Silk Road forums

Discussion => Security => Topic started by: Authbyma on June 23, 2013, 01:55 am

Title: Clearing all traces of your connection to SR?
Post by: Authbyma on June 23, 2013, 01:55 am
Theoretically, if you knew you were compromised (i.e. had a CD to your door this afternoon) what would you do?

First off, no, I'm not in this situation. I've just never read anything about what the strategy should be if I ever was in this situation. Better to be prepared ahead of time!

First things that obviously come to mind for me is to delete the Tor bundle, any docs on my laptop with log-in info for sites such as Bitinstant, & any thing like trip reports/drug related stuff in general.

I'm not the most technically -gifted person around, but I know there are a lot more steps that would need to be taken to give yourself a better chance of avoiding jail. Any tips?
Title: Re: Clearing all traces of your connection to SR?
Post by: Lorimer on June 23, 2013, 03:29 am
Clearing ALL traces? Get an NSA-approved degaussing paddle. Yes, they might seize the wand as evidence, but even a team of the DoD's best forensic analysts wouldn't be able to retrieve a thing from your computer. ;)

Seriously, though, you realize that just deleting a file or program from a computer doesn't do much. You need to overwrite the part of the disk that the file was using with new information; until that's done, the file can be recovered without too much effort. Look for software that incorporates the Guttman method of data erasure.

Also, if you're using TOR from home without a VPN (or without bridges), your ISP will have records of that use. Even if you deleted the browser bundle it wouldn't take more than a quick look at your IP logs to show not only that you'd been using TOR, but how much time you'd spent been using it.

It's difficult to say more without knowing the situation. The question might sound simple, but any answer that would be worth anything depends on the person asking (personal use buyer of weed vs bulk reseller? what country?), the computer setup they're using, the security precautions already in place, and the circumstances surrounding the CD.

And my tip is to minimize any traces to begin with.
Title: Re: Clearing all traces of your connection to SR?
Post by: i push the kush on June 23, 2013, 03:39 am
If you're that paranoid just encrypt your hard drive, that way if the feds were to kick in your door, they will not be able to see or get any information off your hard drive unless they have the password. Use Truecrypt to encrypt your HDD.

Here is a link to the thread I posted which is very informational - http://dkn255hz262ypmii.onion/index.php?topic=175328.0

Truecrypt tutorial - http://www.randyjensenonline.com/blog/using-truecrypt-to-encrypt-your-entire-hard-drive
Title: Re: Clearing all traces of your connection to SR?
Post by: CrazyBart on June 23, 2013, 03:47 am
Theoretically, if you knew you were compromised (i.e. had a CD to your door this afternoon) what would you do?



If i had a CD or somehow knew one was coming. I'd throw my computer in a lake at least 100 miles away from my house.
Title: Re: Clearing all traces of your connection to SR?
Post by: mcguire39 on June 23, 2013, 03:53 am
There's some tools out there to wipe the hard drive, but they erase everything. It has to write it with random data a number of times to ensure the data can't be recovered. Then just reinstall plain windows or something so it at least looks like it was in normal use but no traces of anything else on there.
Title: Re: Clearing all traces of your connection to SR?
Post by: piratesofpenzance on June 23, 2013, 04:39 am
Darins Boot & Nuke. Pop the cd in. Let it rip. Free by the way. But that is only going to eliminate the traces on your hard drive. It can't/won't eliminate what can be found through back tracing steps, transactions and fuck ups. Best thing? Boot and Nuke and SHUT THE FUCK UP. ;) Good luck out there.
Title: Re: Clearing all traces of your connection to SR?
Post by: SorryMario on June 23, 2013, 05:41 am
If they find the drugs in the mail and do a CD, they still have no way of knowing who purchased it or from where. You still have plausible deniability.

The most important thing, besides keeping your mouth shut, is to not have any record of your SR username/password. After all, your entire transaction history is stored there including, presumably, the shipment they intercepted. Keep that login data encrypted with a *STRONG* password either on a hidden partition or a usb stick. Better yet, keep that information only in your head (and keep your mouth shut).

If you get CD'd, it's highly unlikely you'll have time to DBAN the hard drive - yanking the power cord out of the wall when seizing a computer is SOP for the swine. An ounce of prevention is worth a pound of cure.
Title: Re: Clearing all traces of your connection to SR?
Post by: sofish89 on June 23, 2013, 08:16 am
If someone "thru their laptop in a lake" or basically left it somewhere where LE couldnt find it, would they (LE) be able to call your internet provider or look at your wifi history and see that you used or downloaded tor bundle without having the physical laptop that was used?
Title: Re: Clearing all traces of your connection to SR?
Post by: Authbyma on June 23, 2013, 01:11 pm
If someone "thru their laptop in a lake" or basically left it somewhere where LE couldnt find it, would they (LE) be able to call your internet provider or look at your wifi history and see that you used or downloaded tor bundle without having the physical laptop that was used?

According to lorimer, they could. However, I don't think they can really prove *where* you were going with TOR. With the recent NSA debacle, I think it's a lot more plausible than it used to be to just claim you use TOR because you feel like the government recording everything you do is immoral.
Title: Re: Clearing all traces of your connection to SR?
Post by: dontek on June 23, 2013, 01:32 pm
Why would you have documents on your computer with login information about any of these sites anyways? Keep all that shit in your brain. If you can't remember it, create a tormail or some other anonymous email account and keep an email there with the information (Create the account with TOR obviously) then all you have to do is remember that one specific URL.

If you ABSOLUTELY need to have login information or any incriminating evidence "written down" somewhere, here's what I would suggest: Find an old BlackBery phone that is for sale for cheap. Don't activate any service to it. Set a password on it, change the timeout to 3 for the device wipe. Shit hits the fan, all you have to do is enter the wrong password 3x and it will automatically and instantly wipe everything off of the device and reboot it to a factory setting.

As far as the bundles and TOR browser, so long as you don't have pages bookmarked or any type of history in the browser, so what? They can prove that you have TOR and use it, but can't prove what you are doing with it. All you are is a paranoid american who learned about TOR in the last few weeks/months when all this NSA/Big Brother shit came to light.

But seriously, I would highly encourage you to get any and all documents off of your hard drive. No paper notes laying around the house or hidden or anything either.
Title: Re: Clearing all traces of your connection to SR?
Post by: No Surprises on June 23, 2013, 04:37 pm
I wouldn't faff around trying to clean your HDD. Just take it out, smash it up and buy a new HDD.

Edit: It's 2013, buy an SSD instead.
Title: Re: Clearing all traces of your connection to SR?
Post by: tempo on June 28, 2013, 10:55 pm
It's 2013, buy an SSD instead.

But start immediate with full disk encryption, if you go with a SSD and install your OS.
Title: Re: Clearing all traces of your connection to SR?
Post by: newbottles on July 01, 2013, 08:20 pm
Never talk to LE.  Period.  By far the most important security tactic.

TrueCrypt for any/all drives is mandatory.  Even if you segregate "clean" and "dirty" activity drives - encrypt them all.  This makes it look less suspicious and you more nerdy.

Encryption is only as good as the password.  Don't be lazy here.

The point re: ISP showing records of you *using* TOR (*not* what you did while using it) is a very eye opening one to me.

Plausible deniability is the ultimate goal.  So think hard about what you "hide" and what you don't.  For example, TOR and BTC are legal.  Keep in mind the ISP point above.  So why not keep them on your (encrypted) "clean" drive/OS that you use for everything else that is legal?

Vendor PGP keys and history, any drug related URLs or notes, illegal records, BTC wallet data files, user names, etc, should be kept on a USB thumb drive, which you have encrypted and can easily be physically compromised/destroyed.  Why not?

Always be mindful of what information/sites you access via your clearnet after you have started the TOR game.  For example I looked up all kinds of info about illegal drugs since I was a kid, using clearnet and my ISP.  I am sure we all did.  This is a great and well established and healthful activity that is totally legal in USA. 

But once I used TOR to access SR for the first time, I keep things pretty clean (except nice legal pr0n duh) on clearnet, and use TOR for anything borderline.  A good example here is pill identification sites.  Use TOR.  Why not?  Or researching your DOC that you have purchased on SR.  Use TOR.  Why not?

Please tell me what I am missing here!

Title: Re: Clearing all traces of your connection to SR?
Post by: comsec on July 01, 2013, 09:06 pm
If you are only importing personal amounts and they show up to your door they are fishing and trying to either scare you into stopping or get you to admit to something because obviously they don't have the evidence for a warrant or they'd be inside ripping everything apart.

"Am I being charged with anything? No? Goodbye"

If you are selling, and you don't already have full disc encryption then you've immediately lost because there won't be any time to delete anything when they come in at 5am guns drawn. Not like forensic software can't recover any deleted files anyway, or they can't check your google search history to find drug forums on clearnet you went to (or to google the SR .onion link), or they can ask your ISP for full records of every single site you went to unless you always used Tor for anything drug related. Can't exactly delete vac and mylar sealers, or bags of drugs lying around, or scales and shipping receipts or materials either. If you have  a label printer it probably can be matched up to whatever they seized easily, or even store the last few labels in memory so they can re-print them. Only way to avoid this is get a cash paid anonymous safe house and hope you aren't followed to it everyday.

Title: Re: Clearing all traces of your connection to SR?
Post by: newbottles on July 01, 2013, 10:06 pm
If you are selling, and you don't already have full disc encryption then you've immediately lost because there won't be any time to delete anything when they come in at 5am guns drawn. Not like forensic software can't recover any deleted files anyway, or they can't check your google search history to find drug forums on clearnet you went to (or to google the SR .onion link), or they can ask your ISP for full records of every single site you went to unless you always used Tor for anything drug related. Can't exactly delete vac and mylar sealers, or bags of drugs lying around, or scales and shipping receipts or materials either. If you have  a label printer it probably can be matched up to whatever they seized easily, or even store the last few labels in memory so they can re-print them. Only way to avoid this is get a cash paid anonymous safe house and hope you aren't followed to it everyday.

Wow it sounds like being a vendor on SR is really glamorous and fun!   ;)
Title: Re: Clearing all traces of your connection to SR?
Post by: piratesofpenzance on July 14, 2013, 09:45 pm
If you are selling, and you don't already have full disc encryption then you've immediately lost because there won't be any time to delete anything when they come in at 5am guns drawn. Not like forensic software can't recover any deleted files anyway, or they can't check your google search history to find drug forums on clearnet you went to (or to google the SR .onion link), or they can ask your ISP for full records of every single site you went to unless you always used Tor for anything drug related. Can't exactly delete vac and mylar sealers, or bags of drugs lying around, or scales and shipping receipts or materials either. If you have  a label printer it probably can be matched up to whatever they seized easily, or even store the last few labels in memory so they can re-print them. Only way to avoid this is get a cash paid anonymous safe house and hope you aren't followed to it everyday.

Wow it sounds like being a vendor on SR is really glamorous and fun!   ;)

This made me laugh...I think people assume it IS glamorous like Breaking Bad or something. Nothing is farther from the truth however there are individual people who will claim otherwise. It is a zero sum game and the best get out at the top before shtf.
Title: Re: Clearing all traces of your connection to SR?
Post by: MissNatural on July 14, 2013, 11:38 pm
Ultimately, the best thing to do is use TAILS with an Encrypted USB. Personally I take it a step further and hide truecrypt containers on the encrypted part of the drive so if they did get into it they would need to find the container, which has a hidden section of it, so if I am forced to give up the password, I can give them access to the nonsensitivee part of the container. The sensitive part uses a different password. The container which contains all of my secret keys, my bitcoin wallet keys, etc. On top of that all of the sensitive files inside of that are encrypted to a secret key that I have hidden somewhere. Did I mention my password for my encrypted section of the OS is over 50 characters long.

On top of all this I have it backed up on another USB hidden off somewhere. So if it's ever compromised, there is no way they will get into it. I(or someone else) can go retrieve it, unlock everything, and move/sell my bitcoins to a safer place so even in the 0.0001% chance they get into my drive, they won't confiscate my bitcoins. All they will find is my secret keys and nothing else.

That's the great thing about bitcoins. They are stored collectively on the network, not on your PC. You can have your key to your wallet in a million places and from any one of those places you can move your bitcoins. If any one of those places is accessed and your private key is used your bitcoins can be moved to another wallet with a different key, and those other 'million' places with your other wallet key instantly become completely useless. Bitcoin is a truley amazing thing when you understand how it works.

Most importantly, exercise your rights, especially your fifth amendment. Do not break laws that you're not willing to do time for... if you're doing it for profit, better make sure the risk is worth the money. Plan for ever scenario. If they ever did a CD on me, I would most assuredely take a 2-3 month break from everything illegal, and keep my eyes open to see if they're watching. That is even if the CD fails and nothing comes of it.

With that said. If a CD happens. I hope you were making enough money to have enough to hold you over for 2-3 months, or better yet, I hope that wasn't your only source of income. Be prepared.
Title: Re: Clearing all traces of your connection to SR?
Post by: karmahype on July 15, 2013, 10:25 am
I have a question as well regarding this but a slightly different scenario.  My computer screen broke that I used for SR.  I have a warranty and was told to send the computer back to them for repair, replacement. 

In the paperwork it did state if any inappropriate or illegal info was found on computer it would be sent to the appropriate law enforcement.

I was going to reformat the hard drive back to factory settings.

Am I still at risk?  Or should I just not have the computer fixed ( it cost less that $300) and take that chance?

Title: Re: Clearing all traces of your connection to SR?
Post by: Wadozo on July 15, 2013, 10:56 am
I have a question as well regarding this but a slightly different scenario.  My computer screen broke that I used for SR.  I have a warranty and was told to send the computer back to them for repair, replacement. 

In the paperwork it did state if any inappropriate or illegal info was found on computer it would be sent to the appropriate law enforcement.

I was going to reformat the hard drive back to factory settings.

Am I still at risk?  Or should I just not have the computer fixed ( it cost less that $300) and take that chance?

If your concerned, use Darik's Boot and Nuke - http://www.dban.org/ and format your hard drive. You shouldn't be storing any SR related info/files/photos, etc on your PC. Create an encrypted USB stick or Live-CD and keep all your SR related material on that. Search the forum for tutorials on how this is done.
Title: Re: Clearing all traces of your connection to SR?
Post by: microdotter on July 15, 2013, 10:58 am
i just rented a VPS in a far away country, and connecting to SR trough there - never from my own computer, if caught, i will be 100% no one will even ever know the server existed.
Title: Re: Clearing all traces of your connection to SR?
Post by: Wadozo on July 15, 2013, 12:53 pm
i just rented a VPS in a far away country, and connecting to SR trough there - never from my own computer, if caught, i will be 100% no one will even ever know the server existed.

Only problem with VPN's is they all keep logs (even if they claim not to) and if forced to, will hand them over to LE. I hope you are paying with Bitcoins.  :-\
Title: Re: Clearing all traces of your connection to SR?
Post by: microdotter on July 15, 2013, 01:30 pm
not VPN - VPS  :)

like another computer in another country i log to hes desktop to use SR , if my personal computer gets to LE they have no idea the other one even exist.
and i can anyway format this remote computer HDD at anytime from any other computer in one click,

generally even if you are using your computer so what will they find there? tor browser?  thats nothing. there is no reason to keep any info, memorize rge url and the login and that's it.  PGP keys deleted after use.
Title: Re: Clearing all traces of your connection to SR?
Post by: karmahype on July 15, 2013, 01:43 pm
Wadozo

I don't keep any info, but it will show TOR browser and PGP downloads, so I will try the link you sent me.

Thanks!!
Title: Re: Clearing all traces of your connection to SR?
Post by: joolz on July 15, 2013, 01:47 pm
I have a question as well regarding this but a slightly different scenario.  My computer screen broke that I used for SR.  I have a warranty and was told to send the computer back to them for repair, replacement. 

In the paperwork it did state if any inappropriate or illegal info was found on computer it would be sent to the appropriate law enforcement.

I was going to reformat the hard drive back to factory settings.

Am I still at risk?  Or should I just not have the computer fixed ( it cost less that $300) and take that chance?
how long does the road keep unencrypted address,s for   :'(   :'( plz
Title: Re: Clearing all traces of your connection to SR?
Post by: microdotter on July 15, 2013, 01:57 pm
I have a question as well regarding this but a slightly different scenario.  My computer screen broke that I used for SR.  I have a warranty and was told to send the computer back to them for repair, replacement. 

In the paperwork it did state if any inappropriate or illegal info was found on computer it would be sent to the appropriate law enforcement.

I was going to reformat the hard drive back to factory settings.

Am I still at risk?  Or should I just not have the computer fixed ( it cost less that $300) and take that chance?
how long does the road keep unencrypted address,s for   :'(   :'( plz

until the order is put "in transit" than the address gets deleted.
Title: Re: Clearing all traces of your connection to SR?
Post by: joolz on July 15, 2013, 02:13 pm
I have a question as well regarding this but a slightly different scenario.  My computer screen broke that I used for SR.  I have a warranty and was told to send the computer back to them for repair, replacement. 

In the paperwork it did state if any inappropriate or illegal info was found on computer it would be sent to the appropriate law enforcement.

I was going to reformat the hard drive back to factory settings.

Am I still at risk?  Or should I just not have the computer fixed ( it cost less that $300) and take that chance?
how long does the road keep unencrypted address,s for   :'(   :'( plz

until the order is put "in transit" than the address gets deleted.
its not bruvva  :'(
Title: Re: Clearing all traces of your connection to SR?
Post by: Wadozo on July 15, 2013, 02:22 pm
not VPN - VPS  :)

like another computer in another country i log to hes desktop to use SR , if my personal computer gets to LE they have no idea the other one even exist.
and i can anyway format this remote computer HDD at anytime from any other computer in one click,

generally even if you are using your computer so what will they find there? tor browser?  thats nothing. there is no reason to keep any info, memorize rge url and the login and that's it.  PGP keys deleted after use.

You still face the same problem with a Virtual Private Server (VPS) in that the server you connect to will have a log of your true IP address. You don't know who is running the service or who may have access to it. If LE get hold of your PC and it's been used for your SR activities, a stack of info can be collected if the HDD isn't encrypted. Yes, things like PGP keys and alike can easily be deleted from your system. However, deleting a file/folder is one thing but deleting it so it can never be recovered is something else altogether. Formatting a HDD is a pointless exercise unless software like Secure Erase or Dban is used. I doubt the format you talk about uses such software. Anything else won't permanently delete the stored data and will leave it recoverable, making any incriminating info. stored accessible to Computer Forensics.
Title: Re: Clearing all traces of your connection to SR?
Post by: microdotter on July 15, 2013, 02:27 pm
not VPN - VPS  :)

like another computer in another country i log to hes desktop to use SR , if my personal computer gets to LE they have no idea the other one even exist.
and i can anyway format this remote computer HDD at anytime from any other computer in one click,

generally even if you are using your computer so what will they find there? tor browser?  thats nothing. there is no reason to keep any info, memorize rge url and the login and that's it.  PGP keys deleted after use.

You still face the same problem with a Virtual Private Server (VPS) in that the server you connect to will have a log of your true IP address. You don't know who is running the service or who may have access to it. If LE get hold of your PC and it's been used for your SR activities, a stack of info can be collected if the HDD isn't encrypted. Yes, things like PGP keys and alike can easily be deleted from your system. However, deleting a file/folder is one thing but deleting it so it can never be recovered is something else altogether. Formatting a HDD is a pointless exercise unless software like Secure Erase or Dban is used. I doubt the format you talk about uses such software. Anything else won't permanently delete the stored data and will leave it recoverable, making any incriminating info. stored accessible to Computer Forensics.

Yeah you are right this is not full proof, but for my small time buying needs thats more than enough as LE search the computer jsut for general stuff (i have had 3 computer seized before and checked, and they were quite lame in finding anything, still, its not a murder case)

Quote
its not bruvva  :'(
Wait, what? when did this change?
Title: Re: Clearing all traces of your connection to SR?
Post by: Real_Drugs on July 15, 2013, 04:06 pm
subbing
Title: Re: Clearing all traces of your connection to SR?
Post by: JeffBobb on July 17, 2013, 06:24 am
The boot and nuke seems completely legit, and so does overwriting after origional deletion of unwanted content, the problem there, however, is unless you really know what you're doing on how to trace memory banks, it'd be difficult to know that you'd actually written over the exact and needed location.  However, Im old school when it comes to these kinds of things.  Personally I would take the hard drive out, beat the shit out of it with a hammer to get the magnets out, beat the shit out of them some more, then maybe torch them for a few minutes with some - aceteylene and o2, then kindly deposit them at the bottom of the biggest body of water that was within near reach - one that's already in need of pollution cleanup, of course:)

Title: Re: Clearing all traces of your connection to SR?
Post by: zxydwx3 on July 17, 2013, 09:01 am
@Joolz - Why in the world would you, of all people, be sending your address unencrypted. A shit-disturbing drama-queen like yourself should be taking every, and I do mean EVERY, possible precaution.
Title: Re: Clearing all traces of your connection to SR?
Post by: anchientlib on July 17, 2013, 11:29 am
The boot and nuke seems completely legit, and so does overwriting after origional deletion of unwanted content, the problem there, however, is unless you really know what you're doing on how to trace memory banks, it'd be difficult to know that you'd actually written over the exact and needed location.  However, Im old school when it comes to these kinds of things.  Personally I would take the hard drive out, beat the shit out of it with a hammer to get the magnets out, beat the shit out of them some more, then maybe torch them for a few minutes with some - aceteylene and o2, then kindly deposit them at the bottom of the biggest body of water that was within near reach - one that's already in need of pollution cleanup, of course:)



Its much easier to use Norton Utils and just write zeros to the hardrive.
Title: Re: Clearing all traces of your connection to SR?
Post by: joolz on July 17, 2013, 12:09 pm
@Joolz - Why in the world would you, of all people, be sending your address unencrypted. A shit-disturbing drama-queen like yourself should be taking every, and I do mean EVERY, possible precaution.
I believed in community lol          :'(