How to hide your tracks on the internet?

[maboroshi]

Hi recent posts bring up some rather good points and I would like to start a thread hopefully people will contribute to and make it a sticky

How do you cover your tracks on the internet

I guess the first is step is knowing what tactics are used to track you, as DNR pointed out

thats why I would like to leave this in sections

A) Articles related to tracking and forensics techniques

and

B) Software and Hardware tools used to counter measure those techniques eg hard drive encryption, proxies whatever you think

open to more suggestions

cheers


Maboroshi

[Gogeta70]

One way to be nearly completely anonymous is to wardrive. Using other people's wireless networks to do the dirty stuff. This will make it so their ip shows up in the logs, making them the suspect. However, people have still been caught even using this method.

Many wireless routers keep a log of all computers that connect to the network. The log often contains the internal IP that was used along with the MAC address of the computer. So before connecting to the network, you should change the mac address of the card, which can be done from the properties of that adapter.

[moudy]

However, people have still been caught even using this method.

Many wireless routers keep a log of all computers that connect to the network. The log often contains the internal IP that was used along with the MAC address of the computer. So before connecting to the network, you should change the mac address of the card, which can be done from the properties of that adapter.

Even if you are logged by the router, isn't it possible to do your attack from a secure place, and then vanish from the area. I assume I didn't understand the mac address thingy well.

[Gogeta70]

Sure, you can do your attack from a secure place, but there is surveillance everywhere now days. You could be caught on camera or something. However, if they can't match your mac address to the one that is in the log of the router, then they have nothing against you.

The mac address is the physical address of the nic that you have. Every nic has a different mac address. It's like a physical ip addresss somewhat. All you need to do is go to your wireless adapter's properties and put in a different mac address (it's in hex, so only #s 0-9 and letters a-f).

[DNR]

wardriving is the best, easiest way to hide, you use someone else's IP Identification because you gained access to their network via their wifi AP.

You can login to wifi AP and try default logins, then clear the logs!

The MAC issue comes from this: your browser or server-side scripts will try to Identify the machine i.e. your laptop. It uses MACs of the device accessing the network, your browser, version of OS, build,cookies and even registry leaks, as well as some applications you have installed. This is a 'fingerprint' of your laptop.

http://www.hashemian.com/whoami/

HTTP_ACCEPT: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
HTTP_ACCEPT_ENCODING: gzip, deflate
HTTP_ACCEPT_LANGUAGE: en-us
HTTP_CONNECTION: Keep-Alive
HTTP_COOKIE: __utma=145846189.159241457.1241192587.1241192587.1241192587.1; __utmb=145846189; __utmc=145846189; __utmz=145846189.1241192590.1.1.utmccn=(organic)|utmcsr=google|utmctr=whoami|utmcmd=organic; __qca=1240899815-19555336-95930471; __qcb=1181159873
HTTP_HOST: www.hashemian.com
HTTP_REFERER: http://www.hashemian.com/whoami/
HTTP_UA_CPU: x86
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
REMOTE_ADDR: 75.218.127.209
REMOTE_PORT: 1931
REQUEST_METHOD: GET
REQUEST_URI: /whoami/
SERVER_ADDR: 74.86.128.70
SERVER_NAME: www.hashemian.com
SERVER_PORT: 80
SERVER_PROTOCOL: HTTP/1.1
SERVER_SIGNATURE:
SERVER_SOFTWARE: Apache
REQUEST_TIME: 1241192656

this is a fingerprint, each little detail can be matched to your computer's recent activities or its setup configuration. You can see the HTTP User-Agent is the worst.

At best you can pretend it is a firearm and destroy the laptop after you commit a big 'no-no'. But smart crooks try to modify the firearm - like scratching up the barrel so forensics can't match bullets to the fubar'ed barrel. In this case, you will try to obliterate your laptop's fingerprint by spoofing or modifying the identifying features, change the OS, version, macs, etc.

There are so many unsecured wifi APs. To be elite, I guess I could build a hi-gain antenna to utilize a desktop wardriver. You can install this easily into a vehicle, like a van. You can locate and try to ultilze several wifi APs from a long distance away, this way you are not stuck sitting in front of someone's house or business. Having more than one wifi AP means you have another IP.

Be aware that it is possible to track the location of this type antenna as it is not a passive listening system - a Signal locator can sniff the airwaves with a directional antenna to pick up your SEND signals..Hence the point moudy said "send your dirty file and SPLIT".

You can also build repeaters to send and recieve your signals to a open wifi AP from a farther distances. If the cops use a signal locator, they will first find the repeater....

DNR

[lilrofl]

I'm fairly certain that it would be simple to locate your target through repeater towers with a spectrum analyzer, not right away of course... but once you followed the signal to the repeater tower the source signal for that tower would be easy to pick up and followed like a trail of bread crumbs to the source signal.

Here's kind of a long shot though. If you had each repeater tower transmit to another repeater tower at a different frequency and only the tower connecting to the access point using the 2.5-5GHz range say for the network access it would slow down a person trying to locate the source signal because they would have to widen their search parameters. the wider your range is, the more interference you get from other things like cordless phones, microwaves, cellphones, and the like.

As a final note I guess, it would be REALLY neat if each tower talked to each other tower about what frequency they were transmitting on, and they had an algorithm so that they could change frequencies in mid brodcast... in fact, I would think that if they all had the same algorithm they wouldn't even need to talk about what frequency they were going to because they would all change all at the same time together... maybe 10 times a second would be sufficent to not only make them near impossible to intercept, but also pretty difficult to follow.

meh... whatever I guess, now I'm just rambling lol

[computathug]

Well wardriving is the obvious one as the best way to try to hide your activities but then as Mabs said, how many other ways are there. I wouldn't say that any is fool proof as each individual way also depends on the user, experience and the main one....the target.

Proxies are another option but who is to say the government wont force them to release identities or even the possibility of connecting to a dangerous proxy.

Using several wingates, proxies, bots etc are other ways and maybe fine depending as already mentioned but in my view wardriving is always going to be the best option.

[un0wn]

perhaps adding a virtual machine into the picture would help as far as spoofing the OS fingerprint goes.

just a thought

[DNR]

thats a correct assumption un0wn - what ever connects to the internet and GETs files is the one that will be leaking OS, browser, apps data.

You can just use a packet editor and control what is passed back and forth between the server and you.

I would also carry the tools separate from your computer - you can't be caught carrying the tools to spoof, it could lend to circumstantial evidence.
All the files you need can be stored on a internet portal.

DNR