Becoming Virtually Untraceable (Eps5.0_Tr4!ls_G0n3_D4rk.p7z)
*Note: This article was originally published by the author on September 28, 2018. This article is also available in Spanish here.
Whether you realize it or not, you are constantly being watched. Even when you think you’re not, chances are that you are! There are hidden cameras and watchful eyes around every corner if you live in an urban area. You could even be in the middle of Siberia with seemingly no one around you as far as the eyes can see while popping a squat next to a sand dune and unknowingly be under surveillance from satellites in space that have incredibly powerful zoom capability down to 1 meter (i.e., ~3 feet) and image resolution. Think about that for a moment and let it sink in. Did you think satellites were just for communication networks and Global Positioning System (GPS) triangulation? Spy satellites are a genuine thing.
Sometimes those watchful eyes belong to humans, whereas other times they might be a surveillance camera lens through which human eyes are watching from a distance or replaying the video footage later on. Other times those watchful eyes are in your own home such as when you install surveillance cameras inside your house. Italy-based Hacking Team designed hacking tools that were sold to governments and law enforcement agencies around the world that allowed them to hack into targeted victims’ cell phones, computers, and even home Wi-Fi surveillance systems. To begin with, Wi-Fi is a very insecure Internet protocol, but we must use it to use the Internet on smartphones.
As with many technologies, they are dual-edged and can be used for good or evil purposes. Those in-home cameras can be used against you, especially if they are connected via Wi-Fi. They are not a bad idea for home security, but be careful where they are pointed. The point is that in case there was ever any doubt, surveillance is ubiquitous in the 21st century. If you live in the U.S., more often than not, your privacy has been deemed less important than national security. News headlines seemingly emerge daily regarding privacy rights being trampled on by this government or that one, some new massive data breach, or yet another misconfigured Amazon Web Server (AWS) Cloud storage bucket that belongs to a corporation that irresponsibly allowed your private information to be stolen. It is getting harder and harder to become virtually untraceable and keep your private information private. That doesn’t mean it is not entirely impossible and that you shouldn’t try, however.
The Human Bastion Host
It may come as a surprise to some, but whether you consented or not, your private information is being collected by multiple entities on the Internet. You are seldom even given the option to object to this practice. Many websites, for example, will not allow you to visit their website unless you agree to allow cookies to be downloaded to your computer’s browser. Make sure you delete those when you’re done browsing, so they don’t continue tracking your browsing habits. Loose or non-existent regulations have allowed tech companies, phone and Internet Service Providers (ISP) to get away with this for years now. Advertisers and marketing research firms pay for your private Web browser data collected by cookies that were installed on your computer Web browser. There is very little that anyone can do to prevent this because Internet regulation remains the Wild West and the laws are geographically dependent. What can be done, however, is to endeavor to make your private information a sort of bastion host. Because certain aspects of our identity are considered public information, to become virtually untraceable, one must actively search out and either remove or attempt to minimize their online presence. This is not an easy task as I have mentioned before throughout the series. Be your enemies’ persistent threat to make it harder to track you.
Stealth Mode: <ON>
A bastion host in cybersecurity terms is used to refer to a server or system that is exposed to threats from the Internet. It has been intentionally hardened to the point where it is super-fortified against external attacks because it only runs a single application; has firewalls on either side of it (Internet-facing and organization-facing), and all unnecessary services and ports have been removed and closed. Bastion hosts are designed to withstand cyber-attacks; they can take a beating and keep functioning. They are the very definition of cyber resiliency. To become virtually untraceable, we must also endeavor to become bastion hosts of sorts with our online identities and minimize all unnecessary risks of detection or exposure. Relating this to normal, everyday life, making yourself a bastion host could mean taking such actions as:
- Removing all personally identifiable information (PII) from the Internet (or as much as is possible);
- Freezing your credit and setting up fraud alerts (note: this is now free thanks to the Equifax data breach!);
- Being guarded with your personal information when talking to others (i.e., don’t freely give out personal info when you don’t have to);
- Not using social media or at least being very careful of what information and photos/videos you post online (avoid pictures of your home address, license plate, face, friends and families faces, addresses, license plates, etc.);
- Minimizing external tracking exposure by using a VPN and the Tor or similar proxy browser; using PGP-encrypted email or digital steganography;
- Upon re-entering the U.S. after traveling outside the country, emailing or backing up data to Cloud storage and sanitizing smartphones and laptops, so it has no data for law enforcement to inspect (without using digital forensic tools because why make their job easier right?).
Insofar as digital privacy philosophies are concerned, it is sometimes helpful to use Occam’s razor as a guide when you are personally conflicted. Occam’s razor is a principle for problem-solving that says it is usually the simplest solution that is the correct solution. So if you’re ever confronted with multiple philosophies regarding digital privacy, and you don’t know which one to choose; usually the most straightforward option available is not to share your personal data or to select an organization that at least pledges to protect your privacy and has a proven track record.
Treat your own government and state surveillance as a threat to your personal privacy. Unfortunately, in this day and age, the government does not always have your best interests at heart.
Bulletproof Data Hosting
There are safe havens in the world specifically dedicated to data storage such as the ‘Cyber Bunker’ where people can securely store their data that is out of the reach of governments and law enforcement. These so-called “bulletproof” data hosts are typically located in countries that are outside of the scope of INTERPOL or U.S. law enforcement agencies and do not have extradition treaties with the U.S. such as China, Russia, South America, and Eastern European countries that were formerly part of the Soviet Union. Due to legal cross-jurisdictional boundaries, these types of foreign bulletproof data hosts are challenging to take down and eradicate from the Web. They specialize in data redundancy and resiliency. Chances are you do not need to store your personal files in an international bulletproof data host, but if for some reason you did, then be prepared to pay big bucks as they are not cheap.
The Advanced Persistent Threat Living In Your Backyard
It is no secret that the American government, and most governments for that matter, prefer to be able to snoop on their own citizens easily. Multiple former directors of the Federal Bureau of Investigation (FBI) have railed against companies like Apple for their strong iPhone encryption and continually expressed their frustration with robust encryption technologies for which they demand backdoors into. The government and particularly the FBI could care less about the consequences of having a backdoor encryption key, that it would inevitably fall into the hands of adversaries and cybercriminals who would not hesitate to use it for less-than-honorable purposes. The government only appears to care about being able to unlock your encrypted smartphone, laptop, or read your encrypted communications to incriminate people. If you refuse to comply and exercise your Constitutional rights against unlawful search and seizure, then you’re automatically guilty in their eyes, and they can detain you and put you in front of a judge who can issue a search warrant for your devices. If you refuse to provide the password/PIN, you can be held in contempt and sentenced. Wow, how bonkers is that? Following the horrific terror attacks of 9/11, the Fourth Amendment Constitutional rights have taken a backseat to homeland security.
Being a patriot and Marine veteran, I can appreciate the need for the government to exercise a necessary amount of intelligence collection to protect the nation, its citizens, and national interests. That is one of the main purposes of government. I think there is a certain peace of mind with security, if you will, in the government’s ability to conduct Open Source Intelligence (OSINT) gathering using freely available information on the Internet as well as classified collection methods to protect the nation against terrorist threats. This has prevented untold numbers of foreign and domestic terrorist attacks and threats to the country, which I can appreciate being a former military member myself. All that aside, what checks and balances are there to prevent these 3-letter government intelligence agencies from crossing the line and violating your privacy rights as a citizen against unlawful search and seizure?
The NSA and CIA cannot even stop its own hired contractors from stealing code and classified information and taking it home or posting it on WikiLeaks for the entire world to see. These collection tools and methods should not be used against American citizens who object to their government’s practices. The right to peaceful protest, freedom of speech, the right to bear arms are all protected under the Constitution, and they are abused and encroached upon more and more frequently with each passing year, eroding their meaning with gross misinterpretation by the Courts.
Despite your best efforts to remain anonymous online and in your real life, it is essential to understand what you are up against. Those same income tax dollars you are forced to pay the Internal Revenue Service (IRS) are also used by the federal government to spy on you and collect your personal data. For example, some folks may not have been aware that the National Security Agency (NSA) recently built and maintains a massive $2 billion data storage facility in the middle of nowhere (Bluffdale, Utah). That data is being processed and analyzed by advanced computer systems with algorithms that are searching voice, video, and data for keywords.
The NSA was created to collect actionable Intelligence information on foreign adversaries as part of the Department of Defense, as in a strategic military asset. This organization should NEVER be gathering information on American citizens, yet lawmakers have passed regulations that have allowed this. It is a shame. Much has changed in recent years, and laws such as The Patriot Act and the USA FREEDOM ACT have made it legal for U.S. Intelligence and law enforcement agencies to collect intelligence on domestic ‘threat’ actors. You may think that you’re safe as long as you’re not engaging in anything illegal, but it boils down to a situation of checks and balances. I ask you, ‘who is watching the watchers?’ Are you?
“Absolute power corrupts absolutely!” ~ John Emerich Edward Dalberg Acton, first Baron Acton (1834–1902)
Zero Trust, Always Verify.
Additional Privacy Resources
*Privacy-related articles also published by the author can be found here.