Silk Road forums

Discussion => Security => Topic started by: famguypeter on January 08, 2012, 07:02 pm

Title: USB Security
Post by: famguypeter on January 08, 2012, 07:02 pm
Hey guys,

I'm new to sr and i ordered a couple of things recently. they are all behind schedule, so I am getting very paranoid. I know there are delays now, but I have gotten ebay stuff ordered from jersey and china within the same time frame and I live in the southeast us. WTF!!! So in anticipation of something bad happening I have been beefing up security. I used active kill on my pc and created a live usb that allows the encryption of persistent storage(awesome).

I would like to use truecrypt to encrypt the whole thing tho, but I don't know how really. If I encrypt the whole thing how will my pc boot from it? Do i have to allow the cetain files to remain unencrypted for booting or what?

Also, does anyone know if le actively confiscates usb's? What are some good hiding places for usb's, i was thinking if i hide it pretty good and le found it. they would be like this must be evidence bc why would they try to hide it so well. so i was thinking more like hide it in plain sight. like plug it into the back of the xbox of something.

Well im rambling, so in conclusion i really need the truecrypt question answered, the rest is just gravy. Thanks guys this is a really cool community. VIVA SR!!
Title: Re: USB Security
Post by: SierraRS on January 08, 2012, 08:08 pm
Quote
I am getting very paranoid
Don't worry, calm down! The shipments are delayed for me also, both from ebay and silk road.
Quote
I used active kill on my pc and created a live usb that allows the encryption of persistent storage(awesome).
Sound like a faux security for me.
Quote
I would like to use truecrypt to encrypt the whole thing tho, but I don't know how really.
Visit http://www.truecrypt.org/docs/ and read the how-to for system encryption. The documentation for truecrypt is awesome, it covers almost all aspects and have nothin non-essential.
Quote
If I encrypt the whole thing how will my pc boot from it? Do i have to allow the cetain files to remain unencrypted for booting or what?
TrueCrypt have special bootloader on harddrive that allows the encryption. All other data is encrypted on that drive.
Quote
Also, does anyone know if le actively confiscates usb's?
Yes they do that, they extensively search for them when dealing with computer related crimes.
Quote
What are some good hiding places for usb's
Places unrelated to you in any way and well hidden from other peoples as well. Buried in mountains miles away from your home is the best, but this depends from your location and lifestyle.
Quote
i was thinking if i hide it pretty good and le found it. they would be like this must be evidence bc why would they try to hide it so well. so i was thinking more like hide it in plain sight. like plug it into the back of the xbox of something.
It will be more easy for them to find it, but this does not matter where they find it. If they find it in your premises and it contains something interesting for them - you fail.

You can encrypt the USB drives with TrueCrypt, that will stop LE from gaining access to their contents. If You use strong password and don't say anything.
Title: Re: USB Security
Post by: SecuritySolution on January 13, 2012, 11:55 pm
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi famguypeter

You may want to have a look at our VM offering for a list of good tools to use to help stay secure while traversing SR. Please feel free to use it as a laundry list of sorts and whether it's on a Linux machine or Windows machine truecrypt is an absolute must we recommend using a 3 cipher technique with 3 pass 5220.22M grade wipe. This could take some time depending on how you do this having a VM also makes things a bit more portable as it would not require you to depend on the machine you run it on's hardware as it would run on any standard PC running the same virtualization software (We use VMWare, however some have also had good results with VBox but we currently do not recommend it as we believe the hypervisor is not as secure as VMWares)

In our profile you will also see a link to the forums describing the tools in detail and how we utilze them as well as infomation from other members of the community who have used it and provide information updates about it (and it's tools) as it is updated.

Thanks,
SecuritySolution

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQGcBAEBAgAGBQJPEMQ7AAoJEKhBWjky5wQCQ2IL/2SVgYdWpc6CNLXJrNRSvOUX
IcWT8aJ0qs3oY4B5dc6BM3RogOS61WYv6oyt/JLWXxCK2Z6EwXP0HR3NEcnGw9SZ
lIOOudz0bDFzL1Eq9gVX7QUEHiep0Fal3oRpFcN0bmGJYZTEnlw6594hq5qhISbo
hM492oo0mYukf/KYmMIZ0/o7ostcyaRtY8xwso/Ty0DT1KgVgItbOH/mVGpeUcbb
EHmIlw9QBCG987wcnaXLt3wVWgBolLlA/MwwiKiRlYYn+UfZQk9sMLWTbnE5/dJ8
63GC5Orm9GOlPbnAwDmBPg17JIaOc9z6Xcnl+ntnGG6RNw+j6uJ7c3P8V5uBNguV
Px3q6wlF3Hcuw0yJQV6hyJKaFt8xj7RoDe84UIXhwfqCrvz5gWKS4+VZ4Ubp4WAE
qkaJxz7VIl41DUSIYLeMnXsI2cVwI9Fo/cBK4rvxGs10fddrmnwRYemQCjitU0My
kPr6ngG1SSVmccgA2+Gq8OtwogeVnvzHz+SNxlIyvA==
=s+vC
-----END PGP SIGNATURE-----
Title: Re: USB Security
Post by: haxxtheplanet on January 14, 2012, 01:52 am
Yes, LE does confiscate disks and USB drives and anything else that seems to hold evidence.
When they run EnCase forensic software on your comp (if it's not encrypted already) they look for history (if using windows) in the registry of any USB keys that were once connected as well. You can delete this info but preferably you've encrypted everything so doesn't matter.

If super paranoid you could buy something like the IronKey then keep your confidential data inside truecrypt containers on the drive. So LE would have to break the IronKey encryption (bruteforce not allowed/timesout and erases the key) and then break your truecrypt or LUKS container encryption to get at the data.

This is all moot if you plugged the drive into an AIDS riddled Windows machine full of keyloggers then inputted your passwords for later LE retrieval

If you want to hide it don't put it
a) inside vents hanging by a string
b) behind sockets
c) behind lightfixtures
d) in the freezer
e) inside food boxes in the cup boards

because they check there first. I guess think like a prisoner would and conceal it in the most ridiculously ingenious way possible
Title: Re: USB Security
Post by: zifnab on January 14, 2012, 05:04 am
... or you could hide it in plain sight by having a 'hidden' container for your nefarious purposes inside a general container in which you keep your 'official' keys, a spreadsheet with your banking details and lists of all your passwords, ect, ect... If you have genuinely sensitive *legal* information in an encrypted container, there is nothing they can do.

Keep your live OS separate from your data; there's nothing illegal about these as long as there's nothing incriminating in the persistent memory. Heck, make it read only once you got it set up right and avoid that hassle completely. Store nothing on the OS stick. Check out how to use keyfiles, its a pretty interesting.

Yes, there are flaws with this because of the available memory vs. container footprint, something i sincerely hope the good people at truecrypt will figure a workaround for someday. The point is to look innocent in the first place, don't give them a reason to look closer.