Where to Start > Ground Zero
When connecting to and accessing the Internet, your computer is the place where it all starts. That starting point is what we call Ground Zero and if it’s not secure, your computer is potentially wide open for the world to see. The strongest passwords, the best encryption, the most secure browsing and cloaking techniques are useless if you’re being watched by a screen logger or tracked by a keylogger. When you surf the Internet, typically you open a browser on your computer and go from website to website, read your email, chat with friends, etc., via an established Internet connection, as shown in the image below:
The Internet is bi-directional meaning you send and receive information. This means you can chat with someone, telephone a friend, send and receive email, post photos and videos on websites and read the news. Being bi-directional is fantastic when used correctly. It also makes it dangerous because it can make you vulnerable to outsiders you haven’t invited to your computer. And don’t take it personally. Unless you’re a movie star or on the FBI’s most wanted list, it’s a good bet that you’re not being singled out for an attack by a person or persons. Hackers have gone well beyond that by automating the attack process. Malicious “bots” are programmed to tirelessly look for ways to infiltrate your computer. Connecting to the Internet is like living in a high-crime neighborhood. If you don’t take security precautions, it’s just a question of time before you get mugged.
The section, How They Hack You, describes the ways undesirable people gain access to your computer. Once you’ve been hacked, your computer could be infected with software designed to wreck havoc on your system, steal your information or access systems on your computer without your consent. This type of vicious software either works with your knowledge or it remains concealed and works behind the scenes.
Malware, or malicious software, that does not conceal its presence consists of viruses, worms, adware, ransomware, etc. This is a general list and in no way exhaustive. New and varied ways to get into your system are being devised every day. The following are brief definitions from Wikipedia:
- Virus: self-replicating computer programs which install themselves without the user’s consent.
- Worm: is a program that actively transmits itself over a network to infect other computers.
- Adware: is any software package which automatically renders advertisements in order to generate revenue for its author.
- Ransomware: restricts access to the computer system that it infects, and demands that a ransom be paid to the creator of the malware in order for the restriction to be removed.
The most successful malware is that which stays undetected, quietly gathering your most sensitive data and sending it back to the hacker. Malware that stays concealed consists of trojan horses, spyware, rootkits, backdoors, keyloggers, screen readers, etc. The following are brief definitions from Wikipedia:
- Trojan horse: is any program that invites the user to run it, concealing harmful or malicious code.
- Spyware: is software that aids in gathering information about a person or organization without their knowledge and that may send such information to another entity without the consumer’s consent, or that asserts control over a computer without the consumer’s knowledge.
- Rootkit: is a stealthy type of software, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.
- Backdoors: are methods of bypassing normal authentication procedures securing illegal remote access to a computer. Once a system has been compromised, one or more backdoors may be installed in order to allow easier access in the future. Backdoors may also be installed prior to malicious software, to allow attackers entry.
- Keyloggers: record (or log) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.
- Screen Loggers: take periodic screen capture images of sensitive information shown on the computer monitor.
Is Your System Infected? Checking and Disinfecting Your System
It’s been said that the only safe computer is the one that’s turned off, locked in a safe and buried six feet under. Nowadays, even that’s questionable. If you connect to and use the Internet and do not use an anti-virus program, you are almost certainly infected with some sort of malware. And even if you do use a reputable anti-virus program and keep the software and the virus definitions (i.e. signatures to identify viruses) updated regularly, if you’re not careful about which websites you visit, what content you download and what you click on in your email, you could be unwittingly allowing malware to infiltrate your system.
Since there are different types of malware, you must use different types of anti-malware to scan your system for infection. If you’re obviously infected with malware like adware, there are anti-malware products available for free or to purchase, specifically targeting adware. Different products targeting specific malware types are usually used one at a time so they do not interfere with each other or detect each as possible threats. Also, sometimes running an anti-malware program is more effective when the computer is booted in safe mode, since safe mode has limited functionality thus limiting the actions of the malware and making it easier to detect and remove. Once you’ve eliminated the obvious-type malware, like adware, you know your system is clean because no more adware appears.
Covert malware does not want to be detected and does an excellent job in hiding itself. Rootkits for example, are very difficult to find even with the best anti-malware software and running in safe mode, because it’s activated before your system has completed booting up. Covert malware, since it likes to hide itself, won’t necessarily be listed in your system processes. If your computer is exhibiting strange activity like high CPU use even when you have no applications or known background utilities running, it may very well be uninvited software running on your computer, completing tasks like installing backdoors and logging your keystrokes and sending the information back to the malware originator. Many rootkits also spread themselves throughout a home or work network and attempt to infect every computer connected to the network.
Eliminating covert malware like a rootkit, assuming you know it’s even there, is very difficult. Unfortunately, our experience has taught us that the only way to get rid of any covert malware and know that it’s gone, is to isolate your entire network and reformat the hard drive of every single computer connected to that network.
Like any sort of infectious disease, prevention is easier than eradication of the infection. There are many ways to keep Ground Zero secure, assuming that you’re starting with a clean system.
- Never install software from an untrusted source and, going further, never install software if it’s not open-source. Open-source software has hundreds of eyes reviewing it. Since proprietary software is not open to public review, it may contain malware. Unfortunately, previously trusted proprietary software companies like Microsoft have been shown to be in cahoots with the government in installing backdoors and sharing user information.
- Use a checksum to make sure the file to be downloaded and installed is correct and safe to use. At most Linux download sites, you will see a cryptographic hash code such as MD5 Sums or PGP signatures. These are unique values calculated when a product is placed on a server for download. If a product is hacked and malware installed in the download, when you “recalculate” the value, the MD5 sum will be different and you’ll know the download was altered.
- On Windows systems, install an anti-malware program and make sure it and the virus definitions are regularly updated. Not necessary on Linux-based systems since nothing can execute without your express permission by entering your password.
- Keep your system up to date by regularly installing updates.
- Regularly back up your data. Software programs can be re-installed but if you lose your precious data, it may not be as easy to recover.
- Protect your computer from access. Be sure your operating system was installed on an encrypted partition with a strong password. When you log off, the entire encrypted partition should be dismounted, protecting your data from disk and hacking tools. Even when you have an encrypted partition, always log off when you’re not at your computer. Remember that if you do not log off, anyone who can access your computer will have full access to your information.
- Work from a portable computer or portable drive/flash drive and take these drives with you when you leave the area, even temporarily. When not in use, store the drives in a separate, secure location.
- Use a Linux Operating System. Linux, unlike Windows, was designed as a multi-user system so security measures like strict file permissions and not giving the user administrative privileges by default, were built in right from the get-go. It is a fact that the majority of the world’s desktops use the Microsoft Windows Operating System. It’s no surprise that it’s the number one target of hackers and computer malware. It’s also a fact that Microsoft has cooperated with government agencies, like the NSA, in placing backdoors in the Operating System that can be used to monitor and track your every action. While this may be difficult to believe, are you willing to bet your security and privacy in hoping “it ain’t so”?
- Dual Boot. If you must use a Windows Operating System, one solution is to dual-boot into Windows or Linux. Then, use the Windows system for all of your critical Windows-based applications and Kubuntu for all of your Internet-based activities like web surfing, downloading files, reading email, etc. Keep the Windows system’s Internet activity strictly for system updates and (trusted) application software updates.
- Use a Virtual Machine. Operating systems isolated in virtual machines are excellent ways to protect yourself. If you suspect that a VM is infected with a rootkit, and it has been isolated from the network, you simply delete it and re-import it. All of your installed, configured software is intact in the re-imported VM.
- For encryption: TrueCrypt. Used for encryption beyond the top secret level. One of the great features of TrueCrypt is an undetectable “false bottom” where a TrueCrypt device can support two separate passwords, one of them granting access to the front part of the device. In this way, if “bad guys” force you to reveal a password, you give them access to that one. The false bottom hides a second partition that is undetectable and no one can prove it exists. There, you store your most sensitive information. TrueCrypt calls this plausible deniability.
- For an Operating System: Kubuntu. It is part of the Ubuntu Debian Linux family. It supports an encrypted partition where the OS itself is installed, and where your data can be stored. It looks and acts a lot like Windows 7 so it will be familiar to most users. It comes with a large selection of professional applications pre-installed, and no, this isn’t a demo that expires, you have a license to them forever, and it’s free.
- Virtual Machine: VirtualBox. Virtual Machines are a software implementation of a computing environment in which an operating system (OS) can be installed and run. Virtual machines provide numerous security features and other advantages over the installation of OS‘s and software directly on a physical computer. A virtual machine’s isolation ensures that applications, including rootkits, worms or viruses that run within a VM cannot interfere with the host OS or other VMs. The reverse is also true, if a hacker gains access to a VM, the access is restricted solely to that VM. As a VM can be easily moved, copied, and reassigned between host servers, a hacked or infected VM is simply deleted and a fresh, uninfected copy is re-imported.
Ground Zero is your first line of defense. To summarize your defenses:
- Work from an encrypted, portable drive you can take with you.
- Work from an AES 256 military-grade encrypted partition, so if they get access to the drive, they can’t get in.
- Work in a virtual machine that leaves no evidence that it was ever there on the host system.
- Use an operating system like Linux that has its heritage in multi-user programming where security is built-in, not added-on.
- You are the most important asset you have in protecting yourself from hackers (governments included). Like a chain’s weakest link, if you are not constantly vigilant about implementing your security precautions, that’s where the chain will break thereby allowing hackers to find their way into your system.
Update: Deep Cover
With the exception of purchasing a separate, new computer that you use only when in deep cover mode, by far the safest, but not the most convenient way to implement the strongest protection at Ground Zero, is to use a Linux bootable USB drive to execute the remote session from. This eliminates all but BIOS level software contamination from running in the newly booted, open source, Linux OS.
Warning: Be careful to inspect the device for hardware tracking and bugging devices, and be sure that the device’s microphone and camera are shut off.
This USB (flash drive) should be solely used for your deep cover communications AND NEVER should you access the same websites from your daily systems and the secure system, nor even access the same websites (unless really popular ones like Yahoo [even then, wait an hour or two]) . The USB is not magic, it must use all of the precautions described herein, as does the user need to religiously use the precautions contained in this guide. You will have to reboot the computer from the USB in order to use the security systems contained on the USB. Be sure to keep your USB in a safe location, best under lock and key at a location known only to you.
Additional precautions: When creating the bootable USB, first encrypt it with TrueCrypt (we recommend tipple encryption and a hidden volume where the OS will be installed) and then install Linux using full OS and user area encryption. This will cause you to enter a password before you reboot to decrypt the USB, then a password to decrypt the OS before the reboot starts, then your user name and password to login to the machine. Once in, you will use your VPN’s and Tor as normal. This may sound like overkill, but if you lose the drive, or someone takes it, it will all be worth it. In reality, the whole process takes only takes a couple of minutes. You have to decide if it’s worth it.
Another Option: You may also add virtual hardened machines to your bootable USB. Once you have booted, you will have to start the server and login, then the work station. The reason for the two virtual machines, is to give you the maximum protection possible from leaking or having hackers and their programs send information back to someone that you don’t want to have that information.