Secure Communications and Data [free tut]

Discussion in 'BlackHat Lounge' started by jaeden, Jun 9, 2008.

  1. jaeden

    jaeden BANNED BANNED

    Jun 3, 2008
    Likes Received:
    Securing Your Communications and Data
    by jaeden

    Hello BHF. I am creating this easy to follow tutorial because as I go through this forum I see that there are many things being said that you wouldn't want anyone to know you're involvement in.

    It possible to both secure your data and communications via encryption and to render yourself completely anonymous.

    The methods I am about to describe are designed to give you 100% legal and plausible deniability. This means that even if some person or g0v agency were able to decode your traffic or data on your drive, they would not be able to use it due to the way it is being stored and transfered.

    Step 1: Secure, Anonymous Surfing

    The first thing a blackhat needs to start surfing safely is to be anonymous. To facilitate this we have a tool called TOR (The Onion Router). This is a system of thousands of nodes on our planet that allow you to route your connection through to connect to an online service. A random amount of nodes and delay between packet forwarding is always present, as well as secure encryption of your connection within the TOR network. The system is designed so that each time your machine builds a circuit, your connection is forwarded through a random amount of nodes which each forget any details of the node that sent them the data.

    First, download the vidalia bundle from:

    It is best to use mozilla firefox if you're going to use TOR, because there is a plugin (torbutton) that makes it easy to activate/deactivate the use of TOR in the browser.

    Once Vidalia is installed, start up firefox. You will notice in the bottom right of the browser window in red letters "Tor Disabled." If you click that, it will switch to "Tor Enabled." From this point on, any time you connect to a web site, you will be doing so through a circuit of TOR nodes.

    ! important !
    When you use TOR to connect to something, it is possible that the person operating the exit node (the last node in the current circuit you're using) could be eavesdropping on your connection with a packet sniffer. To prevent this, ensure that any time you view or submit sensetive data, you're connection is encrypted. You can do this by making sure that you see a lockpad in your browser or by ensuring that the address you're visiting reads "https" rather than "http." For instance, when I connect to BHW, i make it a point to type in the address bar to access the site. Note that not all sites support this (SSL) but many do.

    Note: you should always clear your private data in firefox after each use by clicking: Tools - Clear Private Data

    Step 2: Secure, Anonymous Messaging

    This is just as important as secure surfing. As far as communicating on web sites such as this one using the private messages, the previous step (1) will secure you.

    To secure your IM communications outside of your browser (AIM/ICQ/YAHOO/MSN), you will have to do a few things. The first thing you should do is uninstall any of the IM programs I just mentioned. They are typically insecure and often have ridiculous security vulnerabilities (im lookin at you AIM).

    Rather than use the programs that they provide for you after you sign up for your account, there are better solutions. The two best are Trillian, and Pidgin. Each of these are capable of connecting to any of the services (aim,icq,yahoo,msn) simultaniously. This way you can connect to all of your IM accounts at once and have all of the buddy lists combined into one. I recommend using Trillian Pro (can be found at

    After you have installed and added your accounts to Trillian, you are ready to anonymize and encrypt your communications.

    In Trillian, click: Trillian - Trillian Preferences - Advanced Preferences - Proxy Server.

    Check the box next to "Use Below proxy settings for all services."
    Check the box next to "Use proxy server to resolve names."
    Check the box next to "Use proxy server."
    For "Protocol" select "SOCKS5"
    For "Host" type ""
    For "Port" type "9050"
    Leave username and password blank.
    Now click "close" and restart trillian.

    Your IM connections will now be anonymously routed through TOR. Now lets encrypt all the communications so nobody besides you and the person you're talking to can read the conversation. To do this we will use an encryption platform called OTR (Off The Record).

    Download the OTR plugin for Trillian at (OTR for other IM clients such as pidgin can be found at )

    Once you have downloaded the OTR Trillian plugin you will have a zip file containing a file called TrillianOTR.dll . Place this file in your
    Program FilesTrillianPlugins directory.

    Now start up Trillian and go to: Trillian - Trillian Preferences - Plugins.
    You will see a list of plugins on the right side of the window. Find the plugin called TOTR and check the box next to it. Now click the plugin and click "change." A preferences window will pop up where you can set configuration. Ensure that "Enable private messaging," Automatically initiate private messaging," and "Automatically close finished sessions" are checked (this is all in OTR general settings area of the preferences window). Now click apply, OK, close, and then restart Trillian.

    Congratulations, you're now capable of secure communications.

    ! important ! You communications in Trillian will not be encrypted unless the person you're talking to is also using OTR. They do not have to be using Trillian but they do have to be using OTR in whatever IM application they are chatting with.

    Now each time you talk to someone who is also using OTR, an encrypted session will automatically be initiated with them. You authenticate to each other using what is called a fingerprint.

    At the top of each IM window is a menu called Trillian OTR. Once you have started a secure communication with someone for the first time, you need to verify their fingerprint. You do this by asking them a question that only they would know, and they should ask the same of you.

    Once you have verified that you are indeed talking to who you thought you were, simply click the Trillian OTR menu - Verify Fingerprint - and select that you have verified the fingerprint.

    Any time Trillian tells you that the session is "unverified," you should verify/reverify the persons identity/fingerprint that you are talking to as previously described.

    Using this method to communicate is currently the most secure and anonymous away from the prying eyes of Government, ISPs, and any other third party.

    Step 3: Securing Your Data

    This is pretty easy and is extremely important. If "the man" comes busting down your door the first thing they will take from you will be your hard drives and any other storage devices you may have. The good news is that if you complete this step, they wont get shit.

    All data currently on your drive(s) can easily be read and used against you. It doesnt matter what kinds of half ass password protection or file encryption you're currently using. Not only that, but any files you have deleted ever can be easily recovered... Even if you do a format of your drive.

    The solution is called TrueCrypt which can be found at . Download it and install it.

    Once installed, get it running. You will see a window that lists all of your drive letters. Select your system drive and click "create volume." Now choose "Encrypt the system partition or entire system drive." Click next.

    It will then ask you if you use Single Boot or Multi Boot. If you only have 1 OS on your machine choose single boot. If you have two (for instance if you have both windows and linux installed on the same machine), choose multi boot.

    When asked for encryption and hash algorithm, leave the defaults. When it asks for a password be sure to choose a password that is close to 20 characters in length and contains letters and numbers.


    TrueCrypt is also going to ask you if you want to securely wipe the data from your hard drive as it is being encrypted. Choose either 3pass or 7pass (3pass should be enough). This is very important as it ensures that no efforts to recover the data you had before you encrypted can ever be recovered.

    After your drive has been encrypted you will need to supply your password each time your computer starts up. You should also make sure that a screen saver is set to come on after a short period of time and that you enable the Windows screensaver option that returns you to the welcome screen each time the screensaver is interrupted (this can be done in the windows display properties). This is to ensure that if they bust down the door and your computer is on, they will not be able to get into your machine without supplying the windows password.

    They will then be forced to shut down the machine, thinking that they will be able to easily crack the windows password later by modifying the SAM hash, but SUPPRISE!! that shit just aint gonna happen when the whole drive is encrypted with AES. MUAHAHA.

    TrueCrypt can also be used to encrypt any other drive you may have including: extra internal drives, external drives, flash drives, and any other type of data storage medium.

    Well there you have it guys and girls. I hope you have found this to be informative and helpful. It really is scary how easy it is for a third party to backtrack what you have been doing for months and even years unless you protect yourself. I know this seems like a lot of steps but its really not hard. Once you have it initially set up you wont even realize it's there and you will be able to rest easier knowing that you data and communications are secure.
    • Thanks Thanks x 10
  2. idk12

    idk12 Junior Member

    Mar 12, 2008
    Likes Received:
    hey man really great post! thanks alot

    just one questions with truecrypt...i installed it but its not even showing all of my drives like my actual hard drive (C:) isn't showing up in the program. is it under a different letter or what?
  3. jaeden

    jaeden BANNED BANNED

    Jun 3, 2008
    Likes Received:
    It should have either the drive letter on the list or it will say "System Drive." If neither of those are on the list, choose a random drive letter and continue with the steps to encrypt the system partition. It should work with any hard drive setup.
  4. mazemiami

    mazemiami BANNED BANNED

    Jul 24, 2007
    Likes Received:
    wow. i just got done doing all the steps and i feel so much better now. tyvm
  5. jaeden

    jaeden BANNED BANNED

    Jun 3, 2008
    Likes Received:
    someone should sticky this one!!
  6. Bastian

    Bastian Registered Member

    Jun 1, 2008
    Likes Received:
    This is a great post.

    I have one question though.

    How the hell do you deal with the slow speeds of TOR?
  7. topihitam

    topihitam Newbie

    Dec 29, 2008
    Likes Received:
    for keepin password, i heard roboform is good. but is it safe? anyone have heard any story about roboform password list got hacked?
  8. The Joker


    Apr 8, 2008
    Likes Received:
    Roboform Is great, keeps all my passwords in easy reach.

    also this thread is very old, and filled with 2 complete Douche bags