 Show Posts
|
|
Pages: [1] 2 3 »
|
Is your IP at all 24.143.xx.xx or 217.114.xx.xx (xx'd for privacy), or are you Smoothie, or someguy123. (Took a few stabs there).
I'm in the process of doing an explanation for my results.
My original intention was to try and use Flash to log your true IP:
Plugins such as Adobe Flash don't normally respect your browsers proxy settings (this must have changed recently, or I went about it the wrong way because it didn't work).
My post above contained a tracking beacon which was logging IPs & useragents; the link in
This could well have worked, I didn't protect against that. I'm not sure how you embedded flash, can you explain? just <img>blah.swf</img> or what? Do you see 85.17x.xxx.xxx in your logs? |
|
|
|
So if you ask him and he's ok with it, I will give him my consent to publish anything he has on me in this thread.
joe23@tormail.org188.165.73.235 Ignores BitcoinINV thanks, theymos. |
|
|
|
ok guys and girls, where to go from here? It seems to me I'm pretty safe for now, right? Many possible flaws and improvements have been pointed out but none of them lead to you guys getting close to me. That bitcointalk-posting-time-attack seems hard to pull off and will likely take weeks to deliver meaningful data. I pretty much decided to "have the VPS compromised" at some point, but I think I should wait with that since it could be over pretty quickly after that and I must say I'm quite enjoying this and learning a lot. So maybe I should try to do some more stuff that might endanger my anonymity to make it more interesting? Like pop up on irc and chat with you guys or something. Open for any suggestions that don't involve me actually doing anything illegal. Heres your chance to set up some trap  |
|
|
|
As this thread is highly informative and entertaining I'd like to add 1 BTC to the bounty.
Joe23 please provide me with an address or an escrow where I can send it.
Awesome! I could give you an address from joes wallet, but would prefer someone to do escrow for us. |
|
|
|
Curious if Theymos has a sign up IP which is different than the current IP used...
Maybe he's open to helping you guys by releasing any info he has on joe23 (with my consent)? So if you ask him and he's ok with it, I will give him my consent to publish anything he has on me in this thread. |
|
|
|
Problem is I need a non-tor exit point somewhere for bitcointalk.org. Any other ideas on how to post to bitcointalk?
If I remember correctly, only signing up using TOR is banned, you can actually login and post using TOR no problem. Ah, good to know. I think you also deserve some payment for your effort if you share an address. I hope I didn't miss anyone else? afaik I so far gave some monetary incentives to: - MysteryMiner
- Jasinlee
- Openyoureyes
|
|
|
|
You seem to have most things covered; but, the more complex you make the chain, the easier it is to slip up and forget/misconfigure something.
Everything were talking about here is what I'm specialising in at University at the moment: digital & anti forensics/security.
cool. sent a little bit to you address as can be seen in this updated screenshot of joes wallet: (I had to use the VPS proxy to upload it, imgur disallows tor)  OOOPS! I accidentally had electrums connection setup dialog open when I took the screenshot. |
|
|
|
These posting times could lead to something. He cannot post two posts at the same time (well,could, but most likely not). But Joe and the actual person are, for example, awake at the same time. Would need some statistics.
I think this could be a viable attack. It would involve some serious page-scraping of bitcointalk. Assuming you guys do that and then have the posting times of all bitcointalk users you could compute a likelyhood of each user being "real me" using various heuristics. Especially over a long period of time, combined with my roughly known timezone info and maybe some manual language analysis in the end, this could potentially boil it down to maybe a handful of users that would then be suspects. I would consider that to be a pretty dangerous development for my anonymity. |
|
|
|
thanks, OpenYourEyes for chipping in. That's some valuable info. Let me answer some of your questions: Long and scattered post but here's my 2c.
How are you connecting to the server to administrate it? Do you use SSH over TOR? ||Home (TOR)|| > ||Server (SSH)||
Are you using Firefox to tunnel your internet activity?
I use
#> ssh -D 0.0.0.0:55555 joe23@188.165.73.235 -o ProxyCommand="~/bin/connect -4 -S localhost:9050 %h %p"
to ssh to the VPS and at the same time setup the proxy, which I connect to using
#> chromium-browser --proxy-server="socks5://localhost:55555"
I only use chrome through that VPS proxy for bitcointalk. All other browsing activity I do with firefox through tor (use localhost:9050 as proxy). Very good point about the DNS leaks! Officials could probably evesdrop on the dns server and identify my IP through timing, right? Would my idea of ensuring at my home router that the box can only go out through tor (drop all other pakets, is that even possible?) help against such "accidental" leaking? Any ideas on how to protect against such accidents in a fool-proof way? In either case, you need to watch out for DNS leaks. By default, SSH & Firefox (and most applications) will not do DNS lookups through a proxy. So, if you browse to google.com, your web traffic will be encrypted and tunnelled as you expect, but the DNS request (i.e what is the IP of google) will come from your home internet connection. In firefox (don't know if it affects other browsers), this 'bug' is easily rectified. Go to about:config and set remote.dns to true. If your connect to your server by running SSH over TOR then never specify the hostname (i.e. ssh findmeifyoucan.eu, or any other domain), as this, again, will force an non-tunnelled DNS lookup. Always use the IP. A few other things: - Watch out for any information you leave on the server through log files, etc. (Does a: grep xx.xx.xx.xx /var/log/* -R where xx is your real IP, come up with anything.)
I sure as hell wont enter my real IP in the VPS shell at any time. You sneaky guys might have compromised the machine already and are likely keylogging . I might look through the logs manually, though. - Install some sort of IDS on your server to monitor for new installtions/modifications. If this get compromised then so are you (regardless of if you connecting over TOR). What's to stop the hacker from spoofing the DNS record for tormail, SR, etc and sending your to another server.
I use onion url http://jhiwjjlqpyawmpjx.onion to access tormail using firefox. As said before, I only use the VPS as proxy for bitcointalk.org because they disallow tor. - Take a look through your .bash_history, it will show all the commands you've executed: things you've done, files you've modified, etc. which could aid an attacker if they gain access. Disable it in your .bash_rc or just ln -s ~/.bash_history /dev/null
- Why are you tunnelling all your traffic from your server? As you said yourself, all your traffic originates from one IP address.
I might've said that wrong before. I don't tunnel all traffic through the VPS, just when I need to access sites that don't allow tor connections. Sorry about that misinformation, it was not intentional. I will not try to mislead you guys, at least not at this point, only when you're getting close - Even if no body knows the true identity of the person behind this IP, your a leaving an easy trail for people to follow. One lapse in your security, which reveals who own this IP, and everything then can be linked back to you.
Why not run TOR on your home machine, tunnel your traffic over SSH to the server, and then run TOR on the server aswell? Everything going in and out of the server is going through TOR, then if there is a break in the chain, you'll be protected by your servers IP.
Problem is I need a non-tor exit point somewhere for bitcointalk.org. Any other ideas on how to post to bitcointalk? OpenYourEyes, I'd like to reward your effort if you give me an address, I will. |
|
|
|
Hey guys, just got up (hint, hint). yawn. You seem to have found some info on the VPS even I didn't know (couldn't care less where its located). I think the basic concept is pretty sound: I'm using that VPS for everything: to host the page and as a proxy. I olny ever connected to it via tor (hopefully). So when the VPS is compromised, I should still be secure. Things I've learned from you guys (and own thoughts) so far: - reevaluate use of lastpass, it's a risk, lastpass inc. could be subpoenad or whatever into slipping me custom code or there already is a backdoor of sorts that could leak info, who knows
- isolate joe on the client system better (currently all I do is use a seperate user) and make sure the client can only connect through tor, maybe at the router or something. There's currently the chance that I might accidentally connect through the parent network and reveal my IP to the VPS. Maybe use a virtual machine. Protect it (or /home/joe at least) locally so your visitors or the people you live with don't accidentally find joe. Always unmount /home/joe, shutdown the Virtual Machine when leaving machine physically. Maybe put /home/joe or even a whole system on a usb stick or use an old laptop for joe so he's portable (some secure distro, suggestions?)
- Watch your language, always be very conscious who you are, don't post drunk, avoid using phrases/language the real me notoriously uses,...
- What MysteryMiner said: "The problem of staying hidden is not in the short term. In long run you get comfortable, relax on security, reuse the same address or e-mail or whatever [...]"
I'm upping the bounty to BTC 14 for now. I might lower it again at some point when I intentionally leak more info that'd make it easier. |
|
|
|
1B15JZGtHg4BvbzGdPGKZi7aunR4cpN5jE
Is mine, I checked through everything, the site has 2 open ports but it looks they are both on a host who takes btc so pretty fully anon there. Traces to it bring up ireland which means nothing really. You do however use "joe" which is a commonly used shortened name used in the USA so I would be inclined to think you are here. There is a way I think to find you through the block chain (but would be a huge pain in the ass) I started to do it but then I saw you mixed it more than once and said screw it not worth it. But I could total up the transactions received on the mix, add the % for the mix to that then look for the originator of that balance. (I think thats how the DEA is following people on SR)
sent some bitcents for your great effort so far. Now for finding me through the blockchain: I cleaned the coins using SR. That means all inputs of transactions contributing positively to my balance are owned by SR. I deposited a higher balance to SR from my private wallet than I withdrew to joes wallet to make same-amount-attacks a lot harder if not impossible. I waited between deposit and withdraw, making timing attacks harder, if not impossible. Safe? |
|
|
|
Yes it have autofiller and such features. Take a look for KeePassX that is a Linux version. The plaintext file with passwords is usable but if someone gains access to computer it can steal all passwords.
Anyway this is not a scope of this thread. The thing we need to know is that Joe uses Lastpass to manage the logins for the VPS.
My address is 1Aiq9FYv12GQjM9LeBHoNq9c3FfFaA4GTA
Thank You!
sent you some. lastpass of course I use not only for VPS, but also domain name service and tormail. |
|
|
|
My first day of heavy bitcoin buying, and the price was down around $10. My dive into the future of global finance has flown off to a magnificent start. I ended up spending 15% more than I had budgeted. When I saw that the price had dropped, I couldn't resist
congratulations are in order. Welcome to our little club . It sounds like you're a bit like me when it comes to trading: too emotional. So be careful, don't loose your coins! Just being long and staying long is a good option imo, and very easy to manage, too |
|
|
|
|
MysteryMiner, I would like to give you a little token of appreciation for your great input. So if you want that, give me an address.
|
|
|
|
keepass seems to be windows-only The classic 1.x version was tested on Wine and it worked. According the 2.x version works under Mono but I have not tested that. So it is not exclusive to Windows. What are the specific problems with using lastpass? Closed-source. You don't know if it works correctly or have no backdoors. It is suboptimal design for password storage. The synchronization is convenient but it is a tradeoff of security. fuck wine . Does keepass help with filling login forms in the browser? If not, a text file is just as good, right? Are there better alternatives to lastpass? |
|
|
|
I would not use Lastpass. I manage my passwords locally using KeePass software.
keepass seems to be windows-only  . I'm not currently doing this, but "for real", I would probably use an encrypted /home/joe folder anyway, so I could just put a text-file with the login pws there. However: lastpass (or any other password store that has a browser addon) is very convenient. What are the specific problems with using lastpass? |
|
|
|
Do you mine deepbit? So I can use that as a point of reference? Or can we ask questions?
yes, you can ask questions. This is to simulate the case where I run some anonymous service but I still want to interface with people on bitcointalk, so I engage in discussion and will reveal bits of info. To answer your question: no, I don't mine at all. |
|
|
|
Seems like all the fun is in the non newbie section (gosh, BCT.org rules are ridiculous).
My last hunch for tonight: a few bits of information I've pulled up lead to you being dank?
"you must provide a credible story of how you obtained the info" Nah, I got nothing to lose. If I'm right, and the information is that valuable to you, then I'll take an up front payment. you're wrong. please understand that I have to discourage people from guessing. |
|
|
|
The metadata would not helped much because the pic is made from screenshot not digital camera.
well, who knows what screenshot tool puts in there? unix user info? could contain email-address, hostname, whatever. "registration info" like MS Word does. But as long as the information is kept "generic" this will not help much. Some pedos were busted because they left metadata with GPS coordinates on homemade preteen pussy pictures and back in 90-ties some madman was caught because he sent floppy to police with word document that was registered to some church. The metadata in electrum screenshot was a minor overlook but most likely it would not let us reveal who you are even if there was metadata. well, I'm not using a separate client machine for this. Merely a separate user on my day-to-day system. To be safer, it'd probably make sense to use a seperate machine and also block all non-tor traffic from that machine to make sure I don't accidentally go through public net. One thing for example might be a problem: I use lastpass to manage joe23s identities and passwords for the services. I'm not entirely sure the lastpass addon follow my browsers proxy settings. Anyone know? |
|
|
|
Seems like all the fun is in the non newbie section (gosh, BCT.org rules are ridiculous).
My last hunch for tonight: a few bits of information I've pulled up lead to you being dank?
"you must provide a credible story of how you obtained the info" |
|
|
|
|
