~ Wolf in sheep's clothing ~
         Petit image    Oh Yeah
Published @ searchlores.org in June 2002
Wolf in sheep's clothing
by Oh Yeah
slightly edited by fravia+
Some time ago, on one of our messageboards, I answered a posting by Oh Yeah with the following "Finding out if bozo is a wolf" remarks:

Indeed hiding among the illeterate sheeps is a powerful move, the problem is that a good logging of your web-activities (by your ISP) will quickly demonstrate what long wolf-teeth you have.
So? Should it be hiding at home and biting around only in the webcafés?
Should it be hiding throughout own ISP connections, and biting only with proxies?

If I were in search of a wolf among the sheeps I would write a small grep script for my own ISP loggings:

Finding out if bozo is a wolf
any more suggestions Oh Yeah?   Awaiting your essay :-)

And Oh Yeah did indeed work on this stuff, as you'll be able to constate now... (even if he took part of it elsewhere)...
There is some fundamental anonymity basic information for all beginners in here... read, understand, use, enjoy!

Let's hope we'll soon see more contributions along these lines...

Wolf in sheep's clothing
by Oh Yeah, june 2002

OK. I admit it. I'm a wolf who prefers to pretend is a sheep. Especially while on the Internet. Why is that useful you may ask? Here are some advantages I want to share, where "blending into a crowd" is useful. Besides Fravia+ asked me to prepare this article, how can I refuse?? Just excuse my bad english if possible, please.

I will divide this essay into several parts. Part 1 will deal with what preparations I do before I go on the Internet. Part 2 will deal with how I behave on the Internet once I get there. Part 3 is about how I clean my PC.

PART 1. Steps I take before I go on the 'net.

First of all, I do not stay with the same ISP service for long. I change them every year, sometimes even after 6 months. I don't use cable, simple 56K dial-up is fine for me. After all, the only different thing I'd do if I had cable is d/l a LOT MORE [mostly useless] junk than I already do now. So a 56K is fine for me. Being connected ALL the time?? Why??? No reason for it.

Second, I always try to create my ISP account under somebody else's name and address if at all possible. One more step between the real me and the imaginary me never hurts. Right now I'm using one of those MAIL Boxes and ecetra places to get my ISP bills, since their address looks just like a regular address.
Another thing I do is pre-pay the bills, usually for up to 6 months ahead of time, so I won't be bothered with bills every month. Like I said, my ISP account is always a different name than my own. Right now my account runs under a very common female Anglo-Sacson name, even though I'm neither, hehehe.

Third, I NEVER EVER use the email account given to me "free" by my ISP, because they can be tracked and monitored easier than any throw-away web-based email. I only use Web based "free" emails such as hushmail.com or ZipLip.com or anonymous.to or Yahoo.com or some other services, preferably located in a different country than the one I am in, so if its Yahoo this time, for instance, I would use the German yahoo or even the Japanese one. I do NOT recommand using hotmail.com, known for sniffing the hell out of your mail. Also, I always jump through a proxy to access these services. Also, if I am sending files, I always encript them using PGP or something else such as BestCrypt. Of course, when filling up the info while setting up the mail services for the first time, I lie like a mattress.
Last time I was from Israel. Before that I was from Shri Lanka. The funkier the names, the better. I get really creative there, but not too creative as to stand out.
Arabic sounding names are out right now. Of-course I also only use such accounts for a limited period of time. I change them every year or as often as needed. It's still amazing to me how many spammers do manage to find me nevertheless.
If they can find me so easily what about the rest I wonder??

PART II What I do on the 'net once I get there

1. To begin with, I rarely "surf" web pages. Sure, your average luser thinks the Internet equals "the Web". How sadly uninformed they are! Web pages are pretty lame anyway. Why go to http://www.mp3.com to look for a song when you have 70+ file sharing programs where you can find ANY tune you desire in less than 5 minutes? Why pay 20 dollars (or more) every month to look at some lame low-quality porno pictures when UseNet is bursting at the seams from all the porn groups, images, films, appz and whatnot it is carring?? (now, after having implemented yEnc, the posts practically fly right into my HD).

But there is a much simpler reason why i do not visit web pages so much anymore. ALL visits to all Web pages will be logged. Your ISP has a log of who is logged in, under which IP number, at any particular time. They also maintain a log of data transfers, logging each transfer of information, the originating IP, and the destination IP. Your ISP can and will have a nice log of at all of your recent internet activities, including all the Web pages you have visited and looked at, all emails sent and received, any software or files you may have download. So it is a fairly trivial process to do a search of the logs and find any illegal activity, and associate it with the exact computers involved. I still hear cases of people getting caught sending and reseaving unapproprite unencrypted images using their work or home email accounts, or using their work accounts to "surf the Web" looking at porn. Majorly silly, eh?? I say they deserved to be caught!! (^_^ am I mean or whut?)

BUT Your dedicated ISP usually does not monitor what you are posting to usenet and downloading from usenet because usenet uses NNTP protocol. They can and do monitor HTTP activity (unless you use a proxy), but they still haven't -most of the time- got the idea to also monitor NNTP and ALL the other protocols. Of course, your dedicated news server does record your connection to a news server, however, unless you are connecting to a shell or proxy first. In that case, it records your connection to that service and is unaware of your connection to the news server.

So why do the ISP's maintain logs of all internet activity? Well, for several reasons, depending on the countries they are in. Some law enforcent agencies require them to. Other ISP's just like to cooperate with the cops, in case to protect their backs. But if you ask them, they will say they do it mostly for the purpose of debugging. If the ISP servers develop a problem or they crash, technicians may scan the logs to determine if a particular transfer was involved with the problem. Riiiight. Your workplace will definetly monitor your Internet usage. Worse, they have the right to do it. SO NEVER EVER use your workplace internet for anything you don't want others to see.

Now consider an ordinary every day surfing the web. In a normal day you can download/upload 20,000 or 30,000 files (the gifs of the pages, the wallpapers, etc. etc.). Now if the ISP has 10000 or more clients (normally an ISP needs at least 10000 users to survive) that results in: 10000 x 3000 = 30,000,000 operations in a day. Every line has 128 lines (or bytes) = 3.840.000.000 bytes... The logs takes 3 Gigs from the disk !!! :) but thats a drop in the ocean to the storage devices available now. So again, watch your steps ^_^ and learn how to use a proxy quick. Searchores has some excelent proxy essays, and I should know, after all, I have personally written several of them (uder different nicks of course).

However, if a federal agency has a search warrant with some kind of funky justification, they have the authority to demand a search of the logs. If the logs for that time period are available, they can trace that data transfer to you. The logs are KEPT FOREVER burned on Cd-Roms, especially at work, so you can have to account for some pron you saw three years ago on your old jobplace...

2. Second, I never use Web cafes, or send emasils while at work, or use the net while working. To begin with Web cafes are heaviliy monitored. A very commn and WRONG asumption os that using web Cafes will make you anonimous. Infact, Web cafes customers are one of the most monitored today, with that idiotic US "war on terrorism" crap. In fact, never ever use your college, or school or work internet connection for ANYTHING thast can be concidered illigal.

Your biggest danger is if you are using a computer at work, at school, or in a public library. They keep their own logs, which are usually much smaller than a regular ISP. They also have more incentive to search their logs, to keep their image clean, and keep an eye on the activities of their employees/students/users. I recommend that you do not use such computers for any questionable activity.

3. Third- while on the net, I change and rotate personalities, nickames, sex, age, languages more than I change my socks in "real" life! I have and use several nicks (males and females) according to what I am doing right at the moment. Each personality has a different speach pattern, way of expressing himself or herself, comes from a different country, and has a whole separate life history and story. I prefer to use the female personality with men, because most men would give their right hand to help a "helpless female newbie" who knows nothing, the poor dear.[for a great and revealing look at personalities online read the great Pat Cadigan's "Tea from an empty cup." cyberpunk sci fi book<--plug plug]

zing 4. Forth, if I have to use a Web browser, I use Netscape Navigator ver 4.7 with EVERYTHING TURNED OFF! That means NO Java, NO Java Script, NO Active X, NO Cascading sheets, NO smart browsing enabled, NO cutesy but useless blinking animation, NO annoying music WAVs and sometimes NOT even images! And of course, NO cookies!

Of course, do not forget the simple things. That's where lotto people get screwed up. Always surf while proxied and disable java and java scripting, etc. If ever in doubt while visiting a site disconnect immediately and run wiping utilities. Never write anything down on paper related to on topic subjects. Save URL's, site addresses and subject info in simple text files stored in encrypted drives.

Common mistakes (wrong assumptions) Tools you may use (PGP, harddisk cleaners, ISP activities monitors)Smoke curtains (and URL obfuscation) Hiding among sheeps (ready to use the teeth) and so on How how do you make the distinction between a sheep and a wolf? Here's a short list. You are welcome to add to it:

PART III. After all that internet activity, it's time to clean up my HD!

fravia's comment: The following is taken verbatim from http://members.tripod.com/lotstoread/faqs/cleanhd.html

(¯`·.¸(¯`·.¸ ¸.·´¯)¸.·´¯)
ToolZ to clean your HD with
go to:BCWipe, DirSnoop, Eraser Window Washer By now you should know how dirty your Windoze gets. You should never just simply delet files to the "recycle Bin" and think they are gone. Everytime you are on the Net, or use your PC, all that work is left to be seen. Some of the places needing cleaning are: C:\Windows\Recent (for recently open files such as movies, txt, ets-Win95 & 98) C:\WINNT\PROFILES\ADMINI~`\RECENT (for NT) C:\Windows\R C:\Windows\win386.swp (the notorious Swap file), C:\Windows\Temp

BCWipe is a freeware program that will clean your free space on your HD by writting over it 7 times and wiping it clean. You can get it from http://www.jetico.sci.fi They also sell a comercial version of a product to clean your HD. Warning! Turns out files/folders CAN be seen with DirSnoop even AFTER BCWipe is used, so does THAT mean they can also be recovered? Some people have experianced problems with BCWipe, while others swear by it. Seems it's a bit over active and cleans MORE than just your free space and swap files. So use it at your own risk.

DirSnoopis from briggsoft.com Yeah, you use Windows Washer, and Eraser and you feel confident enough that the files you erased were gone. Well, that's NOT 100% true and Dir Snoop can prove it to you. Did you also know files leave "ghost" images of themselves even after you move them from one drive to another?
Dir Snoop yes, it works beautifully, and yes, its scary what it can show you. Files I thought were long gone are sitting there, staring me right back in the face.
Grade: 10 as in get it, learn it, use it!

Dir Snoop is a wonderful freeware that can be used to: Verify the effectiveness of file/disk wiping programs Recover erased files
Purge erased file names from directory structure
Permanently wipe traces of "ghost" files(files that were deleted long ago) and individual clusters with 4-pass wiping function
Search, group, and sort files by name, date, cluster, size, and attributes Search and View files and raw clusters, the raw directory structures and file clusters for content
View the file allocation table (FAT)
Map files and directories to cluster numbers

Dir Snoop is very easy to use. It has ONLY 4 options on its tools line- File, Current, Global and Help.

the File option can Purge the remainds of ghost files, can Unerase files, can Wipe files. NOTE: The "ghost" files appear in red.

the Current

the Global

the Help as usual has the help files in case you need instructions

File Finder it shows hidden, system deleted files on your drives on Hex format. Grade 8 as in good solid utility

Eraser is a little freeware from Students.Tut.Fi or you can d/l the zipped program directly from iki.fi. It is ther easiest thing to use, tiny, fast as hell and when i checked back with DirSnoop the files were ACTUALLY gone! It can clean indivigual folders, files, entire dir, and also can clean your Unused disk space just like BCWipe.It has 3 cleaning options- Default which is writing over the data 35(!) times, Easier US Military approved 7 times overwrite option thats the same as BCWipe and Pseudo-Random option where you can specify how many times the data to be written over. Eraser Definetly recommand it!

NOTE* THE following was taken directly from DrWho's Encription FAQ. read the part Please read the complete faq for more info.
Scorch is a freeware wipe utility. It is VERY useful for wiping Window's SWAP FILE.
Read the documentation that comes with Scorch before use. There are several other options, which are best gleaned from the included documentation. Scorch is available at: http://mist.demon.co.uk;
2. Use Notepad to write the following simple Batch file.
Save it in C:\Windows.
Give the batch file a name.
I suggest Wapp16.bat, but any convenient letter or name will suffice, but NOT Win.bat or confusion will occur with the Win.com which starts Windows.
(I have suggested Wapp16 as the file name simply to cause a little smoke if anybody were searching through your computer - so many Windows files start with the letter W :-).
The format of enclosing the file to be wiped in square brackets in order to minimize disastrous errors.
Wapp16.bat = Scorch [c:\win386.swp] /nodel Scorch [c:\progra~1\cache\*.*] Scorch [c:\windows\cookies\*.*] Scorch [c:\windows\history\*.*] Scorch [c:\windows\recent\*.*] Scorch [c:\windows\spool\\fax\*.*] Scorch [c:\windows\spool\\printers\*.*] Scorch [c:\windows\temp\*.*] Scorch [c:\windows\tempor~1\*.*] Scorch [c:\windows\web\*.*] Zapempty

Win Note 1: Choose whichever of the above folders applies to your system, likewise add any others that are not shown but required.

Window Washer also cleans and "adds bleach" to ALL of these "Standard Wash Items":
all the Browsers' caches(BOTH Netscape and IE), History Folders, the Cookies folders, Temporary Internet Files folder, the Temp folder itself, ICQ's history messages folders, the Recicle Bin, Window's Document History, Find and Run folders, ets... Window Washer allows you to easily clean up the history of your activities on your PC and the Internet. It can clean your Netscape and Internet Explorer cache, cookies, form data, and drop-down address list. Window Washer can also remove files and entries in your recent documents history, recent applications history, temporary files folder, and recycle bin. Window Washer also includes a Custom Wash Items feature that allows you to specify other files and folders that you would like to have cleaned. Free Custom Wash Item plug-ins allow you to clean many third party programs such as RealPlayer and Adobe Acrobat. You can set Window Washer to automatically run in the background and clean your files and history as you work, or you can have it clean at start-up or shutdown. In addition, a Bleach function is also available that overwrites deleted files with random characters a set number of times, making them unrecoverable by file recovery utilities. To download the free custom wash item plug-ins, visit http://www.webroot.com/plugin.htm


New Features in Window Washer 3.0 (aka: Cache & Cookie Washer Deluxe): Cleaning support for Windows 2000 Cleaning support for Internet Explorer 5.1 and 5.5 Cleaning support for Netscape 4.7 Cleaning support for AOL 5.0 and Compuserve Improved bleach function for overwrites of files in FAT, FAT32, and NTFS And many bug fixes and GUI improvements!


For more information and a free 30 day trial download, visit http://www.webroot.com/washer.htm To order Window Washer 3.0 for only $29.95 visit http://www.webroot.com/order1.htm If you purchased a previous version of Window Washer or Cache and Cookie Washer within the past year, visit http://www.webroot.com/supp1.htm for free upgrade information.


Also visit http://www.webroot.com/indexb.htm for our recent news and updates page. As you can see, it cleans almost everything one can think of. Netscape and IE have an extra buttons for even more options.
You can also add a custom files for Windows Washer to clean, with the "Custom Wash Items" option on the right side. TO add an item, click on "ADD" button, choose "Clean File" and click on the "SELECT" button to manually select the item for advanced options. Here, you will get the "select files or folders to be washed" menu. From the menu you can choose ANY item off your C:\ drive, with the subdir, ets. Then all you have to do is clcik on "SAVE" button and you are done!
Windows Washer has an easy to use interface options, and you can set it to run every quarter, half or hourly, daily, every 8 hors, ets. You can get it from webroot.com I definetly recommand this program!

(¯`·.¸(¯`·.¸ ¸.·´¯)¸.·´¯)
and remember: no matter HOW smart you think you ARE, there will ALWAYS be somebody who is smarter than you. So never underestimate people.
Petit image

(c) III Millennium: [fravia+], all rights reserved