Just thought I would post some basic key points for anyone new or old who wants to improve their security. A lot of noobies out there who are just earning their stripes. Just want to make those of you who are new aware of what goes on around the DarkNet and how to stay safe. I would hate to see a promising individual get caught for something that could have been prevented.
1.) Social Engineering
- This is the Holy Grail of Doxxing, be aware of what you say in public or private.
---a.) Using chat software (XMPP) is a form of isolation. Isolation is used in one of two ways: relaxation or intimidation
- You should always be cautious of who you talk to. Even if you think they are 'cool' or you knew them for a long time.
- Not only LE but if your 'cool friend' gets wrapped up he will be the first to snitch you out.
The most notorious hackers of the world aren't always just sitting behind of a computer. Kevin Mitnick, once the most wanted hacker in the world, although advanced technically was a far better social engineer who ended up in a plethora of allegations ranging from: hacking into the Department of Defense, National Security and several banks. So, it isn't always about how many computer skills you have or how many programming languages you can write in. Sure, that is one aspect but basically, no one here is your friend. We can be social and cordial to one another but always keep in mind that you don't know the person on the other side or their agenda.
2.) Online Dumpster Diving
- Rummaging through posts and trying to gather and piece together information to build enough identity about you.
- Be careful about what you post in the forums, think before you write too much.
- Never post absolutes about yourself and always stay adaptive.
---a.) You can be anything you want to be in anonymous world, just don't be you.
- If you stick to facts and the less opinionated you are, the less character you have.
It is often easy to use a forum such as these to come and 'hang out.' Honestly, this is not the place to hang out. Hang-out with your family, get a girlfriend/boyfriend or Facebook for that. It doesn't mean you can't snap a joke and you have to be rigid, it just means take a second to think before you post something. It might end up being too revealing.
3.) Money
- They follow money trails.
- Wash your coins, double and triple wash.
- Buy other e-currencies and trade back.
- Buy physical goods with BTC you are capable of selling for fiat.
Money is nice. Especially when you finally get to spend it. That car, that house, that diamond studded Rolex. Well, all those major purchases get reported to some tax collection agency. In the USA, it is the IRS. They have the authority to monitor your spending (whether legitimate or illegal) purely for the purpose of finding out if you have been paying your taxes.
4.) Third-Parties
- Be aware of third party websites like Reddit, Bitcoin Washing services, and the possibility of a Fake Market.
---a.) Not only can fake Washers and Markets be used to steal your money, they can also be used to track your money.
- Don't use the same log-ins for every site.
- LE can cross analyze data and habits much the same way Google Analytics works.
Here you have a way to start linking your identity if you aren't cautious. For example, you post identical comments on the DarkNet as you do on the Clear Net. You use the same name to buy and vend and wash your coins. It is always a figurative pain in the ass to go the extra steps to be secure but don't let it become a literal pain in the ass when you get to prison.
5.) Keep your personal life and DarkNet life completely independent.
- They watch you from the outside-in and the inside-out
There should be no need to tell your friends around town what you do. That is not being Anonymous. That is being Pseudonymous.
6.) "Patience is the weapon that forces deception to reveal itself." -- Unknown
- It works both ways. The Feds will/can watch you for 10 years if they want. When they get tired of you... that's it.
- If you're in for a long run follow the rules of engagement. Never become relaxed and keep your OPSEC up to date at all times.
Be patient. There is no need to rush anything. Anyone trying to rush you is a pressure salesman of some sort.
7.) Malware / phishing links and sites.
- LE are no better than you or me. We breathe the same air and bleed the same blood. They are capable of writing code as well.
Always check the links in messages. They could be a phishing attempt. Always bookmark the correct links and use those and then search for a thread or verify the main URL first. It's a bit lazy and insane to just go around clicking every link you get on the DarkNet.
8.) Keep your software up to date.
- When TOR has an update. Update it!
- When Tails or Whonix has an update. Update it!
There are some exceptions to this rule when it comes to new features by Windows, Lenovo and other commercial hardware and software manufacturer's. They are now joining together to fight cyber-crime by installing back-doors and rootkits to your privately owned software. Quite a few years back, Sony had several class action law-suits against them (including 7 U.S. States) for installing rootkits via Columbia Records' digital content CDs. Now, it is becoming the norm to invade your privacy.
Windows User's: Disable/Uninstall Telemetry Updates found in Windows 10, 8.1, 8 and 7 - https://voat.co/v/technology/comments/459263 (clearnet link)
- If you don't trust the software you can do this manually from the "Uninstall Updates" menu and search for each KB file independently. There are 29 or so, I believe.
9.) PGP for Yourself
- Auto-PGP is a nice feature but it is not as secure as we like to pretend it to be.
- No DNM is open-source.
- The DarkNet is a trust-less environment.
Not saying anything is truly bad going on, but there is possibility that auto-PGP messages are retained. The way PHP (the language) works is by grabbing form data and then manipulating it. This leaves it wide open for the Admin to do whatever they want to with your message (not saying they are or spreading FUD.) PGP on your PC and then paste it to the form. Do this for ALL markets and forums.
No comments:
Post a Comment