Anonymity for the Blackhat (Opsec)

A lot of you are going to ask, why is Tor unsafe? So let me explain to you why this is the case and give you a few articles to read so you can have a better understanding of how and why.

So where do I start? A good question and one that should be asked. The first place to start is always going to be your router. Why? Your router is what connects you to the internet and that's exactly what we're aiming to protect.

Your ISP's job is to not only provide you with internet access but also monitor that internet access. Your job is to make their job impossible because your privacy is important weather you'd like to think so or not.

So you may not know it but by default your router comes with it's own stock firmware provided by your ISP. This firmware is proprietary. Usually your ISP will set it up to use their own DNS.

The reason you don't want this is because it's impossible for you to know what the firmware is doing in the background since the source code is private and can only by audited by the copyright holder.

So what you'll want to do is install third party open source firmware such as OpenWrt. To check to make sure your router is supported, you'll need to visit their supported devices page.

After you've installed the new firmware to the router we'll need make sure that we purchase a computer with all the same values we'd like to protect. There's a couple providers out there but we're going to go with Purism.

Once you've purchased one of their laptops, we'll move onto the next step which is our OS. For our operating system we'll be using one called Tails which is provided by the Tor Project as well as a myriad of other companies like the FSF.

To set up our Tails operating system we'll be installing it to a thumb drive. Lucky for you they have put together a great little guide on their website.

Usually I always recommend to take a look at the documentation on the website for the service you're going to be using because you'll learn a lot by doing so and it's definitely worth the time.

Now before continuing with the use of Tails, we'll need to make sure we finish setting up our router because we're not done yet.

To do this, we'll need to look for a VPN who's provider will provide us with the protections we need to protect our values. We'll also need to make sure their policies match up with the technologies they use.

When making your purchase, you'll need to make sure the technologies below are supported. And we'll need to make sure our payment is done anonymously by using a cash payment.

I've gone ahead and done you the favor of picking out a few providers who offer the protections you'll need if you're going to set up the private and anonymous connection which you require. All of which are listed below.

To set either of them up, you can follow the documentation on both of their websites for either DD-WRT or Tomato.

One more thing we'll need to do before continuing is to set up a few third party DNS by using the public servers provided by OpenNIC. Again I recommend doing your research, don't just trust my word for it.

And just to be extra paranoid about it because we're insane, why not add in a few more routers as well as a Tor router and add them all together? To make a Tor router visit the guide provided by Adafruit.

Keep in mind the more VPN routers you chain together, the slower your connection will be so make sure that you pay for the fastest internet available to give you lot's of leeway. And try to only use Tri-Band routers.

After you've setup the VPN on your routers and combined them together we can move on to configuring Tails to use I2P. You can follow the guide which they have created on their website.

Once you've done this you're ready to finally boot into Tails. As long as your router is configured to connect through your VPN, you're ready.

Now finally, you'll probably want to set up a secure bitcoin wallet so I recommend picking up a cold storage device. One I highly recommend is a Bitcoin Trezor.

As for a password manager to secure your passwords when creating online accounts for hidden services or clear sites. I recommend trying out either Master Password or Encryptr.

All of the steps in this guide if done properly will give you a completely transparent internet connection which will prove to be impossible to trace. I wish you the best of luck and I hope you evade the law at all costs.

And for any other alternatives programs you might want to install, I recommend checking out the list of applications I've done you the honor of laying out below. All of the alternatives are completely free and open source.

~ Written by Valoryc.

If you liked the guide, please be sure to give it a thumbs up and if you'd like to download the guide, click here.

Update v.1: https://mega.nz/#!ZsYQACiQ!u5oCPS0zCi-qx_yu-UKEqYKIsu5mnD2uhHWTy_RtT88
Update v.2: https://mega.nz/#!osBwgBrR!h8jiwLiNG2dVolDSSM6o5kdCbuW1pzCGaEVVmo6Sjjc


Comments


[16 Points] CaptainRond0:

Very good read, found some new usefull info. I would also suggest you to invest time into researching about libreboot that will save you from hardware exploits, it works perfectly fine on x200 thinkpad, but that might be too deep for almost everyone.


[8 Points] None:

[deleted]


[8 Points] sapiophile:

There's a lot of misguided and unhelpful information in this post, and I want to take an opportunity to counter it. OP, I'm sure your intentions are good, and I greatly appreciate the effort that you put into this, but you are unfortunately misinformed or under-informed about a lot of this stuff, it seems.

I'll try to address the major faults that I see with some quick bullet points:

All in all, as I said, I appreciate your effort, but this guide just isn't really going to do much to improve people's security, here, at least in my opinion. The advice to use Tails is very good, and I wish more people followed it. Ditto on using a passphrase manager. But beyond that, this is mostly just going to intimidate people and not actually improve their security much.

I'm certainly open to responses and feedback about this, from OP or from anyone, here, so please feel free to reply or ask for more info on any of these points. My goal is to help folks here be as safe as they can.


[5 Points] Finga_lickin:

Awesome write up, this is all really great info for the noobs and experienced users here.

Question: Would hacking into and stealing a nearby WiFi signal for your nefarious uses be more secure than a VPN? If you're on your own IP there is still some posiblity of it being found, right? also with your VPN having knowledge of who you are (if you didn't pay in bitcoin or cash) could lead to your downfall too, correct? Wouldn't stealing someone elses WiFi remove all of the worry from the proccess since you would appear as someone else and even if they investigated it a spoofed MAC address should ruin their hunt.

I would love to know what you think about this idea. I know stealing somones internet is not the most moral thing to do but we are talking about black hat hacking here.


[4 Points] Ravelair:

Reasonable guide for newbies which I am sure there are many of here. Although I doubt a typical darknet user will need this, maybe some vendor looking to lessen his Internet trace will find it useful.


[2 Points] PathlessDemon:

This is a very good list of sound advice and guidance, hope the mods take a look at it to edit the sticky.


[3 Points] tailsjoin:

Good post. Thank you for spending the time to make it. I would like to point out that this is not entirely true:

For our operating system we'll be using one called Tails which is provided by the Tor Project

They are different teams although there is some overlap. TAILS is provided to us by the TAILS team. The TAILS team supports Tor, I2P, Debian, and FSF.


[2 Points] lordredvampire:

www.privacytools.io - another excellent website that protect user's privacy and also have extensive list of trusted VPN providers that have the following criteria(s):

Excellent article by the way!


[4 Points] Deku-shrub:

I think your guide is over complicated. If your reader is say a small-medium darknet vendor, asking them to screw around with a VPN, flashing the router, Tor gateway and hardened O/S is overkill.

For example, assuming they want to work off a disposal laptop - they can't leave their house now because of all the network intermediaries? Why not talk about VPNing back to the home setup from mobile/remote if you're going to build such a setup?

Your guide smacks of 'use all the privacy technologies' to show off the fact you know each to an intermediate level.

Guides for darknet buyers, vendors, market owners and privacy activists may use overlapping technologies but this laundry list doesn't help people trying to architect their personal solution.


[3 Points] GrandMasta216:

Is VPN and tor enough for the occasional personal buyer? This seems super complicated and I'm stoned.

:)


[2 Points] SlappySpanBank:

The cheapest Purism laptop was $1,600+ USD. Also, it isn't even available yet. Or maybe I read that wrong? Only option for me was to pre-order and crowd fund.


[2 Points] OPSECanswers:

Every time I (frequently) see some fanboy trumpeting PIA, I wonder, "How fucking dumb can you get?"

PIA is a US company and subject to US National Security Letters. Do not use US companies. Do not use companies of Five Eyes member states. Just don't.

Also, you shouldn't necessarily be using third party DNS servers, you should be using your VPNs. If the VPN doesn't offer that (many don't), don't buy that VPN. Depending on your setup, names may be resolved outside of the VPN. In such an instant, your unencrypted IP is requesting information on bigblackdicks.com.

Lastly, just throwing a VPN on a router, changing the DNS, and calling it a day is not sufficient by a long shot.

For example, in dd-wrt, you must add this under Administartion->Commands->Save Firewall:

iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j DROP
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE 

Why must you add that? Because without that, if the VPN connection is dropped (account expires, server reset, etc.), your traffic will sail free and clear in the open. The router will just default to an unencrypted connection without that bit.


[1 Points] None:

[removed]


[1 Points] c3vin:

Great guide, but I'm curious how the chips in the purism laptops are protected, since they're using Intel.

Intel + AMD are rumored to have NSA backdoors embedded in the chips.

Source


[1 Points] MLP_is_my_OPSEC:

virustotal scan for v.2: https://www.virustotal.com/en/file/06ec841ca69ce0c256bf16327f8f7fcf61df211eb8f25e558339a6171ea5a615/analysis/1445284400/

Excellent write up, and glad to see you're using LibreOffice!


[1 Points] phacid:

Blender seems kinda off-topic


[1 Points] None:

I'm kind of annoyed as to why you resurrected this persona. I guess your new strategy is to have a few attack accounts (instead of just one like you used to) and one "official" account who tries to remain professional and respected by the community. Well, it’s not fooling anyone. I guess you needed an outlet for the paranoia/attacks because I noticed it leaking out a few days ago on the professional account. Best of luck.


[1 Points] None:

[deleted]


[1 Points] None:

This comment has been overwritten by an open source script to protect this user's privacy.

If you would like to do the same, add the browser extension GreaseMonkey to Firefox and add this open source script.

Then simply click on your username on Reddit, go to the comments tab, and hit the new OVERWRITE button at the top.


[0 Points] MrGangGreen:

qbittorrent is a horrible client.


[-6 Points] None:

[removed]