Anonymous OpSec Reference Guide

a guest May 15th, 2012 1,300 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.                  Some Basic Tips for Anonymous Operational Security:
  5. ----------------------------------------------------------------------------------------------
  7. This guide is written under the pretence that the reader is acting in a way in which they want their personal identity to be concealed as much so as possible at all times.  This is not nearly the be all end all of security, all tips should be taken at face value and not relied upon, merely used as a reference.
  9. ----------------------------------------------------------------------------------------------
  13. -Nothing is secure.  Using "secure" software?  You're probably not.  There's a 0 day for that ;)
  15. -Never expose any personal info.  Chat strictly on a "need to know" basis.  Feel free to throw some misinfo in here and there.. but keep it subtle, keep it consistent to avoid people catching on.
  17. -Never connect to anything with your home IP.  The first thing you should do when you sit down in front of your computer is make sure that your security setup is fully functional.  You will be tired/drunk/distracted at some point, you will fuck up and you will be compromised if you don't follow this step.  Also: never connect to any IRL stuff (email, facebook, etc) using your "dirty" IP addresses.  That leaves a clear paper trail right back to your IRL identity.
  19. -Trust: never trust anyone, nor any service you use.  Every proxy server is a FBI/NSA Honeypot.  Every IRC server has an informant with an o-line sending a live feed of IP addresses to the FBI.  Every email, IRC query, jabber, tweet, fb message, etc will be at some point, seen by the FBI.  This may not be all that likely, but if you get used to that way of thinking, your opsec increases tenfold.
  21. -Assume your ISP is transparent.  The Feds can have timestamped logs of everything you have directly connected to with one phone call/email, as well as view them in real time.  The Feds can also call up ISP's to get lists of who connected to IRC server, or who used VPN/proxy etc at what time.  Though I have never seen this method used, it is certainly an easy way for them to narrow down suspects.
  23. -VPNs: I will not recommend any specific VPN provider, and I would not suggest relying solely on a VPN for security. Not taking anything away from VPN's: they offer a solid encrypted buffer between you and your ISP.  Dynamic IP's also do great at keeping google and trackers off of you, even just for IRL privacy.  When researching which VPN to chose, look up the internet laws for whichever country their servers are in, and find out their policy on data monitoring and logging.  There are many services who claim to not keep logs, obviously having no logs of your data kept is ideal for you.  I will say, do not use Hidemyass, they are known to work with LE on request.
  25. -Free VPN's/Proxies:  For ages it has been assumed that many free proxies/vpn's(as well as tor nodes) are setup by feds/nsa as honeypots, there is little reason not to assume this.  Not to say every free proxy/vpn is bad, nor every paid one is good, just never trust anything without doing your research first.  Free services typically don't have a privacy policy, and deliberately log all your data and sell it to advertising firms.  If you can't find solid info about a VPN's logging policy, contact them directly through email and find out.
  27. -Never trust a VPN.  Any VPN at any time can have a security breach.  The network could be compromised, law enforcement or even organised crime groups could silently have seized control, disgruntled employees could be turning informants and compromising the service, again... nothing is fully secure.
  29. -Paying for a VPN: A lot of people are paranoid when it comes to purchasing a vpn, a perfectly legal act.  That's good, when the consequences are jailtime, paranoia is a great thing.  It is best to bypass your real dox any chance you get, buy a prepaid credit "gift" card or a reloadable(available at lots of grocery/convienient stores) and use a fake name to register for your VPN.  Your ISP will be able to see what VPN you are connecting to still, but the less info you have out there linking you to anonymous activities, the better.  If nothing more it makes the feds work harder for their blood money.
  31. -Always have more than one layer of security, the more the better.  Leaving a trail of data in one or 2 places is a surefire way to fail eventually.  I will not get in-depth with security setups, doing your own research will help you to see which methods work the best together, and why/how they work.. knowledge is key to staying safe.  Some things to research/add to your setup: SSL, vpn chains, proxy chains, tor, i2p, ssh shells, web proxies used as a final buffer, cracked wireless, and others.
  33. -Obvious one: Never reuse passwords.  Im not going to waste the time to explain this one and give examples of how it can fuck you over, just don't do it.  
  35. -Keep your hard drive clean/inaccessible.  You never know when your computer might end up in the wrong hands... it could be when the pigs kick your door down, it could be when your sisters boyfriend who works for GeekSquad is over and you're out and they're looking to fuck with you, who knows.  Using strong encryption is a good way to make your data inaccessible to outsiders.  Encrypted USB drives are even better because they are portable and can be destroyed easily. IMO, the best way is to simply keep no data whatsoever on your drive. You can keep your drive wiped with custom software (I typically don't like to recommend services, but is a solid nuker), and run a live linux CD that comes with anything you need preloaded onto it.  Any IRL shit you need saved you could possibly use another computer dedicated just for that stuff.  This means if your door one day does get kicked down, feds will find no further evidence.
  37. -Trust: again, never trust anyone.  It is rumoured that 1 in 4 "hackers" is or will turn informant.  Informants and Feds will clearly go to any ends to get what they are looking for, your closet friend online, the admin of your IRC server, ANYONE could be law enforcement, or working with them, or simply a whitehat/prosec fag looking to dox you.
  39. Social Media(Twitter, Facebook, etc): It is better not to use it as it increases the risk, draws more attention to you and makes you easier to profile/keep track of.  If you do choose to use it, be super careful... change up your IP's constantly, dont tweet at consistent times, preferably use a name different than your IRC handles.  Ideally find a willing human proxy to do your tweeting for you ex:Topiary.  I understand that social media is a huge part of anon, do what you have to do just be safe.
  41. Live Time: FBI uses something they call "live time" to profile hackers.  Through monitoring a suspect's IRC usage, as well as the use of any other known profiles, live time is simply the period of time that a certain user is typically active.  This can later be used to profile.  Change up the clock on your comp and make sure at the very least that your IRC client doesn't read back an accurate CTCP Time request.
  43. Links in IRC: NEVER CLICK LINKS IN IRC, and never download something unless you are absolutely certain what it is.  Whitehats are starting to use more high-tech ways of "doxing" anons now, and I am constantly seeing bait links thrown around on twitter/IRC.  Unless you are very confident in your security setup and have a virtual machine, just do not click the link.  In a test, I socialed a very large number of anons in 1 hour into clicking something that revealed their IP address (all promptly deleted afterwards, and the users notified/warned), and a shockingly large amount did not look proxied.  Not fucking smart.
  45. -Tor/i2p: learn the ins and outs of how they work, then make your decision on whether they're safe or not.  Don't take other people words for it, and like anything else, I would not rely on solely those services to protect you.
  47. -DDoS: Never ddos from your home IP, I should'nt even have to say that.  DDoS'ing from your home connection is like shooting someone with bullets you've engraved your name into.  I am honestly not sure how different VPN's react to you using their connection to ddos.  I did email always, not necessarily saying I recommend this service), and they said I was free to use their service to stress test a website.  Not the safest thing to do, but if they're offshore/logless and have a solid privacy policy I can't see that they'd really do anything more than just warm or suspend you, which I've never heard of them doing.  Either way, if you're looking to be a 1337 DD05'3r, spend some time researching more efficient ways to do it.
  49. -NEVER Loic/hoic/hping etc through TOR or I2p.  That will flood/slow down the network, which is relied upon for many important things.  Slowloris methods are an exception, because they are not a brute force packet flood, per se.
  51. -SSL: When available, add another layer of encryption and go with SSL.  On IRC you typically have to specify SSL and connect through a separate port, typically 6697 or 9999.  On xchat the command would be: /server -ssl 6697
  53. -Keep your cookies/cache/site preference/passwords etc. cleared, cookies especially.  Those can all be used to track/compromise you, and have lead to arrests in the past.  Firefox has something called "Private Browsing" which works well and keeps all that shit cleared, see if your browser has something similar.
  55. -Browser Addons: Apart from NoScript which I have researched plenty and deemed safe for my own use(not saying I recommend it) and VERY useful to my security setup, I do not recommend browser addons.  Just one more thing that could easily be logging/tracking you.
  57. -Never accept a DCC request in IRC, it is unnecessary, and hackers can exploit it and compromise you.
  59. -Make sure that if your VPN, or any point in your protection layer loses connection, it does not boot back up to whatever server/website etc you are connected to before first going through the protection layer.  Example: you're idling on Xchat IRC while you run to the store, your VPN kicks out leaving you with just a home connection.  The server now disconnects you because your vpn went down and you pinged out, and by default Xchat will try to reconnect after you are disconnected.  It will reconnect, and you have just connected to the IRC server through your home IP.  If you are on a server such as Efnet or 2600 that doesn't mask hosts, you're done... everyone who's in the channels you were in will see your IP in plain text in the chat screen, and even after you quit a /whowas will show it to them for awhile.  If you're on an AnonOps, Voxanon, or any server that masks IP's... all it takes is one rogue oper and you could be done for.  Also: your ISP will see now see that you connected to that server, and will have the logs of it for awhile.    Of course there are ways to avoid this in every setup, find them before you fuck up.
  61. -In IRC, always assume that everything you say is logged and forwarded to the FBI, whether it be public/private chan, or even PM's.  Servers can always be logging or just compromised, and informants are running rampant.
  63. -If possible, never namefag.  You hack something, all credit goes to anonymous, leak it through a throwaway nick.  Ego has no place in anon.
  65. -NEVER NEVER NEVER TRUST ANYONE.  Cannot stress this enough... it doesn't matter if they're a server admin, a long time acquaintance or someone who just leaked 70000 HBGary emails, no one is who they say they are.  Convo's always stay on a need to know basis.
  67. -If you are managing 2 or more personas for SE or misinfo purposes, change up EVERYTHING you do.  I will not get too in depth in this guide as we will be writing a specific guide on this matter, but basically for you to be effective against anyone half way competent you must  use a different IRC client, exit IP, timezone, patterns of speech, browser, usage time, sometimes even OS.  Be on the lookout for a future guide specifically detailing SE and Misinfo tips.
  71. Definitely didn't cover everything, but I think that should do for now.  If you have any further questions, log onto 6697/ssl or 6697/ssl, both have #opnewblood for security/IRC based questions, #setup for ddos questions, and anonops has #tutorials and #defacement for more in-depth cracking methods.
  73. Shoutout to the anons on i2p, the blokes on the #opmonsanto server, and' #setup,  for helping piece this together.
  76. What are the odds?  Even if you're not a "top dog", high profile hacker like a lulzsec member or teampoison, that doesn't mean the feds aren't interested.  Law enforcement is notorious for going after the low hanging fruit to pad their numbers, if you fuck up they will capitalise on it.
  78.      Good luck, keep fighting for what you believe in, keep it safe, and stay free :)
  80.                 If they scare you into silence, they have already won.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand