Deniability - When your harddrives must look innocent and you can only use VPNs #146

New Issue

nihilist · 2024-10-11T16:56:09+02:00

nihilist commented

2024-10-11 16:56:09 +02:00

When you can't try to hide anything on your harddrives

Context to be explained:

the main threat is when the adversary busts down the door, and if he finds out you are using veracrypt, tor or VPNs, you're toasted.
WARNING: in this context the adversary is not prosecuting you for using tor or VPNs, only for what he finds on your harddrives.

Preparation:

get yourself a mullvadVPN account
purchase a VPS using a vps provider that accepts monero (check providers on https://kycnot.me/?t=service&q=vps )
locally create a veracrypt volume containing : https://keepassxc.org/download/#linux the appimage of keepassxc, then create your keepass file with sensitive accesses in it, and also include the tor browser: https://www.torproject.org/download/
Close the veracrypt volume containing your important tools, and rsync it to the VPS.
save your mullvad account ID, and your VPS credentials (IP, user, pass) into a text file.
use steganography put that textfile into a picture you just took. DELETE THE ORIGINAL FILE AFTERWARD. there must be no proof that the picture has been tampered with to contain sensitive information
that innocent looking picture (with a password that you need to remember) is now your only way of accessing 1) your mullvad accout, and 2) your encrypted volume on your VPS. so don't loose it

Decoy PC preparation:

install debian on your PC as a decoy in case if you need to hand over the PC to an adversary.
install mullvadVPN on it and use a second account (otherwise they will ask where is the second device you use to connect to that mullvad account)

Boot up procedure to be showcased:

boot into live OS from a debian USB
upon each boot: download openvpn (or mullvad),
take your innocent looking picture, and use steghide to get the sensitive .txt file hidden in it
with the sensitive txt file, connect to mullvadVPN with your ID
download veracrypt into the live USB environment
once connected to the VPN, use the sensitive txt file to know how to access your VPS to download your (small) encrypted volume from the VPS containing your tools
from there you can access all your critical accesses from the keepass file in the encrypted volume, and with the portable tor browser you can access the web anonymously with tor. (you -> vpn -> tor -> destination setup)
-if the adversary busts down the door: unplug the computer power, and the usb key, and you're good. as the adversary's can only find that you have a live debian USB key (that can be used to just install an innocent debian computer)

->Warning: if the adversary uses your ISP to snitch on what you are doing, then the ISP can only see that you used a VPN to connect to mullvad. so you need to showcase on your

When you can't try to hide anything on your harddrives Context to be explained: - the main threat is when the adversary busts down the door, and if he finds out you are using veracrypt, tor or VPNs, you're toasted. - WARNING: in this context the adversary is not prosecuting you for using tor or VPNs, only for what he finds on your harddrives. Preparation: - get yourself a mullvadVPN account - purchase a VPS using a vps provider that accepts monero (check providers on https://kycnot.me/?t=service&q=vps ) - locally create a veracrypt volume containing : https://keepassxc.org/download/#linux the appimage of keepassxc, then create your keepass file with sensitive accesses in it, and also include the tor browser: https://www.torproject.org/download/ - Close the veracrypt volume containing your important tools, and rsync it to the VPS. - save your mullvad account ID, and your VPS credentials (IP, user, pass) into a text file. - use steganography put that textfile into a picture you just took. DELETE THE ORIGINAL FILE AFTERWARD. there must be no proof that the picture has been tampered with to contain sensitive information - that innocent looking picture (with a password that you need to remember) is now your only way of accessing 1) your mullvad accout, and 2) your encrypted volume on your VPS. so don't loose it Decoy PC preparation: - install debian on your PC as a decoy in case if you need to hand over the PC to an adversary. - install mullvadVPN on it and use a second account (otherwise they will ask where is the second device you use to connect to that mullvad account) Boot up procedure to be showcased: - boot into live OS from a debian USB - upon each boot: download openvpn (or mullvad), - take your innocent looking picture, and use steghide to get the sensitive .txt file hidden in it - with the sensitive txt file, connect to mullvadVPN with your ID - download veracrypt into the live USB environment - once connected to the VPN, use the sensitive txt file to know how to access your VPS to download your (small) encrypted volume from the VPS containing your tools - from there you can access all your critical accesses from the keepass file in the encrypted volume, and with the portable tor browser you can access the web anonymously with tor. (you -> vpn -> tor -> destination setup) -if the adversary busts down the door: unplug the computer power, and the usb key, and you're good. as the adversary's can only find that you have a live debian USB key (that can be used to just install an innocent debian computer) ->Warning: if the adversary uses your ISP to snitch on what you are doing, then the ISP can only see that you used a VPN to connect to mullvad. so you need to showcase on your

nihilist added this to the OPSEC Tutorials (paid contributions) project 2024-10-11 16:56:09 +02:00

nihilist added the

Complex

label 2024-10-11 16:56:18 +02:00

nihilist referenced this issue

2024-10-11 16:58:47 +02:00

Deniability - When your harddrives must look innocent and you can use Tails #147

nihilist referenced this issue

2024-10-11 17:02:46 +02:00

Deniability - When your harddrives must look innocent and you can't use Tails nor VPNs #148

Sign in to join this conversation.