Uncategorized

Dedicated Device for OpSec: Tablet vs Laptop?

Choosing the right device for your OpSec needs is crucial for maintaining your privacy and anonymity. This guide will compare tablets and laptops as potential dedicated devices for running Tails or Whonix, exploring the pros and cons of each option.

Tablets: Pros and Cons

Pros:

  • Portability: Tablets are generally more portable than laptops, making them easier to carry and use on the go.
  • Battery life: Tablets typically have longer battery life than laptops, allowing for extended use without needing to be plugged in.
  • Lower cost: Tablets can be less expensive than laptops, especially older models.

Cons:

  • Limited functionality: Tablets are not as powerful as laptops and may not be able to run all the software you need.
  • Smaller screen: The smaller screen size of a tablet can make it difficult to work with complex applications.
  • Limited hardware customization: Tablets typically have less hardware customization options than laptops, making it harder to upgrade or modify them.

Laptops: Pros and Cons

Pros:

  • More powerful: Laptops are generally more powerful than tablets, allowing you to run more demanding software and applications.
  • Larger screen: The larger screen size of a laptop makes it easier to work with complex applications and documents.
  • More hardware customization: Laptops typically have more hardware customization options than tablets, making it easier to upgrade or modify them.

Cons:

  • Less portable: Laptops are generally less portable than tablets, making them more difficult to carry and use on the go.
  • Shorter battery life: Laptops typically have shorter battery life than tablets, requiring more frequent charging.
  • Higher cost: Laptops can be more expensive than tablets, especially newer models.

Dedicated Device Recommendations

  • Old Laptop with Whonix: An old laptop with Whonix is a popular choice for a dedicated OpSec device. It offers good security and flexibility, but it can be bulky and have limited battery life.
  • Non-Cellular Android Tablet with GrapheneOS: A non-cellular Android tablet with GrapheneOS can be a good option for a portable and secure device. However, it may not be as powerful as a laptop and may have limited hardware customization options.
  • Librem 14 with QubesOS: The Librem 14 is a high-end laptop designed with security and privacy in mind. It comes with QubesOS preinstalled, which provides strong isolation between different applications and virtual machines.

Conclusion

The best dedicated device for your OpSec needs will depend on your individual requirements and preferences. Consider factors such as portability, power, battery life, and hardware customization options when making your decision. If you need a powerful and flexible device, an old laptop with Whonix is a good choice. If you prioritize portability and security, a non-cellular Android tablet with GrapheneOS may be a better option. For the ultimate in security and privacy, consider a Librem 14 with QubesOS.

Current EU Shipping Times: A Summary

Based on the information gathered from the darknet forum threads, here’s a summary of current EU shipping times:

General Trends:

  • Slower than usual: Shipping times across EU seem to be slower than usual, likely due to summer and the Olympics.
  • Average wait: Most packages seem to be arriving within 7-20 days, with some outliers taking longer.
  • Vendor discretion: Some vendors might mark packages as shipped before they actually send them, which can affect estimated delivery times.
  • Regional variations: Shipping times can vary significantly depending on the origin and destination countries.

Specific Examples:

  • EU-EU:
    • Germany/Poland to Southern EU: 12-18 days
    • France to Sweden: 6 days
    • DE-FR: 6-8 days (usually), 10 days recently
    • Eastern EU: 14 days
    • UK to EU: 9 days to 3 weeks (since June)
    • UK to Spain: 14 days
    • PL to DE: 20 days
    • China to EU: 7-15 days

Additional Factors:

  • Postal services: Efficiency of postal services in different regions can impact delivery times.
  • Customs: Packages shipped internationally might experience delays due to customs checks.
  • Vendor reliability: Choose vendors with a good reputation for timely shipping.

Recommendations:

  • Be patient: Allow for additional time for your package to arrive, especially during peak seasons.
  • Track your package: Use tracking information provided by the vendor to monitor its progress.
  • Communicate with the vendor: If your package is significantly delayed, contact the vendor for an explanation.
  • Consider alternative shipping methods: Some vendors offer express shipping options for faster delivery.

Disclaimer:

This information is based on user reports and may not be representative of all EU shipping experiences. Actual delivery times can vary depending on individual circumstances.

My Approach to Destroying Shipping Labels

I understand the concern about leftover packaging and shipping labels, especially when dealing with illegal activities. While I agree with the DNM bible’s advice to avoid putting identifiable materials in your regular trash, I also believe there’s a balance between security and practicality.

Here’s my personal approach to handling shipping labels:

1. Removing Identifying Information:

  • I carefully remove any labels or tags with my name, address, or other identifying information using a razor blade or sharp knife. I wear gloves during this process to avoid leaving fingerprints.
  • I dispose of the removed labels by burning them completely or dissolving them in a strong chemical solution.

2. Shredding the Remaining Packaging:

  • I shred the remaining packaging material into small pieces using a cross-cut shredder. This makes it difficult, if not impossible, to reconstruct the original label or packaging.
  • Alternatively, I tear the packaging into small pieces by hand, ensuring the pieces are unrecognizable.

3. Disposing of the Shredded Material:

  • I mix the shredded material with other trash, such as food scraps or coffee grounds, to further disguise it.
  • I dispose of the mixed trash in multiple trash cans located at different locations, preferably outside my immediate neighborhood.

Additional Considerations:

  • If I’m particularly concerned about a specific shipment, I may take additional steps, such as burning the shredded material or flushing it down the toilet.
  • I avoid using my regular trash can for any materials related to illegal activities.
  • I handle all materials with care to avoid leaving fingerprints or DNA evidence.

My Rationale:

While some might consider my approach excessive, I believe it offers a balance between security and practicality. It effectively destroys identifying information while remaining manageable and avoiding unnecessary risks.

Ultimately, the best approach depends on your individual circumstances and risk tolerance. It’s important to weigh the potential consequences of being caught against the inconvenience of taking additional security measures.

Choosing the Right TOR Exit Node: A Guide to Anonymity

Choosing the right TOR exit node is crucial for maintaining anonymity online. This guide will explore the different factors to consider when selecting an exit node, including the number of hops, adversary countries, and VPN usage.

Understanding TOR Exit Nodes

TOR, or The Onion Router, is a privacy tool that encrypts your internet traffic and routes it through a series of volunteer-operated servers called relays. These relays are grouped into circuits, and the final relay in a circuit is called the exit node. The exit node is responsible for sending your traffic to its final destination.

Factors to Consider When Choosing an Exit Node

Number of Hops:

The number of hops in a TOR circuit affects your anonymity. A higher number of hops makes it more difficult to trace your traffic back to its source. However, it also slows down your connection speed. Most users are advised to stick with the default number of hops, which is three.

Adversary Countries:

It is generally not recommended to choose an exit node in a country that is considered an adversary to your own. This is because the government of that country may be more likely to monitor and track your traffic.

VPN Usage:

Using a VPN with TOR can add an extra layer of security, but it is important to choose a reputable VPN provider that does not log your activity. Some users believe that using a VPN in a friendly country before connecting to TOR can provide additional anonymity, but this is not always the case.

Best Practices for Choosing an Exit Node

  • Stick with the default number of hops.
  • Avoid choosing exit nodes in adversary countries.
  • Consider using a VPN with TOR, but choose a reputable provider.
  • Be aware that using public Wi-Fi is not always the best idea for anonymity.
  • Use hardware that you own and control.

Summary

Choosing the right TOR exit node is important for maintaining anonymity online. By considering the factors discussed in this guide, you can make informed decisions about how to protect your privacy. Remember, there is no one-size-fits-all solution, and the best approach will vary depending on your individual needs and circumstances.

Security through Obscurity and Obfuscation

Recently, after reading that ‘AT&T is now trying to block DNS encryption’ and taking into consideration the long-forgotten concept of ‘network neutrality,’ contemplating the gross abuse of power Apple has over their consumers via their devices (DNS) and putting the end-user on Apple’s own Private Relay, knowing that the NSA and AT&T work hand-in-hand:

That the NSA has access to virtually all internet traffic, ad infinitum:

https://en.wikipedia.org/wiki/MUSCULAR#Operational_details

https://en.wikipedia.org/wiki/PRISM#The_program

How, your ISP can still see everything “normal” clients visit, trivially, without needing to look at DNS — the client sends the hostname it wants to reach in the clear when setting up a TLS connection. Sadly, the encrypted “ClientHello” TLS extension still isn’t widely supported.

https://www.ietf.org/archive/id/draft-ietf-tls-esni-17.html

And that an ISP can DPI HTTPS and DNS over HTTPS to determine the FQDN based on the SNI header which is needed for front-end routing.

That DPI is used by NGFWs to do real-time blocking.

That Palo Altos and Sophos thrive with DPI by blocking categories via DPI in real-time.

How a Sophos just needs to sit between your client and another network to look at patterns, headers and payloads.

How even DNS over HTTPS is not “practically unblockable”.

How the country has become obsessed with the pretense, current VPN trend.

I’ve found a pretty solid means of messing with them.

https://github.com/madereddy/noisy
Simple random DNS, HTTP/S internet traffic noise generator in a Docker container.


https://github.com/fireneat/Noisy
Simple traffic generator written in Python which may make traffic inspection more difficult.

https://github.com/1tayH/noisy
Simple random DNS, HTTP/S internet traffic noise generator.

“A simple python script that generates random HTTP/DNS traffic noise in the background while you go about your regular web browsing, to make your web traffic data less valuable for selling and for extra obscurity.”

As well, in the context of cryptography, it is “randomness” that is essential for generating encryption keys, initialization vectors, and nonces, thus, you are basically cloaking your traffic by creating what is so-called “stream cipher”; (CPRNG), without cryptographic pseudorandomness, all cryptographic operations would be predictable and hence insecure. True randomness significantly enhances the security of cryptographic algorithms by introducing an extra layer of complexity. Cryptographic keys become more resistant to attacks such as brute force or dictionary-based cracking by using unpredictable random numbers. As a result, the probability of an unauthorized entity successfully decrypting the encrypted data is greatly reduced.

If you have ever used VeraCrypt, you would remember having to move the mouse randomly to generate the encryption keys, the software needs as unpredictable numbers as possible. The mouse movement gathers extra randomness – presumably as a ‘salt’ – to further make the generator unpredictable. Salts defend against attacks that use precomputed tables and this noise emulates that.

Ironically, it is “noise” that is the Achilles’ heel of Quantum computers.

Isn’t that what Tor Bridges do, anyway: cloak you in noise?

Make some noise and play it loud.

.onion services


File Host
Files of Any Kind
134 MB Capacity Maximum
http://uploaddd5rychb5mzvpycwr4c6pomy6ptr3gqbluivnig2jokirmf6qd.onion

Notie
Self-destructing encrypted messaging service.
http://notie6suse7nzfrlndouyjw3xmdf2sl2a6njcykd3qongp5f2bytz4yd.onion

How police took down many of the top markets

This is a list of all major DNM which have been comprimised by LE, a short summary of them, and how they were caught. This does not cover DNMs which have been hacked.

This is a long post, I’ve tried to make it as detailed as possible for those who want to know the details of market takedowns. I try to provide more details on the less well known markets. This is also not meant to hate/support on any specific markets. Just laying out the facts so people can see what went wrong and mistakes they can avoid.

List of markets listed here

Farmer’s Market

Silk Road

Silk Road 2.0, Cloud 9, and Hydra (Operation Onymous)

AlphaBay 1

Hansa Market

Farmer’s Market (AKA Adamflowers)(2006-2010 Clearnet 2010-2012 Onion Site)– In 2006 a drug market by the name of Adamflowers⚠️ appeared on the clearweb. This website would run as a small drug market (selling “LSD, ecstasy, fentanyl, mescaline, ketamine, DMT, and high-end marijuana” and more), flying under LE radar, until 2010. In 2010 Adamflowers changed its name to Farmer’s Market and switched over to the Dark Web, using TOR. This was a new idea for online drug markets and caused Farmer’s Market to rapidly grow in popularity. As is the case, with this newfound popularity, LE began to take a stronger notice in it. Thus in 2010 an investigation (aptly named “Operation Adam Bomb”) began, led by the US Drug Enforcement Agency (DEA). While this takedown did take nearly two years, a part of the reason was due to lack of urgency. Farmer’s Market wasn’t near as big as future DNMs, and thus had less incentive for LE to hurry with their takedown. What led to Farmer’s Markets takedown eventually though was lack of OpSec technology/innovation of the time. Farmer’s Market came before the creation of Bitcoin, and so instead customers could buy using PayPal, WU, I-Golder, or cash by mail. This created a easy way to track market users and admin, compared to future DNMs which used cryptocurrencies. The other thing that led to the takedown of Farmer’s Market was their use of Hushmail for communicating, an “encrypted and safe method of communication [which] would not produce e-mails to law enforcement officers.” Despite this claim, it is largely believed that Hushmail gave LE their unencrypted e-mails. (*cough*, don’t just trust VPNs that say no-log without checking court cases or audits) Information of Farmer’s Market’s takedown is a big hard to find but a major souce of information comes from the 66 page indictment⚠️. This court indictment list the charges for the market admins, as well as 284 bits of “evidence” on these charges. Most of this evidence comes from e-mails logs, hence why it’s assumed that Hushmail gave up their encrypted e-mails. LE was also able to track where certain Paypal, cash, etc. payments were going to and coming from, and use that information to arrest several users. Eight admins were arrested as well as at least seven users. All eight admins were charged with at least one crime. Of the eight, one passed away before trial, the other seven pled guilty and got ten years or less. After the LE takedown, Farmer’s Market had had thousands of users, and approximately $2.5M worth of sales.

Silk Road (2011-2013)– I won’t spend too much time on this market since it already has so much coverage. If you want detailed info, I highly suggest a book “American Kingpin by Nick Bilton,” Basically Ross Ulbricht made a mistake in his websites code which leaked his Icelandic servers IP address. This along with the fact that he discussed Silk Road on a clearnet forum linked back to him. There’s tons more to this story (like a 320 page book above lol,) but also short articles that can explain the story a lot better and more entertaining then I can.

Silk Road 2.0, Cloud 9, and Hydra (Operation Onymous 2014) Operation Onymous was a six month long, international operation with LE from the US and Europe to take down several illegal sites, including several DNMs. This operation reached the beginning of the end on November 5-6 2014, when a number of dark web websites were shut down. What was claimed by the government as 410 sites, soon shrunk down to 267 sites shortly. This Operation also led to 17 arrest and (only) $1M worth of Bitcoin seized. How Operation Onymous was carried out, and how LE was able to take down so many sites at once remains unclear. However, there is a lot of interesting facts and information to look at, which help give some ideas. It is believed that Operation Onymous was a widescale “sweep” of illegal sites, and that no particular websites were targeted. Instead it is believed that popular dark web servers were targeted. Part of this thought comes from the fact that many illegal sites remained uneffected from Operation Onymous, including other major DNMs such as Agora (was already bigger than Silk Road 1.0 at this point), Evolution (which allowed the sale of weapons) and Andromeda. The TOR developers still do not know how LE was able to comprimise so many sites. There are four main possibilities: 1) Poor OpSec on sites parts (I personally don’t think this one is the case. You would have to assume that LE exploited the poor OpSec of 267 sites within a 6 month period, yet they executed those flaws all in a sigle day. Also many of those 267 sites were mirrors for sites that didn’t get taken down. If a sites mirrors have bad OpSec, then I assume their main site would too.) 2) SQL injections 3) Bitcoin Deanonymisation and the most interesting 4) attacks on the TOR network by DDOSing nearly all relay nodes, so as to force all traffic through LE owned attacking nodes. With this they could perform traffic confirmation attacks aided by a Sybil attack. The admins of Cloud 9 market took to Reddit saying that they could no longer access their site, but they still had access to all their Bitcoin. 17 arrest were made, although it is unsure what number of these 17 arrest were website admins or users. With what info we do have (as previously stated) it is assumed that this operation targeted hosting companies rather than individual sites, based on the randomness of sites taken down. More detailed/further info can be found here⚠️.

AlphaBay 1– Launched September 2014, officially so on December 22, 2014. As with the Silk Road I won’t spend much time on this popular market. When the creator of the market (Alpha02) first released the market he sent welcome messages from his clearnet email, [email protected]. This was quickly fixed and went unnoticed for several years. He used the same username that he had since at least 2008. When LE caught Alpha 02 (Alexandre cazes) they found his laptop completely unencrypted, performing a administrative reboot on the site. His servers were linked to his real name, he had multiple open, unencrypted hot wallets which he put his funds in. He bragged about all his illegally obtained money by showing off expensive things he’d bought. Overall a massive amount of OpSec failures. It was by pure luck that the site remained as long as it did (July 2017.)

Hansa Market– Hansa market opened its doors in August of 2015. Very quickly it rose to become one of the top markets on the Dark Web. Within a year it had become one of the biggest DNMs and caught the attention of the Dutch police. The Dutch police began an investigation into the market, however they organized this investigation quite differently than previous DNM investigations and takedowns. This time they planned a take over. This way they could control the DNM and gather more evidence against its vendors and buyers. Thus began a 10 month investigation, from October 2016 to July 2017.
What began the investigation was a tip from an anonymous source. A security and research foundation had found a Hansa development server. A server where the Hansa admins could test out new features and ideas before implementing such features and ideas on the main market. Due to some (unknown) OpSec falure on the parts of the Hansa admins, this development server exposed its real IP. Dutch LE went to that server and installed network-monitoring equipment. Using this they were able to find what servers this development server was communicating with, and copy all the data from all the servers. While this normally wouldn’t help (as all market users are protected by TOR and the fake usernames) the Dutch LE found something very surprising. A massive OpSec failure by the Hansa admins left unencrypted IRC chat logs on the servers. On these chat logs LE found tons of information, including the admins real names and even addresses. Everything was going to plan for LE, and just as they were about to take over the servers and arrest the admins, a set back came. The admins moved the website to a different, now unknown server. At this point the Dutch LE could have just accepted their loss, arrested the admins, and then search for the servers, or let the website crash and burn without any admins. Instead, determined to complete a takeover instead of a takedown, they started searching for the new servers. After several months (in April 2017), they got their next lead. A BTC address that was mentioned on those unencrypted IRC chat logs became active. Using chainanalysis LE was able to see where that BTC had gone to, a Bitcoin payment provider in the Netherlands. LE contacted this payment firm and gave them a legal order to hand over information on where that BTC had come from… a hosting company in Lithuania. Again, just as Dutch LE was about to arrest the admins and try to implement a takeover, the FBI contacted them, saying they were just about to take down AlphaBay. So Dutch LE again waited a bit until after AlphaBay had been shut down. They did this so all the AlphaBay users and vendors would transition to Hansa right before the take over. And finally, the Dutch LE was ready to put everything into action. Similar to the Silk Road 1 takedown, they had to catch the admins with their laptop opened and unencrypted. So they waited until they were home and logged onto the market. At that time, on June 20th 2017, German police (in coordination with Dutch LE) raided the admins homes, arrested them, and seized their unencrypted laptops. At this point Dutch LE began transitioning the servers to LE owned servers. The admins gave LE all their login information (to help reduce their sentencing,) and Dutch LE officially owned Hansa. Over the next month they rewrote parts of Hansa code and gathyered info on its users. These changed included storing all users passwords, record plaintext messages before it encrypted them (Hansa had a feature that automatically encrypted messages. This is why you always encrypt your own messages, don’t trust markets to do it for you,) not remove metadata from photos (Hansa also had a feature that automatically removed pictures metadata. With this change LE was able to find the location of many vendors.) The biggest move they made though was sharing a file with all users supposed to be a backup key for the users BTC if the website ever went offline. Instead this was an excel file, that when opened would record and share the users real IP if they weren’t using Tails/Whonix/Qubes. This one move led to the arrest of 64 sellers. After 27 days, the Dutch LE had gathered all the info they wanted and took down the site. They wrapped a few things up, which I’m not going to talk about because this already super long, and that was the end. Main source⚠️ and further reading.