COMPLETE OPSEC GUIDE

SUBMITTED BY: 5PH1NXfr

DATE: Sept. 9, 2022, 1:47 p.m.

FORMAT: Text only

SIZE: 19.2 kB

Raw Download

HITS: 374

Report
  1. COMPLETE OPSEC GUIDE
  3. In this guide will go in detail about safety tips.
  5. But for most people this is all you need:
  7. Just doing personal refunds? Basically no safety mesure needed if you dont use fake CC
  8. and are not looking to refund 50k woth of stuff every week
  10. Running a refund service? A RDP + Proxy or VPN is more than enough
  12. Useful programs:
  14. Encrypted Cloud Storage Services: https://nextcloud.com/
  16. Encrypted DNS Resolvers: https://quad9.net/ | https://libredns.gr/ | https://blog.uncensoreddns.org/
  18. Private Email Providers: Mailbox.org | Posteo | Disroot
  20. Web Hosting: https://www.bahnhof.net/ | https://njal.la/
  22. Pastebin hosting services: https://privatebin.info/ | https://cryptpad.fr/pad/
  24. Privacy Respecting Search Engine: https://searx.me/
  26. Web browser: https://www.torproject.org/
  28. Test your browser here for privacy: https://panopticlick.eff.org
  30. Browser addons for privacy: https://addons.mozilla.org/firefox/addon/ublock-origin/ |
  31. https://www.eff.org/https-everywhere | https://decentraleyes.org/ |
  32. https://gitlab.com/KevinRoebert/ClearUrls | https://www.xbrowsersync.org/
  34. File Encryption Software: https://veracrypt.fr/
  36. File Sharing: https://onionshare.org/
  38. Metadata Removal Tools: https://0xacab.org/jvoisin/mat2 | https://exifcleaner.com/
  40. Password Manager Software: https://keepassxc.org/
  42. Real-Time Communication: https://signal.org/ | https://briarproject.org/ | https://jami.net/
  44. Operating Systems: https://www.qubes-os.org/ | https://getfedora.org/ | https://ubuntu.com/
  46. Privacy Checking:
  47. Check that you're currently displaying a Tor IP address and that all scripts are disabled. If they're not then this is a privacy risk and you should continue to follow the advice below.
  49. Whoer.net
  50. For results under "Location" it should be giving the Tor servers hostname, ISP and not you're own.
  52. Under "Your Anonymity" it should list have an 'X' against Tor meaning you are correctly using tor.
  54. Under the Browser results it should be listed like this.
  55. • Javascript - disabled
  56. • Flash - disabled
  57. • Java - disabled
  58. • ActiveX - disabled
  59. • WebRTC - disabled
  61. Blocking Scripts Globally
  62. When you first install Tor Browser bundle, make sure scripts via NoScript are not globally allowed. This is very dangerous to your privacy and should be turned OFF. you can right click the no script icon (S icon next to address bar) and select options, in general tab, uncheck the scripts globally allowed tab.
  64. Slider Options
  65. The new slider options should also be changed. Click on the Onion icon at the top of tor browser for the drop down menu, and click "Security settings" and on the slider it should be set to 'high' for security level (by default is set as low).
  67. Note: Tails OS resets these slider options so make sure you have them set to 'High' whenever you access the Tor Browser.
  69. Plugins
  70. Addons/plugins should be blocked and/or not installed at all. NONE of the plugins not supported by the TorProject run the risk of bypassing the Tor Network and accessing the net directly, which runs the risk of leaking your real IP Address. It should be clear indication to anyone why this is an issue, but people sometime disregard the risks and lose a large part of their OpSec over mistakes like these.
  72. @surgxry
  74. Tails OS
  75. Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity, and helps you to: use the Internet anonymously and circumvent censorship; all connections to the Internet are forced to go through the Tor network; leaving no trace on the computer you are using unless you ask it explicitly; use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.Its an extra layer of protection that a lot of people trust and use. To learn more, please visit the various links below. They provide thorough, and detailed documentation on the usage and installation of the Tails OS.
  77. Whonix
  78. An alternative to Tails and also an open source project. Whonix is an operating system focused on anonymity, privacy and security. It's based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user's real IP.
  80. Shredding History / Footprints
  81. This section only applies to users who use the Tor Browser while not using Tails OS or Whonix. The recommend tool for cleaning footprints, history, cache, etc. from your drive is using a program known as CCleaner. It is recommended to go to Options > Settings and then selecting Complex Overwrite (7 passes) and 'secure file deletion'. Make sure all the boxes are ticked when Cleaning,including the Windows and Application tabs.
  83. This is recommended normally before the connection to Tor and after you've left Tor, to wipe all cookies etc. Remember that though this may clear a good deal of the tracks left behind of your activity on your PC, no cleaning software can ever remove all traces all of the time.
  85. Cookies -
  87. How The NSA is using them to track TOR users?
  88. Let's suppose that there is a famous online shopping website, owned or controlled by NSA. When a normal user will open that website from his own real IP address, the website creates a cookie on the user's browser and stores real IP address and other personal information about the user. When the same user will again visit the same NSA owned website, enabling Tor this time on the same browser - website will read last stored cookies from browser, which includes the user' real IP address and other personal
  89. Information. Further website just needs to maintain a database of Real IP addresses against the Tor Proxy enabled fake IP addresses to track anonymous users. More Popular the site is, More users can be tracked easily. Documents show that the NSA is using online advertisements i.e. Google Ads to make their tracking sites popular on the internet.
  91. How you can avoid Cookie tracking?
  92. One browser can't read the cookies created by other browser (As far as we know at the moment but this may change in the future, or become public). So Don't use Tor on the same browser, that you use for regular use with your real IP address. Only use the standard Tor Browser Bundle instead for Anonymous activities. You should always clear the cookies (with CCleaner or alike) after you’re done so any stored information, such as log on information – will not be stored on that computer. If you're doing something very interesting, you should use Tor on a virtual machine with the live OS so that cookies and cache and
  93. other OS data are dumped when the machine is closed.
  95. OPSEC FOR BOXERS & OTHER SELLERS:
  97. PRINT SHIPPING LABELS JUST BEFORE DROPPING OFF PACKAGES
  98. This is one ive only seen once or twice here on dread but that doesnt mean its not important. See, when LE has their eye on a vendor one method of identifying them is to stake out USPS drop boxes. First, they might place an order with you, then once you create the shipping label they will be able to see it. Theyll take the zip code used in your return address, stake out drop boxes in that area, and wait for you to pop up (like many vendors have done in their own car). Now maybe youre thinking, "LE doesnt have the manpower to watch all of those drop boxes and there are wayyy too many people using them". First, the thing is they DO have the manpower and its been done many times before. They also do things like stuffing/closing drop boxes so youre forced to drop off packages in a different location. Second, there really arent that many people using all of those boxes. I know weve all been told that "people with those shitty etsy stores" dump tons of packages into those boxes. Sure, its true in some places but not nearly as true as you think.
  100. STOP DROPPING OFF PACKAGES IN YOUR OWN CAR
  101. Or any form of tranportation that can be linked to your identity for that matter. LE might not be staking out that drop box youre at but they can review security footage from nearby cameras. Instead you can drive a good distance away from your home, park your car, and walk to the drop box.
  103. WEAR A DISGUISE
  104. when dropping off packages. Pretend your Jason Bourne or something. Wear a hat,
  105. glasses, baggy pants, long sleeve shirt, and a mask to hide your identity. And ONLY wear that disguise when youre dropping off packages.
  107. STOP WALKING INTO THE POST OFFICE
  108. Whether its to buy stamps, pick up boxes, or pick up/drop off packages you shouldnt be doing it. Those places are covered in cameras and you can do all of these thinigs elswehere. Not to mention they require ID to send a package. Way too many vendors get busted this way. Instead you can get yourself a label printer and print your own labels payed for with crypto. You can also pick up boxes/envelopes at your local office supply stores for FREE.
  111. SOURCE SUPPLIES OFFLINE
  112. Need baggies? Visit your local smoke shop. Need a vacuum sealer? Go to Wal-Mart. Dont be that guy who gets busted because he ordered all of his vending suplies off Amazon.
  114. GLOVE UP
  115. When youre packaging orders you should be wearing atleast 2 layers of gloves to prevent prints from being left on packages. In some cases, depending on what product you sell, residue on the glove might leave a more visible finger print. Gloves also tear so you dont want to finish packaging your orders for the day to then realize that your glove is torn and youve left fingerprints on all of your packages.
  117. WEAR A HAIRNET WHEN PACKAGING ORDERS
  118. Have you ever sat down to eat just to find a hair in your food? Disgusting, right? Well not to LE, they want all the hair they can get and they WILL use that hair against you. Wear a hairnet and long sleeve shirt or even better a coverall paint suit when packaging orders.
  120. MIX UP YOUR ONLINE TIMES
  121. Basically this means that you shoudlnt log into your vendor account at the same times every day. If youre being watched by LE and keep the same schedule it will be incriminating when they compare your online times to what youre doing in real life.
  123. USE MONERO
  124. Its all fine and dandy if youre being payed in bitcoin but you should be converting that coin to xmr before cashing out. If you dont have a method for cashing out monero then you can convert your BTC to XMR and back to BTC again. Be sure to send different amounts of money through the exchange at different times to avoid time correlation.
  126. DESTROY PACKAGING MATERIAL
  127. If you have scraps from shipping boxes or labels you should never throw them in your own garbage can. This has already burned a lot of vendors. Instead you should burn them or dump them in a garbage that isnt linked to you.
  130. HONORABLE MENTIONS
  132. LAWYER UP
  133. If youre involved in illegal activity you should find yourself a reputable defense. Lets say shit hits the fan and you get busted and taken to jail, when youre locked up youre not going to have the resources to find someone to defend you. Set aside some cash and make a few phone calls, youll be happy you did.
  135. TAKE NOTES
  136. You guys know those posts i make about darknet busts? Yeah? Well read them, and take notes! Many of those posts include good information like how investigations were started and how LE surveilled its suspects. You should be reading through these and taking notes on what TO do and more importantly, what NOT to do. I mean, cmon, its FREE!
  138. DONT SHIT WHERE YOU EAT
  139. Have you ever read about a vendor bust where LE didnt find a ton of drugs in the vendors home? Yeah, me neither. Your drugs and supplies should never be stored in your own home. Run your operation at a different location. And if you think your going to hide those drugs in a fake Mountain Dew bottle youre wrong, LE will find them. And they have dogs that are trained to sniff out tech gadgets too so make sure that thumb drive is in a safe place.
  141. WHAT NOT TO DO:
  143. 1. Do not talk about Darkweb with anyone IRL
  144. - This should be common sense, yet a lot of people break this "rule".
  145. Loose lips, sink ships.
  147. 2. Not using 2FA or encryption
  148. - ALWAYS use 2FA whenever available for any login. Whenever making orders, please encrypt your address using local software and not via website.
  150. 3. Using outdated PGP Key strength.
  151. - Use RSA4096 with a password that cannot be brute forced.
  153. 4. Saving packages of your orders as some type of trophy.
  154. - We highly advise that once you receive a package, dispose or burn the package after emptying it.
  156. 5. Not cleaning your house/computer/phone
  157. - Common sense. Clean your house/devices at least 2 times per week.
  159. 6. Using Windows or mobile phone for browsing and logging into markets
  160. - We recommend always using either Whonix or TAILS to access anything darkweb related.
  162. 7. Not encrypting sensitive text/files
  163. - A lot of people do not know that they can also encrypt entire files, not just text.
  165. 8. Not encrypting hard-drive
  166. - Using programs like VeraCrypt with good encryption algo and password should keep LE outside of your system.
  168. 9. Weak password
  169. - Do not use 123456 as your password. Include combination of high, low caps, numbers and symbols. Strong password should be 16-32 characters.
  171. 10. Contaminated packaging gear
  172. - For vendors. Always use gloves and whenever you touch something iffy with them, make sure to remove them before touching anything.
  174. 11. Snitching on yourself
  175. - If you are doing anything illegal, do not post it on social media or take pictures of it
  177. Interesting facts on how the law operates:
  179. The Postal System
  180. Even after the sophisticated technology to guarantee users anonymity, the dark web market
  181. vendors depend on the postal system or ordinary couriers to deliver their products such as drugs. Even after taking a lot of care to ensure that the products are not seized by the custom authorities, law enforcement officers may investigate where the package is being sent to or where it is being sent from.
  183. In other cases the post offices provide a good surveillance opportunity for the Feds.
  184. A perfect example is of Chukwuemeka Okparaeke who was a Fentanyl dealer in the Alphabay
  185. dark web marketplace. According to a filing by the US department of Justice (DOJ), Okparaeke was seen at several post offices in Midtown New York. He was also fond of buying priority delivery stamps in bulk and to add to all this, the postal staff had viewed his driving license. His biggest mistake however was depositing large numbers of packages at US post offices while wearing latex gloves. This caught attention of the postal staff.
  186. Law enforcement was already interested in that area as a source of fentanyl analogs and as such an approach by a postal inspector was seriously taken. The officers placed an order with fentmaster at Alphabay and were able to arrest Okparaeke after successfully being able to tie him to the fentanyl he sent them. On his arrest his phone was found to have the private internet access VPN app, Orbot TOR proxy app and a bitcoin app. He also had not cleared his browsing history and was thus easily tied to the drug dealing activities.
  188. Delivery of products through the post office continues to pose a big challenge for a majority of vendors in the dark web markets.Digging Through Seized Data An arrest of a vendor or seizure of a marketplace can provide a large amount of data in which investigators find leads they then can use to bust other dark web users. Through Operation onymous, which was an international law enforcement operation targeting dark web markets and other services operating on the TOR network, marketplaces such as Silk Road 2.0, Hydra and Cloud 9 were seized and shut down.
  190. The operation provided information that led to up to 17 arrests in different countries. One of thearrests made during the operation was of a Durham couple who were operating as cannabis shop on Silk Road 2.0. Users of the dark web markets may leave digital footprints in open forums or public documents that eventually disclose their identities to investigators.
  192. Ross Ulbricht the creator of the original Silk Road marketplace had his identity revealed by a special agent with the Criminal investigation Unit of the Internal Revenue Service (IRS) Gary Alford, who after googling the onion address of Silk Road on the normal internet, found an advertisement made by Ulbricht on a famous bitcoin forum bitcoin.org under the username altoid in a bid to attract more customers onto the Silk Road. A post from several months later on the same forum showed the personal email of Ulbricht in the text of the post, a later search on his email confirmed that he had set up an account on bitcoin.org under his personal email address. Availability of his personal information highly contributed to his arrest and conviction resulting in a life sentence without parole. A simple google search took down Ross Ulbricht who was a major player in the development of all dark web markets.
  194. Undercover Operations
  195. Due to availability of tools that provide users with anonymity, it is impossible to really know who is at the other end of a conversation. Law enforcement have taken advantage of these anonymity tools and posed as vendors, buyers or even administrators of marketplaces without the knowledge of other users. This has enabled them to bring down marketplaces while also busting the administrators, vendors and buyers. Dutch Law enforcement took control of Hansa on June 20 this year after arresting two of its administrators in Germany. They secretly ran the site while monitoring activities of the users.
  196. They were able to obtain addresses and identities of a majority of the users.
  197. The undercover operation led to arrest of a number of Hansa users. In the Netherlands the law enforcement arrested a 28 years old man for allegedly selling cannabis both domestically and internationally through the Hansa site using Quality weeds as his vendor name. Other arrests attributed to the undercover operation by the Dutch authorities at Hansa has been made in other countries such as Australia by the Australian Federal Police
  198. (AFP)
  199. Hacking
  200. Authorities have tried to circumvent TOR by attacking the endpoint which is usually the
  201. computers being used by the individuals visiting the dark web sites. Hacking could be the most effective way of identifying users since once it is successful, a large number of computers can be unmasked and the IP addresses of the users can be disclosed.
  203. Back in February 2015, the FBI seized a dark web child pornography site Playpen in an
  204. operation called Operation pacifier and ran the site from a government facility in Virginia for two weeks. During this time the agency deployed a hacking tool they called Network Investigative Technique (NIT). The tool was used to expose IP addresses of those accessing the site on the assumption that they were either trying to distribute or access child pornography.
  206. Using the NIT the FBI were able to obtain over a thousand users of playpen users based in the US.The hacking operation resulted into arrests of more than 135 people in 18 states in the US over child pornography cases
comments powered by Disqus