General security

Hide your Online Identity with Whonix

Aparajit i
January 14, 2013 by
Aparajit i

The primary reason for writing this is to educate journalists and investigators who want to fight crime anonymously. However, the contents of this article can be misused. Since no one is perfect, they are bound to make some mistakes; very rarely one can find a person who has control over his ego and his need to become famous. Only those who have this trait can survive.

For some, there comes a time in our life when we feel the need and necessity to hide our real identity. With social networking sites, our friends and family make this task a lot more difficult. Separating our hidden life with our real life is the most difficult task, as we have to be mentally and technologically alert 24/7.

Take the case of former Lulzsec member Sabu as an example. His one mistake was not hiding the IP address of his internet connection, and it gave investigating agencies the much need luck to arrest the members of one of the most prolific hacker groups of all time.

The contents of this article are to make you, the reader, aware of the fact that it is possible to remain anonymous on internet and like every other technology which is available freely across the internet; this information can be used for multiple purposes. However, the one thing that needs to be understood is that not every person who tries to hide their identity is a bad guy. Hence, this article is for educational purposes only and you are responsible for your own actions.

Hardware and OS:

Before going ahead we need to ensure that our environment to launch the hidden identity is up and running for this we require
  1. Hardware – any hardware which allows for faster computing can be considered, with more stress on RAM and storage. 8 GB ram would be more than sufficient to run a fully loaded virtual machine.
  2. OS – This is the base operating system, upon which you will be deploying your virtual machine. Again, there are not many hassles or inputs for the choice. The only additional software which you will be requiring for this Operating system would be VPN Client and Virtual Machine software.
  3. VPN Client – As explained in the earlier article by Jeremy Martin, choose your VPN Client for the Host System wisely. Ensure that you are connected via VPN even before you attempt to install virtualbox.
  4. Virtual Machine – Virtual Box has always been my personal favorite and you can download it from here.
  5. Operating System for Virtual Machine – This is the environment which you should carefully choose, as you will be using this for all your online activity. The choice of OS is based on your comfort level. The choice, once again, is yours. In case you do not want to go through the rigors of installing an OS, you may choose from a wide range of Live CDs or simply use WhoNix or Tails.

Tails can be downloaded from https://tails.boum.org/ ; however my personal preference is WhoNix, which can be downloaded from here:

http://sourceforge.net/p/whonix/wiki/Home/

In order to run WhoNix, the host machine should have sizeable amount of RAM, should be fast enough to provide a glitch free internet experience and should have a good internet connection and speed. WhoNix is a culmination of two virtual machines wherein WhoNix WorkStation communicates with the WhoNix Gateway and the entire traffic is routed through TOR.

However, there are certain adjustments you need to do prior to starting the installation and I mention them below:

A: Select the geographical area which you would want to associate with your identity. This geographical area should remain consistent throughout the installation procedure and for the entire lifetime of the online identity.

In order to facilitate your selection, you may visit this website, and will assist you during http://www.worldtimezone.com/

B: During the installation of the operating system ensure that you choose the correct time-zone, and it should be the one related to the geographical area, which you had chosen in Step A. The importance of these two steps will be explained as when the need arises in this article.

Upon the completion of your initial setup, your path should resemble the below shown network diagram.


A quick round-up of the installation method

Step 1: Decide on a good hardware

Step 2: Decide the host operating system

Step 3: Choose the VPN Client, download it and install it

Step 4: Choose and deploy Virtual Server

Step 5: Choose the operating system for your Virtual server, in case of Live CD's or WhoNix download them from the links provided in this article.

Step 6: Choose the geographical area / the time-zone for your Virtual System.

Step 6: Start VPN

Step 7: Start the deployment of Virtual OS / WhoNix

Step 8: Select the geographical area will thus ensure your time-zone.

Step 9: Test your deployment.

WhoNix gateway

Console login:

Username: user

Password: changeme

Time-Zone: This is one of the most crucial settings of a related to a computer-system. All the files you create, be it the screenshots or documents, each and every file carries a time-stamp and the time-stamp is crucial during forensic analysis and in some cases may reveal your time-zone. Some of you may wonder, is this really important? Yes.

By deploying WhoNix, the end-user has ensured their anonymity, however, just by deploying an operating system doesn't ensure anonymity. Being a human-being, one needs to communicate, share their thoughts and views with others, and for this one needs access to emails, social-networking sites and file-sharing sites.

1: Email-ID Creation – Staying anonymous on Internet is not just related to browsing anonymously, but is also related to your communications, your interaction with others. As on today, e-mail is one of the most basic forms of communication one can achieve over internet. Internet Relay Chat (IRC) / Instant Messaging (IM), is yet another form of communication, however it is real-time and the basic requirement for initiating this type of communication is just the requirement of an email address.

IRCs allow guest users but in order to protect the "handle", which you intend using for yourself, will require you to have a registered account with the IRC server and its basic requirement is an email id.

/msg nickserv register YOURPASSWORD YOUREMAIL


IM / Instant Messaging is yet another real-time communication tool, however, this too is dependent on the email-id and each and every message which is processed by the Instant Messaging Service provider is time-stamped using UTC and IP address is logged.

To create a useable email id, you will have to follow these steps, only after you have completed and tested your anonymous setup.

A: Create a throw-away email-id. These services do not require you to provide any additional email-ids. Some of the throw-away email service providers are

http://getairmail.com

http://www.guerrillamail.com

http://10minutemail.com

Guerrillamail is one of the service providers who would allow you to receive as well as compose and send emails using the temporary email id.

B: Browse to your favorite web-based email provider and create your email, at the same time providing the throw-away email-id as your back-up.

C: Create secondary email-id from the same web-based email provider or choose a different one. This time, provide the primary email-id as the backup for your secondary email.

D: Log on to your primary email and modify the throw-away email-id and provide the secondary email-id as the backup for your primary email id.

Using the above mentioned method:

A: You now have two email-ids which are from a popular web-service

B: Your IP address at the time of creation of all the email-ids was different than the one provided by your home ISP.

C: All email logs will contain TOR exit IPs as your source IPs.

Note:

A: Before creating an email, conduct research on the nick-name / identity you will be using.

B: While creating an email id, you will be requested to provide the Time-Zone or Geographical location. Choose the geographical location, which you have selected at the time of installing the operating system.

2: Social Networking: Social Networking sites like Twitter, Facebook and blogs are being used by many and these sites have already been under scanner, at some point of time with regards to privacy concerns.

Twitter allows only one email-id to be associated with a specific twitter handle. Using the now available primary email-id to register the twitter handle will be just fine. All the account verification / password change mails can now be received by this email-id.

Secondly, a little known fact about twitter is that, the time-stamps for each and every tweet is based on UTC and every image which is uploaded via their web-interface is also time-stamped. In case there is any user is uploading screenshots of the computer-system in real-time then a forensic expert can co-relate the time-stamp of your tweet with the time-stamp found embedded within the image file and can derive the time-zone of your location.

It doesn't matter if you have disabled the "Add Location" setting to your tweets, as you have already given away your time-zone. This would be a matter of concern if you have not changed the time-zone of your computer system.

Images created by smart phones are a concern, especially for those who are paranoid about their online identity. In April 2012, a hacker had posted an image taken from his iPhone and tweeted it. The forensic experts at the FBI extracted the EXIF data from within the image and found the geo-location coordinates, which were inserted by the iPhone and the rest is history.

Secondly, when you start using twitter, do not start following people who you know in real life. Start with a few famous personalities and retweet their tweets.
There are many free tools available which will help you to scrub the image files

Using the above mentioned method for Twitter, one can easily create a blog.

A quick round-up of the usage method

Step 1: Create disposable email-id

Step 2: Create primary email-id using disposable email-id as the backup.

Step 3: Create secondary email-id using primary email-id as the backup.

Step 4: Modify primary email-id and change the backup email-id pointing towards the secondary email-id

Step 5: Create Twitter Account and a Blog.

Precautions to be taken:

1: Under no circumstances should you use an open/insecure connection to access these accounts.

2: No matter how urgent, check the e-mails, update blogs or IM from a secure location.

3: Disable voice calls and web cameras in your computer and OS.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

The above mentioned setup is used by many, however, there is one thing which most miss out on is the information leakage. This leakage happens, during chat, email , via images/spanhotos or via blogs.

1: Sometimes people react to their surroundings and end up mentioning the same in their twitter account.

2: Heated exchanges are to be taken in the stride; never get into them. You may end-up saying more than you ever intended or may divulge information pertaining to yourself.

3: Keep your family away from this. It is your identity, which you have chosen for yourself and you alone are responsible for it and its repercussions.

4: Natural calamities occur everywhere and being a human, you will get affected by it. Never mention them. If there has been a power-cut in your area, then so be it, others need not know about the reason for your absence. During such cases, stay away from your hidden-identity for additional few more hours.

5: A picture says a thousand words and sometimes the entire history. Be careful where your camera is pointed, reflections from the shiny surfaces can tell a lot about your surroundings.

6: Never get emotionally involved especially with those who are also hiding their own identity. You never know who is there on the other side. After a few days of interaction, people tend to lower their guard and divulge a lot of personal details.

7: Never get into the habit or follow a time-table. Most of the time, people follow a rigid set of rules, they will log on to internet at a specific time. Keep everyone guessing.

8: Since this is all about communications, the last thing is the usage of language. Never use slangs which are common to your geographical area. Make it a point to communicate using geographically neutral language.

9: Boasting about your deeds and your mile long ego doesn't help, keep them to yourself. You have decided to go hide your identity for a specific purpose, stick to it. Never ever in your real life or your virtual life, mix anything.

When a person boasts, he gives additional evidence about his past and ego will ensure that you will want to prove to others that you are superior to others. The root cause is the innate desire for fame. This attitude will earn you, tons of jealousy and in turn everyone will try to snitch your identity. Do your work quietly and move away.

Aparajit i
Aparajit i

Aparajit i has worked in IT Security for more than 10 years with varied experience. Finding newer methods for detection of malware is a passion. Spare time is reserved for tracking botnets, CnC servers and writing articles for Infosec. Contact via Twitter : @iaparajit