Any ideas how to start a secure communications network in case members of a team can't communicate on their own devices?
In an office I was thinking ye olde internal phone lines might work well. You could also send code visually through fax, the recipient scans the print out. Each colour of ink would give you a bit of entropy if you were sending a key.
What about using a set of identical paired mobile devices with reduced functionality that work like TOR? Your 10$ Nokia sends a encrypted message split to 5 other 10$ Nokias, it's then sent to the recipient.
Nobody would even know you had this kind of back up network until you started using it- and even then they might not be monitoring it have access to the Telecom network. You could use satellite phones if required.
Just do it over the radio waves. Exchange the encryption key ahead of time.
Parker Nguyen
How would having backup communications let you win a CTF? I don't get it, isn't a CTF just a game?
Ryan Myers
Ah well that's exactly the issue I'm trying to resolve.
If my keys are compromised I need a way of redistributing them - and if I've lost my keys that's more problematic.
I'm worried about losing the keys to user error, phisical surveillance.
If I could send them all at once through an internal network to everyone even if our security was bad speed might still be able to cover us.
And since its a portable network, if the team has to relocate phisicaly (we lose power, someone runs on and cuts wires) we're in a much better position
In some games cheating is allowed.
Joshua Kelly
There are applications that provide mesh networking communications. There are applications available for smartphones and desktop machines. There have been threads in the past about this technology but I forgot the names of these kinds of applications.
That's the kind of thing I'm looking for, but these A. Use Bluetooth or wifi, which are far too easily taped into - even encrypted For one way communication they might be OK. C. Use smartphones.
I'd rather use encrypted radio than these I'm looking for something more sophisticated.
Hopefully by using mobiles as relays like in the tor network, someone listening wouldn't be able to work out who was the intended recipient and would only get a partial message if they had a D0 on one of the devices
Luke Wood
Encrypted wifi isn't easily hacked. I don't know the state of Bluetooth encryption but I would speculate that they are secure.
krackattacks.com/ Pleb, only cable is actually secure. Working encryption methods either aren't supported by the device or the router.
Henry Rivera
But they were too easily hacked if I remember correctly. Could you make one secure?
This. I thought it was common knowledge.
Gabriel Ramirez
i'm currently on a Q10, since a while now, and the last, QNX based BBs were solid, but all depends if the BES admin is skilled; or a complete moron, for all the rest; VPN, secure client for mail, proxy, network authentication, these are the ThinkPad of phones.
No wonder RIM fell down and now is just a chink brand like the rest, but I know the only thing that could replace my Q10 could be only another Q10/Classic BB, or some Nokia flip phone.
Gavin Hughes
Is it so common that your opponents disable your communications that you need a backup?
Anthony Fisher
What is your use case for all of this? There's no way to give you half-decent advice without knowing how your keys could be compromised and other things like that.
That attack has been mostly patched already, and the default windows implementation of WPA2 was slightly non-compliant and thus resistant to the attack.
Andrew Long
The problem: routers don't run Windows Lad, you don't even know how bad it really is.
Jack Nelson
Pick a secret passphrase and an evolution method, then use these with symmetric cryptography to transmit information safely.
For example,
Use passphrase ILoveGiantDicksInMyAss' and the evolution scheme of appending an incrementing number at the end, so your final secret is ILoveGiantDicksInMyAss69, and your next one would be ILoveGiantDicksInMyAss70.
Then, use a hashing algorithm to hash this so that your final key is e.g. SHA256(ILoveGiantDicksInMyAss69). This is so that even if your key is compromised all they have is a hash you can easily replace.
Now use this hash to encrypt whatever you want to communicate with each other. Share more private/public keys, whatever.
If your key gets compromised, simply leave a message encrypted with the compromised key out in the open that your buddy will be ableto find and then increment by one and re-hash and use the new totally unique key going forward. Unless the super ultra secret gets compromised (which it won't unless you're stupid and write it down somewhere) you will both understand how to generate psuedo-random but identical keys independently of eachother without having to communicate a word. If you can't decrypt something, just try a few different values for the incrementer until you find one that works.
Ryder Torres
There are a number of ways to make this more safe. Like not re-using the same incrementer for more than one message (thus if two appear with the same count you know something is fucked). You could also make the incrementer an unix timestamp and just make sure you and your buddies are time-synced relatively well and so you have a new nigh-unbreakable key literally every second.
Brayden Murphy
If you're not a ham the best bet is the Trisquare spread spectrum walkie talkies, the transmissions are encrypted and operate right across the unlicensed 2.4 GHz band. While it's certain that the NSA or other bodies could receive and decrypt your communications it seems unlikely that other groups would have the equipment or expertise to identify and intercept such transmissions. These radios were pulled from the market but are still available used.
Using pagers isn't that bad of an idea except for two things, first they operate in licensed bands which means you're going to get busted unless you reband them, and second, the communications protocol doesn't support encryption so you have to send out each message with IDs of the recipients. There's no way to send out a message to every pager in a given area.
Hams will use NVIS and other low probability of intercept techniques, including piggybacking on stronger transmissions, to get through without detection.
Leo Long
That sounds interesting. Are there perhaps any Chinese walkie-talkies with encryption available?
Gabriel Nelson
Throw in a Markov chained offset to the timestamp for autism.
Angel Hughes
Not that I know of and the Trisquare encryption like that used in all radios isn't exactly secure against the NSA, but it would stymie local cops and most any non-state group.
Adrian Collins
I'm worried we're going to lose our keys to members of the team we can't trust, or to someone with phisical access to our hardware. It's not an easy task to secure a network that potencially could be compromised by an insider and I'm way out of my depth -hence backup communications are vital to ensure we have some base level connectivity which we can use to re-establish control
Just what I was looking for, thanks user
It's almost a weekly occurrence *sigh* We have office staff who are fooled by the most basic Phishing, people impersonating technicians to gain access to our hardware - usually to steal our files but sometimes to try and bug us.
We also suffer from repeated power outages and are occasionally forced to relocate the whole fucking operation because of among other things security threats, petty political infighting, natural disaster and infrastructure failure.
If I can set up a secure mesh network when - for instance - our whole neibourhood looses power and they can't fix it, I can use the backup because it's battery powered to coordinate the relocation.
Bingo, I think this is my solution - with I can get it all done sensibly
Radio traffic is a big no - no Devices could be cloned, and because the military uses them extensively the set ups to break them are definitely out there Shit when I was 15 we used to hack the local cops radios for funsies, so they got cheap encrypted ones but since we could see what kind they had we bought one off ebay, literally called the distributor pretending to be cops and complained our radio didn't work. The cheese fingered motherfucker was angry because it was the sixth call that month or something and step by stepped us through how to do it, he knew everything because the cops told him and didn't even consider we might be a bunch of kids. I'm not a tech expert, I don't know shit. I just think outside the box and ask Zig Forums, God bless you all
HAM is as I understand it hard to phisicaly relocate and would probably fail if we had a power outage. That's almost a daily occurrence.
Parker Myers
But many devices connected to routers do, and they were immune from the start thanks to them rejecting the new key. You can still do denial of service that way, but you can't get to the data they are sending.
That's essentially the hardest scenario possible. Ideally, limit attack surface by limiting what hardware contains important data: for example, personal devices only get a temporary key, while the master key is held only on the auth server in a secure location.
Gabriel Bailey
So to recap.
If I set up a mesh network of blackberries, set them all to a remote time zone (Bermuda), set a key (opisafaggot)and added an incrimentor (Bermuda time*3) that way everyone could check the incrimentor on any device in a blackout.
I would then have a key that evolved by the second which anyone with a key could follow.
That way someone getting access to the message would get a useless Hash code, someone with the Hash algorithm couldn't do much without the key, someone having the key, Hash would get a message - but unless they were aware the key evolved they wouldn't be able to follow past the one message they got
But would the mesh of blackberries be venurable to DDOS after it came online?
Jace Harris
What mode where they using? Basic bitch P25 encryption is aes256. The older spec was DES. Lots of systems support over the air re-keying and key rotation. So even if you did spend a few grand to get a radio that supported the scheme they where using you would still be with out the keys.
You don't understand. Maximum Operator Mode would be encrypted messages via NVIS from a backpack HF rig that moved after every transmission.
If you are close in then anything (laptop,smartphone,PDA,pi) with a soundcard could be hooked to a $40 bofang portable radio and send encrypted messages over simple afsk packet. You could even send packet over walmart FRS radios. Or hold your device to the phone and send it over landline or payphone. If it can pass 1200Hz and 2200Hz audio then it can pass packet. Ive decoded it off youtube videos before. The transport doesn't have to be radio.
you know how numbers stations works right? have some notebook, printed or learned kind of list of code, a radio, a paper, tune to that number station and decode the message.
make sure the number station broadcasts a lot of nonsense 3/4 of the time so it prevents any kind of deciphering, this is really what secret agencies still use, or even, communicate with on-line with like, a dumb twitter, youtube or any website with visibility, posting non sequiturs or pointless shit no one cares about.
There's many ways to communicate secretely, if your OPSSEC is flawed you will find a new one. in fact if you don't have a way to interpret an information - it's meant to confuse the enemy - you are not the recipient.
Most hams have their own power generation capability, it's part of the hobby. Every year we have Field Day where you practice operation on emergency power away from your own shack. I personally have over 180 amp hours of 12v lead acid batteries which I charge with a solar panel, it's enough for me to operate my radio station for hundreds of hours. And I'm a lightweight when it comes to this stuff.
Hudson Fisher
It's a nice rig especially for the price but the batteries are going to be hard to obtain / old cells soon. Hopefully some based ham accessory maker produces some new ones.
Benjamin Murphy
Now that's an idea I hadn't considered
Wouldn't it be very obvious though? Maybe your messages would be secure, but you couldn't possibly hide that kind of radio traffic.
A mesh network would have a much shorter range.
If our computers go down because of a general outage and we start beaming encrypted radio it would be like shooting flares into the sky.
I want to hide our messages in regular mobile traffic streams.
But it's a very good idea and I'll add it to the chalk board
When we were hacking radio we were talking over an antenna, communicating with it via internet so we could hide what we were doing (relaying a police signal would get noticed pretty quick). We could decrypt it with a professional program, I couldn't even tell you what kind of encryption because I was a skiddy. All the work was done on computer, we acquired the radio encryption key and were stepped through how to tune in by the clueless police tech guy. When it was set up we had lag, but got to hear all the private transmittion of the local criminals locations, and ongoing investigation. Nobody I knew you caught by the booze bus after that.
Disaster response capacity building. It's a broad field, we have to make sure nobody forgets to have a water store at every center, that all the NGOs in the area speak the same language (we once had Korean missionaries, local response, French doctors all trying to work together and were forced to enlist tourists as internal translators).
Post disaster our teams are very venurable, one major concern is the army or militia might steal our supplies or kidnap our medical staff. Lots of shit happens, so I'm trying to get coms set up. We keep getting hacked, almost daily. So I'm setting up a back up communications system so in a disaster we can move supplies and personelle out of the city, security is paramount but discretion is equally vital
Jaxon Davis
People sometimes live in the hinterlands and if a tree falls on a line it might be a day or two before the power is restored. At my bolt hole in northern MN we lost power for six days a couple summers ago. No problem except for the fridge.
Hunter Moore
Numbers stations and one time pads etc are great if everyone has hours to decpyher shit and your recipient is a spy.
I'm broadcasting time sensetive evacuation messages to a bunch of doctors. If their phones run on a mesh network they can use it like they would normally.
And I'm very reluctant to broadcast anything at all before it's absolutely nececary, I don't even want anyone to know what our back up channel is
Ideally I want an encrypted mesh network I can load onto some phones which I've partially disabled, I can put them all in a box and nobody be the wiser)
Adrian Rivera
I'm sure, "doctors," just like all commie agitators are "students" or "professors."
James James
Phishing? Windows viruses? Or something more complicated?
Caleb Cox
And also WHO is hacking you so much that you are afraid of even using your backup comms?
Owen Reed
Could go with Zigbee radio or maybe NFC...
Jaxson James
Could just IPSec over a firewalled and gateway-less Wifi, or some other encrypted transport layer solution.
Colton Nguyen
The only devices that will work after any EMP disaster will things w/o transistor tech. That pretty much reduces it down to tubes or even lower tech.
Adrian Perez
Most electronic devices will still work after EMP (unless the EMP is right on top of the device). An EMP is not a deus ex machina for crying out loud! The main thing that will be rendered FUBAR by an EMP is the electrical grid.
Adam James
you don't need nonsense for OTP but even then, yeah I guess you could do frequency-hopping spread spectrum OTP, but not really necessary OTP changes based on time anyway
Liam Peterson
BB was never secure
Gabriel Young
This, it was proved in court, too.
Dominic Mitchell
Just hook that bitch up to a deep cycle battery and you're in business.
Luke Cook
It's a stupid nimh battery pack, how hard can it be to rebuild it?
Oliver Reed
bumping
Jonathan Price
Has anyone used any of the GoTenna products? They seem pretty ideal for small, portable devices with low barrier to entry for noob family members. Expensive, though. I'd rather an X200 with an APRS setup, but that's probably not maintainable remotely in a SHTF scenario.
Ive looked in to them. They are more a hipster social media device then a SHTF device. They might have their recreational uses in small areas or a building but 1 watt on 900mhz with the shitty built in antenna wont get you very far. And if the cellular network is down I don't much see the point of keeping a power hungry smart phone going just for that. Plus the whole thing is closed source and (((patent pending))). Would suck to invest in the hardware only to have them become useless in a few years when the company folds and you can't get updated "apps". If they opened up the spec it might catch on and get enough adoption to actually make the "mesh" part useful.
Oh and I like how they claim one of the uses is to get around government censorship...while they publish all the device locations on their network map.
mesh memes wont really work anonymously. cant connect to others if you dont know where they are
Jackson Miller
"Nikolai Kovalev, the former director of Russia’s Federal Security Service, told Izvestiya: “From the point of view of security, any means of electronic communication is vulnerable. You can remove any information from a computer. There are means of defence, of course, but there’s no 100 per cent guarantee they will work. So from the point of view of preserving secrets the most primitive methods are preferable: a person’s hand and a pen, or a typewriter.”" telegraph.co.uk/news/worldnews/europe/russia/10173645/Kremlin-returns-to-typewriters-to-avoid-computer-leaks.html
Jeremiah Sullivan
lel
non-electronic only
Lucas Jackson
*non-electric
Aiden Bell
this is mostly true except when your dumbass messenger literally drops your battle plans and expensive smokes on the road for blue-clad fags to pick up.
