Category: OSINT

PGP Encryption

Posted by Jason Edison

In our online training program we are fortunate to have an active community where members can help drive the curriculum. My favorite recommendations are those which reflect real world scenarios that are directly applicable to our intelligence work. Recently, one of our members presented the following scenario which provides an opportunity to explain the basic use of PGP encryption. Although many of you privacy enthusiasts may use PGP encryption on a regular basis, some of our audience is new to it, so this post will strive to provide a basic explanation.
From time to time while tracking targets online, you have no doubt seen mention of PGP or GPG public keys. References to these keys are often added to online profiles or forum posts as a means of soliciting secure, private communications. There are, of course, plenty of legitimate use cases for encrypting communications, but for our purposes here, we will use an example of communicating with a target as part of a cyber-crime investigation.
Let us say that you are investigating targets who are selling contraband on a popular criminal forum. You locate a post of interest and note that the user has listed a public PGP key as part of their signature line. They also indicate they will not respond to any direct messages which do not use their public key. You wish to initiate communication with the target but are unsure of what a public key is and how to make use of it. The following will give you a simple overview of PGP terminology and how you can use open source tools to send and receive encrypted messages.

Terminology – Public and Private Keys
PGP encryption relies on a key pair commonly referred to as “public” and “private” keys, which are used to encrypt and decrypt digital files (such as an email message). Using our example above, the public PGP key in the signature line can be used by anyone to encrypt a communication, but only our target will be able to decrypt it because they hold the corresponding private key. So if the message is intercepted in transit, it’s useless to anyone except the holder of the private key.
Public keys can be shared openly because they can only be used to lock messages; it is the private key that unlocks the message.

Terminology – PGP, OpenPGP, and GPG
PGP is one of the oldest and most prolific means of encrypting messages for digital communication. One of the most confusing things for people new to PGP is that you will see mention of PGP, OpenPGP, GPG, and GnuPG in similar contexts.
PGP – “Pretty Good Privacy” was created by Phil Zimmermann in the early ‘90s and was the first popular method for encrypting data using private and public key pairs. (https://en.wikipedia.org/wiki/Pretty_Good_Privacy)
OpenPGP – This is not a piece of software, but rather a standard that was developed out of PGP. This is not pertinent to most end users, but you may see it mentioned and it can lead to confusion. (https://openpgp.org)
GPG or GnuPG – “Gnu Privacy Guard” is an updated and popular open source version of PGP maintained by the Gnu Project. This is the version of PGP which I stumble onto most commonly during online operations. (https://gnupg.org/)

PGP Tools
There are many ways to utilize PGP or GPG encryption, but below are some of the most common and easy-to-use tools.
GPG Command line – You can install GPG as a command line tool for your operating system using some of our preferred package managers:
Linux – sudo apt install gpg
MacOS – brew install gnupg
Windows – choco install gpg4win-vanilla

GPG is preinstalled on most Linux distros and Windows users can download GPGWin4 (Kleopatra) directly from https://www.gpg4win.org/). Although the GPG project site has a fair amount of documentation and links, those new to the topic may find it easier to follow the guide at https://emailselfdefense.fsf.org/en/.

Protonmail – If you are using Protonmail you are already using PGP seamlessly to encrypt and decrypt messages between your and other Protonmail accounts. There is also an option to use PGP to communicate with non-Protonmail users and more information can be found at https://proton.me/support/how-to-use-pgp.

GPGTools – This application integrates GPG with Apple Mail. Available at https://gpgtools.org or using the Homebrew command: brew install --cask gpg-suite.

Once you have selected and installed your tool of choice:
1. Use it to create your public/private key pair.
2. Back-up your keys to a secure location such as your password manager or print them out and secure the hard copy in your fire safe.
3. It is important to keep your private key safe and only ever share your public key. Remember, the public key can only lock the file(s), and the private key is what unlocks/decrypts the data.
4. Provide your public key to your target, and going forward, they will be able to send you encrypted messages on any platform.
5. Once they send you their public key, you can add that to your PGP application of choice, and going forward, you will be able to encrypt messages that only your target can later decrypt.
6. Let’s say your target is using Gmail but gives you their public key. You encrypt a message using that key and then paste it into an email sent to their Gmail address. That encrypted message will not be “human readable” and will just look like a mess of random characters. Also, despite the fact that Google scans all Gmail messages, they will not be able to break the encryption, so they cannot analyze and mine the message content.
7. Your target will copy the encrypted text out of that email and paste it into their own PGP application, which will then use their private key to decrypt it.
8. In this fashion, users can use this decades-old form of simple encryption to send private messages on non-private platforms.

For a more detailed demonstration of PGP installation and use cases, we have a new video lesson covering the topic in our online training program. For more information, you can visit https://inteltechniques.net or email [email protected].

Reissued Digital PDF Editions

Posted by Michael Bazzell

We have released official digital PDF versions of OSINT Techniques, 10th Edition (2023) and Extreme Privacy, 4th Edition (2022).

Originally, we only released paperback and hardcover versions of our large textbooks. In 2023, we began a shift and decided to stop releasing print versions of our books. We did not like the exclusivity agreements required by Amazon and their overall monopoly of the self-publishing market. We have always been bothered that an Amazon account was required to purchase books about OSINT and privacy (the irony). We also saw their print quality decline drastically. In February of 2023, we released our first digital PDF guide about mobile devices as part of the Extreme Privacy series. We later released guides about macOS devices, Linux devices, and Firewalls. These were all successful, and each of those include free updates whenever needed.

With this release, we are finally providing official digital PDF versions which are an exact replica of the print books. They are designed for those who prefer a digital experience and want the ability to easily copy text or print a specific page. We respect that a digital version is much easier to access at all times than a 500+ page book, and the full-color screen captures appear nicer than those in the monochrome prints (and pirated versions).

There will be no digital updates to these versions, as we want to preserve the content as originally published. These books offer a very specific glimpse of OSINT and privacy at the time of publication. Even though a few techniques mentioned within them are no longer 100% accurate, we believe that a lot can be learned from the tutorials presented. The OSINT Techniques PDF includes access to the IntelTechniques book portal which offers updated tools and VM commands.

Purchase links:

https://inteltechniques.com/book1.html
https://inteltechniques.com/book7.html

My Irish Exit

Posted by Michael Bazzell

I am no stranger to the Irish Exit. I doubt many of my friends have ever heard me say "I am heading out now" or give any sort of official goodbye at an event. I have always preferred to quietly leave without fanfare or formalities. Several months ago, I gave an Irish Exit to the podcast.

This was not intended, it just happened. I won't go into all of the details, but I will offer some insight. I am very fortunate to have such a diverse range of clients. I am often asked to go off on grand adventures with them after my work is complete. I always politely decline, mostly due to pending obligations or a general desire to keep work and personal life separate. I also just don't fit in with the rich and famous. I find that life uncomfortable. However, I recently decided to unplug from my world, and become a temporary imposter within their world for the last three months.

While away, I stayed off of the internet and asked my staff to handle my email and other communications. It was delightful. I finally realized how much time the podcast, blogs, and constant communications were eating up my life. It is interesting how we adapt to the situations we are in.

I am now up to speed on the rumors. He is dead. He is in a foreign jail. He has cancer. He had a mental breakdown. He was kidnapped in Mexico. He is poor and working at Wendy's. He moved to Russia. I enjoyed all of the disinformation, thank you. However, others do not see the humor. My staff has been bombarded with emails demanding details of my absence, and two relatives were recently contacted via telephone from strangers asking if they had heard from me. Take it easy, creeps.

I assure you I am still here and doing well.

I originally had no intention of explaining my absence or status. I have no endorsement deals. I don’t owe sponsors any shows. I figured I would just walk away for a while. However, I respect that owning a business changes much of that, so here are some responses to the most common concerns.

Online Video Training: No change here. Jason is still delivering updated content every month. I have seen some of the upcoming topics and they beat anything I had in my version. I am truly lucky to have him on board. Jason is committed to the continued growth of the training, and I will still be involved as needed.

Consultations: No change here either. We have not accepted new clients for some time, as we have been focused on finishing all pending second citizenship requests. We will always cater to our active clients. My staff has that under control, and I will still offer my advice when new problems arise.

Books (Print): We currently do not plan on releasing any new print books. The current OSINT (10th) and Privacy (4th) books will still be available on Amazon, but we are not planning new print versions of either.

Books (Digital): The four digital guides we have released have all been successes. I enjoy putting out our own content without Amazon’s hands in it. I will continue to update these guides as promised. No change there. We are also considering the next guides. I have a huge OSINT breach data guide finished which could be the next release. We will also be publishing digital versions of the OSINT Techniques and Extreme Privacy print books. Expect an announcement soon.

Podcast: I have adapted to the no-podcast lifestyle. I like it. I would never say the podcast will not return, as I get bored easily. I will say that it is on an indefinite "hiatus”. Maybe it will become something completely different. Stay tuned and stay subscribed.

Archives: Many listeners are mad that the show archives were removed. I get it. Our host (Soundcloud) refused to allow us to renew our annual subscription, and they dropped us to the free tier. This prevents us from offering old episodes on their platform and is why you only see a single brief episode. Once the shows were removed from Soundcloud, all other podcast apps and services updated from this feed, eliminating their own links to the missing audio files. Yes, I know we could have found a new service, forwarded the feed, uploaded hundreds of gigabytes of wav files, and updated all of the podcast apps, but I did not see the point. Much like I prefer ephemeral messaging, I also kind of like the idea of expiring podcasts. They served a purpose at the time, but they were never meant to be a permanent reference. I hope some of you enjoyed them.

Blog: Jason, Aaron, and I plan to post more often on the IntelTechniques Blog. We know it is not a replacement for the podcast, but it does offer a platform for long-form content. Please monitor the blog itself or subscribe to the RSS feed available there. I already have two drafts close to publication.

In other words, we will always be creating new content, but we are also always looking for the next thing. I believe we should all live our lives as chapters. For me, Chapters One through Four was childhood, adolescence, individualism, and entering adulthood. I never wanted Chapter Five to simply be surviving as an adult until death. I want 100 chapters before I die. Therefore, I have always pivoted whenever it seemed strange to do so. In the spirit of oversharing, this is why I left government work two years before I received a pension, then quit Mr. Robot as soon as we won the awards and season two writing began, then exited the OSINT training space at the height of its popularity, then stopped all public speaking when my agency increased my rate due to demand, then stopped taking new privacy clients when we were receiving the most requests daily, then terminated my relationship with Amazon during our highest royalties, and then stopped the podcast while it was still growing rapidly. A chapter must end before the next can begin. I like going against the grain, even if I am told I am crazy. It allows me to embrace the next thing without overstaying my welcome.

I suspect some conspiracy theorists will speculate that I did not write these words and I am still MIA. I understand the skepticism. If it helps, the "<dc:creator>" field within the RSS feed file will show that this post was from my personal account, the same as the podcast posts. For comparison, the two posts prior to this were from Aaron's account.

What's next? I am not ready to share that, and may never go public with it. I have my aliases established. The shell company is in place. The anonymous payment account is ready. I always naively think I have found the next big thing. Maybe you will have suspicion that I am behind a new project you find. Hopefully, if I do things right, you will not.

The better question is, what is YOUR next chapter?

Thank you for all of the interest in my ridiculous ideas. I am honored to have played a very small role in the privacy, security, and OSINT community.

MB

 

Ubuntu Pro Shenanigans

Posted by Aaron Kelley

Several readers of our OSINT Techniques book and Online Video Training have expressed concern about Ubuntu's new Pro feature and update restrictions for those who do not subscribe to the service. Since we recommend Ubuntu for OSINT virtual machines, we should address the issue and offer some guidance. Let's start with addressing Ubuntu Pro. If you run 'sudo apt update' and 'sudo apt upgrade' within an Ubuntu Terminal, you will likely see something similar to the following.

This warning appears concerning as it insinuates that some updates are being withheld from your machine unless you subscribe to the Pro service. The following warning from Ubuntu's software updater is even more alarming.

This appears to present a lot of outdated software which we cannot update. However, looks can be deceiving. Click on any of these updates and look at the details pane. As one example, I clicked on Ffmpeg and observed the following.

The "Available version" is the exact same product as the currently installed software. The update does nothing. Running 'pro security-status' displays the following.

This confirms that our machine is receiving all Main/Restricted updates until 2027, at which time we would be using Ubuntu 26.04. We do not need extended updates until 2032 as offered through Ubuntu Pro. This makes Ubuntu Pro unnecessary for our needs. Opting to avoid Ubuntu Pro does not restrict your machine from the typical security updates which Ubuntu has always provided. The options available within Ubuntu Pro are enhancements to Ubuntu and no features have been removed from a typical Ubuntu installation. The focus of Ubuntu Pro is to extend the availability of updates from five to ten years, and provide some third-party security patches which may not be available otherwise. We should not be using old versions of Ubuntu for our VMs, so this does little for us within an investigative VM.

Ubuntu Pro is available for free for personal use, but it requires you to attach a unique license key to your Ubuntu installation, which will be tracked by Canonical. We do not recommend this. Instead, we encourage users to remove these unnecessary warnings with the following command.

mv /etc/apt/apt.conf.d/20apt-esm-hook.conf /etc/apt/apt.conf.d/20apt-esm-hook.conf.bak

After this command, which only renames the file responsible for this warning, updating through Terminal (and therefore the update script we provide within the VM), should appear as follows.

We feel that Ubuntu is being aggressively misleading with the rollout of Ubuntu Pro, and we do not recommend any OSINT users attach this service to their investigative VMs. We have not recommended Ubuntu as a host OS for some time.

The Privacy, Security, & OSINT Show – Episode 304

EPISODE 304-Linux Privacy & Security

This week we release our new digital guide Extreme Privacy: Linux Devices, I offer a conversation about Linux privacy and security, and present several important OSINT updates.

Direct support for this podcast comes from our privacy services, online training, and latest books. More details can be found at IntelTechniques.com. Thank you for keeping this show ad-free.

SHOW NOTES:

INTRO:

IASIP

NEWS & UPDATES:

None

LINUX PRIVACY & SECURITY:

https://inteltechniques.com/book7c.html

OSINT:

https://inteltechniques.com/tools/index.html

Free Guides: https://inteltechniques.com/links.html

Affiliate/Referral Links:
OSINT Techniques (10th): https://amzn.to/3VIlP74
Extreme Privacy (4th): https://amzn.to/3D6aiXp
Proton Mail: https://go.getproton.me/aff_c?offer_id=7&aff_id=1519
Proton VPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=277
Fastmail: https://ref.fm/u14547153
VoIP.ms: https://voip.ms/en/invite/Mzc2NjM3
Telnyx: https://refer.telnyx.com/refer/zrfmo
Silent Pocket: https://slnt.com/discount/IntelTechniques