This is a message for all you lot who do and email about stuff the authorities would regard as "naughty". It's another reminder about what you write, and what you say, and the fact that some day it might just trip you up. (I was already fired once over an email that ended up in the wrong hands by accident)

Here's (http://news.bbc.co.uk/1/hi/uk/3012193.stm) the link, and the bit that caught my eye was: District Judge Timothy Workman said the case relied largely on e-mails

Now I don't think many people here have malicious genuine intent, I certainly don't, but I'm fairly sure that in the event of a public accident, or someone taking a particular interest in what I do, there would be little clemency in this day and age :( So, be wary what you write, and to who, and where you can, use PGP. It's a lot easier than I imagined, and now I'm getting the hang of it, I'm going to go through my pc's, removing anything controversial and doing making sure my freespace is wiped etc.

Any other useful ideas on security are welcome!

On the note of PGP, which version is solid, tested, open source, and won't totally mess up your computer when you install it? I had problems with the latest version on my computer, and I ended up having to uninstall.

I always wondered what would happen if you sent an e-mail containing 20 + carinvore trip words to somebody. "Your E-mail has been sent!" 3 minutes later "This is the FBI, lay down on the floor spread eagle whilst we do a full body cavity search for any dangerous weapons!!"

Glad to here you're getting on the crypto bandwagon. :)

Some things that SWIM (Someone Who Isn't Me) has done to secure their computer:

Installed PGP. (DUH!)

Use it to create encrypted disk volumes, dividing up the secondary partition of their HDD's into 4 gigabyte encrypted volumes, so that nothing besides the O/S resides on the primary C:/ partition. All media authoring/editing programs, temp file directory, etc, resides on one of the ecrypted volumes, so there's no little traces of shit residing in the clear. All start-menu shortcuts point to the encrypted volume.

The E-volumes use a username/passphrase combo, rather than the private key/passphrase combo, because you'll have to RTPB "Plan for failure" and assume that you'll somehow lose the key, wich would mean losing ALL your encrypted data. Whereas, the username/passphrase isn't dependant on never losing the key, only your memory.

The encrypted volumes all use a LONG passphrase, and not something you'd find in a dictionary/poem/song/or other readily guessable source. If you're using a decent passphrase, then all the volumes can use the same one, but it'd be better to have several different ones that you use for different E-volumes, so that the breaking of one passphrase does nothing to help them decrypt the others. :p

Use the right-click option to secure wipe any files using PGP secure erase, rather than the recycle bin, so there's nothing lurking in the trash bin to be found.

Several times a week, perform a defrag of the HDD's, prior to performing a secure free-space wipe of all unallocated clusters using PGP's free-space wipe utility.

Install and use Tracks Eraser Pro ( http://www.share2.com/tracks-eraser/ Serial: 3979-6875D16E ) and set it to erase the cache, cookies, history, typed URLs, autocomplete memory, index.dat from your browsers, and Window's temp folder, run history, search history, open/save history, recent documents, etc.

It'll also erase the tracks of popular applications,such as playlist of Realplayer, Mediaplayer, QuickTime, recent files of Office, Acrobat ,Winzip, etc.

This is good, because if "They" should happen to get to your computer while you've got just the applications open (while everything was locked down), you'd still be screwed if your acrobat reader recent list had things like "Making mustard gas from anti-freeze", "How to kill", "WMD's in ten easy steps", etc, and WMP had "Homemade nitroglycerine" and "Cop Killer, a how-to video guide". :p

Use it several times a day while you're doing your thing, whatever that may be, to minimize the trails you leave on your computer. Don't rely on it totally, but it'll greatly complicate "Their" attempts at incriminating you using anything that you didn't get to wipe using the PGP free-space wipe utility.

Set your homepage to www.disney.com, rather than roguesci, and manually type in roguesci once you're logged on.

If you're using a pre-paid internet account, and reinstall it everytime it expires, rather than renewing the same account, your trail only goes back as far as that account has been used, perhaps a couple of weeks. Once you've got the accoount number memorized, destroy the card, since the number isn't stored anywhere on the computer, piggies would have a very difficult time of figuring out what account you where using.

Set your modem to dial *67 to block caller ID, prior to dialing up the ISP, which will also complicate things for them, since it blocks the ISP from recording your number. This is really only applicable if you're mobile, since the phone company would still have your dialing records for your home address, if that's where you logged in from, but do it anyways.

You can then deny being a long-time roguesci member, rather, you just recently (as far back as they can prove ;)) found it and was "curious", that's all...yeah, that's the reason..curious. :p Of course, you forgot what user name you used, since it's been so long since you've last posted anything. ;)

If you've got a CD burner, use it to burn E-volumes onto CD, rather than having stuff in the clear.

Create an E-volume just a couple of megabytes smaller than the capacity of your CD media, and call it something like "Secure CD", and put any files you're about to burn into it. You then unmount from that volume and burn it to CD. This removes .7GB of data off of your HDD, making room for more stuff.

It'd be advisable to use a file cataloger to index all the CD's contents, so you can simply pull up the file index (on an E-volume) and search that to find the files you need, rather than having to write down the contents of the CD on the CD itself, which would rather defeat the purpose, eh? The CD's should be numbered like 1, 2, 3...etc, not named like "Bomb Books".

Don't be stupid and use the 2nd HDD as additional storage, because that's getting greedy, rather, use it to mirror the first HDD because all the secure wiping takes a toll on the HDD motors, causing them to wear out faster.

It'll inevitably happen that the HDD will die, and Murphy's law says it will do so when you're just about to back up everything you haven't backed up for the last year. :D

Now, after doing all this, what would the cops find if they raided you?

They'd find a computer on which there is NOTHING of value for use as evidence against you. There's no bomb recipes, warez, smut, or anything else that they can find. No URLs (other than Disney), passwords, or cookies. No filenames to give a hint as to what's in the encrypted volumes, nor what you may be doing with 'em, since they don't even know what all you have.

Internet is a washout, since it only goes back for a less than a days worth of surfing and, if you used an onion router, they haven't a clue as to what webpages you visited.

That huge pile of CD's you have? Worthless too, since every one of them is PGP encrypted also, and with no titles to indicate content.

'course, all the usual security measures that I shouldn't have to mention here, like firewalls, anti-virus/trojan scanner, etc, also applies.

If you've got an "always on" connection like cable or DSL, unplug it when you're not using it, same for dial-up modems. Also, don't have any E-volumes open when you're online. This prevents any piggie trojans that may sneak onto your computer from "phoning home" and allowing them to access/copy your E-volumes.

Watch your HDD indicator light while you're online, if it's constantly on while you're doing nothing, UNPLUG! This means your HDD is doing something when it shouldn't be. Either it's badly fragmented (you DO regular maintainence, don't you?) or something is being written onto/read from your HDD. Either one is BAD!
IF, after defragging, you notice the solid on light the next time you're online, you've been compromised. Do a low-level format of your HDD from a boot-up disk from the HDD manufacturer, flash your BIOS, and re-install everything from OEM CD's, then scan EVERYTHING ELSE prior to installation with a decent trojan scanner like TDSM using maximum detection settings.

Then you'll have the lovely task of scanning EVERY file on EVERY CD you've burned, as well as the secondary HDD, to root out any other places the trojan may be hiding. This could take days, if not weeks, but you'll have to do it, otherwise all your security measures will have been for nought.

Needless to say, you're offline while you track down the little spy.

Oh, and Arkangel, you may wish to now include a link to your PGP public key, as well as the hexidecimal fingerprint for it, as your signature, like staff does.

Dear NBK,
I, as a minor member (who knows its place and try to be compliant with the rules), would like to ask you a favor. I am using PGP 8.0 Enterprise Edition. However, I could not use PGP Disk features since it is not upgraded (i.e. not purchased). Which version do you use? Do I really have to upgrade PGP 8.0 to use these features? Or can you recommend some other versions and most probably a compromised one :p . Rgrds.

You need to Downgrade. Only PGP V<6 is open source IIRC, and therfore safe to use. If you can't find an old version come into the IRC channel and il send it to you.

You need to Downgrade. Only PGP V<6 is open source IIRC, and therfore safe to use.

Thank you version v6.02.i worked like wonders though it is not compatible with Windows versions above 98 :mad: Anyway it works on my Windows ME, with some problems. ;) Rgrds.

Does anyone have TechTV? A show called 'Spy School' which I've found to be rather stimulating has said something along the lines of encrypting data puts a bullseye on you. You have to have a reason to be hiding it and they know it. It is said the 9/11.. (we'll call them activist) didn't use cryptography for that very reason. Instead (it's said) they used information hidden in JPEGs, but that's not practicly for large volumes of text.

I'm not completely sure about any of this, but thought I'd promote discussion.

Cryptography may generate suspicion, but clear text is proof. You cannot be convicted of a crime simply because you're paranoid. Also, as for blocking caller ID, there is an even better way to do that. This is only for the seriously paranoid though.

Whenever you make a call your phone will send out something called ANI(automatic number identification), caller ID uses this to identify who you are. The phone company also uses it to keep records of calls made, and they also use it for billing purposes. Pressing *67 does not block your ANI from being sent out to the phone company, it simply stops the phone company from forwarding it to the person you are calling. So, now onto the good stuff. If you call the number 10-10-2880 you should get a message from AT&T telling you that you may dial out from that number. Dial out from that number to one of AT&T's 1800 operator numbers. Tell the operator that you are having trouble placing a call and that you would like them to dial it for you. Give them the number that you wish to call and then they should ask you for the number that you are calling from(normally your number would pop up on their screens, but the 1010 number drops your ANI, so they can't identify your #) give them any number you like, and you have just made a call that is incredibly hard to trace, even if the phone company gets involved, nothing is impossible though. A few other interesting notes about this is that you can spoof caller ID, because you can give them any number you want. Also, since they will charge whatever number they THINK made the call, you can run up charges on other peoples phone bills. Last but not least, if you give a 710 area code nobody will be charged for the call because the 710 area code does not exist, and when they attempt to compute the charge for the call the computation will fail and no charge will be made(just in case you don't feel like screwing someone else over).

To make absolutely sure that your ANI is indeed being dropped by the 10-10-2880 number, you can dial out from the 10 10 number to something called an ANAC(Automatic Number Anouncement Circuit). Here is a short list of ANAC's that you can call.

1-800-555-1140
1-800-555-1180
1-800-444-4444
1-800 803-6514
1-800 803-6521
1-800 803-6527
1-800 803-6528
1-800 803-6541
1-800 803-6544
1-800 803-6594
1-800 293-6924
1-888 258-0837

When you call any of these numbers it should play an automated recording that will read off to you, most importantly, your ANI(some of them pronounce it "annie"), and some other numbers that are less import like your DN(directory number), and such. So, call one of the ANAC's from whatever phone you are going to make your untraceable call from, and write down the ANI that it gives you. Then place a call to the 10-10-2880 number and dial out to the ANAC from there, and compare the ANI's that it gives you, if they are the same then it isn't working properly for some reason, if not then you are free to make almost untraceable calls.

Of course you can also use this with a modem, by performing the above steps on a phone that shares the line with a modem, and then just letting the modem handle it.


Note: the 10-10-2880 number will only work for some Phone companies(it will work for a lot of them, but not all). If it doesn't work for you, i'm sure there is one out there that does, and i'm sure google can find it for you.

Note #2(just another interesting and possibly useful note about phones): Dialing *57 will perform a phone company trace on the last number that called you, they will not release the information to anyone but the police, but if one number gets enough of these then the police may come knocking on their door. Also the above method of Caller ID spoofing makes a *57 trace impossible.

I personally suggest using an external HD with FireWire or USB2. Make the case yourself and place a liberal amount of HE/DetCord in with the HD. Rig an ignitor of your choice.

If the heat comes, you lift, light, chuck and run for the nearest gun.

HD should not fare well.

Nice Little article here on what some forensic recovery is based on:

http://www.adrc.net/articles/securedel.htm

Simple overview of generally accepted practices:

http://www.actionfront.com/dataremoval.html

5220.22 compliance:

http://www.dtic.mil/whs/directives/corres/pdf/522022r_1285/sec10.pdf

I had read, about 2-3 years ago, about a case in which someone had used a brand name product, allegedly 5220.22 compliant, in which some of their info was indeed recovered by what the author called electron microscope scanning, IIRC. Never really read into it as I was mooching my boss's Lawyers Weekly and never got back to it. Personally, I don't think anyone would go to that trouble unless you did something really stupid. I like the removeable storage idea best. Blast it with a quick shot from a welder on the plates and it's done.

No 10-10-anything is going to fool Ma Bell.

There's a continuous dedicated circuit between you and the recipient of your call, and it's all going through the central switches, owned by the Bell, and there is no fooling those without owning the switch through a subliminal channel, because the switchs KNOW where the call (circuit) is coming from, and where it's going to, and everything in between, otherwise they wouldn't be able to connect the call.

And, because telephones are hard wired to a location, there's no beating that. It's not like a mobile where you can spoof it by skipping or reflecting the signal off a building or through a relay station.

Is this something you pulled off of a "phreak" site? Sounds like it.

You may slightly delay the trace by going through many different Bells, but they all co-operate with The Man, so eventually they'll get your ass.

Oh, and the Caller ID thing is bogus too. IF you have a PBX (it's a private internal phone network that connects to the public switch), you can program the CNID to say whatever you want, but the telco still knows where the call came from, even if they pass along the bogus CNID info to the recipient.

As I said, the trace still can occur, but it's just harder. It won't just be a *57, they will have to actually go and talk to the phone company and have them go through all of their logs to trace your call. It still can be done, but it is much more time and resource intensive. The caller ID spoofing stuff is anything but bogus, it will work on any standard caller ID service. Will it fool a phone company? no. But it does have it's purposes. Not to mention the fact that there are different levels of "knowing" things. The same principle works on the 'net, where all of the routers "know" who they're communicating with, but that doesn't necessarily mean that they can trace it. They may have a MAC address, or the like, which would never be logged. In the chemistry field I'll concede to any points you make, but in regards to computers and phones, i'll be right 99% of the time.

note: i'm somewhat drunk atm...so if I said anything stupid please disregard it.