- Halo PC Tournament
- →
- Atención
- →
- The Preheat
- →
- Omnipresence of surveillance.
| Welcome to HPT. Register Here |
| Omnipresence of surveillance. | |
|---|---|
| Tweet Topic Started: Oct 24 2011, 03:08 AM (95 Views) | |
| Velakan | Oct 24 2011, 03:08 AM Post #1 |
 
|
Omnipresence of surveillance. - You cannot avoid it. - Jamming it will be noticed immediately and acted upon. - Wrecking surveillance capabilities, while admirable, will eventually result in the powers that be replacing them and passing laws that make it more and more hazardous to do so until even acknowledging their presence will put you up on charges. - Strategies to evade notice involve losing yourself in the noise, i.e., not standing out from everyone else. - Case in point, the Mossad's assassination of Mahmoud al-Mabhouh in early 2010. - Their hit squad knew that they'd be under surveillance almost constantly, not because they were well known but because that is the default setting of first world (and first world-like) societies in the twenty-first century. - They changed their appearances multiple times throughout the op. - Multiple sets of clothing (some undoubtedly stolen). - Multiple sets of ID (with lines of credit) were used as well as cash transactions. - Learn the profile of where you live or where you will be going and blend in rather than stand out. - Travel with groups of people. - Be amiable, polite, and boring. - Most security cameras are not equipped with microphones. - More and more security cameras are IP-enabled, meaning that they must be connected to a network to function. They stream captured footage to a file server for archival. - Wireless IP cameras exist but are rare right now. - Observers view the footage from standard workstations. - IP cameras can be hacked. Specifically, they can be logged into, usually with a web interface, and reconfigured, hijacked, or used for unauthorized surveillance. - The video feeds from IP cameras can be spoofed in near-realtime. - Default user IDs and passwords are easy to find online. - Compromise of default user IDs is trivial to automate. - Operation can be disabled, but when detected the owners of the IP cameras will audit and tighten their security posture. Don't waste a good resource. - They can work for or against you, depending upon how proactive you are. - Software exists to feed a static image to at least some IP cameras out there. - It may be advisable to gain and maintain access to data networks near your places of operation, on the off chance that they will need to be exploited to further your plans. - There are thousands of networks that have been compromised for years, and still are. - Have a threat model. Who are you up against? What can they use against you? - How fast can they react? - Know your threat model inside and out. - Plan according to your threat model. - Keep your plans flexible and adaptable. Nothing ever goes perfectly according to plan. - Make weaknesses in your enemy's tactics your strengths by taking advantage of them. - Get lost in the noise. - What are you doing that will draw the heat down on you? - Are you doing anything that will draw the heat down on you? Really? - Change your MO once in a while. - Destroy evidence. - Destroy false evidence to throw off surveillance. - Leave multiple false trails. - Confusion is a valid strategy. - Make and correct deliberate mistakes which by themselves do not compromise your anonymity. They make a person look like people, and people look like more people. - If something is too good to be true, it usually is. Siphoning money out of credit/debit accounts. - Cash-back transactions at busy stores. - Take the form of change from a credit or debit card transaction. - All stores have some form of video surveillance. - All stores have surveillance measures in the form of accounting records. - Cash-back withdrawls show up on your receipts as change returned to the customer. - Whether or not these transactions are recorded anywhere but databases of receipts is unknown. Someone's going to have to start hacking the networks of grocery stores to find out. - Yes, they have them. Most point of sale terminals these days are connected using Ethernet, which means that any network device could be installed on the same network. - They often have internal wireless networks. Go looking for them. - Look as common to the clientele as possible. It's not inconceivable that Joe or Jane Bloggs, on their way home from work at $CORPORATION needs a few dollars to get a double-caf latte' at $COFFEE_SHOP. - Grocery and convenience stores are likely good. - Pharmacies are likely more risky in terms of accounting and surveillance in that they have lots of drugs that have to be carefully monitored in back. You want to leave as few traces in there as you can. - Get paybacks for your generosity. - Go out to a restaurant with two or three friends. Make sure that they all have cash. - Rather than splitting the check, offer to pay for everyone that night, they just have to give you cash to pay you back. - You conveniently forget to deposit the cash in an account. - Sell items at garage sales and swap meets and pocket the cash. - Accumulate as much pocket change as you can. - Wrap rolls of it up and put them away. Quarters and dollar coins are good for this. - Alternatively, haul them to the coin changer at your local grocery store and take the 5%-10% hit to have some paper currency that you can put away. - The strategy here is "slow and steady wins the race." - Twenty dollars here, twenty dollars there. Fifty dollars after work at dinner. - Vary how much you take out. - Once in a great while, take out one or two hundred dollars because "you're going to a concert" or "a festival" and conveniently forget to spend it. - It's impossible to avoid a pattern unless you stop somewhere different every day at different times of day. - It would make more sense to make it a regular part of your shopping trips. Every time you go to the store, take out a little and immediately hide it when you return home. - This is not to hurt the monetary system. This is to build a stockpile of money that can be used to pay for things anonymously, or at least privately-as-in-under-the-table. - Taking out a lot of money all at once draws attention. People wonder what you are up to. Having cash already on hand avoids that attention. - Money gives you options. Cash gives you more options because whomever you give it to when buying something has the same options you do. - It is unlikely right now that paying for things in cash will draw attention, but it is also not unknown for people traveling with cash to be apprehended and questioned in the United States for doing so. Setting up caches. - Anywhere relatively quiet where someone can unobtrusively get access to something. - Lots of good books available on BitTorrent and file sharing sites on how to hide and protect things. - Download them, read them, practice with them, get started building them. - You fight like you train. - Ideally, someplace you can go without drawing attention to yourself. - Hide some consumables near where you live so you can get to them in a hurry if necessary. - If you travel to certain places often, set up caches with people you know and trust, or in places that you know will be undisturbed that you can get to. - If you're subtle about it it, set up caches everywhere you work. - Money, small tools. Spare phone. Pre-paid cards. - Food and clothing that fit are ideal if you need to be on the road. - Don't give the authorities reason to raid you. Keep a low profile. - Worst possible case, you want to use your cache to get out before you get raided. - Have just enough equipmnet that you can get to someplace safe and retrieve more equipment. Travel as light as possible to run as fast as possible. - Leave as little incriminating material near your home as you can manage. - If you have to run, destroy everything incriminating at home, starting with data. - Don't put all your eggs in one basket. Lose one and you lose everything. - Sealed containers in air conditioning ducts. - Small objects in magnetic boxes inside bedframes, air ducts, other metallic structures. - Hide nothing you can't afford to lose outside. - Take note of nearby construction that might disrupt caches. - Consider taping or using magnets to hide small objects in rarely examined parts of other people's locked containers. Consider behind the wiring boards of telco cans great and small. - The best keys are those that can't be stolen because they don't exist. Attackers will waste time looking for keys to containers that you pick to open anyway. - Strategy is get in, get what you need, get out. You may be noticed. You want that notice to be considered irrelevant and forgotten. - Tell no one that you keep them. Word gets around. - If you suspect identification or compromise, relocate it immediately. Destroy what you cannot move. Never return to that location. - Consider purchase of multiple small devices for redundancy (i.e., phones, lockpicks, storage devices). - Sanitize your equipment. No names, no serial numbers, no logos, nothing that will uniquely identify that device or make you stand out as the person carrying it. On pre-paid debit cards. - They're debit cards taken out in the name of one of the big credit card companies that work just like credit cards. - You can buy things with them, run them through card readers without a second thought or glance from anyone. - Denominations from $5 to $500 or more. - You'll pay a little more than the advertised price so that the store can get a share of the money on the sale. - Meant to be given as gifts. - Universal gift cards, essentially. - Safe because they're not tied to a particular identity unless you register them with the company. - Don't register them, obviously. - The three most popular (Visa, MasterCard, and American Express) must be registered online to use them online. They are no longer recommended. - Some pre-paid MasterCards must be registered online before they can be used for anything. Read the packaging carefully and purchase appropriately. - Unless you are buying something in a store, do not use pre-paid debit cards for anything. Stores like gas stations and paying for Internet access may not accept them. You can't use them in ATMs, either. - Pay cash if you can help it. - The drugstore chain CVS requires all gift cards be paid for at the register. - Stealing them gains you little. They must be activated at the register. - AmEx pre-paid cards are just activated at the register. They can be used online for certain things without trouble (aside from having to tie one to your identity). - $50 cards seem to be ideal. You can throw them into your shopping cart and pay for them (rather than getting cash back), then hide them away. - Buy holiday or birthday gift cards preferentially. Purchasing lots of pre-paid cards at once looks suspicious unless the holidays are coming up. - "Birthday gifts" provide plausible deniability. - Paranoid? Remember, people have been questioned by police for buying two pre-paid cell phones at a time. - Read the terms of service on the backs carefully before purchase. - Not all cards can be used for all purposes. Some have restrictions. - Consider buying gift cards for specific things (like restaurants or stores) to store in a bug-out bag. - Some cards lose some of their value every year after not being used, or even every month. Figure out which cards these are and avoid them. It's in the small print on the packaging. - Some cards begin to lose their value after a year of not being used. - Keep an inventory and rotate periodically. - Do not bother buying gold coins, gold jewelry, or gold boullion to hoard. - You cannot directly purchase anything with it. Nobody take it. - You cannot safely carry them because they are heavy and will draw attention if anyone sees them. - They are not easy to dispose of to get ready cash. If you take them to someone to sell for cash, it will attract attention of the wrong kind. - Never trust a fence. - At the very least it will make a noteworthy story told to the police. - At worst, word will get out and someone will try to kill you for your stash. - If you absolutely must, hide away rolls of coins (American dollar coins are ideal) that you can go through a little at a time. - While people paying for things with rolled coins is fairly rare, taking them to a bank to get bills is not that unusual. Wireless communications - Involve no one if you can help it. - Don't use FRS or GMRS radios. They're so easy to get everyone will be listening. - If you go shortwave, be careful not to cross paths with licensed amateur radio operators. They will hunt you down. They will also help anyone with a badge hunt you down. - Encrypted traffic stands out on any frequency. - Maintain radio silence. - If you have to use it, be innocuous. - More and more companies and stores are setting up wireless networks for internal use every day. - Often encrypted. - It is worth compromising them to monitor their activities. - Interesting and unusual things can be found. - Packet sniffers are your friends. - Pre-paid cellular USB modems exist. Look into them. - Be careful where you buy things. Stores in sketchy neighborhoods often have what you need behind the counter, or behind glass. Either way, that means interacting with someone who might potentially remember you. - Scout stores out before you buy anything. - Be polite and dress forgettably. - Pay in cash. Online communications. - If it's not encrypted, don't use it. - Assume that every service will rat you out and plan accordingly. - Webmail is good but encrypt every message separately before you transmit it. Don't trust the service to do it for you. - Popular webmail services are beginning to refuse access to anonyming services. - Access webmail services securely, so that all they can say is that someone used an account from some location, but not who used it. - All that can be turned over are encrypted messages. - Anonymous remailers are getting hard to find. Don't get too attached to them. - Never deal in real names. Ever. - Digitally sign all messages to prove authenticity. - Pseudonyms are not identities. - Identity must go to the signature, not a person. - Change e-mail services periodically. - A digital signature will be the only way of tying an identity to content. - Crowded public networks are ideal cover. - Consider spoofing the MAC addresses of people who just left. - Consider using a chain of insecure proxy servers. There are websites that maintain up to date lists of them. - Always connect through at least one other country. Red tape can save your ass. - Determine whether or not security software is leaking data which could compromise you. - Automatic updates and status reports may not be secure, and can be intercepted. - E-mailed data often contains identifying information. - Test thoroughly before going operational. The ass you save may be your own. Pre-paid cellphones - Payphones are approaching extinction. Don't count on being able to find one. - Going without connectivity is difficult but possible. - Remember that user data is stored on SIM cards, so it would be worth your time to go through them and sanitize the information. SIM card reader/writers are available, as is software to access them. - Consider buying used cellphones and unlocking them. - Periodically swap pre-paid SIM cards with other people to get lost in the noise. - Remove the battery from your cellular phone if you're not using it. This will prevent the phone from registering with cell towers, which will result in the position of your phone (and thus you) getting logged. - Develop a schedule of contact times and checkin points for use with your cellular phones. - Develop and exercise transmission discipline at all times. - Assume your communications are being monitored, because they are. - Pre-paid refill cards are the way to go. - The drugstore chain CVS requires that all refill cards be paid for at the register and not the self-service checkout lines. - If you stock up, be sure to buy from different stores and different providers in cash. Make a new fake identity for each phone. - Tracfone pre-paid phones have to be registered to an account, which you set up through their website. However, they don't seem to confirm your identity. Make something up. - I do not recommend Tracfone because their registration process is problematic. A given phone may not be flagged as activated at the counter and it is difficult to get one activated after the fact. It's a hassle which requires going back to the store and dealing with people. - Activating a phone after their inventory screws up will eventually require phoning Tracfone, escalating to a supervisor, and faxing them a copy of the barcode on the packaging, a copy of the receipt, contact information for the store, and a ticket number (opened with the supervisor). - Avoid. - T-Mobile pre-paid phones can be activated by calling a toll-free number from a different phone line. - You can activate T-Mobile pre-paid phones online without establishing an identity here: http://www.t-mobile.com/shop/plans/activateprepaid.aspx - Pick a state of origin anywhere in the US, pick a major city, and pick an area code. Have the IMEI number of the phone and the serial of the SIM card handy. - T-Mobile will also sell you pre-paid SIM cards. You need an IMEI to activate them. - Net10 will let you get away with making a fake identity to set up an account. - Use disposable webmail accounts. - When activating a Net10 phone online, you will have to give the ZIP code that the phone is in when you go through the process. So, if your phone is in Los Angeles you must give the LA ZIP code you are in, otherwise you will get an "unable to activate" error message from the website. - You do not have to add minutes at time of activation, but it may be wise to do so if you expect trouble. - For higher security, it would be wise to buy phones while traveling, activate them, and then mail them somewhere after pulling the battery. - At least some of Verizon's pre-paid phones require you to dial a special number (*22888). Pick a language (1 for English), enter a fake zip code when prompted. Activate somewhere that isn't home. - ALWAYS ENSURE THE CHECKOUT CLERK ACTIVATES YOUR PHONE. ALWAYS. ALWAYS. Dangers of travel inside and outside of the United States of America. - Consider the United States hostile territory. - If you can help it, never travel with a laptop computer or smartphone. - If you travel internationally, never travel to the United States with a laptop computer or smart phone. - Customs and Border Protection can and will confiscate your equipment. Don't count on getting it back. - Your data can and will be scrutinized and used against you. - Contacts and SMS in your smart phone are already being used against people. - You have no rights at the US border. - Netbooks are cheap. - Buy used - Craig's List, newspaper want ads, used computer outlets. Pay in cash if you can. - Used netbooks are cheaper and useful if they're not worn out. - Netbooks can be purchased and cached wherever you happen to travel to most often. - Spoof the MAC addresses on every computer you cache. Use a different MAC every time you boot up. - If you can, store nothing on that computer. - Sanitize your cached computer before you leave. - Re-cache your equipment before you leave. You'll probably need it later. - If you travel someplace frequently consider setting up a cache there containing a netbook or laptop computer and at least one live CD or flash drive in addition to other equipment and supplies. - Travel with as little data as you can. Carry live CDs only. - Encrypt data and store it online someplace you can get to without any special data that you can't carry in your head. - You need to be able to download blobs of encrypted data as necessary and decrypt them with a very lengthy and non-obvious password to use them. - Securely erase encrypted and unencrypted data when you're done with it. - Carry the most important information in your head. Data remnanance. - DBAN is your friend. - A sledgehammer is your lover. - Thermite and a blowtorch is a three-way with open minded identical twins. - CDs and DVDs can be shredded or cut up with shears. - They can also be burned in a gas flame from a blowtorch or kitchen stove. - The smoke is toxic. - Flash storage can't be securely electronically wiped. The wear leveling algorithms in the microcontrollers prevent data remanance programs from reliably hitting every cluster. - Use a hammer to smash flash drives into tiny bits. - Make sure that you do more than just damage the casing. The chips on the tiny circuit boards have to be turned into tiny bits. - Flash drives can be burned but the smoke is toxic. - Flash drives are cheap. Buy them knowing that you'll probably have to destroy them. - SD and microSD cards are easy to conceal. - Buy a USB adapter for microSD cards and put a cheap card in it. Put the real card in it only when necessary. - Hiding data in the SD card of a smart phone or camera is not recommended because they are being actively confiscated and analyzed now. - Putting encrypted blobs on removable media will draw attention. You'll be asked for your passphrase. - If you have to travel with media, hide it well. Hollow coins are easy to buy but they're also an old spy trick. - If you can't avoid carrying encrypted files hide them with similar looking files. Ensure that file creation and modification dates and times, file sizes are similar to the other files. Try to make your encrypted data look like the rest of the files in the directory. - Consider corrupting some of the "cover" files in the directory to give the impression of damaged files or media. - The development of software which reversibly makes encrypted blobs look like corrupted files of another sort (JPG, MP4) is left as an exercise to the reader. - It is already possible to hide files of one kind (e.g., RAR) at the ends of others (JPG, PNG). eof |
 
| |
 |
 
|
| jon the don | Oct 24 2011, 04:27 AM Post #2 |
|
are you ok |
 #joN ThE DoN: rr bg ? super raaa!nnyyy: is theory on ur team? #joN ThE DoN: yes super raaa!nnyyy: i dont really wanna play super raaa!nnyyy: me and sameer just going to 2v2 scrim vs ppl and have fun | |
|
|
|
| HPT-26 | Oct 24 2011, 12:23 PM Post #3 |
Colombia .
|
i dont read anything :D |
  Youtube Channel: http://www.youtube.com/krizztiannnn | |
|
|
|
| Louie | Oct 24 2011, 12:24 PM Post #4 |
|
god watches over us and keeps us safe |
| |
|
|
|
| Deleted User | Oct 24 2011, 01:29 PM Post #5 |
|
Deleted User
|
LMAO. Legit make me laugh. -Ice |
|
|
|
| 0 users reading this topic | |
 Join the millions that use us for their forum communities. Create your own forum today. Learn More · Sign-up Now |
|
| « Previous Topic · The Preheat · Next Topic » |
| Track Topic · E-mail Topic |
 11:58 AM Jul 13
|
Hosted for free by ZetaBoards · Privacy Policy