Making a spy flash drive with a protected Tails operating system

[Brother]

The content of the article​

• Anonymous reference
• Introduction
• Installation
• Beginning of work
• Additional software, saving files and settings
• Protecting data, discarding the tail
• Communication
• Email
• Total

Tor is by far one of the most needed privacy protections out there. But in order to protect yourself from all sides and work without leaving any traces at all, you need much more. Tails is an operating system in the Debian Linux family with strong data protection principles. Using a flash drive with Tails, you can not be afraid of not only surveillance on the Internet, but also a search in your apartment.

Anonymous reference​

Articles from this series are published free of charge and are available to everyone. We are convinced that everyone has the right to basic knowledge about the protection of their data.
Other articles in the cycle:

• " How authentication tokens work and how they differ from passwords ";
• " Theory and practice of mail encryption ";
• " Types of encryption and traffic protection, choice of software ";
• " How to encrypt correspondence in Jabber: a step-by-step guide ."

If these materials are trivial for you - great! But you will do a good deed by sending a link to them to your friends, acquaintances and relatives, who are less tech-savvy.

Introduction​

Tails isn't the only Linux distribution that puts data protection at the forefront. But, in my opinion, this is by far the best choice for a person who wants to preserve the confidentiality of correspondence, the protection of personal data and the safety of important information from prying eyes. And since I started talking about the principles of data protection in Tails, it would be useful to list them.

1. Maintaining the confidentiality of information. Everything is simple here, we need to protect our information from strangers. To do this, we will encrypt everything, use cryptographic algorithms and long keys. We will even encrypt something several times. Nothing should be kept in cleartext, nothing is sent in cleartext.
2. Hiding the presence of information (steganographic protection). We need to hide the very fact of storing or transmitting data. We will use hidden encrypted containers to fill free disk space with random data that is heuristically indistinguishable from encrypted data.
3. Hiding the destination of information transmission. Sometimes it may be necessary to hide from prying eyes not only the information itself, but also the addressee. This is where multilayer encryption and onion routing will help us.
4. Plausible deniability. It may be necessary to direct persistent curious people (for example, during a search) on the wrong track. On top of the hidden containers with important data, we will create fake, but very plausible, encrypted sections in which we will store the cookbook and pictures of cats from the Internet.
5. The ability to refuse the fact of transferring information, revoke your digital signatures, and so on. The OTR protocol and the use of HMAC instead of EDS will help us in this.
6. Work on a computer without traces. Anything that can remain in the RAM, on the hard disk or even in the memory of the video card must be thoroughly cleaned. Everything important should be saved only on a securely encrypted, hidden and protected by us media, the risk of leaks should be minimized.

All of these principles complement each other. If you are truly concerned with protecting your data and maintaining your privacy, do not neglect any of them.

Installation​

To install Tails, we need two flash drives. Why two? To understand what recursion is, you must first understand what recursion is. And Tails can only be installed using Tails. Download ISO from the official site tails.boum.org. It is recommended to immediately check the image using OpenPGP, detailed instructions on how to do this are on the site. We write the downloaded image to the first intermediate flash drive using the Universal Usb Installer. After that, you can turn off the computer and boot from the USB flash drive. When the OS boots up, you will need to insert the second (primary) USB flash drive and select Applications → Tails → Tails Installer Install by Cloning.

If everything worked out, then the system is ready to go.

Beginning of work​

After booting from a working USB flash drive, we need to create a persistent protected partition, a kind of "hard drive on a USB flash drive." This is done through Application -> Tails -> Configure Persistence.

We reboot the computer and select Use Persistence and More Options on the boot screen, after which we enter the password for our storage.

Select the region from the menu at the bottom of the screen. This is important because the Tor entry nodes depend on the region. This is where you need to experiment. In my case, Denmark was the best choice.

In the advanced settings menu, set a password for programs that need administrator rights. You can put any, it works within the session and does not affect anything else.

Keep in mind that it takes a while to download, and then Tails will connect to Tor for a few more minutes. You can track the process by clicking on the Onion Circuits icon - an onion in the upper right corner of the screen.

After a while, Tails will inform you about a successful connection to Tor. By default, the network is configured so that all traffic will go through it. Now you can download everything we need to work.

Additional software, saving files and settings​

By default, Tails is not designed to keep installed software, settings, and files after you turn off your computer. However, the creators have provided for the ability to store some data in a persistent section. You can configure what exactly will be stored in the Settings → Persistent section.

Most of the menu items are self-explanatory, so I'll focus on the last three. The second and third from the end are responsible for storing APT packets. Tails is based on Debian, so most of the software we need can be installed using apt-get. And although the programs themselves will not be saved when the computer is turned off, APT packages, with appropriate settings, will remain in the persistent section. This allows you to deploy all the software you need during the system boot process.

The last item of the Dotfiles menu allows you to create a folder with files in the persistent section, links to which will be created in the Tails home folder at startup. It looks like this.

Here is an example of the structure of files in a persistent section.

/live/persistence/TailsData_unlocked/dotfiles
├── file_a
├── folder
│ ├── file_b
│ └── subfolder
│ └── file_c
└── emptyfolder

In this situation, the following link structure will be in the home folder:

/home/amnesia
├── file_a → /live/persistence/TailsData_unlocked/dotfiles/file_a
└── folder
├── file_b → /live/persistence/TailsData_unlocked/dotfiles/folder/file_b
└── subfolder
└── file_c → /live/persistence/TailsData_unlocked/dotfiles/folder/subfolder/file_c

Protecting data, discarding the tail​

By itself, our persistent partition is already encrypted. However, it has a significant drawback: it does not provide a plausible denial of encrypted data. To provide a plausible denial, I will offer a solution that differs from the recommendations of the creators of Tails. What to do for you - decide for yourself.

The Tails creators recommend using a LUKS-based cryptsetup. This program allows you to create hidden partitions, but such a partition is not completely hidden. As far as I know, it is possible to detect the header of a hidden section, which allows us to establish its presence.

Such a hidden section does not suit me personally. So I decided to use good old TrueCrypt version 7.1a. The header of the hidden TrueCrypt partition is indistinguishable from random data, and as far as I know, it is impossible to detect it. It is better to store the binary file of the TrueCrypt program here, in the persistent partition.

I will not describe in detail the process of creating a double cryptocontainer, I will only note an important nuance. Since the hidden TrueCrypt partition is truly hidden, even the program itself is not aware of its existence until you enter the correct password. Because of this, when writing files to a false partition, the hidden partition may become corrupted. To prevent this from happening, when mounting a false partition to write pictures of cats to it, you need to select Mount Options → Protect hidden volume when mounting outer volume.

Like a lizard that throws off its tail in danger, we can now, if necessary, enter the password for the fake partition and show everyone the photos of cats instead of confidential information.

Communication​

Now that we have secured our information, we can begin to transfer it, that is, to communicate. Let's start with Pidgin. It works great as an IRC client, and Tails has also made it a little stronger. The OS includes Pidgin with an installed plugin for the OTR protocol. It is he who is most interesting to us. Avoiding complex mathematics, we can say that this protocol provides secure data transmission with the possibility of denial, that is, it is impossible to prove that a specific message was written by a specific person.

Before you can start communicating with someone using the OTR protocol, you need to connect to the IRC server. However, it is very important to ensure that SSL is used. Tor encrypts traffic as it passes between nodes, but if you don't use SSL, your traffic will be transmitted in clear text to the Tor entry node and from the exit node to the destination. Some Tor nodes are banned from IRC servers, so a Tor restart may be required. This can be done by a team /etc/init.d/tor restart.

After the connection to the server is established, select Buddies → New Instant Message.

In the dialog window that opens, select Not Private → Start Private Conversation.

Three options for authentication will be offered: enter the answer to the secret question that you discussed with the interlocutor in advance (in this case, you must enter the same answer, spaces and case are considered); enter a general "secret" phrase; verify fingerprint is a forty-character string that identifies the OTR user.

Now you can chat via OTR. But what about voice communication? Here, alas, not everything is smooth. Since Tails routes all traffic through Tor, there are a number of issues with voice communication. First, most VoIP programs use UDP, while Tor can only transmit TCP packets. Secondly, Tor does not differ in speed and sometimes packets arrive with a lot of delay. So there may be delays and disconnections.

However, there is OnionPhone, a dedicated plugin for TorChat. Mumble does a pretty good job too, although this option is less secure. In order for Mumble to work through Tor, you need to start it with a command torify mumble, and also select the Force TCP item in the program's network settings.

Email​

Mail in Tails can be used in the same way as in other operating systems. The standard assembly includes the Icedove mail client, its settings and keys can be stored in the persistent section. An important nuance to keep in mind when sending emails is that the subject headers are not encrypted. This is not a bug, but a feature of the protocol implementation that you just need to know about. In addition, it is recommended to encrypt files sent by e-mail.

Total​

I have described only some of the features of Tails, but the base assembly contains an impressive set of additional programs that you will have to learn on your own. I recommend, for example, looking at the software for erasing file metadata - it will help you protect yourself even better.

(c) xakep.ru