Quantcast

Hacker’s Guide to Stay out of Jail 6: Anti-Profiling

Further explicating OPSEC guidelines for freedom fighters at HITB SEC Conference, The Grugq now focuses on the various ways to prevent personal profiling.

Stick to anonymity online

Stick to anonymity online

In terms of staying anonymous, briefly, if we go over some guidelines, you want to avoid revealing personal information about yourself. Any personal information that you reveal can be used to create a profile. That profile could then be linked to a subset of people on lists, so if you are at this conference, you are already on lists, I can guarantee it.

Recommendations to avoid profiling

Recommendations to avoid profiling

Anti-profiling guidelines: these are all you would think amazingly fucking obvious, but again, as you’ve seen, you will be surprised. So don’t discuss any personal information, don’t discuss where you’re from, what’s happening, what’s going on, or who you are. Don’t include personal information in your online identities – so don’t call yourself 5.6ft 180lbs White Guy 1988. That’s a horrible fucking name, unless you’re actually not a 5.6ft 180lbs White Guy.

Avoid creating handles which are obviously linked to you in some way. When you’re discussing with people in chats that will be monitored, which is, again, all chats, don’t reveal things which are personally identifying, such as physical traits: your gender, your tattoos, your piercings, or whether you only have one leg, for example. This is why I never talk about my big penis, because that’s something that can be used to identify me.

Further anti-profiling guidelines

Further anti-profiling guidelines

Don’t mention your profession, your hobbies, or your political activities – these are things that can be used to profile and identify you. For example, these are things that Hammond did when he said he’d been arrested in an action recently, which was the Republican National Convention, and he was one of the protesters who got arrested out of 120 people. It’s like: “Oh look, here’s one that’s been busted for hacking and one who says he was arrested during this event. Maybe it’s this dude?” So, avoid mentioning things you’ve done that can be identified.

It is a source of contamination when you are using an anonymous activity with a non-anonymous activity.

When you are conducting anonymous operations, don’t post things to Cleartext – this was used heavily by that HBGary guy, what’s his name? Yeah, that dude who liked to correlate information between online activities from different accounts and used that as a contamination source to figure out who was who. We don’t know how actually effective that was, but again, it is a source of contamination when you are using an anonymous activity with a non-anonymous activity. Never ever post Facebook pictures, even if they are gorgeous tits – you will go to jail. For example, your Facebook link will contain your personal ID, and that will be linked to your Facebook account, and then they’ll know who the fuck you are.

Avoid geographic profiling

Avoid geographic profiling

Another one – there’s a large amount to be said for keeping very irregular hours. This will prevent locating you in a particular time zone, which will, again, mitigate against some geographic profiling. Don’t discuss your environment, such as: “The elections are coming up and I really hope some political party wins.” And if you are using a keyboard which is unique in any way, for example, anything that is not a pure US 102-character keyboard – don’t use special characters. Again, that will be used to geographically profile you.

Buffer overflows in the 80s

Buffer overflows in the 80s

And if you think you’re awesome – you’re not. Basically, the NSA was doing buffer overflows in the 1980s; there’s a high chance that some of you weren’t even born yet. There is no way that you’re more advanced than them. However, for a long time the NSA didn’t really give a fuck about being the #1 dog on the Internet – it didn’t actually matter. So, for quite a long time, as hackers, we thought that we were the apex predator, and it’s just basically that the nation states didn’t give a fuck. We have ceded the position of apex predator to LEO. LEO is Law Enforcement Officials. It’s actually more generally meant in this case to mean nation states who now give a fuck. We now simply don’t have the resource to compete with nation states: they’ve got massive amounts of money, huge amounts of people, and they don’t face going to jail if they fuck up. So, again – shut the fuck up.

Read previous: Hacker’s Guide to Stay out of Jail 5: Anonymity and Defense
Read next: Hacker’s Guide to Stay out of Jail 7: VPNs vs. TOR

Like This Article? Let Others Know!
Related Articles:

One comment

  1. jhfuftydcytj says:

    Just remebering Jonathan James, watch out your profile taken by them and then they gonna catch you because your behaviour signature match hacker profile

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: