A
N
O
N
Y
M
I
T
Y
reverser's
Things that happen





Reverser's Nofrill
Web design
(1998)
 

updated
December 1998
noanon
Reverser's Anonymity Academy

Things that happen

(Reverser's advices for the careful ones)
~
On this page
Thou shallt not sacrifice thy son!
How quick do you read what?
Email tracking and PGP
Deleting sensitive files
Digital_Id invaders: VeriSign
Cookies invaders: DoubleClick
Active_x invaders
 

Other related pages of my anonymity Lab

[
corporate survival] [stalking matters] [enemy tracking]
[steganography] [What Reverser knows about you] [Tweak your browser!]
[Anonymous e-mailing] [Anonymity Lab]

Things that happen


I thank Lutz Donnerhacke (ccc-Jena) for a lot of what follows


Thou shallt not sacrifice thy son! (How many beers drank Gerhard SchrŲder last Saturday?)
Don't ever think that anonimity is just an 'Internet' stuff. Make a small experiment (I did it). Use your real address and the real name of your 4-years old son and book one of those Reader's Digest (or whatever) bogus advertisement. Of course never pay for anything, let it just die out. The interesting thing happens after a short while: your letterbox begins to be filled with OTHER advertisement and ads-campaigns directed to your son. They have passed the data around.
This is a common practice among the bastards: they integrate reciprocally their databases with the most complete possible data about you (and if you use one of those 'super-advantage' supermarket cards they will know also how oft you cry ~ go to the toilet ~ sleep ~ wash your teeth and so on).
Another example: 'outsourcing' means that many data that you believe you are giving to your doctor ~ insurer ~ railway company ~ rent-a-car society ~ frequent flyer schema (and so on) are in reality elaborated by just ONE huge (mostly american) company (let's say Electronic Data System just to make a name :-) don't think the amis will really need a lot of CIA to know exactly how many beers the German Chancellor (or whoever else) drinks on Saturday...

How quick do you read what? (Ever wondered why there are free email services?)
On the web you leave a lot of traces, as you'll be able to see [here], every server you are using to access the web has an IP-address that will be logged together with exact information about WHATEVER YOU DO on a page. Yes: how long you looked at it, where did you come from, which links you clicked onto and so on... there are some (weak) counter measures that you can take see [here], but overall it would be fairly easy to understand exactly what your real interests are if deemed necessary. Now, you'll say, noone is going to go after me! Nice attitude, you'r not Paranoid, yet this does not mean that they are not interested in your data nevertheless. The data you are smearing around are collected, because they are useful per se or, more often, because they MIGHT be useful if inserted in a data mainstream. Did you ever wonder WHY there are free email-services on the web? I see the light of understanding sparkling inside your eyes... yes! The sheer amount of data that can be gathered through somebody as huge as AOL (or somebody as visited as Altavista) is incredibly interesting for data evaluation, data merchandising, targeted advertising, insider trading and even maybe for simple denunciation (or collaboration) purposes with the power that be. In systems like ours, Ķ where the political oligarchy is elected by the small part of the population that care to vote, mostly on the base of some televisive crap or on the basis of some "info" that has been obviously concocted by their very masters for personal gain purposes, the sheer POWER that the abovementioned data can represent gives me the creeps. Forget obsolete means like the "Bild-Zeitung" or "the Sun", the new methods to control the slaves are much more refined.

Email tracking and PGP
As you can learn [elsewhere] on my site, it is relatively easy (if time-consuming) to track an email (even if forged). Not only does the header itself, mostly, deliver quite exact information about the provenience of the mail (IP-path and timezones), but all server through which the email went have gathered all traces onto their own loggings, with the exact message-ID of the email that you are targeting. That's how spammers and small trollers are caught, btw. Here you go with some ID-examples of a single email I have received to-day (as you all can see through the timestamps it went from the States to the European Union early this morning)
Received: ...with SMTP id 6DZA8ABF; Tue, 8 Dec 1998 05:10:49 +0100

Received: ...with SMTP id <28477>; Tue, 8 Dec 1998 05:09:16 +0100

Received: ...with local id 0xlFgz-0006w6-00; Tue, 8 Dec 1998 05:29:13
+0100

Received: ...via SMTP by fvial id smtpda31528; Tue Dec  8 05:29:05 1998

Received: ...with ESMTP id GBA11095
          for <fravia@nospam>; Tue, 8 Dec 1998 05:08:04 +0100 (MET)

Message-Id: <199812080508.GBA11095@hydra.accu.uu>

Received: ...with SMTP id <0.6AB1C5D0@iris.itcs.nwu.edu>; Tue, 8 Dec
1998 0:04:41 -0400
          Date: Tue, 8 Dec 1998 05:06:35 +0100

When stalking this specific target you would use the Message-Id: <199812080508.GBA11095@hydra.accu.uu> performing your queries to the various servers, in order to check their loggings... Since email is passed around IN CLEAR, you would be well advised to ROUTINELY USE PGP. I know that I myself am not following this advice nearly often enough, yet I believe I'll begin to do it soon. The level to which the automated email sniffers have arrived is getting quite disturbing.
So send your mail encrypted with PGP. It's simpler as you may fear. Set a 4096 bit encryption if you'r truly parano. NOBODY cracks this! (1024 bit is considered Military Grade) Not the NSA, certainly not some wannabe electronic PIs. How powerful is PGP? Hear: "If all the personal computers in the world -260 million- were put to work on a single PGP-encrypted message, it would still take an estimated 12 million times the age of the universe, on average, to break a single message" (Crowell, Deputy Director of the National Security Agency, in March 1997.
Fact is PGP won't be cracked by any brute-force attack. Not in your lifetime. Want to read about how tough it is to crack PGP? http://www.stack.nl/~galactus/remai lers/index-pgp.html
With PGP you can create e-mail that only your recipient can read, encrypt documents on your hard disk and more. Start here : http://www.ifi.uio.no/pgp/
If you use PGP, take care: PGP 2.6.3. is still probably the best choice, since PGP versions over version 5, tough easier to use, have a special 'mitsniffer' function built within that will allow third parts to read your encrypted emailings. (A sad world, isn't it?)

Usenet postings
Usenet postings are de facto 'public' emailings. Anyone can peruse them, and dejavue (and other depots) allows you to quickly search through millions of them, as you'll be able to learn [here].
On every usenet posting there are a couple of lines that can be useful in order to gather information about the poster:
Path:  news.reference.com!arclight.uoregon.edu!wn4feed!worldnet.att.net!
       128.230.129.106!news.maxwell.syr.edu!news.alt.net!usenet
From:  mdmedis@earthlink.net (MdmeDis)
Newsgroups:  rec.games.computer.ultima.dragons,rec.games.computer.ultima-dragons
Subject:  Re: Attn: Carly
Date:  Thu, 3 Dec 1998 21:10:37 -0500
Organization:  Altopia Corp. - Usenet Access - http://www.altopia.com
Lines:  71
Message-ID:
References:      
X-Newsreader:  MicroPlanet Gravity v2.10
Xref:  news.reference.com rec.games.computer.ultima.dragons:58379

You see the path line? That's almost the same as for a normal email, you can read there all the servers that have brought this article until reference.com (where I have fished it).
Even the browser your target's using can deliver you some clues (MicroPlanet Gravity v.2.10? Forte Free Agent? Forte Agent 1.5/32.451?) In the last case a very honest lemming (uses windows and has paid for his registrated full-version of Forte) we could target for windows advertisment... in the hope we have not found a reverser that has cracked his version!


Deleting Files
There are many utilities out there, whatever you decide to use, set it to do a dozen overwrites of random zeroes and ones. Be aware of the fact that -if anyone can physically access yopur computer- it is always possible to understand ('feel') if the bit that AT THE MOMENT CARRIES A ONE HAD A ZERO OR A ONE BEFORE! A small charge residuate is in fact persistent over the first (and may be even the second) delete... overwrite a dozen times, as I said then, after you have erased your sensitive files this way, repeat the process erasing all free space on your "real" hard disk (as you may have [read], you should always use TWO harddisks: the 'innocent traveler' one and your 'real' one).
Do your burning twice for good measure, then defragment the disk.
Considering that the sensitive files were PGP encrypted to start with, I just hope that nobody will ever be able to read those files.
Another issue is the creation of the original file, the one you are going to encrypt. Would traces of it, pre-encryption, be hanging around? Possibly. So never create them by writing them to your hard disk. Use a floppy. Create and save files to a floppy, encrypt it, then transfer it to the hard disk. No trace of the thing pre-encryption should ever exist on your hard drive.
The floppy? Burn it. Literally. Turn it into ash.
Floppies are cheap, and there are enough people giving away disks with trial software out there to fill your needs. You probably have dozens of AOL disks sitting around. Many old games I had on floppies have gone to Magazine's CDs (and can be bought for next to nothing in all good second-hand shops), and there are still folks out there promoting their services on 3.5" disks...
You decode a binary, base 64, file using your preferred decoder. Little do you know that a copy of the original file is stored somewhere, often inside the Preferences folder in the System folder. Burn 'em. Browser Global History? Burn it. Cache? Set it to zero. Anything shows up there, burn it.
In Netscape, it is fairly easy to disable much of the functionality of Cookies, by making the cookies.txt file "read only" (PC). Else replace the File MagicCookies with an empty folder with the same name in your Netscape Preferences folder (Mac).
This will allow you to visit sites that ban cookies disabled visits, and yet you'll write no cookie! And while your in there, burn your Global History file. And set your cache to zero, you get a fresh copy of each site you visit and no record of where you've been is written to your disk.
And try to visit sites via a proxy site. The Anonymizer is good, but many sites are refusing access to visits originating from there. A little research will turn up some [proxy sites] you can go through :-)

Digital_IDs invaders: VeriSign

(Thanks to Casey Lide for this info, you may want to visit The Internet Legal Practice Newsletter)

Despite some misleading statements by VeriSign, a web site can choose to have Digital IDs automatically transferred, with no involvement or choice from the end user whatsoever. Digital IDs can be customized and added to, and are, in effect, tools to facilitate the creation of consumer marketing profiles. VeriSign is (perhaps primarily) a database marketing tool. Itís not about consumers verifying that theyíre who they say they are so that they can make point-and-click purchases online Itís the gathering and distribution of information about the consumers themselves, and the existence of an elaborate framework of strategically aligned companies poised to capitalize on it, while the producers of the information (the consumers) remain ignorant of the whole practice. Why are Digital IDs used? Here the words of the commercial bastards themselves, you'll easily reverse their real meaning: "Since the information fields in Digital IDs are customizable and extensible, you can also more easily track user activity to acquire more precise demographic information about your customers, and more accurate readings on the effectiveness of web site marketing or other online promotions... Digital IDs provide a unique identifier for each user that you can use to . . . personalize the information or advertising displayed to a user, match behavioral patterns with a userís profile. . . . You can even link a visitorís Digital ID to customer-specific information, such as purchase history, that resides in your database. These Digital Id's are something more than cookies: accomplished by Verisign through several companies, strategically aligned with VeriSign, which exist solely to "offer the following products and services (to webmasters): tracking and analysis of web site traffic; demographic and psychographic profiles of web site visitors; servers for targeted advertising and web content; and comprehensive 1:1 marketing capabilities.
So now you understand WHY there are so many 'free' trackers, counters and messageboards around. Man I could puke :-)
So how is this done? There are two aspects to the Digital ID infrastructure which are probably unknown to the average end user who signs up. First, there are functionally no limits on what a Digital ID can contain, and there is no guarantee that the end-user has absolute control over whatís contained in his own Digital ID. They can be customized and extended upon (though, by whom is not entirely clear). Second, there is an elaborate hierarchy of IAís (Issuing Authorities) and LRAís (Local Registration Authorities) and CAís (Certificate Authorities) and PCAís (Public Certificate Authorities): VeriSign, Inc. is at the root, while the end-user is the leaf at the end of the branch. A hierarchical structure such as that, while perhaps necessary for the "web of trust" model of authentication, also lends itself to the use of early artificial intelligence technologies. The unrestricted practice of database marketing/datamining -- and consumer profiling -- relies heavily on similar technology. This hierarchical structure should be closely watched.
Personally, as EU-citizien, I would like to know HOW exactly the European Union is implementing its Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data... and its Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector. Probably, as usual with good European legislation, some of the more commercially corrupt Member States and/or more feudally managed regional areas of the Union (like Catalonia and Bayern) are grinding all wheels an playing all possible dirty delaying tricks in order to AVOID any implementation at all costs (because defending the privacy of their citiziens would be tantamount to an heavy attack towards many of their commercial friends (and supporters) and, moreover, to some strong American interests, since most of these snooping services are based in the States). These developments should be closely watched by all reversers IMO.

Let's go over to our cookies and to DoubleClick.


Cookies invaders: DoubleClick

The king of the privacy invaders: DoubleClick seems to be up to some new tricks these days.
Double Click is the outfit that tracks your movements on the internet, and makes sure you receive an ad banner, etc --- wherever you visit --- that they have determined should be "of interest to you" --- based upon their data base of your browsing habits.
Ok, here's what you'll do right now: have a look at your folder windows/cookies. Do a grep search for your REAL email address. Chances are that you'll find it inside some cookie. Scared? That's nothing, those are the OLDER ones, that did not even care to encrypt your data... Now do a grep search for doubleclick... here is one of them:
id
61b8610f
doubleclick.net/
0
1868938761
13583431
0046757619
29692000
*
But there will be more occurrences, of course.
Well, ole Double Click now has the ability to target ads to you based upon your telephone area code used in your internet telephone connection.
Further, one of the shortcomings of "Cookies" as used by Double Click, is that while the Cookie will identify your computer on a particular site --- if you do not visit that site again for weeks or months --- the Cookie is of little use to Double Click. Therefore, beginning next year (1999), Double Click is reported to be installing special snooping software that will identify your computer wherever it goes --- weeks and months after an original Cookies may have been placed on your computer by Double Click for a particular site. The Cookies placed by Double Click will apparently no longer be site specific -- but rather specific to your computer --- and apparently, to your name --- so your movements on the WWW can be monitored wherever you go --- whenever you go there.
Once again, it is the ubiquitous Cookie that makes all of this possible. As we said, in Netscape, it is fairly easy to disable much of the functionality of Cookies, by making the cookies.txt file "read only", but there is a very simple solution to permanently block cookies silently on nearly any browser. You'll just need an hex-editor.
Watch it... all the following tricks are still experimental, depend on many variables and may not apply for all type of browsers. Moreover the following tricks could damage your software. Use at your own risk and only if you know what you are doing. On the other hand... what's life without reversing a little? :-)
You load the browser's executable into the editor, and search for the string "set-cookie" (it might be in uppercase). Once you've found it, alter it by changing some characters. Simply overwrite them. For example, you could change it to "no-cookies". Then save (and use) the altered file.
Now instead of looking for "set-cookie" in the http headers your browser will be looking for "no-cookies". When a site sends a cookie it will send "set-cookie" in the httpd headers, but your browsers will no longer recognize that as the code for a cookie. Instead the cookie header will ignored. No requester, no cookie :-)
Another trick you can use with the Trumpet winsock dialer: in the directory under which Trumpet winsock was installed, there is a file named HOSTS. Simply add the following two lines to the file :
   127.0.0.1  doubleclick.net
   127.0.0.1  ad.doubleclick.net

This trick completely blocks any connection to doubleclick, so neither coocky exchange will take place nor the ad will appear on the web page.
Another possible trick is to write a small batch file that you'll use to launch your browser, say something like
rem reverser's cookiesmasher
c:\
cd windows\cookies
del *.*

This is NOT as good as removing all cookies for good (since the various commercial bastards will start pumping cookies back as soon as you visit them) but it has a couple of advantages:

Active-x invaders
Javascript is relatively innocent, yet you may be able to use it to defend yourself from idiotical commercial ads, see the banner killer script at greythorne's. Java runs inside a Sandbox, yet ActiveX (Micro$oft's crap, as usual) can access ANYTHING that you have on your PC.
Active-x controls are PROGRAMS, that you load, install and start onto your own PC. Such executable code, including unauthorized ActiveX code, can do just about anything it wants, from reading and writing files to installing software, such as games, or viruses.
It is relatively easy to use them in order to check the serial numbers of your software or to exchange data with a bank.
In theory Micro$oft's "Authenticode technology" for verifying the origins of software components could try to block evil applets from accessing a user's PC, since the evil applet would not contain an identifying digital signature. Alas this 'technology' is very easy to reverse and, moreover, the whole Active-x certification bazaar does not make much sense, since European certifications are NOT allowed by Micro$oft, as a consequence the (very weak) certification protections are not even implemented on most browsers. The problem isn't just downloading evil code, it's also downloading bozo code, if a black reverser can get ahold of an ActiveX component installed on your box, he could give it arguments and it would toast your machine.
Particularly evil crackers (of the 'black' stream) 'fish' everyday poor unsuspecting active-x-enabled lamers and throw all sort of crap inside their PC. A particular malevolent attack is that if their control find Quicken, it would NOT just issue a transfer order and add it to that application's batch of existing transfer orders (following the ccc-people famous example), but it would try to change all "0x33", (that's the number 3, duh) into "Ox38" (that's the number "8", duh) inside all Excel and Word files (luser will have them if he is lemming around with Windoze). Remember when you tricked with your pencil a 3 into an 8? Think what will happen as soon as the bank-employees of YOUR OWN bank (or railway, or hospital) will fall for that... :-(
A good reason to choose banks, railways and hospitals (and everything else) that DO NOT use Micro$oft browsers and products... I know it's getting [more and more unlikely], but there's no reason I shouldn't add my own pebbles to the M$-demise nevertheless :-)
You should consider disabling the ActiveX capability in your browser or using a browser such as Opera, or Netscape Navigator, which does not support ActiveX. Setting to maximum the 'security' feature of your M$-browser is NOT an option, btw, since it is pretty easy to create a link to a small applet that will MODIFY it if needs be.

Other related pages of my anonymity Lab

[corporate survival] [stalking matters] [enemy tracking]
[steganography] [What Reverser knows about you] [Tweak your browser!]
[Anonymous e-mailing] [Anonymity Lab]
Reverser's main

redhomepage redlinks red+ORC  redstudents' essays redcounter measures
redbots wars redantismut CGI tricks redacademy database redtools redjavascript tricks
redcocktails redsearch_forms redmail_reverser
redIs software reverse engineering illegal?

red(c) Reverser, 1995, 1996, 1997, 1998. All rights reserved, in the European Union and elsewhere