De-Anonymization

[Carding]

What Is De-Anonymization?
De-anonymization is a technique used in data mining that attempts to re-identify encrypted or obscured information. De-anonymization, also referred to as data re-identification, cross-references anonymized information with other available data in order to identify a person, group, or transaction.

KEY TAKEAWAYS

• De-anonymization is the practice of re-constituting the private information stored in encrypted or otherwise obscured data.
• Anonymized data is used ubiquitously in online and financial transactions, as well as on social media and other forms of electronic messaging and communication.
• Re-identifying anonymized data can compromise personal identity and financial security for illegal purposes, as well as undermine consumer trust.

Understanding De-Anonymization
The technology-savvy era is rapidly disrupting the traditional way of doing things across various sectors of the economy. In recent years, the financial industry has seen a lot of digital products introduced to its sector by fintech companies. These innovative products have promoted financial inclusion whereby more consumers have access to financial products and services at a lower cost than traditional financial institutions allow. The rise in the implementation of technology has brought about an increase in the collection, storage, and use of data.

Technology tools like social media platforms, digital payment platforms, and smart phone technology have unveiled a ton of data used by various companies to enhance their interaction with consumers. This ton of data is called big data, and is a cause for concern among individuals and regulatory authorities calling for more laws that protect the identities and privacy of users.

How De-Anonymization Works
In the age of big data where sensitive information about a user’s online activities are shared instantaneously through cloud computing, data anonymization tools have been employed to protect users’ identities. Anonymization masks the personally identifiable information (PII) of users transacting in various fields like health services, social media platforms, e-commerce trades, etc. PII includes information like date of birth, Social Security Number (SSN), zip code, and IP address. The need to mask the digital trails left behind by online activities have led to the implementation of anonymization strategies like encryption, deletion, generalization, and perturbation. Although data scientists use these strategies to sever sensitive information from the shared data, they still preserve the original information, thereby opening doors for the possibility of re-identification.

De-anonymization reverses the process of anonymization by matching shared but limited data sets with data sets that are easily accessible online. Data miners can then retrieve some information from each available data set to put together a person’s identity or transaction. For example, a data miner could retrieve a data set shared by a telecommunications company, a social media site, an e-commerce platform, and a publicly available census result to determine the name and frequent activities of a user.

How De-Anonymization Is Used
Re-identification can be successful when new information is released or when the anonymization strategy implemented isn’t done properly. With a vast supply of data and limited amount of time available per day, data analysts and miners are implementing shortcuts known as heuristics in making decisions. While heuristics saves valuable time and resources in combing through a data set, it could also create gaps that could be taken advantage of if the wrong heuristic tool was implemented. These gaps could be identified by data miners seeking to de-anonymize a data set for either legal or illegal purposes.

Personally identifiable information gotten illegally from de-anonymization techniques can be sold in underground marketplaces, which are also a form of anonymization platforms. Information that falls into the wrong hands can be used for coercion, extortion, and intimidation leading to privacy concerns and enormous costs for businesses who fall victims.

De-anonymization can also be used legally. For example, the Silk Road website, an underground marketplace for illegal drugs, was hosted by an anonymized network called Tor, which uses an onion strategy to obfuscate the IP addresses of its users. The Tor network also hosts a couple of other illegal markets trading in guns, stolen credit cards, and sensitive corporate information. With the use of complex de-anonymization tools, the FBI successfully cracked and shut down Silk Road and sites engaging in child pornography.

Success on re-identification processes have proved that anonymity is not guaranteed. Even if groundbreaking anonymization tools were implemented today to mask data, the data could be re-identified in a couple of years as new technology and new data sets become available.

(c) https://www.investopedia.com/terms/d/deanonymization.asp

 

[Carding 4 Carders]

Typical errors that lead to deanonymization​

In today's article, we will discuss common mistakes that lead to deanonymization. Many of them may seem idiotic to you. But people make them! Partly from ignorance of technical aspects, partly just forgetting about much more important things, if you set up 2 VPNS through 3 Tors and 8 proxies.

1. Anonymity in social networks.​

If you have registered in Facebook or VK (a social network) by entering your phone number. Then they connected to Facebook or VK via Tor in order to write "Deputy of the second convocation of the city Dima Nikiforov" in the official group of the Zadrishchensk city Administration. Does this mean that you are anonymous - after all, you used Tor?

It doesn't mean no. If only because your social network account has a phone number linked to it. And for your identification, the IP address is not particularly necessary.

2. Anonymity and cookies.
Cookies are small pieces of information that are stored in your web browser after the site has sent them to you.

If you went to the site, received your cookies, then reconnected via Tor and wrote in the comments something like "Deputy of the second convocation of the city Duma Petrov D. S. is also a thief", then the cookie can link the author of the comment and the user who previously logged in with a different IP address.

Cookies are designed to identify the user regardless of your IP address.

3. Many sites store IP addresses of previous actions.
For example, I have registered a VPN account that I will connect to via Tor. But I registered it from my IP ("because Tor is slow, and in General that site does not accept connections from the Tor network). Will I be anonymous if I connect to the VPN via Tor? No, because information about previous operations with the IP address is saved.

4. I will BUY a VPN (or VPS server to set up OpenVPN) and will be anonymous.
Even if you read the third point and went to register via Tor, but use wallets that can lead to you, then there is no question of any anonymity. Moreover, when buying one-time SIM Cards and logging in to wallet sites, you also need to remember about your anonymity, otherwise it's all just pointless.

That's why Tor is simply more anonymous than Tor + OpenVPN. It's pretty hard to buy something without leaving a trace.

5. OpenVPN is very good, but not for anonymity.
If we recall the original purpose of VPN networks, then this is the organization of virtual private networks, within which computers scattered around the world can access each other's local network resources. At the same time, traffic is exchanged in encrypted form, but this traffic is encrypted only for an external observer, but not for the server and clients of the OpenVPN network.

For this reason, if you have purchased a free or paid VPN account, then be prepared that the server owner can do anything WITH your traffic and keeps activity logs — what requests were made from which client.

As it is written in the Whonix help: a third of the popular VPN providers are owned by Chinese companies (China is not a country where privacy is respected), and the rest in countries like Pakistan are also "wonderful" countries. How many of them are 'honeypots' and record activity is impossible to say, but in my opinion, this is done by 100% of paid and free VPN providers.

6. There are 1000 and 1 ways to find out the real IP address of the remote user.
Options range from the simplest to send a link to a controlled site and view the IP (if communicating via an anonymous messenger) or a file with a Trojan to quite sophisticated ways.

7. If you use any closed source SOFTWARE for illegal activities, then a backdoor is 100% installed there.
Backdoors can also be found in legitimate closed-source SOFTWARE - as a hard-to-detect vulnerability that the manufacturer knows about, or just an ordinary stupid backdoor - such as was found, for example, in the official firmware of routers.

As for illegal closed-source SOFTWARE that distributes anonymously, please tell me, well, why not install a backdoor there? The owner won't know anything, and even if he does, what will he do? He will go to the police and say: I bought scripts to crack the protection of stolen phones, and I installed a virus there... I Don't think he will do that.

8. lack of Understanding of the simplest technical aspects of the operation of networks, servers, applications, accumulated and available information in open sources.
In my articles linked to above, I found the attacker's sites simply by analyzing where the POST request goes. Why did the attacker leave scripts in the archive on this site? Apparently, I just didn't know that it's very easy to track where a POST request goes, even if the HTML code is obfuscated.

And there can be a lot of such "technical" punctures: a simple SSH connection password ("no one knows where my server is"), a lack of understanding of what information a researcher can access on the server, a lack of understanding of what Cloudflare is for, etc.

9. The big picture.
Example: infrastructure objects are being attacked and IP traces and other indirect signs lead to somewhere far away. But at the same time, the objects and methods of attack are similar to those used by a well-known hacker group. At the very least, there is something to think about.

10. Metadata in files.
You need to know everything about metadata and programs to view and clean it up. Otherwise, if you distribute files, all other anonymity measures may become useless. Something like in the first paragraph, when Tor is used, but you log in to the social network under your own account.

Do I need to use Tor with VPN, proxy, SSH?
This is a frequent question in various variations. And there is no definite answer to it. Let's say that in my country or my Internet service provider blocks access to the Tor network, then it is not so much a good solution, but the only solution is to use VPN + Tor. At the same time, I must clearly understand the risks of a VPN, which is designed to organize virtual private networks, and not anonymity. If I Don't understand the risks of adding different intermediate nodes, but I do it simply because I read on some forum that this is better, then this is a bad idea: there is no working technology to find out the real IP address of a Tor network user, but the VPN "honeypot" will know everything about you:

• your real IP address
• which sites did you make requests to
• what responses were received

 

[Carding]

Deanon by nickname​

How to find a person by nickname
First, let's look at what a nickname is and how people choose it.

What is a nickname?
The nickname is our name (alias) on the Internet: we choose it by creating our personal mailbox, and then often use it in various services.

We are not limited by anything when choosing a nickname, but there are favorite algorithms for forming our online aliases:

• Games with your own name: last name, first name + last name, first name + year of birth, first name + date, initials.
• Games with names of your favorite characters (tovbender, napoleon).
• A little bit about me: profession, psychology (besthacker, murmur).
• Demonstration of Hobbies: footballer, boxer.
• "So that no one will guess”: a word on the contrary, a Russian word in the English layout, a word in Latin, etc.

And don't forget! Users often use a nickname in their email address. This can be very helpful in finding a person.

Search for people by nickname
Consider the services that allow you to search for a nickname "in one window", in social networks and large portals. The sites in question can find a person in blogs, social networks, social bookmarks, business services, communities, news, etc.

Of course, you can do all this yourself, so to speak, with pens, but this is quite a chore and will take a lot of time. And why, if you can automate the search process?

How does it work?
Everything is extremely simple. Click on the link to the site and enter the desired nickname in the search bar. Then click on search and wait for a few seconds.

Find a person by nickname: NameChk
Let's start with the NameChk service . This site allows you to search for your nickname in social networks and other major sites, such as: Vkontakte, Facebook, Twitter, Youtube, Ebay, Paypal, Steam, etc.

The service will scan all available sites and display links to all accounts that use this nickname. In General, this free service does not do a bad job, but it is more focused on a foreign audience. Although, as I said above, there are also Russian sites on its list.

Search for people by nickname: Pipl
The next Pipl service. The site can search for people by nickname, first name, and last name. Along with nickname search, you can also search by location.

For developers, the service offers an API with easy-to-understand instructions. There are both free and paid options.

I liked the site. I recommend it.

Website for finding people: Where-You
Where-You is another, but this time already free service that allows you to find a person by nickname, last name, city, country, date of birth and even patronymic.

The interface is in Russian. It works stably, no glitches were noticed. The output is relevant and easy to analyze.

Overall a good site. For our CIS audience, the most important thing is that the interface is in Russian, and the output is ours: all sorts of things mail.ru, Vkontakte, Odnoklassniki, etc.

 

[Hacker]

Deanoning the VPN user. So how do intelligence agencies work?
There are several different ways to deanonymize a VPN user.
Let's imagine the situation. While in Moscow, we were connected to a VPN that is located somewhere in Paris. And we went in and did something illegal. What happens next? The aggrieved party turns to the guys in uniform, they, using the system of operational search measures, give a request to the Russian Federation's outsiders, both stationary and mobile operators. They ask who connected to such and such an IP address in Paris, because they only saw our IP in Paris, but did not see Moscow.
Consider another situation. We made a bunch of double VPNs (two) that connect sequentially. We can even do triple, quadro, or any number of VPNs in a bundle.

So, let's introduce a new bundle. We connect from Moscow to Amsterdam, then to Frankfurt. And then we go to the resource and again commit illegal actions. The beginning of the development of events are the same-again they turn to the guys in uniform, again the system of operational search measures. What will they be looking for? They search the output for our Frankfurt IP address. They send a request to providers of the Russian Federation - who connected to it? But no one connected. Why?

But if it seemed to you that the second method gives us anonymity, then yes...for a couple of days. In the first case, we would have been discovered in 2 hours. The second option gives us a head start to go to the mountains.
Why would they find us anyway? Because any IP address, as mentioned earlier, belongs to the provider, and it keeps logs and sees who connected to whom. They contact the Frankfurt IP provider, find out who rents the server, give a request to the tenant and he gives up who connected to it at that time and then go to the next server in the same way and get your IP at the output.
So the number of VPN servers in a bundle only delays time.

Now let's tackle the myth of server deployment.
There is an opinion that you can take a VPN in Panama, Qatar and everything will be fine.
This is only partly true. Why? Because official requests can achieve everything.
Let's look at how the special services work with the same Panama. Panama never gives out any data to anyone, BUT except for the US special services
Accordingly, the special services of the Russian Federation send a request to Interpol, indicate the IP address and indicate involvement in terrorism. Interpol transmits this request to the US special services, and they, respectively, to Panama. And in the same way, the answer goes back.
The same scheme works with Qatar, except that they send a request to Saudi Arabia.
In any case, they'll find us if they want to.
But we're not hiding from the security services, are we?
We only consider the special services as a reference in deanonymization.

Let's move on to the next story that all our special services are stupid. This is not true. Yes, no one will sit and look for you for such a salary. Therefore, there are people either recruited, who were taken by the ass and they will try to attack us, or just extras.
The most important merit of the special services is their administrative resource and influence. That's all, there's nothing else.
Accordingly, how to describe in the book exactly how to be our hero, who needs to hide, purely based on our fantastic delusions and solely for writing purposes, because we write fairy tales? This is TOR.
VPN means security, TOR means anonymity.

In more detail about the TOR network structure, how you can lose your anonymity even using it, and other things, we will talk in the following articles.