Skip to content.

Scott Arciszewski

Software, Privacy, Security, Innovation

Thoughts on Private Communication

August 20, 2013 3:04 PM • Privacy, Security, Thought Experiments

This post is just an assortment of my thoughts concerning secure, private, and anonymous communication.

The Problem: You wish to communicate anonymously. You could be a whistleblower looking to leak more government abuses to the media, or a black-hat hacker looking to break into a high-profile computer system. Or maybe you just want to troll Keith Alexander's friends and family on their favorite online games with impunity. How do you do it?

Use Tor Browser Bundle, Call It a Day

You >===TOR===TOR===TOR--> Internet

Tempting as it may be to place all of your trust on the Tor network, a Tor Browser Bundle 0day is all it would take to unmask you if you used such a naive setup. Don't take this as an attack on Tor; it's great at what it does, and it's clear about what it doesn't do.

What we need to do, as John Smith (a.k.a. The Grugq) says, is compartmentalize our personal data (real identity, etc.) from our activities. So let's look at the model he described in his posts.

Steps a Nation State Would Need to Compromise Your Identity

  1. Tor Browser Bundle 0day

Following The Grugq's Model

This is what The Grugq recommended for both parties who desire to communicate securely in his Ignorance is Strength post:

  • Dedicated hardware (this means a new, clean computer for communication with only that person, for each person you talk to)
  • Cover webcam with tape if it has one
  • Remove or disable the microphone
  • Virtualization software (VirtualBox, VMware, Parallels, etc.)
  • Ubuntu installed in the VM
  • Tor Browser Bundle
  • GnuPG/PGP (generate and store new keys on a USB drive)
  • OTR enabled chat client
  • Snapshot the Virtual Machine before you communicate
  • Communicate from a location not tied to your identity (free WiFi, etc)

This is all excellent advice, but with a caveat: If an attacker can compromise your host machine, and you're using WiFi, they can enumerate the MAC addresses and signal strengths of all the WiFi access points in range and send it back over the Tor network. They can immediately (or at a later date) plug the MAC addresses into a war-driving database like Wigle.net and get GPS coordinates. The more points they have, the more precisely they can triangulate your exact position at that exact time.

And then they just have to look at surveillance footage in the immediate area to narrow down their list of targets. Not good.

Steps a Nation State Would Need to Compromise Your Identity

  1. Tor Browser Bundle 0day
  2. Ubuntu/Linux kernel 0day
  3. VM escape 0day
  4. Host OS 0day
  5. Exploit code that grabs MAC addresses and signal strengths from WiFi access points

One More Layer

A good mitigation to the WiFi access point attack is as follows:

  • Disable (remove, preferably) your WiFi and Bluetooth cards from the laptop
  • Do not carry any mobile phone or similar device with you
  • Get a Raspberry Pi (or a modified router)
  • Purchase disposable Wireless USB dongles to attach to the Pi (if you went that route)
  • Install PORTAL on your router/Pi
  • Connect your laptop to the router/Pi via Ethernet

If an attacker tries to phone home outside of the Tor network (like the recent Tor Hidden Service malware attack on Freedom Hosting), it will not work. PORTAL is a separate device that forces traffic to use Tor. They will not get your IP.

Further, if an attacker manages to get root on your Virtual Machine, break out of the VM, and get root on your host machine, they still cannot enumerate the MAC Addresses or signal strengths of access points in the area, because you are connected via Ethernet to your personal router. The attacker would then need to hack into your router and launch the same attack to compromise your identity.

Steps a Nation State Would Need to Compromise Your Identity

  1. Firefox 0day
  2. Ubuntu/Linux kernel 0day
  3. VM escape 0day
  4. Host OS 0day
  5. Router 0day
  6. Exploit code that grabs MAC addresses and signal strengths from WiFi access points

Overseas Patsy

Let's say everything mentioned above is still not goood enough for you. You are an evil blackhat and you'll be damned if you face accountability for your actions. What will you do?

One possibility is you could compromise the computer used by someone in another country, preferably one which has no extradition treaty with your country, and whom will not cooperate with investigations. I leave deciding which countries would fit this description as an exercise for the reader, especially since that will depend heavily on what country you live in.

Once you have chosen your Patsy, hack them. Then install a Remote Access Tool on their computer that, for the sake of this hypothetical discussion, allows you remote desktop access on a separate user account hidden from the victim.

From your Patsy's computer, connect to the internet through a VPN chain, and conduct any questionable activities on their machine.

Steps a Nation State Would Need to Compromise Your Identity

  1. Compromise both VPNs
  2. Monitor your Patsy's incoming/outgoing connections
  3. RAT client 0day
  4. Ubuntu/Linux kernel 0day
  5. VM escape 0day
  6. Host OS 0day
  7. Router 0day
  8. Exploit code that grabs MAC addresses and signal strengths from WiFi access points

If that's not secure (read: paranoid) enough, then there's not likely any hope in achieving a sufficient level of security.

What Method is Right For Me?

If you're up to no good, go all out. Don't even limit yourself to the information on this page. Innovate. Weave a tangled web of false identities and packet bounces. If you're up to no evil, but still fear the government could attack you, also go all out.

If you're somewhere in the middle, you should make that decision for yourself. I recommend at least going as far as to install PORTAL on an external device and route all of your network traffic through Tor.

1 Comment on this Blog Post

Blog Archives Categories Latest Comments

Want to hire Scott Arciszewski as a technology consultant? Need help securing your applications? Need help with secure data encryption in PHP?

Contact Paragon Initiative Enterprises and request Scott be assigned to your project.