How to Become a Ghost Hacker - Merozey' Tips

(Merozey) #1

BRACE YOURSELVES because, this is a very long post and, i’ve gathered my pasts pointers to this entire topic and, with social-engineering being one of my primary special endeavors, I have now decided to give all of my pointers to you in one page. There are a lot that’s been covered, so i’m sure a thing or two has been missed.

Sorry for my absence
Life’s rough as we all know, we all have things to go through and I recently did - which I still am. But, it’s now manageable, thanks to several people.


Being Quiet

When I say this, I mean it in any possible way. Do NOT say a single word about your hacking life. Don’t even mention the word. The key to people not thinking you are a hacker is to never go in that area. If one day you pull of a great hack, and you didn’t cover all of your tracks, and the feds show up in your neighborhood to question your friends, they are obligated to tell the truth or they’ll be interfering with a federal investigation. But they can’t lie if they don’t know the truth.

That is of course a very drastic measure to take but, some hackers, possibly black hat hackers do take this measure very seriously and, most definitely members of Anonymous, since it’s an illegal movement. With the exception of their ISIS operations.

  • Conclusion
    Don’t tell your friends, family or loved ones, or you’ve put your secret identity in their hands too.


Don’t Put a Name to Yourself


What I mean here is, most hackers love attention. Take a look at Lizard Squad for example. They share the hacks they complete. Doing so, you give everybody the chance to communicate with you, because having a social media profile is for everybody in the whole world who wishes to, can be able to communicate with you. incl. feds. So, don’t put a name to yourself.

It also provides the ability for LE to watch you, whether you have 10 hops or 3 hops, it doesn’t matter because eventually you’ll make a mistake, whether or not that mistake is something you can afford is unclear. So, by having this public profile, anyone can ‘attack’ your profile and spy on you until that person makes a mistake.

  • Become a Ghost Hacker
    Ghost hackers are hackers who constantly changes his alias. No one can ever really get in contact with him, and he never is one place too long.This gives many advantages, as it being much harder for anyone to track you down. A good example would be Elliott from Mr. Robot. He doesn’t tell anyone about his hacks, and doesn’t put a name to himself.


Communication Methods


A key part to anonymization is a secure communication method. There are so many different software’s that provides you several ways of talking securely to one another. However the one major down side is you are putting your identity in the hands of a company you do not know personally. This is very bad because, you do not know if they are actually being truthful on what they are providing.

We have seen this before with HideMyAss (VPN service) who was approached by US and, had to hand over information on a specific user, however HideMyAss claimed not to keep logs from its users, but yet they were able to hand over information on a specific user. That is a perfect example, because even though a company states something, that doesn’t mean its entirely true. Likely it is, but know that this company might be non-profit which means they can do whatever they want, or you didn’t read their Terms of Service and therefore don’t know, that there are exceptions towards certain services to a company, which then results in a company handing over your data to the government.

I want you to know that even though a company is stating something, do some investigation. Ask around, read reviews, read their Terms of Service and Privacy Policy. (Yes im not kidding)

  • Key things to look for in a communication method:
    Check if they provide strong encryption
    Read the customers feedback
    InvestigateRead ToS & Privacy Policy




I mentioned that you should become a ghost hacker. A ghost hacker is someone who never uses the same name for everything. He constantly changes alias and, doesn’t stay in one place for too long, which gives him many advantages such as FBI not knowing where or who to look for. I want to point out that this also applies to all your accounts that you own, if you have an instagram & twitter account with the same alias, FBI & NSA and, any skilled hacker will be able to link them together because of the same alias has been used, and trust me that is not hard to do.

There is not much else to explain because, generally this should be common sense to anyone who understands the basics of anonymity and so, this is usually a precaution that people take. Probably even journalists does this when communicating with hackers or anyone using the deep web etc.


VPN Providers


This is an obvious one, however many newbies ask the common question on “What VPN should I purchase?” and, “If I have to remain anonymous, why should I then pay for one?”. I will now clarify these two questions.

Question 1: This will and, I repeat, WILL depend on your current location. If you are located within the US, it would be smart to fool your country thinking you are in China or Russia.

Question 2: This is because, if you don’t pay for your product, you are the only product being sold. A company needs money, and it costs money to keep their servers up and, they have families to feed, so why would they provide you and, everybody else a really good software that anonymizes you, when they can charge for it? We live in 2016, and you need to remember that everything is about money now. Thats how it works as sad as it may sound to some of you. We need money to run things and, a successful firm can’t keep their service secure if they don’t have any money to that.

  • Additional precautions:
    Again read ToS & Privacy Policy (Yes, you have to)
    Make sure they are not located in USA.
    Strong encryption
    Read customers feedback

Second precaution: This is because if you have a company in USA then USA will have complete jurisdiction over the company and the company will have to abide by US laws.As many of you know, other countries have better privacy laws, such as Sweden and Switzerland and, they will therefore be a better advantage. Also FBI & NSA have
headquarters in US which are the main 2 companies wanting to have all your information, but they have no power of getting such information if your VPN provider is located in Russia for example, because America doesn’t have any jurisdiction there.

  • BEWARE: Some companies have many servers spread through many countries and, these will sometimes include America. Know that if you sign up for this VPN, you
    could end up on the server they have in US and, therefore they have the right to demand information from that particular server.


Provide False Information


Many things fall into place when one has to successfully become a ghost hacker and, one of
the key things is what you’re telling people. When you are communicating online, you have two options. Either don’t say anything at all, or give them completely false information. Going with option one will most definitely spark interest to people whose intentions are to bring hackers to justice, so you might as well give them what they want but, you didn’t guarantee them that would you’re giving them will be correct information. That’ll be their job to determine, so let’s make it very difficult for them. And it’s important that you don’t reveal anything that can be remotely be connected to you in any way what so ever. It’s difficult but, it’s great to take these types of measures if you have to. For example Dead Pirate Roberts did this too I have been informed.


Your Timezone


This is also very important that you keep it a secret to everybody. Now this is where it can get very complex, because we all have jobs and, education probably, and family friends and so on. So in the end you’ll only have a few hours a day to come on your secret identity, so to get online at completely random times will be a tough task for some because of that. But for those who have that possibility shouldn’t take it for granted. Your buddies will not be able to determine where in the world you live if you come online at completely random time, with no pattern at all.


Wiping Everything


You also have to keep in mind that, even the best can be exposed to unexpected situations and so, you could find yourself in a situation where you have minutes to rescue your future. So, you’ll have to be prepared to DoD your hardware if you should have to, this is what most black hat hackers do when they find out they’ve been raided. If they’re lucky enough (or skilled enough) to find it before their door gets busted in.


Strong Encrypted Passwords


Next up is passwords. Again, the smart ones will only use one password for each account, and never re-use it. This way you again exclude the possibility of one being able to link two accounts together. Again a paranoia measure you can choose to do if you are paranoid like that. I don’t judge.


Language Patterns


Next up is the way you speak. This is the most crucial step when becoming a ghost hacker, because you can determine a lot by the way one types, and with 2016 now being here, we have very smart people being able to determine various things out from just how one types and or speaks, therefore this is very important you understand this step. I’ll elaborate.

Say you have 2 different aliases, and if you truly want to make sure no one is thinking you are the same individual, type differently than you usually type. This includes words you wouldn’t usually include in your vocabulary, and maybe make certain spelling mistakes. By doing this you are giving people an idea of who your alias is, and if you continue to type in that way, they won’t even begin to think if this account they came across on eBay, speaking very sophisticated is in some way connected to this account on craigslist, typing with basic grammar.


Creating an Identity


The goal for the multiple aliases, and additional steps taken here, are to create a character to the people you are speaking to. Because when you are sitting behind your screen, you obviously don’t know who is sitting on the other end and, therefore you might as well fill this persons head with a completely false idea of who you actually are in real life. This gives great advantages such as if the FBI should stop by and question that individual, he’ll be describing someone completely different, and maybe someone who doesn’t even exist. Who knows.


Knowing When to Leave


As a ghost hacker you also need to know that you can still upset some people, and make some enemies, and a wise ghost hacker do not wish to be in such situation. You need to know when danger is headed to your door, and if even the slightest sign of ‘shadyness’ is present, you have to leave your alias. As I have also mentioned earlier, ghost hackers never stays one place for too long, and a perfect example of such scenario is if danger has occurred. By ‘discarding’ your alias, you never log onto it again and never talk to the people you knew under that alias on a different alias, otherwise they’ll be suspicious.


I hope you’ve learned a lot, I decided to take a few pointers out because, I didn’t feel they were worthy enough. These pointers are useful, so I advise you all to remember them.

Anonymity: Basics
Anonymity: Basics
(Leader & Offsec Engineer) #2

MEROZEY! Hey man! It’s been a while :wink: Good to see you back! Hope you’re okay! I’m around on the IRC if you wanna talk :slight_smile:

This is a pretty awesome article! I am getting a real Mr Robot vibe :stuck_out_tongue:

In the past many great hackers have been caught out by their egos, their need for attention, or their single act of foolishness.

(Merozey) #3

indeed it has! I appreciate your concerns I will probably pop up soon enough on the IRC.


Nice Article! I very much think it is important to be Anonymous on the web, and I think you had a lot of valid points! Good job!

(Merozey) #5

thank you very much !


Awesome article! I think I will be refering back to this many times. I probably need to work on that time-zone thing, and try to split my online time up randomly rather than just being online 10 straight hours every day xD.


A very informative article that is, to my mind, only missing one point. Your initial point of access to the internet is what the Feds are tracking you back to. If you are carrying out activity that may well draw the attention of LE you should ALWAYS bear this in mind. Hacking a poorly defended AP in order to access the net will always be a better option than using semi-anonymous public wi-fi, and this itself will always be better that using your own ISP. If you consider the very valid points raised by Merozey, and combine them with a hacked AP, you will stand a much better chance of remaining anonymous. It goes without saying that you also need to consider MAC spoofing etc.




caught the article late but it’s an awesome one. I like it good job


With regard to the VPN: Wouldn’t the NSA be able to track your progress and searches for things like, “VPN service in China” or something?

(Leader & Offsec Engineer) #11

Buy a laptop, cash, download tails in an internet café. Install it.



Or for many of us educational networks from uni are an alternative to (net-)cafés as well :slight_smile:

Edit: even just going to your nearest fast food chain will give you access to Wi-Fi for free for at least an hour :wink:

Edit2: depending on where you live there might be an airport…

Also if you’re already knowledgeable enough to become a ghost hacker you most likely can force your way into someones wifi!

There’s always more than one way to everything

(Saaid Minh) #13

Someone told me that web domain providers that are supposed to check ID will take literally any random fake ID you give them, so the ones that request ID are better sometimes because they have shittier procedures.

This helpful advice!

(Leader & Offsec Engineer) #14

You need to find the balance between very busy networks (like airports), but lack of CCTV, (bathrooms)

(ouroborus) #15

Buy a laptop, cash, download tails in an internet café. Install it.


guess what, ulbricht ross did the same.


Hence educational networks, a small cafe or similar is the better choice obv, but if you’re desperate you have to find a way around those CCTVs :stuck_out_tongue:

(Leader & Offsec Engineer) #17

They basically just doxed him. His networking security was near flawless. But his opsec sucked with his original posting on a forum, and on stack overflow linked with his real identity. From there they used data correlation attacks.

Data correlation attacks are difficult if they don’t even have an idea of who or where you are.

(Not a N00b, but still learning) #19

Of course this depends on your opponent, but you should never have the battery in it anywhere near your home and leave your personal phone at home when conducting your “activities”. Just my $0.02

BTW: Excellent and funny video! :smile:

(system) #20

This topic was automatically closed after 30 days. New replies are no longer allowed.