Self explanatory title, I recently learned that most VPN services keep logs of whatever the hell you’ve been doing while under their product, so how do people stay undetected? Or as undetected as you can really get on the internet. I’m assuming they make their own VPN’s?
Edit: thanks for all the replies guys I’m still new to the sphere and want to learn more, don’t understand all of it but excited to learn nonetheless.
Layered approach with a combination of VPN, TOR, and sometimes proxies as needed based on the type of traffic and protocols you are using to connect to your target hosts.
Good traffic discipline and cleanroom client tools and environments to guarantee you don’t leak any identifying information.
Shape the data that the client “sees” coming from you in such a way as to keep them either unaware of your actions because your traffic looks boringly normal and blends into the background noise or, extremely brief if you are going for the pen.
Change all these variables up regularly, but randomly, to keep pattern-matching threat detection algos blissfully unaware of your existence until it’s too late.
It’s not about being undetected.
It’s about being anonymous.
It’s about not using anything that can be traced back to you.
Well, TOR exists, making your own vpn is a possibility, and there are some vpns that don’t keep logs, I believe Mullvad vpn is a good example of this. Another way is to get a proxy, which likely does not keep logs, and is much easier to set up yourself if necessary.
A malicious hacker who needs to stay undetected may have his own infrastructure of hijacked systems he can route traffic through. This way, he can perform any action without exposing himself.
They aren’t using things that get advertised on YouTube
Really high level stuff as far as I understood is done with proxychains, often with bulletproof hosts, hopped through several hostile/semi-hostile/uncooperative nations.
There are services in certain countries called “Bulletproof hosts” who’s only function is that they will not cooperate with law enforcement. They use techniques such as “fast flux DNS”, where all of the servers on their network are shuffling IP very frequently, and they intentionally keep no logs. This means even if law enforcement comes knocking with an IP, the host itself ought to not even be able to say *which* of their own servers did it.
A bulletproof host is paid with bitcoin through anonymous or stolen wallets, ideally.
The connections are chained through several of these, eg. turkey → russia → china → united emirates → istanbul, and the feasibility of pursuing the connection becomes extremely difficult/not feasible/not cost efficient. Get a warrant, go to istanbul, fight with the BPH, go to the united emirates, get a warrant, etc. This is a political and judicial nightmare.
The final hop is proper opsec. Never hack on your own network. Do not use any personal machines, buy a burner laptop, never connect it to *anything* you use. Do not log in to twitter, even if you wipe it after, do not connect to your wifi network, do not use a fancy custom browser setup, do not even turn it on at your house. This laptop’s sole purpose is to be as unrelated to you as possible to prevent data leak. A single correlated fingerprint burns the entire proxychain.
For remote CNC, techniques like anonymous twitter accounts can be used. Post a tweet that says “XYZ 123”, and your botnet that has been watching the twitter feed for instructions starts performing an attack. Same opsec applies. Variety can be used here, I have no experience in this, just enjoy reading up on it.
“Hackers never work from home”
The answer is simple, most hackers are simply outside of the jurisdiction of the USA, etc.
You can just use public Wi-Fi too lol
There’s three different types of crime here:
You buy a burner laptop (new) with cash somewhere where you don’t live. You use public wifi to conduct your illegal activities also as far away from where you live if possible. That’s pretty much it. Once you’ve reached your goal you destroy the burner laptop as much as you can. You never let personal and hacking hardware touch each other. You never log in to anything personal on your burner either.
I recommend reading a book called how to hack like a ghost. Not because it’s a super great book, but because it covers this topic in a good way. You can find the pdf easily.
Here’s something that hasn’t been said. Unless you’re targeting the government or cybersecurity companies, you’ll probably get away with it with just a VPN. Most companies don’t have the resources to “use Visual Basic to create a GUI interface to track your IP”.
They live in countries that don’t give a fuck about other countries
Rule number one: don’t use your own connection for mischief
You can layer VPN’s (meaning using a vpn to connect to another vpn), so the “exit” vpn will just see that the previous one connected, and if you do it enough it just gets confusing. Not all VPN log stuff, so if they’re using the right one you’re SOL. TOR (The onion Router) is practically impossible to track. You can set up a tunnel through a computer you already have access to (called a pivot) so that anytraffic looks like it’s coming from that computer and not yours. You can set up your own VPN (tunneling though another computer is basically a VPN at the most simple level).
Also Logs. Windows keeps logs of just about EVERYTHING, so if you get into a windows machine it’ll be there, but if it’s a semi-busy server (say a mail server) you’ll have thousands of other connections so it’s hard to find. You could also just delete all the logs (windows will show that all the logs were deleted, so they’ll know that SOMETHING happened, just not what). Linux machines you can delete specific entries in the logs, but if anybody sets up copies of the logs under a different name you’re SOL.
Could also be using a “Burner” computer. Just get a laptop and do not do anything on it that associates it with you and it’ll be near impossible to track.
There are a lot of ways to hide what you’re doing. And most “Hacks” don’t last for that long. If you’re just uploading Spyware, once it’s on the system then it’ll just activate for half a second to do it’s job then shut off without you noticing. Once a OS is ID’d you can just script a directory walk and common grabs so you don’t have to do anything.
Well some use a VPN to connect to TOR ot vice versa, then connect to a VPS or Virtual Private Server, they hack from the server, government tracks IP to server or VPN, they ask VPN, if they chose good the VPN provider won’t listen to government, or if they give you up they find VPS, then VPN or Tor, eventually they give up if you took the right steps because it becomes impossible to find you, especially if the country you hacked isn’t on good terms with the place you hacked from or the sever provider is from
How come no one is mentioning Tails OS? Its a burner OS that runs completely on a flash drive and it wipes itself after every reboot. It also comes prebuilt with tools to access TOR and to spoof your MAC address.
With difference tools in Kodachi Linux. Fox example: TOR, VM, others wifi, VPN, proxy chains etc.all in one.