Jump to content

Hiding Your Ip


Dragonman69

Recommended Posts

Hello all, I am looking for a way to make it look like I am comming from all over the world and be untraceable. I have been reading that you can do this through multiple proxies but I was unsure of the accurecy of the information. Basically I don't want my "activities" to be able to be traced back to me. If you could point me to a good website with this information or any information here would be good. Tks

Link to comment
Share on other sites

  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

Start with searching the forums. Might save you time, and you can then come back and refine your question to get answers not already given by others with similar questions -

http://forums.hak5.org/index.php?app=core&module=search&do=search&fromMainBar=1

Edited by digip
Link to comment
Share on other sites

Tks Digip for responding, I have been reading the forums for the last few hours but not really finding exactly what I am looking for and googling for a couple of hours before that, I got to get a life I guess lol and I am beginning to think I have to rethink my searches. I will admit I did run across alot of good info on other topics that I will use but wasn't looking for which always seems to be the way, alot of very smart people on here and a few very stupid ones for not following advice given to them.

Link to comment
Share on other sites

Simple answer, you can't stop your "activities" from being traced back to you. Check out a lot of the recent Lulzsec and Anon arrests and most are because people thought they were hiding their tracks but weren't. Sabu seems to be a very smart guy (regardless of whether you agree with his politics or not) and because of the nature of his activities would have been extra paranoid but still a single mistake and he was grabbed.

Whatever service or system you chose, assume that it isn't completely anonymizing you and make sure that your "activities" are not things that will get you in trouble when you make that one simple mistake.

Link to comment
Share on other sites

I read the FBI affidavit on Sabu... it seemed that they actually pinned all that stuff on him from setting up a device similar to a pineapple outside his home and verifying that it was indeed his MAC addy connecting to his router where they were able to see he was connecting to TOR. If the dude would have just spoofed a MAC or set it to a random one everytime the machine booted and leeched off of his neighbor's wifi, then they wouldn't have been able to catch him (using their rules of engagement, or it would have been much more difficult). I'm not saying it's right to do that, I'd never do that, but come on, if you're gonna hack gov contractors you can't just connect to your home router and jump on TOR thinking you'll be protected.

Link to comment
Share on other sites

Sabu, from what I've read and heard, was caught because he connected to an IRC server directly rather than going through whatever proxy setup he was normally using. That one slip gave out his real IP and lead the police back to him.

For basic tunnelling to offer probably about as much anonymity as you are going to get without putting a lot of effort in just use Tor. There used to be ways to still try to lift the anonymity and the person running the end point can always sniff your traffic but for general anon surfing it is about the best you are going to get.

Link to comment
Share on other sites

If you want to change your IP address, I'd use TOR Project, but remember that it won't 100% hide your IP address.

They can still track back to you. Also TOR isn't the fastest when it comes to fast connection, so it will probably frustrate you.

Edited by Infiltrator
Link to comment
Share on other sites

In your opinion would you be safer to go through proxies in countries like say china or north korea or ones like that?

Safer in what way? On the one hand, Western government wouldn't be able to subpoena the ISPs in those countries to give up connection logs, but you would be willingly subjecting your traffic to governments who have no qualms with sniffing your traffic or worse. In some of those countries they actively MITM many types of encrypted connections or tunneling attempts so that they can log and filter your traffic.

Link to comment
Share on other sites

Best bet, and some of this might not be completely legal, so use at your own discretion, get a pre-paid visa gift card paid for in cash, register it with a fake name, fake address, etc. Activate it from a remote location, not close to where you live. Then, sign up with a site that has shell access or even better, VPN access and even the capabilities to set up TOR exits. Using the pre-paid visa gift card, pay for all the services to get up and running. Then use either an SSH tunnel off of this site to encrypt all your traffic, possibly between multiple SSH tunnels, or add it as a TOR exit node, or if it has VPN capabilities to mask your IP, use it with TOR through the VPN itself. The trick here, is when using this setup, NEVER use it from your home, and NEVER log on to any website tied to your real identity(twitter, gmail, etc) and never let anyone else know, that you use a service like this. You would also need internet access from a location that to some extent, conceals your actions as well, whether it be open wifi hot spots, hotels, etc, you will want to be able to reach networks without having to physically be near them or in the public view. You will also want to spoof your MAC address on each use, in the event they trace it back to the physical location, you keep them on their toes.

Nothing is full proof, and it someone spends the time, money and resources, they will track you down at some point. If you want to live in fear of the man coming for you, and you intend to break the law, doing malicious things with computers and abusing other networks, then you shouldn't be surprised if someone shows up on your doorstep with an arrest warrant.

If you just want anonymity for the most part, or need to get around country filters, like say watching something on Hulu from outside the US, use a paid VPN service that masks your IP and country location.

Link to comment
Share on other sites

Or you could take that same prepaid card and buy a 3g modem (obviously don't put any of your real info on any papers). When they trace GSM signals in urban environments their accuracy is about ~50 meters, which means if you were in an apartment complex they'd literally have to search a 50 meter radius in the complex which could mean 10 or 20 diff apartments, which 9 times out of 10 they won't do as it would completely give themselves away.

I'm also going to guess, that at least US law enforcement, isn't going to use this type of technology to trace cell phones to physical locations for cases that aren't related to drugs or terrorism.

The FBI has very strict protocols they must follow to indict someone. These protocols, thanks to anonymous, are public info. If one were to read them one could see how to avoid detection...

Its funny that anonymous and all those groups were mentioned in this thread. I've never said it before but personally I think they're some kind of trap, I don't know. All I know is that the hackers that I've met IRL over the past 5 years or so, I've never had a conversation about politics with any of them and they definitely weren't hungry for any type of attention.

Link to comment
Share on other sites

Or you could take that same prepaid card and buy a 3g modem (obviously don't put any of your real info on any papers). When they trace GSM signals in urban environments their accuracy is about ~50 meters, which means if you were in an apartment complex they'd literally have to search a 50 meter radius in the complex which could mean 10 or 20 diff apartments, which 9 times out of 10 they won't do as it would completely give themselves away.

I'm also going to guess, that at least US law enforcement, isn't going to use this type of technology to trace cell phones to physical locations for cases that aren't related to drugs or terrorism.

The FBI has very strict protocols they must follow to indict someone. These protocols, thanks to anonymous, are public info. If one were to read them one could see how to avoid detection...

Its funny that anonymous and all those groups were mentioned in this thread. I've never said it before but personally I think they're some kind of trap, I don't know. All I know is that the hackers that I've met IRL over the past 5 years or so, I've never had a conversation about politics with any of them and they definitely weren't hungry for any type of attention.

I'm not sure on the accuracy of the 3G modem and triangulation, but if google can give you pin point accuracy within a few feet over wifi, I'm pretty sure law enforcment could do it too. If you own a device like an ipad or touchpad, or mobile phone that uses wireless, use google's location service and be surprised what it shows. From my touchpad, using bing maps and the google api, it shows me within a few feet of where I am, or more correctly, where my wireless router is. No IP lookup, but wireless device triangulation. I wouldn't expect to use a 3G access point as my cover with any regard to security. Especially if I had it with me, moving from place to place, it just makes it that much easier for them to track you.

Link to comment
Share on other sites

digi - I don't really understand what it is you're saying. While google can trace wifi signals on phones accurately, to my knowledge 3G runs on completely different frequencies with different properties. Don't a lot of those phones have GPS devices embedded also? Read this paper on geolocating IP's on 3G networks.

www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCQQFjAA&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.210.2072%26rep%3Drep1%26type%3Dpdf&ei=Ut2ST_3EN46Jtwfk-eG1Cw&usg=AFQjCNGzseTqbg_1gEj0LTXyxxMMc5S8fA

If you skip to section 6 in the conclusion part, it basically says that accurate geolocation using IP addresses on cellular networks is near impossible. While it still would be possible to triangulate the signal to get physical location, wikipedia says that is only accurate up to 50 meters in urban settings and even more inaccurate in rural settings. http://en.wikipedia.org/wiki/Mobile_phone_tracking

"Advanced systems determine the sector in which the mobile phone resides and roughly estimate also the distance to the base station. Further approximation can be done by interpolating signals between adjacent antenna towers. Qualified services may achieve a precision of down to 50 meters in urban areas where mobile traffic and density of antenna towers (base stations) is sufficiently high. Rural and desolate areas may see miles between base stations and therefore determine locations less precisely."

I also noticed in the affidavits I've read that the people the FBI are catching, they aren't using 3G.

I'm not very knowledgeable on this topic so take what I say with a grain of salt, but I've heard through the grapevine that this type of technology is pretty advanced and only used in the upper echelons of federal agencies and the military, IE, you'd have to do something really really bad for them to come after you with this technology. And even if they do, just take the SIM card out of the 3g modem when you're not using it and there is nothing to trace.

Link to comment
Share on other sites

digi - I don't really understand what it is you're saying. While google can trace wifi signals on phones accurately, to my knowledge 3G runs on completely different frequencies with different properties. Don't a lot of those phones have GPS devices embedded also? Read this paper on geolocating IP's on 3G networks.

www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCQQFjAA&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.210.2072%26rep%3Drep1%26type%3Dpdf&ei=Ut2ST_3EN46Jtwfk-eG1Cw&usg=AFQjCNGzseTqbg_1gEj0LTXyxxMMc5S8fA

If you skip to section 6 in the conclusion part, it basically says that accurate geolocation using IP addresses on cellular networks is near impossible. While it still would be possible to triangulate the signal to get physical location, wikipedia says that is only accurate up to 50 meters in urban settings and even more inaccurate in rural settings. http://en.wikipedia.org/wiki/Mobile_phone_tracking

"Advanced systems determine the sector in which the mobile phone resides and roughly estimate also the distance to the base station. Further approximation can be done by interpolating signals between adjacent antenna towers. Qualified services may achieve a precision of down to 50 meters in urban areas where mobile traffic and density of antenna towers (base stations) is sufficiently high. Rural and desolate areas may see miles between base stations and therefore determine locations less precisely."

I also noticed in the affidavits I've read that the people the FBI are catching, they aren't using 3G.

I'm not very knowledgeable on this topic so take what I say with a grain of salt, but I've heard through the grapevine that this type of technology is pretty advanced and only used in the upper echelons of federal agencies and the military, IE, you'd have to do something really really bad for them to come after you with this technology. And even if they do, just take the SIM card out of the 3g modem when you're not using it and there is nothing to trace.

I think it depends on where you are with it and how you use it, but I wouldn't bet on being secure with it alone like its an ace in the hole. Especially if you move place to place with the 3g device while its on, with enough signal and time tracking it, law enforcement would be able to find you. They could contact the phone company who's service you connect over, and shut you down leaving the 3G device disabled to the itnernet, but still track it, or just intercept your traffic and sniff everything you do on the 3G connection.

Think about what you are saying, regardless of triangulation, you are using the cell companies towers, which they can track which towers you are near and have connected to, and law enforcement can get a warrant to sniff your connection, or even force you to 2g vs 3g (since most devices will fall back or drop down to 2g for compatibility modes), which they can then remove 3G encryption and see all your traffic in the clear(although I am nto 100% sure on this with 3G modems, I do believe it works that way with cell phones, which 2G encryption is known to be broken to quote Georgia Weidman).

Now, you might tunnel your traffic over TOR or VPN via the 3g connection, but they can see the end points and still have control of the 3G network, and at some point figure this stuff out, or deny access to those networks or just deny you internet access all together. Same with wifi, but at least with wifi, when you leave a location and turn off your device, the connection doesn't leave with you, as where with 3g next time you turn it back on, "oh look, its on the other side of town now". They would be able to track your movements and eventually find you. Same with Wifi, but I think with wifi would be a tad harder, so long as you don't use the same places to connect from all the time, and don't leave identifying clues/trails when going online that pinpoint you as the same culprit each time. Hacking over 3G, leaves a consistent point of return every time to come back to when investigating.

Link to comment
Share on other sites

digi - I understand what you're saying but it appears that the vast majority of your argument is based on speculation. 3G is not GPS. At least publicly, there is no central 3g tracking center designed to give coordinates on all 3G users.

The goal of using 3G is to limit the probability of someone finding your PHYSICAL location As you mentioned, if I were interested in hiding traffic or preventing traffic from being sniffed, all I would need is to connect to a VPN via 3G.

You are incorrect about "them" being able to track your movements. Assuming wikipedia provides correct info, in a best case scenario they'll only get up to 50 meters accuracy of the location of the modem.

Hacking over 3G, leaves a consistent point of return every time to come back to when investigating.

As opposed to hacking over a landline?

They could contact the phone company who's service you connect over, and shut you down leaving the 3G device disabled to the itnernet, but still track it, or just intercept your traffic and sniff everything you do on the 3G connection.

And they can't do this on landlines? It's actually much easier for them to do this on landlines, no?

Think about what you are saying, regardless of triangulation, you are using the cell companies towers, which they can track which towers you are near and have connected to, and law enforcement can get a warrant to sniff your connection

Once again, it would be easier for LE to do this if you were using a landline... and once again, the goal is not hiding data, it's hiding a physical location.

I have a question, are you aware of any cases where someone's physical location was tracked down from using 3g? I am not. I am aware of MANY recent cases where physical locations were determined, even though the target was using wifi + VPN/TOR. If FBI affadavits tell us nothing else, they tell us they have the technology to determine the physical location of someone using TOR/VPN who is connecting from a landline. Not saying 3G is a sure shot way to hide your identity, but it seems LE isn't quite there yet.

Edited by bobbyb1980
Link to comment
Share on other sites

I have a whole plan as to how this can work which involves international flights, wifi, coffee shops and hotels, local mifi and countries with limited IT law.

Buy me a drink at a conference if you want to know more

Link to comment
Share on other sites

As opposed to hacking over a landline?

I would never suggest using a landline, assuming you mean dial up or wired connection from your home or someone elses. I was saying, only use wifi exclusively, and not from your own network. If you are doing something illegal, then might as well do it on someone else's wifi, and not anywhere near where you live, but more from on the road like cafe's/hot spots, libraries, hotels, airports, etc. Connecting wirelessly gives you some anonymity as where 3G ties you to that same 3G device every time due to how the device works and identifies itself, just from different locations you decide to turn it on. With 3G, it follows you on the physical device everywhere you use it and from my perspective, gives too much of a trail to leave behind if its associated with a hacking event. If done over wifi with spoofed mac address every time, you tie it first to the access points you use, then back to you, so if you continually hop networks, with spoofed mac addresses each time, its that much harder to say its the same person they are trying to track down.

By the way, 50 meters is only 164 feet. Thats a pretty small radius. They could easily pin point that as one building or location in my mind.

I also recall last Christmas, shopping malls tracking visitors to see what stores the same people bought it, based on phones signal and I think IMEI, or some other unique identifier on the phone.

Edited by digip
Link to comment
Share on other sites

I read about the mall using phones to track customers. They setup a lot of antennas with the confines of the mall, normal urban and rural areas do not have coverage like that mall experiment did. In theory, for someone to track 3g movements, they'd have to track it first from the telco's towers, then setup a bunch of their own antennas in that 50 meter area to further track it. In my apt building there are 6 - 12 apts in any given 50 meter area.

You could always get several SIM's or different modems and interchange them for further anonymity and obviously you keep it off when you're not using it.

There have been plenty of cases where the FBI has gotten people for using stolen wifi. Also where I am, WEP is rare and you wouldn't be able to depend upon being able to crack wifi wherever u go. I guess we'll have to agree to disagree, I personally feel that it is more difficult to resolve a physical location from a 3G + VPN/TOR based connection than a wifi + VPN/TOR based connection.

Link to comment
Share on other sites

The guys that don't make mistakes...haven't been caught. There are a lot more members of these groups, than the 5-10-15 that have been caught recently. If you do it right, you're chances are good. Unfortunately, doing it 'right', every time, all the time is hard. It's exactly the opposite of physical security. Normally the good guys have to be right 100% of the time...whereas the bad guys have to only get lucky once. In this case, you are in the good guy role and have to be perfect...LE just has to get lucky. If you tunnel a paid for in cash or Bitcoin VPN through Tor, the VPN doesn't know you, and the exit node can't sniff you. If you pick the right VPN, in a privacy friendly country, there is nothing to 'give' to the friendly detective. Heck, Riseup, based out of Seattle, has fought, and won, in the courts, over protecting their users...and that's in the land of the National Security Letter. Never from home...never. You're going to have to put miles on your car. And never from the same place twice. The full weight of the USA still took 10 years to find OBL...so I'm not fully convinced of their omnipotence. The Sabu thing is a perfect example. He screwed up and they got his address. He screwed up again and they sniffed his true MAC. Big boy rules...you can never screw up...ever...and that's a hard thing not to do.

PD

Edited by PaulyD
Link to comment
Share on other sites

That is, people whose computers you're going through can see plenty of your data even if you try to encrypt.

I disagree with this part. If I tunnel a VPN over Tor, all the exit node see's is the encrypted tunnel...much the same as what an ISP would see from a regular VPN connection. How are you thinking the exit node is breaking OpenVPN?

PD

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...