Hacklog Volume 1 Anonymity: it security & Ethical Hacking Handbook

(
https://labs.fedoraproject.org/it/security/
)
-
Cyborg Hawk Linux, based on Ubuntu (
http://cyborg.ztrela.com
)
-
WeakerThan, based on Ubuntu (
http://www.weaknetlabs.com
)
-
Samurai
Web
Testing
Framework,
based
on
Ubuntu
(
http://samurai.inguardians.com
)
-
Bugtraq (
http://bugtraq-team.com
)
-
Knoppix (
http://www.knoppix.org
)

11. Online Identity
Now  we  have  all  the  tools  and  the  competencies  needed  to  navigate  in
anonymity  –  please  note  that  I  wrote  navigate,  and  not  interact!  The  mere
presence of TOR or any other technology in between doesn’t mean you’re totally
safe; conversely, this sense of protection may be a double-edged sword for your
real identity.
11.1 NEVER combine your identities
Regardless  of  the  tasks  you  want  to  perform  –  whether  in  clearnet  or
deepweb  –  you  must  be  able  to  separate  your  activities  to  avoid  making
connections  and  creating  a  fingerprint  (is  this  term  familiar?)  of  your  identity.
Leaving  traces  of  your  activities  –  email,  bitcoin  addresses,  names,  locations,
etc.  –  allows  to  create  a  more  detailed  profile  of  the  person  of  interest.  In  case
someone  manages  to  merge  your  two  identities,  they  could  double  their
information about you.
Let’s get back to Ross Ulbricht, the late Silk Road admin, a portal that once
allowed him – as well as many other people – to earn hundreds of thousands of
dollars in the illicit market. Do you know how he got caught? When Silk Road
was not famous yet, Ross was the first one asking across the clearnet if anybody
knew that market – as you know, people do that to spam their websites. Together
with  other  evidence,  that  episode  pointed  to  Ross  Ulbricht’s  identity  (and
consequently to other gang members).
11.2 NEVER use the same data
Even  children  know  that  a  password  should  never  contain  your  data  (birth
date,  full  name,  location,  etc.);  you  should  instead  use  random  alpha-numeric
characters, numbers, special  symbols and any  other random input.  You can use
different programs, like
KeePassX
(integrated in Tails), LastPass, 1Password and
others,  to  generate  new  passwords  as  well  as  store  them  with  a  master-key  to
unlock them all.
Due to security reasons, NEVER use a single keyring to store the passwords
for your “normal” activities and those for the “alternate” ones altogether. As we
mentioned  above,  you  should  never  combine  your  identities!  Besides  the  cases

where you would expose yourself consciously, you must also consider the traces
you leave behind unknowingly:
-
IP addresses
-
Passwords
-
Birth Date
-
Billing Information
-
Addresses and Locations
-
Pictures and Similar Avatars
-
Similar Contact Addresses
-
     
...  anything  that  could  point  to  you  or  even  to  your  second/third/fourth
identity and so on...
11.3 Watch Out for your Habits
If  you  often  use  some  sayings,  a  particular  dialect  or  Write  Like  This  or
make noticeable or repeated spelling errors, to the point that they could identify
you with no doubt... do something about that!
Probably,  you’ve  already  been  told  about  these  “peculiarities”;  if  you  are

Download 2,32 Mb.

Do'stlaringiz bilan baham: