What's Your "Ultimate Anonymity" Setup?
#1
Anonymity Setups
 
There's been talk recently of how you would stay anonymous while hacking. So I'm curious to hear all your anonymity setups. I'll set some parameters and go first. Obviously, this is all hypothetical and helps us all learn more and exercise our brains. Don't do illegal things kids. If you have a "hole" in someone else's setup, feel free to voice your opinion but don't be a douchebag about it (not going to name any names. You know who you are).
 
Threat model: Federal and local law enforcement of your country.
Parameters:
 - You have your normal budget. No crazy stuff.
 - Nothing else is off limits. Legal issues aren't a concern.
 - You'll be doing network-based and website-based hacking. That kind of thing. You don't have to worry about C&C if you don't want to.

Here's what my setup would be. First, I'd get a live USB of Kali and use it with my laptop. I prefer a live USB over a VM because you have to worry about exactly what the VM is doing with the host system and what telling clues that leaves behind. Also, I don't like the idea of sharing resources between two OS's. Live USBs don't save anything to disk unless you explicitly put it on your own hard drive and as soon as you turn the computer off, everything in RAM is gone.
 
So go somewhere in the big city where there was a small coffee shop or something similar with public wifi. The idea is to get a place that will have one of those little routers that doesn't really have logging and the owners don't pay attention to. Boot up the Kali USB, spoof MAC address, change hostname, and make sure there isn't anything like SSH running and accessible to other people on the network. Then I'd hack between 3 and 4 vulnerable systems (not my main targets). I'll use these later on. I'd already have a VPS (paid for anonymously with monero or something similar) which I can SSH into over the TOR network. This way, the VPS doesn't know my IP even if law enforcement finds it. The VPS will need to be "cleaned" periodically to limit the amount of evidence found if the server is compromised. The VPS is where all the hacking tools and such are installed. From here I use the compromised systems as proxies. That's about it. What do you guys have?
Reply
#2
Posted something approximating my "ultimate" set up in the other thread. I see yours is not too dissimilar from mine. You're just using jump boxes while i cycle through cracked AP's.

No problems using VM personally.
https://greysec.net/showthread.php?tid=6...2#pid17502

Vector Wrote:If you really want to go balls to the wall, you get a USB Network Card with an extra long antenna change it's MAC Address and crack all the AP's in your vicinity, use a different MAC for each. Then on a box that has full disk encryption you set up a hidden VeraCrypt volume, inside of it you install your favorite distro in VM and harden it. Rent a VPS from a provider that accepts BTC, preferably in a country that has no extradition treaty with your own. You only connect to that VPS via SSH that's routed through the Tor network.

The VPS will be you operations platform. Now, remember how i said to crack APs? You write a shell script that changes MAC every N interval of time, after the MAC has been changed you rotate through all your APs in a random order. New Mac -> New AP.

When you are done working for the day you shut down your VM, lock the VeraCrypt volume and stop cycling through MACs and APs and go back to doing ordinary things on your main box. You repeat this until you have achieved your operational directive, after which you ditch the VPS, and rent a new one for your next operation.
Reply
#3
Vector Wrote:Posted something approximating my "ultimate" set up in the other thread. I see yours is not too dissimilar from mine. You're just using jump boxes while i cycle through cracked AP's.

No problems using VM personally.
https://greysec.net/showthread.php?tid=6...2#pid17502

I try to model mine after APT tactics + what I've learned from other sources. Idk, it's also a lot easier to burn the evidence with a live USB in my opinion. You pretty much just unplug it. I like that AP cycling system. That's smart.
Reply
#4
(05-06-2020, 03:32 AM)Dismal_0x8 Wrote:
Vector Wrote:Posted something approximating my "ultimate" set up in the other thread. I see yours is not too dissimilar from mine. You're just using jump boxes while i cycle through cracked AP's.

No problems using VM personally.
https://greysec.net/showthread.php?tid=6...2#pid17502

I try to model mine after APT tactics + what I've learned from other sources. Idk, it's also a lot easier to burn the evidence with a live USB in my opinion. You pretty much just unplug it. I like that AP cycling system. That's smart.

I think that there should be a penetration testing distribution that automatically deletes itself when it starts up the way Tails does but also is configured to use Tails-like TOR networking.

Anyways, I'm a noob, but here's my setup:

I would install Kali Linux on a VPS paid for in cash (because Bitcoin can get hacked and I don't know that Monero will never get hacked) and connect to the VPS through Tor using a public WiFi network but with Tor bridges configured. I also would use a MAC address changing script that ran whenever I started my machine. This way, even if someone comes to the cafe, they can't see the same MAC address every time I enter the cafe, and I would maybe try going to several cafes and mix it up as opposed to only going to one constantly. So whenever I was at home I'd stay legal but when I went out is when I would drift to the illegal side of things.

Oh, and in case someone looked over my shoulder, I would have one of THESE but for my computer's model installed on my screen:

https://www.amazon.com/Dell-Privacy-Filt...300&sr=1-4

Then I would switch between cafes, libraries, universities, and any other public places with Wifi.

I think that system works 100%.

So it would be something like:

privacy filter >> (TOR or some other self contained network) + RDP >> VPS with Kali Installed >> (Tor or other self contained network) >> Internet >> Target

I would try to have a combo of Tor for one connection (maybe to the VPS from my laptop for example) and another self-contained network for the connection from the VPS to the Internet, in case Tor got cracked somehow I would have a backup that wasn't necessarily cracked until Tor could patch the vulnerability.
Reply
#5
Qmark Wrote:I think that there should be a penetration testing distribution that automatically deletes itself when it starts up the way Tails does but also is configured to use Tails-like TOR networking ...snip...

Well said QMark. That's a pretty good system. When you say "delete itself," all live USBs do this. It's just the way they work. Nothing is stored on disk. Everything is gone after you reboot. Very nice.
Reply
#6
Well there is a lot of controversy when choosing where to operate. I personally would like to be somewhere other than a café. Therefore, you don't have to worry about cameras or people looking.
I like the idea of Vector and cycle through APs with different MACs, I wonder if a tool like that already exists, else it shouldn't be hard to code.

Also, to QMark, paying with cash is just too risky, unless you buy gift cards you have to use your card or paypal/similar which is tied to your persona. There is the posibility of getting into carding or hacking paypals, but in my opinion that's way too much fucked up.
Reply
#7
enmafia2 Wrote:Well there is a lot...snip...

Ah but nobody said you had to be inside the cafe. But you could just sit facing with your back to a wall if you wanted to be in the cafe. That eliminates the problem of people looking and cameras.
Reply
#8
(05-08-2020, 01:07 PM)Dismal_0x8 Wrote:
enmafia2 Wrote:Well there is a lot...snip...

Ah but nobody said you had to be inside the cafe. But you could just sit facing with your back to a wall if you wanted to be in the cafe. That eliminates the problem of people looking and cameras.

I actually think a privacy filter would be a thousand times more effective than sitting against the wall, which I would try to do anyways just in case.

Privacy filter + someone looks over your shoulder = 0 consequence because that person won't actually see what your doing.
Reply
#9
(05-12-2020, 07:09 AM)QMark Wrote:
(05-08-2020, 01:07 PM)Dismal_0x8 Wrote:
enmafia2 Wrote:Well there is a lot...snip...

Ah but nobody said you had to be inside the cafe. But you could just sit facing with your back to a wall if you wanted to be in the cafe. That eliminates the problem of people looking and cameras.

I actually think a privacy filter would be a thousand times more effective than sitting against the wall, which I would try to do anyways just in case.

Privacy filter + someone looks over your shoulder = 0 consequence because that person won't actually see what your doing.
 
Yeah good point. Hard for someone to look over your shoulder without being incredibly obvious when you're sitting by a wall though. And even if they saw something, they wouldn't know what they were seeing most likely. A privacy filter wouldn't hurt though, although I personally wouldn't get one.
Reply
#10
(05-06-2020, 03:32 AM)Dismal_0x8 Wrote:
Vector Wrote:Posted something approximating my "ultimate" set up in the other thread. I see yours is not too dissimilar from mine. You're just using jump boxes while i cycle through cracked AP's.

No problems using VM personally.
https://greysec.net/showthread.php?tid=6...2#pid17502

I try to model mine after APT tactics + what I've learned from other sources. Idk, it's also a lot easier to burn the evidence with a live USB in my opinion. You pretty much just unplug it. I like that AP cycling system. That's smart.

You don't need to burn evidence if it's AES-256 encrypted, if you use a strong passphrase. Besides, all my boxes have full disk encryption(Which is something i would advise everyone to use). So unplugging is going to have the same effect as it will in the scenario you described.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
   Anti-forensic erase of your NVMe SSD robinhoood 5 5,862 04-18-2021, 03:08 PM
Last Post: robinhoood
  Practical Anonymity IPSEC 14 42,164 04-10-2021, 06:51 AM
Last Post: Da3m0n8
  What is your anonymity setup? purpledevil 14 18,506 04-08-2021, 05:21 PM
Last Post: 3286883268a
  Ultimate Anonymity Guide 2021 139691296921 0 3,273 03-30-2021, 04:21 AM
Last Post: 139691296921