How do you secure your computer?

documentmanager

Professional
Messages
175
Reputation
12
Reaction score
20
Points
18
I would like to know how other carders secure their tools. I will want answers from experienced carders. For example you get busted and all your data are in the open? Or you know you are in a country that tortures for example and will forcefully get the password or encryption keys out of you. What are the measure you have taken to secure yourself?

Does anyone know about a virtual box that will run on Mac from an external drive and easy to setup? Whereby all you need do is toss away the external drive? And your computer remains clean? Does each Partition running an OS have different Mac Address?

Or at-least a custom windows installation with intrusion prevention or panic mode. Where all you need do is enter your panic password and the windows logs in but this time around with everything deleted in the windows partition and windows just boot as a fresh installation. Securely wiped out data and unrecoverable or corrupts the data with certain encryption algorithm so that the data wont be readable. Since datas dont really get deleted assuming that all data are recoverable from the computer.

I dont want answers from people that still think simply formatting an hard-drive will save them. And talking about hard-drive whats best way to destroy? Microwave then dismantle and smart with hammers then throw in sea/canal/drainage/ ?

And whats up with carders still using ICQ when its American and when it can be subpoena with few court documents? I'm in support that all carders should now move to jabber or atleast a chart protocol that is non-American. And any reasonable carder should know to stay away from VPN providers like hidemyass which played role in arrest of the Anonymous team after being subpoena. Only buy vpn from eastern-Europe or china or countries you konw will not yield to USA subpoana

How do you secure yourself?
Macbook users / Bootcamp users
Regular PC users
Iphone/Ipad users knowing there is now mobile and portable gadget forensics. Dont be here if you can't secure first.

No retired. Due to bad publicity from press
 

turbobox

Professional
Messages
169
Reputation
17
Reaction score
18
Points
18
First of all I use Truecrypt with Hidden volume to encrypt my computer. What this does is that it makes 2 Password. 1 password will give access to one partition with your carding stuff, other password gives access to another partition which are clean.

This will help if somebody force/torture you to give password:

It may happen that you are forced by somebody to reveal the password to an encrypted volume. There are many situations where you cannot refuse to reveal the password (for example, due to extortion). Using a so-called hidden volume allows you to solve such situations without revealing the password to your volume.

More about truecrypt hidden volume: http://www.truecrypt.org/hiddenvolume

About destroying hard drives:

I would recommend Darik's Boot and Nuke ("DBAN")

DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.

Its easy to use, and when you have been running dban it will be impossible to recover any data.

Like you say.. Its best to use jabber. I use Pidgin client with OTR encryption plugin :http://www.cypherpunks.ca/otr/ (Everybody should start using OTR)

I think also its best to not relay on the anonymity of only a VPN alone, but also using for example private VIP72 socks with Proxifier, maybe make a sock chain.

For browsing forums I use TOR (www.torproject.org) TOR is a good anonymity network and for the TOR browser it is already configured browser to disable java, etc.. for best privacy. And use VPN + Sock for carding.

Sorry my bad gramming.. I will try to update in some hours.
 

noptical101

Professional
Messages
247
Reputation
20
Reaction score
22
Points
18
From what I know , using truecrypt with hidden volume ONLY , and without hidden system its pointless.(U can find details on their website)

Or U could use live cd , (goolge anonymous live distros,nix,win) + vmware +win
 

Gift Factory

RIPPER
Messages
12
Reputation
1
Reaction score
3
Points
3
ICQ is not american any more

" Digital Sky Technologies (DST), controlled by Yuri Milner and Grigoriy Finger backed by Russian billionaire Alisher Usmanov, had split its Russian and overseas assets. As a result, the company’s domestic assets which included Mail.ru, the Odnoklassniki social network, ICQ (recently bought from America Online) and minority interests in VKontakte and OSMP and E-port payment systems, have been merged into a holding company called the Mail.ru Group"

anyway better to use jabber + PGP
 

documentmanager

Professional
Messages
175
Reputation
12
Reaction score
20
Points
18
Anyone has a simplified version of running the Hidden OPerating system on Mac? Or just fucking buy a PC for this purpose? Hate to need or use two computers.
 

Jeferi

Professional
Messages
100
Reputation
14
Reaction score
19
Points
18
I have got the computer near the window.
This way, if anything ever happened I would just need to push it out :) lol

- Use Jabber and OTR/PGP
 
Last edited:

documentmanager

Professional
Messages
175
Reputation
12
Reaction score
20
Points
18
Pushing off the window wont destroy HDD unless you live on the 66th floor. And that still wouldn't help Unless it falls and cars role over it. And its not flushable.
 

iceroot

Professional
Messages
105
Reputation
14
Reaction score
16
Points
18
I use
VPN
+
USB Flash drive encrypted with truecrypt and hidden pertition(one is clean the other is for business)

Put all portable apps like thunderbird+open pgp-enigma ,pidgin+otr plugin. Google chrome modified(basically incognito mode+some other extras) portable app.

avoid using same pc/laptop that is for personal use,facebook other shit. buy/card another one that is only done for business. because this way incase your program leaks data and the computer logs this it can be used against you as evidence. basically never link your business identitywith your personal one, in a technical sense.
try avoid to communicate in the plain sight(aka icq,web based chats,normal unencrypted traffic) or inside forum pm's(because this data is accesible by many people including this forum. recent carder.su isnt a good sign. with pgp email encryption this is most secure way, for live chat use pidgin+otr(dont keep logs) .
Try to force your counterparts to put terms on security same as yours,its easy and there are plenty of guides to do it.
This way i can be portable and secure and without hassles once u get it right.

*google chrome has piracy issues, i suggest avoiding it. use firefox instead*
good luck
 
Last edited:

margatroid

Member
Messages
2
Reputation
1
Reaction score
2
Points
3
I enjoy an SElinux on an Encrypted Disk with the /boot partition on a USB that is encrypted & signed with a PGP key on the USB. The /SWAP is also encrypted to start up using a new encryption key boot.

With this setup the computer will not boot at all without the USB PayPal, so if my laptop is ever snatched. All I need to do is dispose of the USB and the contents of the laptop will never be able to be decrypted even with me present. Also if the USB should happen to be found it is encrypted it self assuming someone could recover the data after I wrote onto the USB a few hundred times.
 

mutombo

Member
Messages
15
Reputation
5
Reaction score
6
Points
3
The computer:
1. Encrypt HDD


- Encrypt whole disk before use (consumes time and slows down computer processes and still can be infected with trojans - nowadays authorities gather information while the suspect is not in custody)

- Live CD with hidden truecrypt mount Make a hidden, AES encrypted truecrypt mount volume on your HDD using a Live CD distribution and access only through the live cd. As a swap use some old and formated usb drive (since swap should be most 4bg/8gb) and it gives option to just throw away usb PayPal after use.
This is a very efficient way but it requires to split your personal and business time on your pc.

2. Obfuscate data
- Create a lot of small partitions (100mb - 500 mb each), all different in size, and encrypt them using truecrypt with different keys, random encryptions and put some random data in them - this will create a total encryption chaos on your hdd which is more than useful.


The internet / network:

1. Secure your computer

- First things first, nowadays Cyber Crime Authorities tend to hack into suspect's computers illegally with the help of paid hackers and monitor the activity directly and evidence logs. Protect your computer - Install secure OS (Linux), install secure firewall (there are a lot of iptables rules that can be applied), apply the latest patches for kernel/daemons/various software DAILY, do not running anything you download on your computer and instead use a virtual machine, do not bother to check logs - nowadays all malware clears all logs, have a tcpdump running 24/7 and monitoring.
Here's a little trick: Create a daemon that runs on port 8089 and in banner says some old version of nginx and set a tcpdump to watch over it - if you see any traffic on that port, you must know that you are scanned and tried to be exploited - block the ip, find who it is and change the ISP instantly.

2. Secure your connection
- Always use VPN.
Tor is good, but only for visiting random sites. When making business, VPN is on first place. You can buy from vendors, or you can take things more securely by buying bunch of shells and rdps and install openvpn servers on them and just use them randomly - first connect to the verified vpn and then to the random server, which will be outgoing connection. After use, you can dump the server, obfuscate the hdd or nuke it. ALWAYS use vpn - traffic is monitored, it doesn't matter where you log from, your credentials are monitored please understand that.

3. Secure yourself physically

- Never trust anybody and never use your real credentials.
- Do not even trust old friends, you never know who got to them.
- If you are doing big business, change your location constantly - get a 3g internet usb and you can have high speed internet while mobile - I know a team who offers '3g jammer' that gives false information about the 3g location to the ISP, very useful software.
- Stay at hotels who accept cash and always pay in cash.

I can also write a lot about : Securing your money ( Using proper offshore accounts and chained accounts), Securing your Identity (Watching out if someone is following you - modern techniques), Securing your mobile communication (encrypted cell phones and satelite phones, cell-phone software that obfuscates location using internet services such as VOIP ) and a lot of other important stuff. It's just too much to be all writen in one article, I may do a series or something, cheers to all.
 

Erick

Professional
Messages
700
Reputation
51
Reaction score
81
Points
28
I know a team who offers '3g jammer' that gives false information about the 3g location to the ISP, very useful software.
Huh, man u will never hide u from mobile provider, becuase there severs fixed for wich gsm base contacted mobile device
 

mutombo

Member
Messages
15
Reputation
5
Reaction score
6
Points
3
Huh, man u will never hide u from mobile provider, becuase there severs fixed for wich gsm base contacted mobile device

1. This 3g jammer works ONLY for 3g usb devices - having internet access non-stop on your laptop while traveling, something like this:
1282303398_114844264_1-Hinh-anh-ca--USB-3G-T-Mobile-Huawei-UMG181-1282303398.jpg


This can be very useful for internet while on the move, but it's a threat also - it provides a constant up-to-minute information about your current location, and that's why, the 3g jammer infects the 3g packets that are relaying to the station with false data, including: incorrect time, false location (randomly generated GPS coordinates), spoofed user id (you can also steal internet from other subscribed 3g users if you know the exact ID infos about them) . Also note that if you are out of country, sometimes the 3g providers cuts off the connection, that's why the random GPS data is generated to be in some range (your country or region you wish).
I know this because I've already tried it, and I am saying that it works, because I've been messing around with direct access to some forbidden ip ranges and nothing's come to me yet, just get rid off the usb dongle (pay for it in cash and false signature) and that's it.

For mobile phones it's a different story, that's why there are encrypted cells recommended.
 

Omega-

Professional
Messages
136
Reputation
-3
Reaction score
7
Points
18
Can you run a laptop without a hard drive instead using an encrypted external hard drive, boot up with linux live boot cd and ALSO have an encrypted usb as they /SWAP boot up authentication key?

Would be much appreciative for anyone who can inform me about this or let me know im completely wrong and how so?

Thanks alot.
 
Top