Professor
Professional
- Messages
- 213
- Reaction score
- 22
- Points
- 18
Do you think that it is impossible to find a person on the darknet because you cannot “punch them by IP”? Not at all!
We will tell you how people are identified on the dark web.
Straight to the point: it is impossible to hide completely on the darknet.
The darknet is teeming with offers of illegal deals and people willing to participate in them. It is very stupid to think that law enforcement agencies ignore it.
Working on the darknet through Tor, sellers of weapons, drugs and other “prohibited goods” hide their identity. But buyers have the same right. As a result, the seller does not know who he is selling to. However, buyers are not immune from fake sellers either.
The police often arrange “test purchases”. Representatives of law enforcement agencies gain the trust of sellers, make several orders, offer to meet.
Then pure methods of social engineering, viewing recordings from delivery service cameras, etc., catching “red-handed”. And no high technology. Anyone can rat you out - a supposed friend, neighbor, colleague, disgruntled ex.
You don't have to look far for examples. The founder of the largest darknet platform Silk Road was caught because of his forgetfulness. Ross Ulbricht hid and encrypted well, but once he used the same nickname as on old forums, where he had previously posted a vacancy looking for an employee for another project.
And that's it. Ulbricht was arrested in the library, where he was sitting on Silk Road from a laptop under the administrator account. They also identified a package with nine fake documents that Ulbricht planned to use to rent servers for Silk Road, and established his place of residence.
He was given two life sentences, as well as 20, 15 and 5 years for separate episodes. At that time, he was 31 years old, and now his life outside of prison is over.
Okay, but there is Tor! Isn't it anonymous?
A fact to whet your appetite: in the fall of 2016, the Swedish police, together with colleagues from other countries, carried out the international Operation Titan. The result? 3,000 drug buyers caught on the Tor network.
Here is an excerpt from the decision on the case in which a resident of Saratov wanted to buy cocaine on the darknet for bitcoins. The parcel was sent by Russian Post:
The result of the deal is 5 years and 1 month in prison for 4.53 grams of cocaine. So much for secure Tor with the darknet.
The reality is that Tor only hides the user's activity within its network. As soon as any "tail" of communications creeps beyond these limits, it becomes a gaping piece of evidence, which leads to the unraveling of the above-mentioned criminal cases.
In other words, most often darknet users are caught on external activity. Which begins in Tor and ends in the real world.
But darknet users are also faced with other privacy threats.
1. Hacking accounts on darknet sites
It is easier to hack an account on a darknet website than on sites like e-Bay or Amazon. Hackers (both white and black) take advantage of this. They gain control over the account and work on behalf of its previous owner for some time.
The latter may not even have time to warn anyone, because messages sent from a “left” account look especially suspicious on the darknet. And other communication channels are rarely used in this area.
In addition, after hacking an account, the hacker gains access to the owner’s old correspondence. So setting code phrases or asking for facts from previous communication does not save.
In fact, the user’s identity is stolen, and a lot can be done on its behalf.
The joke is that the real owner of the account is not able to prove anything without deanonymization. He will not show a personal photo, phone number or profiles on social networks.
2. Downloading viruses and malicious scripts
Darknet sites can infect with viruses. Why not? They are no different from regular websites. For example, a malicious script will allow you to find out the real IP address of a user or intercept their traffic without hacking the account.
The advantage of infecting websites is the mass nature of the attack. If accounts are usually hacked one by one, then here you can get all the traffic or IP addresses of users who visited the site during a certain period of time.
Well, then you can calmly reveal their identities, initiate a case and close the violators of the law, as if nothing had happened.
3. Cryptocurrency transactions are transparent
It's time to dispel the myth of the anonymity of Bitcoin and many other cryptocurrencies. In the Bitcoin blockchain, you can track every transaction down to the genesis block (the very first block in the chain). This means that if you know the seller's Bitcoin address, you can see all the transactions that were made from it.
Accordingly, the other side of the transaction can be identified. Sometimes it is enough to simply google the addresses to identify the connection between them and real people outside the darknet.
By the way, the US Secret Service employee who participated in the Silk Road investigation was identified after stealing 13,000 bitcoins (approximately $108 million at today's exchange rate). He withdrew the bitcoins from his wallet to the exchange to convert them into traditional money. He was found using the exchange and credit card data.
You can increase the level of transaction anonymity by using bitcoin mixers. They mix transactions from different addresses, masking the sender and recipient and breaking one large transaction into many smaller ones. But they do not provide a 100% guarantee of anonymity.
What to do now?
First of all, admit that sooner or later everyone is found on the darknet, and cryptocurrencies are not 100% anonymous. Secondly, do not do anything you will regret later. Thirdly, do not connect life on the darknet with life outside the closed network. For example, through the same logins and passwords.
To identify people on the darknet, they use malicious scripts that are embedded in the site code, tracking bitcoin transactions, hacking accounts on dark sites. But most often, banal methods of social engineering help.
Friends, neighbors and acquaintances give up, fake sellers and buyers work, posts are found on forums under nicknames from the darknet, accident and inattention lead to prison terms.
It is better not to go to the darknet, but if you do, then know: if anything, you can be found.
The FBI easily carried out a successful operation and detained Harvard University student Eldo Kim, who sent a message about a bomb in the university building. Note that Tor did not help the "miner" and now the prankster faces up to 5 years in prison and a fine of 250 thousand dollars.
The student mined the university
The 20-year-old student admitted that he wrote the letter in the hope of avoiding the final exam, to be sure, he duplicated the threatening letter to the university security department and the university newspaper. Although he succeeded here: due to the evacuation, all morning exams were postponed, but now the guy has more serious problems.
Tor will not save you from being detected by the secret services
Kim took measures to avoid identification. He created an anonymous email address and used the Tor anonymization service. Nevertheless, he was still detected. Judging by the testimony of FBI agents in the documents filed for the court, the secret service received a list of users of the local computer network in the university dormitory. They studied the traffic and determined which of the students were using the Tor service. As is known, Tor traffic can be identified by characteristic features. Then the FBI interrogated all the users of the anonymous network one by one. There were not too many of them, so it was quite easy to identify the criminal.
Public Wi-Fi is better than Tor
One can argue that the student was unlucky that he sent the message from a student computer. If he had done this from public Wi-Fi, passing the traffic through some other machine, the FBI method would not have worked.
Tor will not save you from the police
Nevertheless, history demonstrates the weakness of relatively rare information security tools, writes the famous cryptographer Bruce Schneier. "The same thing that allows you to hide your involvement makes you the prime suspect." The FBI did not have to hack Tor, they simply used standard police methods to identify the sender of the letter. In other words, even the most powerful cryptographic protection has a weak spot - it is the person himself. If you can't break the code, you can always break the person.
Providers identify Tor users
Similar methods for identifying Tor users are suitable for use at the level of any provider. It should not be surprising if the secret services already have a list of Tor users in each city.
Is it possible to track a person if he uses Tor?
It's as easy as pie. Firstly, the secret services have keys in the black in use in operating systems. This means that a user can sit behind Tor and consider himself completely safe, and at the same time, his real IP address is being leaked along a parallel line. Secondly, Tor guarantees security only if the rules are strictly followed. Are you sure that you know these rules 100%? For example, you cannot enable JavaScript. But some sites do not work without it. Enabled - and your IP is already known to everyone.
Tor does not hide IP
Very often, a site requires enabling JavaScript and refuses to work further until the user fulfills this requirement. Well, know that if you have enabled JavaScript execution in Tor, then your IP is no longer a secret for an outside site.
Is it possible to identify a VPN user?
Yes, it is. It is more difficult to do than to identify a TOR user. But the fact is that setting up a VPN is a very complex process and errors often occur here. A study was recently conducted on this topic. It turned out that about 40% of existing VPN services make it quite easy to calculate users' IP addresses due to gross configuration errors.
What is the Tor browser for?
To hide your IP address when visiting websites. The second task of the Tor browser is to provide access to those websites that have been blocked in Russia.
//www.youtube.com/embed/TDZxpNPdzxI?rel=0&wmode=opaque
Why is Tor not anonymous?
Because there is no such thing as a free lunch. Tor was created with financial support from the US government. TOR entry nodes see your real IP address, TOR exit nodes see all your traffic. What kind of anonymity is there?
How to hide TOR use
No way. Your real IP will be replaced with the IP of the TOR exit node. This IP can be checked against the list of TOR network nodes and the fact of use can be established.
How to download files via TOR
You can configure the file downloader to work through a proxy, but this is not recommended - TOR is too slow for downloading files. In addition, you clog the channel and interfere with those who really need anonymity. If you want to secretly download files, use a VPN instead of TOR.
Why Tor is unsafe
Only pioneers believe in the security of Tor, and they believe it, rather than trying to analyze how much this tool really provides anonymity. But experts have been warning about the unreliability of Tor for a long time:
* in 2008, a method was presented that allows deanonymizing any Tor user in 20 minutes;
* in 2013, there were reports that intelligence agencies learned to mark Tor traffic and in some cases reveal the identities of network participants;
* there is a way to track users using the Google AdSense advertising network;
* and in general, Tor's budget is 40% "donations" from the American government.
We will tell you how people are identified on the dark web.
Straight to the point: it is impossible to hide completely on the darknet.
The darknet is teeming with offers of illegal deals and people willing to participate in them. It is very stupid to think that law enforcement agencies ignore it.
Working on the darknet through Tor, sellers of weapons, drugs and other “prohibited goods” hide their identity. But buyers have the same right. As a result, the seller does not know who he is selling to. However, buyers are not immune from fake sellers either.
The police often arrange “test purchases”. Representatives of law enforcement agencies gain the trust of sellers, make several orders, offer to meet.
Then pure methods of social engineering, viewing recordings from delivery service cameras, etc., catching “red-handed”. And no high technology. Anyone can rat you out - a supposed friend, neighbor, colleague, disgruntled ex.
You don't have to look far for examples. The founder of the largest darknet platform Silk Road was caught because of his forgetfulness. Ross Ulbricht hid and encrypted well, but once he used the same nickname as on old forums, where he had previously posted a vacancy looking for an employee for another project.
And that's it. Ulbricht was arrested in the library, where he was sitting on Silk Road from a laptop under the administrator account. They also identified a package with nine fake documents that Ulbricht planned to use to rent servers for Silk Road, and established his place of residence.
He was given two life sentences, as well as 20, 15 and 5 years for separate episodes. At that time, he was 31 years old, and now his life outside of prison is over.
Okay, but there is Tor! Isn't it anonymous?
A fact to whet your appetite: in the fall of 2016, the Swedish police, together with colleagues from other countries, carried out the international Operation Titan. The result? 3,000 drug buyers caught on the Tor network.
Here is an excerpt from the decision on the case in which a resident of Saratov wanted to buy cocaine on the darknet for bitcoins. The parcel was sent by Russian Post:
The result of the deal is 5 years and 1 month in prison for 4.53 grams of cocaine. So much for secure Tor with the darknet.
The reality is that Tor only hides the user's activity within its network. As soon as any "tail" of communications creeps beyond these limits, it becomes a gaping piece of evidence, which leads to the unraveling of the above-mentioned criminal cases.
In other words, most often darknet users are caught on external activity. Which begins in Tor and ends in the real world.
But darknet users are also faced with other privacy threats.
1. Hacking accounts on darknet sites
It is easier to hack an account on a darknet website than on sites like e-Bay or Amazon. Hackers (both white and black) take advantage of this. They gain control over the account and work on behalf of its previous owner for some time.
The latter may not even have time to warn anyone, because messages sent from a “left” account look especially suspicious on the darknet. And other communication channels are rarely used in this area.
In addition, after hacking an account, the hacker gains access to the owner’s old correspondence. So setting code phrases or asking for facts from previous communication does not save.
In fact, the user’s identity is stolen, and a lot can be done on its behalf.
The joke is that the real owner of the account is not able to prove anything without deanonymization. He will not show a personal photo, phone number or profiles on social networks.
2. Downloading viruses and malicious scripts
Darknet sites can infect with viruses. Why not? They are no different from regular websites. For example, a malicious script will allow you to find out the real IP address of a user or intercept their traffic without hacking the account.
The advantage of infecting websites is the mass nature of the attack. If accounts are usually hacked one by one, then here you can get all the traffic or IP addresses of users who visited the site during a certain period of time.
Well, then you can calmly reveal their identities, initiate a case and close the violators of the law, as if nothing had happened.
3. Cryptocurrency transactions are transparent
It's time to dispel the myth of the anonymity of Bitcoin and many other cryptocurrencies. In the Bitcoin blockchain, you can track every transaction down to the genesis block (the very first block in the chain). This means that if you know the seller's Bitcoin address, you can see all the transactions that were made from it.
Accordingly, the other side of the transaction can be identified. Sometimes it is enough to simply google the addresses to identify the connection between them and real people outside the darknet.
By the way, the US Secret Service employee who participated in the Silk Road investigation was identified after stealing 13,000 bitcoins (approximately $108 million at today's exchange rate). He withdrew the bitcoins from his wallet to the exchange to convert them into traditional money. He was found using the exchange and credit card data.
You can increase the level of transaction anonymity by using bitcoin mixers. They mix transactions from different addresses, masking the sender and recipient and breaking one large transaction into many smaller ones. But they do not provide a 100% guarantee of anonymity.
What to do now?
First of all, admit that sooner or later everyone is found on the darknet, and cryptocurrencies are not 100% anonymous. Secondly, do not do anything you will regret later. Thirdly, do not connect life on the darknet with life outside the closed network. For example, through the same logins and passwords.
To identify people on the darknet, they use malicious scripts that are embedded in the site code, tracking bitcoin transactions, hacking accounts on dark sites. But most often, banal methods of social engineering help.
Friends, neighbors and acquaintances give up, fake sellers and buyers work, posts are found on forums under nicknames from the darknet, accident and inattention lead to prison terms.
It is better not to go to the darknet, but if you do, then know: if anything, you can be found.
The FBI easily carried out a successful operation and detained Harvard University student Eldo Kim, who sent a message about a bomb in the university building. Note that Tor did not help the "miner" and now the prankster faces up to 5 years in prison and a fine of 250 thousand dollars.
The student mined the university
The 20-year-old student admitted that he wrote the letter in the hope of avoiding the final exam, to be sure, he duplicated the threatening letter to the university security department and the university newspaper. Although he succeeded here: due to the evacuation, all morning exams were postponed, but now the guy has more serious problems.
Tor will not save you from being detected by the secret services
Kim took measures to avoid identification. He created an anonymous email address and used the Tor anonymization service. Nevertheless, he was still detected. Judging by the testimony of FBI agents in the documents filed for the court, the secret service received a list of users of the local computer network in the university dormitory. They studied the traffic and determined which of the students were using the Tor service. As is known, Tor traffic can be identified by characteristic features. Then the FBI interrogated all the users of the anonymous network one by one. There were not too many of them, so it was quite easy to identify the criminal.
Public Wi-Fi is better than Tor
One can argue that the student was unlucky that he sent the message from a student computer. If he had done this from public Wi-Fi, passing the traffic through some other machine, the FBI method would not have worked.
Tor will not save you from the police
Nevertheless, history demonstrates the weakness of relatively rare information security tools, writes the famous cryptographer Bruce Schneier. "The same thing that allows you to hide your involvement makes you the prime suspect." The FBI did not have to hack Tor, they simply used standard police methods to identify the sender of the letter. In other words, even the most powerful cryptographic protection has a weak spot - it is the person himself. If you can't break the code, you can always break the person.
Providers identify Tor users
Similar methods for identifying Tor users are suitable for use at the level of any provider. It should not be surprising if the secret services already have a list of Tor users in each city.
Is it possible to track a person if he uses Tor?
It's as easy as pie. Firstly, the secret services have keys in the black in use in operating systems. This means that a user can sit behind Tor and consider himself completely safe, and at the same time, his real IP address is being leaked along a parallel line. Secondly, Tor guarantees security only if the rules are strictly followed. Are you sure that you know these rules 100%? For example, you cannot enable JavaScript. But some sites do not work without it. Enabled - and your IP is already known to everyone.
Tor does not hide IP
Very often, a site requires enabling JavaScript and refuses to work further until the user fulfills this requirement. Well, know that if you have enabled JavaScript execution in Tor, then your IP is no longer a secret for an outside site.
Is it possible to identify a VPN user?
Yes, it is. It is more difficult to do than to identify a TOR user. But the fact is that setting up a VPN is a very complex process and errors often occur here. A study was recently conducted on this topic. It turned out that about 40% of existing VPN services make it quite easy to calculate users' IP addresses due to gross configuration errors.
What is the Tor browser for?
To hide your IP address when visiting websites. The second task of the Tor browser is to provide access to those websites that have been blocked in Russia.
//www.youtube.com/embed/TDZxpNPdzxI?rel=0&wmode=opaque
Why is Tor not anonymous?
Because there is no such thing as a free lunch. Tor was created with financial support from the US government. TOR entry nodes see your real IP address, TOR exit nodes see all your traffic. What kind of anonymity is there?
How to hide TOR use
No way. Your real IP will be replaced with the IP of the TOR exit node. This IP can be checked against the list of TOR network nodes and the fact of use can be established.
How to download files via TOR
You can configure the file downloader to work through a proxy, but this is not recommended - TOR is too slow for downloading files. In addition, you clog the channel and interfere with those who really need anonymity. If you want to secretly download files, use a VPN instead of TOR.
Why Tor is unsafe
Only pioneers believe in the security of Tor, and they believe it, rather than trying to analyze how much this tool really provides anonymity. But experts have been warning about the unreliability of Tor for a long time:
* in 2008, a method was presented that allows deanonymizing any Tor user in 20 minutes;
* in 2013, there were reports that intelligence agencies learned to mark Tor traffic and in some cases reveal the identities of network participants;
* there is a way to track users using the Google AdSense advertising network;
* and in general, Tor's budget is 40% "donations" from the American government.
