Conference DEFCON 22. Andrew "Zoz" Brooks. Don't screw it up! Part 1
So, our today's topic is disobedience and disobedience. Disobedience is what makes hackers what we are. Our job is to use things in a way for which they are not intended or which is not permitted. Sometimes the best way to show that things can be done better is to break the rules. But there is a greater way - a violation of unjust laws.
Henry Toro, in his essay “Civil Disobedience,” wrote: “Unfair laws exist, will we obey them obediently, or will we try to change them, while continuing to obey them, or will we break them right away”?
')
I was inspired by the fact that I was given the opportunity to talk about this, because the most prominent practitioner in the criminal prosecution of disobedience in our country is the secret police. Such unrepentant criminals, like the former NSA director Michael Hayden, used to do phone tapping during Bush’s time, or National Intelligence director James Klepper, who repeatedly lied to Congress - they neglect the law when it is necessary to do their own business. They tell us that the end justifies the means so that we too can play this game. We are obliged to apply civil disobedience where there is a wrong law that puts the United States in a state of constant surveillance in the name of the fight against terrorism, which is as much related to this country as public health problems are associated with the bubonic plague of the 14th century. This is worse than a crime, it's just stupid. Therefore, we must not allow the spying state to prevent us from doing the right things.
Think of the DCSS crypto wars designed to protect media tycoons from hackers playing their legally purchased DVDs on Linux laptops. They came up with a DVD encryption code that was hindering this, which was completely illegal. This is a perfect example of a law that is worse than criminal; it is stupid, because it can only hurt people who legitimately use media resources.
Of course, hackers are obliged to shove a stick in the asses of the people responsible for these laws, making illegal T-shirts, ties, games or illegal Minesweeper for Windows (laughter in the hall).
Of course, in our time there are more or less trivial injustices to be disobedient. Starting with violations of the crappy user agreements EULA and ending with the use of technology to counter the truly tyrannical and oppressive regimes that exist on earth today.
"Give a man a mortar" - for this today there is a corresponding application. The fact is that the use of technology to push the boundaries - this is what people are doing at this conference. In fact, in most cases, you have no idea whether what you are doing is legal or illegal. No one but the Congressional Research Service dared to state that they did not know the exact number of federal laws in force in the region at a given time. So even a good lawyer will not say whether his client is doing something illegal or not.
Keep in mind that laws in this and other countries are interpreted in terms of historical precedents. It also matters when you are accused of anything. Forget about deliberate disobedience, because people constantly break the law without knowing it, so you should be careful.
Here is one of my favorite examples of DefCon. This slide shows an example of disobedience, but a good one. DefCon is full of such examples.
I think we can agree that breaking into other people's bank accounts is illegal. One of my favorite moments at DefCon was a meeting with a guy who hacked into the database of “Nigerian scammers,” got their bank account details and got some money back from them.
Leakage and drain of information from government agencies and similar types of disobedience are currently in vogue and, I think, useful to society. Much of what has been leaked in the media lately comes down to controlling the Internet. People with much more money and power than those in this room are trying to block it for the lower classes. Disobedience is part of such resistance to the control and pressure of the authorities. Blocking the Internet, an end to the free flow of information, regardless of the wealth of power and whatever that information carries is the end of the Internet.
Therefore, we must refuse to be obedient. If you are going to deliberately disobey, there is only one rule that is worth adhering to, and whoever was on the Hacker Jeopardy team knows these three words very well: “Fuck It Up”! - “Don't screw it up!”
Another reason that inspired me to this presentation was Snowden’s information leaks published last year. I would like to share some thoughts on this and invite the community to take part in the discussion. This is a conversation for all who did not have free time to get acquainted with all these leaks. If everyone present knows what I'm going to say, I will be very happy, but this is probably not the case.
Remember the good old days, when the Internet has not yet switched to "kitty" humor? Now everyone on the Internet knows what an ASCII goatse is (laughter in the hall). Google even kindly offers this drawing.
But in reality, the good old days were not so good. I do not consider myself to be an old school, because I started to be engaged in our business only in the early 90s. It took a quarter of a century to understand how the early Internet was underestimated, and the changes that occurred, no matter how slow, were useful. You should not listen to those who say that then everything was better. It was definitely worse, because now we have the business model of the entire Internet, we have accumulated stocks of information, we have monitoring and tracking of all the crap.
But the real “game changer” is the repository. This is the NSA data center in Blafdale, Utah. And your “shit” is not just vulnerable, as long as it is transmitted over the network, it will accumulate there forever.
I was seriously pissed off by Keith Alexander when he came to DefCon 20 because he came here and said, “oh, you guys are so smart, right? Then come and work with me! ” He thinks that it is enough to wear jeans and a T-shirt to convince us that he is a good guy, even if his agency prevents people from being who they are, prevents the birth of a new generation of hackers.
Think if someone walked here, in our community, with a tape recorder in their hands, shoving him in the face all the time while recording, and recording everything you said, then it would be difficult for you to accept this person as part of your community. You will probably completely stop communicating with this person, but this is what is actually happening now - they collect all the information about us so that they can be used against us. We always assumed that they were doing this, and expected something similar from them, but thanks to our friend Snowden, we now know for sure that they did exactly what we expected from them, and even more. "Collect everything and use everything"! - that's what they do.
You must remember that the government always uses reservations. When they say: “we are not doing this!”, This means that we force our foreign partners to do this, and then transfer us the results. When they say: “we do not collect data under this program,” this means that we collect it under another program.
But we now have a million ways to spoil the existing order of things. If everything you do makes you an “interesting” person, they can come back and find other “interesting things” to hang them on you. And technology is not to blame. We find errors all the time, but their number directly depends on the “error” that is between the chair and the keyboard. People say that they have nothing to hide, we have heard this before a million times. But everyone has something to hide, right? Everyone has always had something to hide, now or in the past, and this is the source of many problems. So people who know how to do all sorts of tricky things should not screw up when faced with two related groups - organized crime and the feds.
Consider what is Tradecraft , or spy things. Tradecraft means technology and methods, and here I am going to throw a few stones in the garden of our friends from the CIA. I will laugh at them later, but they spend a lot of time thinking about ways to let them go. The best way to analyze the work of the CIA is to review their operational activities, those operations where they screwed up.
They spend a lot of time analyzing where they failed. You can download and read the Tradecraft manual created by the CIA - the picture on the next slide is taken from there. I will go over the positions shown in this picture:
All these things are reviewed when we analyze our own operations, after having screwed up somewhere. There are a number of activities you can do to counteract bias.
For example, if something interesting happens, this is a great opportunity to switch from analysis to performing a practical operation. The analysis should include the following principles:
Follow these principles when conducting operations and look for points in their applications.
On the opposite side is the OPSEC. Many people in our society are in favor of operational security. Basically, it means preventing the leakage of information, which may lead to the advantage of the other party. The next slide shows a poster from the Second World War confirming this rule: “Enemy ears are listening!”.
By the way, on the theme of "old school" - if I showed this photo to someone under the age of 25, he would surely ask why this is Gandhi's enemy? The laughter in the hall, in the center of the slide is a portrait not of Gandhi, but of the Emperor Hirohito of Japan.
I can’t wait until finally everyone will get an education from Wikipedia or IMDB. The government uses your tax dollars to issue literature to help you with OPSEC, so you need to carefully check this literature. You need to understand what information is relevant.
The government teaches that the bad guys want to get the information that we own in order to hit us. OPSEC confronts this by helping to look at the world with its own eyes in order to develop measures and ways to confront these bad guys.
The process of operational security is as follows:
If you find it difficult to see the text on a slide, you can watch it on the DVD disc of this DefCon conference. OPSEC does not end with the operation itself, it covers all of your initial and all subsequent explanations and research. "Remember this all the time!" This is not something that can be done once and then forget, OPSEC is working 24 hours a day, 7 days a week.
The next slide shows my version of the seven deadly sins, seven things that can make you screw up.
What makes you a candidate for arrest? Confidence that they will never find you. “I use a standalone computer” is all nonsense, you can never rely on one tool.
This is followed by excessive trust. In the states of total surveillance, for example, in East Germany, one in 66 people was a government informant. Do not you think that this ratio is similar to the hacker community? Emmanuel Goldstein estimated that every fifth person was a “informer” in the GDR. This is probably a high border, but talk, for example, with Chelsea Manning. I bet she regrets her model of trust in society.
The perception of insignificance of his guilt, the belief that your guilt is insignificant and therefore your "pranks" do not care about anyone. “No one cares if I simply damage this website.” Remember that all this may be recorded in your personal file.
The fourth “sin” is associative guilt. I visited the “wrong” chat, came to the wrong conference, got in touch with the wrong people. You are worried about exposing where you are and where you came from. This is something that the government can consciously use against you. It does not just collect personal information that identifies you, it saves the “fingerprints” of the pages you visited through the browser, the unique identifiers of your mobile devices, and in the future, possibly your location.
There are too many documents confirming that this is happening. Those people who really struggle with the state and do serious business know about it. "Your chatter can kill your friends."
Home computers and personal cell phones should never be used for operational purposes pursued by government services. Identity documents must never be transported without an owner. The details of a military operation should never be discussed by telephone or with family members. You can and should even do things you don’t like to do, just as you don’t like to abstain from alcohol. If you commit at least one of these sins - you are caught. Use Tradecraft analysis techniques to avoid mistakes.
One of the tools you can use to stop these damn things is tools. But tools can also make your situation even worse. A computer is a tool that helps you mess things up a billion times faster than you could do it yourself.
They create a false sense of trust. They provoke the sin of self-confidence, and this is the probability of spoiling everything. Stupid to use the tool is even worse than not using it at all. This is one of my favorite pictures - it's not a saw, but a cutter from a jet of water supplied under a pressure of 15,000 PSI. It's just water, but it cuts steel, although it seems so safe.
Here is the first tool - VPN . Don't mess with it! Will you be safe if you use an insecure network? When it comes to tools, ask yourself 2 questions: should I use it and how should I use it? What do you get from VPN ? You get traffic encryption, but only between you and the VPN itself , but not between the VPN and some remote location.
You can confuse your tracks and hide your location from a remote server. The provider may not know exactly where you are. But you can receive from him some kind of request that will establish a connection between you and the VPN . So it really depends on where the “listener” is and how the network provider behaves. This is one hot proxy, so anyone who controls both ends of the network, such as a government agency, can very easily make a traffic correlation and get information about your location. This changes the degree of trust in the VPN provider, with whom you probably have a financial relationship, because it is very easy to track how and to whom you pay for services. Think about it. VPN providers are really very different with respect to fulfilling the promise. Many of them say that they do not save session logs. You should know their journaling policies, but this will not clarify the whole story, especially if they are not located in the United States, because they can start keeping a journal at any time they want. For example, when they receive a prescription from the national security agency, which by law can claim all the data.
Therefore, the fact that they do not record your activity now does not mean that they will not do this in the future if you are interested in the special services.
If you are planning to hide behind a VPN , then you better look at how VPN clients differ in the degree of "catching you on the hook." , . VPN , Wire shock , «» , .
, VPN ? , , , «» , .
. SSH -, VPN , «». , «».
, «» IP. , VPN . , , . , « » , VPN, IP.
— . java- . , , VPN, .
VPN, , . , , .
, , MAC- . MAC- , WiFi- . . MAC- , .
, VPN ? ? « », VPN , . VPN . XKeyscore 2008 .
, . . , . , VPN , , - .
CES/SSC/AAD VPN “Surge” , «VPN — » 2011 .
, VPN . Birdwatcher , . - , , , VPN .
SCS , , – – , , .
, « », , , .
\
, , . . , , VPN — , . , . , VPN , , . , , VPN .
-, . Hammerstein « ». -, .
, , . , , PPTP VPN . 2012 DefCon 20 , loud cracker PPTP , VPN . VPN , , , .
, VPN - , . NSA , «». , , - . , , , .
: , Tor !
, Tor , . Tor , . . , . Tor . , «» . , , , , .
Tor . , . , , Tor .
«», . , «», , .
, «» , , , , . -, « » « ». Tor .
, Tor . LulzSec AntiSec . LulzSec , Sabu , . 4chan Nons , , SQL , DDOS- -, – .
Anonymous , Sabu .
IFC , TOR . , - . Sabu Tor , , . , , , .
. , . Sabu . Wi-Fi, . , ? Mac- , Tor , Tor Wi-Fi , IP- IFC- . , , , «». , Tor , , 10 . : Tor , , ! .
«» . , - . – , «». , PFSence , , Tor , IPCheck , , IP- .
25:00 min.
Conference DEFCON 22. Andrew "Zoz" Brooks. Don't screw it up! Part 2
Thank you for staying with us. Do you like our articles? Want to see more interesting materials? Support us by placing an order or recommending to friends, 30% discount for Habr users on a unique analogue of the entry-level servers that we invented for you: The whole truth about VPS (KVM) E5-2650 v4 (6 Cores) 10GB DDR4 240GB SSD 1Gbps from $ 20 or how to share the server? (Options are available with RAID1 and RAID10, up to 24 cores and up to 40GB DDR4).
VPS (KVM) E5-2650 v4 (6 Cores) 10GB DDR4 240GB SSD 1Gbps until December for free if you pay for a period of six months, you can order here .
Dell R730xd 2 times cheaper? Only we have 2 x Intel Dodeca-Core Xeon E5-2650v4 128GB DDR4 6x480GB SSD 1Gbps 100 TV from $ 249 in the Netherlands and the USA! Read about How to build an infrastructure building. class c using servers Dell R730xd E5-2650 v4 worth 9000 euros for a penny?
Henry Toro, in his essay “Civil Disobedience,” wrote: “Unfair laws exist, will we obey them obediently, or will we try to change them, while continuing to obey them, or will we break them right away”?
')
I was inspired by the fact that I was given the opportunity to talk about this, because the most prominent practitioner in the criminal prosecution of disobedience in our country is the secret police. Such unrepentant criminals, like the former NSA director Michael Hayden, used to do phone tapping during Bush’s time, or National Intelligence director James Klepper, who repeatedly lied to Congress - they neglect the law when it is necessary to do their own business. They tell us that the end justifies the means so that we too can play this game. We are obliged to apply civil disobedience where there is a wrong law that puts the United States in a state of constant surveillance in the name of the fight against terrorism, which is as much related to this country as public health problems are associated with the bubonic plague of the 14th century. This is worse than a crime, it's just stupid. Therefore, we must not allow the spying state to prevent us from doing the right things.
Think of the DCSS crypto wars designed to protect media tycoons from hackers playing their legally purchased DVDs on Linux laptops. They came up with a DVD encryption code that was hindering this, which was completely illegal. This is a perfect example of a law that is worse than criminal; it is stupid, because it can only hurt people who legitimately use media resources.
Of course, hackers are obliged to shove a stick in the asses of the people responsible for these laws, making illegal T-shirts, ties, games or illegal Minesweeper for Windows (laughter in the hall).
Of course, in our time there are more or less trivial injustices to be disobedient. Starting with violations of the crappy user agreements EULA and ending with the use of technology to counter the truly tyrannical and oppressive regimes that exist on earth today.
"Give a man a mortar" - for this today there is a corresponding application. The fact is that the use of technology to push the boundaries - this is what people are doing at this conference. In fact, in most cases, you have no idea whether what you are doing is legal or illegal. No one but the Congressional Research Service dared to state that they did not know the exact number of federal laws in force in the region at a given time. So even a good lawyer will not say whether his client is doing something illegal or not.
Keep in mind that laws in this and other countries are interpreted in terms of historical precedents. It also matters when you are accused of anything. Forget about deliberate disobedience, because people constantly break the law without knowing it, so you should be careful.
Here is one of my favorite examples of DefCon. This slide shows an example of disobedience, but a good one. DefCon is full of such examples.
I think we can agree that breaking into other people's bank accounts is illegal. One of my favorite moments at DefCon was a meeting with a guy who hacked into the database of “Nigerian scammers,” got their bank account details and got some money back from them.
Leakage and drain of information from government agencies and similar types of disobedience are currently in vogue and, I think, useful to society. Much of what has been leaked in the media lately comes down to controlling the Internet. People with much more money and power than those in this room are trying to block it for the lower classes. Disobedience is part of such resistance to the control and pressure of the authorities. Blocking the Internet, an end to the free flow of information, regardless of the wealth of power and whatever that information carries is the end of the Internet.
Therefore, we must refuse to be obedient. If you are going to deliberately disobey, there is only one rule that is worth adhering to, and whoever was on the Hacker Jeopardy team knows these three words very well: “Fuck It Up”! - “Don't screw it up!”
Another reason that inspired me to this presentation was Snowden’s information leaks published last year. I would like to share some thoughts on this and invite the community to take part in the discussion. This is a conversation for all who did not have free time to get acquainted with all these leaks. If everyone present knows what I'm going to say, I will be very happy, but this is probably not the case.
Remember the good old days, when the Internet has not yet switched to "kitty" humor? Now everyone on the Internet knows what an ASCII goatse is (laughter in the hall). Google even kindly offers this drawing.
But in reality, the good old days were not so good. I do not consider myself to be an old school, because I started to be engaged in our business only in the early 90s. It took a quarter of a century to understand how the early Internet was underestimated, and the changes that occurred, no matter how slow, were useful. You should not listen to those who say that then everything was better. It was definitely worse, because now we have the business model of the entire Internet, we have accumulated stocks of information, we have monitoring and tracking of all the crap.
But the real “game changer” is the repository. This is the NSA data center in Blafdale, Utah. And your “shit” is not just vulnerable, as long as it is transmitted over the network, it will accumulate there forever.
I was seriously pissed off by Keith Alexander when he came to DefCon 20 because he came here and said, “oh, you guys are so smart, right? Then come and work with me! ” He thinks that it is enough to wear jeans and a T-shirt to convince us that he is a good guy, even if his agency prevents people from being who they are, prevents the birth of a new generation of hackers.
Think if someone walked here, in our community, with a tape recorder in their hands, shoving him in the face all the time while recording, and recording everything you said, then it would be difficult for you to accept this person as part of your community. You will probably completely stop communicating with this person, but this is what is actually happening now - they collect all the information about us so that they can be used against us. We always assumed that they were doing this, and expected something similar from them, but thanks to our friend Snowden, we now know for sure that they did exactly what we expected from them, and even more. "Collect everything and use everything"! - that's what they do.
You must remember that the government always uses reservations. When they say: “we are not doing this!”, This means that we force our foreign partners to do this, and then transfer us the results. When they say: “we do not collect data under this program,” this means that we collect it under another program.
But we now have a million ways to spoil the existing order of things. If everything you do makes you an “interesting” person, they can come back and find other “interesting things” to hang them on you. And technology is not to blame. We find errors all the time, but their number directly depends on the “error” that is between the chair and the keyboard. People say that they have nothing to hide, we have heard this before a million times. But everyone has something to hide, right? Everyone has always had something to hide, now or in the past, and this is the source of many problems. So people who know how to do all sorts of tricky things should not screw up when faced with two related groups - organized crime and the feds.
Consider what is Tradecraft , or spy things. Tradecraft means technology and methods, and here I am going to throw a few stones in the garden of our friends from the CIA. I will laugh at them later, but they spend a lot of time thinking about ways to let them go. The best way to analyze the work of the CIA is to review their operational activities, those operations where they screwed up.
They spend a lot of time analyzing where they failed. You can download and read the Tradecraft manual created by the CIA - the picture on the next slide is taken from there. I will go over the positions shown in this picture:
- Perceptual distortions: expectation, resistance, inaccuracies. This means seeing only what we want to see. I think you can find examples of this behavior by the CIA.
- Bias in the assessment of evidence: consistency, lack of information, discredited evidence. If there is a sequence in something, then small samples are more consistent, but they contain less information. If you rely only on the available probability estimation models, problems arise with a causal relationship — for example, assigning events to a fixed background. Something like "the Sunnis are good, the Shiites are bad."
- Bias in assessing probabilities: accessibility, affection, overconfidence.
- Bias in the perception of causality: rationalism, registry.
All these things are reviewed when we analyze our own operations, after having screwed up somewhere. There are a number of activities you can do to counteract bias.
For example, if something interesting happens, this is a great opportunity to switch from analysis to performing a practical operation. The analysis should include the following principles:
- verification of key assumptions at the beginning or when a project is modified;
- checking the quality of information;
- go from the reverse, that is, to use the technique “devil's advocate”, the technique “bounce - weak resistance”, analyze situations like: “what if ...” and try actions familiar to us in penetration testing. Here they are called "Red Team", whose actions are to put themselves in the place of the enemy.
Follow these principles when conducting operations and look for points in their applications.
On the opposite side is the OPSEC. Many people in our society are in favor of operational security. Basically, it means preventing the leakage of information, which may lead to the advantage of the other party. The next slide shows a poster from the Second World War confirming this rule: “Enemy ears are listening!”.
By the way, on the theme of "old school" - if I showed this photo to someone under the age of 25, he would surely ask why this is Gandhi's enemy? The laughter in the hall, in the center of the slide is a portrait not of Gandhi, but of the Emperor Hirohito of Japan.
I can’t wait until finally everyone will get an education from Wikipedia or IMDB. The government uses your tax dollars to issue literature to help you with OPSEC, so you need to carefully check this literature. You need to understand what information is relevant.
The government teaches that the bad guys want to get the information that we own in order to hit us. OPSEC confronts this by helping to look at the world with its own eyes in order to develop measures and ways to confront these bad guys.
The process of operational security is as follows:
- Identification of critical information, access to which is capable of harming us;
- Analysis of threats of theft of this information;
- Analysis of vulnerabilities that allow to carry out the threat;
- Risk assessment;
- The use of countermeasures.
If you find it difficult to see the text on a slide, you can watch it on the DVD disc of this DefCon conference. OPSEC does not end with the operation itself, it covers all of your initial and all subsequent explanations and research. "Remember this all the time!" This is not something that can be done once and then forget, OPSEC is working 24 hours a day, 7 days a week.
The next slide shows my version of the seven deadly sins, seven things that can make you screw up.
What makes you a candidate for arrest? Confidence that they will never find you. “I use a standalone computer” is all nonsense, you can never rely on one tool.
This is followed by excessive trust. In the states of total surveillance, for example, in East Germany, one in 66 people was a government informant. Do not you think that this ratio is similar to the hacker community? Emmanuel Goldstein estimated that every fifth person was a “informer” in the GDR. This is probably a high border, but talk, for example, with Chelsea Manning. I bet she regrets her model of trust in society.
The perception of insignificance of his guilt, the belief that your guilt is insignificant and therefore your "pranks" do not care about anyone. “No one cares if I simply damage this website.” Remember that all this may be recorded in your personal file.
The fourth “sin” is associative guilt. I visited the “wrong” chat, came to the wrong conference, got in touch with the wrong people. You are worried about exposing where you are and where you came from. This is something that the government can consciously use against you. It does not just collect personal information that identifies you, it saves the “fingerprints” of the pages you visited through the browser, the unique identifiers of your mobile devices, and in the future, possibly your location.
There are too many documents confirming that this is happening. Those people who really struggle with the state and do serious business know about it. "Your chatter can kill your friends."
Home computers and personal cell phones should never be used for operational purposes pursued by government services. Identity documents must never be transported without an owner. The details of a military operation should never be discussed by telephone or with family members. You can and should even do things you don’t like to do, just as you don’t like to abstain from alcohol. If you commit at least one of these sins - you are caught. Use Tradecraft analysis techniques to avoid mistakes.
One of the tools you can use to stop these damn things is tools. But tools can also make your situation even worse. A computer is a tool that helps you mess things up a billion times faster than you could do it yourself.
They create a false sense of trust. They provoke the sin of self-confidence, and this is the probability of spoiling everything. Stupid to use the tool is even worse than not using it at all. This is one of my favorite pictures - it's not a saw, but a cutter from a jet of water supplied under a pressure of 15,000 PSI. It's just water, but it cuts steel, although it seems so safe.
Here is the first tool - VPN . Don't mess with it! Will you be safe if you use an insecure network? When it comes to tools, ask yourself 2 questions: should I use it and how should I use it? What do you get from VPN ? You get traffic encryption, but only between you and the VPN itself , but not between the VPN and some remote location.
You can confuse your tracks and hide your location from a remote server. The provider may not know exactly where you are. But you can receive from him some kind of request that will establish a connection between you and the VPN . So it really depends on where the “listener” is and how the network provider behaves. This is one hot proxy, so anyone who controls both ends of the network, such as a government agency, can very easily make a traffic correlation and get information about your location. This changes the degree of trust in the VPN provider, with whom you probably have a financial relationship, because it is very easy to track how and to whom you pay for services. Think about it. VPN providers are really very different with respect to fulfilling the promise. Many of them say that they do not save session logs. You should know their journaling policies, but this will not clarify the whole story, especially if they are not located in the United States, because they can start keeping a journal at any time they want. For example, when they receive a prescription from the national security agency, which by law can claim all the data.
Therefore, the fact that they do not record your activity now does not mean that they will not do this in the future if you are interested in the special services.
If you are planning to hide behind a VPN , then you better look at how VPN clients differ in the degree of "catching you on the hook." , . VPN , Wire shock , «» , .
, VPN ? , , , «» , .
. SSH -, VPN , «». , «».
, «» IP. , VPN . , , . , « » , VPN, IP.
— . java- . , , VPN, .
VPN, , . , , .
, , MAC- . MAC- , WiFi- . . MAC- , .
, VPN ? ? « », VPN , . VPN . XKeyscore 2008 .
, . . , . , VPN , , - .
CES/SSC/AAD VPN “Surge” , «VPN — » 2011 .
, VPN . Birdwatcher , . - , , , VPN .
SCS , , – – , , .
, « », , , .
\, , . . , , VPN — , . , . , VPN , , . , , VPN .
-, . Hammerstein « ». -, .
, , . , , PPTP VPN . 2012 DefCon 20 , loud cracker PPTP , VPN . VPN , , , .
, VPN - , . NSA , «». , , - . , , , .
: , Tor !
, Tor , . Tor , . . , . Tor . , «» . , , , , .
Tor . , . , , Tor .
«», . , «», , .
, «» , , , , . -, « » « ». Tor .
, Tor . LulzSec AntiSec . LulzSec , Sabu , . 4chan Nons , , SQL , DDOS- -, – .
Anonymous , Sabu .
IFC , TOR . , - . Sabu Tor , , . , , , .
. , . Sabu . Wi-Fi, . , ? Mac- , Tor , Tor Wi-Fi , IP- IFC- . , , , «». , Tor , , 10 . : Tor , , ! .
«» . , - . – , «». , PFSence , , Tor , IPCheck , , IP- .
25:00 min.
Conference DEFCON 22. Andrew "Zoz" Brooks. Don't screw it up! Part 2
Thank you for staying with us. Do you like our articles? Want to see more interesting materials? Support us by placing an order or recommending to friends, 30% discount for Habr users on a unique analogue of the entry-level servers that we invented for you: The whole truth about VPS (KVM) E5-2650 v4 (6 Cores) 10GB DDR4 240GB SSD 1Gbps from $ 20 or how to share the server? (Options are available with RAID1 and RAID10, up to 24 cores and up to 40GB DDR4).
VPS (KVM) E5-2650 v4 (6 Cores) 10GB DDR4 240GB SSD 1Gbps until December for free if you pay for a period of six months, you can order here .
Dell R730xd 2 times cheaper? Only we have 2 x Intel Dodeca-Core Xeon E5-2650v4 128GB DDR4 6x480GB SSD 1Gbps 100 TV from $ 249 in the Netherlands and the USA! Read about How to build an infrastructure building. class c using servers Dell R730xd E5-2650 v4 worth 9000 euros for a penny?
Source: https://habr.com/ru/post/422775/
All Articles