/32/ - Psychopolitics

>>3521

Yes its possible. I'm involved with a group doing this in the US. Its very hard and requires a lot of previous experience. However it can be worth it.

One quick tip, divide the group you make into three parts:

- Those who gather information ("Watchers")

- Those who processes information and cut away the irrelevant from the relevant ("Analysts")

- Those who take action based on the information ("Reducers")

Should I go on?

>>3547

Let me pull from parts of a manual I wrote:

>Section 3.1: Information Exfiltration and Best Practices

>Your first goal in infiltrating is exfiltrating information. However this is a pretty difficult task, for three reasons. The first of these is the information itself. Its difficult to capture conversations covertly. The second is scale. Its hard to know whats important and what isn't, and you most likely have a lot of information to cover. The third is utilization. What can be released without hurting sources? How can information be used to your advantage?

>These questions are very broad and each require their own chapter. This chapter will deal with collecting & processing information. Later chapters will deal with how to use it for various tasks, such as gatecrashing, asset development, and group subversion.

>On Person Microphones:

>As an infiltrator, it is your job to collect every word, every message, and every document. The first of these items, and the hardest to collect, is audio. Hidden recording devices must fulfill some basic requirements. The device must be small and concealable, be inconspicuous, and have a reason to be around.

>The best recording device for this type of operation is a common smartphone. There are plenty of hidden recording apps out there. Everyone has a phone, and there is no real reason you wouldn't want one with you while you are at a meeting or talking with guys from an associated group. The modern smart phone has a pretty decent microphone that will work well for this kind of task. The main problem with this happens to be space. Audio recording for this long requires a ton of memory. You might have to dump some of your old files on your hard drive to free up space. These recording take memory, and lots of them.

>There are other devices that you can get for your uses. You can find a variety of hats, sunglasses, pens, buttons, and other object that contain cameras and audio recorders. Any video should be secondary unless you want to nab some faceshots of people. Audio is always more important. These types of devices are significantly more risky than say, a smart phone, because these devices, when discovered, have no other explanation behind them other than “you were recording.”

>Leave Behind Microphones:

>If you cannot be present in an area and you need to make a recording, there are plenty of simple solutions out there for you. The most robust and flexible system that can be purchased for cash is an FM microphone transmitter kit and a scanner/radio kit with an aux out. These tiny FM microphones generally broadcast at 100ish MHZ with about 200 meters of range. With a radio that has an aux out, you can plug the aux cord directly into the microphone slot and record it directly into audacity. The sound will be complete shit in quality, but some work in audacity will make it bearable.

>Although not technically a leave behind microphone, if for some reason the people you are monitoring are a smuck enough to use a lavier microphone, just hop on with a scanner and start searching through CB ranges. These microphones are notorious for not only being easy to intercept, but easy to manipulate. These are actually banned from use at popular security conventions like DEFCON because crafty infosec analysts would broadcast their presentations OVER TOP of the real presenters.

>A less involved option is to purchase a wifi pinhole camera. These things are hit and miss, and really the wifi feature is secondary, you want the microsd card functions. Because you can leave them, forget about them, and then pick them back up with your audio. Oh also these things are motion activated, so they are really hit and miss.

>There are plenty of GPS GSM tracker out there that are surprisingly robust. Although these boxes are marketed as GPS “trackers” they are mainly used for audio recordings. You can easily call into a GSM card number and hear what the microphone is saying. You can get these as fake powerbank looking things with an android logo on it, weird microusb cables, and even these weird fake key clickers designed to track old people. The “GPS” trackers aren't even real gps trackers, they just triangulate the position via cell phone towers.

>You can also get these over the powerline microphones, but you can't find them anywhere anymore and they are complete garbage at this point. Now over the powerline routers are sweet for other things, which I may get into later, but not this.

>However through all this there is one huge problem with all leave behind microphones. Recovery: you have to pick up the evidence afterward. Don't rely on these. In fact, avoid using these like the plauge. There are way better ways to get these things done here.

>>3549

>Monitoring Internet Traffic:

>If you happen to be on the same network you can easily start monitoring the http traffic with wireshark and get some interesting information via monitor mode. Although you can't see the ssl traffic, you will still be able to see dns requests which will give you a hint as to what is going on. Just an FYI for the sanity of your analyst, don't take a truckload of wireshark data and dump it on his doorstep. That shit is annoying to go through.

>Snort is also nice for this kind of thing, in that you can have it save all traffic with keywords in it by editing the local.rules file and adding the alert keyword. Check out their documentation for that and way more. Snort is a fairly powerful tool, and is way better developed than wireshark in certain places.

>On the topic of ettercap, some people really like to use it for MITM. However, if you don't know what you are doing, this could turn into a train wreck fast. Ettercap is cool, but make sure you know what you are doing before you use it. Also, ettercap's methodology is to dump more data than it thinks you need, just in case it misses something. Be prepared for metric fucktons of data when you really just wanted some browsing history.

>You can run a surprising amount of this crap on a standard android phone. I seriously advise you stick to that, as I said, everyone has a phone and no one questions the use of one. Look less like a leet hackerman and more inconspicuous. If you absolutely must have a portable device to run these autistic programs on, go for a pocket chip. The company is pozzed as fuck, but the things are cheap, and run a custom version of Debian. Also get it on ebay, don't pay full price for that shit.

>If you want to maintain access to a network via a drop box or something, try making a MiniPwner box. They are made out of TP-Link MR3040's and setup will be strangely familiar to those who have made pirate boxes before. They can act as a drop box, do some wardriving, be a rouge access point, and can basically run any package you can fit on the machine. They also sell a MiniPwner black version, which is available on request. The main advantage is the serial port and a better antenna. You can also install it on other, beefier, TP-Link routers with more antennas.

>Now if you want a pre-built solution because you are a fucking skid, Pineapple boxes are also a thing. They cost like 100+ dollars for the basic model, and you can't leave them behind because of how fucking expensive they are to replace which kills the key reason you would want one of these. They have a really nice UX to do it all in, but you will eventually come to hate it and just ditch it for terminal. There is a more expensive, bigger, one but the only real advantage is MOAR ANTENNAASSS and better battery life (kinda).

>Just remember that all drop box type items suffer from the same problems as leave behind microphones.

>Now there is also the topic of rats, keyloggers, botnets, formgrabbers, stealers, reverse shells, VNC's, ect. I can go on about these for hours. Due to some, uh, other reasons, I wont give any advice on which ones to use. Just make that call yourself, but you use fucking darkcomet I will kill you personally for being a skid. You might also want to pick up a good crypter to keep that shit hidden.

>If you have physical access to the machine for a good hour, you can easily boot up from an ubuntu live CD, hop on their partition and drop a piece of malware in their C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

folder. From there your malware binary will run on the next boot, and you didn't even need to log in.

>>3558

>>3557

>Your manual is excellently written, you should really share it in full.

Can't, the manual itself isn't entirely completed yet. It already spans a good few hundred pages, with a ton more to go. I might post it here when the time comes.

What other questions do you have?

>>3560

I simultaneously want some information on how reducers act, and also want you to not drop it, for it could be used to rat you out.

What a pain.

>>3566

>The reducers, or the watchers?

Reducers. The full term for a reducer is a "risk reduction and management specialist," and it comes mostly from the private "business intelligence" side of things. They do all the work that might compromise an asset. All of the arm twisting and action you see in the movies would be assigned to them. Depending on the situation, placing recording devices might also be up to them.