The world has always been fascinated with Hackers. In this video, we’ll learn about how they hide themselves online. Watch the Video https://www.youtube.com/watch?v=BWVyp0wYpgA&ab_channel=GrantCollins 00:00 four years that is how long a group of 00:02 hackers were able to stay inside the 00:04 starwood marriott network without being 00:06 discovered oof how the heck does an 00:08 unauthorized party stay hidden for this 00:10 long well in today's video topic i will 00:12 address popular methods hackers will use 00:14 to stay anonymous online while hiding 00:17 their online footprint 00:19 so let's go ahead and get started all 00:20 right no the first step is not matrix 00:22 level hacking as much as we love it to 00:24 be it's actually physical security 00:26 physical security is also referred to as 00:29 operational security or opsec so if 00:31 you're one of those you know military 00:33 guys you probably know about this or if 00:35 you're just some random weird it nerd 00:37 well yeah you're probably gonna need to 00:38 know about this too because guess how 00:40 many times it takes to be successfully 00:42 identified 00:43 once one time this guy right here the 00:46 infamous dread pirate roberts or ross 00:48 irvitch or however you pronounce his 00:50 last name who founded the silk road a 00:52 billion dollar underground dark 00:54 marketplace for drugs and other stuff 00:56 how did he get caught well no it wasn't 00:58 through some extreme matrix level glitch 01:01 hacking it was his opsec he got caught 01:03 in san francisco public library his 01:05 go-to place to conduct his fraudulent 01:07 activity and well he did some bad things 01:10 such as often bragging about his work on 01:12 his linkedin page using oblique verbiage 01:15 and he used his real photograph for his 01:17 fake id 01:20 so these are just a few of the critical 01:21 elements which pieced together and led 01:23 to his downfall and these aren't 01:26 technical in nature its habits and the 01:28 public interactions that led to ross's 01:31 downfall it is essential hackers be 01:33 aware of their online and offline habits 01:35 including where they use and connect 01:37 their computers their writing style 01:39 their social media posts and their 01:41 social interactions in general basically 01:43 someone who's the exact opposite of me 01:45 here on youtube okay so an attacker has 01:48 their basic physical security down 01:50 what's next acquiring the hacking 01:52 machine used to conduct your fraudulent 01:55 offensive activities first off buy the 01:57 machine with the most untraceable and 01:59 mobile trail possible ideally this is a 02:02 laptop which is bought in a privacy 02:04 focused cryptocurrency form such as 02:06 monero or zcash once this machine has 02:08 been acquired completely wipe the 02:10 operating system windows no more and 02:13 immediately buy a usb stick to preload a 02:16 live operating system install this usb 02:19 stick right here is a live os meaning 02:22 there is no permanent storage but you 02:24 also want to make sure to enable full 02:26 disk encryption just in case of full 02:28 compromise now when you're installing a 02:30 live os it is important that you keep an 02:33 os distribution such as linux tails and 02:36 mine linux tails is a suite of privacy 02:38 focused features and functionality which 02:41 allow an adversary to stay anonymous 02:43 alright so what's the next step you must 02:45 say that is to go ahead and anonymize 02:47 your identity and network connection 02:49 there are several steps to accomplish 02:51 this now any type of unique or 02:53 pseudo-unique identifier is going to be 02:56 harmful to a hacker like you and i 02:58 because well you can be tracked by that 03:00 now from a hardware perspective one of 03:02 the most well-known identifiers is a mac 03:05 address so a mac address is a serial 03:07 number issued by the device 03:09 manufacturers it is used to identify a 03:11 device on a local network and can be 03:13 used to help identify the geographical 03:15 location of a machine in some cases 03:18 mac address spoofing or mac address 03:21 anonymization uses different mac 03:23 addresses to anonymize your identity 03:25 there are different ways you'd 03:26 accomplish this such as built-in 03:28 programs customized scripts and built-in 03:30 tools in linux tails the mac address is 03:32 temporarily changed to a random value 03:34 for each new session with tails now in 03:37 addition to mac address randomization 03:39 you're also going to want to anonymize 03:41 the ip address what is that you must say 03:44 an ip address is a network address 03:46 assigned to all machines when connecting 03:47 to other networks to accomplish ip 03:50 address optimization services such as 03:52 vpns tour for web browsing and proxies 03:55 can be used but this is all with strict 03:58 caution each of these methods introduces 04:00 intermediaries with assumptions of 04:02 complete trust vpns extend a private 04:05 encrypted network over a public network 04:07 connection tor uses a network of 04:09 computer nodes to balance a connection 04:11 between different nodes across the world 04:13 and proxies can alter the location 04:16 appearing as if the originating request 04:18 is coming from the proxy client all 04:20 three methods introduce an intermediary 04:22 or central location which can log your 04:24 traffic and send that to an authority in 04:27 order to ensure 100 anonymity you must 04:30 never 04:31 really trust a central authority but in 04:33 a modern architecture such the as the 04:35 internet that's really not realistic now 04:37 to establish these types of anonymizing 04:39 services you could go ahead and use an 04:41 open source project for instance for vpn 04:44 servers you can use openvpn or tailskill 04:47 and then you can install this on 04:48 attacker owned or controlled device or 04:50 you could just use some sort of third 04:52 party provider for tor you can download 04:54 the to our project or use a distribution 04:56 like tails which already has tour 04:58 routing enabled by default a hacker can 05:01 layer each anonymizing service upon each 05:03 other so a program like proxychains can 05:05 be used to route internet traffic 05:07 through a list of proxies on top of the 05:10 tor network to set up this demo i went 05:12 ahead and edited the proxy chains config 05:14 file and set the chain to dynamic 05:17 setting which excludes all dead proxies 05:20 then i also enabled dns requests to be 05:23 proxied through the proxy chain and i 05:25 wrote down the default proxy server 05:27 which is the sox5 through our loopback 05:30 address let's proceed to go ahead and 05:33 start up proxy chains here first thing 05:35 we need to do is make sure that tor is 05:37 on so we can go ahead and do a service 05:39 tour 05:40 start 05:42 okay once this is on we can go ahead and 05:45 go to our proxy chains 05:48 and we're gonna go ahead and use 05:50 duck 05:53 now this will take a few minutes or it 05:56 won't take anything at all see where we 05:58 are coming from we can use a dns leak 06:00 website and i found this all through an 06:02 article so just go ahead go to dns leak 06:06 and as you can see we are coming from 06:08 romania so this is a basic way to layer 06:12 both the tor network and proxy chains on 06:14 top of each other to become anonymous 06:17 okay so after this step it is finally 06:20 time to ensure that 06:22 you're not really working in the same 06:24 environment and that is separation of 06:26 environments you have to make sure that 06:28 you're separating your hacking 06:29 environment from your you know normal 06:32 everyday use environment a classic 06:34 example of machine separation is virtual 06:36 machines and containerization use 06:38 ephemeral or temporary environments when 06:40 conducting offensive security activity 06:43 it is never a good idea to use one 06:45 single environment for all activities 06:47 computer machine isolation ensures 06:49 evidence can be contained and then 06:50 destroyed and this can be really 06:52 achieved through virtualization also 06:54 hackers can use a bouncing server to 06:56 connect to their valuable infrastructure 06:58 where their offensive tools and data 07:00 lies so some cloud party provider that 07:03 doesn't really care about what happens 07:04 on their machines in this way all the 07:06 hacker has to do is have an ssh 07:08 connection into the server after they've 07:10 anonymized their identity even if the 07:12 bouncing server is destroyed or 07:13 compromised the hacker can curate and 07:15 develop a new one within a matter of 07:17 minutes so like i said before you have 07:19 to separate your offensive security work 07:21 from your everyday work environment and 07:24 in this case it's important that you're 07:26 also randomizing your network connection 07:28 so to do this you can go into public 07:30 wi-fi and you know use wi-fi map dot io 07:34 which is a resource to go look for 07:35 public open wi-fi networks and make sure 07:38 that you're randomizing exactly when 07:40 you're you know connecting to that wi-fi 07:42 remember our good boy ross you know he 07:44 uh well you know what happened to him 07:46 okay so up into this point i've talked 07:48 about anonymizing one ownes identity but 07:51 i haven't talked about actual attack so 07:54 let's say in a hacker has compromised a 07:57 network similar to the starwood myriad 08:00 case 08:00 how can they go about you know covering 08:03 up their online tracks within the 08:06 network so they're not being detected by 08:09 any security professionals like you and 08:11 i once initial access has been 08:13 established it is imperative that 08:15 attackers limit their offensive activity 08:18 so it's not a good idea to generate a 08:20 whole bunch of logs and activity once 08:23 you're entered into network it's about 08:26 stealthynessness 08:28 take a look at the solarwinds attack of 08:30 2021 the alleged adversaries kept the 08:32 tracks hidden for months by slowly 08:34 testing their capabilities through the 08:36 course of those months initial access 08:38 started september 4th of 2019 and then 08:40 by march of 2020 is when the 08:42 distribution of sunburst was deployed 08:44 and that took six months now in addition 08:47 a skilled adversary will analyze network 08:49 and user behavior and mimic this 08:51 offensive activity as closely as 08:53 possible such as conducting their 08:55 actions during the proper business hours 08:57 next hackers will blend their fraudulent 09:00 activity with common network connections 09:02 and protocols such as dns tunneling dns 09:06 or the domain name system is an 09:08 essential component to a network 09:09 translating ip addresses into those web 09:11 domains 09:12 well because dns is essential it's 09:14 usually opened so in dns tunneling it 09:17 uses seemingly harmless dns queries to 09:19 traverse between a private and public 09:21 network 09:22 a hacker could use an encrypted 09:24 connection and route their fraudulent 09:25 activity through dns take dns cat 2 an 09:29 open source command and control 09:30 framework that lives out on github which 09:32 is used to route traffic through dns in 09:34 this demo i used the windows machine to 09:36 simulate a victim and a cali machine to 09:39 simulate an attacker i downloaded dns 09:41 cat to utility on github on my kelly 09:44 machine and then the victim payload on 09:45 the windows machine which is an 09:47 executable in this case so if we go 09:49 ahead and start the dns cat to server 09:52 we need to set the security policy to 09:54 unencrypted in a real world scenario of 09:56 course you wouldn't want to do this but 09:58 i'm a script kitty so 10:00 well i'm just using this for testing 10:01 purposes and also it worked i'm a script 10:04 kitty anyway let's go ahead and get 10:06 moving forward so if we do set 10:09 that will make sure that our security 10:10 policy is 10:12 to unencrypted 10:14 now if we go into our windows machine i 10:17 already downloaded the windows 32 here i 10:20 have added the host which is this 10:22 machine's 10:24 let's go ahead and execute it 10:28 and boom as you can see we now have a 10:30 session and it's an unencrypted session 10:33 now let's go ahead and see if i can get 10:36 well i don't know notepad plus plus or 10:38 notepad open 10:40 so we what we do here is we go into 10:43 session 10:44 i 10:46 one 10:48 and then we can see our list of commands 10:50 here that we can do so for instance we 10:52 can ping or we can get a shell 10:54 but um well let's go ahead and do exec 10:57 notepad 11:01 and as you can see we now have a notepad 11:05 opened and this is all tunneled through 11:07 dns so in a real world scenario if this 11:10 was encrypted 11:11 you really wouldn't be able to notice 11:13 that this 11:14 fraudulent traffic was going through 11:16 your network unless 11:17 you had some advanced defenses in place 11:20 all right so hopefully in today's video 11:21 you've learned something new about how 11:23 hackers can hide their tracks although 11:26 this video was very let's just say 11:28 script kitty high level overview 11:30 uh you can see how even people such as 11:33 the silk road founder can be absolutely 11:36 taken down with 11:38 one poor doing but this is how hackers 11:41 do it anyway if you guys want me to do a 11:43 video on getting more technical let me 11:45 know in the comments down below yes and 11:48 until the next video 11:50 well don't be a script giddy and 11:52 that that's me have a good day guys

Monero

Zcash

Chain

BUNCH

YouTube

Why You Should Never Store Passwords in Web Browsers

I Tried Hacking a Bluetooth Speaker - Here's What Happened Next

Read My Stories

Too Long; Didn't Read

How do Hackers Hide Themselves? - A Guide to Staying Anonymous Online

How do Hackers Hide Themselves? - A Guide to Staying Anonymous Online

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Are Cybersecurity Jobs Recession Proof?

Anonymity in Virtual Reality

Anonymous Work Talk for Silicon Valley

"Any Industrial Revolutions Must Come With a Technology Transformation" - The Professor

Bank Discount.

Blind Survey: What the Valley Really Thinks About Uber

Are Cybersecurity Jobs Recession Proof?

Anonymity in Virtual Reality

Anonymous Work Talk for Silicon Valley

"Any Industrial Revolutions Must Come With a Technology Transformation" - The Professor

Bank Discount.

Blind Survey: What the Valley Really Thinks About Uber

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps