[watchbreaker]

Having read this thread, and paid particular attention to this post, its time to practice what we preach and so I would like to adopt a policy of not giving the fuckers an inch/byte when it comes to any of my electronic information online or contained on my laptop.

Ladies and gentlemen, I would like your assistance. From now on I want the most paranoia based affront to our surveillance state that can be squeezed into a common or garden machine such as my own.

These are the obstacles as I see it:

1. My ISP is now my enemy. BT install superuser accounts which can remotely access and modify their customer's routers. They can watch and log all my online actions. I'm also working on the assumption that they are a MITM attack waiting to happen at the government's request, casting into doubt even supposedly secure connections.
2. The police may hack into my computer any time they want or seize it. Security is outmost, plausible deniability would be a cheeky bonus though.
3. The government and ISPs under the banner of the IWF will attempt to block what I can and cannot access online. Its S&M today, harmful ideas tomorrow.
4. As all governments embrace this new age of surveillance on crack , there will be very few trustworthy hosts so I should consider all websites likely to be either compromised or willingly hand over my data.

If possible, I'd like a setup where security precautions are forced so I can't slip up even if I wanted to, eg. if I allow someone else to use it, they wont get their mucky info all over my beautifully encrypted sex machine.

Since I will be nuking my hard drive, I'd like every single line of defense covered first so that I can download everything I need and more or less have a completely BB-Proof Laptop out of the box. Perhaps at the end of this we might have a prototype "fuck you" setup that others can use without having an insane amount of computer security knowledge (I'm probably the closest thing to Joe Public as you'll get on this forum).

Specs:

» Click to show Spoiler - click again to hide... «

Quote

System Specification---08/01/2009 22:17:25


Windows Windows XP5.1 (Build 2600) Service Pack 2

Internet Explorer 7.0.5730.11

Memory (RAM) 502 MB

CPU Info Intel® Core™2 CPU T5500 @ 1.66GHz

CPU Speed 1660.6 MHz

Sound card Realtek HD Audio output

Display Adapters Mobile Intel® 945GM Express Chipset Family | Mobile Intel® 945GM Express Chipset Family | NetMeeting driver | RDPDD Chained DD

Monitors 1

Screen Resolution 1280 X 800 - 32 bit

Network Network Present

Network Adapters Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport

CD / DVD Drives D: MATSHITAUJDA770 DVD/CDRW | F: JS5309L VYL699S

COM Ports NOT Present

LPT Ports NOT Present

Mouse 5 Button Wheel Mouse Present

Hard Disks C: 29.0GB | G: 7.8GB | H: 0.0MB

Hard Disks - Free C: 1.1GB | G: 831.1MB | H: 0.0MB

USB Controllers 4 host controllers.

Firewire (1394) Not Detected

PCMCIA (Laptops) Not Installed

Manufacturer INSYDE

Product Make Packard Bell EasyNote

AC Power Status OnLine

BIOS Info AT/AT COMPATIBLE | 09/11/06 | PacBel - 1

Time Zone GMT Standard Time

Battery High

Motherboard PACKARD BELL BV EasyNote MV46

Modem Not detected

Wireless Router Specs

Product Name: BT Home Hub

Software Release: 6.2.6.E

Software Variant: BK

Boot Loader Version: 2.0.4

Board Name: BANT-Z

First off, what OS should I use? Windows is obviously out of the question.

Who would like to start off?

[Jon_Stockton]

Semi Paranoid: Install Linux or BSD; encrypt your hard-drive; install an app that if an event is triggered, it destroys the HD (writes over it, and then sets it on fire), Do a daily audit of software on your computer and make sure there is no unknown software installed. Have a built in camera put on your computer so that you can watch it while you're away.

Extremely Paranoid: design your own operating system, hardware, bios, and boot manager. Make it so that even if they had physical access,they couldn't do anything. Again, encrypt the hard-drive, etc.

[panjandrum]

Maximum Paranoid: Change name to Throg. Smash shiny devil box. Live in cave. Throg happy.

[sas01]

Might I recommend JanusVM? It's excellent! (http://www.janusvm.com). Other than that, use other people's wifi instead of your own connection. Frequently change passwords and keys. Don't store any sensitive data on the laptop. Encrypt religiously.

It's difficult to come up with ideas tbh...

[Sid]

Full disk encryption should be obvious. I'll let you research what distros let you do that. If you don't trust AES (simply because the US govt made it) then find something that uses something else equally well thought of. There's still cold boot attacks, but I'm assuming you're not worrying about physical access just yet.

As for online traffic, pipe everything through a VPN which exits in some place like Russia. Of course now you instead have to count on the Russia hosts sniffing you.

Realistically you have to draw the line somewhere. I only encrypt /home and I only encrypt my traffic when on a particularly untrusted network. From home I'm aware that BT are evil, but if I were to VPN everything I'd be forking out a little too much on bandwidth costs and things would be a little too slow for my liking (as if they aren't already).

I just got BT's new router shipped to me today (free :)). I hate it (I'm using it cos my old one is dying). There is indeed one port open on it from the WAN. It's to do with their VOIP solution. I'm not happy about their firmware being closed (in violation of the GPL components they use).

[Pilot]

What you can also do if you dont want to ditch Windows just yet (but want to try something else) is to run a virtual machine on your computer. Essentially a computer within a computer. The two top ones are VMware and VirtualBox.

If you go with VMware, you can just create a VM with say a 20gb hard drive. If you want to be tricky, run a Linux LiveCD on that VM instead of installing an operating system. Then from the LiveCD, encrypt the drive and/or use a lesser known file system, and fill the drive with random data, such as from /dev/urandom. That'll keep anyone busy trying to figure out whats on the drive when in reality there's nothing there.

If you want to do an install in VMware though, what I suggest is that you install your OS, install apps you want, uninstall apps you dont, update everything, and then when you're happy with it, shut it down. VMware has a feature called snapshot. Create one (or two). This is kinda like a save point in a video game. From now on, you do your stuff in the VM. When you're done, power it down and revert (load) the snapshot. Anything you've done since the snapshot is erased.

If you want to go a step further and contribute to the community, perhaps you'd like to help out with the development of FLY, CS's LiveCD.

[watchbreaker]

At least in windows, VMWare doesn't run at any kind of tolerable speed, in fact it rarely works at all for me last time I tried it. With the exceptions of OSWA and Backtrack, I don't care much for dicking around with livecds, so any distro id be getting would be on the hard disk. If that's advisable with FLY then count me in.

...except I don't have a single blank disk in the house so it'll have to wait until next week!

[c4taclysmicPr0position]

Use a live cd.


Keep things on a flash drive that deletes itself if there's too many bad password attempts.

[port 21]

I'd just like to throw in there:

TheBr0ken. Thermite


Anyone that knows what i mean, say "i". Anyone who doesnt. Google the above words.


I was thinking about a year ago about a HUGE electromagnet around my doorframe. With an rfid reciver connected to it. The laptop has a small rfid chip in it, with the reciever under my desk. When my laptop is moved it enables the rfid reciver on the door frame. As the laptop passes it, it enables, pulling the bits and zero'ing the drive.

Works in theory, but too many variables. Plus its possible to retrieve data from pretty much any hd in pretty much any state.


Now, if you had a solid state drive you could cake thermite over the top of the chip, whack a small magnesium strip into it, connected to 2 wires, then connected to a switch.
The police break down the door, flich the switch, wires heat up, ignite the magnesium, which ignites the thermite.

Although i have heard of police using liquid nitrogen to freeze ram, then recover data from it.

So whatever you try your pretty much screwed.

This post has been edited by port 21: 18 January 2009 - 09:58 PM

[c4taclysmicPr0position]

If it's a desktop computer that you don't intend moving, you can put some lithium on the board and drive, then rig it so an internal cup of water will spill on it destroying the whole thing...


Or pure potassium. Put that on some stuff, then the water and you have a nice boom.

[lolage]

Regarding "wiping harddrives".

It should also be noted that watchbreaker is in the UK and is therefore subject to UK anti terrorism laws.

e.g.: You are required to give the police, access to any data you may have. If anything you own is passworded, you are required by law to hand over the passwords. Even if you don't remember/have/can't get them :]

So anything involving explosions or similar dramatics will get you banged up without trial, subject to the polices discretion. You are already walking on thin ice as they can basically kidnap you whereever you may be, and hold you for somewhere around 42 days without charge.

This is of course not mentioning all of the other shite they get up to.

So, realistic measures would do nicely. Even cool electrical mods like modding wireless routers, hiding them around your house/street, drives and so on; would be great.

[panjandrum]

Yup. Garden gnomes give off naturally occuring radiation in wifi frequencies. The police specialist who came along in the truck would disregard it as the source, knowing it is simply the magic of the fairy people.

[fapped]

If your tin foil hat is really shiny, then you might want to have a look at this link. Plus it's a good read :) http://www.hermann-u...t-1-base-system

This post has been edited by fapped: 27 January 2009 - 01:57 PM

[port 21]

Great link fapped.

It reminded me to look back in to flashing my aspire one's bios. =P

[x5x]

Some added protection is to set up a tor exit node on your Network. Try to keep it running on two computers at least, that way, if you turn one off, they wont be able to tell that one of your computer's was shut off. It's ok if you only have one laptop though, an exit node will still give you added protection in several ways:

1) It will stop anyone monitoring your connection from being able to tell who went to what site, visited what IRC channel, etc.
2) It would make monitoring your connection a nightmare as it would constantly be active with multiple connections.
3) It would make it impossible to profile you based on your search queries.

[x5x]

What is BT, and would setting up your computer to share its internet connection with other computers be a better setup?

What I mean is: (modem) >>> (PC) >>> (Router) >>> (Other PC's)

Would this prevent them from hacking your router, or at least make it much more difficult?

This post has been edited by x5x: 11 February 2009 - 12:26 AM

[nebriv]

why not (modem) >>> (Router) >>> (PC's)

Typically Routers also provide a slight layer of protection, with firewalling stuff and sometimes scanning and blocking crap...

[port 21]

Nebriv is right.

Enable SPI on the firewall (if it supports it).
Will kill your connection if you like playing games etc, but its reasonably strong.

[Xerxes]

Now they can from distance (outside your house, I believe) use tools to see what's on your screen and what you type. Even worse... and no way to protect? Tinfoil around the PC? ;)

[Bunny Hopper]

Does anyone know of a site that will give you step by step directions on how to protect your computer in an in depth manner? If not then perhaps some of you would like to help make one?