Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 Mar 2009 21:56:39 -0600
From:      Modulok <modulok@gmail.com>
To:        Gilles <gilles.ganault@free.fr>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Anonymizer tool like Tor?
Message-ID:  <64c038660903132056o5259bb7ev76d4f66937896360@mail.gmail.com>
In-Reply-To: <i9khr4du3kqfhc2p2fpbtl0jqvqdapumns@4ax.com>
References:  <i9khr4du3kqfhc2p2fpbtl0jqvqdapumns@4ax.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 3/12/09, Gilles <gilles.ganault@free.fr> wrote:
> Hello
>
> I'd like to download information from our competitor's web site,
> without their knowing it's from us.
>
> Do you know of an alternative for FreeBSD, ie. a solution that will
> let me connect to a web server through at least one other host, and
> have the IP address change automatically every few minutes?
>
It depends on how 'anonymous' it has to be. For simple corporate
espionage script-type stuff, you could buy a small web-hosting service
which provides an SSH account. You can get one of these for about
$10.00 a month or less. Simply ssh to the remote server and do all of
your bidding from there. It's inexpensive, convenient and somewhat
anonomous. If your adversary has enough muscle to convince the web
host to give out information about who owns the given IP, you'll need
more protection.

For actual anonymity from those with significant resources and the
motivation to find you, the following should work. This goes beyond
petty corporate espionage though, and requires significant motivation
on your part as well:

Buy a used laptop from a garage sale with cash. Make sure it has a
wireless ethernet card or can accommodate one. Install BSD on it
through a GELI encrypted GEOM. (No plain-text ever touches the disk.)
Put the decryption key on a USB stick and leave it at a secure
location NOT on your person. (Somewhere at home perhaps. You should
covertly store the decryption key, itself encrypted and protected by a
password, within an image or audio file on the USB stick via something
like steghide. See: /usr/ports/security/steghide) This way, even if
the USB stick is recovered, it contains no obvious information. In an
audio or image file the decryption key will be indistinguishable from
static or dark-current.

Edit the rc.conf file to spoof the Ethernet (MAC) hardware address to
be a new pseudo-random value at each boot. Configure the system to
automatically receive an IP address via DHCP. Dissable the wireless
card. (Most have a physical switch.) Boot the system with the USB
stick at home. Leave the USB stick at home! Plug the laptop it into a
cigarette lighter adapter in your car. Go perusing through urban areas
during daylight hours looking for un-secured wireless networks. (There
are many to be found.) Once you find a connection, do your business.
When totally done, issue the shutdown command. You, nor anyone else,
will be able to boot the laptop without the decryption key, which you
do NOT carry with you! In this manner if your adversary should
approach you while in the field, simply cutting the power to the
system should protect you from physical incrementing evidence. All but
the most significantly motivated attackers should not be capable of
obtaining any of the information on the laptop. Unless you're jumped
by people in black suits while in the field, nobody will be able to
connect you to the business you've been doing. Just remember not to do
anything stupid from the laptop which would connect you to it, like
checking your email.

-Modulok-



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?64c038660903132056o5259bb7ev76d4f66937896360>