1. Get a VPN of some sort and force ALL your traffic over it. You can find VPN with fairly nice speed. You want multiple hops to increase jurisdictional requirements to trace you back. Don't tell anyone what VPN you are using and if someone suggests a VPN to you, DO NOT USE IT. Use a VPN you find by doing your own searching and independent research. Don't use trilight zone or privacy.li, they have a record of working with LE. Make sure you pay for it and sign up for it anonymously. 2. Use open WiFi if at all possible (I can't condone to crack WEP or WPA as it illegal). Invest in a powerful antenna and amplifier set up. It might be wise to stay in the legal limits of how much output power your set up has. Make sure your network card supports cracking WEP if you wish to test on your own network legally, not all of them do. If you need to be extremely anonymous, don't use the same WiFi location twice. For most people just using open WiFi from your house + VPN + Tor should be adequate, but for some people you may want to use different WiFi access points as much as possible and not use the same one for long. You can likely get a GPS program and map of your area, drive around your area with a laptop set to sniff wireless access points and plot them on the map. . Then you can get a map of all the open Wifi in your area, and bounce from location to location. If you do this, it might actually be best to just do this with Tor and remove the VPN, but if you are not very frequently rotating WiFi access points, you will want to use a VPN + Tor for sure. 3. Use Tor, and encourage people who run sensitive sites you visit to set them up as hidden services. Either: (for high anonymity) Rapidly Fluctuating WiFi ---> Tor ---> Website (for good anonymity) Small set of WiFi Access Points ---> VPN ---> Tor ----> Website 4. Encrypt your ENTIRE hard drive. If you are using Windows, you should take advantage of TrueCrypts plausible deniability OS encryption which gives you two passwords which let you decrypt into two OS. If you live in the united kingdom you MUST encrypt this way because failure to provide a decryption key WILL get you sent to prison. When you boot a truecrypt encrypted OS, I suggest you ALWAYS boot from the rescue CD. I will explain this later. If you use Linux, make sure to put the boot loader onto a tamper resistant USB memory stick. You may be able to put a keyfile onto the USB as well. This will allow for 100% of the hard drive to be encrypted. Normally full drive encryption leaves a very small % of the drive unencrypted so that there is something to boot into and decrypt everything else. But there are attacks on this, such as the evil maid attack, where an adversary waits for you to leave your residence. After you leave your residency, they boot your PC from portable media, and then edit the unencrypted boot loader on your hard drive in such a way that it logs your password. Then they wait for you to come home and type in your password, and next time you leave they come back and retrieve your key. It is essentially a highly sophisticated key logger attack, and the best way to defend against it is to keep the boat loader (either in the form of a truecrypt rescure CD, or a USB with the boot loader on it) on your person at all times 5. Speaking of key loggers, you should epoxy your keyboard shut. Now use a black light pen and put a few discrete marks on it. If your adversary tries to install a key logger, they will not be able to open the keyboard with out leaving tell tale signs. If they attempt to replace it with an identical model that has a key logger in it, they will likely not notice the black light ink and you will notice your keyboard has been replaced when you shine a black light on it. Regularly make sure that the markings are still on the keyboard, perhaps every time you type in your master password. 6. It might not be a bad idea to invest in a motion detecting camera set and configuring it to keep an eye on the inside of your house when you are gone. These camera sets don't record constantly, only when they detect motion or a visual change. You can easily set it up so they record information, encrypt it on one of your PCs in chunks, and then send it to an offshore server encrypted. This can come in handy in multiple ways. For one, if your adversary attempts to covertly bug your residence or attempt evil maid or similar attacks, there is a high chance they will be detected by the cameras and you will quickly identify that you have been compromised. For two, if you are raided by corrupt law enforcement and they make any mistakes, you will have the evidence recorded and at your disposal in regards to if it is used or not (its encrypted and offshore and only you know the password to decrypt or the location of the server). You don't need to worry about the cameras recording you doing anything really, because you can leave them off when you are at home, or maybe leave them off but have them turn on if they detect your door is forced open. 7. Speaking of doors being forced open, it probably wouldn't be too hard to set up a system that causes your computer to automatically shut down and clear memory if it detects your door has been forced open. Remember that for a few minutes after an encrypted PC is shut down, the encryption keys are held in RAM and vulnerable to flash freezing attacks. By wiring such a system up, if your door is suddenly opened (by armed robbers after your bank account info obviously) you will get the maximum possible amount of memory clearing to take place before the flash freeze attack can be attempted. 8. Depending on your security needs maybe buy wire detector before you talk about your companies trade secrets. Some corporate espionage people may try and record what you say to steal company information. You can also buy more expensive wire detecting kits, but most people probably dont need much more than a wand. You can get kits which detect hidden cameras and all sorts of wires, even more sophisticated ones. But these kits cost in the thousands and unless you are worried your adversary will use hidden cameras on you, you don't have much to worry about. I would also sweep vehicles for bugs and wires. Another thing to consider, Laser microphones allow for people to listen to you from a great distance, essentially they focus a sensitive laser beam onto a window and by measuring the vibration in the window they can determine what is being said near it. Did you know when you type on a keyboard, cryptanalytical techniques can be used on the sounds to eventually crack it and determine what sound is what key? This can be bad as an adversary from a long way away with laser microphone can maybe steal your passwords. I usually lol at most online spy shop **** as being worthless trash, but you can pick up anti-laser-microphone devices that stick on windows and give off vibrations that make the laser microphones ineffective. 9. All online communications should be encrypted. Use GPG for E-mails and use OTR for instant messages. One thing about GPG not many people realize is that one of its biggest weakness is the fact that a ****ing ton of information usually ends up encrypted with one private key. This is especially damning in the UK, where you MUST reveal the password to a private key or face prison time automatically. For this reason, people should rekey frequently. Because one attack that is known to happen is that the adversary will simply record a **** load of cipher text until they move in, then after they move in will attempt to make you decrypt it. If you Rekey frequently, this attack is less devastating if they succeed, because they can only decrypt communications sent to you after your last rekey. If you rekey once a month, this means they will at most be able to see one months worth of communications to you. 10. Anti static bags work as a faraday cage and will either prevent a bug from transmitting its location, or at least weaken the signal significantly. 11. You should avoid using phones for anything, they are inherently insecure. Even if you use prepaids, if you come under direct surveillance (ID thieves maybe) it is not hard for someone to remotely determine the phone number of your prepaid phone. I encourage people to get their friends onto using pidgin OTR rather than cellphone communications. If you absolutely must talk over cellphone make sure it is a prepaid and stick to texts. 12. I suggest people use virtual machines. You can have a virtual machine using wifi while the host uses your wired internet, and this makes it much more convenient for people working from home to gain some of the anonymity of WiFi with out it ****ing up their normal internet activities (which they would prefer to use their own internet for). 13. I suggest some use live CDs on laptops with no hard drives even on them. This will strongly protect against adversaries using trojans or similar wares so they can do sustained compromises. Keep your GPG keys and other data symmetrically encrypted and stored on an offshore server. This way you can use GPG even with a live OS, you just need to download you private key from the offshore server, decrypt it and load it into GPG each time you boot. Not too big a hassle. You can probably make a script to manage multiple keys stored in this fashion and make it not a big headache to work this way. Using live CD like this is highly suggested if you need the best security. 14. Really I just highly suggest people use linux. Also, look into the program "tripwire". Configure it to notify you if new files are detected on your system. Setting this up in a virtual machine, and loading the virtual machine from known clean snapshots (make a snapshot after you configure your GPG etc, then take a hash of the snapshot and verify it before loading in the future), should offer strong protection against trojans and such. Not quite as strong as using a live CD, but still should give them a run for their money. Going from the guest OS to host OS isn't impossible but it isn't easy, so it will make it hard for them to get a sustained trojan on your OS (as you essentially wipe the guest OS back to the screen shot every time you restart the VM, any trojans on it wont stay between reloads). And even getting a trojan on the guest or host OS with out being detected, should be difficult if guest and host both have trip wire on them. 15. If you are using linux, as you absolutely should do, you should look into SElinux, which is a kernel modification that allows for you to set super strict security policies. SElinux was actually developed by the NSA and is what pretty much any NSA or military server is likely running. I suggest you enable SElinux on whatever linux distro you are using, and use a strong security policy. 16. Don't forget to optimize your OS for security. If you are using Windows, there are loads of good anti-forensic tutorials on blackopsecurity.net that show how to make a windows XP environment unfriendly to (bad peoples) forensics teams. If you are using linux, just make sure you don't leave services running that you don't use and also make sure you keep the most updated software running at all times. Also good idea to get some antirootkit programs on linux or windows. One good one for linux is RKhunter. have fun living free =)
Is there a way to make a laptop more sensitive to picking up a wireless signal at greater distances? For instance, my local university has a beautiful surrounding landscape. If I want to sit back away from the building under a tree and use the wireless connection, how can I make my laptop pick up a signal from a greater distance?
Using a good antenna can make a world of difference. A while ago I was in a location with a computer that had a stock antenna and it picked up one weak connection. When replaced with a mid-range directional antenna (~$80 range) it was getting more like 15 decent signal strength connections with additional weak signals that came and went. I imagine with a top of the line omni antenna I could have been picking up 30ish signals or so. Using an amplifier can help you get the most possible value out of your antenna, but be careful because it is actually illegal to use some antenna amp combos because they are too powerful together.
Thanks for that. And your protocol is pretty amazing. I especially liked the idea about using an "epoxy" or whatever to seal the keyboard. So if you seal it like that you can see it with a black light? What kind of epoxy do you use? I guess you could also take your keyboard with you and leave an old one behind. I have thought about getting one of those cameras. I was burglarized a few months ago. They didn't get my computer but they did get a lot of small items that were worth a lot to me. I felt violated. You mentioned having the video sent to an offshore server. I have a Xerobank account so when their file vault is up and running I could send it there. I would love to have that option. But I bet a video recorder like that is expensive. Do you have any recommendations as to where to get a good one.....a hidden one? I would of course want one with a clear video quality. If someone broke into my apartment I would want to be able to identify them and not just see some blob moving around. I have also worried about someone stealing my computers. Do you know if there is some kind of device that I could put in them that would somehow allow me to get a GPS signal so I could track it down if someone stole it?
That is so cool., I am going to order one of those for sure. I am wondering though...if I am in a public place, like on campus (outside), is there any law against me using something like that to pick up a signal that is already being offered for free? Or like maybe outside of the public library somewhere? Or does that vary from state to state?
I am not an expert in law, but common sense tells me that if something is being given away for free and you have permission from the Wifi access point administrator to use it , then I dont see how accessing it from far away can be illegal. Cantennas are legal they have a legitimate use.
I prefer AppArmor or Grsecurity. However, while these MAC systems are nice, I don't think we should forget about memory hardening measures like PaX. In fact, hardened Gentoo would probably be the way to go as one can implement all of these protections and compile only the software one needs. Rootkit scanners are worthless, especially on Linux. For one, if someone has rooted your box, they aren't going to allow the rootkit scanner to find it -- they will simply alter the scanner itself. (Someone with root = God over your box. It's game over at that point and it's time to format/reinstall). Second, these rootkit scanners give way too many false positives. Not a day goes by that someone doesn't come to the Ubuntu security forums asking why /usr/sbin/unhide has changed (this is a typical false positive). I have been around the security forums a while now and have never seen a single person ever find a rootkit with rkhunter or chkrootkit, but have seen a ton of noobs get frantic over the false positives these tools throw. I think the whole notion of a scanner is crap and it just makes people lazy with security practices. Scanners are a Windows thing and obviously they haven't made Windows very secure. I agree that the HIDS like Tripwire (or AIDE) are good as long as one sets up the baseline image right after a fresh install. However, my experience has been that these HIDS are more trouble than they are worth -- one will find oneself constantly scanning the logs for even the slightest change, and then spend hours determining if the change was normal or not.
