How to Become Anonymous like Notorious Blackhats - Stealthiest Setup

Merozey · December 11, 2016, 2:28pm

So, I see very few anonymity tutorials on this site, which is ashame because it’s one of the most powerful proficiencies you can master in this industry.

So, let me tell you step by step how to acquire the stealthiest and sexiest anonymity setup, and how you can hide from every three-letter agency. fucking faggets.

NETWORKING

First you need to understand networking in profound aspects, because thats where you intend to stay anonymous right? in the world where your anonymity relies upon networking protocols and ports, servers etc. Study them understand them and exploit them.

I understand if you have other areas you wanna specialise in, and you because of that have a hard time getting a proper understanding of these concepts. At the very least you should be familiar with HTTP/S,FTP/S,SSH,TCP/IP,Ping,UDP

Now, my aspiring anonymity-learner, let me tell you how I would stay anonymous from these hypocritical and despicable agencies incl. LE. After some re-search, I also found out this is how some of the most notorious blackhats stay anonymous, among them is also the populer FinFisher aka. Phineas Fisher.

THE SETUP

If you have taken the time to understand networking, you’d know the first obstacle is to hide from your ISP, because even though they might not monitor your activities for the same reasons as the NSA does, they still have access to it, which means they have made it easier for american corporations.

if you’re on Windows or Mac put a bullet in your computer cause you fucked up already. Or Download a Linux OS, I prefer K/X/Lubuntu Debian or similar will work just fine too. Then setup your home directory with the LVM encryption and also encrypt your root directory after the installation process has finished.

Install VirtualBox - I recommend it over VMWare! Then create a new guest and configure the settings as:
System/Motherboard > 2048 MiB aka. 2GB of RAM is highly recommended for a smooth performance.
System/Processor > Append 2 CPU’s to your guest OS - again for an improved performance.
make sure PAE/NX is enabled too for additional security.
Next, Display/Video Memory > Increase it to 128 MB - just because.
USB > Enable USB Controller support. This is also for additional security.

This is recommended as your setup, however, you’re gonna have to make up with yourself which Linux distribution you wanna use for your ‘blackhat acitivites.’ I obviously recommend either Tails or Whonix, but you’re gonna have to compare the two and decide for yourself based upon your desired preference. It varies.

You can also seek a third option and go with Qubes but you know, I dont.

Secondly, you’re gonna need to also encrypt the necessary folders and what not once you’re booted into your OS. This includes again root & home folders. From here, I highly recommend using a VPN and have your internet traffic routed through TOR so the process will look like this. Host > VM/Guest > TOR > VPN > WWW

Let me tell you right now, that looks like one hell of a setup to me. Your ISP wont be able to see you’re connected to all of these hops, which was the goal really. A friendly advice, don’t hack over TOR, I dont think I need to explain why.

The reasoning for using a VM as your only place for hacking where nobody can see you, is because you dont want to accidentally collide your personal life with your secret one. And having it all stored on one VM is super efficient and convenient. Also something to keep in mind, while setting up the VM, its gonna ask you to create a virtual hard drive. In my opinion it really doesnt matter what you choose. As long as you remember, if you do choose to create one, remember to delete it if the day should come where you’re being surprised by FBI agents.

Now to end off, this wont keep you safe as we know. So many habits and actions have to be taken into play here. I have mentioned a lot of them in previous tutorials which you can check out. Combine all of this and you will be at the level of some of the popular blackhats today. fuck Anonymous eh.

pry0cc · December 11, 2016, 2:42pm

Nice article. Personality my setup goes VPN -> Tor, because we all know ISPs flag up Tor traffic. I then have configured my encrypted HTTPS traffic to go through Tor, and then HTTP to go through the VPN. To avoid exit node sniffing.

Merozey · December 11, 2016, 2:53pm

Well yeah, VPN automatically encrypts the internet traffic and hereby going through TOR as you mentioned. However, ISPs also flag VPNs because, “why would you have something to hide?”

pry0cc · December 11, 2016, 3:03pm

Hmm. I would argue that VPNs are considered more legitimate. VPNs can be used for accessing things like company intranets etc. Tor is used for child porn and buying drugs.

This is what the ISO would think more so. With the VPN being first hop also, even if the VPN had logs, and those logs were compromised, they’d just have Tor connections and no real substance. Where as in your setup the VPN knows it all.

Merozey · December 11, 2016, 3:16pm

Going with my setup definitely means the VPN provider will see incoming connections from the TOR network, however they wont have access to the internal traffic cause it’ll require them to have access to the 3 nodes.

Connecting directly to TOR aka. TBB, that will put you on the radar of your ISP but doing it in an isolated environment such as Whonix makes it much more difficult for them to see that.

and the question becomes really, do you trust your VPN with your real IP? as you mentioned, if they’re compromised, who says they’ll take the fall for you?

FFY00 · December 11, 2016, 5:16pm

My setup is primarily qubes-os with i3wm. In qubes I use to setup a whonix gateway vm and a kali (or other distro) vm.

pry0cc · December 11, 2016, 6:30pm

Hmm very interesting. Do you trust Tor or your VPN more?

Merozey · December 11, 2016, 7:27pm

neither. However its really a pros n cons situation. using a VPN means you are with certainty making the person in control of the software the one who’s gonna decide whether or not you will be compromised.

however using TOR at least gives you a chance of landing on a relatively secure node which is controlled by no one, or a node established by an individual who’s got no intention of compromising you or vice versa.

SmartOne · December 12, 2016, 5:49pm

Maybe a really silly noob question, but what do you exactly mean by ‘Don’t hack over TOR’?

oaktree · December 12, 2016, 6:24pm

@SmartOne : An example would be routing some DDoS through the TOR network.

pry0cc · December 12, 2016, 8:58pm

Data correlation attacks are the #1 killer of large-scale hackers. So when you compromise that site with SQL injection, don’t download it over Tor. Upload it from the server and then download it when everybody else is downloading it. Of course make a sha256sum,

SmartOne · December 13, 2016, 8:48am

Well, it’s clear to me that one shouldn’t do this

pry0cc · December 13, 2016, 1:27pm

Nice! I haven’t used qubes before. I’ve heard it’s good though?

SmartOne · December 13, 2016, 4:33pm

So you mean that it would stand out in the logs if one accesses the data over TOR? I get this but what do you mean by “download it when everybody else does?” When legit users access the site?

pry0cc · December 13, 2016, 6:03pm

Well, let’s look at it; pretend you’re a sysadmin investigating the damage. If they see an IP address take 5 GiB of dumps way before the leak was released; it’s obvious you’re the recieving end and thus the attacker. If it goes to say a upload site like Mega, then Mega appears to be the attacker; but it’s obvious they aren’t the attacker, they’re an upload service.

Then they’ll check the download logs of who downloaded it from Mega. If you’re the first to download it you’re gonna look like the attacker, if 5000 people download it from the leak; you can easily slip in the crowd and theres no way they can know you downloaded the data.

SmartOne · December 13, 2016, 6:11pm

Thanks for the clarification!

Ninja243 · December 14, 2016, 6:11pm

I might be wrong, but I think that there should be an only in there. If you do normal stuff over TOR too, it’s going to be marginally harder for Law Enforcement to link an online crime to you. It would no longer be a case of “he usually doesn’t use TOR, but he did on that day and that’s when x got hacked” because you would have also been on TOR on other days to do inconspicuous things like reading news or watching YouTube videos. Another factor is that TOR usage is suspicious. There is a rather high chance that Law Enforcement would be sifting through TOR traffic, just because it’s TOR traffic, due to how and when it’s generally used (by Kali skript kiddys for example).

SmartOne · December 14, 2016, 6:47pm

And of course we could do something like Proxychains -> TOR -> VPN to make it even harder for them

Ninja243 · December 14, 2016, 6:47pm

Of course, don’t forget the SSH tunnel either

fraq · December 14, 2016, 8:05pm

This is cool, but all the tech in the world won’t save you from bad opsec. Remember that.