Intelligence agencies are constantly looking for new effective methods of de-anonymizing users who hide their IP address. Of course, establishing the identity of a criminal does not guarantee his arrest at all. For example, the identity of Slavik, the developer of the ZeuS Trojan, has long been established by the American special services, but they still cannot plant him, since he is located in Russia, where US laws do not apply.
One of the most popular methods of cybercrime is sending fraudulent emails. Basically, fraudsters send letters to companies with non-existent fines, issue invoices from partners or, on behalf of the bank, ask to transfer funds to a new account.
Once the famous Italian football club Lazio decided to buy Dutch defender Stefan De Vrey from Feyenoord. The deal was valued at 7 million euros and was split into several tranches.
And so an invoice for 2 million euros from Feyenoord came to the official e-mail address of football club Lazio, and, of course, it was paid on time. As you might have guessed, the invoice was sent by scammers.
The secret services plan was to force the criminal to abandon the means of hiding the IP address, but the FBI's work in this case looks very primitive.
There is a better way to encourage users to opt out of anonymization and expose their real IP address. This method was used at one Russian-language forum for hackers, created with the support of law enforcement agencies.
So, it was this captcha that the special services posted on a controlled forum in order to force users to abandon the use of VPN, proxy and Tor, because those who used them, at each entrance to the forum, were met by a captcha, which occurred several dozen times - this can to infuriate even a person with exemplary strong nerves.
Of course, no one suggested giving up VPN or proxies, but it was recommended to use VPN and proxies with Russian servers, in other words, located in Russia. And hosting providers located in Russia were obliged to provide law enforcement agencies with all information about server users upon request and, of course, gave it out.
It is difficult to draw any conclusion from these stories, they just need to be remembered, because maybe someday they will want to de-anonymize you in this way.
How does the FBI catch cybercriminals from Russia?
As a rule, after successful de-anonymization of a cybercriminal from Russia or Ukraine, the special services wait for his visit to rest in one of the countries with which they have established cooperation, and then the cybercriminal goes to trial in the United States.One of the most popular methods of cybercrime is sending fraudulent emails. Basically, fraudsters send letters to companies with non-existent fines, issue invoices from partners or, on behalf of the bank, ask to transfer funds to a new account.
Once the famous Italian football club Lazio decided to buy Dutch defender Stefan De Vrey from Feyenoord. The deal was valued at 7 million euros and was split into several tranches.
And so an invoice for 2 million euros from Feyenoord came to the official e-mail address of football club Lazio, and, of course, it was paid on time. As you might have guessed, the invoice was sent by scammers.
Ways to get the real IP address of criminals
One of the FBI's campaigns to hunt down such cybercriminals included the creation of a fake FedEx site to lure crooks into. It worked as follows: the attackers send a fraudulent letter to the company's mail, and it is not the accountant who replies to it, but agent John, and, of course, the response will contain a link to FedEx from the FBI.The secret services plan was to force the criminal to abandon the means of hiding the IP address, but the FBI's work in this case looks very primitive.
There is a better way to encourage users to opt out of anonymization and expose their real IP address. This method was used at one Russian-language forum for hackers, created with the support of law enforcement agencies.
So, it was this captcha that the special services posted on a controlled forum in order to force users to abandon the use of VPN, proxy and Tor, because those who used them, at each entrance to the forum, were met by a captcha, which occurred several dozen times - this can to infuriate even a person with exemplary strong nerves.
Of course, no one suggested giving up VPN or proxies, but it was recommended to use VPN and proxies with Russian servers, in other words, located in Russia. And hosting providers located in Russia were obliged to provide law enforcement agencies with all information about server users upon request and, of course, gave it out.
It is difficult to draw any conclusion from these stories, they just need to be remembered, because maybe someday they will want to de-anonymize you in this way.
