Skip to content

Uber Secret Handbook

Antonizoon edited this page Dec 18, 2016 · 1 revision

Anonymous – the uber-secret handbook

compiled by Anonymii

Version 0.1.3

Date 15.02.11

DRAFT VERSION,

contains Typos

contains <°-(-(-(-<

contains no ( o ) ( o )

also, no 8====D

also, tl;dr

Foreword

The greatest threats to your safety are A) social engineering and your behaviour and B) revealing your IP address.

for A) see Social Threats

for B) see Technical

Try to follow as many of these suggestions as possible to ensure maximum privacy.

Social Threats

''Basic rule: Blend in with the crowd, disperse into the stream. Keep a low profile. Don't try to be special. Remember, when in Rome, do as Romans do. Don't try to be a smart ass. FEDs are many, Anonymous is Legion, but you are only one. There are no old heros, there are only young heros and dead heros.''

Do not give any personal information on the IRC chat as it is public, you mom could read what you write there and so could the Police. And don't mention your involvement with Anonymous in your real life.

  • do not include personal information in your screen name

  • don't discuss personal information, your address or where you're from

  • don't mention your gender, tattoos, scars, piercings, bodymodifications,

  • over-/underweight, physical or psychological (in)abillities (got the idea?)

  • don't mention your profession or hobbies

  • don't mention whether you're in a relationship

  • don't mention your involvement with other activist groups

  • musical taste/preferred literature/films is a good way, to know someone,
    don't mention any of these

  • don't use special characters, that are existent only in your language as

  • they would reveal where you are from

  • don't give even bogus info. Lot's of no's, make a yes.

  • Everything is completely seperate between your real life and online

  • life(s), don't blend anything from your real life with anon, don't talk

  • about Anon in real life except posting posters anonymously, etc

  • don't mention congresses that you have been at

  • don't mention your school, university etc.

  • don't mention what time it is where you live, mentioning the time can reveal where you live

  • Never connect at same time. Try to alternate.

  • Do not post on the public net while you are in the IRC, and definitely do not mention that you are posting something on Twitter. This is easy to correlate.

  • Don't discuss whether you personally are DDOSing or writing How-Tos or Nmap'ing the target, making graphics etc. or not, just discuss general strategy

  • Do not post pictures hosted on Facebook. The filename contains your profile ID.

  • Stagger your login & log out times on FaceBook, Twitter & IRC. They can be compared for user info.

Technical

''Basic Rule: Use as many security layers as possible. The question is not, wether you are paranoid, but wether you are paranoid enough.''

A good beginning is to use a VPN and running Anonymous related Software from USB device or a Live CD. A proxy will do also, but is not as secure as a VPN.

Always use as much security layers as possible. Make sure to use them in the right way. If you don't know how to use them, learn it before you use them.

Most Anonymii use VPN to hide their traces, they use SSL encrypted connections and they use #vhost, when they are on irc.anonops.ru.

VPN

When thinking of a VPN service, think first about the legislation of the country. A USA VPN might provide user data upon warrant issue. In other countries, such as Sweden, and Iceland this is unlikely to happen. They have a strong privacy policy, wich makes it harder for law enforcement agencies to get access. In adition, some servers do not keep logs of users. Also try to get VPN services that accept anonymous payments (For those that keep user billing information)

More info: https://secure.wikimedia.org/wikipedia/en/wiki/Vpn

Guide for installing OpenVPN client

(taken from the FAQ by vpntunnel.se)

Free VPN -- Not recommended. (see explanation)

If they aren't selling you a service. They are selling you.

Commercial VPN providers

Free VPN direct downloads -- Not recommended. (see explanation)

If they aren't selling you a service. They are selling you.

Mac

Linux

Windows

Explanation

1.- Free VPN: It is not recommended, cause many features are capped, and in addition, many free VPN providers will hand user data upon warrant issue. Also, many free VPNs work with ad companies.

2.- Commercial pptp: It's been said, as telecomix pointed out, that some operating systems (Windows 7, Vista) might be vulnerable to an attack consisting in requesting p2p conns, wich could lead the malicious attacker to get the user real ip.

See https://www.ipredator.se/?lang=en For more information on this matter. Seems flaw has to do with ipv6 conns, so just ensure you use ipv4.

3.- Recommended VPN's. All that use the OpenVPN service. And that include specific policies on user data storage and policies regarding that data. (Best option, no data loggin + no user billing loggin, + safe payment methods ie: Ukash and similar services).

I2P - Anonymizing Network

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.

Many applications are available that interface with I2P, including mail, p2p, IRC chat, instant messaging and others. All anonymous.

Make sure you start by launching I2P with the ''I2P Launcher'' button in the portable apps tray icon.

You can then use the integrated PChat client, it automaticaly connects to the I2P IRC server anonymously. Join #anonops for to keep track of Anonymous activity. Many Operation channels are relayed between I2P and anonops.ru.

Enjoy your anonymity and privacy!

Websites

I2P Tutorial for Windows Video

I2P Tutorial for Linux Video

How to set up your own website on I2P - Video

IRC with I2P

  • 127.0.0.1:6668
  • Channels: #anonops , #opegypt , #opitaly, #opmesh
  • Sites: (currently all down) anonops.i2p qr.i2p
  • Telecomix IRC allows i2p tunnel

For more and active I2P sites visit

The ports I2P is using

I2P installation and running on Linux

  • Download and extract the installation files, no need for separate install (such as apt-get install).
  • Run the router from /i2p folder with sudo sh i2prouter start. In seconds, I2P should open a Konqueror-browser page of I2P-main console.
  • Configure your bandwith settings. You might also consider opening some ports on your firewall for optimising the use of your bandwith.

Portable I2P (windows only)

contains I2P, several plugins (email, torrentclient), preconfigured browser, preconfigured IRC client and messenger.

Before you can use anything on I2P, you have to start the I2P router from the portableapps tray icon-menu with the button ''I2P Launcher''.

Anonymous surfing with I2P

  • Go to your browser ''options/preferences ''(depending on your browser) -> ''network/connection settings''
  • Select ''manual proxy configuration''
  • In ''http'' insert 127.0.0.1''' , '''for ''port'' insert 4444
  • In ''https'' insert 127.0.0.1, for ''port'' insert 4445

Make sure that you have ''No proxy ''for as ''localhost, 127.0.0.1'' so you'll be able to reach your I2P configuration page. To test your anonymity, go eg. to: cmyip.com.

Tor Onion Router

''Basic Rule: Tor does not encrypt the data you send. It just hides your IP by means of cascaded Proxies. Just installing Tor does not mean you're safe. For example, if you use Tor and log in to your real-life-email-account, you're doomed.''

Download Tor

'''Download Torbutton''' for Firefox (enable or disable the browser's use of Tor)

Anonymous provides a so called Care Package. It contains Tor as well as a bunch of other usefull things. If you cannot access the Torproject website, you may ask in the IRC channels for the Care Package.

How to IRC

''Basic Rule: Use SSL Port (in this case 6697). Always. Use #vhost. Always. IRC is public, if don't want an information to be spread in public, don't give this information in the first place. Ignore trolls. Always.''

What is IRC? IRC is a free chat program that people around the world can use to communicate. It features multiple rooms for different chat topics, and private messaging between users.

When you join the Anonymous IRC network, do so only via SSL (point you IRC client to port 6697). Port 6697 is an unusual SSL port, just checking the ''Always use SSL'' box will not function. By connecting to SSL-Port 6697 your IRC-Client may give you a warning, because the SSL-Certificate is self-signed. That is OK, you can trust the certificate.

After connection you register you nickname by using a fake email adress, then you /join #vhost and AFTER that procedure you join the channels.

Basic list of IRC Commands

  • /join #channelnameJoins #channel
  • /part Parts active #channel
  • /query nickOpens private conversation with nick
  • /msg nick Sends to nick
  • /whois nickDisplays info on nick
  • /msg nickserv identify <password>Identifys your nick
  • /ignore to ignore a troll
  • /topicto see the topic of a channel
  • /listto see a listing of available channels

Extended commands

Where to find current IRC information incase you can't connect

Security

  • Use SSL to connect to the IRC. Server port is 6697.
  • Use VPN software, or accounts to hide your IP. IRC servers are pretty secured, but not invulnerable. Tor software is NOT an option (It's banned in the network due to malicious abuse).

Extra security consists in getting a vhost (Virtual Host)

  • Register your nick:
    /msg nickserv register password fake@email.com
  • /join #vhost
  • when in #vhost type: !vhost any.fake.host

IRC-Clients

Mac

Download Colloquy from one of these:

Get a webproxy, one of these. Make sure you connect with SSL. ("ipadress:port")

Usage

  • Start Colloquy
  • Click on ''New''
  • Enter a Nickname (not your real name)
  • Enter a Chat Server, for our purpose, ''irc.anonops.ru''.
  • Click on ''Details''
  • Select the ''Secure Web'' proxy and check the ''SSL'' option, use port ''6697''
  • Don't put your real name in either User/Real Name. Invent something.
  • If you want, click: ''Remember Connection''
  • Hit ''Connect''
  • Click ''Join Room'' and enter the Chat Room #tunisia, for example.
  • Or, one of these: #opTunisia #LobbyView Macintosh instructions below.

Linux

Xchat (Gnome)

Usage

  • Start X-Chat
  • Click ''Add'' button on the network list, and rename to whatever you choose.
  • Click the ''Edit'' button with new network selected, change the server entry from ''newserver/6667'', to ''irc.anonops.ru/6697'' (or use one of the newer domains found from links below).
  • Then select the two check boxes that say ''Use SSL for all servers on this network'' and Accept invalid SSL certificate.
    Click ''Close'', then ''Connect'' http://konversation.kde.org

Konversation (KDE)

  • Debian/Ubuntu/Knoppix... : sudo apt-get install konversation

Usage similar to X-Chat

Windows

X-Chat2

XChat

Mirc

Usage

  • Download SSL Library: http://www.mirc.com/download/openssl-0.9.8q-setup.exe
  • Install it either in the mIRC folder (typically C:\Program Files\mIRC or C:\Program Files (x86)\mIRC ) or in the Windows System folder (typically C:\Windows\System32).
  • By running mIRC it should find and use the OpenSSL library automatically. To confirm whether mIRC has loaded the OpenSSL library, you open the ''Options'' dialog and look in the ''Connect/Options'' section to see if the ''SSL'' button is enabled.
  • Type /server irc.anonops.ru:6697

Webbased

http://01.chat.mibbit.com

  • In the mibbit page, click on ''server'', and enter in the box:
    webirc.anonops.ru:+6697
  • How do I know if it is working? Just do /whois your_nick and it should inform you that you are using a secure connection.

'''http://www.anonops.ru'''

  • click ''Chans''

'''How to Vhost'''

On the anon IRC servers you can ask for a Vhost. This will ensure that you are anonymous on the irc network.

By default you will have a host based from you ISP, something like this: ''mynick@theservicefrom.125.comcast.suck.net'' or a hash if you've logged in by SSL: ''mynick@6969E1A1T1COCK152.69.IP.''

After setting a desired vhost you could be identified as: ''mynick@myvhostRocks.org''.

1.- You must own a registered nick to get a vhost.

  • Command /msg nickserv register password fake@email.com
    Explanation: This will tell the register service to reserve your nickname for later use

2.- You must identify on that nickname to get it working.

  • Command: /msg nickserv identify password.
    Explanation: Once you do this step you are ready to set up a vhost.
  • Output: ''services.anonops.net sets mode +r Yournick''
    Explanation: The +r flag states a given nick is effectively registered and identified.

3.- Join the #vhost channel in order to get the vhost working.

  • Command (in channel): !vhost fake.host.here
    Explanation: After you apply for a vhost, the service will ban your nick from that channel for a given ammount of time. Reasons are many. Lurkers can get real ip's from people. Switching vhosts each 2 seconds might lag the server, and so on.

3.b.- Eventually you can directly ask for the vhost via command without getting in the specific channel.

  • Command: /hs request vhost@hosthere
    Explanation: this will avoid getting into the specific channel. But is not enough to get it working. The vhost@ part is optional, the important part is the hosthere part.

Considering the previous explanation, use the following: /hs request hosthere

  • Command 2: /hs on
    Explanation: This will effectively activate the vhost.

'''Vhost Trouble Shooting'''

Q: I have registered my vhost, but once I log in it doesnt activate.

A: Have you identified with your nick? You will only get your regular vhost back once your nick is correctly identified, redo step 2.

Q: I just changed my vhost but it wont apply, why?

A: You need to update your status, in order to make it fully working. Use this:

/msg nickserv update

  • Output: ''HostServ- Your vhost of hosthere is now activated''.
  • Output: ''NickServ- Status updated (memos, vhost, chmodes, flags''

Once you do that, you normally should have a fully functional vhost.

'''General Browsing Safety'''

''Basic Rule: Always browse in "Private Mode" so that fewer traces of your web history remain on your HDD. Opera, Chrome, Firefox, Safari, and Internet Explorer all include a form of Private Browsing.''

Using a free VPN will ensure your privacy in most situations online. If possible, use USB drives. You can nuke them if needed and if leaves no traces on your harddrive

Use a different VPN for each of your online personas. When checking real email accounts, FaceBook, use a different VPN than from the one you use for Anonymous activities.

Recycle your online accounts as needed. A virtual name is just that, something people use to refer to you in given situations.

When creating accounts, use VPN or TOR bundle, that will give a bogus origin as well and make use of the Throw-away-emails.

'''Useful (mandatory) plugins/extensions for Firefox'''

  • BetterPrivacy (Removes persistent cookies from flash stuff >> *.sol)
  • NoScript (blocks Javascript)
  • AdBlock Plus (blocks Ads) (Subscribe to Easylist and Fanboy's List)
  • Element Hider for Adblock Plus
  • Ghostery (tracking pixels)
  • TACO (More adblocking)
  • Redirect Controller
  • Refcontrol
  • WorldIP (know your country, know your rights)
  • Flagfox
  • GoogleSharing (GoogleProxy, i use it because Google is censored where i live, anonymizes the search) - Scroogle.org is also a very viable (and worthwhile) alternative
  • User Agent Switcher: Sends bogus browser identity to servers.
  • Optimize google: Allows to block loads of scum google uses to track searchs.
  • Outernet explorer (MacOS) : Searches for a whole pile of shit on the net every 10 seconds or so, ensures anyone tapping packets will have a hell of a time.
  • https://www.eff.org/https-everywhere: automatically loads https on a site if avaliable.
  • Scroogle SSL search (Google anonymously): https://ssl.scroogle.org

'''System Safety'''

''Basic rule: Security is a continuing process, not a state. Do audits on a regular and scheduled basis. And do encrypted backups. Backups are important, as there are two types of people, those who have backups and those who have lost their data.''

  • use the operating system you are familiar with (Linux and Unix are better though)
  • uninstall everything you not need
  • disable all remote tools
  • shred or encrypt /temp, /var/temp and all world-readable files
  • Encrypt your hard disk (Truecrypt : www.truecrypt.org)
  • Debian and other linux distros offer to encrypt the harddrive during installation. Use it.
  • Use a distro that boots from DVD/CD/USB
  • Never ever keep logs
  • Shutdown all unneeded services
  • Use a firewall
  • Public access points are perfect - just about. (correlating logins with CCTV could prove disastrous so security cameras should be avoided while using such 'free' services. Cyber cafés, Mc Donalds, and many companies offer Free internet access, remember though, not to surf those nets without a VPN and/or Tor.
  • Keep private keys (pgp/gnupgp) in a removable device, and that removable device away from curious eyes. Encrypt the private key before doing this.
  • Keep VPN certs away from curious eyes via removable device, or common hidden folders.
  • Never use the same users/passwords on reinstall. Take the time to create a new one each time. Use password generators.
  • BE paranoid. All rare activity in your computer must be checked and monitored. That will provide 2 things: knowledge once you identify it, and added safety.

'''Detecting potentially security flaws on *Nix'''

But be careful, if you don't know how to read Lynis' output, you'll become paranoid deluxe.

'''Scanner for rootkits, backdoors and local exploits on *Nix'''

Again, if you don't know how to read Rootkit Hunters output, you'll get paranoid.

'''Destroying data securely'''

'''Unix/Linux'''

To securely destroy data under *Nix you have some possibillities. The command shred -u overwrites singe files and deletes them finally, with wipe -rcf you overwrite and delete directories. Be carefull because the shredded/wiped data cannot be recovered.

Open a Terminal and type

  • shred -u
  • wipe -rcf

If you feel the need to wipe the whole harddrive, the command is as follows for IDE-HDs (/dev/hda is the first HD)

  • wipe -kq /dev/hda

For SATA and SCSI HDs you type (/dev/sda ist the first HD)

  • wipe -kq /dev/sda

If wipe is not available to you, you can use dd. (again the first HD)

  • dd if=/dev/zero of=/dev/hda
  • dd if=/dev/urandom of=/dev/hda

Use both commands, one after the other, if especially paranoid. Use them multiple times.

'''Mac'''

Anonymous' Privacy Pack for Mac users. It includes a Top Secret Docs secure Shredder & AES-256 Encryption tool (and some Design as extra stuff)

or

MD5 (Anonymous-MacPackage-Privacy.dmg) = 36e9ea524a86b94a451577ca46d3e15f

'''Windows'''

FAQ (in no particular order)

Q:Can you help us?

A:See http://www.anonops.ru/?id=contact or join irc.anonops.ru, join a channel and contact an operator. Or contact Anonymous on Twitter, Facebook.

Q:Do you guys have a website?

A:http://www.anonops.ru

Q:How do I know what's hot?

A:Lurk in the IRC channels or go to http://www.anonnews.org

Q:Is the news on Anonnews official?

A:Well, in some way, it is official, on the other hand, it is „official“ and on the third hand the more people support an operation, the more official it becomes.

Q:Why not attack that newspaper/TV/Radiostation?

A:Anonynmous does not attack media.

Q:That is no media! It only spreads lies and propaganda!

A:Freedom of speech counts for assholes too.

Q:But, but...

A:As Evelyn Beatrice Hall said, „I disapprove of what you say, but I will defend to the death your right to say it.“

In the words of Noam Chomsky: „Either you believe in freedom of speech precisely for views you do not agree with, or you do not believe in freedom of speech at all.“

Freedom of speech. Got it?

Q:What are DDoS and defacements good for anyway? It doesn't help the people.

A:DDoS is all about steering media's attention towards the problems of the people. If media takes notice, this will help the people.

The fine art of defacing a website is about sending a message to the people and the owner of that website. Besides that Anonymous provides the people with information and guides and software to circumvent censorship, also know as „The Care Package“

Q:What's in the Care Package?

A:Software like Tor Onion Router, a Circumventing Censorship Manual, more software, other guides and usefull stuff.

Q:Can you give me a How-To about building botnets?

A:Such how-to does not exist.

Q:I have seen this downloadlink in the channel, can I trust it?

A:Anonymous recommend to not trust links spread in the chans. The only trustworthylinks are those spread by Admins, Operators and those in topic.

Q:Some guy asked me in the IRC where I live and what my name is.

A:Do NOT provide personal information in IRC. Instead contact an operator and tell him what happened. Same goes for other suspicious behaviour.

Q:How can I join your club?

A:Anonymous is not a club.

Q:What is Anonymous?

A:Anonymous is a very general movement. It is not a group with fixed members or rigid objectives. It is a fluid movement which anybody can become part of, simply by participating. To become part of 'Anonymous' all you have to do is join in with some of Anonymous' activities.

Q:But how does that Anonymousthingy function anyways?

A:Best way to find out is, to join a channel, lurk around and get an impression of it. Anyone who thinks that the freedom of speech is a remunerative goal can fly under the flag of Anonymous.

Q:I am not a hacker, how can can I help you?

A:If you

  • can collect/spread information
  • can organize things
  • can make contacts
  • can provide insights
  • can share experiences
  • can push the ''IMMA FIRING MA LAZOR'' button
  • can write guides
  • can do artwork
  • can speak a foreign language and/can translate
  • ...

you can be helpfull.

Q:Is there a Hive???????????????????

A:1. N00b, look at the topic by typing /topic

  1. Probably not, but you don't need a hive, you can fire manually, as you wish.

Q:Where can I download LOIC???????????????

A:N00b, see topic in channel by typing /topic

Or go directly to https://github.com/NewEraCracker/LOIC/downloads

Q:What's the target??????????????????????

A:N00b, look at the topic by typing /topic

Q:Is the target down????????????

A:Got to www.watchmouse.com and ask there.

Q:Some guy keeps saying, there were danish girls in #channel.

A:This is obviously a lie, there are not girls on the internet.

Q:What is a netsplit?

A:A netsplit is Internet-Darwin doing evolution.

Q: Why can't I join the Anonymous' IRC when on Tor?

A:Because of some vandalism not looking at anyone, Tor is not allowed on Anon's IRC chans anymore. You may use I2P instead, for help ask a user named „munnin“.

Q:I am a Media-Guy, how can I contact you?

A:See http://www.anonops.ru/?id=contact or send an email to ''press@anonops.ru''.

Q:I am a Media-Women, how can I contact you?

A:Please see http://www.anonops.ru/?id=contact or send an email and pics to ''press@anonops.ru''.

Q:Ok, I am from the media and need to talk to Anonymous' spokesperson/leader/strategist then.

A:Anonymous has no leader, nor a spokesperson or strategist.

'''Some Links'''

'''Throw-away-emails'''

Use them for registering activist related email-/Facebook-/... accounts.

'''Portable Software'''

Portable software is software, that you can run from an USB drive, so that it leaves nearly no traces on your computer.

'''Proxies'''

You may use them in conjunction with a VPN.

'''VPN'''

'''I2P'''

'''Chat for more info about I2P'''

The channels #i2p, #i2p-chat and #irc2p are supported.

'''Tor Onion Router'''

'''Privacy Box'''

The PrivacyBox provides non-tracked (and also anonymous) contact forms. It is running primarily for journalists, bloggers and other publishers. But it is open for other people too. Think electronic mailbox.

'''Sending anonymous email'''

'''Free and uncensored DNS-Servers'''

  • 87.118.100.175 (Ports: 53, 110)
  • 94.75.228.29 (Ports: 53, 110, HTTPS-DNS, DNSSEC)
  • 62.75.219.7 (Ports: 53, 110, HTTPS-DNS, DNSSEC)
  • 87.118.104.203 (Ports: 53, 110, DNSSEC)
  • 62.141.58.13 (Ports: 53, 110, HTTPS-DNS, DNSSEC)
  • 87.118.109.2 (Ports: 53, 110, DNSSEC)

To see wether you're using them properly, open your browser and type http://welcome.gpf into the the adressbar. If you're using them you should see a website saying „''Congratulation You are using a censorship free DNS server!''“. Else, you failed.

If you're a hax0rz you can use a terminal. Open it and type nslookup welcome.gpf

this should result in the following output:

Non-authoritative answer: Name: welcome.gpf Address: 62.75.217.76

Else, you failed. (Else is General Failure's sister. Avoid meeting them at all costs.)

'''Send free faxes'''

(.pdf-capable; 2 free faxes when signing up for free trial, no credit card/payment details needed)

Bibliotheca Anonoma

Note: This wiki has moved to a new website. Please update your links.

Stories

Check the Workroom for content we're still reviewing.

Art

History

Books

Collections

Website Archives

Encyclopedia

Clone this wiki locally
You can’t perform that action at this time.