mir
Hello guys,
As many of you have heard, there were many arrests lately for bloggers in arab region.
We are trying to help by either contributing articles, tips or by some other advanced way
I am helping by doing some research on how to make an untracable ssh connection - we are thinking an ssh tunnel/proxy
I would appreciate any advice, tutorial, links you can share or if anyone is up for a meeting to discuss/share experience
cheers
BashLogic
there is no such thing as untraceable
there is only hindering limitations on what interupts a trace
BashLogic
sometimes what i do is, i setup reverse tunnels thru multiple hops, that way, each ssh source/destination pair terminates on one and they can not trace as to where it goes from there on unless ssh logging is set to a higher value where it logs the high ports. and for that analysis to work, you still need to trace all ip connections to follow the bread crumbs. 90% of hosts are not configured to such an extent, so having two ssh sessions interconnected via reverse tunneling provides a basic level of anonymity, but not completely!! definitely not at all! for that you got to use multiple tunnels and other methods.. all in all, with good forensics experience, things can be traced..
eurybaric
could you post some links for the arrests? i got this
http://news.bbc.co.uk/2/hi/middle_east/6164798.stm ... Is any of it related to lebanon?
This is a very important issue here IMO. Even if there wasn't any arrests already made in lebanon, i think we should be well prepared for any potential situation. Thanks for opening the subject.
anyway. there is this:
http://www.torproject.org/. I can't know how secure and untraceable it is (though i'd think it's pretty fine), for I don't have much experience in the field, but i can tell you that i was able to bypass proxies with it (that is, use torrents and messaging where it was blocked).
If you're interested, I can post a tutorial on how to set it up for the web.
xterm
You do know that those that were arrested weren't traced right? They just used their real names everywhere.
Oh, and they have bad lawyers.
eurybaric
@BashLogic correct me if im wrong, but i think a connection could be practically untraceable if let's say it is bounced around and a certain hop is found in a country which does not provide information for the country which is trying to trace. the trace ends there then. right?
mir
xterm: not everyone using a blog/social media in politics and getting arrested sar an activist immediaatly and deserves protecting - ano cursing, saying illegal stuff and putting ur name on it - u can't whine afterward (not talking about the latest particular case only )
Bash : thanks for your input - i still haven't got to the point of setting up 2 interconnected sessions yet :P
eurybaric : are you in leb ? would you be interested in meeting up to discuss and work on this together ?
Padre
TOR :D
still ... there are nifty ways to track tor users.
a practically untraceable connection for the common users can be built. just how far are u willing to go ? :P
Joe
mir, could you give us examples of the arrests and tell us if they happened in Lebanon? And plus I agree with xterm saying that the "cyber" police won't spend energy tracing bloggers. If anyone wants to say something "sensitive", just don't write your name on it. Oh and use TOR, it should be enough.
rolf
You can't really have an untraceable connection. A connection has 2 IPs, and will be logged at the ISPs and may be logged on any router on the way. Normally IPs are registered, so from IP you can have the ISP, and then the ISP can look at it's logs to find the real name address, etc of whoever was using that IP.
But since it's for blogging, you can use a proxy server. All you need is a server (VPS or whatever) with a trusted company in a safe country (USA, Germany...). And then you can have a secure SSH with that server, and that server will then connect to whatever blog you want to update. The local ISP will have the IPs of you and that server, but that's all they will have, since SSH is encrypted, they cant see the contents, and since they don't have jurisdiction on the outside server - and normally the server provider should refuse requests for information unless they have a police mandate - which they can't normally get, they normally cant get any information about what happened there.
That's all theory, so I'd appreciate feedback. Personally I think this is an acceptable solution.
BashLogic
here is a scenario on how to hop thru over different protocols making tracing forensics a nightmare unless they know what they are looking for (warning, this will have a latency toll)
- establish three ssh bridging reverse tunnels: a->b (normal) b->c(tor enabled) c ->d (normal)
- all hosts a,b,c,d need to be publicly crowded hosts and some banana countries
- on host e run a perl script that interacts with ssh connecting to d, the perl script input/output would be directed to http
- on f run an app that interacts with the perl script, so by now, your connection
a->b (normal) b->c(tor enabled) c ->d (normal) d->e (perl connection) e->f (https connection, tor and proxy enabled)
so now, between a and f, you have different protocols, different connectivity and traversing thru so many points, that the forensics guys will be searching for a needle in the haystack. if you want to be really silly, then you would continue to use other protocols and ip package mangling in between. all this is at paranoid level but as I said, it does not require a lot to implement and that would put the forensics experience to the testing.
BashLogic
eurybaric wrote@BashLogic correct me if im wrong, but i think a connection could be practically untraceable if let's say it is bounced around and a certain hop is found in a country which does not provide information for the country which is trying to trace. the trace ends there then. right?
bouncing is a generic term, you can bounce thru 10 points and yet tunnel from a to z, hence revealing your source and destination. when bridging, you would be hoping where each two points would become an independent connection. the retrieving of of logs or monitoring is hindered by local administration and regulations.
there once was an article where an NSA expert claimed that he can brake into any system in less than 30min.
he did not reveal his means, but this i know, it takes only 1 open port to bore yourself thru.
in such cases, you need to be carefull with ip flagings not to leave traces.
mir
really thanks for all the feedback :)
akid, for sure, there is always the risk of not 100% security - the aim is to make the job of someone tracing you super hard , that is all
So far for me from this convo :
Step 1 would be to learn/use/ do the setup by using TOR
Step 2 : do the setup suggested by BashLogic (damn man, this is evil )
Step 3 : produce the documentation (docs/videos) and share them
As for the general topic of bloggers / censorship/ politics / arrests and such - i think we should have a total different post for this topic where we can discuss a preventive plan for censorship in lebanon and see how we can help protect bloggers (many ppl in arab countries are arrested very often, here we have less security relatively and hope we can be the hub for arab activists in some way )
But this is a talk for later on that we can probably discuss in a live meeting
again, thanks guys for the feedback and help
edit: it turned out i know someone who knows the guy who wrote TOR - so maybe the advanced users can set up some online meeting with him or if they have questions, they can be personally forward or well - it doesn't hurt to just get connected :)
Padre
Step 2 : do the setup suggested by BashLogic (damn man, this is evil )
Step 3 : produce the documentation (docs/videos) and share them
haha, well you have to make sure it's doable by non-tech savvy ppl ... and good luck.
What we used to do before, is random scan the net for vulnerable servers and install our own kits in there.
Then whenever i want to connect to destination A, i would select in between the list (usually quite big) and automatically randomize in between ports and protocols. We are still alive today, so i think it was a pretty good move :P
BashLogic
Padre wroteStep 2 : do the setup suggested by BashLogic (damn man, this is evil )
Step 3 : produce the documentation (docs/videos) and share them
haha, well you have to make sure it's doable by non-tech savvy ppl ... and good luck.
What we used to do before, is random scan the net for vulnerable servers and install our own kits in there.
Then whenever i want to connect to destination A, i would select in between the list (usually quite big) and automatically randomize in between ports and protocols. We are still alive today, so i think it was a pretty good move :P
that is what is commonly done,
some real old hackers, should go back to the origins, phrackers, what they do is instead of just relying on the internet, they would hack old PBX in banana countries and use free dialup services arround the world.
that is one way of traversing thru different mediums and protocols, making the back tracing a living hell.
ten years ago or so, there was legal a limit to which forensics could investigate. it was max 3 hops from which they could demand logs etc. should it have gone beyond that, they 95% of the time had to give up.. dunno what it is like today..