anonymous searching · anonymous searching workshop for vogin-ip-lezing 20 march 2014, amsterdam,...
TRANSCRIPT
*
Anonymous searching
Workshop for VOGIN-IP-LEZING
20 March 2014, Amsterdam, The Netherlands
Arno H.P. Reuser Reuser’s Information Services
[email protected] Leiden, The Netherlands
+31 6 3812 7715
Leiden, The Netherlands
Reuser’s Information Services
Monday 7th April, 2014
OSINT Research Techniques
All material in this document is copyright c©Reuser’s Information Services, Leiden 2006-2013.
Print and typeset using LATEX 2εPublished by Reuser’s Information Services
Edited March 2014Print Monday 7th April, 2014
For questions, please contact Arno H.P. Reuser ([email protected]).
Unless explicitly stated otherwise, all rights including those in copyright in the content of this doc-ument are owned by or controlled for these purposes by Reuser’s Information Services. Except asotherwise expressly permitted under copyright law or Reuser’s Information Services’ Terms of Use,the content of this document may not be copied, reproduced, republished, downloaded, posted,broadcast or transmitted in any way without first obtaining Reuser’s Information Services’ writtenpermission or that of the copyright owner.
The intellectual property rights belong to
Reuser’s Information Services
De Wetstraat 162332 XTLeidenThe Netherlands
Reuser’s Information Services http://www.reuser.biz
c© 2014 reuser’s information services page 1 Monday 7th April, 2014
OSINT Research Techniques LIST OF TABLES
Contents
1 Anonymity issues 3
1.1 Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.2 Reasons to be anonymous . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.3 Simple measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41.4 Proxies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51.5 Search engines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61.6 Tor protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2 The Onion Router (Tor) 9
2.1 Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.2 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.3 What it looks like . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102.4 Alternative access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112.5 Anonymous browsing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112.6 The .onion pseudo domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3 About 15
3.1 Disclaimer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163.2 Warning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
List of Figures
1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Searching by proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Anonymous proxy Kproxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 TrackMeNot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Anonymous search engine Disconnect.me . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Anonymous search engine DuckDuckGo . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Anonymous search engine StartPage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 Vidalia Tor interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 TOR network start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1010 TOR browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1111 Tor2Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1212 Tor: IP address before starting the Tor network . . . . . . . . . . . . . . . . . . . . . . . 1213 Tor: IP addres before starting the Tor network . . . . . . . . . . . . . . . . . . . . . . . . 1214 Tor: identity after starting the Tor network . . . . . . . . . . . . . . . . . . . . . . . . . 1215 Tor: changing your identity while working . . . . . . . . . . . . . . . . . . . . . . . . . 1316 Tor: a new identity after asking for a new one . . . . . . . . . . . . . . . . . . . . . . . . 1317 Tot: a Tor directory to buy credit cards, drugs, weapons and more. . . . . . . . . . . . . 1418 Tor: black market . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1419 Tor: buy your money online . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
List of Tables
c© 2014 reuser’s information services page 2 Monday 7th April, 2014
OSINT Research Techniques 1 ANONYMITY ISSUES
1 Anonymity issues
1.1 Contents
1.2 Reasons to be anonymous
Scott McNealy
Someone already has your medical records, someone has your dental records, someone has yourfinancial records, VISA knows what you bought, someone knows just about everything about you.You have no privacy. Get over it! Scott McNealy. 1999
Consider the following
1. Protect your information position
(a) Protect yourself against economic espionage (’computer network exploitation’)
(b) Protect yourself against snooping competitors
(c) Prevent the target of knowing who is looking
Figure 1:
(See figure ˜1)
2. Prevent cyber bullying
3. Prevent cyber crime ”I have nothing to hide”
”There is nothing of interest on my machine”
4. Hide your geographical location For journalists, activists, criminals
5. Protect your medical condition
6. Victims of violence
c© 2014 reuser’s information services page 3 Monday 7th April, 2014
OSINT Research Techniques 1 ANONYMITY ISSUES
1.3 Simple measures
Providers
Use different internet providers in different countries
SMTP relay
Use anonymous SMTP relay services or anonymous email services.
1. SilentSender.com 1
2. Tor Mail 2 . Free anonymous email service provider
off line since August 2013
3. Get a client remailer: QuickSilver 3 , OmniMix
Will strip mail from senders’ address. The sender’s address to answer too is in the encrypted messageitself.
Email address
1. Use anonymized email addresses
(a) Not: [email protected]
(b) But: [email protected]
(c) Or: [email protected]
In addition, gmail also removes most mail ’received’ headers.
2. Use aliases
(a) Not: [email protected]
(b) But: [email protected]
(c) Or: [email protected]
And have your mail client forward all this mail to appropriate folders
3. Turn OFF your automatic signature
1SilentSender.com: http://www.silentsender.com2Tor Mail: http://jhiwjjlqpyawmpjx.onion/3QuickSilver: http://www.quicksilvermail.net/
c© 2014 reuser’s information services page 4 Monday 7th April, 2014
OSINT Research Techniques 1 ANONYMITY ISSUES
1.4 Proxies
What is a proxy?
Function to store popular webpages at the servers of the Internet provider to save bandwidth
Protection function to hide IP address or temporarily assign another one
Anonymous proxy clients
A proxy was originally intended to preserve Internet bandwith by storing high demand pages in atemporary cache. Today, an Anonymous Proxy offers the possibility to surf the Web in a more or less’anonymous’ way.
Today, a proxy is also used to search in anonymity. There are many ”anonymous proxy’s” out there,some for free, but these tend to be very slow.
1. Anonymizer TotalNetshield
Figure 2: Searching by proxy
(See figure ˜2)
2. Kproxy Alternatively, try using a free anonymous proxy, like Kproxy 4 . Drawback are theadds and annoying pop-up screens off course.
(See figure ˜3)
Activate private surfing mode
Modern browsers offer a possibility for private surfing. Check your history settings as well as yourcookie settings. Some browsers offer an option to search ’anonymously’.
In Mozilla Firefox start private browsing to prevent the browser of storing your private surfbehaviour (passwords, history, cookies, etc.). in MS Internet Explorer 8 InPrivate Browsing andInPrivate Filtering .
4Kproxy: http://www.kproxy.com
c© 2014 reuser’s information services page 5 Monday 7th April, 2014
OSINT Research Techniques 1 ANONYMITY ISSUES
Figure 3: Anonymous proxy Kproxy
Firefox Add-ons
Annoy the search engines
Flood your favourite search engines with fake search queries by using a tool like TrackMeNot suchthat your real query gets more difficult to identify. TrackMeNot is a Firefox add-on.
Figure 4: TrackMeNot
(See figure ˜4)
1.5 Search engines
Alternative search engines
The below are a few examples of search engines that more or less protect your identity when search-ing. Care is required however. Searching may be done via a proxy, but clicking a link may unveilyour identity.
1. Scroogle Is no more. Supposedly dealt with by Google...
2. Disconnect.me 5
(See figure ˜5)
3. DuckDuckGo 6
5Disconnect.me: https://disconnect.me6DuckDuckGo: http://www.DuckDuckGo.com
c© 2014 reuser’s information services page 6 Monday 7th April, 2014
OSINT Research Techniques 1 ANONYMITY ISSUES
Figure 5: Anonymous search engine Disconnect.me
Figure 6: Anonymous search engine DuckDuckGo
(See figure ˜6)
4. Startpage 7 (ixquick)
Figure 7: Anonymous search engine StartPage
(See figure ˜7)
1.6 Tor protocol
Introduction
Tor gives access to part of the deep web consisting of top level pseudo domain .onion, and, Torprovides a protocol for anonymous searching.
7Startpage: https://startpage.com/
c© 2014 reuser’s information services page 7 Monday 7th April, 2014
OSINT Research Techniques 1 ANONYMITY ISSUES
Tor encrypts the message and sends it through multiple anonymous proxies making identificationvery difficult.
Figure 8: Vidalia Tor interface
(See figure ˜8)
c© 2014 reuser’s information services page 8 Monday 7th April, 2014
OSINT Research Techniques 2 THE ONION ROUTER (TOR)
2 The Onion Router (Tor)
2.1 Contents
2.2 Introduction
The Onion Router
1. Tor = The Onion Router
2. Multiple layers of encryption around each packet, like an onion
3. Designed, implemented, and deployed as a third-generation onion routing project of the U.S.Naval Research Laboratory. Originally developed with the U.S. Navy
4. Decvelopment started in 1995 (!)
5. Second-generation Onion Router presented in 2004 8
6. Builds a circuit of encryptes nodes, a chain of anonymous proxies.
How it works
1. Encryption encrypts the data package, not the headers
2. Data packages take a random path on the internet through several relays to cover your tracks
3. Each path/realy know only which relay it got the package from, and which relay to give it datato
4. No relay knows the entire path. Each relay sees only one hop.
5. Each package has multiple layers of encryption
6. Each node decodes one layer of encryption to find the next recipient.
Use
TOR is being used for
1. Anonymous browsing and anonymous working
2. Accessing the .onion pseudo domain network (deep web)
Target audience
8Dingledine 2004 – Tor : the second-generation Onion Router / Roger Dingledine, Nick Mathewson. - In:13th USENIX Security Symposium, July 2004. - p.303-3320
c© 2014 reuser’s information services page 9 Monday 7th April, 2014
OSINT Research Techniques 2 THE ONION ROUTER (TOR)
1. Businesses
2. Journalists
3. Law enforcement, police, fraud investigators
4. Activists
5. Criminals, thiefs
6. Terrorists
What you need
1. Tor Browser bundle Holds Vidalia package and a dedicated Mozilla Firefox Browser for anony-mous browsing.
2. Tor project 9 with packages for Linux, Mac, Android, and Windows.
3. Tip: the Tor bundle does not install. Simply unpack by double clicking and run.
4. Do NOT unpack and run from c:files , but somewhere else
5. Alternatively, unpack and run from your flash drive.
2.3 What it looks like
Run Vidalia
Figure 9: TOR network start
(See figure ˜9)
9Tor project: http://www.torproject.org
c© 2014 reuser’s information services page 10 Monday 7th April, 2014
OSINT Research Techniques 2 THE ONION ROUTER (TOR)
Mozilla Firefox will start
The Tor browser bundle comes with it’s own stripped down version of Firefox, where only ’safe’add-0ons are loaded.
Figure 10: TOR browser
(See figure ˜10)
2.4 Alternative access
Access the .onion domain without the Tor Browser Bundle
Via a public gateway one can access the Tor domain from the ’normal’ web without using Vidalia orthe Tor Browser Bundle.
1. Disadvantege: it is not anonymous
2. Advantage: no need for the Tor Browser Bundle
3. Address of websites: domain names ending on .onion.to
4. Gateway: Tor2Web 10
(See figure ˜11)
2.5 Anonymous browsing
Who are you?
(See figure ˜12)
(See figure ˜13)
After starting the Tor network (Vidalia)
10Tor2Web: https://www.onion.to/
c© 2014 reuser’s information services page 11 Monday 7th April, 2014
OSINT Research Techniques 2 THE ONION ROUTER (TOR)
Figure 11: Tor2Web
Figure 12: Tor: IP address before starting the Tor network
Figure 13: Tor: IP addres before starting the Tor network
Figure 14: Tor: identity after starting the Tor network
(See figure ˜14)
Changing your identity while working
c© 2014 reuser’s information services page 12 Monday 7th April, 2014
OSINT Research Techniques 2 THE ONION ROUTER (TOR)
Figure 15: Tor: changing your identity while working
(See figure ˜15)
Figure 16: Tor: a new identity after asking for a new one
(See figure ˜16)
2.6 The .onion pseudo domain
The .onion domain is not official
The top level domain is not a regular domain as specified by ICANN and/or IANA, but a .onionpseudo domain. The origin of the domain websites is almost impossible to find.
(See figure ˜17)
An underground Internet
(See figure ˜18)
(See figure ˜19)
c© 2014 reuser’s information services page 13 Monday 7th April, 2014
OSINT Research Techniques 2 THE ONION ROUTER (TOR)
Figure 17: Tot: a Tor directory to buy credit cards, drugs, weapons and more.
Figure 18: Tor: black market
Figure 19: Tor: buy your money online
c© 2014 reuser’s information services page 14 Monday 7th April, 2014
OSINT Research Techniques 3 ABOUT
3 About
Contact information and biographical information on the owner of Reuser’s Information Services
Who:
• Arno H.P. Reuser ; OSINTian ; information professional ; librarian ; information freak ;
Work:
• CEO, owner and founder Reuser’s Information Services ;
• Senior policy advisor OSINT at NL ministry of Defence ;
Activities:
• Founder: Reuser’s Information Services ; Dutch Open Source Intelligence Branch ;
• Writer: OSINT in Inlichtingen- en Veiligheidsdiensten (Kluwer) ; co-editor Advances in Social Net-work Analysis and Mining (Springer) ; journal articles ; book reviews ;
• Interviews: in several magazines (GO magazine, IK Kapital) ; PODcast (International Spy Mu-seum Washington D.C.) ;
• Teacher/speaker; Uni.Amsterdam, Uni.Utrecht, NLDA Breda, DIVI, GOBI The Hague, Uni.South Denmark, Uni.Kaohsiung Taiwan, Clingendael, United Nations IAEA, EU (EUlex, EUMMGeorgia, Eurojust, Europol, Consilium), Interpol, Folke Bernadotte Academy Sando SE ;
• OSINT Trainer: training programmes, courses and workshops in Austria, Australia, Belgium,Denmark, France, Netherlands, Sweden, Switzerland, Ukraine, United Kingdom, Unites States;
• Awards: Life time award OSS 2007 ; Golden Candle Award 2003 ; Nomination for InformationProfessional of 2010 ; Winner National Information Retrieval Contest ;
• Websites: Reuser’s New Repertorium (Internet Resource Discovery Toolkit) http://rr.reuser.biz; home page http://www.opensourceintelligence.eu ; NEDBIB discussion list http://nedbib.reuser.biz;
• Programming/research: ISOLDE building blocks search engine ; Delphi Search Engine Com-parison device ;
Contact:
• e-mail: [email protected]
• Skype (arnoreuser) ; Twitter (arnoreuser, OSINT) ; Facebook ; LinkedIn ; WhatsUp ; SMS ;
• WebsitesCompany home page: http://www.reuser.bizReuser’s New Repertorium: http://rr.reuser.bizIsolde search engine: http://isolde.reuser.bizNew home page: http://www.opensourceintelligence.eu
• Phone: +31 6 3812 7715 (GMT+1)
• Address: De Wetstraat 16, 2332 XT Leiden, The Netherlands
c© 2014 reuser’s information services page 15 Monday 7th April, 2014
OSINT Research Techniques 3 ABOUT
3.1 Disclaimer
All statements made in this document, all the content in this document is based on the personalexperience, study and knowledge of the writer and owner. No statement is endorsed by whateveroffical institute or government institute or government agency in The Netherlands or anywhere else.The writer, speaker and owner cannot be held liable for the use of the information or any damagewhatsoever resulting from its use wether direct or indirect. Use at your own risk.
3.2 Warning
Techniques, procedures, tools and documents used and/or demonstrated may in your country ororganisation be illegal, an offence, a misdemeanour, a felony or worse, punishable by law.
DO NOT TRY ANYTHING!
unless you are absolutely sure about the ethical and legal consequences. Try at your own risk.
c© 2014 reuser’s information services page 16 Monday 7th April, 2014