Internet security and privacy are very controversial topics in this day and age. There have been great efforts by governments and corporations to make the actions of all people known to them. Law enforcement has not just caught up with the hackers; they've surpassed them through shady deals with manufacturers and developers of the hardware and software you love. Here I am again, evangelizing about how you can subvert the system. However, this time I present a twist!
My previous article on how to preserve your privacy was a beginners guide, intended for normal users. The information covered was mostly how to browse the web anonymously and was enough to suit the needs of the vast majority of people. Contrarily, the information presented in this article is mainly geared towards oppressed journalists, hackers, whistleblowers and other types who absolutely need to stay anonymous but not necessarily private. People who fall into the categories listed often don't want to be private (in the sense of being unknown) since they want their voices to be heard—at least in limited circles. I'm going to present you with many ways you can stay anonymous, evade capture and continue fighting the good fight against the man.
There are 3 major areas you need to be successful with in order to be completely evade a nation state and here they are: securing your online presence, securing your data and securing your money and business.
Secure your online presence
You're going to need to become a ghost to stay alive. Start deleting your social media accounts and start wiping your computers and phones. The first step in being successfully anonymous is to completely establish yourself as someone you aren't. Disassociate from your true identity and don't look back. All it takes is one simple oversight or lapse of reasoning to get yourself owned. If you have any files you care about and must save them, back them up on a flash drive drive or an external HDD. It is preferable to just delete everything, don't let sentiment be your downfall.
After you're finished purging any links to yourself, you're going to want to do most of your work in a GNU/Linux environment. Do NOT use Ubuntu if your privacy is critical to you. Canonical (Ubuntu's developers) do give their users' filesystem data and browsing data away to advertisers just like Apple and Microsoft. Use a distribution that is much more stripped down and with less moving parts to keep track off. I recommend Debian or even Arch Linux. Gentoo is overkill but you would have unparalleled customizability.
QubesOS is an operating system that implements security by virtualization and isolation. I talk about it in my previous article "Anonymous Online". Edward Snowden has endorsed QubesOS so I think you should learn about it.
If you absolutely cannot live without your current installation of Mac OS X or Windows 10 and the files contained within, you might consider buying burner devices—which we will revisit later or just getting a separate computer. If you're going to do anything illegal such as hacking, don't connect to the internet from home. Go to your local library or internet cafe. At an Internet cafe, there is a 60% chance that someone is sniffing everyone's traffic for their juicy data. Use a VPN to encrypt your data to beat the sniffers and use TOR and other proxies to beat any VPN surveillance.
Here's the one missing piece of you keeping your browsing private: change your MAC address every time you connect to the internet. Your MAC address is an allegedly unique identifier, hardcoded into your network interface card, that identifies your computer on a network. A MAC address makes sure that the computer that requested a remote resource receives it, and not any other computers that may be on the same network. Your MAC address is also a unique identifier for all of your online activities—and you thought having your IP address exposed was bad.
Fortunately, you can easily change your MAC address. Simply install MAChanger on your Linux install as root.
# This is a comment, you don't need to type it. # You can replace eth0 with enp0s3 or whatever your adapter is called. sudo apt-get install macchanger ip link set eth0 down macchanger -r eth0 ip link set eth0 up
Communication between other people who want to remain unknown is also crucial. What's the best way for you to contact other people without giving away your personal information? Use ProtonMail as an email and encrypt all messages with 4096-bit GPG.
GPG stands for GNU Privacy Guard and is an open source implementation of public-key cryptography. Here's how this works: you create yourself a private key and a public key; you send anyone you want to be in contact with your public key so they can encrypt a message and send it to you; they send a garbled encrypted mess via secure email; you decrypt it with your private key and read the message. You have the only means to decrypt messages you receive. Your public key is completely safe to share online since it cannot be used for decrypting a message. GPG also has other uses such as "signing" a message or git commit to verify that it is indeed from the person it claims to be from.
There are numerous guides in how to use GPG, give it a search and learn what you can do with it.
Change your DNS servers!! DNS servers are responsible for resolving a server's IP address from its domain name. Never use your ISP's DNS servers nor Google's DNS Servers. Google's DNS servers include 188.8.131.52, 184.108.40.206. There are many more secure DNS servers such as OpenDNS. You can find the IP addresses of these servers with a quick search in your browser.
OpenDNS — https://www.opendns.com
You may not be able to persist your changes by directly editing the config of your /etc/resolv.conf on Linux because of your network manager in newer versions of Ubuntu and such. You can install resolveconf if it is not already and edit the file /etc/resolvconf/resolv.conf.d/base with vim or something running as root. The commands needed to do this are shown below.
# Granted, there are other ways to do this. I just find this the easiest. sudo apt-get install resolvconf sudo vim /etc/resolvconf/resolv.conf.d/base sudo resolvconf -u
Secure your data
There are standard forensics tools made to recover deleted files and to uncover hidden data that can be used to incriminate you. A lot of the data that can and will be used against you is created automatically by your Windows operating system. Windows has a lot of problems when it comes to security: poor design, trivial patches, a bad data policy and other threats to your freedom.
In fact, Microsoft Windows has existing backdoors in its codebase for the use of law enforcement. You may have heard of the EternalBlue exploit that the hacking collective "ShadowBrokers" stole from the NSA. The NSA has exploits that even Microsoft doesn't know about. Since Linux is also a very popular alternative, it's safe to assume that they have 0day exploits for the kernel and hardware it runs on. And yes, they have backdoored hardware.
EternalBlue — https://en.m.wikipedia.org/wiki/EternalBlue
On both AMD and Intel chipsets, there are microprocessors that have the highest level of privilege on any computer and have been used as backdoors for hackers and law enforcement. These chips are always running as long as the motherboard is receiving power, even when the computer is turned off. These chips can be remotely accessed and used to control your computer, steal passwords and surveil you. It does get worse though.
There are even undocumented instructions in the Intel and AMD processor architectures. We don't know what the usage of these instructions are but it's safe to assume that there is some collusion with law enforcement in their trade secrets. There are also bugs in disassemblers and debuggers that does not allow them to recognize instructions in their processor architecture that are not documented. Analysis in reverse engineering tools such as IDA and Radare2 might result in the conclusion that an application binary is completely safe, while when the application is run on bare metal (no virtualization involved) it may behave significantly different.
To the non-technical reader, what this means is that if a program sample is analyzed in a lab, it is possible to evade classification as malicious. There is a Black Hat 2017 talk where this is explained called "Breaking the x86 instruction set".
Black Hat 2017 Talk — https://m.youtube.com/watch?v=KrksBdWcZgQ
Well, what can you do about this? Be very careful of what you download, how you connect to the internet and learn as much as possible about your computer and operating system. Always keep your system and all your software installed up-to-date! If a software vendor or hardware manufacturer has a security flaw uncovered, they will release a patch within a couple days to prevent any attention that will impact their user-base negatively and to save face.
Purchase security equipment. You're going to need to know if there are black vans circling the block or mysterious people coming to bug your house. Knowing when a raid is coming is essential. Buy a bunch of security cameras and place them around the place you're staying. Some consumer electronics store online such as NewEgg allow you buy items sold and shipped directly by Newegg with Bitcoin or Bitcoin Cash.
Buying burner devices might also be useful. Burner devices are disposable electronics—be it a laptop or phone—that you will only use a couple of times (or once) to conduct business anonymously. You can use one as a possibly permanent device but that defeats the purpose of having a burner. If something ever happens or is going to happen inevitably such as a raid, you may have to destroy your devices or at least render them unusable. Don't buy like 12 phones (iPhones are not an option) and switch between at the same location. Use different devices in different places; try to put some distance between the locations you use.
Encrypt your entire harddrive and also create encrypted volumes for storing your files. You can also create hidden volumes with something like VeraCrypt.
The great thing about Veracrypt is that it offers you "plausible deniability". You can hide a secret volume inside an existing volume that—if you take the necessary precautions—can be impossible to prove its existence in a court of law or elsewhere. This is done by creating a Veracrypt volume with one password and embedding a hidden volume with another password.
If you ever have a gun to your head or are having each one of your fingers broken while being interrogated for your password, give them the outer volume password. Never give out the password to your hidden volume. All of your unused space in a VeraCrypt volume is filled with random garbage that cannot be told apart from a hidden encrypted volume.
Risking your secret data being deleted is not as bad as having it discovered. If possible, I recommend installing your VeraCrypt volume on some form of removable media (eg. a flash drive). Doing such will allow you to hide not just your data but also the storage for your data.
Turn off swapping if you can. If you have enough physical memory, you don't need to swap. Swapping is the process of your operating system flushing memory from your RAM to your storage to try to ensure performance. A lot of times, your swap is not encrypted and can be easily recovered and examined for your passwords and such. If you can afford to, disable it.
Secure your financial dealings and banking
You cannot eliminate buying and selling from your life, but your bank has all of your personal information. Fortunately, there are many ways to still be able to buy and sell online without having to disclose your identity.
Cryptocurrency is a popular solution for pseudo-anonymous online transactions. Most Bitcoin exchanges require legal documents to verify your identity, so scratch Coinbase and friends, For the ultimate security, use a Bitcoin ATM to have cash directly transferred into your Bitcoin wallet. ATMs often have cameras either installed or nearby. So, you absolutely cannot be seen in public, pay a homeless guy to do it for you—make sure to promise them some money so they don't just run off to their crack dealer with all of your money.
Prepaid cards are also an option, you can pick them up at most major stores. Remember that dealing in cash is mostly untraceable. There is also the option of virtual cards which are generated for one-time use for any particular purchase. If you don't plan on ever returning something, virtual cards might suit your purposes.
Be very protective or your computer(s). Once a computer has left your sight, you cannot guarantee that it has not been tampered with. If someone gets your Bitcoin wallet password with a keylogger, you can wave goodbye to all of your money. To address this issue, you might consider purchasing a hardware wallet such as Ledger. Hardware wallets can act a little like Two-Factor Authentication, since you need to have something physical in your hand to use it. Make sure to always have a backup device just in case you lose one or have it stolen.
Ledger Wallet — https://www.ledger.com
Alright, you know have a good head-start on how to evade capture from an international manhunt or to prevent yourself from being identified at all while commiting actions that might be considered illegal in some countries. I wish you safe travels and happy hacking!