Archive for the ‘Anonymous’ Category

Here are the materials required to successfully follow this tutorial:

  • A laptop with an access to the internet
  • A remote website that you own or that you have permission to access. In this tutorial, we will use the publicly available domain example.com 

For this tutorial, I will suppose that you are using a Debian-based distribution, such as the popular ubuntu

Note: Kali Linux comes with all these tools right from the box. So, if you have a working installation of Kali Linux, just skip the installation steps and go to step 4.

1. Install Nmap

Nmap is the tool most hackers use to conduct reconnaissance on a remote target.

So, in this tutorial, we will suppose that you have a minimal knowledge of how to use this tool.

To install Nmap, use the command line below:

sudo apt-get install nmap

2. Install TOR

Tor is the most used software in the world to protect privacy while surfing the internet and sometimes to access the deep/dark web.  So, in order to protect your privacy, you just have to download and install the tor browser from; https://www.torproject.org But, in this tutorial, we are going to use the command line version of TOR.

To install it, just type the following command:

sudo apt-get install tor

3. Install Proxychains

Proxychains is the tool used to send an application’s traffic through the network while staying anonymous. It is used to route all network traffic incoming and outgoing from an application to a local or remote proxy address. We will use it to route all the Nmap traffic through the anonymous network TOR.

To install proxy chains, just type:

sudo apt-get install proxychains

4. Start scanning anonymously

Once all these tools are installed, everything is correctly configured with the default setting, so you can start surfing anonymously without any problem.

sudo proxychains nmap -sT example.com

 

Note: Here we have used Nmap with proxy chains, but you can use any other command line or GUI tool you know with proxy chains and TOR as explained.

Advertisements

Caintech.co.uk

 

 

In today’s society, every citizen is monitored, tracked, and profiled by their government and affiliated agencies; the American National Security Agency (NSA) and the Great Britain Government Communications Headquarters (GCHQ) are two commonly discussed examples. This page is to provide a resource for learning more about staying secure online.

Basic Security Tips:

  • When discussing potentially sensitive or anti-government issues, make sure to use a fake, online alias.
  • Never reveal your real name when associating with your online alias.
  • Always use a virtual private network.
  • Pay for things associated with your online alias, with a prepaid card. Pay for the prepaid card in cash if possible.

Virtual Private Networks

A virtual private network, also known as a VPN, is a service used to add a layer of security and privacy to networks. VPNs are often used by businesses and corporations to protect sesitive data. Although, using a VPN is becoming increasingly more popular for the average person.

Privacy and security is increased, because when active, the VPN will “replace” the users IP address with one from the VPN provider. It will also “change” your domain name system address, also known as DNS address, which will not allow your internet service provider to view what websites you are visiting. In addition to these privacy and security increases, it encrpyts your internet traffic. Most VPN providers offer at least 128-bit AES encryption, which according to documents leaked by Edward Snowden, has not been broken by the NSA yet. Some also offter 256-bit AES encryption, which is more secure.

Warnings

  • Free VPN providers are likely selling their logs and/or compromising your security.
  • Do not tell anyone what provider you are using.
  • Be sure to read the Terms of Service and Privacy Policy before using a VPN service.
  • Do your own research. Don’t trust random sources.

VPN Providers

Below is a list of paid VPN providers. We do not support or endorse any of the providers listed below. We merely provide this list as a starting point into researching the provider that is right for you.

Private Internet Access

IPVanish

AirVPN

TigerVPN

Perfect Privacy

Hide.Me

TorGuard

View a larger list of VPN Providers here.

DNS Leaking

When utilizing an anonymity service, it is extremely important that all traffic coming from your computer is routed through the anonymity network. If any traffic leaks outside of the secure connection to the network, an adversary monitoring your traffic will be able to log your activity.

DNS or the domain name system is used to translate domain names such as http://www.duckduckgo.com into numerical IP addresses such as 111.222.333.444, which are required to route packets of data on the internet. Whenever your computer needs to contact a server on the internet, such as when you enter a domain name into your browser, your computer reaches out to a DNS server and requests the IP address associated with that domain name. Most Internet service providers assign their customers a DNS server which they control and use for logging and recording your internet activities.

Under certain conditions, although connected to the anonymity network, the operating system will continue to use its default DNS servers instead of the anonymous DNS servers assigned to your computer by the anonymity service. DNS leaks are a huge privacy threat since the anonymity service may be providing a false sense of security while data is leaking.

Be sure to check if you are leaking any data by visiting one of the websites below.

DNS Leak Test
IP Leak

Search Engine Tracking

The sad truth is that no matter where we go, big corporations and governments attempt to track, profile, and control us. Even our own “beloved” Google search engine is used to track everything we search for. Everytime you use a regular search engine, your search data is recorded. Major search engines capture your IP address and use tracking cookies to make a record of your searches, the time, and the links you choose – then they store that information in a huge database.

Investigation of those searches reveal a shocking amount of personal information about you, such as your interests, family circumstances, political believes medical conditions, financial status, and more. This database is a modern-day gold mine for government officials, hackers, and marketers. To stop storing your future searches in this database, it is recommended that you use alternative search engines.

Alternative Search Engines

There are many search engine alternatives to Google, Yahoo, Bing, and Yandex that are dedicated to the privacy of their users. The list below is a small list of the alternative search engines available.

DuckDuckGo

StartPage

Disconnect Search

IXQuick

 

tv-AnnonOn Friday, a group claiming affiliation with the loose hacker collective “Anonymous” released a document containing approximately 13,000 username-and-password combinations along with credit card numbers and expiration dates.

The stolen personal information was released in a massive text document posted to the Internet file-sharing website Ghostbin (now deleted), on Friday. The document contains a huge number of usernames and passwords, along with credit card numbers and expiration dates.

 

 

lulzxmas2

The Daily Dot‘s Aaron Sankin has compiled a comprehensive list of sites associated with the username and password leaks, and discovered that the leaks came from the sites run the gamut from pornography to gaming to online shopping. The list of the compromised websites is as follows:
  • Amazon
  • Walmart
  • PlayStation Network
  • Xbox Live
  • Twitch.tv
  • Dell
  • Brazzers
  • DigitalPlayground
  • and see complete list.

Just to be on the safe side, if you have an account with any of these places, you might want to change your password and start monitoring your credit card for any suspicious charges.

tv crime2
Wanna buy a botnet? It will cost you somewhere in the region of $700. If you just want to hire someone else’s botnet for an hour, though, it can cost as little as $2.

Maybe you’d like to spy on an ex — for $350 you can purchase a Trojan horse that lets you see all incoming and outgoing texts. Or maybe you’re just in the market for some good old-fashioned spamming — that will cost you $10 for someone to send a million e-mails on your behalf.

These are the going rates in Russia’s underground cybercrime market — a vibrant community of ne’er-do-wells offering every conceivable service at dirt-cheap prices — as profiled in security firm Trend Micro’s report, Russian Underground 101, which provides insight into the workings of the hidden economy.
Russia’s cybercrime market is “very mature,” says Rik Ferguson, Trend Micro’s director of security research and communications. “It’s been in place for quite some time. There are people offering niche services, and every niche is catered for.”

The report details a range of products offered in the underground, including ZeuS, a hugely popular Trojan horse that’s been around for at least six years. ZeuS creates botnets that remotely store personal information gleaned from users’ machines, and has been discovered operating on everything from home-based computers to the networks of large organizations such as Bank of America, NASA and Amazon. In 2011, the source code for ZeuS was released into the wild, which has made it “a criminal open source project,” Ferguson says. Variants of ZeuS now sell for $200-$500.

Cybercrime techniques go in and out of fashion like everything else — and in that sense, ZeuS is unusual for its longevity. Its success in large part is due to the fact that viruses and Trojans can be easily adapted to take advantage of whatever hot story is in the news — presidential elections, hurricane Sandy — in order to make fraudulent messages and spam emails seem more legitimate to users.

DNSChanger is another popular Trojan horse that operated from 2007-2011. It altered the DNS settings on machines to redirect a victim’s browser to a webpage with ads that earned the scammers affiliate revenue. One prominent DNSChanger crime ring called Rove Digital was busted in Estonia in 2011 following a six-year FBI investigation. During that time, it is estimated the scammers earned around $14 million.

As a result of the bust, the FBI was left with a lot critical web infrastructure on its hands that controlled infected machines, including machines at major organizations. Victim machines could only access the web through the Rove Digital servers. So authorities spent months warning computer users to check their computers for DNSChanger infections so that when the Estonian servers were finally taken offline, it wouldn’t affect the ability of victims to surf the web.

So-called “ransomware” is an example of a more recent cybercrime trend, whereby the victim’s computer is locked down, and the hard drive is encrypted by a remote attacker. All the user sees on the screen is a message that tells them that local law enforcement has detected child pornography or pirated software on their PC. In order to unlock their machine, the message instructs victims to send money to a certain bank account. No payment, no unlocked hard drive.

Some victims who have paid the “fine” actually report getting their information back, says Ferguson. “But you’ve labeled yourself as an easy mark, and there’s no telling if they haven’t left behind a backdoor which will let them come back and try again,” he says.
The most recent trends in cybercrime are focused on mobile — particularly Android devices — Ferguson says.
We’ve seen so far 175,000 malicious threats for Android, and we expect that to be a quarter of a million by next year,” he says. “Those threats come from malicious apps — if you want to stay safe, stick to official channels like Google Play, don’t just download from any site.”

Prices are going down across the Russian underground, Ferguson says.
“The bad guys are using technologies to drive down costs in the same way businesses are,” he says, noting the person who recently claimed online to have bought the personal information of 1.1 million Facebook users for just $5.
While hackers and other cyber criminals can save by buying in bulk, the cost to the individual, or the business, that falls victim to one of these techniques is much higher.

The following is a survey of current prices on the Russian underground market:
• Basic crypter (for inserting rogue code into a benign file): $10-$30
• SOCKS bot (to get around firewalls): $100
• Hiring a DDoS attack: $30-$70/day, $1,200/month
• Email spam: $10 per one million emails
• Email spam (using a customer database): $50-$500 per one million emails
• SMS spam: $3-$150 per 100-100,000 messages
• Botnet: $200 for 2,000 bots
• DDoS botnet: $700
• ZeuS source code: $200-$500
• Windows rootkit (for installing malicious drivers): $292
• Hacking Facebook or Twitter account: $130
• Hacking Gmail account: $162
• Hacking corporate mailbox: $500
• Winlocker ransomware: $10-20
• Unintelligent exploit bundle: $25
• Intelligent exploit bundle: $10-$3,000

Other articles:
Study supports economic approach to tackling cybercrime

Source: http://www.wired.com


tv crime2

The official website of the EC-Council, a controversial organization that provides information security training and certification, has been defaced. The defacement appears to be the result of DNS hijacking, but the attacker also claims to have gained access to sensitive information. The website of the EC-Council has been hacked several times over the past years. This time, experts noted that the hacker, calling himself Eugene Belford (the name of a character from the movie “Hackers”), defaced the site by redirecting its visitors to an arbitrary domain via DNS poisoning.ec However, in a message posted on the defacement page, the attacker said he had gained access to “thousands of passports belonging to LE (and .mil) officials.”

He also published a copy of Edward Snowden’s passport on the defacement page. It’s worth noting that Snowden reportedly obtained EC-Council certifications after taking some classes in New Delhi, India. The hacker has also suggested that the administrators of the EC-Council website are reusing their passwords. At the time of writing, the website of the EC-Council is offline.

 

tv-Annon

24-year-old Jacob Allen Wilkens of Postville, Iowa, has been sentenced to 24 months’ probation for participating in the attack launched by Anonymous against Angel Soft, a subsidiary of Koch Industries. He has also been ordered to pay $110,932.71 (€80,919.64) in restitution. Wilkens has admitted launching distribute denial-of-service (DDoS) attacks against the website of bathroom tissue company Angel Soft in February and March 2011. The web server that hosts the website is located in Green Bay, Wisconsin.
Koch Industries said the attack had caused losses of several hundred thousand dollars. The Iowa man is the third to be sentenced. Back in December 2013, 38-year-old Eric J. Rosol was sentenced to two years’ probation. Earlier this month, 22-year-old Christopher Michael Sudlik of St. Louis, Missouri, was sentenced to three years’ probation and 60 hours of community service.

tv crime2
So this post has come about by one of my friends posting the below video from LiveLeak on Facebook which is quite terrifying if you are a parent. But have no fear I will tell you how to stop people from tracking you or your child.

video pic

Some cameras, smartphones and tablets add location data to each picture you take. This means that anyone who wants to can see the exact longitude and latitude of the image. Geotagging data is wonderful for finding out where a picture was taken. However, it may not be obvious if you don’t know how to view it. For those who want to find out whether photos have been geotagged before posting them online, it is important to know how to check. The process is simple and helps to have better control over your pictures.

Is Your Camera Geotagging

Before viewing or checking for location data, you should know whether your camera is geotagging your pictures. Any camera you use must have GPS enabled in order for geotagging to occur. This is most common in smartphones, but some digital cameras have this capability as well. Without this feature, no location data is embedded in images. Remember that this data, called EXIF data, is invisible unless you know how to look for it.

What You Need

To view EXIF data, all you need is a web browser. There is no need to download extra software on your computer. Navigate to Jeffrey’s EXIF Viewer. Unlike many other tools available, this one keeps it simple and focuses on location information so you don’t have to sort through a lot of unnecessary data. Another benefit is the wide variety of file types that are supported. You would have to have some extremely rare file types for this tool not to work for you.

Using Jeffrey’s EXIF Viewer

This tool provides two different options for viewing geotagged images. The first allows you to view information from images already online. The second allows you to check images before they are posted online.

For online images, open the picture in your browser. Copy the URL of the image. The quick way is to highlight the URL and press Ctrl + C. Open the browser window with Jeffrey’s EXIF Viewer. Paste (Ctrl + V) the URL into the Image URL box. Press View Image At URL. You will see a few details about the camera, the date the image was taken and finally the location data along with a map.

For images stored on your computer, press Browse beside the Local Image File box. Choose the file in question and press View Image From File. You will see the same data the online option.

Testing it

Here is a picture I took in the summer of an exhibition about the activist group Anonymous

Post Picture

Now right click on the image and select ‘Copy Link Address’

Navigate to http://regex.info/exif.cgi and pastie the link into the URL Image box

Hit ‘View Image at URL’ and there you go.

location

Although the image on the page is a bit small, you can see tones of data including an arrow pointing to the Museum of London in the UK which is correct.

Now just imagine if this was a picture of your child on a social media site and the person viewing wanted to track them or their school down. Have no fear the following steps will tell you how to stop this from happening.

What can you do to protect yourself from stalkers and other bad guys using geotags to track you down?

Consider turning off location services on some location sharing apps

Find the location sharing settings on your smartphone and turn off the ones that you think might pose a personal safety risk. You can always turn them back on later if you want to.

Most smartphones will let you turn off location sharing for individual apps as an alternative to turning them off globally.

There are some apps such as ‘Find My iPhone’ that you won’t want to disable location sharing on. If you do disable location sharing on apps like ‘Find My iPhone’, then your phone won’t be able to relay its position and you won’t be able to find it using the ‘Find My iPhone’ service should it get lost or stolen.

Remove geotags from your digital photos

If you want to remove geotag information from your image files then you can use an app such asdeGeo (iPhone) or Photo Privacy Editor (Android) to remove the geotag info from your photos.

Consider turning off the location sharing setting of your phone’s camera app as well so that the GPS info does not get recorded as part of the picture’s meta data, this will save you the hassle of having to strip out the location data later on.

How do I turn off Geotaging on my Smart phone

Android 4.2 phones

  1. Start camera application
  2. Hit the Settings button
  3. Scroll down and find the GPS Tag option and turn it off

In older versions, the option may be called “Store Location,” but is it essentially the same process.

BlackBerry 6.0 and 7.0

RIM suggests through the online documentation that disabling geotagging be done on BlackBerry Enterprise Server,  which would work from an admin’s point of view if an agency uses BES. If not, to turn the setting off on an individual BlackBerry  phone:

  1. Open Camera
  2. Set the Location icon to “Disabled”

For some earlier versions, hit the Menu and Option buttons before changing the setting.

iPhone 4 and 5

  1. Go to Settings
  2. Select General
  3. Select Location Services
  4. Set Camera to “Off”

For older versions users can’t really turn off geotagging for the camera without disabling it for all applications. But location warnings can be set to go off when an application is using them.

Windows Phone 7 and 8

  1. Go to Settings
  2. Navigate to Applications
  3. Scroll down to Pictures & Camera
  4. Set “include location (GPS) info in Pictures you take” to “Off”

I hope this has put your mind at ease, but if you do have any question please contact me. Also please share this on social media sites and on friends pages.