BadB
Professional
- Messages
- 2,483
- Reaction score
- 2,513
- Points
- 113
Wazzz up, hackers, today I’ll tell you how serious uncles catch people like us (ahahaha, actually no, they don’t fucking need you, but this is for now)) rub hackers.
- So where do we start?
- Come on with a fictional story.
Let's imagine there is a hatsker Vasya. Vasya loves to steal cash from our friends from overseas. Vasya fumbles important documents from LLC "Horns and Hooves", distributes non-hebical malware, keeps his botnet.
In short - Vasya is working. It would seem that Vasya is not a fool, he uses all means of anonymity: VPN, TOP, left laptop, TruCript, all the cases. But let's figure out how anonymous our Vasya is, and how serious guys can find him ..
VPN
Let's remember our hacker, Vasya got himself a VPN in some Berlin, he wanted to screw up the Horns and Hooves company. And now, having sent out the last phishing letter, Vasya managed to steal everything that was of interest to him. What happens next? Director of the company refers to the guys in uniform, they, with the help of a Istemi of perativno p ozysknyh mevents, give a request to the providers of Mother Russia, both stationary and mobile operators. They ask who connected to a certain IP address of Berlin, because they saw only the IP of Berlin, but did not see Vasya's IP. Our internet provider will look at the logs and naturally tell us that we have connected to this IP address. Everything. Vasya is a pussy, despite the fact that the VPN was "private" / "not draining" / "personal".
Well, okay, Vasya cannot be that stupid, he uses not one VPN server, but a bundle.
So, let's introduce a new bundle. Vasya from Zalupinsk connects to Amsterdam, then to Berlin. And then he goes to the resource and again commits illegal actions.
The beginning of the development of events is the same - again they turn to the guys in uniform, again the system of operational search measures. What will they be looking for? They are looking for our Berlin IP on the way out. They give a request to Russian providers - who connected to it? And nobody connected. Why? Because our provider only sees the connection to Amsterdam, but does not see the connection to Berlin. And the victim sees only a connection from Amserdam.
It would seem that here it is - the ANONYMITY that our hacker so desired. But don't jump to conclusions, my friend. It's not quite that safe, let's figure it out.
In fact, everything is very simple - any IP belongs to the provider, and he keeps logs and sees who is connected to whom. They contact the IP provider of Amsterdam, find out who is renting the server, give a request to the tenant and he hands over with expenses who connected to him at that time and in the same way then go to the next server and get your IP at the exit. IT'S ONLY A Matter of Time.
So if you thought that by cutting off the double-vpn you would become anonymous, you might start to get paranoid, because if you did something wrong, sushi rusks.
Now I will destroy the myth about "not merging" servers. (Words are not mine, found in tyrnets)
There is an opinion that you can take a VPN in Panama, Qatar and everything will be fine.
This is only partly true. Why? Because everything can be achieved with official requests.
Consider how the secret services work with the same Panama. Panama never gives out any data to anyone, BUT except for the US special services
Accordingly, the special services of the Russian Federation send a request to Interpol, indicate the IP address and indicate involvement in terrorism. Interpol forwards this request to the US special services, and those, respectively, to Panama. And in the same way the answer goes back.
The same scheme works with Qatar, except that they make a request to Saudi Arabia.
In any case, we will be found if they want.
But we're not hiding from the secret services, are we?
We only consider the special services as a standard in de-anonymization.
GOAL.
Okay, not all hackers are content with one VPN, there is a torus with which everything will become as safe as possible or not?
And here's a slightly different situation, Vasya wants to check his botnet, which is hosted on a bulletproof server.
Stop-stop, wait, let's remember for a moment how the TOP works, in a nutshell. When you, a little hole, my mother's netstalker, go to the darknet, to .onion sites, everything is bunched, the traffic is in an encrypted network and we are safe.
But what will happen if we enter the clearnet with the Torah?
And if we want to go to http, that is, to the Internet, from the torus browser, then our traffic is automatically decrypted through the output node (hereinafter it will be called the node), because the Internet cannot read the torus traffic and for this purpose, exit nodes have been created that "Convert" the traffic of the torus into Internet traffic.
And thus we are already browsing http sites from the torus, but there is a danger here. Everyone, including special services, can become the owner of the Exit Node.
How's the botnet going? Everything would be fine, but damn it, Vasya completely forgot that he could take up his own node for several tens of minutes, instead of that he would rather stick to his income, and will be glad of that. Human factor.
But what if Vasily is still paranoid and chopped up his node?
Surprise..
I hasten to upset you right away, it is quite possible to intercept traffic through a node, I will not tell you how to do this, but if you are so interested, read it, it will be useful:
We sniff the Tor exit node and analyze the resulting content.
TrueCrypt / VeraCrypt / etc..
Well, here, too, everything is quite simple: password selection, in which all your data from the PC will be used.
Well, again, Vasya is not stupid, and he just set an unrealistically complex password, how can special services get the key to crypto-containers?
Catch several options at once:
Conclusion.
Have you ever thought what real, 100% anonymity is?
Here I am not, but do you know why? Because it doesn't exist. Especially at the present time, when a person from the forum sells "MEGA-HIDDEN DATE CENTERS IN LEBANON", but in fact it turns out that all the servers are located in the Odessa basement. Have you heard this story?)
This will be one of the articles in which I will tell you about your new fears, and will make you paranoid (by the way, in our area, this is not so bad).
Today I showed you how they will find you, then I will tell you what will happen when someone knocks on your door. That's all, I wish you good luck, anonymous ... (ahahahah, anonymous, okay, see you, kidos creak))
- So where do we start?
- Come on with a fictional story.
Let's imagine there is a hatsker Vasya. Vasya loves to steal cash from our friends from overseas. Vasya fumbles important documents from LLC "Horns and Hooves", distributes non-hebical malware, keeps his botnet.
In short - Vasya is working. It would seem that Vasya is not a fool, he uses all means of anonymity: VPN, TOP, left laptop, TruCript, all the cases. But let's figure out how anonymous our Vasya is, and how serious guys can find him ..
VPN
Let's remember our hacker, Vasya got himself a VPN in some Berlin, he wanted to screw up the Horns and Hooves company. And now, having sent out the last phishing letter, Vasya managed to steal everything that was of interest to him. What happens next? Director of the company refers to the guys in uniform, they, with the help of a Istemi of perativno p ozysknyh mevents, give a request to the providers of Mother Russia, both stationary and mobile operators. They ask who connected to a certain IP address of Berlin, because they saw only the IP of Berlin, but did not see Vasya's IP. Our internet provider will look at the logs and naturally tell us that we have connected to this IP address. Everything. Vasya is a pussy, despite the fact that the VPN was "private" / "not draining" / "personal".
Well, okay, Vasya cannot be that stupid, he uses not one VPN server, but a bundle.
So, let's introduce a new bundle. Vasya from Zalupinsk connects to Amsterdam, then to Berlin. And then he goes to the resource and again commits illegal actions.
The beginning of the development of events is the same - again they turn to the guys in uniform, again the system of operational search measures. What will they be looking for? They are looking for our Berlin IP on the way out. They give a request to Russian providers - who connected to it? And nobody connected. Why? Because our provider only sees the connection to Amsterdam, but does not see the connection to Berlin. And the victim sees only a connection from Amserdam.
It would seem that here it is - the ANONYMITY that our hacker so desired. But don't jump to conclusions, my friend. It's not quite that safe, let's figure it out.
In fact, everything is very simple - any IP belongs to the provider, and he keeps logs and sees who is connected to whom. They contact the IP provider of Amsterdam, find out who is renting the server, give a request to the tenant and he hands over with expenses who connected to him at that time and in the same way then go to the next server and get your IP at the exit. IT'S ONLY A Matter of Time.
So if you thought that by cutting off the double-vpn you would become anonymous, you might start to get paranoid, because if you did something wrong, sushi rusks.
Now I will destroy the myth about "not merging" servers. (Words are not mine, found in tyrnets)
There is an opinion that you can take a VPN in Panama, Qatar and everything will be fine.
This is only partly true. Why? Because everything can be achieved with official requests.
Consider how the secret services work with the same Panama. Panama never gives out any data to anyone, BUT except for the US special services
Accordingly, the special services of the Russian Federation send a request to Interpol, indicate the IP address and indicate involvement in terrorism. Interpol forwards this request to the US special services, and those, respectively, to Panama. And in the same way the answer goes back.
The same scheme works with Qatar, except that they make a request to Saudi Arabia.
In any case, we will be found if they want.
But we're not hiding from the secret services, are we?
We only consider the special services as a standard in de-anonymization.
GOAL.
Okay, not all hackers are content with one VPN, there is a torus with which everything will become as safe as possible or not?
And here's a slightly different situation, Vasya wants to check his botnet, which is hosted on a bulletproof server.
Stop-stop, wait, let's remember for a moment how the TOP works, in a nutshell. When you, a little hole, my mother's netstalker, go to the darknet, to .onion sites, everything is bunched, the traffic is in an encrypted network and we are safe.
But what will happen if we enter the clearnet with the Torah?
And if we want to go to http, that is, to the Internet, from the torus browser, then our traffic is automatically decrypted through the output node (hereinafter it will be called the node), because the Internet cannot read the torus traffic and for this purpose, exit nodes have been created that "Convert" the traffic of the torus into Internet traffic.
And thus we are already browsing http sites from the torus, but there is a danger here. Everyone, including special services, can become the owner of the Exit Node.
How's the botnet going? Everything would be fine, but damn it, Vasya completely forgot that he could take up his own node for several tens of minutes, instead of that he would rather stick to his income, and will be glad of that. Human factor.
And so, the malware-hunters, when analyzing Vasya's botnet, found that the bot connects to the IP of the server on which the admin panel is installed, then, by analogy, as with VPN, they give a request to the server's administration, but then you already know.
But what if Vasily is still paranoid and chopped up his node?
Surprise..
I hasten to upset you right away, it is quite possible to intercept traffic through a node, I will not tell you how to do this, but if you are so interested, read it, it will be useful:
We sniff the Tor exit node and analyze the resulting content.
TrueCrypt / VeraCrypt / etc..
Well, here, too, everything is quite simple: password selection, in which all your data from the PC will be used.
Well, again, Vasya is not stupid, and he just set an unrealistically complex password, how can special services get the key to crypto-containers?
Catch several options at once:
- Hacking a cryptocontainer through an algorithm or software vulnerability
- Thermorectal cryptanalysis
- Gaining access with a trojan or keylogger
- Forensic analysis of random access memory
- Hacking a cryptocontainer using a spare key
Conclusion.
Have you ever thought what real, 100% anonymity is?
Here I am not, but do you know why? Because it doesn't exist. Especially at the present time, when a person from the forum sells "MEGA-HIDDEN DATE CENTERS IN LEBANON", but in fact it turns out that all the servers are located in the Odessa basement. Have you heard this story?)
This will be one of the articles in which I will tell you about your new fears, and will make you paranoid (by the way, in our area, this is not so bad).
Today I showed you how they will find you, then I will tell you what will happen when someone knocks on your door. That's all, I wish you good luck, anonymous ... (ahahahah, anonymous, okay, see you, kidos creak))
