Silk Road forums

Discussion => Security => Topic started by: PsydwayZ on July 07, 2011, 05:38 am

Title: Need some help from the more security and tech savy members here :)
Post by: PsydwayZ on July 07, 2011, 05:38 am
Hi,

I am about to do a reinstall of my os to start from scratch as i am being monitored to some degree, (it's currently a resource war and trying to keep one step ahead lol)

Now whats happening is my library files are being injected or edited and system files also, now why i don't know how to do this myself, i know of it's existence and when it's happening. I recently installed zemana anti logger which has picked up a load of surprising activity such as screen captures, key logs etc that my avs is useless for, go figure :)

so just to elaborate a little more as  i need the help lol

Im going to install windows 7 again because im a linux noob, although i would love nothing more then to run a linux distro!

So far my ideas and software i have for hardening my os from the start before i connect to the net are

deepfreeze
zemana anti keyllogger
various avs
truecrypt
gpg related tools

i also purchased these keystroke scrambling encryption software from some guys called network intercept for around 30 bux and 5 mins after i installed it i kept getting the automatic update option keep coming up etc and all these little minor changes, so after i installed the key logger scrambler, it was fucking uninstalled (not running in background or as a resource) AND the bastards deleted my download file, now when i tried to contact them with receipt my email doesnt get through hahaha

and please feel free to insert a shitload more recommendations for us crappy windows users :) I need all the help that i can get from anyone who has the time to kindly reply!

It's been a tough couple of weeks :S

Cheers
Title: Re: Need some help from the more security and tech savy members here :)
Post by: Comerciante on July 07, 2011, 07:03 pm
The most exclusive method of infiltration that infects a system with data loggers or whatnot is exploiting the users inexperience, trustworthiness. Other times I think pure stupidity is to blame. If there are instances of these activities then I'd seriously consider a total HDD kill/wipe and reinstall from OEM or a trusted CD that is authentic instead of a hacked version from an untrusted source found on the Internet. The standard security measures of installing a firewall, AV and other necessities should be the foremost provisions. Once they are in place I'd highly recommend you get a VM (Virtual Machine) and install whatever Windows version you wish onto it. Only keep your VM guest OS's to 32 bit versions for performance reasons and better compatibility. Once in a VM environment such as Virtualbox, you can safely make some mistakes while learning how to secure your Windows Operating system without damaging your host OS. Run Truecrypt in it as well and even have a hidden OS in a VM box. Play around but I think learning is the key here for you. The behavior of being dependent on software to magically protect you from the evils of snooping is a bad habit and is also unsafe. Know how to secure your system and the habits of keeping it secure. I'd suggest you spend some time on "Wilders Security Forums" and read a while. Play it out on your VM and find what works for you. You'll know when your knowledgeable enough to continue into more advanced areas and I encourage you to advance your knowledge.
Title: Re: Need some help from the more security and tech savy members here :)
Post by: PsydwayZ on July 08, 2011, 07:48 am
Thanks mate, appreciate your post! Yeah have installed win roughly 4 times in the last day and ubuntu twice lol. Every time I find out more ways to approach security I reinstall :)

Cheerd
Title: Re: Need some help from the more security and tech savy members here :)
Post by: zapod on July 08, 2011, 11:11 am
If you're constantly reinstalling on the same partition and finding Somehow you keep getting reinfected, check your MBR, or if you are VERY paranoid, download a linux livecd like ubuntu, mount your hardrive that you want to wipe, and run "dd if=/dev/zero of=/dev/sda bs=1M", without the quotes to overwrite the entire disk with zeros (including MBR). Doing simple reinstall of OS without formatting can leave traces, and some malware is made to survive an OS reinstall.

Truecrypt is good, but does literally zero to protect you from viruses, only from someone with physical access to your hard drive.

zemana anti keyllogger is BS. There are a Ridiculous number of ways to hook or inject your way to accessing something like keystrokes, the clipboard, your registry, etc. The very idea of a "Anti-SSL Logger Module" is really silly, especially with the complete lack of technical information they provide- does it hook kernel, or watch to see what hooks things like chrome.exe? No matter how they try to go about this, it is security which is really trivially broken. A year ago someone actually wrote an exploit which used zemana to escalate privileges (http://www.1337day.com/exploits/13499), it wouldn't be much work to run a fuzzer on it and anyone with knowledge who was dedicated to the task could write another one. They have heuristics scanning, sure, but many modern malware can load the OS as it's own VM, which zemana can't even touch, let alone detect- and in that case, good luck with their "self-healing system defense" :-/. The real battle here is who can get the lowest level access while keeping the other one out- it's a well known fact that AV companies are fighting a losing battle here.

I don't know how knowledgeable you are in these things, but if zemana is just flagging hooks it think aren't right- if you don't know a decent amount about the way windows works when it's clean and what Actually is malware as opposed to benign or just poorly made stuff, you could actually be doing more harm than good.

The safest thing you could do with your SR stuff, is to make a livecd and only use that for anything less than legal, so that even if you get a virus, as soon as you turn off your computer it's gone. By using linux, you're playing a better numbers game: it's more profitable to write malware for windows as more people use it, so you have less (but not zero) chance of a conficker type of thing happening.
Title: Re: Need some help from the more security and tech savy members here :)
Post by: PsydwayZ on July 08, 2011, 01:02 pm
Thanks dudes I really appreciate your help!

Yeah im currently dealing with LE and its more so rf that im having to counter but I have experience in that area luckily enough :) this has been going on for roughly 10 months but Im only a personal user ;) and I intend to keep using this url along with sr to continue my access to small quantity chemicals as im sick to death of our countrys bullshit laws and the exsistance of prohibition, im almost ready to go to europe lol. Thanks heaps for your digital knowledge! Respect
Title: Re: Need some help from the more security and tech savy members here :)
Post by: sickre1 on July 08, 2011, 02:07 pm
that sounds scary as... how does a random guy check for these things, is there any reason for worry?
Title: Re: Need some help from the more security and tech savy members here :)
Post by: Comerciante on July 08, 2011, 09:23 pm
that sounds scary as... how does a random guy check for these things, is there any reason for worry?

I wouldn't worry but instead be more proactive. It can be alarming to a user when they get a visual perspective of the internet traffic between the computer and internet that had previously been unknown in every detail and aspect of activity because of that "out of sight, out of mind" factor. If you're advanced enough to get a program like NTOP running then you'd really appreciate how it makes activity tangible with beautiful charts and graphics. Every port, every IP and every single connection is recorded. There are addons and packet sniffers too. http://www.ntop.org/news.php  The problem with NTOP is the complexity of setting it up and the learning curve for those with little or no knowledge. I will say it's the best I've ever used and there are other software's for monitoring network activity with a simpler setup but the benefits seem indirectly proportional. The easier it is the less accurate it can be. But the best place to be is having the ability to see suspected connections. Otherwise you might not ever know.   

Title: Re: Need some help from the more security and tech savy members here :)
Post by: PsydwayZ on July 11, 2011, 02:01 pm
that sounds scary as... how does a random guy check for these things, is there any reason for worry?

No need for you to worry lol, leave the worrying to me :) its not the greatest feeling finding you have bern buggec. God bless rf countermeasures ;)

Cheers comerciante
Title: Re: Need some help from the more security and tech savy members here :)
Post by: RedRocket on July 11, 2011, 02:17 pm
take hard drive out of laptop completely and stick ubuntu live cd in....sorted???
Title: Re: Need some help from the more security and tech savy members here :)
Post by: PsydwayZ on July 12, 2011, 05:35 am
Yeah im using a live cd now lol, all I have to do is try and figure out how to install tor. Its hard learning a completley new os after 20 years of microsoft bs.
Title: Re: Need some help from the more security and tech savy members here :)
Post by: zapod on July 12, 2011, 09:41 pm
What you could actually do, is get a 10GB usb stick (or better yet an SD card with adaptor) and install ubuntu and truecrypt to That, and boot to it when you need to. That way, in the event of LE breaking down your door, disposing of a tiny USB stick/SD card is very easy, and they can do all the forensics they want on your computer and there's no risk of them finding a "suspicious" truecrypt partition :)
Title: Re: Need some help from the more security and tech savy members here :)
Post by: PsydwayZ on July 17, 2011, 01:47 pm
What you could actually do, is get a 10GB usb stick (or better yet an SD card with adaptor) and install ubuntu and truecrypt to That, and boot to it when you need to. That way, in the event of LE breaking down your door, disposing of a tiny USB stick/SD card is very easy, and they can do all the forensics they want on your computer and there's no risk of them finding a "suspicious" truecrypt partition :)

Nice one cheers :) yeah Ive pondered the shit out of various methods in case of the instance you mentioned occurring lol
Title: Re: Need some help from the more security and tech savy members here :)
Post by: phubaiblues on July 17, 2011, 04:40 pm
A lot of good advice above.  I'd also at least consider using Tails, as I do.  This is a live linux distro, which is all Tor, stays in memory, and completely deletes everything from RAM when you are done.  You can keep what info you need in an online site, and download bookmarks and such when you use...I use it with Debian installed, but it works fine with windows, and forces you to be cautious.  I find that with any thing else--inlcuding linux OS--I tend to get a bit lazy, and leave files and bookmarks installed, while with tails  I can get rid of everything...in a hurry. 

It seems a bit aggravating at first, but I've grown used to it, and I find it quicker than VM's which are always irritating to me...

Tails website: http://tails.boum.org/about/index.en.html

Also very mobile: can use on *any* computer I can get to reboot, including libraries, friends, moms, anywhere, and once I'm done, it's all gone with a quick 'unplug' and reboot. 

And finally, always good advice to be aware of how seductive paranoia is, and how easy it is to think LE is 'tracking' us, and spending countess hours following us around...when in reality we just hate to admit we are basically small fry, and if/when we do get popped, its usually thru talking too much, or plain old stupidity...not some high tech gadgetry that I've seen on old episodes of '24' or read about on the Internet...Paranoia and conspiracy theories and religion all fill a sort of human need to think there is something *powerful* out there, really interested in us and our behavior...sadly, not *usually* the case...

Title: Re: Need some help from the more security and tech savy members here :)
Post by: mauri on July 18, 2011, 08:59 am
This is a critical (but simple/overlooked) security issue - don't run as local admin. Create a new admin account and demote your privileges to a basic user. That's almost more important than all the software you are thinking of installing. 
Title: Re: Need some help from the more security and tech savy members here :)
Post by: PsydwayZ on July 18, 2011, 09:29 am
Cool :), Yeah thanks dudes, appreciate your help, good advice all round!! :)
Title: Re: Need some help from the more security and tech savy members here :)
Post by: RedRocket on July 21, 2011, 02:50 am
What you could actually do, is get a 10GB usb stick (or better yet an SD card with adaptor) and install ubuntu and truecrypt to That, and boot to it when you need to. That way, in the event of LE breaking down your door, disposing of a tiny USB stick/SD card is very easy, and they can do all the forensics they want on your computer and there's no risk of them finding a "suspicious" truecrypt partition :)

great idea.a microSD card would excellent,you could literally swallow it in a tight situation,i mean the police could smash your door down and search everywhere and find it,but if you swallow it,thats a good idea...this dude swallowed an sdcard for 1 dollar.lol

youtube.com/watch?v=wBKow0wrrwU