- Joined
- May 15, 2016
- Messages
- 19,040
- Likes
- 2,614
- Points
- 1,730
I forgot to turn on VPN
A resident of the UK Tomash Skouraon stole money with malware. The time-tested scheme was used: with the help of a trojan, access to Internet banking was stolen, and then the money was transferred to nominees, who then cashed them.
Thus, the criminals managed to withdraw more than $ 1 million from accounts worldwide. Tomash Skouron was directly involved in the transfer of funds from hacked accounts, and once his VPN failed. The original IP address of the cybercriminal appeared in the logs of connections to the victim’s Internet bank account. After a while, Tomash waited for a visit from the law enforcement agencies, and after the sentence - 5 years in prison.
Even if the offender uses VPN, there is always the possibility of software malfunction, for example, the connection may “fall off” imperceptibly for the user, or if the Internet is broken, the VPN application will not have time to redirect the Internet traffic to the VPN server, and some of the data will bypass VPN. And it also happens that VPNs simply forget to enable it. Even if the VPN contains the function of blocking data bypassing the VPN, failures are still possible. They happen to everyone, just for some programs, the “crash” of the service will lead to an unpleasant error notification, and the user will have to restart the program, in the event of a VPN error, the hacker’s real IP address will be in the hands of law enforcement agencies.
An effective solution could be to use the Whonix-Gateway as a firewall; Fortunately for our bank accounts, Tomash Skouraon did not know about this.
A photo for memory
Hacker Higinio Ochoa liked to hack various American resources and upload data to the network. In one of his publications, he placed a photo of a girl with the inscription “PwNd by w0rmer & CabinCr3w <3 u BiTch's!” Made on the iPhone.
This was a fatal mistake, as the photo retained the coordinates of the location of the shooting. And although they found only his girlfriend, from that moment he was doomed and the rest was a matter of technique. Fortunately, many popular sites now remove the coordinates of the filming location at boot, many, but not all. To be able to check for the location coordinates in the photo metadata and delete them is a useful skill. The shooting location is not the only thing that you can find out from the photo and what you should think about when uploading the image to the network.
The right to remain silent
This technology is already being actively implemented in banks, in a number of countries it is in the arsenal of special services, and the old scheme “bought a one-time mobile for one anonymous call” no longer works.
Each voice has its own unique imprint, by which it is possible to identify its owner - many know this. But the fact that the changes in the voice, which make the standard programs to change the voice, not a problem and do not protect against the detection - it becomes a surprise.
Vitalik from a provincial town of Russia decided to take part in a large-scale action on the “mining” of Moscow railway stations. To do this, he got Internet telephony, Double VPN and a program to change the voice. He got an account for voice telephony, worrying about his anonymity, on the underground forum. A good set of professional telephone bomber, is not it? He successfully “mined” the station, and enjoyed the success until nightfall, watching the news.
In the morning Vitalik himself became a member of local criminal news: the guys from the federal security service came to him with a search. Now Acne is awaiting trial and, at best, a huge fine. Calculate it helped voice imprint. Vitalik's call was recorded, then experts processed it, restoring the original voice. The program, which so successfully changed the voice, did not become a serious obstacle, and a sample of its voice imprint appeared in the database, which is united in Russia: banks and law enforcement structures have access to it.
Social networks will ruin you
Many would be interested to know who is viewing their pages on social networks, for how long and how often. The page of Dmitry Smilyants, a young and successful man, was viewed not only by friends, relatives and fans, but also by FBI agents. He was known to them as a cybercriminal under the pseudonym "Brave".
In July 2013, he posted his photo on instagram, where he posed in front of the “I Amsterdam” lettering. The agents immediately phoned the hotels nearby, and in one of them they were informed that Dmitry Smilyanets was indeed living with them, but was currently sleeping.
The next morning turned out to be the last for Dmitrii to go free, he was awaited by the arrest and transfer to the hands of the American justice. In the end, he will spend 5 years behind bars. Why wouldn't it just be wanted? Russian hackers are well able to receive information about the search from Interpol, and, of course, the officially wanted hacker will not leave Russia or will do it with maximum precautions in a country where the FBI will not be able to request his extradition. Therefore, agents follow the suspects with the help of social networks, and, as you can see, this gives a result.
I would like to talk about another rather instructive error of a cybercriminal who was engaged in a bad business ‒ trade in malicious software. He was an intermediary, or so-called reseller. Working with several malware developers, he earned a reputation and knew the shady markets well. But Alexei (let's call him that) was not immediately a popular malware merchant, he began by trying to crack mailboxes and offering services through the social network Vkontakte. He acted rather primitively: with the help of a phishing kit bought on the black market, he tried to catch victims by inattention. It didn’t happen very often, but at that moment yesterday’s schoolboy seemed like an incredibly profitable business. Naturally, all cool hackers have some cool nickname, and Alexey was no exception, inventing a new "hacker" name. He entered it in the name of his page on the social network, it was also displayed in the link to the page after the slash (/). Years have passed, and Alexey is no longer a self-taught hacker, but an outstanding professional who is wanted by law enforcement agencies of more than one country in the world. But something has survived since that time - and this is his unique nickname. And now, collecting information about him, law enforcement agencies stumbled upon his old page. The future serious cybercriminal, who did not get out of Thor, at the time, logged into the social network from his home IP address and gave customers a wallet for his passport details. Finding a page with information about him a few years later will lead to his arrest. it was also displayed in the link to the page after the slash (/). Years have passed, and Alexey is no longer a self-taught hacker, but an outstanding professional who is wanted by law enforcement agencies of more than one country in the world. But something has survived since that time - and this is his unique nickname. And now, collecting information about him, law enforcement agencies stumbled upon his old page. The future serious cybercriminal, who did not get out of Thor, at the time, logged into the social network from his home IP address and gave customers a wallet for his passport details. Finding a page with information about him a few years later will lead to his arrest. it was also displayed in the link to the page after the slash (/). Years have passed, and Alexey is no longer a self-taught hacker, but an outstanding professional who is wanted by law enforcement agencies of more than one country in the world. But something has survived since that time - and this is his unique nickname. And now, collecting information about him, law enforcement agencies stumbled upon his old page. The future serious cybercriminal, who did not get out of Thor, at the time, logged into the social network from his home IP address and gave customers a wallet for his passport details. Finding a page with information about him a few years later will lead to his arrest. But something has survived since that time - and this is his unique nickname. And now, collecting information about him, law enforcement agencies stumbled upon his old page. The future serious cybercriminal, who did not get out of Thor, at the time, logged into the social network from his home IP address and gave customers a wallet for his passport details. Finding a page with information about him a few years later will lead to his arrest. But something has survived since that time - and this is his unique nickname. And now, collecting information about him, law enforcement agencies stumbled upon his old page. The future serious cybercriminal, who did not get out of Thor, at the time, logged into the social network from his home IP address and gave customers a wallet for his passport details. Finding a page with information about him a few years later will lead to his arrest.
Conclusions
Be careful and careful, do not make silly mistakes in terms of security when you play on the other side of the law. Do not skimp on security and study matt before switching to fiercely dark schemes.
A resident of the UK Tomash Skouraon stole money with malware. The time-tested scheme was used: with the help of a trojan, access to Internet banking was stolen, and then the money was transferred to nominees, who then cashed them.
Thus, the criminals managed to withdraw more than $ 1 million from accounts worldwide. Tomash Skouron was directly involved in the transfer of funds from hacked accounts, and once his VPN failed. The original IP address of the cybercriminal appeared in the logs of connections to the victim’s Internet bank account. After a while, Tomash waited for a visit from the law enforcement agencies, and after the sentence - 5 years in prison.
Even if the offender uses VPN, there is always the possibility of software malfunction, for example, the connection may “fall off” imperceptibly for the user, or if the Internet is broken, the VPN application will not have time to redirect the Internet traffic to the VPN server, and some of the data will bypass VPN. And it also happens that VPNs simply forget to enable it. Even if the VPN contains the function of blocking data bypassing the VPN, failures are still possible. They happen to everyone, just for some programs, the “crash” of the service will lead to an unpleasant error notification, and the user will have to restart the program, in the event of a VPN error, the hacker’s real IP address will be in the hands of law enforcement agencies.
An effective solution could be to use the Whonix-Gateway as a firewall; Fortunately for our bank accounts, Tomash Skouraon did not know about this.
A photo for memory
Hacker Higinio Ochoa liked to hack various American resources and upload data to the network. In one of his publications, he placed a photo of a girl with the inscription “PwNd by w0rmer & CabinCr3w <3 u BiTch's!” Made on the iPhone.
This was a fatal mistake, as the photo retained the coordinates of the location of the shooting. And although they found only his girlfriend, from that moment he was doomed and the rest was a matter of technique. Fortunately, many popular sites now remove the coordinates of the filming location at boot, many, but not all. To be able to check for the location coordinates in the photo metadata and delete them is a useful skill. The shooting location is not the only thing that you can find out from the photo and what you should think about when uploading the image to the network.
The right to remain silent
This technology is already being actively implemented in banks, in a number of countries it is in the arsenal of special services, and the old scheme “bought a one-time mobile for one anonymous call” no longer works.
Each voice has its own unique imprint, by which it is possible to identify its owner - many know this. But the fact that the changes in the voice, which make the standard programs to change the voice, not a problem and do not protect against the detection - it becomes a surprise.
Vitalik from a provincial town of Russia decided to take part in a large-scale action on the “mining” of Moscow railway stations. To do this, he got Internet telephony, Double VPN and a program to change the voice. He got an account for voice telephony, worrying about his anonymity, on the underground forum. A good set of professional telephone bomber, is not it? He successfully “mined” the station, and enjoyed the success until nightfall, watching the news.
In the morning Vitalik himself became a member of local criminal news: the guys from the federal security service came to him with a search. Now Acne is awaiting trial and, at best, a huge fine. Calculate it helped voice imprint. Vitalik's call was recorded, then experts processed it, restoring the original voice. The program, which so successfully changed the voice, did not become a serious obstacle, and a sample of its voice imprint appeared in the database, which is united in Russia: banks and law enforcement structures have access to it.
Social networks will ruin you
Many would be interested to know who is viewing their pages on social networks, for how long and how often. The page of Dmitry Smilyants, a young and successful man, was viewed not only by friends, relatives and fans, but also by FBI agents. He was known to them as a cybercriminal under the pseudonym "Brave".
In July 2013, he posted his photo on instagram, where he posed in front of the “I Amsterdam” lettering. The agents immediately phoned the hotels nearby, and in one of them they were informed that Dmitry Smilyanets was indeed living with them, but was currently sleeping.
The next morning turned out to be the last for Dmitrii to go free, he was awaited by the arrest and transfer to the hands of the American justice. In the end, he will spend 5 years behind bars. Why wouldn't it just be wanted? Russian hackers are well able to receive information about the search from Interpol, and, of course, the officially wanted hacker will not leave Russia or will do it with maximum precautions in a country where the FBI will not be able to request his extradition. Therefore, agents follow the suspects with the help of social networks, and, as you can see, this gives a result.
I would like to talk about another rather instructive error of a cybercriminal who was engaged in a bad business ‒ trade in malicious software. He was an intermediary, or so-called reseller. Working with several malware developers, he earned a reputation and knew the shady markets well. But Alexei (let's call him that) was not immediately a popular malware merchant, he began by trying to crack mailboxes and offering services through the social network Vkontakte. He acted rather primitively: with the help of a phishing kit bought on the black market, he tried to catch victims by inattention. It didn’t happen very often, but at that moment yesterday’s schoolboy seemed like an incredibly profitable business. Naturally, all cool hackers have some cool nickname, and Alexey was no exception, inventing a new "hacker" name. He entered it in the name of his page on the social network, it was also displayed in the link to the page after the slash (/). Years have passed, and Alexey is no longer a self-taught hacker, but an outstanding professional who is wanted by law enforcement agencies of more than one country in the world. But something has survived since that time - and this is his unique nickname. And now, collecting information about him, law enforcement agencies stumbled upon his old page. The future serious cybercriminal, who did not get out of Thor, at the time, logged into the social network from his home IP address and gave customers a wallet for his passport details. Finding a page with information about him a few years later will lead to his arrest. it was also displayed in the link to the page after the slash (/). Years have passed, and Alexey is no longer a self-taught hacker, but an outstanding professional who is wanted by law enforcement agencies of more than one country in the world. But something has survived since that time - and this is his unique nickname. And now, collecting information about him, law enforcement agencies stumbled upon his old page. The future serious cybercriminal, who did not get out of Thor, at the time, logged into the social network from his home IP address and gave customers a wallet for his passport details. Finding a page with information about him a few years later will lead to his arrest. it was also displayed in the link to the page after the slash (/). Years have passed, and Alexey is no longer a self-taught hacker, but an outstanding professional who is wanted by law enforcement agencies of more than one country in the world. But something has survived since that time - and this is his unique nickname. And now, collecting information about him, law enforcement agencies stumbled upon his old page. The future serious cybercriminal, who did not get out of Thor, at the time, logged into the social network from his home IP address and gave customers a wallet for his passport details. Finding a page with information about him a few years later will lead to his arrest. But something has survived since that time - and this is his unique nickname. And now, collecting information about him, law enforcement agencies stumbled upon his old page. The future serious cybercriminal, who did not get out of Thor, at the time, logged into the social network from his home IP address and gave customers a wallet for his passport details. Finding a page with information about him a few years later will lead to his arrest. But something has survived since that time - and this is his unique nickname. And now, collecting information about him, law enforcement agencies stumbled upon his old page. The future serious cybercriminal, who did not get out of Thor, at the time, logged into the social network from his home IP address and gave customers a wallet for his passport details. Finding a page with information about him a few years later will lead to his arrest.
Conclusions
Be careful and careful, do not make silly mistakes in terms of security when you play on the other side of the law. Do not skimp on security and study matt before switching to fiercely dark schemes.