All
major consumer operating systems, including Windows, Mac OS X, and
Linux, are way too easy to hack. One mishap — opening the wrong email
attachment, installing malware that pretends to be Flash, not updating
your software quickly enough — and you’ve given the keys to the kingdom
to an attacker.
If that attacker gets the ability to run programs of their choice on
your computer, as they often aim to do, they have access to all of your
files. They can start logging your keystrokes, taking screenshots, and
even listening to your microphone and watching through your webcam.
But it’s possible to isolate the most risky files and programs
from other parts of your computer. Using virtualization software, the
same technology that powers much of so-called “cloud computing,” it’s
possible for you to protect your system even as you open attachments
that might be sketchy, visit websites that you’re not too sure about —
porn sites, torrent sites, pirated TV and sports sites — or test out
software downloaded from random websites. You can also use this
technology to ensure that your anonymous online activity remains
anonymous, safeguarding the privacy protections offered by Tor by
ensuring that absolutely all internet traffic gets routed through it —
even if your software, like Tor Browser or Pidgin, gets hacked
specifically to bypass Tor.
In this column, I’m going to start with a simple primer on virtual
machines, including how to install the Ubuntu distribution of Linux in
one of them, and I encourage you to follow along. Then I’m going to
outline a handful of ways you can use virtual machines to reduce your
risk of getting hacked, and go over some security caveats. Then I’m
going to show off Whonix, an operating system you can run in a virtual
machine to maximize your online anonymity; it’s ideal for
maintaining a secret identity.
And finally I’m going to give a brief overview of Qubes, an operating
system that’s more secure than most anything currently available, and
takes isolation security to its logical limits.
Virtual machines 101
A virtual machine (VM) is a fake computer running inside your real
computer. Each VM gets to use a chunk of your computer’s memory while
it’s running and has its own virtual hard drive, which is just a file on
your real hard drive. You can install operating systems in them and you
can install and run software in them. You can save snapshots before you
do something potentially dangerous and restore the snapshot when you’re
done, returning your VM to its previous state.
In virtualization lingo, the operating system that you’re running
right now is called your “host,” and every VM that you run is a “guest.”
If a guest VM gets hacked, your host remains safe. For this reason,
security researchers often use VMs to study viruses: They unleash them
on their guest VMs to safely monitor what they’re trying to do and how
they work, without risking their host computer. They “isolate” the
viruses from the rest of their computer.
Courtesy XKCD
For this article I’m going to be using virtualization software called
VirtualBox. It’s open source and free to download. VirtualBox is available for Windows, Mac OS X, and Linux. Go ahead and
download and install a copy if you’d like to follow along.
I’m using a Mac host, and I’m going to start by installing the Ubuntu operating system, version 15.04 to be precise, in my VM.
Generally
speaking, it’s simpler to start off by installing a Linux distribution
in your virtual machine, since Linux is free software. You can install
as many Linux virtual machines as you want, wherever you want — an easy
setup to deal with.
If you want to test a piece of software for Windows or Mac OS X
inside a virtual machine to see if it’s malicious, you can also
install those operating systems inside of a VM. But there are legal
restrictions. For example, while OS X can be installed on up to
two virtual machines for free, you have to be on a Mac when you do so.
On Windows, you’ll
likely need to buy separate Windows licenses for each VM. Here are instructions for
installing Mac OS X in a VM and for
installing Windows 10 in a VM.
While the steps below are written and illustrated using an Ubuntu
virtual machine on a Mac, you can still follow along if you’re running
Windows or Linux. And don’t worry about breaking anything; you can
always delete your VM and start over. That’s the beauty of VMs: You get
infinite lives, in the parlance of videogames, so it’s a great way to
experiment and learn.
Creating a VM and installing Ubuntu
Hopefully you’ve already
downloaded and installed VirtualBox as instructed above. Next, hop on over to Ubuntu’s website and
download a copy of Ubuntu.
Now open VirtualBox and click “New” to create a new VM. I’m calling my VM “ubuntu-test.”
You get to choose how much memory your new VM will have and you get
to create a new virtual hard disk for it. Whatever resources you
allocate to your VM will not be available to other programs on your
computer. I’m sticking with the defaults, 768MB of memory and an 8GB
hard drive. You can just click through with all of the default options
too if you want, or you can give your VM more resources. Finally, click
“Create” to create your new VM.
The next step is to install Ubuntu. With my “ubuntu-test” VM
selected, I click “Start” to boot it up. Since the virtual machine
is brand new, it prompts me to insert an operating system installation
disk. Of course, I don’t actually need a “disk.” Instead I can just find
and select the disk image file (in this case,
“ubuntu-15.04-desktop-amd64.iso”) and click “Start.”
Now the VM begins to boot to the Ubuntu disk. Notice that if you
click in the virtual machine window, VirtualBox will warn you that the
VM will “capture” your mouse and keyboard input, which means that when
you move the mouse and type on your keyboard you’ll be doing this inside
your guest VM rather than on your host machine. You can press the “host
key” to make your mouse and keyboard control your regular computer
again. On a Mac the host key is the left “Command” key, and on Windows
and Linux it’s the right “Ctrl” key.
The Ubuntu disk has finished booting. I’m going to click “Install
Ubuntu” and follow the simple instructions. I’m choosing “Erase disk and
install Ubuntu” (don’t worry, I’m only erasing the virtual machine’s
virtual disk, not my actual hard drive). I’m going to make up a username
and password to login to this VM, and then I’m going to let it finish
installing. When it’s finally done, the VM will reboot into my freshly
installed operating system. (After installing Ubuntu, my VM failed to
shut down all the way while it was rebooting. If that happens to you as
well, click the Machine menu and choose Reset to force your VM to
restart.)
Updating software inside the VM
Now that I’ve booted up and logged in to my Ubuntu VM, I’m going to
update all of the software. Always keep your software up to date, even
in VMs!
To update all of the software in Ubuntu, I’m running the “Software
Updater” program, typing my password, and letting it do its thing. Since
I just installed this operating system and have never done updates, it
might take awhile to download and install everything.
Installing “Guest Additions”
When it’s finally done updating the existing software, it’s time to
install VirtualBox “Guest Additions.” Guest Additions aren’t required,
but they allow you to do some nice things, like resize your VM window,
share your clipboard between your host machine and your guest machine,
and set up shared folders so that your guest VM can access specific
files on your host.
In order to install Guest Additions you need to insert a virtual CD,
which contains the software, into your VM. You can do this by
clicking the “Devices” menu at the very top of the screen, from within
the VirtualBox program, and chose “Insert Guest Additions CD image.” It
will pop up a dialog asking for permission to install. Click “Run” on
the pop-up dialog, and VirtualBox will open a new window showing the
install progress. When it’s finished, reboot your VM. You can do this by
clicking the gear in the top right, clicking Shut Down, and then
clicking Restart.
With “Guest Additions” installed in my VM, I can resize the window like any other windows on my host machine.
I can also share the clipboard between the host and guest VM by
clicking the “Devices” menu at the top of my screen, from within the
VirtualBox program, and going to “Shared Clipboard.” The choices are
“Disabled,” “Host to Guest,” “Guest to Host,” or “Bidirectional.” It’s
best to keep this set to “Disabled” unless you need to copy and paste
between your guest VM and your host. You can always temporarily enable
clipboard sharing and then disable it again when you’re done.
Sharing folders
Sharing files is slightly more complex. First, you need to add your
user to the “vboxsf” group in your VM (don’t worry if you don’t
understand what this means). Click on the Ubuntu logo in the top left,
type “terminal,” and click on the Terminal icon to open a terminal in
your VM. Then type:
sudo usermod -a -G vboxsf $(whoami)
You’ll also have to type the password for your user account
in Ubuntu in the VM, the one you set up earlier. Then shut down your VM
all the way.
In the VirtualBox window, choose your VM and click “Settings,” and
move to the “Shared Folders” tab. Click the “+” icon to add a folder to
share with your VM. I’m sharing a folder called vbox_share in my
Documents folder. This way, if I need to copy files to or from my VM, I
have a place to drop those files.
Inside my Ubuntu VM, I can access the shared folder by viewing
“/media/sf_vbox_share”. I can get to that by opening the Files app
(there’s a launcher icon for it on the left), clicking Computer in the
left panel, double-clicking the “media” folder, then double-clicking the
“sf_vbox_share” folder. Inside my OS X host machine I can access the
same folder by viewing “vbox_share” in my “Documents” folder.
Isolating risky behavior inside of VMs
Now that we have a VM, let’s start doing some things that might be risky if we weren’t isolating them.
Before doing something that you think might break your VM, or might
infect it with malware, you might want to save a snapshot of it so you
can restore it when you’re done. You can save a snapshot by clicking
VirtualBox’s “Machine” menu at the top of your screen, and choosing
“Take Snapshot.”
Below are just a few examples of some ways you can use VMs to
increase the security of your computer. In the end, virtualization is a
tool that has many different uses, so feel free to be creative.
Opening documents that you don’t trust
One of the easiest ways to get hacked is by opening a malicious
document. Attackers might email you a booby-trapped “document” hoping
that you’ll open it. If you do, the file would exploit a flaw in your
operating system or in software like Adobe Reader or Microsoft Word,
thus allowing the attacker to take over your computer.
It’s not always clear which documents are safe and which are
malicious. A clever attacker could pretend to invite you to a conference
that you’re interested in, and attach a malicious file masquerading as
the schedule to that conference, or they could pretend to recruit you
for your dream job, and attach something that looks like a job
description — or they could entice you in any number of other ways. It’s
safest to simply not open any attachments or click on any links in
emails, but this isn’t feasible, especially for journalists or activists
who are actively soliciting sources.
These attacks are not theoretical. My colleague
Morgan Marquis-Boire pointed out a few real-world examples that he helped analyze: Vietnamese democracy activist
Ngoc Thu‘s
computer was hacked when she opened malware she found in her email; the
Committee to Protect Journalists’s executive director
Joel Simon was also emailed malware, though he didn’t install it; the Moroccan news website Mamkafinch.com
received an enticing tip
through their contact form that included a link that, when opened, took
over the journalist’s computer using Hacking Team malware; and a
report from 2014
showed that journalists from 21 of the world’s top 25 news
organizations were likely emailed malware by state-sponsored hackers.
You might also find files online that you’d really like to look at but aren’t sure are safe. For example, documents in the
Hacking Team email archive. You probably shouldn’t trust those, but you might want to look at them anyway.
Here’s an
email
where Hacking Team employees appear to be discussing giving a demo of
their hacking services to an Egyptian defense contractor. I don’t speak
Italian so I don’t entirely understand what this email thread is about,
but the attachment is called “Exploit.docx.” Seems legit (*cough*).
If I try opening this dubious file in Chrome, my browser throws a
security warning, and for good reason! Any attachments downloaded from
the Hacking Team archive might try to, ahem, hack you.
Instead, I’m going to right-click on the document and save it to my
vbox_share folder (clicking through Chrome’s warning, because I plan to
view this documents in isolation).
Now, back in my VM, I can see the document.
To be extra safe, before opening this documents I’m going to
disconnect my VM from the internet. I click the “Devices” menu at the
top of the screen, choose “Network,” and uncheck “Connect Network
Adapter.” This way, when I open the document, if it tries to hack my VM
and connect to a command and control server, or even just phone home to
alert the document owner that it’s been opened, it won’t be able to.
It’s a good idea to do this whenever you open a suspicious document
inside a VM.
Here it is. The document actually appears just to be an email thread
pasted into Word. Regardless, I’m glad I didn’t open it on my host
machine.
Visiting sketchy websites
On your regular computer, for day-to-day use, it’s always a good idea
to harden your web browser. Installing browser add-ons that block ads
and malware, and
making Flash click-to-play, goes a long way toward blocking software that might try to take over your computer through your web browser.
But even doing all of these things, there’s no guarantee that you
won’t get hacked just by loading a website. If you’re going to visit a
website that you think might put you at higher risk of getting hacked,
you might want to visit that website inside of a VM. You can even set up
a dedicated VM just for this purpose. (If you turned networking off in
the previous step, you can enable it again by clicking the “Devices”
menu, going to “Network,” and checking “Connect Network Adapter.”)
Inside my VM I decided to search for “Mr. Robot streaming” and found
myriad pirated streaming websites. Here’s a screenshot of one of them.
See that box that’s telling me my Flash Player is out of date, with a
helpful link to update it? That’s not actually a real Flash update,
that’s malware.
When I clicked through to install this “Flash update,” it ended up
installing a Firefox add-on called “Free Games Zone” that changed my
browser’s search engine to Ask.com. When I pulled this add-on apart to
see how it works I discovered code that injects JavaScript into web
pages that I load, and code that tries to prevent me from uninstalling
it.
In the scheme of things, this malware is on the tame side — it’s not
trying to read my email or watch through my webcam, but it’s still
nothing that anyone would ever actually want installed on their
computers. But even if it were way worse, it would first have to escape
from the VM that it’s trapped in before it could do those things. To
completely get rid of it I can restore my VM from a snapshot, or I can
delete the VM altogether and create a new one.
Running vulnerable software that you rely on
All programs contain bugs, and these bugs can get exploited to take
over our computers. The easiest way not to get hacked is not to use
computers, but that’s not an option; we still have to run programs.
Some programs have much bigger attack surfaces than others. For
example, libpurple, the underlying code that powers the encrypted chat
programs Pidgin and Adium, has been
heavily criticized
for its old, bloated, and likely buggy source code that was originally
written in 1998 (many critical libpurple bugs have been fixed in recent
years, so it’s currently in much better shape than it used be). Yet if
you want to have encrypted chat conversations on a computer, you don’t
have a lot of options but to use it.
If there’s a piece of software that you depend on, but you think
running it on your host machine will increase your chances of getting
hacked, you can set up a dedicated VM for running that program.
If your dedicated chat VM gets hacked through a Pidgin exploit, for
example, the attack will be contained. The attacker will be able to spy
on the encrypted chat conversation you have in Pidgin, but that’s it.
They won’t be able to access other files on your computer. They won’t be
able to see what passwords you’ve saved in your web browser, or listen
through your microphone, or read your email, or anything else.
You still have to be careful
All software has bugs, and this includes virtualization software.
While isolating dangerous activity inside of a VM considerably reduces
the chance of getting your regular computer system hacked, it doesn’t
make it impossible.
If your VM gets hacked, it’s feasible that the attacker could then
escape your VM
in order to run and alter programs freely on your host machine. In
order to do this, your attacker must have an exploit against your
virtualization software. These bugs are rare but
do happen.
You should also be careful with how you use the VirtualBox clipboard
sharing and file sharing features I described above. For example, if
someone has hacked a VM that has Shared Clipboard set to “Host to Guest”
or “Bidirectional,” the attacker could spy on what you’ve copied to
your clipboard on your host machine — for example, a password.
Staying anonymous with Whonix
Whonix is an operating system
that you can install on your existing computer inside VirtualBox, and
that forces all network traffic to go over the anonymity network
Tor.
Tor’s flagship product, Tor Browser, does an excellent job of hiding
your IP address from websites you visit and hiding what websites you’re
visiting from anyone monitoring your internet activity.
But Tor Browser, like all other software, has bugs. If you visit a
website in Tor Browser, the website could hypothetically exploit a
severe bug to force your computer to make an internet connection to the
attacker outside of the Tor network, letting them learn your real IP
address and identity. This is exactly how the FBI
deanonymized Tor Browser users
who visited websites hosted by Freedom Hosting in September 2013. The
FBI exploited a bug that was present in older versions of Tor Browser
(it didn’t work against users who promptly update their software) in
order to hack them and ultimately deanonymize them. (In this case, the
FBI was attempting to attack people who allegedly had links to child
pornography, but they also presented Tor Browser-hacking malware
to users of legitimate websites hosted by Freedom Hosting, including the
free anonymous email service TorMail.)
Whonix uses two VMs, called Whonix-Gateway and Whonix-Workstation, to
maximize anonymity protections. The gateway VM acts as the upstream
internet provider for the workstation VM, and it forces all network
traffic to go over the Tor network. The workstation VM is where you use
Tor Browser, as well as any other software that you wish to use
anonymously. If you get hacked, for example with a Tor Browser exploit
like the one that the FBI used, not only is the attacker contained
inside of this VM and unable to access your host machine, but the
attacker can’t deanonymize you either. All network connections that the
attacker makes will go through the gateway VM, which forces them to go
through Tor.
Whonix is great because you can be confident that everything you do
in the workstation VM is anonymously going through the Tor network.
That means that hackers won’t be able to deanonymize you, unless they
can escape from your VM. You can use chat software like XChat to connect
to IRC servers anonymously, or Pidgin to connect to Jabber servers for
anonymous encrypted chats, or Icedove and Enigmail to send anonymous, encrypted email.
But keep in mind that Whonix, like other virtual machine-based
security, can’t protect you if your host machine gets hacked or
seized. If you are using Whonix to anonymously send documents to a
journalist, and you become a suspect in a leak investigation, your
Whonix VMs might contain evidence that can be used against you.
Installing and configuring Whonix
It’s slightly complicated to get started with Whonix, but there’s a lot of
documentation on the Whonix website, and if you have questions feel free to post them in the comments. Let’s get started!
Head over to the
Whonix VirtualBox download page
and download a copy of Whonix-Gateway and Whonix-Workstation (a total
of 3.1GB, so it might take some time). It’s also a good idea to
verify the PGP signatures, but that’s outside the scope of this post.
Once you’ve downloaded them, open VirtualBox, click the “File” menu
at the top, and click “Import Appliance.” Browse for the Whonix-Gateway
file you just downloaded, and click “Continue.”
Now click “Import,” read the warnings, and click “Agree.” Your Whonix
gateway VM will automatically get set up. Repeat these same steps with
the Whonix-Workstation. When you’re done, you’ll have two new VMs in
VirtualBox.
Start both Whonix-Gateway and Whonix-Workstation. You need to leave
the gateway VM open in the background or else the workstation VM won’t
have internet access, but you’ll do most of your work in the
workstation.
When the gateway VM has finished booting for the first time, you’ll
need to configure it. Click through the “Whonix Setup Wizard” to enable
Tor and automatic updates.
Click through the “Whonix Setup Wizard” in the workstation VM as well. And in both VMs,
change the default password and
update the software.
Now it’s time to starting using Whonix. In the workstation VM, go
ahead and open Tor Browser. It will automatically download and install
it the first time you try opening it. Once it opens, you can browse the
web anonymously, and remain anonymous even if Tor Browser gets hacked.
Qubes: Taking isolation security to its logical limits
Since all software has bugs, wouldn’t it be safest to isolate each program in its own VM?
Qubes
is an operating system that does just that, and does it in a way that’s
much more usable and more secure than is possible using virtualization
software like VirtualBox or VMWare in a traditional operating system.
In Qubes, your host machine runs a graphical desktop environment, and
that’s just about it — your host machine doesn’t even have internet
access. You run all of the rest of your software inside of Linux or
Windows VMs. Qubes also has great support for Whonix. If you use Whonix
inside of Qubes, your host machine has a much smaller attack surface
than if you were using a traditional operating system.
Qubes makes it easy to manage separate VMs for your different
“security domains.” For example, you can create a work VM that you use
to check your work email and login to work-related accounts, and a
separate personal VM that you use to login to Facebook and keep track of
your photos. You can create an untrusted VM that you use for everyday
web surfing, and a vault VM (that doesn’t have networking enabled) that
you use to store sensitive files like your password database, or secret
documents that you’re working on. And you can right-click on any
document to open it in a “disposable VM,” a VM that gets created simply
to view this document, and then deleted again when you close the
document.
I’ve
written about Qubes in the past,
and I encourage you to read more about it if you’re interested. But
it’s not for the faint of heart. Not yet, at least. For one thing, you
can’t test it in a VM like you can most operating systems because it
needs to run VMs of its own, and you don’t want to accidentally break
the universe (just kidding; it just doesn’t work).
And while it has an active development community and a growing user
base, Qubes is not easy to use for non-power users. I don’t recommend
you switch to it yet unless you’re already comfortable troubleshooting
Linux problems from the command line. In Qubes, simple problems like how
to install a new program or take a screenshot can have steep learning
curves for the uninitiated. But all that said, if you are using Qubes,
you can turn your computer into an incredibly intricate and secure
fortress unlike anything that’s possible with a traditional operating
system.
Finally, all software has bugs, and this includes Qubes as well as
Xen, the virtualization software that powers Qubes. Even if you’re
running Qubes, and promptly update all your software, and carefully
isolate everything, and only open documents in disposable VMs, and do
all of your browsing in Tor Browser inside of a Whonix workstation, it’s
still possible for your host machine to get hacked if your attacker has
lots of resources, patience, and zero day exploits.
Conclusion
Normally it’s cheap and easy for an attacker to take over your
computer. But by isolating the parts of your computer that get attacked
within VMs, you can make taking over your computer difficult, expensive,
and, with any luck, not worth it.
