generator. After that we will randomly change half of the characters to any other, for better pseudo-randomness. We won’t even try to remember this password, because it would be against the principles of the system. We are going to store this file on a thumb drive, which will be used as a token. In addition to this password we will also store the keyfile on the flash drive. That is, knowing the password will not be enough to open the partition. It can be multiple files, but make sure that they are unique(i.e. that no one can have these files).
Next I would like to give some recommendations on how to choose a VPN. There are two options: your own VPN and a public VPN from a trusted service which you trust (but which does not know your virtual identity). Both have advantages and disadvantages, so it is recommended to use both. In our case we have a TOP VPN channel which with current configuration protects you from timing attacks on TOP network (we will talk about it in other articles). That is, we must decide on which site we will use public VPN and which private. We recommend to raise the client for your own VPN on the router (openwrt) and for the public one on the channel output. This way, if you choose the right VPN service provider, your traffic will be mixed with hundreds of other users on the server you choose, which seriously increases your anonymity.
Back to OS settings.
We install everything listed above and open VirtualBox.
Download an image of Kali from the official site and install it as a virtual machine. Allocate more resources to the machine 4gb of memory and 2-4 cores of the main host machine. Next, go into the settings of the freshly installed Cali.
Leave everything as it is on the General tab, add virtual harddisk encryption if you want.
System tab Raise the amount of RAM and check the checkbox: Enable I/O APIC. Tab Processor increase the number of cores and if you are experiencing lags in your system, enable the Enable PAE/NX checkbox. On some processors, it’ll cure the slowdowns.
Next is the Display tab. Here we set the memory to maximum and enable 3D Acceleration. As for the Controller, you will have to try it out. Depending on the video card, different controllers will give you better results. I recommend you start with VMSVGA.
Storage tab. The critical checkbox must be checked Use host I/O cache.
Network tab. After successful installation of Whonix Gateway CLI (and changing the password from default) attach the Network interface to the Internal Network. ]Below the name Whonix. Thus after enabling the gateway and guest Kali, our traffic will go through the gateway where the Tor service is up. Now we only need to tweak network settings in Kali itself:
In the lower right corner, click the Network Settings Wired IPv6 is disabled, go to IPv4 and enter the manual settings:
Address 10.152.152.3 Netmask 255.255.192.0 Gateway 10.152.152.10
Save, reboot, check network.
Next, update the system from the terminal with the commands sudo apt-get update sudo apt-get upgrade and install the ovpn client (or console wargard client) Insert certificates or generate keys for wargard, write the server settings, and go check the speed. If you got something in the region of 3-5 mbps, then you’ve chosen normal servers and it’s more than realistic to work with such speed.
Of course for best performance we need to install VirtualBox Guest Additions (if it is not installed automatically. Latest Kali builds do this right away):
Here are the main problems that arise at this stage.
Turn on bidirectional drag and drop and clipboard to make your clipboard work.
So, the system is ready, let’s put the necessary and optional software on it:
1. Gnupg 2. pidgin otr-plugin(cyperpunks) 3. Tor service 4. Gajim 5. Signal 6. tweaks tweaks the system. 7. stacer to clean up garbage
Most often all software is installed using repository updates:
sudo apt update
and further command
sudo apt install APPNAME.
Plug-ins and other programs that are not in the repositories need to be built by yourself. To do this, download the software from the manufacturer’s website, go to the folder with the program through the terminal, write the command
And if there are no errors (and this script often asks to install dependencies of necessary packages for this software) Then, when the script works without errors, write in the terminal:
At the request of my old partner, we will describe how to make a working pidgin on any Linux. For that, we need to install the following packages in the right order (if they’re not already on the system):
1. libgpgerror 2. libcrypt 3. libotr 4. libperl-dev 5. libgtk2.0-dev 6. libpurple-dev 7. intltool
then reinstall the pidgin:
apt-get install pidgin-dev
As a bonus, let’s describe the installation of the OMEMO plugin and the very effective anti-spam bot-sentry plugin.
Rush to githab
Download and install according to the recommendations above. Setting up both is the easiest, just go to the properties of the plugin (and do not forget to check the box). There should be no dependencies, not yet installed.
Reboot the system and snapshot after which you can add your working jabbers.
In future articles, we’ll look at other similar systems with a breakdown of their strengths and weaknesses, and move on to delving into non-pop anonymity and security. If this is of interest to you and there is a demand for such material.
You can support the author with an ice cream by requesting his wallet via PM.
cc carding websites