For starters, nothing beats a clean laptop on a network that cannot be traced back to the user.
Also, just not talking about it on the wires makes a lot of difference, not to avoid being caught, but to at least prevent potential charges to go further into the conspiracy territory.
Relevant only in movies.
There is no point destroying a device physically it only make it obvious that you have something to hide and probably can be used against you.
There is encryption with plausible deniability that gives you the option to seemly cooperate and hand out passwords for useless things without any proof that there is more data with a different password.
In the end it all boils down to whether or not you want to risk a wrench attack or not https://xkcd.com/538/
Lets say you have a SSD with this kind of encryption. I would just mount it as read-only or clone it first and work with the copy. Also the code that does the deletion could be just removed given the fact that any trustable encryption code has to be open source anyway.
And finally if you give out a password that would destroy the data (or attempt to) you incriminate yourself since you show you have something to hide and you attempted to destroy evidence.
Encryption with plausible deniability is way better. You give out a password that actually works and the only thing they have against you is the fact that the drive has lots of seemingly free space. But they cant proof that the free space is actually encrypted data.
In forensics, this would only be done on an image, and not on the live file system. This both avoids triggers like you mention, and also claims that the forensic person has altered the evidence in some way.
Forensic agents have to prove before and after that no changes were made to the file system(s) and any data that may reside on them.
Source: I have prior certification, and have acted as a court designated technical expert. I don't do this anymore, but those elements have not changed over time.
There is no "ultimate stack" - if you settle on one thing you'll never expand and that is the way anyone stays at the top of their field. Ability to learn and apply new technologies in logical ays is the only way you'd be considered top tier - not the version of is or laptop you use
Beyond software, I'd take a guess that the biggest strength of somebody who is really good who wants to stay undetectable is discipline and extreme paranoia.
* They probably buy a used machine they bought with cash and has no way to tie to them.
* They never connect to their home network or login to anything personal on that computer.
* They do their funny business discretely at coffee shops, libraries, etc, and don't return there, even if the coffee is really nice.
* Once a project is done, they trash the computer and records.
* If they need to communicate with co-conspirators, they probably have a system arranged to do just that and avoid having written communications that can be traceable.
I unironically feel like the best way to communicate with co-conspirators would be through snail mail, if you could put up with the delay.
Oh, and don't forget to do all of this while not altering your normal habits at all, because sudden habit changes would also be a red flag I'd imagine.
Yeah, you'd have to prepare for it by doing things like starting to read articles about the benefits of written communication, then moving on to starting to do other things by mail, and then start using it for personal correspondence.
Or better yet, just have a long history of starting and stopping doing random things. Then you suddenly doing something new and weird doesn't stick out.
If I'm hiding from governments, political parties, or NGOs, then I might do something like you suggested, but since the greatest danger to hackers in terms of getting caught is other technologically-literate people, I would favor planning using tools my enemies are less likely to bother checking.
Plus it means you don't have to rely on either your own coding expertise or the trust you have in your collaborators. If you're doing something illegal, there's always the trade-off of including more people in order to cover holes (since you might be working against whole teams of people and their brains), but then you're subject to your collaborators either making a mistake or selling you out.
Letters are:
A.) Illegal to tamper with, so unlikely to be caught randomly or subject to things like hacks of their own.
B.) Possible to send or deliver without another human being touching it, seeing it, or saving it.
C.) Possible to destroy quickly and in a way that won't leave traces.
D.) Will still function even if your network/code is taken down.
Then again, I'm too risk-averse to hack so I'm the person who would accept things taking twice as long as long as our risk decreased 1%.
Doing your funny business elsewhere doesn't require you to physically be there. Picking up a dish or antenna to find long range open networks is easy enough. EDIT: That way you can still enjoy your favorite coffee at your local coffee shop.
Also, never use the same username or email address for more than one site. If you reuse names/email addresses then when a site is hacked and there is a db dump of user data it is only a matter of time before the dots can be connected
Check out the Darknet Diaries podcast if you don't already. There are some episodes that reveal how top hackers were taken down by the FBI. It's the randomest stuff you would never expect too, usually not related to tech stack.
Or possibly while pros are having endless meetings about how in theory they would play 4d chess, or which varieties of 4d chess are best for career enhancement, or just evaluating proposals for outsourcing 4d-chess-playing to the private sector.
I feel that this is a rather poor question, and comes off as a little immature and naive. If I had to give it a bash however, I'd reckon that a phone would be completely unecessary. Reducing your technological devices down to solely your computer limits your surface. Then I suppose a librebooted QubesOS (although this is hard to do admittedly), using as much open sourced hardware as possible. All internet would be routed through Tor, and I suppose an even better idea would just to boot the entire thing on Tails or even Kali when needed for convenience off a clean USB. Encrypted hard drive along with avoiding proprietary drivers too. For software, messaging would be done via Matrix or Signal, no software other than what's strictly necessary for the task either.
There's so, so much more that goes into staying anonymous as well as secure other than just your tech stack, as other commenters have pointed out.
>I feel that this is a rather poor question, and comes off as a little immature and naive.
Well forgiveness please that not everyone is a technology expert who knows exactly how to phrase questions professionally. Instead of belittling someone who lacks the domain knowledge you claim to, why not politely answer them in good faith if you have something to say. A sadly common thing on this site, privileged people with a bit of a superiority complex quick to snarky responses and criticisms on honest questions and show & tells.
Is it really doable these days? Nearly all procesors have ME-like modules connected to network. So long as that super-hacker connects to the internet, the ME module will sniff on him: gather nearby wifis, send those ids and receive commands. For this reason, a really uncatchable hacker never touches computers, uses snail mail to tell others do everything on his behalf and does boring woodwork as his daytime job. He's also an adept at appearing a simpleton. He even uses a special double-speak lingo in his mails so if he's caught red handed, his letter would contain an advice to his buddy Joe about lumber he should use for his tree house.
It depends on how you define top-tier hackers. State sponsored attackers (hackers with ties to governments, regime, etc.) have a lot more capital at their disposal. Sometimes they work inside government funded facilities. They could use matrix, signal, forums, IRC, for chat. Browsing usually comes to preference but a hardend version of firefox is preferred. OS, whatever they want. Usually you would attack from a custom distro or a kali box. These hackers are well funded.
Lone hackers, they would probably use Tor, Signal, Tails, Kali, to remain anonymous online but have the tools necessary. The most important thing for them to stay anonymous is to have jumpboxes. You would use stolen credit cards or gift card to rent a VM from a host like Linode or Digital Ocean, and use that system to proxy the attacks. You can add any number of jumpbox to make it harder to track the origin of the attack.
Technology is one part of it, but you also need to use it properly. The tools themselves cannot teach you that. I recommend that you read up on the concept of “OPSEC”.
Top-tier hackers mostly use Windows 10 computers with the biggest norton utilities subscription installed for extra securities. They mostly use professional grade machines like Dell or HP.
* Sits back to enjoy the downvotes because his humor is largely misunderstood.
It's the stack they understand the most so they appreciate the advantages and limitations of said stack.
For example I know Linux far more than Windows, to the point where I can administer Linux and the security policies, firewalls, etc. If I need to connect to a wi-fi hotspot "anonymously" I know how to scramble the MAC address of my laptop's wi-fi interface. I don't even know if that's possible in Windows or not...
I can't speak for hackers, but cybercriminals use exactly the same systems that you and I would typically use. There is nothing surprising in that area.
In terms of OSes, seized hardware almost always hosts either a Linux Ubuntu, sometimes Kali but not that much, or a Windows 10 system. They always have VMs running, almost exclusively on virtualbox. Running non-mainstream systems would just make them more discernable from everyone else which is not good.
What differentiates regular users from cybercrime is their "opsec", aka their operational security. They encrypt their data (with an actually robust key), they patch and harden their OSes (nobody else does this), and their online presence is mostly exclusively run through third party systems, which they likely compromised already.
Honestly, you'd learn far more useful things by reading court decisions, they often include very interesting details about their opsec.
54 comments
[ 0.29 ms ] story [ 122 ms ] threadAlso, just not talking about it on the wires makes a lot of difference, not to avoid being caught, but to at least prevent potential charges to go further into the conspiracy territory.
There is encryption with plausible deniability that gives you the option to seemly cooperate and hand out passwords for useless things without any proof that there is more data with a different password.
In the end it all boils down to whether or not you want to risk a wrench attack or not https://xkcd.com/538/
Lets say you have a SSD with this kind of encryption. I would just mount it as read-only or clone it first and work with the copy. Also the code that does the deletion could be just removed given the fact that any trustable encryption code has to be open source anyway.
And finally if you give out a password that would destroy the data (or attempt to) you incriminate yourself since you show you have something to hide and you attempted to destroy evidence.
Encryption with plausible deniability is way better. You give out a password that actually works and the only thing they have against you is the fact that the drive has lots of seemingly free space. But they cant proof that the free space is actually encrypted data.
Forensic agents have to prove before and after that no changes were made to the file system(s) and any data that may reside on them.
Source: I have prior certification, and have acted as a court designated technical expert. I don't do this anymore, but those elements have not changed over time.
* They probably buy a used machine they bought with cash and has no way to tie to them.
* They never connect to their home network or login to anything personal on that computer.
* They do their funny business discretely at coffee shops, libraries, etc, and don't return there, even if the coffee is really nice.
* Once a project is done, they trash the computer and records.
* If they need to communicate with co-conspirators, they probably have a system arranged to do just that and avoid having written communications that can be traceable.
Oh, and don't forget to do all of this while not altering your normal habits at all, because sudden habit changes would also be a red flag I'd imagine.
Or better yet, just have a long history of starting and stopping doing random things. Then you suddenly doing something new and weird doesn't stick out.
If I'm hiding from governments, political parties, or NGOs, then I might do something like you suggested, but since the greatest danger to hackers in terms of getting caught is other technologically-literate people, I would favor planning using tools my enemies are less likely to bother checking.
Plus it means you don't have to rely on either your own coding expertise or the trust you have in your collaborators. If you're doing something illegal, there's always the trade-off of including more people in order to cover holes (since you might be working against whole teams of people and their brains), but then you're subject to your collaborators either making a mistake or selling you out.
Letters are:
A.) Illegal to tamper with, so unlikely to be caught randomly or subject to things like hacks of their own.
B.) Possible to send or deliver without another human being touching it, seeing it, or saving it.
C.) Possible to destroy quickly and in a way that won't leave traces.
D.) Will still function even if your network/code is taken down.
Then again, I'm too risk-averse to hack so I'm the person who would accept things taking twice as long as long as our risk decreased 1%.
- https://en.wikipedia.org/wiki/Code_stylometry
- https://en.wikipedia.org/wiki/Stylometry
- https://en.wikipedia.org/wiki/Ted_Kaczynski
"... recognized similarities in the writings using linguistic analysis ..."
There's so, so much more that goes into staying anonymous as well as secure other than just your tech stack, as other commenters have pointed out.
Well forgiveness please that not everyone is a technology expert who knows exactly how to phrase questions professionally. Instead of belittling someone who lacks the domain knowledge you claim to, why not politely answer them in good faith if you have something to say. A sadly common thing on this site, privileged people with a bit of a superiority complex quick to snarky responses and criticisms on honest questions and show & tells.
But I mean, if you really want to avoid Intel and AMD (and Apple), there are plenty of ARM or even RISC-V options out there.
So Rambo, basically. <robot_voice>The only winning move is not to play.</robot_voice>
Friendly reminder that your viewing of this product is tracked by Amazon and is ultimately accessible by the government ;)
Lone hackers, they would probably use Tor, Signal, Tails, Kali, to remain anonymous online but have the tools necessary. The most important thing for them to stay anonymous is to have jumpboxes. You would use stolen credit cards or gift card to rent a VM from a host like Linode or Digital Ocean, and use that system to proxy the attacks. You can add any number of jumpbox to make it harder to track the origin of the attack.
* Sits back to enjoy the downvotes because his humor is largely misunderstood.
For example I know Linux far more than Windows, to the point where I can administer Linux and the security policies, firewalls, etc. If I need to connect to a wi-fi hotspot "anonymously" I know how to scramble the MAC address of my laptop's wi-fi interface. I don't even know if that's possible in Windows or not...
Paper, paper, never data
In terms of OSes, seized hardware almost always hosts either a Linux Ubuntu, sometimes Kali but not that much, or a Windows 10 system. They always have VMs running, almost exclusively on virtualbox. Running non-mainstream systems would just make them more discernable from everyone else which is not good.
What differentiates regular users from cybercrime is their "opsec", aka their operational security. They encrypt their data (with an actually robust key), they patch and harden their OSes (nobody else does this), and their online presence is mostly exclusively run through third party systems, which they likely compromised already.
Honestly, you'd learn far more useful things by reading court decisions, they often include very interesting details about their opsec.