Father
Professional
- Messages
- 2,602
- Reaction score
- 807
- Points
- 113
The fight against Internet scammers and other cybercriminals these days is no longer a myth, but a harsh reality. Long gone are the days when the secret services did not know from which end to approach the network. Of course, they have not gone so far as to fully control cybercrime, and not all employees are grounded at the proper level. But this applies to petty crimes, and all significant ones do not go unpunished.
Feds detects, warns, suppresses and uncovers crimes in the field of information technology, illegal traffic in special technical equipment and child (pedophilia) pornography.
Who works there? And is it hard to get
In such organizations, there are not some bottom crabs, but mostly white hackers. White hackers are citizens who, at a young age, committed some kind of computer hacking at the age of not older than 13 years and fell into the clutches of feds. They, in turn, hide the case, without making it public and exercise total control over this young hacker, gradually teaching him to future work.
There are also special schools of the feds for computer security, where they teach in a slightly different way relative to civilian institutions in the same specialty. The subjects are completely different, all the lessons are as close as possible to real work, that is, what the employee of the feds.
In general, recruiting to this institution is a delicate matter and not everyone can get there, although he almost put it right. Anyone can get there, just in which room, in the sky with a cage or a warm and cozy office with a good computer and a mug of hot tea (coffee) on the table.
Although such good specialists work in this institution, this does not mean that they should only deal with mega-complex matters. For the most part, they have to do very dirty and indecent work for their professional competence.
By the type of deletion of various posts in social networks, where the authorities are insulted, etc.
I think, in a nutshell, it became clear what feds is and what it does. Now let's talk about how they work, what strategies and tactics are used.
Activities, strategies and tactics
Let's take a look at the foundation. This is approximately what the standard of operational-search measures looks like:
1. Interview-conversation with citizens who may be aware of the facts, circumstances significant for the implementation of the tasks of operational-search activities.
2. Making inquiries.
3. Observation.
4. Operational inspection.
5. Control of postal items, telegraph and other messages.
6. Wiretapping of telephone conversations.
7. Prompt implementation (putting an employee into development).
Example:
To deal with each of the stages, we need to imagine some kind of real picture. Let's say that you were surfing the Internet as usual and suddenly broke some website, but it turned out that this is the official website of the Moscow Region Administration.
You first cursed Google because it brought you to this site, then you began to blame yourself for not even reading the description of the site, but were more interested in describing its mistakes, and also cursed yourself for leaking the database data with confidential data. And then they instantly calmed down when they remembered that you were using a fresh anonymous proxy.
Relaxing, you go, put tea, take out buns to sweetly celebrate the victory and enjoy the trophies downloaded from the site.
The next day, stinking of cigarette smoke and beer fumes, the system administrator of the compromised site looks up from the table and notices that the logs are out of order and reveals the presence of unauthorized access to the confidential data of the site. He quickly brews himself strong coffee, drinks an anti-pachmelin pill and, following with an anti-club, runs with bulging eyes with a report about the assault on his boss.
And so, from this very moment, a vicious hunt for you begins! And then everything is according to the instructions: an application is submitted to the local police department with a full description of the hacking and attached logs of penetration and other crap.
Well, it is natural that the employee who accepted the applications will not be involved in this case, since he does not have the appropriate skills and knowledge. The case is transferred to a special department - this is feds.
The first stage is a survey of citizens
Now the first stage begins - a survey of citizens who can help in the investigation. In our case, the site administrator will be interviewed, they will find out through which hole the hack was made, from which ip-address the hack was made, and also ask who benefited from the hacking, is there any suspicions about someone, or is it a guest performer like you.
The second stage is making inquiries
More precisely, the processing of data from the first stage, roughly speaking, is checking your IP address in order to find out who your provider is. An ordinary citizen can also do this using the WHOIS protocol (application layer network protocol).
So, having broken through the IP address obtained in the logs of the hacked machine, they see Country: USA in the line - that is, the machine with this IP address is located in the United States.
And this is one of two options, either some deversant from the CIA decided to break the site of the administration of the Moscow region, or this is a tserver - a regular proxy server. Well, the first option is unlikely, but still, all versions are being developed and they should be tested.
First, the IP address is punched through the public server database. If the IP address is clean, then there is a possibility that the server has recently been hacked and a proxy is installed there. In this case, you can get by by ringing open ports. Yes, of course, you can put a proxy on a non-standard port like 3128 or 8080, 80. But all the same, the services will be shown by the scanner, and there are a lot of other options on how to determine whether a proxy server is worth it or not, take my word for it, for guys from the feds, this will not cause any difficulties.
Having learned that this is a proxy server that you brazenly used to penetrate the system, the feds is faced with the question of how to get information from that server about from which IP address you entered this server at a certain time. They have two ways: an official request from their colleagues in the United States, and if they receive an answer, the case will develop much easier, and the answer will be attached to the case.
Or the second option, not legal. If in the official request the feds receives a refusal, and it will be so, since there is no such agreement between our countries, then in order to advance the case, you will have to conduct unauthorized access to this server, again the guys from the feds "Will not be difficult, it is for such purposes that they sit there. But, having received data from the server about your IP address, it will not be possible to sew it to the point, but you are already taking on development and it is at this moment that you need to sit down for treason.
So, having learned your IP-address, it again breaks through the WHOIS and it is already clearly visible that you are a friend who lives, for example, in the capital. They break through where you work, what you do, and a number of other necessary information.
Then they visit the provider and on some fictitious basis, such as the machines of your clients send spam or are infected with viruses, they demand to provide logs for your person. And now there are documents that in the course of some other operational measures it was revealed that your IP-address from such a certain time addressed the IP-address from which the site was hacked, but this can be freely attached to case and it will serve against you in court.
Stage three - observation
The third stage comes into play - now a careful observation of your personality is carried out, they monitor which sites you visit, where, what you send, etc. They can even display outdoor.
In the course of these events, your personality will finally consolidate itself in a not very good direction, since you are unlikely to stop walking on prohibited resources, breaking websites and cars or scamming at flea markets.
Fourth stage - operational inspection
Simply put, you have become the main suspect and now it is easy to get a warrant to search your apartment and seize your system unit and all media such as flash drives, disks and a number of other compromising evidence on you. They can also take all your notebooks, printouts, magazines and a number of other paper carriers, which may contain something tasty for the investigation. And yet, they do not disdain to poke around in your trash can (not virtual, but real), all documents are also seized from there when witnessed.
All your junk is taken to the building of the feds, where from there they will pull out information about where you were, what you did, what software is installed on your computer, whether it is counterfeit (in which case another article will go after you) ... So, your hard drive is taken out of the system unit and connected to a device that only reads (this is done in case you decide to protect yourself and install a program that can format the hard drive).
Even if you formatted your hard one before the seizure, then again, it will not be difficult for the employees of the feds to pull out the necessary information for the investigation. Even programs such as ChromeAnalysis (a program that shows what, where, when, where the owner of this computer went through the Google Chrome browser), FoxAnalysis (shows the same as the ChromeAnalysis program), Web Historian (a universal program for analyzing temporary browser files) - these programs will show all your travels around the world of the Internet, as well as help to create the correct report, all your locations in the protected part of the website of the Administration will be shown.
So, now you see that it will not be difficult for the employees of the feds to extract information from your hard drive, which confirms the fact of hacking.
The fifth and sixth stages - message control
This is so that you do not have any options at all to excuse yourself in court. This option works 70%, because you start calling your acquaintances, for example, a friend of the hacker Vasya Pupkin, and start telling: “Do you remember I told you that the site broke down? So today they came, they confiscated everything, etc. Etc." The record of the telephone conversation is also attached to the case, and here you yourself are already talking about the fact of hacking.
Seventh stage - operational implementation
This stage is performed if it was not possible to collect the evidence base in the previous stages. A person is introduced into your social circle, you post all the information he needs, and at the time of some hacking they pack you neatly, and everything starts from the fourth stage.
Starting from the fourth stage, when they come to your house with a search, you immediately need to go to the market and buy a CD with the song "Thieves' share", this will be very useful to you in the future. Well, you need to support yourself somehow, right?
How to protect yourself?
By anonymity: new computer, new modem, new sim. SIM replenishment through cue ball, not from a card or terminal. We pass all traffic through the VPN, then the script and encrypt the file on it, it is desirable to have a portable hard drive. Install Whonix, and Kali. We let all traffic to Kali through the Gateway, install toriptables in Kali, configure and install VPN. We go into Firefox, install the antidetect extensions and connect a Proxy of some kind.
We go to the sites and look for VPS for BTC, we rent. We fill in our ISO with Windows and we have a full-fledged RDP. We put Proxifier there and download Tor. We start all traffic through Tor. Download Epic Browser, add VPN extensions (built-in and free there) and use Black Schemes. For hackers, on top of this chain we change to VPS from Windows to Kali and there traffic through Tor, on top of VPN.
If you don't want the feds to knock on you with a sledgehammer
The first - radical - is not to do bad things AT ALL.
The second is to buy yourself a special trick, which hangs over the hard one, and in which case, when you press the corresponding button on the system unit, your hard disk burns out and no one will restore it, and all sorts of hammer blows, etc., is not a solution, this is all, again, is restored in specials. laboratories.
A powerful microwave oven can also be a good solution, in which, in the event of the start of the "Masks of Show" operation, it will be necessary to place all devices capable of storing information.
The third option is USB killer. You see the riot police outside the door, you flush the modem and sim into the toilet.
In fact, there is always time, albeit a little, if you have composure and clarity of thought at this moment, you will undoubtedly have time. Usually the evidence base is either there or part. With today's technology and straight-handed hands, it is very difficult to prove crimes on the internet.
The rest will not be able to prove, they will decipher until the end of death.
Feds detects, warns, suppresses and uncovers crimes in the field of information technology, illegal traffic in special technical equipment and child (pedophilia) pornography.
Who works there? And is it hard to get
In such organizations, there are not some bottom crabs, but mostly white hackers. White hackers are citizens who, at a young age, committed some kind of computer hacking at the age of not older than 13 years and fell into the clutches of feds. They, in turn, hide the case, without making it public and exercise total control over this young hacker, gradually teaching him to future work.
There are also special schools of the feds for computer security, where they teach in a slightly different way relative to civilian institutions in the same specialty. The subjects are completely different, all the lessons are as close as possible to real work, that is, what the employee of the feds.
In general, recruiting to this institution is a delicate matter and not everyone can get there, although he almost put it right. Anyone can get there, just in which room, in the sky with a cage or a warm and cozy office with a good computer and a mug of hot tea (coffee) on the table.
Although such good specialists work in this institution, this does not mean that they should only deal with mega-complex matters. For the most part, they have to do very dirty and indecent work for their professional competence.
By the type of deletion of various posts in social networks, where the authorities are insulted, etc.
I think, in a nutshell, it became clear what feds is and what it does. Now let's talk about how they work, what strategies and tactics are used.
Activities, strategies and tactics
Let's take a look at the foundation. This is approximately what the standard of operational-search measures looks like:
1. Interview-conversation with citizens who may be aware of the facts, circumstances significant for the implementation of the tasks of operational-search activities.
2. Making inquiries.
3. Observation.
4. Operational inspection.
5. Control of postal items, telegraph and other messages.
6. Wiretapping of telephone conversations.
7. Prompt implementation (putting an employee into development).
Example:
To deal with each of the stages, we need to imagine some kind of real picture. Let's say that you were surfing the Internet as usual and suddenly broke some website, but it turned out that this is the official website of the Moscow Region Administration.
You first cursed Google because it brought you to this site, then you began to blame yourself for not even reading the description of the site, but were more interested in describing its mistakes, and also cursed yourself for leaking the database data with confidential data. And then they instantly calmed down when they remembered that you were using a fresh anonymous proxy.
Relaxing, you go, put tea, take out buns to sweetly celebrate the victory and enjoy the trophies downloaded from the site.
The next day, stinking of cigarette smoke and beer fumes, the system administrator of the compromised site looks up from the table and notices that the logs are out of order and reveals the presence of unauthorized access to the confidential data of the site. He quickly brews himself strong coffee, drinks an anti-pachmelin pill and, following with an anti-club, runs with bulging eyes with a report about the assault on his boss.
And so, from this very moment, a vicious hunt for you begins! And then everything is according to the instructions: an application is submitted to the local police department with a full description of the hacking and attached logs of penetration and other crap.
Well, it is natural that the employee who accepted the applications will not be involved in this case, since he does not have the appropriate skills and knowledge. The case is transferred to a special department - this is feds.
The first stage is a survey of citizens
Now the first stage begins - a survey of citizens who can help in the investigation. In our case, the site administrator will be interviewed, they will find out through which hole the hack was made, from which ip-address the hack was made, and also ask who benefited from the hacking, is there any suspicions about someone, or is it a guest performer like you.
The second stage is making inquiries
More precisely, the processing of data from the first stage, roughly speaking, is checking your IP address in order to find out who your provider is. An ordinary citizen can also do this using the WHOIS protocol (application layer network protocol).
So, having broken through the IP address obtained in the logs of the hacked machine, they see Country: USA in the line - that is, the machine with this IP address is located in the United States.
And this is one of two options, either some deversant from the CIA decided to break the site of the administration of the Moscow region, or this is a tserver - a regular proxy server. Well, the first option is unlikely, but still, all versions are being developed and they should be tested.
First, the IP address is punched through the public server database. If the IP address is clean, then there is a possibility that the server has recently been hacked and a proxy is installed there. In this case, you can get by by ringing open ports. Yes, of course, you can put a proxy on a non-standard port like 3128 or 8080, 80. But all the same, the services will be shown by the scanner, and there are a lot of other options on how to determine whether a proxy server is worth it or not, take my word for it, for guys from the feds, this will not cause any difficulties.
Having learned that this is a proxy server that you brazenly used to penetrate the system, the feds is faced with the question of how to get information from that server about from which IP address you entered this server at a certain time. They have two ways: an official request from their colleagues in the United States, and if they receive an answer, the case will develop much easier, and the answer will be attached to the case.
Or the second option, not legal. If in the official request the feds receives a refusal, and it will be so, since there is no such agreement between our countries, then in order to advance the case, you will have to conduct unauthorized access to this server, again the guys from the feds "Will not be difficult, it is for such purposes that they sit there. But, having received data from the server about your IP address, it will not be possible to sew it to the point, but you are already taking on development and it is at this moment that you need to sit down for treason.
So, having learned your IP-address, it again breaks through the WHOIS and it is already clearly visible that you are a friend who lives, for example, in the capital. They break through where you work, what you do, and a number of other necessary information.
Then they visit the provider and on some fictitious basis, such as the machines of your clients send spam or are infected with viruses, they demand to provide logs for your person. And now there are documents that in the course of some other operational measures it was revealed that your IP-address from such a certain time addressed the IP-address from which the site was hacked, but this can be freely attached to case and it will serve against you in court.
Stage three - observation
The third stage comes into play - now a careful observation of your personality is carried out, they monitor which sites you visit, where, what you send, etc. They can even display outdoor.
In the course of these events, your personality will finally consolidate itself in a not very good direction, since you are unlikely to stop walking on prohibited resources, breaking websites and cars or scamming at flea markets.
Fourth stage - operational inspection
Simply put, you have become the main suspect and now it is easy to get a warrant to search your apartment and seize your system unit and all media such as flash drives, disks and a number of other compromising evidence on you. They can also take all your notebooks, printouts, magazines and a number of other paper carriers, which may contain something tasty for the investigation. And yet, they do not disdain to poke around in your trash can (not virtual, but real), all documents are also seized from there when witnessed.
All your junk is taken to the building of the feds, where from there they will pull out information about where you were, what you did, what software is installed on your computer, whether it is counterfeit (in which case another article will go after you) ... So, your hard drive is taken out of the system unit and connected to a device that only reads (this is done in case you decide to protect yourself and install a program that can format the hard drive).
Even if you formatted your hard one before the seizure, then again, it will not be difficult for the employees of the feds to pull out the necessary information for the investigation. Even programs such as ChromeAnalysis (a program that shows what, where, when, where the owner of this computer went through the Google Chrome browser), FoxAnalysis (shows the same as the ChromeAnalysis program), Web Historian (a universal program for analyzing temporary browser files) - these programs will show all your travels around the world of the Internet, as well as help to create the correct report, all your locations in the protected part of the website of the Administration will be shown.
So, now you see that it will not be difficult for the employees of the feds to extract information from your hard drive, which confirms the fact of hacking.
The fifth and sixth stages - message control
This is so that you do not have any options at all to excuse yourself in court. This option works 70%, because you start calling your acquaintances, for example, a friend of the hacker Vasya Pupkin, and start telling: “Do you remember I told you that the site broke down? So today they came, they confiscated everything, etc. Etc." The record of the telephone conversation is also attached to the case, and here you yourself are already talking about the fact of hacking.
Seventh stage - operational implementation
This stage is performed if it was not possible to collect the evidence base in the previous stages. A person is introduced into your social circle, you post all the information he needs, and at the time of some hacking they pack you neatly, and everything starts from the fourth stage.
Starting from the fourth stage, when they come to your house with a search, you immediately need to go to the market and buy a CD with the song "Thieves' share", this will be very useful to you in the future. Well, you need to support yourself somehow, right?
How to protect yourself?
By anonymity: new computer, new modem, new sim. SIM replenishment through cue ball, not from a card or terminal. We pass all traffic through the VPN, then the script and encrypt the file on it, it is desirable to have a portable hard drive. Install Whonix, and Kali. We let all traffic to Kali through the Gateway, install toriptables in Kali, configure and install VPN. We go into Firefox, install the antidetect extensions and connect a Proxy of some kind.
We go to the sites and look for VPS for BTC, we rent. We fill in our ISO with Windows and we have a full-fledged RDP. We put Proxifier there and download Tor. We start all traffic through Tor. Download Epic Browser, add VPN extensions (built-in and free there) and use Black Schemes. For hackers, on top of this chain we change to VPS from Windows to Kali and there traffic through Tor, on top of VPN.
If you don't want the feds to knock on you with a sledgehammer
The first - radical - is not to do bad things AT ALL.
The second is to buy yourself a special trick, which hangs over the hard one, and in which case, when you press the corresponding button on the system unit, your hard disk burns out and no one will restore it, and all sorts of hammer blows, etc., is not a solution, this is all, again, is restored in specials. laboratories.
A powerful microwave oven can also be a good solution, in which, in the event of the start of the "Masks of Show" operation, it will be necessary to place all devices capable of storing information.
The third option is USB killer. You see the riot police outside the door, you flush the modem and sim into the toilet.
In fact, there is always time, albeit a little, if you have composure and clarity of thought at this moment, you will undoubtedly have time. Usually the evidence base is either there or part. With today's technology and straight-handed hands, it is very difficult to prove crimes on the internet.
The rest will not be able to prove, they will decipher until the end of death.
