TAILS Linux. How to create a secure Air-Gapped environment for Cryptocurrency


So let’s do how to get tails running and
recover a 24-word seed so firstly you’ve just got to go to the tails
website so you can see there it’s tails tails.boum.org and I’ll put
a link to this in the description just also being aware actually that it’s
possible sometimes that when you google search for things like if you just
google search for “tails” it’s possible that someone will have paid for a dodgy
ad that will take you to a website other than the official tails one but there
are several layers of security in tails I think that make that a lot less likely
so you go to the tails website you just click install it’s a nice big green
button which is great and once it’s done that you just tell it which operating
system you’re installing from you can just download do the download only but
we are going to want to verify the image so we’re going to follow these
instructions which will include how to use the tools to verify the image so I’m
on Windows alright install from another tails you can do that if you’re
especially concerned with security of what you’re doing but I’ll just do it
from here so you will need a USB stick that’s 8 gig or above however long it
needs to take to download it a bit of time to copy it to the USB and again
this will vary depending on the USB or using this will vary depending on your
internet it will not work with a smaller one
it’ll get halfway through burning it’ll look like it succeeded then you’ll go to
boot and it won’t work so just save yourself the effort and use a USB that’s
that’s at least that big these they’re as cheap as chips these days anyway so we
want to install from Windows and these instructions are great so they really
step you through the whole thing so we say let’s go so firstly we want to
download TAILS so I’ll download that and then we’ll come back in a minute once
it’s done all righty so we finished downloading
tails there it is so it’s like a gig one point one gig and that is good so now
what we want to do is we want to verify the download using our browser now it is
worth saying that we can verify the download. If we
download using BitTorrent the torrent client will verify that for us so that’s
another way to do it we’re getting on everyone’s going to be a o’fea
BitTorrent also if you’re feeling a bit techie you can use open PGP to verify
the download but what we’re going to do is use this browser extension because I
think it’s it’s also just really good to use and the browser extension is helpful
in that if you install it this entire website could be compromised so say
someone you know on the system on the network you’re using or whatever had
done something or other which gave you a site that looked very much like the
tales site and we’re giving you a torrent that wasn’t actually actually
wasn’t actually legit and had some signatures here they just served on
themselves at least in my opinion having the tails extension in chrome on the
chrome webstore is I guess a separate part of the or a completely separate
element in the system that also have to be compromised for someone to
successfully have you download and install and run completely the wrong
thing so it’s a an extension and again if you’re not satisfied with this
extension being legit and want to understand you can actually go to the
website and they’ve got information there including the source code and
everything so it’s it’s just a really helpful thing and you know once you add
that onto chrome once yes will allow that
we can then just keep that forevermore we don’t need to worry about updating
that it’ll update itself and that’s just a really handy thing to have so once
we’ve got that extension installed and this is chrome obviously that’s detected
now that it’s there so what we’re going to do is we’re going to click verify
tails and then I’m just going to ask us to select the file all right so we’re
navigate to where the download went to we select it and just say open and it’s
actually just going to sit there and it’ll take a little while not a little
whiles in ours but you know maybe a minute or two depending on your computer
and it’s just going to verify and make sure that the image file that you’ve
downloaded matches what it should that it’s genuine that you haven’t downloaded
something that’s been altered in some way and I would suggest that it’s worth
verifying this every time before you burn it it might seem a bit paranoid but
I think it’s worth doing just to again make sure that someone hasn’t altered
the image that you might have been storing on your computer or on your
network or wherever you’re keeping a copy after you’ve put it onto a USB if
you’re wanting to say you know make multiple USB s with all of this on there alright so it’s verified it’s all happy
if it says no like if it says it’s not successful don’t just burn it anyway and
hope for the best you know download it again and be a bit
suss and you know they give they give really good explanations here for
everything and again this is a big reason why I think TAILS is really good
to use because I explain you know what some of the systems or what some of the
scenarios are that sort of would lead to these vulnerabilities and help explain
why you need these tools so anyway you can read into that as much as you like
so we’re going to follow the bouncing ball because again they’re docco is
really good and look they even tell us what to do so I’m going to download it
sure must come back and it’s done alright so we’ve downloaded
etta it’s now there with the image that we had before and again just following
the bouncing ball so we’re going to plug in the USB stick and again the standard
warning this is not something that’s going to be installed alongside this is
going to wipe everything that is on there so let’s open Etcher I’m gonna run it
and UAC didn’t seem to care but that’s fine so let’s select the image there it is let’s select the USB yep
that’s the right one you can see it’s 64 gig this one so it’s way overkill but
that’s fine do make sure you’ve got the right one
selected I would really suggest just unplugging every other USB stick from
your computer so you don’t accidentally wipe something else and then we just hit
flash I can’t even see this it’s the same hit flash and we wait all right so
the UAC prompt from Windows did come actually when I hit flash and that
stopped the recording but anyway that’s flashing away now and it’s pretty quick
just because that’s a USB 3 USB that I’ve got in there and again this is just
following all of the instructions in there and then once that is done you’ve
got tails ready to go on a USB stick alright and it’s done we don’t want to
flash another we’re happy with just one and that’s it and says congratulations
installed tails on USB stick and you can now restart a computer will be a bit
complicated so good luck so it says here again open these instructions on another
device so like a phone or something and or print them out if that would be
helpful to you and then reboot on tails so shut down the computer while leaving
the USB stick plugged in turn it on and if the computer starts and
the tails bootloader thing appears then that’s good otherwise what you’ll
probably have to do is on all on laptops for example they’ll have a message
little flash up really quickly that says something like you know press f11 for
boot options or press f12 boot options and again they’re troubleshooting
section talks about exactly that kind of thing and you may need to refer to the
documentation that came with your computer or if it’s like an old laptop
just try try one of these suggestions here so usually there’s something you
will need to do if it doesn’t automatically boot off for USB so that’s
that’s something that you’ll just need to look through yourself again it goes
pretty far in a detail as well like disabling things like fastboot but I
suppose the these things are so device dependent especially if you need to
start editing BIOS settings so the little boot from a USB that I don’t
think it’s productive to really go through it in this video this is the one
bit you will need to I guess read their documentation in detail we’ll just work
out how to convince you all that talked a bit off the USB so yeah it’s usually
pretty straightforward so we’ll do that alright so at this point you’ve you’ve
put tails onto a USB and we’ve rebooted and I’ll to show you what you’re gonna
get so just because it’s easier to record the screen from a virtual machine
all all run TAILS in that but you’ll get the same appearance and stuff that I
want to show you as well it’ll all behave in the same way now I should
emphasize as well that just I’ve mentioned this before just running tails
in a virtual machine is not sufficient security in terms of giving you an
air-gapped safe environment okay so you know running it something in a virtual
machine can help it can be better than just running it normally but for
what we’re doing here in terms of the security that we want for dealing with
private keys of crypto running in a virtual machine doesn’t cut it it’s not
going to help you from like malware and other things that are basically going to
be logging keystrokes or anything like that
okay so tails is booted and you might need to change your keyboard layout just
depending on obviously what your keyboard layout is so I’ll just change
it I was Australian English. Australian and US are the same, you might want to change your
formats it has additional settings here and if you are needing to install
software that requires admin so superuser level access you need to set a
password when you’re booting now you can also at this point disable all
networking so for the purposes of crypto I do think it’s worth disabling all
networking just as a good habit in case you like forget to unplug stuff like I
think is important I think is really important with crypto stuff and dealing
with private keys and lots of stuff to remember that the human factor for this
stuff is really important and so simply for developing good habits of you know
saying look I’m not going to need networking and I disable it as well as
unplug it but we’ll just say connect directly to the Tor network here as well
because I think it can demonstrate something that’s useful to see we’re not
going to worry about setting a administrator password because we don’t
wanna be installing software because everything we’re going to be doing will
simply run out of a browser so we don’t need that we don’t need anything more
than the browser that comes with tails there we go and it will it will warn you
if you’re using a non free virtual machine and again this is one of things
I love about tails is it’s it’s something that has layered security and
will it’ll warn you if you’re doing unsafe things like for example it’ll
warn you not to skip verification it’ll warn you if you’re running in a virtual
machine so that can’t be considered trustworthy so again I’m just
demonstrating something so we don’t need to worry about that warning if you’re
running this on a normal computer it shouldn’t give you that warning at all
so what we’ll show you now so this is just the normal tails desktop so what
I’m gonna do now is I’ll just show you something where we plug in a USB stick
so this is a second USB stick plugged into the computer so there you guys
picked up that USB in Windows we’ll just pass that through the VM and if we wait
for a minute after connecting that USB it’ll actually appear for us in home so
tales is user friendly enough that’ll automatically mount the USB that you
stick in there there we go so if we go to home we can see that it’s mounted new
volume that’s the USB stick that I plugged in and that has the tools these
are some tools those in another video but the Ian Coleman’s BIP39 tool is just
there so this is another important thing so if you’re just looking to run some of
these tools straight off the USB when you go to run them you’ll actually get
an error message which if you’re not familiar with what to do give me very
confusing and annoying so we’re just going to start the tor browser because
we’re we’re offline we’re not interested in the tor side of what tails does we’re
simply using it in an air-gapped way there we go so it’s open the browser and
if we just give that a minute to finish loading because it will be a bit slow
and then perhaps you’re used to just gonna be running everything off a USB there we go and it’s going to say access
to the file was denied now one of the things with tails is the tor browser is
one of the security features is that it’s very selective about where it has
read access to for files so if you try and run something straight off a USB
won’t work it’ll be that error if you copy it onto the desktop and run it
won’t work Same Error… so you’ll notice if you when you
clicked on the home button there’s this folder called tor browser okay so when
you put things in here then and only then are they accessible by the tor
browser and again this is great so the kind of errors it gives you I’ve no
errors warnings so we’re not worried about being tracked in terms of Tor and
browsing so we can ignore that and there you go so now here we are so this is the
Ian Coleman BIP39 tool which means that you know we can either generate
ourselves a 24 word phrase that we want to use for say an offline wallet or we
can go about using that tool to pull out an extract you know individual private
keys for you know crypto, individual addresses for crypto currencies that we
might want to use or important into a new wallet or there’s a whole range of
reasons why you might want to do that you know you might even just and I’ll
probably make another video on this have a sort of paper wallet that you
essentially store these 24 words and you know use the public addresses on there
to view essentially an offline hardware wallet level paper wallet paper wallet
level of security without having to worry about handling all these backups
that are essentially phrases like that to try and keep so you could have like a
multi currency paper wallet with just a single 24 words see that you can backup
in an easy way and actually really useful so that’s a really helpful thing
so we’ve basically just gone through these instructions stick the files in
the tor browser the only one thing I’ll show you as well is the other useful
feature of this so basically we’ll just enable
networking in the virtual machine so what I’ve just done would be the
equivalent of just plugging a network cable back in to the computer so we can
see there it’s got the network and that little onion thing there is its
connection to the Tor network so the Tor again is sort of like an
internet anonymization service you might have heard people talk about the Deep
Web and things like that and tor is a tool that allows you to do that in a way
that’s very good at getting around blocking in surveillance mechanisms that
might be set up so if we just try and ping Google’s DNS servers we’ll see
there it actually doesn’t work it’s being blocked because we’re trying to
access it without doing it through the Tor network so there we go started the
tor browser and after a little while it’s sort of started connecting so now
tor is ready you can now access the Internet so what we’re surfing on now
with this is being secured by tor but what’s very interesting is even while
tor is active and you know the browser will work through that and it’ll
be a bit slower because it’s going through the many layers of encryption things that don’t go through tor still
don’t work they’re still blocked which is really useful so and even if we were
to try to do other things from the command line so for example just to
demonstrate here I’ve got a Python script that we often use so just just to
demonstrate another way that this is powerful isn’t that say we had a Python
application this is get pip which is a legitimate application that people might
use just by default if we do a run get pip so what get pip does is it tries to
talk to a server that hosts sort of like Python applications and things and goes
to I guess download some resources and install them and basically you know
what’s trying to do now is it’s trying to connect to the Python servers
directly and it’s not working so again like if you’ve got just a really basic
script that someone’s written that’s going to like immediately leak data that
it shouldn’t online this will provide you with I guess a measure of protection
that just being connected directly if the internet does and again I can’t
emphasize enough I don’t think it’s a good idea to be online when you’re you
know entering private keys into tails I think best practice is that you
basically disconnect you you know do the private key based stuff and then shut
down and then that will just wipe everything that you’d entered in rather
than you know just simply closing the browser tab and thinking hey I’m okay
now and using it like a normal desktop no don’t don’t do that so there you go
and then once you’ve finished just shut down and then that will remove every
trace of everything you were doing the only other thing that I’d add is this
probably is a helpful way to understand sort of the benefits that our hardware
while it gives you in the sense that it gives you this sort of air-gapped level
of security with the device that can be plugged in and can run securely on a
computer that’s like full of malware so if you haven’t got a hardware wallet I
think a Ledger Nano is a really great place to start and again if you just
sort of new to the space and don’t have you know hundreds of different crypto
currencies trying to store a Ledger Nano S can be a great investment and you
know if you’re feeling like spending extra money and X can be
Ledger Nano X can be good but frankly the Ledger Nano S can do everything pretty
much that the X does in terms of security and is like half the price so
yeah your best bet for them is just to buy it directly through ledger and
they’ll send them internationally and I’ve just thrown a link to that in the
description as well so if you found this helpful you know hit like on the video
that helps me and you know certainly subscribe if you’re interested in this
kind of stuff I’m planning to so I guess cover a bit more ground in terms of just
being familiar with some of the tools that can help you get out of trouble if
you’re stuck in terms of crypto but also can help you to understand some of the
practices to avoid just getting scammed because again there are no shortage of
websites just want you to shove your 24 word seed key straight in online or
email it to them or send it to them on Facebook or any of those things just
just avoid all of that and I just learned some good security practices so
I hope that’s been useful and yeah best of luck let us know if there’s any
particular elements that you get confused with and I’m happy to I guess
help you add the replies or direct you in the right direction for that

2 thoughts on “TAILS Linux. How to create a secure Air-Gapped environment for Cryptocurrency”

  1. Really liking the channel. You ever think of using zmsocial”.”com? It’s the best way to get your videos higher in the search results!!

  2. Wow Air Gap! I have not set up that type of security since the military. That was very interesting and cool but for most people i think setting up an air gap as a solution is way overkill/crypto is not going to go mainstream if you have to jump though these type of hoops. But awesome. Super informative. I also would be using Brave not Chrome. edit: Oh you are Brave verified! Tipped and subbed.

Leave a Reply

Your email address will not be published. Required fields are marked *