"No exceptional circumstances whatsoever, whether a state of war or a threat of war, internal political instability, or any other public emergency, may be invoked as a justification of torture." -- U.N. Convention Against Torture
This article is written by request. I do not encourage illegal activities and do not intend this article to come across otherwise. Please refer to the HTS Hacking Philosophy if you are unfamiliar with the site’s view on this issue.
Let's get started:
Cutting the formalities and getting straight to the point - I don't care if you (black hat) hack for a living or only illegally download 1 song a year - You need to watch yourself. If you only take one thing from this article let it be this: The paranoid survive.
This article is not a guide on how to stay completely anonymous online. My intent is to cover some basic behavioral patterns that only through suggestion you try to meld into your daily habits, for your own protection. I don’t want to overwhelm anyone with too many technical details as this is geared for the new aspiring hackers out there. If you want all the technical details you can PM me, google, or wait for my next article.
The question that spawned this article is as follows; "If you could start out again and create yourself totally off the grid, how would you do it?" You can actually do this at any point and time you like. Sometimes it’s not a bad idea depending on your habits. The way you set yourself up can determine how easily this can go. Let’s begin.
1 – Aliases
Never use the same username/email twice. This includes your passwords. If one of them is compromised, your others are shortly to follow.
2 – Boasting
Never EVER boast about your illegal dealings. People check for validity and do their own research on you and the target to ensure you aren't lying. There is just no need to go down that road. On the reverse, during police investigations they make what is referred to as a “Pattern of Life.” If you openly spread how haxxor you are and post details of your hacks you have not only left your fingerprint but you have also given the authorities a treasure map to catching you. They will make note of your hacks/etc by time and date and be following every step you make. It’s very easy to determine when you are active if you boast. For example, go to the forums and pick a random active poster and copy down all the times they post in the forums. Example: Hmm, this individual posts every day except Thursday nights…
3 – Friends
So you want to network and make friends in the underground, cool. As far as making friends go; don't trust anyone, period. You will make connections along the way but never divulge too much information about yourself. Point 1 and 2 are very important when meeting the underground populace. Make sure that if you start making “friends” you find everything out about that them that you can as fast as you can before you get too close. They could be cops, chaotic evil black hats, identity thieves, etc.
4 – Tracing
If you aren’t familiar with basic tracing you should be! Check the laws in your state/country and find out what the police have to do in order to get to you. For example; it takes a warrant in some cases for the police to get your physical address from your ISP. If you know the laws, limitations/freedoms of the police you have a much better chance to protect yourself.
5 – Invisibility
In regards to your IP and general anonymity: There are numerous ways to stay hidden. But without going too outlandish with it (as some tutorials can), I suggest you get yourself another hard drive (or large flash drive) to do all your fun stuff on. Make sure nobody EVER finds it. Running a live CD for your OS isn't a bad idea either. Soon as you power down everything goes back to zero. I’m not an Ent, but those guys have some great methods to hiding things. **http://www.bewild.com/dicansa.html** Just be sure that if you use anything like this you take every measure to ensure the protection of your devices. Like if you are trying to hide a hard drive, get yourself a static resistant bag to put it in first.
Proxies are good, but I get nervous about using them sometimes. **http://www.thetechherald.com/articles/Proxy-logs-helped-FBI-track-and-arrest-LulzSec-member/14619/**. I suggest TOR **https://www.torproject.org/**. Don't be lazy with just TOR Button. Get the full client and configure it properly. You might be using TOR button for surfing the net, but what about your tools? They will leave your fingerprint too. You have to configure your (online) tools to run through TOR as well. Looking back at point 1, if you have an email used for anything questionable, never log into it with an unguarded IP.
If you torrent (illegally), stop all uploads! (I know, I know… but remember we are talking about staying off the grid here.)
Using your neighbors wireless is not usually the best idea for fun stuff. I’ve been working on a HUGE article on this topic so stand by; it’s coming with all the ins and outs of this topic. But in short, you don’t know right away what preventive measures your neighbor has put in place to stop/catch you from using his network. Don’t be tempted by the unprotected network either, it could be a honeypot. If you use the neighbors network, make sure you aren’t doing anything loud, as in brute forcing a website. Coffeehouses for example aren't a bad idea either. They tend to not be as thoroughly monitored. Just be weary of cameras, and black hats/script kiddies rocking things like Firesheep. Hacking from your car isn't a bad idea either. Just be careful nobody sees you! A cop WILL come up to say hi if he sees you with your seat back pounding away on your laptop for more than a few minutes and you never get out to go anywhere. I've heard mention of using airport WiFi, but I just don't trust them. Damn terrorists getting people all jumpy. VPNs are also highly suggested. Remember too (or if you didn’t know) that when using a different network other than your own you SHOULD spoof your mac address. Any google search on this will tell you to spoof to this: 00:11:22:33:44:55. Well if you do that you are a nub. Why, because that’s not a real mac address, and any smart admin/owner of a network will know INSTANTLY that you are a hacker. Consult this **http://standards.ieee.org/develop/regauth/oui/oui.txt** (updated daily) when you want to spoof. Make it look legit. You could also monitor the network and copy the mac of a computer currently on the network and use it when it goes offline.
If you ever leave your house/computer unattended for more than a couple of days or you physically move addresses, delete all your tools! Just do it. You should know where to find them, how to install them and configure them anyway. It doesn't take long. If for some instance someone breaks in and steals your machine and goes home and plugs it in, and your comp is hot, it won’t be long before the thief comes forward about where he stole it if being accused of hacking charges. Friends and family are also a big factor here. No offense to anyone, but the ignorant are fearful. Try explaining to your wife why you have all these hack tools and other such “paraphernalia”. Make a habit of deleting your cookies and web history after every use if you are nervous about that end. Also it’s just a good idea anyway.
Don't stress too hard though. If you did you would never use the internet! There is no sure way to stay completely hidden. But look at it from a realistic approach. There are uncountable user connections to websites and servers all day, every day. Don't ever be scared of doing research. There is nothing illegal about that, nor is it considered questionable (as long as you don't search, how to haxxor facebook, FBI home page, etc). Admins on HTS could look you up if they wanted to. But since we don't condone illegal activities here, and you are following point #2, there really isn't any reason for them to. You aren't, and shouldn’t be connected to anything here. So relax.
Just be sure to never let your questionable happenings cross into your legitimate everyday usage. That line is entirely based on the individual. The more connections you have means more ground you have to cover to sweep up your tracks.
** Homework assignment for the readers: If you are new to this and didn’t understand some of the terms/concepts in this article, get to learning; this was all basic and commonly known stuff! Do some research on "doxing." Finally, find some articles on hackers getting arrested. Police love to boast how they tracked them down. Let it be a lesson. **
Cast your vote on this article 10 - Highest, 1 - Lowest