Work Safely: How to stop leaving pieces of evidence at your hard drives.
Deal Carding Club
We all feel anonymous for the time being, but what if you find yourself in a situation where the FBI agent breaks into your house with a gun and calmly asks you to open up your PC?
You can use any VPN and any number of encryption layers for your important data, there's always will be the problem of human factor. Meaning that, you can forget to enable your VPN, or leave your machine open and unlocked without your supervision, or maybe even expose your passwords somewhere and find yourself in a not-very-pleasant situation.
This leaves you with a reasonable question: How do I keep myself from this type of stuff?
Encrypt yourself
So, to start off, we have something that every tech-savy person knows since the age of twelve: Encryption.
Use Veracrypt containers
Cryptocontainers is a good way to reliably encrypt your important data, and they are, in general, not so hard to use. But here's what you can do to improve their safety:
- Create as many containers as you can. Keeping all of the data in a single container is extremely unsafe.
- Keep all of your data in those containers
Why would you need this? Well, first of all, when the files are kept in an unmounted container, they're pretty much impossible to be read without unencrypting the container with a password, even when you have physical access to the device.
But cryptocontainers have another advantageous quality. For example, if you need to safely erase 100 Gigabytes of data from your PC, it could take up to an hour, depending on the speed of the HDD. But if you have all this data in a Veracrypt container, that only gets unlocked with a hardware key that we'll discuss in the next chapter, the process will take just a couple of seconds.
Encrypt your discs
Imagine a drawer with all of your personal data, that can be read by anyone who has a physical access to it. This is what your hard drive is like when it's unencrypted. But unlike the drawer, the drive contains even the data that was previously deleted from it.
Complex encryption can't guarantee that nobody will touch the drawer, but instead of documents, there will be a chaotic set of small pieces of paper, that nobody will be able to read.
And even if you already use cryptocontainers (duh.), you still need to encrypt the rest of the drive! System catalogs, home directories, swap-file, previously deleted data from the drive will all be exposed to anyone who has the physical access to your drive.
So remember kids, don't do drugs, don't dress up like Hitler in school, and NEVER EVER leave your drives unencrypted.
Hardware keys
After you're done with cryptocontainers, it's time to protect their safety by making a hardware key out of a 5$ microSD-card.
The thing is, Veracrypt has a really neat feature of keyfiles, which will be the ultimate, well, key to the container that you can store on a fragile, easily damageable microSD-card. "Why would you do this?" - you might ask. Well, you see, you won't have the time to delete any of your files from the PC when the previously mentioned FBI agent knocks in your door. So instead, you can just burn the card with a lighter, or smash it with a hammer.
Of course, there are more widely-usable hardware keys, such as YubiKey, which can be used, for example, to protect your passwords and other stuff.
PANIC BUTTON
Of course, in a really challenging situation, even things like destroying a hardware key would take too much time. For example in our little situation with the FBI agent, who's, let me remind you, still got a gun right behind your head.
In that case, the only thing left that can save you is a Panic Button. And I don't mean the actual red button on your desk, but rather a simple script, written in practically any scripting language, which will wait for some action from you to happen, and if you, or whoever is at your PC right now, won't do it. It will just safely erase all of your data from it.
As strange as it sounds, though, there's still no user-friendly GUI software, at least from open-sourced ones, that let you setup a panic button. But that ain't a problem for us, since all you need is a little bash script. We'll teach you to write those in future articles.
So, encrypt your drives, don't loose your keys, and bye.