EXPERTS AND PROFESSIONALS ONLY!


    Security : Important Basics

    Share

    zeusk
    Admin

    Posts : 144
    Join date : 2011-12-04

    Security : Important Basics

    Post  zeusk on Thu Jun 21, 2012 6:11 am

    1. ENCRYPT

    A. Your computer, in case it is seized. Use Truecrypt with hidden OS, so you can give up a password if you live in a place where not cooperating is a serious crime (aka: a police state).

    B. Your communications, in case the vendor you work with has his E-mail being watched, which honestly will likely happen at some point if he is a big vendor. Use GPG for this.

    C. Other information, such as liberty reserve/webmoney account numbers and details, PO box information, and, get ready for it, your drug names. Keepass is good for information like this, so is GPG text blocks. Whatever you do, set up a separate truecrypt container (a container in the hidden OS) with a hidden section to keep the other encrypted information in.

    2. BE ANONYMOUS ONLINE

    A. Use WiFi if at all possible. Even if it is a neighbors WiFi that should be adequate unless you are a vendor (in which case you should use a new WiFi location every time you connect to check your E-mails, and you shouldn’t use any one WiFi location for more than thirty minutes, although if you live in a small area it is safe enough to rotate a few different locations as long as you do so randomly). It is pretty easy to crack WEP encryption, it is far easier to find open WiFi. I suggest you buy AWUS036H for starting on wifi cracking. WiFi isn’t perfect anonymity but it helps tremendously, they will need to bust out directional antennas and do a live trace on you. It is best to rotate WiFi periodically for this reason, but even if you can only get one location from your house and don’t feel like going to a coffee shop or whatever, it is better than not using WiFi.

    B. Spoof your MAC address if you are using WiFi. In most GNU/Linux distros you can do so by using a package called macchannger.There are a lot of free applications for windows too. MAC address can’t be traced back to you per-se but if your computer is seized and they have WiFi records of a device you used, they can tie the two together unless you spoof your Mac address.

    C. Use an anonymity network. I suggest TOR over any other anonymity network by far. Jap is worthless and it was compromised in 2003 and it can be traced with a warrant to a central authority, TOR is distributed and volunteer run. Make sure you use SSL with TOR or you are at risk of having your traffic sniffed. Keep java, flash and javascript turned off when you need to be anonymous.

    D. Do not use ICQ ! Fuck ICQ, they are known to keep logs of chats. Use XMPP ( Jabber instead ) It is a decentralized open source protocol and has many pros
    compared to ICQ or Yahoo or such. Use an open source IM client which doesn't leak DNS requests when communicaticing. DO NOT USE ANYTHING CLOSED SOURCE !
    There is a plugin called OTR, google about it and use it for encrypted chats. It is very easy to use and configure. Do not use plain text communication as conversations can be easily sniffed.

    3. BE SMART ABOUT PAYMENT

    A. It is probably safe for most people to use Western Union (WU) to send their payments, if you do use an apartment complex with no number as your address and make up a fake name. For under $1,000 in USA you don’t need an ID to send WU. Wear a hat and gloves!

    B. If you need an ID to send WU and you can’t get a fake ID (fake id = pure gold) then use WU with your real ID to buy Liberty Reserve or Pecunix from an exchanger. Set up an account with TOR and pull a name out of the white pages of another country. Bullshit the info and use a safe E-mail address (created with TOR), and store the info encrypted including keys and the identity you used. From the first bullshit account, load the money to a second bullshit account. If a vendor accepts WU you can now pay them by cashing out your Liberty Reserve to their details via an exchanger. You can also pay vendors that accept E-currency. The best bet for you is to find a friend in USA to buy LR with WU with no ID required, then buy it from them for cash-in-mail to a fake ID PO box (whoa acronym central).

    C. Paying with GreenDot is pretty safe (Cashing out is another matter though). Make sure to wear gloves and a hat though, although gloves are not quite as important for GreenDot I would wear them anyways.

    D. If a vendor has the steel balls required to take cash-in-mail (CIM) directly from customers, make sure you wear gloves and you should use a fake return address even though that risks losing the money if it screws up in the mail. Send it tracked so you can tell if the vendor lied or the mail man sucks.

    4. BE SAFE GETTING SHIPMENTS:

    A. Try your hardest to get a fake ID so you can set up a PO box. Some people pay bums or drifting junkies/squaters who have IDs to set up boxes for them (and some pay them to pick up packs as well) but imo thats fucked up and bad vibes + sketchy. Some people pay hookers too but thats sketchy (although both would probably be able to explain their way out of any charges, and neither would need to know your real info or where you live). Anyways I say bad juju don’t do that. But, use a fake ID to set up a PO box wearing a hat and gloves. Try and get it at a 24/7 place and go for mom and pop places (shitty camera systems, less likely to photocopy your ID). If they do photocopy ID you can spray hairspray on the picture and it will be a low quality scan but way better to not have it scan at all, customers don’t have a great deal to worry about on this one, but vendors could technically be busted by using a computer facial recognition algorithm to scan the DMV database of legitimate IDs for a face that matches up with the facial scan of the picture on the fake ID. Let packages sit for a period of time before picking them up. 24/7 Surveillance gets expensive fast; I would let analogs sit for three days, illegal shit that doesn’t smell for dogs sit for a week, and anything dogs can smell I would let sit for two weeks at least probably. Stake the place out before you get your package: does anything look suspicious? Are there any people in the area that look like they might be cops? (shaved head sketches me out, most cops around here have low cut hair). If you get the pack late at night from a 24/7 place there should be no one around. Don’t park in the parking lot either, park at least a half block away.

    B. If you can’t get a PO box, abandoned buildings are good. Fake name obviously (PO boxes you should send to the fake name on the fake ID).

    C. If neither of the above two will work, get shit sent to a friends house (with a fake name) and have them keep it clean between shipments. When they get the pack they should write return to sender on it and NOT open it for at least a day.

    D. ALL packs you get should NOT be signed for, you don’t want to essentially admit you bought illegal stuff with a signature because that WILL be used against you if it goes to court. If they ask you to sign for a pack, refuse, it could be a controlled delivery. Also, all packs should be tracked, and if they are held up for too long refuse delivery. If a pack is held in customs for more than two or three days I would refuse delivery if it was coming to me or a friend, if it was coming to a PO box or abandoned building I would wait a month + to pick it up. Domestic packs don’t go through customs and wont hsow up as held. Oh yeah, ALWAYS use TOR when checking shipping, people HAVE been busted for checking shipping. There was a vendor busted that way, a “customer” said he was missing a pack, the vendor checked the tracking to see if it was delivered and they got his real IP and raided him shortly after. was a MOM (mail order MJ) vendor.

    5. BE SMART

    A. Know your rights. If cops come, don’t say SHIT except “I want to talk to my lawyer” (unless its illegal to do this where you live, I think most places you don’t need to say shit with no lawyer though). Anything you can say can and WILL be held against you in a court of law: you can’t talk your way out of shit, the investigators are going to lie to you and try to make cooperating look good but no matter what they say it is stupid to say ANYTHING to them other than “I want to talk to my lawyer”.

    B. Don’t keep records or fake IDs on you. I know someone who got busted and he had a fake ID on him he had used to set up a storage center and they found the storage center with a shit load of drugs in it. If he didn’t have the fake on him he would have been fine regarding that shit and would only have been busted with what he had on him. Receipts for your PO box: burn them and flush the ashes. Greendot cards: shred. WU forms: burn and flush. Shipping labels: burn and flush. You don’t want a house full of evidence. IF you need some info stored transfer it to your computer, encrypt it and burn the actual paper.

    That is pretty much the basic security precautions. People that use those techniques (Encryption, WiFi, Tor, E-currency, Fake ID PO Box) are highly unlikely to be busted.

    For more info go to

    A. For online anonymity
    www.torproject.org

    B. For email communication you can use one of these services. Remember to use GPG too. Do not use hushmail !
    http://secure-email.org (Turkey)
    https://www.safe-mail.net (Israel)
    https://ssl.mailvault.com (Germany) Eats many e-mails.
    https://lavabit.com (USA)
    https://fastmail.fm (Australia?) Probably not encrypted.
    http://www.bigstring.com (USA?) Probably not encrypted.
    http://www.offshorewebmail.com (USA?) Probably not encrypted.
    https://anonymousspeech.com (Switzerland / Malaysia) Javascript required, temp accounts.
    http://www.countermail.com (Sweden) – I put this last because they require java, which is a MAJOR security risk.

    C. OTR for Secure IM communication
    http://www.cypherpunks.ca/otr/

      Current date/time is Mon Dec 05, 2016 2:33 pm