5250 Chaosbox - Telecomix Crypto Munitions Bureau


From Telecomix Crypto Munitions Bureau

Jump to: navigation, search

A chaosbox is a completely free machine. No laws can be applied because its difficult to know the ownership of the box. It is, in essense, a lawless territory.


[edit] Get your hands on a chaosbox

There are multiple methods to create chaosboxes. The simplest method is to just install Linux/*BSD and perhaps make an anon shell box.

Other methods are..

[edit] Anonymous credit card + Tor (buy a VPS)

This can be a bit more difficult than it sounds, but is perfectly doable - the worst case scenario is that you'll have to use your card to buy pizza instead.

  1. Go and get some cash.
  2. Head to a convenience store (PressbyrÄn, 7-Eleven, etc.) and purchase a prepaid credit "gift" card (Visa Gift Card, etc.).
    • Be advised that many such cards only allow transactions denominated in the currency you purchased it in, which may limit your choice of VPS services. Some VPS providers offer multiple choices of currency, either via their Web site or by request.
    • If you're concerned about being identified via security camera footage, consider waiting about a month and hope the tapes have been erased/overwritten by then, or perhaps make a pact with some random stranger to go and buy the card for you.
  3. Acquire an anonymous Internet connection.
    • Locating and using a public hotspot or some other open/crackable WiFi network is your best bet. Altering your WiFi adapter's MAC address is recommended, especially on a commercial hotspot.
    • Alternatively, launch Firefox with Torbutton turned on (e.g. through the Tor Browser Bundle). Be advised that many VPS services and/or payment processors hold/reject transactions coming from Tor nodes, so this should only be done as a backup plan.
    • You'll have to repeat this for each payment for the VPS. If you're especially paranoid, never use the same network twice.
  4. Go to some shady VPS service and get yourself a VPS with your shiny new credit card.
  5. Log into your VPS via SSH, proxied through Tor.
  6. Install Tor on the VPS and configure it to host your SSH server as a hidden service. Read /etc/tor/torrc or /usr/local/etc/tor/torrc for more info.
  7. Do whatever you want. Host any material you want.

Rule #1 is to ensure that no chain exists from the VPS back to your identity. Never interact with the VPS provider, payment processor, or VPS itself using a connection or account that could identify you personally.

[edit] Sneak some of your own machines into the corporate HQ!

  1. Follow the instructions at svartkast.
  2. Bonus points if you target government/military installations.

[edit] Crack into someones computer

If you feel like being a scriptkiddie and has no problems with the morality of using random peoples computers for your own purpose, you can do this. it is MAYBE more easy than you think.

[edit] Use your imagination!

Be creative and use those urban guerilla tactics of yours :)

[edit] Staying anonymous

  1. Erase all log files. Symlink them to /dev/null
    • ln -s /dev/null /var/log/wtmp
    • ln -s /dev/null /var/log/user.log
    • ln -s /dev/null /var/log/lastlog
    • ln -s /dev/null /var/log/auth.log
    • etc.. depending on what you have installed

Some of these files will regenerate after each reboot (or daily!). Please consider having a script that removes them and then symlinks them to /dev/null, or disable cron entirely.

[edit] script

rm /var/log/wtmp /var/log/user.log /var/log/lastlog /var/log/auth.log /var/log/apache2/access.log /var/log/apache2/error.log
ln -s /dev/null /var/log/wtmp
ln -s /dev/null /var/log/user.log
ln -s /dev/null /var/log/lastlog
ln -s /dev/null /var/log/auth.log
ln -s /dev/null /var/log/apache2/access.log
ln -s /dev/null /var/log/apache2/error.log

Example: Name the script "nologs" and put it in your "/etc/init.d/" directory (dont forget to make it executable). Then symlink it to "/etc/rc.2/S99nologs". That way it will be executed every time your computer reboots.

Experiment with it and make sure that it actually cleans up all logs.

[edit] Home folder?

In your home folder there might be files that endanger your anonymity.

at least .bash_history (or similiar files) should be removed and symlinked to /dev/null.

[edit] Running processes

Just remember that if anyone would gain access to your chaosbox (without having to reboot it), they could view all the processes running on it. Install htop and keep an eye on all the programs that are running. Dont let too personal stuff be easily viewable.

[edit] See also

Personal tools
1 0