Category Archives: Uncategorized

Laughable Security from @HackersList

A few days ago I noticed @HackersList, a service that pitches itself as a way for hackers and potential customers to meet. I tried to like it, truly I did, but the interface is hopelessly insecure.

The site has a polished, unique front end, suggesting that maybe someone has put some money into this.

Hackers List Front Page

Hackers List Front Page

I tried registering using Tor, which proved to be an exercise in futility. The site is Cloudflare protected and it puts up a captcha not just on initial contact, but it reappears again and again, seemingly almost at random. I give the site a 2/10 would not use if you need to actually protect your location.

I gave in, got one of those free VPN accounts from a provider I don’t use for anything else, fired up a virtual machine, and created a new identity from scratch. I was looking at a job and I found this under the message board option.

HackersList Bidding

HackersList Bidding

The links to the names are not URLs, but you can copy and paste that and see the profiles. Here’s kashiki, who is presumably one of the eight hopefuls for this job.

The links to the content are amenable to outside examination. I can map the hackers, their skills, and which jobs they are bidding on – this is the sort of metadata that leads to the narrowing of suspects, and then arrests shortly thereafter.

A bunch of the jobs posted are for acts which are blatantly criminal – mostly petty stuff: jilted boyfriend wants into ex-girlfriend’s Facebook, change my grades, or ‘password recovery’ gigs. Even so, HackersList is taking a cut and offering refunds for poor service. These people are apparently unaware of Title 18 § 1030 and Title 18 § 2

If you choose to proceed, there is a link, inexplicably named Hacker CP, which leads to the control panel. The acronym CP would be almost universally recognized as ‘child pornography’ by any actual hacker. That cultural misstep, coupled with the utter lack of sensitivity to what ought to not be visible, make this nice deal flowchart moot.

HackersList Control Panel

HackersList Control Panel

I review a lot of products and I very, very rarely write about something I didn’t like. Usually the most I will do is compare/contrast two or more competitors and suggest niches where each will fit. The only niche I see for @HackersList is as a broker for personal SEO/reputation management, and there are a number of jobs and purveyors of such services already present. The legitimate business will be overshadowed by the potential for civil or criminal troubles to simply take them out of the game on a moment’s notice.

Evaluating @Criticl_me

I am always checking new social networking sites and very few of them end up mentioned here, but after spending the last couple hours reading on criticl.me I created an account, nealr, and made my first post.

Attention Conservation: Follow No One

There is a post here using the name Attention Conservation: Follow No One, which is a week old and has presumably been read by everyone that plans to do so.

I see one person I know IRL and one immediate problem – the site counts a hit as a read, and my article will have 9,000 reads in fairly short order.

over9000

A Successful Fundraiser

Having run out of other options, I launched a fundraiser on December 20th in an effort to replace my elderly laptop. Things did not go quite as expected, but I believe I have solved my problem.

I received only $495 of the requested $1,698, but I received a massive non-monetary donation from someone I know in real life, who works in the IT field. I recently took delivery of several large boxes, and my setup now includes:

  • HP Z200 workstation /w 8 gig of ram
  • Two 24″ Samsung monitors in route, Z200 has two video cards
  • Dell Inspiron 1545 laptop /w 4 gig of ram
  • Cisco 1760 branch office routers (2)
  • Cisco 1232 Access Points (2)
  • Cisco Linksys E1200 consumer firewall

All is not perfect with this equipment. The laptop battery is toast ($25) and both machines have spinning disks rather than solid state, which is a requirement for decent performance. I see that BestBuy has 120 gig SSDs for just $59 and 240 gig are $89. Half of the $445 (after fees) will go to bringing these machines up to speed. I got a loaner monitor from my neighbor across the hall, so I’ve been able to get both machines checked out.

The remaining funds will be spent on an ergonomic office chair and a folding table, so I have room to use the dual monitor system and one of the laptops at the same time.

Having these machines opens up a lot of possibilities. I will always have at least one of them running, so I don’t have to worry about being cut off from my writing duties. The Z200 is big enough that I can run experiments with several virtual machines. The E1200 runs DD-WRT, so it directly supports OpenVPN.

The Cisco routers have quad port ethernet cards and they support 802.1Q VLAN trunking. The access points support 802.1Q trunking as well, making it possible to run up to four separate SSIDs on them. The routers have cryptographic images, which means they support PPTP (weak) and IPsec(complex) VPN protocols. This is more enterprise kit than home user stuff, but it lets me have fine grained control over what my internal devices do.

This effort has produced some very good results, so much so that I’m going to declare victory and close up the fund raiser. Thanks you, each and every one of you who contributed either money, or just kind, encouraging words.

Post Snowden, Post Surveillance

Less than a week has passed since the 31st Chaos Communication Congress but one thing is abundantly clear. Thanks to the Snowden leak, we now know precisely where the NSA’s dragnet is thinnest, and it will not survive the combined attention of the world’s crypto hackers.

There are a variety of tools that were mentioned as being resistant. As a rule these were open source, decentralized, and broadly adopted. Specific bright spots include the following:

Zero Customer Knowledge VPNs Subpoena resistant business practices
Dagstuhl Privacy Preserving Presence Protocol P Upgrade to OTR from original authors
Dark Internet Mail Environment Compartmentalized encrypted email replacement for PGP

I had been pouring oil on the troubled waters of Torgate, but it’s become obvious that Pando isn’t going to let it go. They have committed what are, in my eyes, some cardinal sins when facing a situation involving trolling. Yasha Levine expresses butthurt regarding ZOMG DEATH THREATS, and he’s pointing at Andrea Shepard as the source, a conclusion I find as questionable as his conspiratorial assessment of Tor’s funding sources. I have no doubt that such things are happening, but it’s a troll dogpile and it won’t get better until they stop providing such high quality entertainment. Pando likes the page hits, but I think this is similar to a marooned sailor drinking seawater. I will say no more about this unfortunate situation …

I was initially excited by the potential for Making Encrypted Mail Usable, but what I had sensed in my own adventures was summed up nicely in by @matthew_d_green What’s the matter with PGP? @SwiftOnSecurity has also weighed in on PGP with her usual pithy take. Presumably as DIME matures there will be a transition path.

Swift On PGP

Swift On PGP

What will happen in 2015?

All of the applications that currently support Off The Record will start supporting DP5.

Privacy mail providers like Unseen, Proton, and Tutanota are going to have to support DIME. The ones that don’t will become ghettos, with uptake in some specific pockets, but they will always been under threat of their users mass upgrading … by going elsewhere.

I was immediately taken with Zero Customer Knowledge VPNs as soon as I understood the implications. The first provider to adopt this model, Cryptostorm, has also produced Torstorm. It appears that they have accomplished at OSI layer 3 what Tor does at layer 7 – your traffic goes into an entry node, who knows what happens in the middle, and then it pops out somewhere else. Now they are integrating a gateway to the Tor onion universe, further protecting those who use the darknet.

2015 is already shaping up to be a bit like 2011, with all the protests happening across the globe. That nebulous governmental ‘they’ is trying to make the Sony hit into a cyberwar with North Korea, but in reality a disgruntled insider as the first cause is the only thing that makes sense.

The buzz in the crypto business, both communications and coins, is almost deafening. We’re going to have another late 1990s style boom from this, it’ll share some of the same sense of urgency that we had with the Y2K upgrades. This is a good time to be both technical and privacy inclined.

Situational Awareness While Using @torproject, Part 2

I did not expect a week to elapse between Situational Awareness While Using @torproject, Part1 and this post, but 2015 is shaping up to be as messy and noisy as 2011 was, so I’ve been indisposed.

You should have already installed VirtualBox, installed a Linux distro like Lubuntu, and/or rented a virtual private server at Virpus. If you’re having trouble with a Linux install of your own you can get Whonix, a dual VM solution meant for people who frequent dangerous neighborhoods. Let’s take a look at a running VM.

First, check out your network addresses with the ifconfig command. I removed the clutter from there, so they just show interface names, IP address, and MAC address. Take the first 24 bits of the 48 bit MAC address, 080027, stick it in a MAC address looking like Coffer, and you’ll find that this adapter was made by Cadmus Systems. Every virtual environment vendor has one or more of their own 24 bit OUIs – organizationally unique identifiers. This provides no identifying information to anyone trying to track you with it.

The IP addresses here are all from RFC 1918 address space, three large reserved blocks that were set aside for internal network use. Most people have 192.168.x.x in use in their personal networks, some systems have 10.x.x.x, and very rarely you will see 172.16.0.0 through 172.31.255.255 in use.

The other ones you might see are called APIPA or Link-local addresses, which some systems default to when they can’t find a DHCP server to assign them an IP address. Not depicted here is the loopback interface, which is always 127.0.0.1. This is a virtual interface that is always up, permitting local services to bind to the TCP or UDP ports they want even if the machine is unconnected.

ifconfig example

ifconfig example

So what is going on with that tun0 interface? This is a VPN connection, specifically Cryptofree from Cryptostorm. See the hardware address? You won’t find that in Coffer, because networks that only have two machines on them do not require MAC – the Media Acess Control layer, since there isn’t any confusion about who is using the media. Addressing like this is used on VPNs and if you’re old enough to have used an analog modem/phone line you would have seen something similar with PPP dialup.

What services are running on this machine? We can make educated guesses by examining the results of the netstat command. Here I used “netstat -4lan”, which means netstat for IPv4 addresses only, ports that are Listening, All ports, and N name resolution.

Netstat Output

Netstat Output

So what is going on here?

192.168.111.1:9100 0.0.0.0:* LISTEN Providing SOCKS5 service to internal network
0.0.0.0:22 0.0.0.0:* LISTEN Providing ssh access on ALL interfaces
127.0.0.1:9050 0.0.0.0:* LISTEN Providing SOCKS5 service locally
192.168.111.1:8123 0.0.0.0:* LISTEN Providing HTTP proxy to internal network

This is what a VPN/Tor gateway looks like. VPN interface found up and passing traffic, these ports open and providing services. Now let’s try to use it for something.

telnet route-views.oregon-ix.net

telnet route-views.oregon-ix.net

The Oregon Internet Exchange provides a route server named route-views.oregon-ix.net. Anyone can telnet to the machine, give it the username ‘rviews’ and then query the global BGP routing table. If that all sounds like a foreign language, don’t worry, all we are doing here is using telnet, which is a plain text protocol, and we’re talking to a machine that will let all of you log into it. What you see here is a TCP handshake at startup and a clean shutdown at the end. This level of coordination is why there are so many chapters about this virtual circuit protocol in the TCP/IP Illustrated, Volume 1 book, while UDP datagrams only merit a single chapter.

This is what happens when you use “torsocks telnet route-views.oregon-ix.net” rather than plain telnet.Everything gets wrapped up in crypto, an observer can’t even tell what the destination is, let alone the protocol being used.

torsocks telnet route-views.oregon-ix.net

torsocks telnet route-views.oregon-ix.net

I used tshark here rather than the venerable tcpdump which is used to do the ‘illustration’ in TCP/IP Illustrated, Volume 1. Wireshark is the parent package, tshark is a utility, but I mention this for two reasons. First, if you’re going to be reading a book that presume you’re using a command line tool, you can follow faithfully. The second reason is that if you’re going to be running servers from a distance it’s much easier to just see what’s happening from the machine’s perspective, rather than working deductively from afar, observing how graphical tools fail.

If you are going to master the art of moving packets around without spilling content and metadata all over, you’re going to go through a period where you see the whole world through the crystal ball of a protocol analyzer. Get tshark’s graphical parent, Wireshark, and start looking at everything you do. Familiarity breeds confidence in a way that book learning never can.

My First Amendment Victory Over BullyVille.com

I have just won a precedent setting 1st Amendment victory in Texas against the internet vigilante site BullyVille and the histrionic twerp who owns it, James McGibney. Here is a detailed writeup on the case: Lexis: Rauhauser v. McGibney 02-14-00215-CV

I am happy to answer any questions journalists may have – please send a connection request to the Neal Rauhauser LinkedIn account. Here is the press release from my lawyer, Jeff Dorrell of Hanszen Laporte.

Texas’ Second Court of Appeals handed a stunning victory to the appellants on December 11, 2014, unanimously reversing the 67th State District Court and dismissing defamation claims against Neal Rauhauser. Rauhauser was represented by Jeffrey L. Dorrell of the Houston law firm of Hanszen Laporte, LLP.

“This is another important victory for the right to criticize public figures on the Internet,” Dorrell said. Dorrell first became known as a protector of free speech rights when he won a case in the Texas Supreme Court in 2011 reversing the lower courts and affirming the First Amendment right of bloggers to criticize anonymously.

James McGibney sued Rauhauser and others for defamation because they criticized McGibney’s “vigilantism” in the operation of controversial websites known as “Bullyville” and “Cheaterville.” The “Bullyville” website is emblazoned with what appears to be the philosophy and business model of its owner: “Sometimes you have to be a bully to beat a bully.” Rauhauser and others sharply criticized what they characterized as the hypocrisy of McGibney’s tactics. McGibney reacted by suing Rauhauser.

“This was an outrageous example of lawsuit abuse,” said Dorrell. “McGibney filed multiple lawsuits simultaneously in federal and state courts in Texas and California against our client based on the same facts—lawsuits clearly intended to chill his right of free speech,” Dorrell added. Dorrell filed a motion to dismiss under a relatively new law called the Citizens Participation Act. The law requires a court dismissing a suit under the Act to award both attorney’s fees and sanctions—a civil penalty—to the successful party. The 67th District Court failed to act, but the court of appeals reversed and ordered the trial court to dismiss McGibney’s claims and award fees and sanctions to Rauhauser.

Rauhauser is seeking $250,000.00 in attorney’s fees and sanctions of $1,000,000.00. It is not known whether McGibney will challenge the ruling in the Texas Supreme Court. “If he does, we’re ready,” Dorrell said.