How To: Keeping Your Hacking Identity Secret - #2

Keeping Your Hacking Identity Secret - #2

Keeping Your Hacking Identity Secret - #2

My first ever post on here was 'Keeping your hacking identity secret' and it did very well, and its not something I see here on null byte. So read along.

Disclaimer:

I didnt introduce you this subject in my last post, but I while do that now.

First, I want to clarify that the following information in this guide is not intended for malicious purposes, these are things black/grey hat hackers take to use, and these are things that the government won't tell you about, because this is what they are looking for.

So if you are a white hat, or dont care about your anonymity, this will be pointless information for you. However depending on how you operate as a hacker, and what/who you work for, this can still be useful

lets get to it...

Introduction:

Everything else mentioned will be considered as if the people reading this guide are black/grey hat, which makes it easier for me to explain.

In order to become a successful hacker you need to know that your anonymity is everything. Anyone with the know how can execute a successful hack, but not everybody can get away with it. As you may already know. Tor VPN Proxies all of these are ways of changing your IP, and while this is the most important part, in my opinion there are countless of small details that are crucial in order to complete your anonymity. Get comfy because this will be a long guide.

You can read part one here:
here

Communication Methods:

A key part to anonymization is a secure communication method. There are so many different software that provides you several ways of talking securely to one another, how ever the one major down side is you are putting your identity in the hands of a company you do not know personally. This is very bad because, you do not know if they are actually being truthful on what they are providing.

We have seen this before with HideMyAss (VPN service) who was approached by US and had to hand over information on a specific user, however HideMyAss claimed not to keep logs from its users, but yet they were able to hand over information on a specific user. That is a perfect example that even though a company states something, that doesnt mean its completely true. Likely it is, but know that this company might be non-profit which means they can do whatever they want, or you didnt read their Terms of Service and therefore dont know that there are exceptions towards certain services to a company, which then results in a company handing over your data to the government.

I want you to know that even though a company is stating something, do some investigation. Ask around, read reviews, read their Terms of Service and Privacy Policy. (Yes im not kidding).

Some key things you should look for when wanting to communicate safely, are these:

  1. Check if they provide strong encryption
  2. Read the customers feedback
  3. Investigate
  4. Read ToS & Privacy Policy

Aliases:

I mentioned in part one that you should become a ghost hacker. A ghost hacker is someone who never uses the same name for everything. He constantly changes alias, and doesn't stay in one place for too long, which gives him many advantages such as FBI not knowing where or who to look for.

I want to point out that this also applies to all your accounts that you own, if you have an instagram & twitter account with the same alias, FBI & NSA and any skilled hacker will be able to link them together because of the same alias has been used, and trust me that is not hard to do.

VPN Providers:

This is an obvious one, however many newbies ask the common question on "What VPN should I purchase?" and "If I have to stay anonymous, why should I then pay for one?". I will now clarify these two questions.

Question 1: This will and I repeat, WILL depend on your current location. If you are located within the US it would be smart to fool your country thinking you are in China or Russia.

Question 2: This is because if you dont pay for your product, you are the only product being sold. A company needs money, and it costs money to keep their servers up, and they have families to feed, so why would they provide you and everybody else a really good software that anonymizes you when they can charge for it?

We live in 2016, and you need to remember that everything is about money now. Thats how it works as sad as it may sound to some of you. We need money to run things, and a successful cant keep their service secure if they dont have any money to that.

  • Additional precautions:
  1. Again read ToS & Privacy Policy (Yes, you have to)
  2. Make sure they are not located in USA.
  3. Strong encryption
  4. Customers feedback

Answer to precaution 2: This is because if you have a company in USA then USA will have complete jurisdiction over the company and the company will have to abide by US laws.

As many of you know, other countries have better privacy laws, such as Sweden and Switerland and they will therefore be a better advantage. Also FBI & NSA have headquarters in US which are the main 2 companies wanting to have all your information, but they have no power of getting such information if your VPN provider is located in Russia for example, because America doesnt have any jurisdiction there.

BEWARE: Some companies have many servers spread through many countries and these will sometimes include american countries. Know that if you sign up for this VPN you could end up on the server they have in US and therefore they have right to demand information from that server.

United States of America:

I will close this part 2 with USA.

Consider US your biggest enemy. With the 2 biggest agencies located in the US which feeds off your personal data, stay as far away from them as possible. To maximize your anonymity, try your best to not use software that falls under the Patriot Act Law, however I see that as very hard to do. Use software from companies that isnt located in US, and dont live in America. This is being very paranoid, but if you get caught and you are in America, you are facing american prosecutions.

Closing:

I hope you have learned from this, because I spent a lot of time writing this, and I will make this a series, so look out for further tips. Also I am releasing my DoX guide soon, which might be my next post. Also going to finish my series 'TypoGuy Explaining Anonymity'

6 Comments

Brilliant contribution. I want to add on that it helps to also use a variety of passwords so that if one of your accounts is compromised, none are.

But then again that's why I use different usernames and passwords to ensure my security.

That is true. I did also state I am making this a series, so I will feature that in fututre posts.

I'd like to add that you should use cryptocurrencies online to pay for VPN or anything else, because they are anonymous enough to keep FBI entangled for a while (depending on which currency you choose, it may be longer upto forever).

The rule of anonymity is to hide everything in chaos.

Also, you have to check every script that runs in your browser. Some of them can get nasty enough to check your real location.

-The Joker

I appreciate the additional pointers, however I am aware of these, and since this is a series now, I will feature it in future posts.

hey typoguy i want some help from you.
Actually i am working on an old python script Facebook.py

i have to add a vpn or manually add a code so that it changes its ip or proxy details automatically in 15-20 mins. Can you help me with this

I am not familiar with Python, and can't help you unfortunately. However this looks like something in the direction of what you are asking, not sure though. here

Share Your Thoughts

  • Hot
  • Latest