Jan 8
Becoming Virtually Untraceable-Eps11_d1G1tAl_thuNd3rGr0und.msi
*Note: This article was originally published by the author on June 24, 2019. This article is also available in Spanish here.
“Big Brother in the form of an increasingly powerful government and in an increasingly powerful private sector will pile the records high with reasons why privacy should give way to national security, to law and order […] and the like.” ― William O. Douglas, Points of Rebellion
Feel free to check out the entire series. Here are links to the first 10 unique articles: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10.
Obligatory Privacy Rant
From the outset, I have intentionally written this series as a giant “F*** You” to the establishment. Free speech, the very First Amendment of the Constitution of the United States. I say and write what I want. Period. I did not serve two decades as a Marine to have it any other way. Becoming virtually untraceable is about giving the middle finger to the establishment, to your enemies and haters, to popular social media habits in which users are encouraged to share personal information about themselves to the entire Internet. Becoming virtually untraceable is about being yourself, not afraid to be who you are in life. It’s about reclaiming your privacy in the real world and online and it’s about going ‘off-grid’ technologically in a sense that you learn how to control what types of information and how much of it you put out for others to see and track. It’s not about forsaking all Tech, just certain aspects of Tech that are susceptible to monitoring, collection, and marketing of your personal information that inherently belongs only to you and no one else. It’s about breaking away from the social norms that enslave people in a society that’s governed by the rich, for the rich, and of the rich.
There is a rapidly worsening divide in society between the haves and the have-nots. The wealthy control nearly all aspects of society, but they don’t want you to know it. They don’t live under the same criminal justice system as the rest of us. There’s those of us who struggle day in and day out to make ends meet to provide for ourselves and our families, and then there’s those who inherited millions, even billions, or make their living cheating hardworking poor and middle-class people. Bankers, property owners, elite socialites, CEOs, and other corporate execs, overpaid athletes, musicians, actors, and the politicians who are elected to represent their constituency but often instead represent their own self-interests by passing legislation that most assuredly does not benefit the bourgeoisie or the poor. Case in point, Trump’s recent tax reform law (a.k.a., the Tax Cuts and Jobs Act- TCJA).
While nothing is currently set to expire in 2024, December 31st, 2025, will be a significant day for most taxpayers. Twenty-three provisions from the Tax Cuts and Jobs Act directly relating to individual income taxes will expire, meaning most taxpayers will see a tax hike unless some or all provisions are extended.
Allow me to dissect the “The System is a Lie” meme briefly. Why did I include that image in this installment of a series dedicated to digital stealth and online privacy? To me, this image holds immense value and directly relates to becoming virtually untraceable. It doesn’t just represent anonymity because of the Guy Fawkes mask that has become the face of the hacktivist group Anonymous, but middle fingers to this screwed up world. It is a middle finger to tradition, a middle finger to everyone who says that life has to be lived a certain way, or that it’s not ok to be different somehow.
- Money is a hoax. The monetary ‘system’ on which society is built is completely rigged, one in which the poor get poorer and the rich get richer. For the most part, this is true, apart from the occasional self-made millionaire or lottery winner. But think about the fact that U.S. currency hasn’t been based on gold or silver standard since 1971. Instead, it is based on Federal Reserve Notes, it is fiat money backed by the government. It’s kind of scary to think that if the U.S. government ever fails, the currency could become completely worthless almost overnight. A similar event transpired in Iraq when we overthrew Saddam Hussein. Society places value in material wealth, property, homes, cars, money in the bank, valuables such as gold, silver, and rare stones. Understanding why money is a hoax directly relates to becoming virtually untraceable because you need to know what is important in life. Money is important, don’t ever let anyone tell you differently. However, money isn’t everything and I’d argue that our privacy and human dignity are far more important than any sum of money.
- Debt is slavery. However, something else that I have fallen victim to and perhaps you have also is going into debt to afford a better lifestyle by way of credit cards and bank loans. By voluntarily doing this, you are trading your freedom for slavery to debt. This one is extremely difficult, but try your best to live debt-free friends. You’ll thank yourselves later. Promise! Instead of always having what you want now, take the extra time to save the money for whatever it is you want or need. You’ll relish your long-awaited purchase even more so. Being a minimalist, I have some possessions but those things are not what I value most in life. In fact, I make a point of never buying anything flashy. I don’t drive junkers or live in filth, quite the contrary. However, I am never showy as I don’t want the attention that comes with it. I’ve learned to value more important aspects of life such as family, friends, good health, food/drink, learning, writing, and the value of hard work. Just to put things into perspective on a national scale, the U.S. national debt at the time of this writing is listed at over $22 trillion. Who here thinks that this amount of debt is even possible to pay off? It is ludicrous actually, current generations of government and citizens are living lavishly on the futures of unborn generations. It will all cave in one day, and it will be catastrophic when it happens. The mighty country the U.S. has become will be suddenly broke and the laughing stock of the world. Your Geoge Washingtons, Abraham Lincolns, and Benjamin Franklins will be nearly worthless. What will you do then? I honestly hope that we are not around to see it and even more I hope I am wrong about all of this but as the saying goes… ‘The writing is on the wall.’ Living debt-free directly relates to becoming virtually untraceable because paying with cash leaves little-to-no trail of evidence that others can track you.
3. Media is manipulation. The media consists of TV networks, film production studios, radio stations, and newspapers, virtually all of which have a presence on the Web as well. Each company has its own agenda that typically will align with conservative, liberal, or independent political views and each spins the news regardless of what they tell readers, listeners, and viewers. YOU CAN’T TRUST THE MEDIA. Do your own research as best you can by reading multiple sources and forming your own conclusions based on all of the information presented. Do not trust so-called “facts.” History books have been re-written on many occasions throughout history by different segments of society and even by nations to forget painful events that took place in the past, brainwashing new generations of kids who learn a false alternate version of history. Videos and images are sometimes modified or doctored to support an alternative reality to elicit the desired effect. Understanding how the media manipulates people directly relates to becoming virtually untraceable because you need to become a wolf, not a sacrificial lamb. Become the hunter, no longer one of the hunted. Know the difference when someone or some organization like a government perhaps, is blowing smoke up your rear. It is important to do your own research.
4. Religion is control. Religion is a touchy subject for many of us, to each their own. There’s no possible way in which to make a statement such as “religion is control” and not offend someone. Offending people is not my intention, however, rather I’d like you to think for a moment of how many examples you may have witnessed just in your short lifetime where religion has exploited its followers in horrible, awful ways. There are good aspects of religion, such as helping and putting others before yourself. However, there is also a disproportionate amount of negativity surrounding almost any religion. Religion is a set of rules by which to live our life by. Can anyone really ever live up to these expectations though? Some would say that it is the point, strive to be better. I say, just be yourself and try to be kind towards one another. Belief in a higher power is a good thing, a natural thought pattern. What isn’t natural though is being sexually abused, polygamy, one religion waging war against another religion due to conflicting belief systems, demanding followers tithe their hard-earning money so that it can be inappropriately spent on things like lobbying against tougher laws against church abusers. Understanding how religion is control directly relates to becoming virtually untraceable because you need to be able to think for yourself in order to remain low-key, cover your tracks, and not blindly follow the words of others.
The Neverending Invasion of Individual Privacy
I often wonder if the inventors of modern technologies ever stopped to consider the implications of personal privacy, for as with all new technologies there are good and bad applications of it. While a substantial amount of users will see the use of an application as completely innocent and harmless to them and others, governments and their intelligence agencies may see the application or App store as an opportunity to inject malicious code into applications for cyber espionage purposes such as was found by security researchers from Motherboard and Security Without Borders to have occurred earlier this year in the Google Play store with the Exodus malware.
Privacy has long suffered a trampling effect with the advent of new technologies and though, the solution may seem to be very simple. “Just don’t use it,” however, it’s usually not that simple. For instance, when an employer requires its employees to install a Multi-Factor Authentication (MFA) application on their smartphone to connect to the organization’s network to increase data security for both the organization and the individual employee, the employee is forced to make a decision as to whether the potential invasion of their privacy via their smartphone is worth their continued employment with that particular employer or not.
For some people, that is grounds for quitting. There have been many documented cases of employers spying on their employees’ Internet usage on employer-provided computer systems where the expectation of privacy typically does not exist. The MFA application itself is usually not the problem, as most are benign in that they’re not privacy-invasive. This issue has more to do with the fact that employers might be able to “spy” on employees through their own smartphones whether employees are given a stipend for their phone bill or not in the same way that installing the Facebook App on a smartphone will result in data from other Apps, phone device details, and Internet browsing history to be shared with Facebook.
For privacy-minded individuals, this is a major privacy concern. For others who may be unaware or apathetic, perhaps not. It all depends on an individual’s level of privacy concern. My recommendation is to be careful of what websites and Apps you access at work on your company’s network. More than likely, someone is monitoring this type of activity and it can be used against you for performance reviews, or even become grounds for termination in some extreme cases. It is generally best to take personal phone calls outside on your smartphone away from the prying eyes (lip readers) and eyes of fellow employees, supervisors, and managers, and certainly not on company IT assets such as Voice over Internet Protocol (VoIP) phones or Email.
Encryption backdoors
“Encourage Internet companies to establish lawful access solutions for their products and services, including data that is encrypted, for law enforcement and competent authorities to access digital evidence, when it is removed or hosted on IT servers located abroad or encrypted, without imposing any particular technology and while ensuring that assistance requested from internet companies is underpinned by the rule law and due process protection. Some G7 countries highlight the importance of not prohibiting, limiting, or weakening encryption;” — G7 France, 2019
This effort by governments and law enforcement to force Big Tech to create backdoors to encryption will not end anytime soon. This is an ongoing fight and it will get worse before it gets better. Australian government officials have passed a law requiring companies to provide a crypto backdoor for intelligence and law enforcement agencies which is absolutely an affront to digital privacy and completely indicative of a lack of respect for their citizen’s privacy. All in the name of “National Security.” You can bet that other governments worldwide are watching this law very closely and will attempt to pass similar legislation. Of course, if you’re living in a third-world country then encryption, Signal, Telegram, and VPNs are likely all blocked anyway. Use steganography to communicate, my friends, it will become your best friend.
Apple is by far the most privacy-themed of the Big Tech companies, though alone isn’t enough to make me want to pay 2-to-3 times more for their products. It is true though, you know that one saying that says, “You get what you pay for!” Yes, you do. Apple iPhones come with full-disk encryption (FDE) whereas Androids still must be FDE-enabled aftermarket by users. Apple users can now log into other apps using their Apple ID which claims to share less private information than using other login Application Programming Interfaces (API) like Google or Facebook. Apple’s heart is in the right place though with data privacy, I believe, more so than other Big Tech companies. All of these Big Tech companies spy [collect data] on users of their products and services, though. It’s not like it is a secret or anything. You agree to their Terms of Service and Privacy Policy, they sell your usage data to turn a profit for their “Free” Email or whatever Cloud-based service. From a data privacy standpoint though, we still have a long ways to go before individual user privacy rights are enforced globally.
“…a security researcher earlier in April noticed Facebook was asking some — not all, curiously — new users to provide their email passwords when they signed up for a Facebook account, if they used certain email platforms, like Yandex or GMX.” — Seals, 2019, Threatpost
Hong Kong citizen protesters of a recent extradition bill that would allow mainland China to extradite Hong Kong citizens for suspected crimes. This protest has been different in the sense that protesters have taken precautions to protect their true identities by wearing masks and limiting their communications to apps such as Telegram which offer end-to-end encryption or completely foregoing any digital media usage whatsoever. The citizen protestors are concerned, and rightfully so, that Chinese officials will use social media and CCTV or media-reported video footage and facial recognition software to reveal a person’s true identity. Then these identified individuals will be added to a list maintained by the Chinese government and possibly targeted. All governments maintain similar types of lists. Political dissident lists, people the Feds might want to talk to. People that might be placed on a no-fly list, the type of people who might be subjected to increased “monitoring.” It’s great to see these brave Hong Kong protesters fighting back against the invasion of their inherent human privacy rights and against tyrannical rule.
When using dating sites such as Match.com, OkCupid, PlentyOfFish, or Tinder, you’re sharing data with companies that now have access to some of your most intimate and private information. Read the fine print in the privacy policies of these sites and you might be surprised to learn that other companies are partnered with the dating site that will share or sell your information. If you don’t read the privacy policy and Terms of Service you’d never know until a data breach occurs. Just think about this for a second and let it all sink in nice and good. Ready to resume? Ok, good. Now read this:
“For instance, Match.com reserves the right to collect much more information than just the typical demographic breakdown of gender, age and relationship status that most online services ask for.” — Seals, 2019, Threatpost
Intimate chat messages, drug usage habits, income levels, sexual preferences and history, religious views, social preferences, etc. These are just a few of the types of data that is being collected on these dating sites (Seals, 2019). Should one of these dating sites get hacked like Ashley Madison (adultery site) did back in 2015, the type of data that is compromised is highly personal and likely to be used against users of these services. Nobody likes to think stuff like this will ever happen to them, but what happens in the aftermath of a data breach? Do we track every single IP address that accesses such data on the Dark Web? Oh, that’s right, we can’t because the Dark Web is encrypted specifically for anonymization purposes.
There’s no telling if insurance companies are scouring the Dark Web looking for breached data that they can use against customers in some way to jack up their insurance rates. If banks are charging customers for phony Dark Web scans, I think it is safe to assume that government intelligence agencies, insurance providers, and a whole bunch of other folks are also looking at your breach data. The only way to prevent this from happening to you is to try your best to limit what information you post online. It’s not a perfect strategy because we don’t always get a say in the matter thanks to the lack of digital privacy laws.
Featured Privacy Tactics, Techniques, & Procedures
Hardware Digital Privacy
Perhaps it’s time to consider not using Airbnb anymore and just booking a hotel room instead. Some people are twistedly perverted and there’s nothing society can do to fix them. There will always be deviants and no amount of rehabilitation or mental re-programming will change what they are deep down inside. Secretly recording Airbnb guests in a bedroom crosses a line and is a major privacy violation.
How many times do people have to hear about Airbnb hidden surveillance cameras before people understand that staying at someone else’s home is risky for more reasons than just privacy alone? You’re essentially rolling the dice that some pervert isn’t secretly filming you and your guests while you’re crashing at their property. The latest such reported case comes from China and though Airbnb has apologized to the tech-savvy victim who discovered the spy camera before it could be used on her, it serves to demonstrate how no matter where you stay you have to check for these types of things.
If you travel with a smartphone as most people do, there are a few things you can do to check for spy cameras. Here’s your chance to use that powerful piece of tech in your pocket/purse into something actually more useful than the built-in Facebook app. Turn off your phone’s Wi-Fi connectivity temporarily and then turn it back on to scan for all available Wi-Fi networks by selecting “Devices” instead of “Network” per the below image.
You can also sometimes use your smartphone as an infrared (IR) light detector used for night vision devices by turning off the lights in every room of the hotel or house you’re staying at and viewing the space through the phone’s camera to pick up on any glowing lights which could indicate hidden IR cameras. There’s an App for that also! Check the App Store or Google Play store for apps that are specifically designed to find hidden spy devices which rely on some type of detectable Radio Frequency (RF) signal technology. You can also buy a separate detection device for detecting hidden cameras such as the MGI Economy Bug Detector with RF and Lens Finder CDRFLD for as low as $64.99.
Chipsets
With electronics or hardware as it is commonly referred to in the Information Technology world, the average consumer has zero clue on how any of the technology works. They may understand that somewhere within the device they purchased is a computer chip, or perhaps several. However, if disassembled, they wouldn’t be able to pick out something that shouldn’t be there. Sometimes backdoors are hidden within the firmware code of a device which enables someone to remotely spy on the device. In the last decade or so, the InfoSec community has seen an increasing amount of hardware backdoor implant examples often referred to as supply-chain attacks. So, as a car or electronic device is manufactured, parts and digital chipsets are manufactured cheaply in other countries that the Original Equipment Manufacturer (OEM) orders the parts from. It is expected that there is some level of hardware inspection that occurs to prevent hidden backdoors into these devices, however, this process is still very much like the “Wild West” and not very well managed.
It shudders the mind to the core to think that a backdoor could be implanted into an electronic computer chip because how the hell are organizations supposed to check against a threat like that, let alone the average clueless consumer? And what if the spy agency doing it only does it to every one out of 50 chips? This would make it very difficult to find, like a needle in a haystack. The answer is that this type of privacy and security threat is enormous and virtually unstoppable without the right skills and knowledge to check firmware code and what a motherboard or chipset is supposed to look like.
Nation-States have used supply chain attacks to implant backdoors in cell phones, computers, and all types of electronic devices for years. Chip-level malware can alter the operating system (OS) without leaving a trace and as such, are like having “God Mode” turned on in a video game. There is an entire underground market for this spy stuff, just like grey hat hackers selling zero-day vulnerabilities to governments for big bucks to use against their adversaries. The stuff happens, people just don’t know to what extent it is happening.
Several high-profile vulnerabilities such as Meltdown, Spectre, and ZombieLoad have been recently discovered in chipsets that if exploited can enable an attacker to gain root-level access to a system. The scary part is that some of these chip flaws are un-patchable which means that they’ll be around for quite a while until they are eventually replaced with new hardware that’ll probably have as of yet undiscovered vulnerabilities. The best way to protect your electronics from these types of flaws is to check the manufacturer’s website periodically (say quarterly) for patch updates that you need to apply to the device. Failure to do that simple task opens your devices up to all sorts of attacks that can be remotely executed if the device connects to the Internet.
Also, be cautious about what type of electronics manufacturer products you buy. Most Internet of Things (IoT) devices are extremely poorly designed for security and privacy controls.
Factors to consider before you make a purchase according to Lanner are data application, secure design, and secure hardware as well as transparency and visibility in manufacturing. Most importantly though, buyers beware of any tech products that were manufactured in China. The country of origin is a very important consideration, but it is not 100% reliable either the U.S. intelligence agencies have poisoned the tech supply chain previously as well. Thus, the duality of technology wherein privacy and security are concerned.
Low-Tech Security: Evasion and Anonymity Tip
Privacy Hack — When you’re staying at a hotel, cover the peephole with a piece of masking tape, or a thick article of clothing or bathrobe suspended from a coat hanger on the door closer assembly and if there isn’t an airtight seal between the door threshold and the door, then fold a hotel towel long-ways and place it on the door threshold to prevent snoopers from easily being able to hear sounds from your hotel room. This also has the added benefit of making your hotel room quieter and reducing unpleasant odors wafting in from the hallway outside your room, but it’s more about privacy-proofing your room. Use the flashlight app on your smartphone to determine if the mirror in your room is a two-way mirror.
Ask the hotel for a room near an exit with CCTV camera surveillance, if possible. Believe it or not, creepers will check for this type of thing when scoping out potential victims. They’ll be less likely to try anything shady if they know they’re being filmed. If anything seems off like some stranger is following you to your hotel room, pull a damn fire alarm and run like hell to the hotel concierge or to your locked vehicle in the parking lot. Wait for the fire department or police to show up and explain what happened. See if the hotel has video footage of the person. Try to take note of the potential attacker’s description, details matter! It is always better to escape with your life than to be afraid of embarrassing yourself over a false alarm. Note: Men should not let ladies go first when getting off a hotel elevator on the same floor. Put chivalry away for a moment and try to get out of the elevator first so that the woman doesn’t fear that you’re following her to her hotel room. It makes a difference.
For about $10 or the price of a fast-food meal, you can invest in a low-tech security door stopper device with a siren that will help protect you from unwanted intruders while traveling and staying in hotel rooms. As you can see in the picture, it has 3 volume levels, low, medium, and high. The best part is that it is so small you can pack it in your checked luggage without it taking up too much room and pull it out whenever you get to your hotel room. Kind of like pepper spray for ladies.
This information I give to you freely in the hope that you will use it to better protect yourself physically and secure your digital privacy. Until next time and remember:
***Trust No One. Verify Everything. Leave No Trace.***
Additional Privacy Resources
z3r0trust Privacy Newsletters: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, #4–20, #5–20, #6–20, #32–20, #33–20, #8–20, #9–20, 16, 17, 45–20, 46–20, 47–20, 48–20, #1–21, #2–21, #3–21, #6–21
*Privacy-related articles also published by the author can be found here.
Other helpful privacy info: EFFector | Atlas of Surveillance | Privacy Tools | IAPP | ACLU | PogoWasRight.org | DataBreaches.net
