Playback speed
×
Share post
Share post at current time
0:00
/
0:00

Burner Phone, Beater Laptop

Digital peanut butter and jelly ...

Having acquired a New Burner Phone, I dug into my closet and pulled out an elderly Toshiba, the laptop that refuses to die. It's a wreck; floppy hinge, proper drive for it failed long ago, so it's got a 32GB M2 sata card in a 2.5” SATA drive adapter. The processor is an AMD A6-3400M, and its four non-hyperthread cores put out as much computing work as two thirds of a single core on my desktop.

There are a lot of operating systems one can use. I find the Ubuntu Budgie distribution the smoothest alternative when shifting between Linux and Mac. Perhaps the reason was limited disk space, but this one is a plain Ubuntu install. I mirrored what I'd done earlier on the phone – log into gmail, then install Authy and Signal with snap.

That I could do this at all was a pleasant bonus thanks to the unexpected hotspot service that came with the burner. Previously if I needed a desktop I'd have installed the Mullvad VPN binary client on the phone and on a virtual machine, both with fail closed configuration. Why is the hotspot better?

The IP address is not associated with my house, but the $5/monthly Mullvad account would accomplish that. What is more important is that it's not a VPN IP address. A couple years ago a Google Voice number and a VPN IP would not have been a problem for creating new things. Today there are a lot of sites that refuse to work on sign up with a GV number. Things with email are worse – they'll permit a signup via VPN to go far enough to get the email, then you get dumped. The email is burned AND the process seems to pick up … other things that thwart future attempts.

Any network device in a laptop or phone has a unique local network layer identifier. Bluetoooth, ethernet and wifi interfaces have a 48 bit MAC address. Phones have bluetooth, wifi, and for the cellular network there is an IMEI. This is “burned in” address, it's associated with the baseband radio chip when it's manufactured. The MAC addresses are burned in as well, but Linux will let you modify them at runtime, and there are plenty of legit reasons to do so. Virtual machines have MAC addresses as well, but they’re created on the fly using a 24 bit prefix assigned to the given hypervisor and 24 bits of random numbers.

I finished the Cisco Network & Design Professional ratings in 2000. My network skills have brought me a bit of consulting with consumer behavior companies. They were providing free wifi in shopping malls, they had advanced signal strength monitoring so they knew roughly where each device was located, and they were correlating hardware addresses with other bits of PII. Another gig in this area was about spotting high value visits - picking out executive phones from given companies and pushing certain business products. Like the fraud investigation described in New Burner Phone, I get paid doing this work, but the value of the knowledge persists long enough the money has been spent.

You will get tired of hearing this, but I’m going to keep bringing up What Hunts You? Your decisions about security have to be based on a rational assessment of what you will run into while you’re out & about. The steadily increasing anti-fraud measures have made it such that passing unnoticed is no longer gratis.

If you’re scratching your head on this and not sure how to start, here’s a low cost course and some sensible objectives.

  • Scrounge an old laptop. Two cores and 6GB tolerable, four cores and 8GB good.

  • If lappie has a spindle get a small 2.5” SATA SSD, 120GB are under $10.

  • Buy new or refurb a retired Android, get a plan for it, make sure it has hotspot.

  • Obtain Gmail, Google Voice, attach both Authy and Signal to GV.

  • Get Inoreader and Talkwalker Alerts.

  • Treading *carefully*, try making Facebook and LinkedIn.

Here’s the thing: do NOT wait until you need this and expect you’re going to be able open a bookmark here and just do these things while you’re focused on a specific problem. Every time I do this I learn something new. You have to accept at the start there’s a 50/50 chance you will stumble along the way and end up with a partial solution. You may emerge from this with a setup for poking around but no workable social media accounts. That is where I stopped with my new phone/laptop setup, because it fit the task at hand. This weekend I’m going to steel myself for disappointment and have a shot at signing up for Facebook.

Netwar Irregulars Bulletin v2.0
Tool Time
Short articles and videos showing how to use the various tools that are mentioned in the Netwar Irregulars Bulletin.
Authors
Neal Rauhauser