Being Invisible?

Hey,
I am pretty new here in this forum.
First of all I want to say, that i know that hacking isn’t similar to what we see in movies.
I would like to know what you do to be as invisible as possible. In movies you often see things like a „hopping ip-address“ (with that I mean that the IP address changes every few seconds to another location). Are these things possible in real life? And how can we try to stay as invisible as possible?

Thank you in advance and I hope that you understand what I would like to know. If not feel free to leave a message.

Have a great last day of year 2018

While it’s technically possible to get a new IP every few seconds, it would be an awkward experience (and not ideal for general use).

Personally I think being invisible works best by blending in to the crowd. For instance, as I’ve discovered: If you only use a specific alias for one purpose, it’s visible as an outlier. That alias has no social life attached, no mundane tweets about a good meal or complaints about the current government. This would be seen as unusual, and would possibly warrant further investigation. On the other hand if your online persona engages in all sorts of regular online activities, googling for “how to surf the darknet” will seem much more in-line with the normal standard, and less of an outlier.

Hopefully I’ve explained myself clearly.

Your question can be separated to two different needs:

• Avoiding identification / tracability
• Avoiding detection of unusual activity

This can be implemented in many levels, and depends on context. When someone steals a car, they might want to cover their hands and faces to avoid identification, and pick the alarm to avoid detection.

When communicating over the Internet, your primary identifier is your IP address. There are other identifiers, these can be things like how your OS calculates TCP windows size and ISN, browser cookies, resolution, caching etc. The amount of differentiation that every identifier provides about you varies: Your IP address is unique, but there might be more than one person in the world using Windows 10 x64 build 1703 with a 1920x1080 screen. If someone suspects that you’re switching IPs, they can use these fingerprinting techniques to track you.

Once they have your IP, they get a warrant, someone makes a phone call to your ISP and it’s game over.

The basic things you can do is use Tor. Tor is a software package that relays your connections over a special anonymizing network, randomizing the route and encrypting your information so that every node only knows the IP from which it received data and where to send it. By relaying connections over multiple nodes, it would be quite difficult to know where traffic originated from. Other forms of anonymizing methods are using SOCKS proxies and VPN.

Avoiding detection is also context dependent - when attacking a machine there are many ways to get caught. There’s IPS / IDS for hosts, networks and web applications, Antivirus software will try to catch your exploits and payloads etc. The operating system has built-in logging facilities that log a lot of actions. Network administrators can use tools that automatically collect these logs and analyze them to find suspicious activity like unknown process creation, outgoing connections, logins, startup items, new user accounts etc. To avoid detection you need to collect information about your target and study the environment before performing actions so you know what’s going to trigger security events.

There are techniques that can be used to hide files, processes, connections etc, usually requiring administrator access.

Once someone suspects that a host is compromised they will start looking for evidence, depending on their incentive, skills, time and resources. Forensics teams can extract information from hard drives so these days people are talking about fileless malware. Live memory can be extracted too, but the process is more involved.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.