Dec 30, 2021
Becoming Virtually Untraceable (Eps4.0_L33t-T3chn1qu3s.gif)
*Note: This article was originally published by the author on September 12, 2018. This article is also available in Spanish here.
The year is 2018 and technology has revolutionized life as we know it for those fortunate enough to live in developed countries. With the rapid evolution of technological capability has come an insatiable thirst for information with governments, Internet tech companies, and corporations being the primary consumers. Information has superseded gold and other less valuable forms of currency as the new standard of currency and rightly so because with the proper information a person or organization can stack the deck in their favor. World governments have been in the game for quite some time now, with the Russian disinformation campaign, in particular, being internationally recognized as a formidable threat on social media. So, it has become a game of information privacy versus information collection with lobbyist groups for both sides battling it out in the courts of justice, in Congress, and even on the international stage. Just when one side thinks they’ve won a significant victory in the war on privacy, technology comes along with a new method or device that is capable of defeating privacy or collection capabilities. It boils down to a game of cat-and-mouse, a real-life Tom and Jerry cartoon if you will, where everyday citizens’ privacy is the victim. Who wants it more, you or everyone else?
Your Privacy Has Been Hacked
In Parts 1, 2, and 3 of the series, I covered several low and high-tech methods you can implement to become virtually untraceable. In Part 4 of the series I discuss how becoming digitally invisible is not so much about going ‘low-tech,’ rather than it is about outsmarting the governmental and commercial enterprise systems that feed off of and capitalize on your existence. Let me assure you up front that the system is rigged, the odds are stacked against you, in case you were wondering. It is up to you to break the odds. In the eyes of the government and greedy global corporations, everyday citizens are merely dollar signs in the form of taxpayers, potential voters, and future marketing sales. Population demographics shape Congressional voting district court battles, and corporations such as Target, Walmart, McDonald’s, and banks decide where to build new locations based on similar demographic models. These types of organizations are large, powerful, and though they are all required to publish privacy policies when it comes to protecting your data, recent history has shown that these organizations couldn’t care less about protecting the privacy of your personal information beyond what is required by law under The Privacy Act of 1974. It has been one failure after another in a cirque-du-data breach circus comedy of errors year after year. It has gotten to the point now where the average citizen has zero confidence in companies and their government to protect their personal information.
What can a person do to make their personal information harder to collect and exploit? This is what making yourself a hard target is essentially all about. Hardening is taking inventory of ALL of your attack surfaces and taking remedial actions to mitigate risk to the greatest extent that is feasible given your personal circumstances, resources, and motivation. Hardening can be applied to different dimensional planes. For the ‘self’ dimension, you must harden your physical body by staying fit and active should you ever need to defend yourself against an attacker or defend someone else from an attack. Studying martial arts is a great way to learn self-defense and improve your self-discipline. In the mental/spiritual dimension, hardening relates to fortifying your mind against detrimental societal influences and then succumbing to the status quo of freely handing over your personal information to every Tom, Dick, and Harry person or business that wants it. In the information security dimension that we often refer to as ‘cyberspace,’ hardening among many other definitions relates to actions taken to mitigate unnecessary risk such as removing system services that are not used, limiting applications, closing unnecessary ports on the firewall, and more stringent configuration settings throughout the operating system and Web browsers. A minimalist would see the apparent advantage is owning less stuff, having fewer files to protect, to account for, to ensure, to backup, to encrypt, to manage, etc. Fewer things mean fewer attack surfaces to harden and defend. If you have a family, however, this is obviously easier said than done. So, make small improvements when and where you can.
Deception & Lies
The masses of people who have foolishly bought into the global consumerism craze have unwittingly become sheep and voluntarily gave away their personal information to unscrupulous companies who only seek to profit from it. But it’s the American way! Well, to that I say I hope you’re happy that you’ve helped people like Elon Musk and Jeff Bezos become the wealthiest men in the world. The consumer propaganda machine fuels this endless consumerism cycle with new Internet, TV, and radio marketing ads designed to get consumers to spend more money on products they don’t need and collect an even greater amount of personal information in the process.
Let’s look at a single product such as the iPhone, for example, shall we? Why is it that companies like Apple and Samsung, arguably the two biggest cell phone manufacturers in the entire industry, have similar business models of releasing new versions of the iPhone and Galaxy S phone series every year? Is it due to rapid technological advancements or is it done for profit margin increase? I’ll let you decide that for yourself, but I’d sure hate to be working on the Apple or Samsung production teams. I can’t imagine the amount of stress they are under with deadlines to develop and add new features that are bigger and better than last year’s model. At a certain point, this business model will collapse.
Personally, I am not going to spend a $1,000 for a new cell phone every year no matter how remarkable the improvements are period, so please stop wasting your time Apple and Samsung.
The new iPhone or Galaxy S series smartphones could literally have a communication transponder, laser stun gun, DARPA ‘Phraselater’ that interprets all languages, and a teleporter built into it like Star Trek and I would still wait until my current cell phone no longer functions well before I consider upgrading after performing meticulously painstaking research on what the best deal is for my money and privacy concerns. Honestly, I could not care less about owning a cell phone, and I realize that is not a popularly shared sentiment considering the amount of cell phone users today. However, I happen to believe life was in some ways better before cell phones became so ubiquitous. Sure, they are useful for making phone calls when you’re out and about when you have cell phone reception and battery juice. Just to highlight what a farce Apple is and how much of a greedy corporation they are, it was discovered in 2017 and confirmed by Apple that they had slowed down older iPhone models to protect against aging batteries. A spokesperson for Apple said,
“Our goal is to deliver the best experience for customers, which includes overall performance and prolonging the life of their devices.”
Yet, it is hard to understand how Apple is trying to “prolong the life of their devices” when they’re intentionally slowing devices down for older phone models, developing new versions of all of their products every year, and requiring users to buy new phone chargers and connectors every time they purchase a new phone. The Lightning connector phone chargers frequently stop working and customers are forced to buy new chargers at $40 per. I also find it strangely coincidental that generally speaking, most cell phone batteries start to fade in performance after the first 12–18 months of use. Isn’t that something? Why is this? Coincidence I think not! This degradation of phone batteries is comparable to car manufacturers designing vehicles that require critical maintenance after so many thousands of miles after the warranty has run out and it is intentionally meant to get consumers back into stores and car dealerships to buy new phones and cars.
Some of the rapid technological development and marketing we are witnessing is just the usual ebb and flow of capitalism. I get it, and I think it is healthy, economically speaking, to a certain extent. However, at the same time, it is exactly this never-ending cycle of consumerism and corporate greed that is destroying the planet’s natural resources and keeping people in the poor house because they must have the latest and greatest products. Wake up, realize what’s going on. Remove yourself from the madness. Meanwhile, these companies are sharing and trading your personal information with other companies and in many cases government agencies, either knowingly or unknowingly. Are you on a government watch list yet? Who knows? The irony here is that the government has all of my personal information and has lost it on several occasions (i.e., the OPM hack, the lost VA contractor laptop, in the US Postal System mail) so I am by no means immune to any of these threats or situations, and I am fed up with it, to say the least. I’d like to see significant U.S. privacy law improvements, now!
Low-tech and analog for some types of technology is not a bad idea. I mean, should a car be hackable? While I could never sympathize with terrorists, it is interesting to look at how successful Al Qaeda was at evading U.S. capture with human messenger couriers and by strictly avoiding the use of cell and satellite phones. Al Qaeda operated off-grid in austere, remote environments but still used technology in a vacuum. Their video and audio messages were always pre-recorded and timed to deliver maximum shock and awe effect. By the time that pre-recorded message became public, the operatives were long gone without so much as a trace. It may surprise some people to learn that Al Qaeda was even reported to have used digital steganography (covered in Part 3) to conceal operational planning documents that were found to have been embedded in a porn video file without any password protection. Information gold mine, ka-ching!
These low-tech terrorist techniques used by groups such as Al Qaeda and the Islamic State have been somewhat effective at evading detection, yet they do not cost much to acquire, maintain, or replace should they be compromised or destroyed. How expensive is it to replace a digital audio recorder, video camera, or relocate to a new cave bunker? The key takeaway from this seemingly inappropriate example (i.e., shortly after 9/11) is that there are specific low-tech methods and devices that ordinary people can use to improve their security and privacy. It is only by thinking like the enemy that we can harden our personal lives and strengthen security and privacy protections. This is not just a concept that applies to national security.
Part of me enjoys combining privacy concepts and techniques with frugal, minimalist, and low-tech concepts and solutions as experiments to determine what works best to achieve the desired privacy result without breaking the bank and adding further clutter to my life with more ‘things’. Here’s a look at some low-tech privacy options that you may want to implement in your life. The chances are that the further down the privacy rabbit hole you explore, you’ll find that a hybrid approach of both high and low-tech techniques works best.
Low-Tech Methods of Evading Surveillance
If you live in a major metropolitan area it is hard to step outside of your domicile without immediately being filmed by Closed Circuit Television (CCTV) cameras that are strategically positioned all over the city. While complete anonymity may never be entirely achievable, there are some simple, non-technical hacks that you can do to avoid surveillance and opt-out of the system. In New York City, the isee app helps citizens map out minimal surveillance paths of travel. This capability isn’t available everywhere, but you can come up with your own routes based on how many cameras you notice to and fro. Rest assured that anyone living in one of these new ‘smart cities’ will be under constant surveillance. If you don’t mind that fact, then great. Otherwise, you might consider not living there. There’s always a choice.
Simple things like wearing sunglasses and a ball cap (i.e., a baseball hat) can help break up the contours of your face and make it harder for facial recognition systems to positively ID you and can be an effective obfuscation technique. Wearing a ball cap by itself won’t completely hide your face from cameras though, so if you seriously need to avoid facial recognition, then you might consider purchasing ball caps with LED lights built into the hat which are surprisingly affordable. Lasers pointed directed at CCTV cameras can also obscure or blind its view, however, if not precisely performed it will be a dead giveaway if it is replayed later on. Wearing a ball cap with LED lights is not illegal, just as taking your vehicle off-roading isn’t illegal and will likely result in an unreadable, dirty license plate. How long are you willing to drive with a muddy license plate that is at least partially unreadable? Until you get a fix-it ticket from a cop? Some people willfully swap out or remove their license plates, but that is a criminal tactic. Apple’s Steve Jobs was known for frequently exploiting a loophole in California’s law, that has since been closed, which allowed him to drive without a license plate on his leased Mercedes-Benz SL55 AMG that he would lease and then exchange for an identical model before the 6-month grace period ended. Beginning in 2019, all cars purchased in the state of California will come with DMV-issued licensed plates.
Think about the moment you hop in your car and leave your driveway. How many video cameras on your neighbors’ houses did you drive by, how about businesses, traffic light intersections with red-light cameras, toll road cameras, and tunnel cameras that record license plates that are fed into Automatic License Plate Reader (ALPR) software and processed by some unknown computer system? Did you withdraw money from the ATM, stop to fill up with gas, or pick up some eggs from the local supermarket? If you did, add a few more cameras that you could be tracked on. The Investigation Discovery (ID) cable TV channel produces a show called “See No Evil” which details how police sometimes can use video to backtrack victims’ whereabouts and identify alleged suspects. Surveillance programs such as the NSA Prism program that was illegally leaked in the past by Edward Snowden have revealed that there are cases in which user data is being slurped (i.e., shared with) by intelligence agencies from many major Internet Service Providers (ISPs) and telecommunication providers (e.g., AT&T, Verizon, Sprint). Don’t for one minute think that these companies have your best interests at heart.
Pen & Paper
Now before you start laughing, the beauty of low-tech approaches such as using pen and paper is that it is generally much cheaper and there aren’t any other factors to consider such as having to change passwords, plug it into an electrical power source, or connect any device over Wi-Fi to the Internet. Another benefit is that you can burn the paper when you’re done with it, and be assured that it is gone forever. Keep a notebook (Moleskine makes some that are nice and not too expensive) that you can throw in your backpack and jot down personal notes to yourself, draw sketches, and brainstorm ideas. This is very therapeutic if you haven’t tried it. There are entire bullet journal communities that offer tips and suggestions on how to personalize your notebook. One thing I will say though since this article is about becoming virtually untraceable is that if you don’t write your name on it anywhere and keep the content completely generic, no one can ever trace it back to you if it is lost or stolen. You’re only out $13 (US) for a new one, and you could also take digital photographs of your notebook’s contents or scan it digitally if so desired to back up important data you want to save to a Cloud storage solution that ensures redundancy in case the notebook is ever lost, stolen, or destroyed in a natural disaster such as a fire or flood.
Silencio, por favor!
“The quieter you become, the more you are able to hear.” ~Rumi
My fellow hackers will most assuredly recognize the above quote from Kali Linux. It has often been said that ‘fools talk, and wise people listen.’ This philosophy is intertwined with privacy for the simple reason that the more you open up and talk to people whether in real life or online, the more you invite them to chat you up. Thankfully this piece is not titled, “How to Win Friends and Influence People,” or I think I’d be in trouble. Luckily I am self-admittedly anti-social. Instead, this is yet another security and privacy piece written by yours truly. I consider silence as a thing of beauty that should be treasured in this chaotic and noisy world we live in. You’ll learn a lot more in general by listening than you will by being a ‘chatty Kathy.’ The fact that this practice will not make you popular or more likable is not lost on me, I assure you. These are personal decisions you have to make yourself. No one can make them for you. Music can cloud creative thought and dull your senses to situational surroundings. In my compartmentalized world, there is a time and place for music. Sometimes music can be a welcome escape, other times it clouds the mind. Music can be a potent source of inspiration and even change your mood, so you’ve got to know when to use this tool. Listening to the same songs repetitively subliminally programs your mind to someone else’s lyrics about sex, drugs, money or whatever crap they are selling. Be attuned to that and limit accordingly.
Mixnets
There is a now-famous quote from the former head of the NSA and CIA, General Michael Hayden, that said, “We kill people based on metadata.” If there is any doubt in your mind as to the importance of minimizing and removing metadata, this should clear things up for you. This statement was made by a former director of the NSA & CIA, so he might know a thing or two about how Intelligence agencies operate. Imagine what foreign intelligence agencies are doing with your metadata. Do you still think it is harmless to upload all of your personal photos to social media sites like Instagram and Facebook which you have left wide-open on the Internet for anyone to view? The point is that you, as the user of these free services, have absolutely no way of knowing who is getting your data or what they are doing with it. Are you on Facebook’s decision board to allow “X” developer company to access your Gmail emails? No, exactly. That is why social media and free Internet services are generally not worth the risk for the privacy enthusiast and are certainly a risky endeavor for anyone trying to become virtually untraceable.
SecureDrop, Signal, and Tor hidden services are widely used for private communications, but soon we can also expect to see ‘mixnets’ that offer powerful encryption and metadata-resistant private communication services. Mixnets use technology that shuffles and randomizes messages that are received and then spits them back out at random time intervals making it impossible for passive network traffic collectors to patch together who the originators and recipients are. I don’t know about you, but I am looking forward to learning more about the technical intricacies of how these mixnet protocols function in the future.
Black Arch Linux
For all my hackers out there, you know that Linux is the hacker’s playground and that is largely due to the fact that it is a free, Open Source Software (OSS) operating system that offers a much higher degree of tailorable functionality than a proprietary OS like Windows allows. There have been so many different variations of Linux published that it will make your head spin. Kali Linux is perhaps the most popular of the hacker-themed Linux distributions, but a lesser-known alternative is Black Arch Linux. Snubbed by some in the hacker community as the “vegan Mormons of the Linux community,” (no offense intended to either vegans or Mormons) Black Arch Linux is a unique operating system (OS) build that is specially crafted for penetration testers (pentesters) and security researchers with over 2,020 tools at last count. The fact that it was designed for pentesters doesn’t mean that you can’t also use it though. The average user will likely not use many of those types of software tools as their use often requires an advanced understanding of computers and security tools, but there are plenty of tools with Graphic User Interfaces (GUI) (pictures) that are worth exploring like the password cracking and the deleted file recovery tools. If you want to experiment with hacking tools, set up a virtual training environment at home and hack away.
One method of achieving virtual anonymity online is to connect to the Tor or the Invisible Internet Project (I2P) cross-platform network using a free, Open Source Software (OSS) virtualization x86 engines such as VirtualBox that runs on Windows, Linux, macOS, and Solaris. For this to work successfully, you’ll need to first download and install VirtualBox on your computer. Then download and install the Black Arch Linux image (.iso) inside of VirtualBox. There are YouTube tutorials on how to do this if you’re shy. Ensuring that your VPN is activated, open your VirtualBox Black Arch Linux virtual OS and connect to Tor, I2P, or Freenet from within the virtual OS to browse.
This technique may seem like a rather extreme, out of the way, method to browse the Internet anonymously, but dedicated privacy enthusiasts will go to great lengths at times to achieve and maintain privacy. It should be noted that even when employing this approach to anonymous browsing, it is still possible for law enforcement to reverse trace an IP address back to your VPN provider and then subpoena your VPN provider for your true IP address due to vulnerabilities in the Tor and other so-called anonymous Web browser technologies. You can also perform the same technique, of course, with VMware loaded with a Kali or Ubuntu Linux install if you wanted to, but for the purposes of this article, I wanted to showcase VirtualBox and Black Arch Linux. Serious VMware users will tell you it is worth it to pay for the annual subscription to VMware (~ $300/yr.) and that the free VirtualBox is too clunky, but if you’re frugal like I am, then you’ll just keep using VirtualBox anyway and make it work.
The Dark Art of L33t 1nv1s!b1l!ty
To be considered “L337” or elite in hacker lingo, it takes a great deal of practice and experience in these so-called Dark Arts of virtual anonymity and untraceability. Someone that has achieved elite status can be considered to have mastered their tradecraft, and generally speaking, to master an art requires approximately 10,000 hours of experience. I would even go so far as to say that 10,000 hours may not be enough experience if you add in the subtle complexities of information system security technologies. An elite practitioner of virtual untraceability will espouse many of the concepts discussed throughout this series and will have adapted many of the techniques mentioned in their lives and probably many other techniques also. I will not paint the picture of exactly what a privacy expert looks like or what they do; examples are few and far between. Just think of someone you know is very low-key and start examining how they live their lives if this lifestyle is something that you’d like to learn more about. There are books you can read as well on this subject that will help.
Until next time, and remember Zero Trust, Always Verify.
Additional Privacy Resources
z3r0trust Privacy Newsletters: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, #4–20, #5–20, #6–20, #32–20, #33–20, #8–20, #9–20, 16, 17, 45–20, 46–20, 47–20, 48–20, #1–21, #2–21, #3–21, #6–21
*Privacy-related articles also published by the author can be found here.
Other helpful privacy info: EFFector | Atlas of Surveillance | Privacy Tools | IAPP | ACLU | PogoWasRight.org | DataBreaches.net
