Anonymous Security Guide 2.0


After releasing the first Anonymous Security Guide last fall, with feedback from the public, updated features, downloads and popular requests, we bring you version 2.0

At the very least, if you are going to interact with Anonymous you need to have a VPN. This should literally beSTEP 1:

What is a VPN?

A Virtual Private Network (VPN) is a network technology that creates a secure network connection over a public network such as the Internet or a private network owned by a service provider.

So what does this mean? To put it most simply: If someone tries to log your IP, this person will see the IP of your VPN service provider, protecting your personal computer. It will cost you money for a good VPN service, but you do get what you pay for in this industry. However, even on the lower end of price range spectrum, most VPN services do an adequate job.

Below are two of the most trusted VPN servers, there are of course many others if you do the research. We recommend the following services because they allow users the most options/control over settings. They are also some of the most highly rated VPN services by several leading sites.

– Buy IPVanish:

– Buy Nord VPN:

– Buy Perfect Privacy VPN:

– Buy HideMyAss VPN:

– Buy MullVad VPN:

Free VPN’s do exist, but use at your own risk. The most trustedfreeVPN’s appear to be RiseUP VPN & BetterNet VPN.<–I have recommended these to countless users over the last year and have not heard one negative thing about either.

– Download RiseUp VPN:

– Download BetterNet VPN:

For those of you who are more advanced, or complete computer nerds, here is a tutorial on how to manually set up a VPN within your own computer. If done successfully, this will protect your computer better than any paid service and will offer more protection for your personal files:

CyberGhost offers a free and paid VPN service, however, I have heard from multiple Anonymous sources that not only is CyberGhost the easiest VPN to hack through, but it also regularly coordinates with the FBI.

This leads us to our next piece of advice, when selecting a VPN service,DO NOT SELECT ANY VPN BASED OUT OF THE UNITED STATES!

The reason for this is simple, its not that these companies are evil or offer an inferior product, it is because there is no containing the power of the United States government from within the United States. For example, in the US, a simple subpoena -which legally does not even have to be reviewed by a court or judge – is all that is required to force corporations and companies to overturn data and information to the federal government – under severe penalty of law.The FBI has even convinced US Congress to pass a new law, essentially criminalizing the use of security software– such as VPN’s – to take effect in the near future.

On the other hand, an international court made a landmark decision July 14th 2016declaring that foreign companies do not have to comply with US warrants or requests for information stored on foreign servers/databases. So stay safe, protect your data and use a foreign based VPN.

Outside of the federal government, a VPN alone should be enough to protect you from the average person on the internet – 99% of ‘white hat hackers‘. But once you have one, you are ready forSTEP 2:setting up some sort of proxy protection.

What is a Proxy?

Aproxy serveris a computer that offers a computer network service to allow clients to make indirect network connections to other network services. A client connects to the proxy server, then requests a connection, file, or other resource available on a different server. The proxy provides the resource either by connecting to the specified server or by serving it from a cache. In some cases, the proxy may alter the client’s request or the server’s response for various purposes.

There are different ways you can go about creating a proxy. The most most simple way is to use a browser with built in proxy protection – many people have traditionally used the Tor browser for this.

A proxy browser is helpful because it will conceal the IP of your computer on whatever web site you are using. If someone is trying to log your IP on a site, or the site you are using logs your IP, they will pick up the Tor exit node your computer is using at that particular time, not your personal IP. If someone is able to crack through the Tor proxy, which almost no one is capable of doing outside of federal governments, they will still end up having to face your VPN. So, if you sign into your VPN first, then proxy second, the proxy browser will protect your VPN. In this way, it creates a duel level protection.

Previously, it was discovered thatthe FBI was able to exploit the Tor Browser through a hole in the flash player. This has now been patched and the latest version of the browser was released June 2016.

Download Here:

Tor has been struggling a bit in recent times. Earlier this year,the FBI launched a War on encryption,using federal courts toforce tech companies to install back-doors on encryption protocol. Rulings to whichthe FBI promised to continue to use the courts systems to defeat encryption rights. In response to these developments,the Tor Project announced if they were ever forced by the court systems to overturn their encryption protocol, they would shut down the network altogether rather then comply. A scary thought for privacy advocates

This June,the Tor Project got a new board of directorsafter sexual abuse scandal and less than week after this, the Tor Project announced thatone of the core contributors to the Project was leaving and shutting down critical servers– destroying key, trusted exit nodes in the process. Then, this July, news was released revealing how well over100 Tor exit nodes have been designated for the sole purpose of tracking/monitoring deep web users.

These events came on the heels ofMIT announcing they have developed a superior, safer network alternative to the Tor network. Needless to say, it may be time to start looking for alternatives to Tor and many already have.

One of these recent alternatives can be found in the Opera browser. Opera has been less popular over recent years, but it has been redesigned in 2016 and now offers its own built in VPN. Opera now also offers an incognito mode, similar to Mozilla, which does not record cookies or browser history once turned on. More and more Internet users are making the switch to Opera, mainly because of their new VPN.

Download Here:

Find Other Free Browser’s With Built In Proxy Protection Here:

So, now that you have your VPN and proxy browser. WithSTEP 3, you can add onproxy chain.

The longer the chain the longer/harder it will take for anyone who wants to hack into you. Every proxy that a hacker can bypass will lead them straight to another proxy address which leads to another, so on and so forth. If someone can somehow get through all of them, they end up at your browser proxy, then VPN – this is how proxy chains will add a third layer of protection.

It is rare to encounter proxy chains, but for this same reason, it is much more effective than a standalone VPN. Let it be noted, mush like with paid VPN services, if you pay for a proxy chain, you get what your pay for. If you are interested, here are some links to teach you how to manually set up your own proxies for free:

– How To Proxy Chain Using Internet Explorer and Tor:

– Add Proxy’s With FoxyProxy for Mozilla:

– Alternative Tutorial: Creating Proxy Chains:

Now that you have all the outside protections in place, you are going to want some internal protection. Believe it or not, even with a VPN and proxy, your computer may still leak your IP to web sites. This is done through something known as the WebRTC, which makes a “real time connection” to each web site you visit.Even with protections turned on, this “connection” can be made, and depending on the site or configuration, will leak your IP– undermining your VPN and making it useless.

STEP 4, You are going to need to install something to Disable WebRTC. This will be free and easy.

Disable WebRTC for Firefox:

Internet Explorer, Tor and Safari do not enable WebRTC – yet.

**WARNING: There was an app available to block WebRTC from Google Chrome but it has been deleted by google and you will be vulnerable on that browser. Ditch Chrome and Gmail altogether if you care at all about protecting your privacy. See alternative emails lists further down the article**

To Test If Your Browser Is Leaking Your IP through WebRTC Test Here:

STEP 5:This next bit may not be completely necessary and may make browsing the Internet annoying until you get used to it, but it does serve as a last line of defense either way. So, if you want lock tight security, you are going to want a Java Script blocker. No Script is a free open source java blocker, which allows your to peal back java script on websites, layer by layer. You can customize settings for every unique website you enter easily with just the click of a button.

Install No Script:

Additionally, to get rid of all those pesky advertisements, install AdBlock Plus:

Safer Alternatives To Gmail

Ghostmail.This service allows you to sign up to an encrypted email service. The server is located in Switzerland and offers free end to end encryption on all emails. The service also has a built in “self destruct mode” which, when turned on, will automatically delete any message after it has been read – Mission Impossible stye. At no point in signing up for this service are you asked to confirm anything or give away any personal information.Sign Up

ProtonMail.Another service offering free end to end encryption who’s services are located in Switzerland –outside of US laws and jurisdiction. Like Ghostmail, at no point in time are you asked for any personal information. If you are a fan of the Television show “Mr. Robot” this is Elliot’s email of choice.Sign Up Here:

Tutanota.This is another free encrypted email service that has become quite popular in recent times. Earlier this year,Tutanota surpassed 1 million accounts, becoming the largest online encrypted email service on the internet. Tutanota makes their encryption code open source so security experts can confirm the level of security they will be receiving.Sign up Here:

** WARNING: Never open an email from a sender you do not know. It might seem harmless, but the simple act of opening an email can send the IP Address of your computer to the sender of that email. It is extremely simple for a hacker/phisher to set this up **

Always use caution when clicking on links in an email, online chat, social networking posts, even from someone you may know, but particularly by sources you do not. Clicking on a link that appears to be benign in nature may in fact contain embedded malware or IP loggers that can compromise your computer. Once compromised, the data on your computer can be exploited and even your computer can be remotely operated as a surrogate in online attacks against others.

– Test Hyperlink URL’s Before You Click for Malicious/Hidden Content:

– Test Recent Downloads for Malicious Content:

**If you find that you have downloaded something malicious and own a windows computer, go to start/system restore/select a date prior to the download and reset your system. This will reboot your system to a time before it was effected by the virus**

Always make sure that your firewalls are turned on, your anti-virus software is up to date and you have disabled remote access connection to your computer.

Use CCleaner on a (fairly) regular basis. This is a free disk cleaner tool “on steroids”. It works by searching for and deleting useless files on your computer, thus freeing up your hard-drive. Asexplained by How-To-Geek, “it will also erase your browser history, cookies, and cache files for any browsers you have installed — Internet Explorer, Firefox, Chrome, even Opera. It will even erase the cookie data stored by your Flash Player. It will even wipe out other potentially privacy-risking data, such as the list of recently opened file names in Microsoft Word, Adobe Reader, Windows Media Player, VLC media player, and other common Windows applications.”

Please note, if you use CCleaner, you should save or write down all the passwords to your online accounts before using. You would be surprised how much information the internet and your computer remembers about you – until every bit of it is deleted.

Download CCleaner:

How To Keep an Anonymous Identity On The Internet

Invent an alias, a surname if you will, with a name of your choice. Go and register this name with one of the email service providers located above. Use this new email to register any new Twitter, Facebook, Instagram, et cetera accounts. Be sure to clear all browser cookies before using this alias, or better yet, use a different web browser for your anonymous identity than you would use for your more typical internet activity. If you can not remember passwords or account information for this, store then in an encrypted file (encryption tutorials located further down the article).

Hide your profile from search engines. This can be accomplished by going to the Account/Privacy Settings/ Search and unchecking the “Public Search Results” box. This will remove your public preview from Google, Bing, and Yahoo search returns.

How To Kick Someone From Your Computer

If you ever sense that someone is on your computer, you can use the following sequence to boot them off your computer, at least temporarily. You can use the command inboldon a regular basis. It will not disrupt your Internet connection.

  • Open cmd window
  • title Hacker (press enter)
  • color a (enter)
  • echo off (enter)
  • cls (enter)
  • ipconfig/flushdns(enter)
  • ipconfig/release(enter)
  • ipconfig/renew(enter)

If you want to try and find the IP address of that person on your computer open cmd and use:netstat -nornetstat -anornetstat -anp.

– cmd Commands Encyclopedia for Windows:

– Linux Bash Commands Encyclopedia:

– Terminal Commands Encyclopedia for Mac:

– DOS Commands Encyclopedia:

Additional Safety Tips/Advice

How To Make Your PC Safe | By: Anon.Dos:

How To Encrypt Your Hard Drive:

Learn To Encrypt Your Files on Windows, Linux & Mac:

Enable BIOS Protection For Added Security:

Learn To Create Un-Hackable Passwords:

How To Secure Your Windows Phone:

How To Secure Your Android Phone:

Iphone Encryption Advice From Edward Snowden:

If you care about privacy and protection, here is why you may want to learn to make a switch from Windows to run a Linux OS:

For complete security, download the Linux based TAILS OS:

Installing The Anonymous Operating System:

Anonymous Just Took Down 1/5 Of Dark Web’s Child Pornography(暗网访问以及连接地址都有可以翻译去直接疯狂一下吧!)


The Dark Web is the encrypted network that exists between Tor servers and their clients aka cyber criminals, activists and many others who want encrypted communications. The Tor Network, the only network that protects the user’s identity and does not watch their Internet activities, helps Internet users retain their privacy online — especially when they are being watched by third parties.

Since most of the Dark Web is a haven for drug markets, pedophiles and sex traffickers who use Tor or set up anonymous .onion websites to hide their location and to ply their illegal trade, it becomes difficult for law enforcement to unmask the criminals seeking refuge in the shadows.

In their attempt to uncover the creators, possessors, and subscribers of child pornography,a group of anonymous hackers breached Freedom Hosting II —the largest host of Dark Web sites accessible only through Tor — downloaded gigabytes of data, and took down and defaced some 10,613 .onion websites.

The anonymous hacktivists claimed over 50% of the data stored on the Freedom Hosting II servers contained child pornography.International Business Timesreported that thehackers stole 75 GB worth of files and 2.6 GB of databases, which they offered to return for 0.1 bitcoin, around $100.

torAccording to Sarah Jamie Lewis, an independent anonymity & privacy researcher who spotted the mass hack as part of her regular scans of the Onion space (Dark Web sites running on the Tor network), Freedom Hosting II was hosting an estimated 15% to 20% of all websites on the Dark Web.

This means that the hack took down nearly a fifth of the Dark Web. Lewis toldThe Verge: “This is a major blow considering many were personal or political blogs and forums. In the short term,a lot of diversity has disappearedfrom the Dark Web.”

Security researcher Chris Monteiro claimed the Freedom Hosting II hack may have disrupted a substantial number of botnets, which are increasingly used by cyber criminals to launch large-scale DDoS attacks.

Monteiro also discovered the .onion websites were not only hosting botnets, but also fraud sites, sites peddling hacked data, weird fetish portals, and child abuse sites targeting both English and Russian speaking buyers. Websites defaced inthe Freedom Hosting II hackinclude:


In an interview withVICE, the hackers explainedwhy and howthey took down the Dark Web hosting provider:

“Initially we didn’t want to take down FHII. But thenwe found several large child pornography siteswhich were using more than Freedom Hosting II’s stated allowance. Usually, Freedom Hosting II has a quota of 256MB per site, but these illegal sites comprised of gigabytes of material. This suggests they paid for hosting and the admin knew of those sites. That’s when I decided to take it down instead.”

torIn 2011 also, as part of Operation Darknet,anonymous hacked and DDoSed the first Freedom Hostingfor hosting child pornography websites. In 2013, when the first Freedom Hosting was hosting half of all Dark Web sites, the FBI used a misconfiguration in the Tor Browser setup to identify visitors to such websites, took down the service, and arrested its owner Eric Eoin Marques in Ireland. Charges laid against Marques were of facilitating the distribution of online child pornography.



1.1 勒索软件



1.2 本文内容





1.3 本文结构





2.1 Apocalypse–(内嵌密钥+自定义加密算法)








2.2 Cerber–(生成RSA密钥+RSA+RC4)






和Apocalypse勒索软件相比, Cerber更加复杂和缜密。为了能更容易理解,我们主要讨论Cerber加密过程的主要思想,过程有所简化,但更容易让大家理解。






2.3 CryptoWall–(申请RSA公钥+RSA+AES)









2.4 CTB_Locker–(生成ECDH密钥+ECDH+AES)











2.5 Jigsaw–(内嵌密钥+AES)







2.6 Locky–(申请RSA公钥+RSA+AES+Intel的AES指令集)









2.7 Petya–(ECDH+SALSA20)









2.8 TeslaCrypt–(生成ECDH密钥+ECDH+AES)







2.9 TorrentLocker–(RSA+AES)









2.10 Unlock92–(生成RSA密钥+RSA+RSA)








3.1 加密方法总结



1) 自定义的加密方法,如Apocalypse勒索软件。

2) 使用1层加密算法,如Jigsaw勒索软件。

3) 使用2层加密算法,比如RSA-AES模型,采用2层算法例子有CryptoWall,Locky,Petya,Unlock92。

4) 使用3层加密算法,比如ECDH+ECDH+AES模型。例子有Cerber,CTB_Locker,TeslaCrypt。

5) 利用其它正常软件的加密模块。例如,CryptoHost勒索软件加密过程利用了WINRAR的加密模块来对受害人的文件进行加密,Vault勒索软件使用 了GNUPG的加密模块。


3.2 解密方法总结


1) 对于自定义的加密算法,我们需要知道解密密钥和解密算法(标准加密算法的解密算法是已知的)。

2) 对于1层加密算法,我们需要获得解密密钥,并用这个密钥解密受害人的文件。

3) 对于2层加密算法(第二层密钥才是真正的文件加密密钥),我们需要知道第一层密钥、或第二层密钥。如果我们有第一层密钥,我们可以用第一层密钥还原出第二层密钥,再用第二层密钥解密受害人的文件。

4) 对于3层加密算法(第三层密钥才是真正的文件加密密钥),我们需要知道其中任何一层的密钥,如果我们知道第一层密钥,我们就可以还原出第二层密钥,然后用第二层密钥还原出第三层密钥,最后用第三层密钥解密文件。

5) 加密算法使用了其它软件的加密模块时,我们需要知道解密密钥,然后用解密密钥和相应的解密模块解密文件。


3.3 勒索软件漏洞总结


1) 由于自定义的解密算法。通常这种自定义的算法和标准加密算法相比,强度都不大,而且存在漏洞。

2) 错误的密钥存储方法。个别勒索软件直接将密钥(加密和解密是一个密钥)内嵌在程序代码中。

3) 密码强度太小。部分勒索软件使用了RSA算法,但是密钥强度不大,导致可以因式分解,从而被破解。

4) 不科学的伪随机数发生器。如果伪随机数发生器不随机,那么产生的密钥就有可能被预测到,如早期的Unlock92勒索软件就存在这样的问题。

5) C&C服务器存在漏洞。部分勒索软件的C&C服务器存在漏洞,这使得从C&C服务器上取回密钥成为了可能。如早期版本的Cerber勒索软件。

6) 其它原因,如CoinVault勒索软件的作者被逮捕,TeslaCrypt勒索软件的作者主动释放出了ECDH私钥,等等。


3.4 样本总结