Britain was plagued by the Coraniaid who could not be injured because their hearing was so sharp that they could hear any sound that the wind carried. It was by using a Brass Horn that Llefelys was able to securely communicate to his brother Lludd how to defeat the Coraniaid.
One of the stated goals of the organisation is to provide UK centric Tor relays and bridges (especially obfuscated bridges) to enable those in the UK to browse an uncensored Internet at relative speed to their native connection.
At the moment the team is working on a new version of the PacketFlagon.is software to release under the BSD license.
David Cameron recently said in a speech that he would deny potential Terrorists a safe space on the Internet to communicate;
The obvious problem here is that everyone is a potential Terrorist so what David Cameron is actually promising that he intends to legislate against anyone having a means of communication that is secure from Government interference.
We’ve seen that GCHQ and the Police have abused (or just plain broken) laws in order to spy on Journalists, Lawyers and other innocents, the Government can not be trusted with these powers.
It was reported today that Theresa May is intending to introduce new measures requiring Internet Service Providers to keep data that identifies online users.
Obviously most ISPs will retain some information such as the authenticated credentials, IP issued (if DHCP or similar) MAC addresses of the modem etc but the article doesn’t make it clear exactly what information ISPs are to be ordered to retain. It’s likely to be the public IP and possibly the NAT ports if the ISP is using CGN.
The only mention of retention is in regards to the original snoopers bill.
Between this website, the DRIP websites and RoutingPacketsIsNotACrime certain IPs kept appearing and a bit of research showed that these might be Police IP addresses so a Freedom Of Information Request was sent.
Unfortunately the Police denied the request for reasons of National Security and so as not to compromise “ongoing investigations” but given that the surveillance state has continued to grind forward let’s even the playing field a little bit;
Response to the Freedom of Information Request
Section 1 of the Freedom of Information Act 2000 (FOIA) places two duties on public authorities. Unless exemptions apply, the first duty at Section 1(1)(a) is to confirm or deny whether the information specified in a request is held. The second duty at Section 1(1)(b) is to disclose information that has been confirmed as being held. Where exemptions are relied upon s17 of FOIA requires that we provide the applicant with a notice which: a) states that fact b) specifies the exemption(s) in question and c) states (if that would not otherwise be apparent) why the exemption applies.
City of London Police can neither confirm nor deny that it holds any information relevant to your request as the duty in s1(1)(a) of the Freedom of Information Act 2000 does not apply, by virtue of the following exemptions:
- Section 24 (2) National Security
- Section 30(3) Investigations
- Section 31(3) Law Enforcement
Information is exempt by virtue of section 24 where the exemption is required for the purpose of safeguarding national security. The duty to confirm or deny does not arise if, or to the extent that, exemption from section 1(1) (a) is required for the purpose of safeguarding national security. This is a prejudice-based exemption and the potential harm in confirming or denying that the information is held or not held is detailed below. It is also a qualified exemption subject to an assessment of the public interest and the factors favouring confirmation and non-confirmation that the information is held or not held are listed below.
Information is exempt by virtue of section 30 where it has, at any time, been held for the purpose of an investigation. The duty to confirm or deny does not arise in relation to information which is exempt by virtue of this section. This is a class-based exemption and it is not necessary to demonstrate the potential for harm to occur. It is however a qualified exemption subject to an assessment of the public interest and the factors favouring confirmation and non-confirmation that the information is held or not held are listed below.
Information is exempt by virtue of section 31 where its disclosure would, or would be likely to prejudice the prevention or detection of crime, the apprehension or prosecution of offenders, or the administration of justice. This is a prejudice-based exemption subject to the identification of harm, which is detailed below. It is also a qualified exemption subject to an assessment of the public interest and the factors favouring disclosure and non-disclosure are listed below.
Identification of harm – s.24 and s.31
Confirmation or denial that the IP addresses mentioned are owned by the Police Service could affect the Police’s ability to effectively carry out operations and investigations as well as compromising the security of the United Kingdom.
Confirmation or denial of this information could be used to plan and execute an attack on police systems. Such attacks are not often ‘frontal attacks’, but rather are iterative in nature where attackers test a number of approaches over a period of time. As such, even discrete elements of a force IT platform could provide enough information to formulate an attack. IP addresses are not publicly available, and would normally be hidden behind layers of security. The information could be used to gain access to force systems, and affect the Police’s ability to carry out its core functions which would then have implications for National Security.
Factors favouring confirmation or denial – s.24
The threat from national and international terrorism is ever present and the public are entitled to know how the police operate. In the current financial climate of cuts and with the call for transparency, confirmation or denial would enable improved public debate.
Factors against confirmation or denial – s.24
Confirmation or denial cannot be in the public interest if ongoing or future operations or investigations to protect the security of the United Kingdom would be compromised as outlined in the identification of harm paragraph.
Factors favouring confirmation or denial – s.30
Confirmation or denial would highlight where public funds are being spent and where resources are being distributed within a specific area of policing which would reinforce the City of London Police’s commitment to openness and transparency.
Factors against confirmation or denial – s.30
Confirmation or denial would identify the current status of an ongoing investigation. Revealing the details requested could hinder the prevention or detection crime as the investigation could be prejudiced by disclosing details into the public domain before the investigation has concluded.
Factors favouring confirmation or denial – s.31
Confirmation or denial would show which IP addresses are used by the police service and (by way of version numbers) reassure the public that these systems are up to date.
Factors against confirmation or denial – s.31
Confirmation or denial cannot be in the public interest if ongoing or future operations or investigations would be compromised as outlined in the identification of harm paragraph.
Balancing the public interest
On review, there is very little to indicate that the public interest would be better served by confirming or denying the information is held. The public rightly expects the police service to ensure that all of its systems are secure so that the information it holds maintains its value and integrity. Confirmation or denial would be detrimental to these aims and therefore, at this moment in time, it is our opinion that for these issues the balance test for confirming nor denying that information is held is not made out.
No inference can be taken from this refusal that information does or does not exist.
The First Thread
The first IP addresses that piqued our attention were 18.104.22.168 and 22.214.171.124 so lets see what ASN they belong to and what the RIPE description is; inetnum: 126.96.36.199 - 188.8.131.52
descr: AML PID 739647
status: ASSIGNED PA
source: RIPE # Filtered
role: CW Hosting Centre Park Royal
address: 900 Coronation Road
address: NW10 7PQ
remarks: trouble: firstname.lastname@example.org
source: RIPE # Filtered
Well there’s the first clue, we know that the National Policing Improvement Agency signed a deal with Cable & Wireless to provide elements for the national communications network (a.k.a PNN3) so we’re onto a good start.
The Overlooked Vector; DNS
Hurricane Electric provide a brilliant service at http://bgp.he.net/ which allows you to see a variety of information about IP blocks including ASN, RPKI status and forward/reverse DNS.
AS1273 184.108.40.206/16 Cable & Wireless UK P.U.C.
AS1273 220.127.116.11/20 Cable and wireless Internet-NET
Looking at the more specific announcement we can see a variety of interesting Police National Network DNS records; 18.104.22.168 pnn-gw6.pnn.police.uk
Delving into SMTP
We’ve seen mail.pnn.police.uk before because the FOI response was sent from within PNN3 so the SMTP headers probably have some interesting information; Received: by 10.216.16.73 with SMTP id g51csp220108weg; Mon, 13 Oct 2014 07:16:17 -0700 (PDT)
X-Received: by 10.194.21.193 with SMTP id x1mr2053266wje.135.1413209777204; Mon, 13 Oct 2014 07:16:17 -0700 (PDT)
Received: from mail.pnn.police.uk (mail.pnn.police.uk. [22.214.171.124])
by mx.google.com with ESMTPS id hu8si1814120wib.9.2014.10.13.07.16.16
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Mon, 13 Oct 2014 07:16:17 -0700 (PDT)
Received-SPF: none (google.com: email@example.com does not designate permitted sender hosts) client-ip=126.96.36.199;
Authentication-Results: mx.google.com; spf=neutral (google.com: firstname.lastname@example.org does not designate permitted sender hosts) email@example.com
From: xxxxxx xxxxxx
Subject: REQUEST FOR INFORMATION REF: COL/14/714 (NOT PROTECTIVELY MARKED)
Thread-Topic: REQUEST FOR INFORMATION REF: COL/14/714 (NOT PROTECTIVELY MARKED)
Date: Mon, 13 Oct 2014 14:16:15 +0000
Accept-Language: en-GB, en-US
x-officeenforcer-classification: NOT PROTECTIVELY MARKED
X-ACL-Warn: X-Virus Scan: F-Secure 9
So from this we can see that the Police use the 172.16.0.0/12 RFC1918 addresses internally and elements of 188.8.131.52/24 are definitely used by the Police.
Hardly obscured by “layers and layers of security”.
Nailing down 184.108.40.206
Whilst there is HTTP traffic coming from 220.127.116.11 it doesn’t have any registered reverse DNS which could indicate it is not a normal egress gateway (or someone is lazy – hanlons razor).
A quick search finds that this IP address is certainly busy; leaving a comment here, in wikileaks, activity on the British Transport Police wikipedia page, some form of request from a Crime Prevention Adviser, an old reverse DNS lookup referring to NWIS and someone lists on old whois record;
inetnum: 18.104.22.168 - 22.214.171.124
status: ASSIGNED PA
source: RIPE Filtered
role: CW Hosting Centre Park Royal
address: 900 Coronation Road
address: NW10 7PQ
remarks: trouble: ***@cw.net
It’s fairly safe to say that 126.96.36.199/24 and 188.8.131.52/24 are in some way related to the Police.
Before issuing the Freedom of Information request our servers were crawled / visited every day by these IPs.
It is still possible to anonymously purchase on-line resources which will be useful for those wishing to frustrate Internet surveillance, evade Internet censorship or blow the whistle on something without risking the exposure of their identity.
Finding a pre-paid card that can be purchased in cash with no questions asked is trivially easy, any card or gift shop is likely to have them interspersed with Starbucks gift cards etc.
For this example we’ll choose a £50 VISA card which once you get to the till will actually cost £53.95. Hand over your cash and walk out of the door.
As you leave swing by a Three, EE, O2 or Vodafone store and buy a pre-pay data SIM. Three have a 1Gb SIM for £7.50, buy it with cash and walk out of the store.
By now the VISA card will have activated and should be good to go.
For extra anonymity you may wish to visit a local pawn broker like Cash Converters or CEX and acquire a phone, tablet or laptop so that the IMEI you use with the newly purchased SIM is not one that has previously been tied to your identity.
Open up your VISA card and you’ll notice it has an expiry date, the CVV code on the signature strip and the usual 16 digit credit card number.
Setup your 3G connection, optionally install TOR to bypass any ISP restrictions that may be present then navigate to your VPS provider of choice. I’d suggest DigitalOcean.com but there are many others.
Signing up for an account is easy, put in an email address and a password (the email address will have to be a real one as it needs to be verified and it’s where your root passwords are sent but try signing up to something like HushMail.com).
Once logged in you’ll be asked to verify your billing details;
Now it’s likely that your use of TOR and a prepaid VISA card will trigger anti-fraud protections; the account will be locked and a support ticket will be raised asking you to identify yourself
The people at DigitalOcean are very good and if you adequately explain your motivations (be it running a website you’d rather not have your name attached too, as a proxy for privacy etc) they are likely to accommodate you without requiring copies of ID or a credit card number tied to your identity. DO NOT ABUSE THEIR TRUST.
Within a few minutes the account will be unlocked and you can launch your virtual machine.
If you login to the VISA pre-pay system you’ll be able to see if the pre-authorisation passed and that you’ll be able to continue paying for your server resources.
You can now host your whistle-blowing blog, a critique of public policy or just use it as a proxy safe in the knowledge that there is virtually no trace back to your true identity.
Do not abuse this ability to do hateful or illegal things, the VPS provider may not be able to identify you but they will shut you down and may even choose to shutdown all other accounts that appear to be of a similar profile to yours. Your actions could prevent someone who genuinely needs this anonymity.
As mentioned on our Top Ways to Avoid Filters page the Onion Router Project (better known as TOR) excels at bypassing censorship technologies such as the Sky Broadband Shield, the TalkTalk filters, BT Parental Controls and even the Great Firewall of Cameron China whilst at the same time offering almost perfect anonymity.
TOR is an excellent choice for any would-be whistle blower, political journalist, privacy advocate, vulnerable adult or any other person who wants/needs unrestricted Internet access.
TOR is no more a tool for criminals than a kitchen knife or a car, much like encryption the more it is used by normal people for normal day-to-day tasks the better the protection for everyone by making it more expensive for nation states to perform blanket surveillance and Internet filtering.
This post will show you how to download and install the TOR client (which is easy) whilst also ensuring it’s the real deal and hasn’t been interfered with by your ISP or other malicious actors.
The best place to download TOR is from the projects own website here: https://www.torproject.org/download/download-easy.html.en(note the https). You should also do whatever is necessary to acquire the signature file which can be found by following the link labelled sig(underlined in red below) on the download page.
The download is also available on this website by clicking here and the signature for this download is reproduced below.
At this point you could just install TOR and trust that everything is OK but in this day and age you should really make sure.
Verifying the Download
At this point you should go off and read about GnuPG on Wikipedia and consider reading the GnuPG manual so you fully understand why we’re about to do what we are going to do.
As we’re on Windows (you should consider trying Linux even if it’s only on a live boot CD/USB) we need to install GPG4WIN which can be downloaded here: http://gpg4win.org/download.html. Pay close attention to the SHA1 checksum you will need that shortly.
Luckily the Microsoft download will be signed and certified by a certificate already embedded in the OS so go ahead and install it, you should see that the publisher is “Microsoft Corporation” and if you click the blue text you should see a confirmation that the Digital Signature is OK;
Once extracted to a useful location (preferably the same place you downloaded the GPG4WIN installer to) execute the following command;
fciv.exe -sha1 gpg4win-2.2.1.exe
This will generate the SHA1 hash you noted earlier in a manner similar to that below, if the two hashes do not match exactly then something is wrong.
Now (assuming that the hashes match) we need to install GPG4Win, for added security you can ensure that the certificate is also genuine for the installer by clicking More Details then Show information about this publishers certificate. The default GPG4Win installs options should suffice;
Once installed load up the GNU Privacy Assistant or GPA from the All Programs > Gpg4Win section of the start menu. GPA allows you to import the public keys of the TOR developers who signed the TOR installer to guarantee that it is genuine and hasn’t been tampered with.
If it does right click on her key and select Sign Key, this indicates that you trust this key for encryption and importantly for our purposes any signatures made.
You’re now ready to confirm if the TOR download is safe to install. Navigate to the location where you saved the TOR executable and the signature file, right click on the installer and navigate to More GpgEx Options then click Verify.
In the window that pops up click Decrypt / Verify, if all has been succesful you will see a green notice confirming that the signature passes.
You can now install TOR safe in the knowledge that the download has not been tampered with by malicious criminals or the surveillance state. Once installed you will now be able to evade any form of Government or ISP filtering.
Remember if you are using TOR to protect yourself as part of a whistle blowing exercise there are several warnings to take heed of to ensure that you do not jeopardise the work you’ve put in so far.
This article is for use on a Linux/Mac computer (desktop / laptop etc). A Windows guide will be available at a later date.
If you don’t currently run Linux on your desktop I would strongly suggest it. Try Fedora or Ubuntu. If you don’t want to run Linux permanently but do want to try this method then a Live Boot CD of Fedora or Ubuntu (or any other Linux OS of your choice) would be an ideal method.
Servers in datacenters are extremely unlikely to experience filtering so by tunnelling your connection through to a server you can browse the Internet without worrying if your connection is being restricted or surveilled.
Signing up with Digital Ocean
Navigate to www.DigitalOcean.com and click the Signup button at the top of the page. Enter an email address and a password. You may want to use an anonymous email provider such as Hushmail.com to protect your privacy and a strong password you’ve not used anywhere else. Important: The email address must be real as your server password will be emailed to you.
Once logged in you’ll have access to the initial control panel;
Click get started which will take you to the billing page, you can either use a credit card (you may want to use an anonymous Visa / Mastercard, search online for keywords such as prepaid, anonymous etc) or PayPal.
Once your payment is processed and cleared (check billing for tracking your pre-paid balance if using PayPal) or refresh the droplets page to see the below;
Click Create Droplet!
Choose a friendly name for the server (aka Droplet), this name is not important feel free to use how-to.survivetheclaireperryinter.net if you want to. Leave the Size option alone (or if a larger size is selected change to to 512Mb/20Gb/1Tb as this is only $5 / £3 a month). For lower latency and a reduced chance of NSA eavesdropping choose an Amsterdam datacenter (not necessary but recommended).
Scroll down for more settings. For the purposes of this tutorial choose CentOS and then the latest CentOS version (currently 6.4) then click Create Droplet.
After a few seconds of watching the following screen your server will be created and you should have received an email with your root password.
Behold your new server, make note of the IP address at the top near the word active. In this case the IP address is 184.108.40.206Check your inbox and you should have an email with the IP address, the user name (root) and your password. It’s very important you don’t write a blog post and publish your username and password because bad things will happen to your server
Now we’re ready to create a proxy.
Testing the Proxy / Tunnel
Assuming you are logged into your Linux computer load up a terminal.Type the following;
ssh -D 8080 firstname.lastname@example.org
Replace the IP address with your own. You’ll be informed that the authenticity of the host can’t be established which is true because you don’t know what the RSA key fingerprint is. You can choose to accept it and continue or be paranoid and bail. If you chose to continue you will be prompted for you password that was sent by email.
Load up another terminal (or a tab) and type the following;
Once logged in change the password with the passwd command. Ensure you use a different password to anything else you have.The root user is the most powerful user on a Linux server and can delete anything and everything so you really don’t want to be using it for everyday tasks. For creating the tunnel we want to use a non-privileged user. To do this simply type the following (feel free to replace the name tunnel with your name or anything, it’s just a username and isn’t important);
Now change the password for this user by passing the username to the passwd command used earlier, make sure you use a strong password and one that isn’t that same as any of your others;
Load up a new tab on your local machine and try logging in as your new user;
For this example I’m going to use Firefox but feel free to try it out with others. In the address bar type about:config, you’ll be presented with the following screen;
Assuming you are going to be careful click the button.
In the Search bar at the top type proxy, then look for the strings network.proxy.socks and network.proxy.socks_port, type in the values from the command above (127.0.0.1 and 8080). If your ISP filters DNS then you may want to toggle network.proxy.socks_remote_dns too (don’t forget to change your name servers!).
Finally change network.proxy.type to 1.
To test, simply load up a new Firefox tab and attempt to access a blocked page.
So there you have it, an easy way to get past any Web filtering and as an added bonus since your traffic is encrypted between your computer and your server in Amsterdam neither your ISP nor the UK Government can monitor it.
Traffic egressing the server can still be tracked and recorded. With the right combination of warrants and traffic capture at the Digital Ocean datacenter coupled with your home ISP logs illegal activity can still be traced back to you! Only use this to method to bypass filters,
Upcoming articles include creating a dedicated Raspberry PI proxy for use with multiple devices (phones, tablets, Windows PCs etc) and setup guides for other server providers. Make sure you follow @STCPI on Twitter for updates!