Digging Deep

The Anonymity

World - A Perfect Solution For Being Anonymous

_________________

Chintan Gurjar (@chintan_gurjar)

Vikas Roy

Index

i. Introduction

a. Which information can server grab from your system

when you visit them

b. Hack yourself before going outside for hacking

ii. Picking The Right VPN & Proxy Servers

a. Tracking Cookie Scenario & POC

b. VPN & Proxy Servers

1. proXPN

2. JonDonym

3. HIMACHI Setup

4. Ultasurf

5. Myths & Realities About TOR

6. OpenProxy

7. PAC files

8. Setting Proxy To Tools

iii. Use of Encrypted Emails and Chat Services

a. Email Encryption

1. GPG

2. PGP

3. sbwave Email Encryption

4. hushmail Email Encryption

b. Instant Chat Encrytion

1. X-IM Encrypted Instant Messaging

2. PSST Encrypted Instant Messaging

iv. Find your real time trackers

a. Introduction

b. What is collusion?

v. Incognito Mode Of Browser

a. Truth about incognito

b. Limitations In Incognito

c. How to use in various browser

vi. Is Google Tracking A Big Issue For You?

a. Google Privacy Ethics Information

b. Data we give Google directly

c. Data we give Google indirectly

1. Logs

2. Geo Location

3. Device Information

4. Unique Application Number

d. How to stop Google Tracking?

1. Use of Plugins

2. Best Plugin list

3. Do Not Track Plus - Information

4. Disconnect – Information

vii. Is Social Media Tracking A Big Issue For You?

viii. The Uniqueness Of Your Browser

a. PANOPTICLICK Project

b. Normal Data Collection

c. Detailed Data Collection

d. Purpose of this project

e. Live Testing of Uniqueness of Browser

ix. Fake Identity Generators

a. Why important?

b. General Tips

c. Reference Book – HOW TO DISAPPEAR

d. Site Links To Generate Fake Identity

x. Alternate Device Connection

xi. Removing Metadata From Media Files

xii. Use Of Disposable Email Service

a. Introduction

b. Advantages of Temporary Email Services

c. Site Links

xiii. Clearing Tracks From Physical Device

a. Ways of Removing Traces

1. Peter Guttman‟s Method

2. Tool –Eraser

3. DOD Method

4. Darik‟s Boot and Nuke Project

5. Physical Destruction Method

6. Other Tools

xiv. Cryptying Data

a. Introduction

b. Types of Encryption

1. Communication Encryption

2. Database Encryption

3. File/Folder Encryption

4. Hard disk Encryption

c. File/Folder/Harddisk Encryption Tools

d. Communication Encryption Tools

e. True Crypt

1. Information

2. Future

xv. Things To Do With Your Real Account

xvi. Understanding log files for clearance

a. Introduction

b. UTMP

c. BTMP

d. WTMP

e. LastLog

f. Linux Server Log File Information

xvii. Firewall importance for being anonymous

a. Introduction

b. What hacker does?

c. When firewall is needed?

xviii. Use of Anonymous Operating Systems

a. Introduction

b. Benefits of this OS

c. Specification of this OS

xix. Using OccupyOS live CD

a. Introduction

b. Benefits of this OS

xx. SSH Tunnel

xxi. Things To Do When You Are Under Suspect

The information given in this guide is only for educational

purposes. The author is not encouraging the reader to use these

techniques to break the law of cyber world. While anonymity is an

important thing, Author encourages people to use this in positive

activity in which any law should not be broken. Author will not be

responsible for any kind of misbehave done with the help of this

guide.

Introduction

Basically my aim is to provide you the information that if you are

going to hack something, just before that wait for a while and

check whether your system can be hacked or not? This paper is

all about those points which can help you out to hide your online

identity weather it is on social media, after hacking, before

hacking or under suspect by cybercrime investigators. Do not use

this article for BlackHat activities. Defacing is not everything. One

day when you will grow up, you will realize that you were a kid

who was doing SQLi, XSS, rooting servers for mass defacing and

all that.

It is true that you are not a bad guy. But there are some people in

the world (Hackers, l33ts, Geeks, Noobs, Forensics or cybercrime

investigators), who can keep on looking your activity, when you

are the suspected Vitim,

• It is not the only matter of being suspected victim, but some

individual also like to hide their real identity in order to get rid

of the spammer & scammers. So this is the reason that why I

am inspired to write this paper on topic "HOW TO BE

ANONYMOUS ONLINE."

• I have done research in this particular topic to find the best

solution to stay anonymous in this digital complex world.

Which information Can Server Grab From Your Machine

When You Visit It

Generally when you visit server or site, it has an ability to

grab much information about you. In sometimes people do

not want to leave their traces on the server or site. But

before digging into the solution of anonymity lets have

some information about the server that which type of

information it collects from user. There are many types

such as:

http_HOST – in which it will keep the log of

their own website that a person has visited on

this host by some ***.***.***.*** IP address.

http_CONNECTION – It also keeps the track

of the connection established as well as

connection close and timeout information in his

log of any IP address.

http_USER – AGENT – such as Mozilla/5.0

apple web kit, chrome 18.0.1025.3

ACCEPT - It will check for the all accepting

methods of http such as text/html,

application/xhtml+xml, etc.

ACCEPT_ENCODING – which are the

encoding methods? For example Gzip, deflate,

sdch etc..

LANGUAGE – Which language the browser

and the computer system is accepting such as

en-US,en;q=0.8 etc..

CHARSET – It defines the character

encoding which are going to be used for any kind

of form submission.

COOKIE - It will also keep the track of those

cookies which are to be stored at client side.

IP – Obviously your IP Address is going to

track.

PORT – On which port you are using service

will also be going to track.

These all were the information of your HTTP request

query. Apart from this server may have an ability to take

out your ISP connection, IP range of that ISP connection,

Geo-location, Net Name and much more? These are just a

very small example that I have shown that who can track

you and which information can be tracked of you form

someone. But its deeper there is a lot more..

This is the reason that I am inspired to write this paper.

So now, don’t you think so that you really need a

privacy | Safe | Anonymous Environment on the

internet!!!?

Hack Yourself Before Going Outside For Hacking

As I have said earlier that you have to check yourself that

are you secure? Can anybody hack into your system? There are

many ways of checking this, but here I am pointing out some of

the basic but very effective ways of it.

Beware from kids, who are using keyloggers to hack you into.

Download any keyscrambler to prevent keyloggers.

Also keep in mind that close your all unused ports which are

open.

Do not uses windows firewall, if you use keeps it up to date

else disable it and use your own firewall.

Install and run Malwarebytes to check if you are infected by

malwares or not.

Firewalling your ports is most important, because nowadays most

of the attacks are done through the network layer not on the

application layer. There will be a plenty of ports on your machine

which will be on listening mode. To illustrate this lets have an

example of printer. Printer ports are always open and on listening

mode that some signals will come from the network‟s any

computer or outside network‟s computer and then they will start

their job. Hacker can exploit this through giving commands to your

printer to do their jobs.

To solve this problem you must have a firewall installed on your

system. If you are connecting internet through a router, then there

will be a firewall in router default. Just make sure that, that firewall

is enabled. Else you can have from internet to download and

install. ‟Personal Firewall‟ is the best firewall ever I have

experienced. It is firewall software which has best protection.

Personally I don‟t use antivirus for different reasons. Infectors can

create FUD (Fully Undetectable) virus which may have an ability

to bypass your antivirus. And they may have a power of deleting

your all documents, files and folders without knowing you. If you

are a programmer and hacker, use Linux based system more.

They are much secure compare to windows systems.

Picking the Right Choice of VPNs and Proxy Servers

Now a day‟s all websites are having TRACKABLE COOKIES.

What is that - They are the type of cookies which enable the

website?

It is happening because they can obtain normal or sensitive

information from visitors to the owner of the website. If you want

to prevent yourself from being tracked then use Norton Internet

Security or Norton 360. It prevents all cookies which are tracking

cookies.

That’s CooL…Buddy :D

• If you need a more upper level security of your identity, then

start using public proxy and Virtual private networks. It hides

your identity and makes you someone else instead of really

who you are. Proxy is just one intermediate between you

and the website, where VPN is provides multiple anonymous

sessions by giving you a single IP through various routing in

multiple tunnels. It also prevents the website to grab

information about you that from where you are accessing

that. So VPN is my recommendation for you.

ProXPN is the best ever I have seen yet.

• Benefits : Good Technical Support

: Cheap Value

: High Speed

• Main Advantage: Their Free VPN service is also 128 bit

encrypted. Their Paid service provides 2048 bit Military

Encryption with 24/7 Support.

128 Bit Encryption!!? I Like it……

JonDonym is another good service for being anonymous. It

is designed in such way that people can have their own

reserve environment. It provides confidentiality, speed,

international spread servers, secure browser, anonymous

activities, and protection against website profiling. It has a

unique technology for being anonymous online. It serves

encrypted communication.

Jonny Depp + Van Dam = Jon Donym :D hahahahhaa

• One can setup his own VPN at his home with the help of

HIMACHI. There are lots of tutorials available on the internet

that how to set up our own VPN with HIMACHI. So Go and

Give it the shot. (Strong Recommendation)

• Another great tool is ULTRASURF. Students and some

people use this tool where there are blocked websites in the

restricted area. So this tool has an ability to bypass those

protocols and open the website.

-> Sometime WAF administrator comes to know

that this guy is using ultrasurf. So it bans the ultrasurf.exe process

in his or her firewall.

-> But this is the main advantage of this tool. It

doesn‟t‟ come in package there is only one executable file name

ultrasurf.exe and it also don't require installation. It runs directly

with the double click. So if we rename that file suppose chintan.exe

and if we run then it will again bypass the firewall. Because there

will be new service create on server named chintan.exe. So it is

very handy because to ban all time different service created by the

user is hard. So it works every time!!

Myths And Reality About TOR

Many people believe that TOR is the best project for being

anonymous. No doubt that it provides great anonymity for online.

But there is one downside of that on which I want to focus. When

you use TOR, first it connects to you to the TOR node.

(Attacker) -> TOR -> Website

Then you surf the web, but at the end of the surfing, when you exit

from TOR node none site will grab information about you but as

you have exited from TOR node and your internet connection is

still on. So there can be a log generated into your ISP server about

your IP that it has connected to TOR network. So ultimately our IP

recorded into our ISP‟s log.

Yeah, it is true that the sites we have surfed won‟t have our data,

but if we have done anything wrong in that site and they will start

investigation, then from our ISP recorded we can be caught.

Solution

(Attacker) -> VPN -> TOR -> Website

It is very logical and clear way of being still anonymous by routing

your TOR through VPN. It prevents your ISP for making a log that

you are using TOR. They won‟t be able to know that attacker is

using TOR, because in their system our final VPN‟s Log will be

gone.

There is another benefit of this technique. It also prevents TOR

from identifying that that is there behind the VPN. If anyone will

able to crack the TOR, he will assume that this is the real IP

address of the person, but it won‟t. It will be the VPN‟s IP address

through which real attacker is connected.

TOR Mtanr …. ;)

THE ONION ROUTING

Use Open Proxies more. It is nothing but indirectly requesting the

page rather to open websites directly. For an example, if you want

to open www.website.com then your browser will contact proxy

and then it will open www.website.com in your browser. It can

give you very beginning level protection. But good for the learners

who wants to use proxy server. As there are pros of this

technology, there are also cons of Open Proxy. It should be used

very carefully. Sometimes they want to spy on you and your traffic

so they provide open proxy to those fools who use it. They are not

giving us their proxy servers, these servers are accidently open

by sysadmin or system administrator. Sometimes these servers

are not intentionally open. When system admin feels that there is

a heavy load of the server since it is used by many people it

opens server. Not all sysadmin are good. Who are spying on you

can harm you much. They can report the activity whichever you

were doing using their proxy and it can go to anywhere to disclose

you. Keep in mind that all the data passing through those

proxy servers are being read. So setup a higher level

anonymity and then surf the internet.

But from all these VPNs and Proxy Serves, JonDonym is the best

service.

Using PAC ( Proxy Auto Config ) Files is also a nice and

handy option. This files are generally called as *.PAC file

which contains a JAVASCRIPT. It allows user to

automatically choose the proxy server for fetching given URL

or the host. Mainly Javascript function used in this PAC file is

“FindProxyForURL”. This JavaScript function returns the

string of many access methods with speciation. Pac files

were designed by Netscape in 1996. It was first come into

use in Netscape Navigator 2.0 version. The JavaScript

function FindProxyForURL has 2 arguments such as URL

and host which is denoted by FindProxyForURL(url,host); Url

contains the given URL and the hostname derived form the

URL. Here is the simple syntax PAC file function.

function FindProxyForURL(url,host)

{

return “PROXY given_proxy.website.com:8080;DIRECT”;

}

Example :

function FindProxyForURL(url,host)

{

return “PROXY hidemyass.technolust.com:8080;DIRECT”;

}

To use this service you need to find PAC file online. You need to

find the website on which they are providing Proxy Automatic

Connection. They will provide a link to the PAC file which will be

like this http://www.technolust.com/Automatic_proxy/proxy1.pac

This is just an example. Then you need to open your browser‟s

proxy setting window, I am just showing you of Firefox rest of the

browser you are clever enough to find out. Some proxy will be

paid so they will ask you for the registration and all that shitty

things. But my point is you know the technology behind this so it

will be easy to make our own JavaScript Pac files to be

anonymous while surfing. Now you know the technology behind

this so you can start coding of your own JavaScript and you can

make your best PAC file.

This how it works.

Whas ir shir PAz PAz PAz… U made me remind of something you

know what did u remind me !!? THIS

When the matter of proxy concerns, the browser is not only one

thing that will save you from being tracked. You need to set the

proxy for all chat clients, players that you usually use for listening

music online. Here I am just going to take some name of the

important tools in which you have to set proxy for being

anonymous online while chatting and interacting with other

people. Those are windows media player, mIRc, yahoo

messenger, MSN messenger, AOL instant messenger, Mozilla

Thunderbird and much more. Do not forget to set your proxy in

your all chat clients. And for that keep just one thing in mind. The

tool, whichever is interacting with internet, set proxy there.

Use of Encrypted Emails & Chat Clients

You can be under monitored by your email ID too. So it is easy to

setup one more complexity to them who are spying on you. Let‟s

encrypt our emails and send-receive to our mate. Even though

your opponent will be able to hack your email id, then also he

cannot read the message because it is encrypted. General

method/formula is that some sites which are giving this type of

service provide you to encrypt your message on their site with

one key. And after that you have to send message. Now you have

to provide that key to your mate to decrypt the message. One

should provide that key physically or by call not by computer

medium. Four free and best services for this type of encrypted

mails are as follows:

1. GPG - This is GNU version of Pretty Good Privacy which is

also known as PGP. This is very good crypto system which

is directly used through he command prompt. It can be also

used by shell script. It supports many algorithms such as

DSA, RSA, AEC, 3AES and much more. It has better

functionality over PGP and PGP 2. It can be used as a filter

program too.

2. PGP – It is known as Pretty Good Privacy in which many

baniaries and sources comes which provides much effective

encryption to email, files and all your sensitive stuffs or data.

You can use this to encrypt your emails. It provides end-end

protection for your email encryption.

It works on a base of Public Key Encryption in which there

are 2 keys generated at a time while encryption. One key is

for you and 2nd

is for your receiver. Means one message

which is encrypted with your key can be decrypted with 2nd

key which your receiver has.

Its simply outstanding !! :D

3. sbwave Email Encryption - This service allows us to send

and receive emails through web media. Generally this type

of service is used for personal messages not for big security

issue.

4. Hushmail Email Encryption – This service can encrypt your

data up to 1024 bit public key which is a good security level.

It also allows encrypting your email attachments too.

5. X-IM Encrypted Instant Messaging : This is a simple tool of

instant messaging which encrypts your messages which are

passing through your system to your mate.

6. PSST Encrypted Instant Messaging : This provides the same

service as above but this is for linux and windows both.

Find Out Who Are Tracking You – Real Time Tracking

Your Trackers

In this cut throat competition, the number of the advertisement

companies gone high. They are into money making policy this is

the reason that you are being targeted often and often by their

advertisements. Whenever you visit any site, from your HTTP

request, the site on which you have visited is making other sites

aware of your coming. After that they will receive the HTTP

request header and they will send advertisement on you.

Directly it is impossible to see that if you visit one website, then

who are tracking you. You need to run some code in your browser

which will enable you to see those advertisements‟ origin website.

There is one beautiful add-on for Firefox named Collusion. The

reason that why I am giving so much importance to this add-on is

that this add-on is created by Mozilla. It shows your real time

trackers. It gives us the graphical representation of your

information which is share by the host you visit and the

advertising companies which gets the information of you by your

host. Downloading and installing is as simple as you know here is

the graphical representation that how it tracks the trackers.

Here is my browser‟s screenshot, to illustrate the working of this

add-on.

Incognito Support of Browser For User

Incognito mode helps user to browse the world anonymously.

Truths about Incognito

• It doesn‟t store Webpages‟ information which you

have surfed on the internet as well as the cached

files.

• It also doesn‟t keep downloading history recorded if

you have downloaded something then.

• Cookies will be automatically deleted when you close

the browser.

Limitations in Incognito

• If you sign in into your Google account then your

subsequent web searches will record the information in

Google Web History.

However, Google allows us to pause our Temporary Google Web

History Tracking, but won‟t you feel so much irritating if you also

want to keep history!!

• More over a user should not forget that, Google will not

keep history when you are in Incognito, but the website

you visited always keeps the log of the record of the

visitor.

• In addition to that, every ISP is keeping the track record of

its user. And some people like to use secure DNS so they

use Google‟s DNS System which is

8.8.8.8 , 8.8.4.4

So, This DNS system is going to keep an eye on you.

• So Where the FUCK this Incognito is going to use! ?

• This feature is going to help you at your home to save your

ass being fucked by your (Angry Young) DAD after you

have bqowrtd a PORN rist….. :P

Use Incognito In

• Internet Explorer | Firefox = Ctrl+Shift+P

• Google Chrome | Opera = Ctrl+Shift+N

Thankr buddv wily bt wandv foq mt…

Is Google Tracking A Big Issue For You?

Now a day‟s world has become more digitalized. There are so

many websites starting from any small store websites to big

corporate company website. They will also send you the advertise

by watching on your browser history and other factors to

determine that what you are looking for on the internet. Advertise

comes to us by keeping our browser history information, our

HTTP headers, cookies collection in our browser and much more.

Google has accepted that, it‟s Google Chrome Browser Tracks

the users. What Google collects from the users? It has 2 basic

different approaches for collecting data.

1. Data that we give us to Google – Directly

In many sites it requires to login with Google

account, so it is quite obvious that your data like

name, email and all the data will go to Google. Also

the site information that you visit will be also go to the

Google. Thus it tracks directly.

2. Data that It grabs from our system’s running services –

Indirectly

Logs: When someone uses services of Google or content

provided by Google, it automatically grabs information about

user and store it on their server logs. Detailed data has

been stored to the server such as …

o How the user has used the service or content or

website

o Cookies which can identify user‟s browser by

Google

o Telephony information of user.

o Device event information such as…

System crash

System activity

Browser Language

Browser Fonts

Time Zone of your computer

o IP-Address

Location Information: If you use the location based Google

service, Google may track your location information. It may

be tracked by the GPS signals transmitted by mobile, tablet.

You might be tracked by sensor data of your device, WI-FI

access points as well as the nearest cell towers.

Device Information: It may gather data of our device such as

OS info, Hardware info, unique device identifiers, mobile

network information which also includes the phone number

of the user.

Unique Application Number: Now days every application,

plugins, or operating system you install in your system

contains a unique number which we called it as VERSION.

So these numbers may be tracked by Google.

How To Stop Google Tracking?

There so many ways of avoid Google Tracking but here

are some of effective ways mentioned used now a days

by all to stop Google Tracking.

Use of Plugins:

By the use of the plugins it will stop the HTTP header coming

from the website to track your browser and system information.

List of the plugins:

1. Keep My Opt-Outs

2. Do Not Track Plus (Strong Recommendation)

3. Disconnect (Strong Recommendation)

4. Ghostery

5. RequestPolicy

6. TrackerBlock

7. Priv3

8. NoTrace

9. TrackerScan

10. ShareMeNot

11. Beef Taco

Using Do Not Track Plus - PLUGIN

This is a program created by Abine Softwares. If you visit any

website let‟s suppose to say www.facebook.com then there are

lots of websites in backend who are tracking you. This DOES

NOT TRACK PLUS mechanism will block all those tracking site

who believes sharing is caring. This will block all those sites

who are tracking you when you visit any website. When you install

this Add-on to your browser it will put small add-on to the right

side of your browser. Then you do your regular surfing. After

sometimes if you click on it, it will show you the numbers with the

details that how many websites made an effort to track you down.

And from those efforts, how many are blocked. It will also tell you

that which were those companies tried to track you. This tool will

also show you the total no. of blocks have been taken place. In

first few days of the use, it will block around 1600 tracings. The

program is highly recommended by CNET. It has 580 tracking

technologies.

You can download this from:

www.donottrackplus.com/downloading.php

Thas’r pqtssv awrm dudt… I likt is… TRAzC mt…. IF vou zAN

!!!!

Disconnect: - PLUGIN

This is also a plugin like other but this plugin is created

by a former Google Engineer, BRIAN KENNISH. This is open

source plugin. Functionality of this plugin is very simple. It

blocks the tracker scripts from the various websites on which

you visit. It has also variety of tools such as Disconnect for

CHROME, for SAFARI. It has also these tools for various

social networking sites such as Disconnect for Facebook

blocking, for twitter blocking and Google blocking.

yolz…Instqtrsing, Uring a plugin so pqtvtns Googlt so sqa{k ur,,,

and that plugin is even created by Google engineer !!!!

Strange but true !!! :D hahahah

Is Other Social Media Tracking A Big Issue?

Yes Certainly, It‟s a Big Issue.

Not only the Facebook, but I am damn sure that every social

media is tracking your each and every move online. The Plugin

DNT+ ( Do Not Track Plus ) has identified that Facebook is has

more than 200 trackers( Advertising Companies & Much More )

who are watching your activity online. These trackers can come to

your browser in a manner of cookies, iFrames, Javascrit, flash

and much more. Cookies are the elements which come to your

browser and thus it comes to your system. It anonymously tacks

your background and current interest and passes those signals to

the advertisers who want to target you. This is all about social

media as well as Facebook direct advertisement methodology.

If you do not go to Facebook or other social media then you can

be targeted with Facebook‟s LIKE button, Google+ +1‟s button,

Twitter tweet‟s button and much more.

yts shtm do shtiq woqk…whv would I rhould pav more attention

to this issue ?

The more tracking request on your website you will get the much

your website will load slowly. When you get these types of

trackers there will only few ones who will come up with a new

window (Popup) in which once you fill the information they will

take and go away. But popups are not coming regularly in fact

they are coming once in a blue moon. So rest of the services are

only running in backend so why not to block it to save your

bandwidth and get the high speed data transfer without

interception. Not all cookies come up with some certain aim. Not

many but almost all will be hidden, it will just sent your information

to the other advertisers that what is your geo location, where you

have visited and what is your username where you visited.

So this is really an issue that has to be solved for not only the

Facebook but all the social networking sites.

The Uniqueness of the Browser

Generally people believe that they are securing their web surfing

by not allowing all sites, their information by disabling cookies.

However it is completely wrong. It is helpful but only 10%. So

what comes in rest of the 90%? When we visit the website, it may

have capability of fetching your browser‟s data as well as your

system‟s data such as configuration of your system, OS version

and name, Fonts installed, Browser name and version, how much

and which plugins you are using etc... Panopticlick is one project

in which it identifies the uniqueness of client‟s browser. It assures

client that the data which will be collected will be in anonymous

form. From the data it can be measured that how unique your

browser is or how much your browser is predictable.

Normal Data Collection:

Computer Configuration

OS

Browser Information

Plugin

Detailed Data Collection:

User agent string of browser

HTTP accept headers

Color Depth of screen

Screen resolution

Time zone set at the client side

Fonts installed to the computer

Yes No information of (Cookies, Super Cookies, JavaScript)

Purpose of this project:

By testing the browser, we can identify that how much my system

or browser is track able. Which information does my browser

shares with the sites which I visit? So we can fix that.

Live Testing:

For live testing of the uniqueness of your browser go to below link

https://panopticlick.eff.org/

Click on the “Test Me “Button

Then it will show all the information about your browser and

system. Their privacy policy also gives us the same information

as EFF but in a proper way and manner.

http://www.stayinvisible.com/

Apart from this „Stay Invisible‟ project is also very handy and

helpful to check how much your browser and system is unique.

Fake Identity Generators

Do you want to be a Jason Val Kilmer !!? His Movie came in 2012

namtd Fakt Idtnsisv… xhaqtd wish u..mav vou ltaqn r0mshing fqom

is….

• Being anonymous is not an easy task. It won‟t help you out

in every forms of the web. So in those cases you need to

register on website or you need to create your Fake Identity.

This is very interesting and real world way to make fool web

forums.

If you are caught in the act and you want to disappear from the IT

as well as real world, then there are some ways with which you

can do this.

• Reducing your social connections.

• Throw Plastic Cards, Use Cash More.

• Remove Word –Truth from your dictionary – Start Lying at

each and every stage of your life.

• Find and use people to work behalf of you in legal matters

– Buying home, Car – Selling Home, Car - it is also called

incorporation in which people hire someone who handle

all the assets of him or her.

For this you will require social engineering skills. In which you will need

to manipulate people, make them trustworthy towards you and then

you can exploit them with the proper use of shtm :D ….( HOT Tip –

Pick Females for this )

Deep reading of this book may help you in technical as well as

non-technical way.

There are so many websites who can create your fake Identity.

Some of the most preferred by all is mentioned below.

• www.fakenamegenerator.com – For Advance Use

• www.kleimo.com – For Basic Use

Alternate Device Connection

Always use someone else‟s connection of the internet. It is the

best way to hide your ass. Because logically it is more secure.

When you are connected to your nearest cafe‟s, schools‟ and

library‟s connection, you are login into the website using their IP

address. Not your own one. So it is completely anonymous.

Removing Metadata From Media Files

If you are doing blogging, then certain things you must keep in

mind. Use your fake identity and email whiles you are doing

blogging. You ignore using flash and JavaScript contents.

Specially, you should avoid analytics and advertisements.

Some people post their videos and pictures online which they

have taken form their digital camera. Do not forget to remove

metadata from your media files. Metadata contains a lot of

information of your system, OS, Username and much more. Many

cameras as well as new phones which are having digital camera

inbuilt, they are leaving their signatures in terms of data collection

of their device info and pic info. When you post those photos

online anyone with some 3rd

party tool can extract your Meta data.

And for that FOCA is very good tool, which you already know.

Thus your identity can be breached.

Here I am showing one example of extracted metadata with

FOCA of my own photo.

Thus metadata is very important thing that we can‟t neglect if we

want to be anonymous online.

Using The Temporary E-Mail Services

There is lots of website who wants your email address for their

spamming. Avoid that kind of spam by implementing your free

non-regular yahoo, Gmail or Hotmail email address. But the real

privacy you will only get by using Disposable Email services. They

are 100% complete anonymous.

Temporary email services are also refereed as disposable email

services. These types of services are real. It is a system of email

spam combating. It is also called as DEA – Disposable Email

Addresses.

Advantages of Disposable Email

No Authentication Required.

Provides freedom to choose any name.

No Protocols.

Easy access & maintain.

Hides your real identity.

Avoids Spam.

Maintain Anonymity.

My Recommendation for best Disposable mail services are:

1. www.mailnator.com

2. www.spamgourmet.com

3. www.dispostable.com

4. www.trashmail.net

Clearing Tracks From Physical Device

Is it like, Do not leave our potty after we do shits !??

Yes it exactly means like that.

OMG !! WTF !!!

A hacker is incomplete man/woman without being paranoid. One

thing that all the hackers must keep in mind is that they have got

everything to lose. So being paranoid is one type of protecting

yourself. Paranoid is a different term from being anonymous.

Being anonymous part contains most of the technical work to

save you from being caught. But being paranoid contains

technical work as well as non-technical work in order to not being

caught. Sometimes hacker wants their work being appreciated by

someone. A good hacker will always think twice before to say

about his work to someone. She/he always keeps in mind that

whom to tell, what to tell, when to tell, and how to tell. Because,

even one mistake can ruin your life.

YEAH !! I also agree with this. Why to give your enemy a chance to

fuck your asS !!? Is’r good to watch everything but not to speak

anything. Am I RIGHT ?

Yes you are 100% right.

:)

Apart from being paranoid, if we talk about the technical terms,

then hacker must keep it data saved somewhere else in portable

device. It will be handy while travelling as well as after the

destruction of data on your desktop or laptop. The best hacker is

that who thinks even the ways of demolishing the data in case of

need.

As I think, if have got some news that Police is finding me and

soon they going to come and catch me from xyz place where I am

there. Then I should have a way to demolish and delete my all

data from my any kind of storage media. It can be a tool to delete

your all data from your clusters even. It can be a noobish but a

working way even. There are many tools which completely

remove the traces of the each clusters of your hard drive.

Ways of Deleting Data | Removing Traces from Storage Media

1. Use Peter Guttmann’s Method :

In this method, there are certain patterns which are

predefined. It overwrites data 35 times with the selected

patterns. That makes the data uncover able or

unrecoverable by any tool of data recovery. It is not

also possible to recover data from magnetic fields as

well as the disk platter surface.

Advantage: 100% Assurance of complete deletion.

Disadvantages: it is time consuming.

35 times!!! Mv god…

2. Tool – Eraser (Platform - Windows) :

This is very nice tool to remove data from the

counterparts of the hard drive. It works with the every

windows platform including windows 7 as well as

windows server 2008. It uses secure erase methods.

Advantage: Small, Easy to use, Free

3. US DOD Method :

US Department of Defense have invented a method

secure deletion of the data. Their method overwrites the

data 7 times which is very less then Peter Guttmann‟s

method. However in the matter of time, or in

emergency, this method is very useful at that time.

Warn’s aware 0f this!!!

For more information visit:

http://www.zdelete.com/dod.htm

Advantage: 7 times of overwriting data.

Disadvantage: less Secure then Peter Guttmann‟s

Method.

4. Darik’s Boot and Nuke Project :

This is a boot disk specially designed to wipe out all the

data from your hard drive. It is useful for the emergency data

destruction. If you are a hacker and you want to sell your

computer then, this is a good way of preventing identity theft.

Download ISO image: http://sourceforge.net/projects/dban/

5. Physical Destruction Method :

Remove the hard drive form your computer. Remove

the casing in case of having portable or SATA drive.

Unscrew all the screw holding it. Destroy all the platters.

Platters can be destroyed in 2 ways.

YEAH !! This is mt..Dns Mtrr Wish ME…. I lovt is Mann… waising

for this moment Ext{usion rsaqstd…

Other Tools:

Windows: Microsoft SDelete, Wife File, Delete on Click

Linux: Wipe Package from UBUNTU

MAC OS X: SRM, Permanent Eraser.

Cryptying The Data Which You Have

There are ton of hard disk crypters available on the internet. Use

them. Online hard disk crypters are also very handy and

important.

In ordinary manner cryptography is divided into 4 parts.

1. Communication Encryption

2. Database Encryption

3. File / Folder Encryption

4. Hard Disk Encryption

Make sure that whichever the tool you use to crypt the files as

well as folders, they should have a secure algorithm of cryptying.

File/Folder/Harddisk Encryption Tools:

7-Zip –

AxCrypt

True Crypt

Sophos Free Encryption

Cryptext

Sofonica Folder Soldier

Disk Utility – For Mac

Users

Safe Hous Explorer

dsCrypt

Rohos Mini Drive

Free OTFE Explorer –

For Windows and Unix

Users

Remora USB File Guard

GNU Privacy Guard

Communication Encryption Tools:

Network Encryption

Generic

Email Encryption

PGP

Phone - call Encryption

Nautilus

Session Encryption

SSH (Best Ever)

True Crypt – File | Folder | USB Tool

TruCrypt tool is the ever best tool for encryption. It is for

establishing as well as maintaining on the air encrypted

volume. On the air encryption means data is automatically

encrypted when you save the data and vice versa it is

decrypted when you are loaded. There won‟t be any data

which can be readable and which is encrypted. Without

using the correct password it won‟t be available for

reading data.

Future of this software

Software developers of this company are

thinking to implement such things which can

encrypt whole hard disk drive.

There will be command line options available

for the volume creation.

I am Bored!!! hiding this..hiding that..crypting shir shas… Ix TwERE

ANY MY REAL IDENTITY ?? cant I use my real account !!!!! ?

Of course you can!!

So why you are waiting for !!!? give me some sipr..dudt…

Things to Do With Your Real Account

I know you are clever busy still ….

Never do any suspicious activity with your original

account which you are given to your library, school,

café or university.

If you do any suspicious acts in terms of hacking, then it

must be either deleted after done and encrypted while

doing.

Of course you are not permitted to leave you‟re tut (Txt

PDF DOC PPT), tools and web history on that account

after your goal gets finished.

Understanding & Clearing Log Files - Do Not Delete

Log Files …

One must keep in mind before deleting the log files of the server.

By deleting log files of server you are indirectly telling system

administrator that you or someone has hacked into his or her

system. It‟s better to modify it rather to delete a complete log file.

Text file on the server or .log files on the server are easily

editable, but for the binary log files you will need to have an editor

to modify it. Here is a list of something that should not be missed

out by at the time of clearing your log files.

1. Services which are restarted or stopped on the server

2. Changing in privileges

3. Details of your failed and successful login attempts

4. Time Stamps.

There are main 3 types of log files which hacker, should always

keep in mind after exploiting the system.

1. UTMP : Keeps each and every small data of Current running

status of the system, system boot time. It also records the

user login information and much more.

2. BTMP : It only tracks the failed logins.

3. WTMP : Old UTMP log files are called WTMP. UTMP is a

current log file in which reading; writing is going on, where

WTMP is lying on folder named with some xyz date log file.

4. LastLog : This is a famous command for most of the UNIX

based operating system. It parses the data of the last login

logs which are situated in /var/log/lastlog/.

There are lots of noob hackers, defacers who always follow this

method. They always think in this way that, to be secure lets

delete the log file. NEVER DO IT!! . By deleting log file you are

making system admin aware that someone break into root and

the all your efforts will be wasted.

It is better to modify the log file with some last entries.

Tool:

Piwik 1.7.2 rc2

For More Information Visit:

http://piwik.org/log-analytics/

Deleting logs is not only the worth thing. There are many other

things that a perfect hacker should always do. Deleting logs or

deleting their entry from the logs will not help them to be

anonymous. But they have to remove themselves from the

system in which there is $HOME and TMP folder.

One must check these 2 files before leaving the server.

.sh_history

.bash_history

Remove your entries from these files even. If you want to be

secure then.

Using the Best Firewall for Your Desktop / Laptop

Connecting your computer or a private network to the internet is

always a risk factor. Internet means your device (Lappy Desktopy

or Any Gadget which is connected to internet) has willing to get

information from outer sources and to provide back them

information from your inner sources. Security should not be up to

the Application layer. What about the network layer security? If

you are connected to the internet then there is always a risk factor

of your data breach, system compromised anything. As you are

aware that, Now a days DDOS attack is very much widely used

attack. The hacker who generates auto spreading bot is not only

the one who hacks the application, many thousands of

compromised systems who are acting as BOTS are also the part

of attack. So these were all about the attack. So here is all about

those firewalls which can protect you on the internet. Indirectly it

also helps to keep you anonymous. So that, you cannot be

affected by hackers.

Major Firewalls examine the source IP address of the packets,

that either they are legitimate? Firewalls are constructed in such

ways that they only allow traffics of packets from only the trusted

and valid host.

What Hacker Does?

He will try to “SPOOF” the IP address from the entry of the

packets sent to your system. Your system will allow it to execute

to in your computer / Laptop without any further criteria. Thus

hacker is able to gain the whole session of your computer. He can

breach the data and make your PC to do that what he/she

(hacker) likes. She/he does this through sending instruction to

your computer.

Here Comes the Firewall

It protects your computer from being executing hostile

instructions. In organizations many systems are connected

internally in LAN and they all are connected to the internet.

Firewall enables the system administrators to let him select the

systems to be connected to the internet. It enables funneling –

Means keeping aside the non – valid users or the non –

authorized users. It gives alert when suspicious activity occurs.

Thus if any hackers is going to install a RAT in your PC it gives

alert, this is just a small example, if you are being tracked then

you can even identify that with the analysis of the packets, which

is a feature of major firewalls. It shows which services are working

on which port and other Meta data.

I buqntd sht WAyy shas ir {alltd FIRE WAyy….. zall sht fiqt

bqigadt….hththth

Fish… You will always remain a noob.

:P STFU !!!!

Using Of Anonym.OS Live CD

This OS is the best OS ever I have seen developed by

Kaos.Theory Security Research. This OS is on Bootable CD. It

has a many level of privacy which many security professionals

and professional hackers are using. But the impact of this Live CD

is that it is provided with a good user interface. The name

„Anonym‟ itself giving the meaning of privacy, It is a perfect

solution for using computer or your laptop without touching or

using your hard disk. So it doesn‟t allow user to leave traces

knowingly or unknowingly. In openBSD operating system,

researchers says that this OS the one of the best and advance

security operating system. The ambition of this project is to

provide anonymous as well as secure web surfing.

Thir ir whas anonvmour Ox {an do… I mtan so makt ptoplt

anonymous online Am I right?

Yeah… But certainly this OS can do a lot better than this. It‟s

good to use for high level privacy maintaining.

Specification and Everything about This OS

Distribution = Anonym.OS LiveCD

Home Page = http://kaos.to/blog/?s=anonym.os

Release Date = 2006/01/14

Price (US$) = Free

CDs = 1

Free Download = *.ISO

Package Management = TGZ

Processor Architecture = i386

Download Link - http://sourceforge.net/projects/anonym-

os/files/Anonym.OS%20Live%20CD/ShmooCon%202006/

Using Of OccupyOS Live CD

OccupyOS OS is designed for those activists who wants to be

anonymous, who wants to maintain their privacy during the

internet. By the use of this OS they can create, publish

documents as well as they can manage websites, their pages,

blogs and all that stuff anonymously. Also it provides secure

communication environment.

Benefit of this OS

Each and every connection of the internet is forced to pass

though the TOR.

It doesn‟t leave a single trace on your computer.

One can use cryptography for protecting their emails,

documents and other stuffs like instant messaging.

With the help of use Mumble one can encrypt their voice

chat and conference.

Xchat-OTR and Pidgin-OTR tools are used for encrypting

instant messaging.

It has secure hard disk wiping tool.

These were 2 basic OS. But along with them you can use below

several OS.

- Ubuntu Privacy Remix

- Pollipix – The Privacy CD

- Tails – The Amnesic Incognito Live System

SSH Tunnel

It is the secure command line. It is identical like encrypted telnet.

Basically in this system an attacker connects to the Remote

server and then they use encryption so there won‟t be anyone

who will monitor their activity. There will not be anyone who will

able to sniff his username passwords. The technology is built on

Server = Client system, in order to that it has an ability to tunnel

the whole network traffic. So from my system the traffic will be

directly tunneled and will reach to the endpoint whichever the

site I want to open. As an impact or that, that site will assume

that the traffic is generated here at the endpoint (At there on the

website), not from my original system. This is the excellence of

this technology.

Sometimes your ISP is keeping your all internet activity, which is

a normal thing but if you are under suspect or under monitoring

by cybercrime investigators, your all packets which are outgoing

will be put in deep inspection. So in such cases SSH can be very

useful to protect yourself from being avoided by that deep

inspection.

Bus vou know mt..i am NOOB…tvtn afstq saking all shtrt

pqt{ausionr….if I am undtq rurpt{s oq undtq monisoqing bv Cyber

crime investigators or Police then what to do !! :’(

You don‟t need to cry.

Things to Do When You Are Under Suspect or Under

Monitoring

If you have read completely up to this then firstly

remove your technical traces. Do not do any suspicious activity, including even doxing

or information gathering for 3-4 months. Make a new email ID. Spread it to your friends and tell

them to communicate with them on that id. Stop your all

previous ID. Tell your hacker friends to not to do mail to you for

initial 1-2 months. If something is more important than meet

because call can be under tracing even. Stop using PGP encrypted mails, because if will work

as an alert system for those who are monitoring you. Do not forget to encrypt your all data or to delete or

overwrite your all data with the Peter Guttmann‟s Method or

any other which I have explained above. If you have breached something, then remove that all

the Excel sheets or text files in which the sensitive data of

the website or server is there which you have breached.

If you remember Spiderman movie then uncle ben is telling

peter parker this sentence “Great power comes with great

responsibility”. Now wonder how much you are anonymous and

none power can track you online, but use that anonymity for

peace and your safe environment. Not for exploiting the

websites and servers online.

Chintan Gurjar

Facebook :

https://www.facebook.com/h4n

Ds0m3.dEviL

Email :

chintangurjar1990@gmail.com

Twitter : @chintan_gurjar

Vikas Roy

Facebook :

https://www.facebook.com/varo

yme

Email : varoyme@gmail.com

Thank You For Reading