1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Protecting Yourself & Your Data

Discussion in 'BlackHat Lounge' started by the_demon, Mar 11, 2011.

  1. the_demon

    the_demon Jr. Executive VIP

    Joined:
    Nov 23, 2008
    Messages:
    3,177
    Likes Received:
    1,563
    Occupation:
    Search Engine Marketing
    Location:
    The Internet
    *** THIS POST IS FOR EDUCATIONAL PURPOSES ONLY, DON'T DO ILLEGAL THINGS, THAT'S BAD! ***

    @MODS: This post is pretty detailed, if you feel it crosses the line please delete it and shoot me a pm and I'll avoid posting similar in the future. Sorry if it breaks rules (though, I don't think so or I wouldn't post it to begin with).

    ************************​

    ... On to the good stuff.

    So many bhw members live in fear whether real or percieved. This post is to help all of you sleep better at night... Rep or Thanks appreciated but, not required :).


    Anti-Tracking Prevention:

    1. Use Firefox
    *** GET THESE PLUGINS ***
    1a. Ghostery
    1b. AdBlock+
    1c. Google Sharing
    1d. Track Me Not (TMN)
    1e. Last Pass (keeps passwords off your hdd in open form)
    1f. TrackerBlock
    1g. NoScript (can be annoying for some people but, killer for stopping viruses)
    1h. You can use FoxyProxy or whatever proxy plugin you like the best (optional -- point 2 will make this not necessary)


    2. Use a proxy service:
    - HideMyAss: it's paid but, my god one of the hands down best services I've ever used, fast, secure, killer interface. (I have no relation to this company)
    2a. Play smart - reg using a VCC ;)
    2b. TOR is another great option. Not nearly as good as HMA(above) but, it'll get the job done in most cases. {IT'S FREE, YAY! lol}

    How to Protect data:

    1. download TrueCrypt
    1a. Read the manual, it's lengthy but, will be unbelievably helpful and likely save ur @ss in the future
    1b. Use Triple AES 256 bit, select 2 differnet cyphers, use a hidden volume
    1c. Get CCleaner (enable all appropriate settings, get to know the program thoroughly)

    3. Hosting, Domains, and Mailing
    1a. Get off shore hosting country of choice varies by your purpose, do your research before you pick.
    1b. Spend the extra cash buy new VCC from different places to pay the various services. Research the VCC that let you put in BS info.
    1c. PRIVATIZE the domain, if they don't have it DO NOT use them.
    1d. Don't put real info
    1e. Don't use gmail, come on now. You know Google tracks all your $hit.
    1f. Look hard, there are hosts out there that blatantly allow mailing. Find friendly countries ;) (who hate US or whatever country you are from) If they hate your country they prob. won't work with ppl from that country and will tell them to F*** off.
    2. Move your servers every so often
    2a. Delete the hosting account
    2b. Don't pay for backups so that if need arises you trash it, they overwrite it quick, in theory to make new room for paying clients ;)

    How to Destroy data:

    1a. download CCleaner (it kicks major @$$ and is FREE)
    --> Enable 35 gutmann pass (make sure to check wipe free space)
    1b. Derrick's boot & Nuke is a great tool

    For the REALLY PARANOID:
    - Hydrochloric acid dissolves metal try recovering data from a melted hdd lol
    - Can you say blow torch? (do outside)
    - Earth magnets (may / maynot work)
    - Metal grinder
    - Put your sensative data on a microSD card... Knock on the door?
    --> unplug, + lighter = melted
    --> Snap in half + toilet = good luck getting that, in 5 seconds it'll be miles away in a sewage treatment plant being corroded by chemicals

    General Safety Practices
    1a. Never use the same s/n on various forums, emails, etc.
    1b. Utilize open wifi when convenient for you
    --> Watch out for data sniffers & rouge SSL
    --> Cafe + No Camera = win
    --> Laptop + screen protector to prevent shoulder surfing
    ------> Tinted windows, back seat of car, nearby wifi
    1c. Junk Traffic... spend the extra pennies and cover your @SS if required for whatever your particular needs are.
    1d. Run CCleaner or your favorite software equivalent as often as you deem reasonably necessary.
    1e. Don't jump into things.
    --> Have an exit strategy
    --> Think twice about what your doing
    --> Go the extra mile for your own sake, protect yourself.
    1f. Encrypt your code if required for your project
    --> Design your own anti-tracking mechanisms
    --> Don't make a pattern / footprint
    --> Clean up your tracks
    2. Stop BRAGGING NOW!
    1a. friends get jealous
    1b. IRS or whomever handles stuff in your country will take notice
    1c. It only takes 1 incident for a friend to become a hater then ur SOL
    1d. Keep quite about your success
    1e. Think about repercussions of what your doing


    If you don't have the cash
    - Then you shouldn't be trying to do whatever your doing. Save up. Be patient and save yourself headaches in the future.

    Instant Messaging & Email
    1a. Don't save logs
    1b. Pidgin + OTR Plugin = good idea
    --> There is a lot of options here, do your homework
    1c. STOP RIGHT THERE: Don't send that text. Just think for yourself why this might be bad.
    1d. If you can't live with it then Don't email it. That $hit's not going away anytime soon.
    1e. Talk to a lawyer before responding to threatening emails, don't say sorry or admit fault.
    1f. USE SSL whenever possible for email, pay the few dollars ($10 @namecheap.com for an SSL, most hosts charge $25 to install so looking at around $35)

    COMPUTER LOCKDOWN
    1. Comodo AntiVirus = FREE it's got a F*** ton of custom settings read up and apply accordingly. Not exactly newb friendly but, it's the $hit.
    --> Defense +
    --> Firewall
    --> AV
    This program is a WIN!

    2. Key Scrambler is the $hit!!! GET IT (qfxsoftware.com). I bought the premium version and it's a requirement for all of my employees to have installed on all computer systems. I HATE paying for software just like anybody else but, this is seriously worth it... CC Stolen or Not the price is well worth it in my book.
    --> DO NOT GET IT CRACKED... WHY??? Let's think this one out logically... Virus infested keylogger protector with kernal level access. Honestly kinda defeats the entire point. Even if you think the torrents secure do you really wanna risk this for your sensative data. I AM NOT ASSOCIATED WITH THIS COMPANY WHAT SO EVER.

    3. F*** Norton & McAfee (my opinion, use at our own risk)
    --> In my experience they SUCK and slow your computer to a freaking crawl.

    4. SpyBot Search & Destroy (enable immunization)
    --> FREE

    5. Spyware Blaster by JavaCoolSoft (enable all)
    --> FREE

    6. MyWOT.com (save your @$$ before you get infected!)
    --> FREE AND GREAT

    7. NoScript (prevent 98% of viruses in the 1st place)
    --> Can be a pain in the A$$ but, hey you want a virus infested PC or NOT?

    8. AdBlock+ some (NOT ALL) ads are malicious, stop them in the first place.

    9. HDD Encryption
    --> There's barely any good solutions for this one but checkout: TrueCrypt, BitLocker (not the best, has weaknesses / vulnerabilities)
    --> Why on Earth this one is free I will never know but, I used it a few years back totally kick @ss (at least last time I used it)
    ------> http://www.ce-infosys.com/english/free_compusec/free_compusec.aspx

    10. FTP: Try to connect via SFTP (secure FTP)

    PROTECT YOUR IDENTITY & YOUR CASH
    - Bank of America customer? Pay the $20 and get the SafePass and stop worrying about someone hacking your bank
    --> Keylogger someone steals your password, that's nice... Now they need the security key :(
    --> Many other banks have this feature as well, just listed this one for example purposes.
    --> Other banks like Chase offer mobile confirmation for login USE IT!!!

    - PayPal: pay the $5 and get the saftey card, stop getting your account jacked or falling pray to Phishing Scams
    --> Keylogger someone steals your password, that's nice... Now they need the security key :(


    *** THIS POST IS FOR EDUCATIONAL PURPOSES ONLY, DON'T DO ILLEGAL THINGS, THAT'S BAD! ***

    Disclaimers:
    - abide by your countries & any and all applicable laws use this information at your own risk
    - registering domains with fraudulent information can result in loss of your domain
    - check local laws in your country about fraud for VCC related things mentioned in this post.
    - some countries have encryption laws, use strongest allowed but be careful
    - overall play it safe, consult a lawyer if your not sure of something.
    - I am not a lawyer, this is to aid with your personal privacy, not commit crimes.
     
    • Thanks Thanks x 13
    Last edited: Mar 11, 2011
  2. rebbeca

    rebbeca Regular Member

    Joined:
    Sep 19, 2009
    Messages:
    322
    Likes Received:
    184
    Thank you.
    Very useful information.

    Used 3~4 steps listed here for my purposes.
     
  3. facebookdude

    facebookdude Elite Member

    Joined:
    Feb 28, 2010
    Messages:
    1,506
    Likes Received:
    2,490
    Good shit. But damn, what type of shit do you do haha
     
    • Thanks Thanks x 1
  4. the_demon

    the_demon Jr. Executive VIP

    Joined:
    Nov 23, 2008
    Messages:
    3,177
    Likes Received:
    1,563
    Occupation:
    Search Engine Marketing
    Location:
    The Internet
    I own a white hat business but, I study the "dark arts" in order to better help clients...

    For example:
    - In order to prevent clients websites from being hacked you must know how to hack in yourself. I've had to use this knowledge a number of times when clients blog was hacked.

    - Help my clients stop spammers. One client of mine needed to stop his customer service email from being abused. Because, I knew how spammers operate I knew exactly what to tell him when I was on the phone and problem was solved in 30 seconds.

    - I used to do PC repair / Anti Virus removal so I have extensive experience with protecting data.
     
    • Thanks Thanks x 1
  5. haridada

    haridada Senior Member

    Joined:
    Oct 9, 2008
    Messages:
    996
    Likes Received:
    382
    Location:
    Chennai
    Very much appreciated. Even though we all are in IM, this is such a basic thing we should not forget.
     
  6. babysunshine

    babysunshine Junior Member

    Joined:
    Nov 29, 2008
    Messages:
    116
    Likes Received:
    40
    The_demon is an expert with everything he does whether its protecting privacy, seo, or coding. I worked with him in the past and hes a real pro. All of the information he provides is TRUE GOLD!
     
    • Thanks Thanks x 1
  7. d4l1t0s

    d4l1t0s Power Member

    Joined:
    Jan 15, 2009
    Messages:
    560
    Likes Received:
    290
    Occupation:
    Money Maker
    Location:
    Montreal
    I second that , and to add he is a pretty straight forward guy :)
     
    • Thanks Thanks x 1
  8. Rastar

    Rastar Registered Member

    Joined:
    Feb 22, 2011
    Messages:
    52
    Likes Received:
    8
    Great post! Makes me a bit paranoid.
     
  9. beazt

    beazt Power Member

    Joined:
    Oct 29, 2009
    Messages:
    765
    Likes Received:
    1,245
    Occupation:
    IM
    Location:
    BHW
    Home Page:
    What I do to protect against hackers or ensure data security is use a VPN always, and then back it up by using a KeyScrambler for protection against Keyloggers. Is it enough or do I need to do more?

    BTW, thanks for the post. It was about time someone posted something like this after a number of threads opened here in the past by members how had their accounts hacked. +Rep
     
  10. the_demon

    the_demon Jr. Executive VIP

    Joined:
    Nov 23, 2008
    Messages:
    3,177
    Likes Received:
    1,563
    Occupation:
    Search Engine Marketing
    Location:
    The Internet
    I added 2 other sections for everyone's benefit, look to the bottom of my original post. Hope that answers your questions. :)
     
  11. meon

    meon Newbie

    Joined:
    Jan 17, 2009
    Messages:
    9
    Likes Received:
    1
    Thank you.
     
  12. Monrox

    Monrox Power Member

    Joined:
    Apr 9, 2010
    Messages:
    615
    Likes Received:
    579
    This is a very nice rundown but it's easy to overlook a step. An alternative qucik&dirty method is to use a liveCD/DVD version of some OS on a computer without a HDD.

    That and for storage a completely encrypted USB drive with TrueCrypt as mentioned (requires some reading on covering the issues with encrypting SSD) can't physically leave any data trace. The only identifiable detail would be the mac address but there are enough changers to take care of that as well.

    Or just spend $7 on a new wifi card each week or so and burn the old one.
     
  13. the_demon

    the_demon Jr. Executive VIP

    Joined:
    Nov 23, 2008
    Messages:
    3,177
    Likes Received:
    1,563
    Occupation:
    Search Engine Marketing
    Location:
    The Internet
    @Monrox: That's true. I couldn't include everything...

    The only problem w/ a linux live CD is you can't run all the programs some people like myself need and it's not convenient for regular use for quick things though, def. a good method.
     
  14. Monrox

    Monrox Power Member

    Joined:
    Apr 9, 2010
    Messages:
    615
    Likes Received:
    579
    the_demon, I didn't mean you :)
    It's a really great post. I was talking about the newbies trying to follow your advice(s).