Staying anonymous when hiring server(hosting)

anonymity
malware

#1

As we know, most of the malware writers getting away with it even after huge attacks. The think i am wondering how they hire a server without expose their identity? They can hide thier IP with VPS.VPN , they can change their MAC address and they can connect to that VPS,VPN from an internet that not belong to them, but what about payment? as i know most of the good hosting sites doesnt accept bitcoin. so whatsup with that?


#2

For education purposes:
You hack a (web)server and use that as a C&C


#3

I read some malware analysis’s articales about some malwares like this one : https://kjaer.io/extension-malware/ and the malware writer in this case just got host from DigitalOcean and as i know he didint got caught. So there must be another way


#4

Create a fake identity and pay using a stolen credit card.


(Command-Line Ninja) #5

You can host C&C through Tor hidden services. The trick however is bundling tor with your malware.

Some server hosts will also let you pay with Bitcoin. Usually only you have paid with a card however.


#6

Rent an offshore VPS, using bitcoin retrieved through a mixer :wink:


(Command-Line Ninja) #7

Links? :grin:

Asking for a friend


#8

I mean, if these skrubs can do it, so can anyone else.


#9

I never had the needs to deploy such services, yet. However, you can find plenty of hosting solutions specialised in offshore hosting which support bitcoins payement. Same things with bitcoin mixer. I will not take the risk to commute you on a specific provider cause I ahve no feedback about it and I don’t want to take such responsabilities :stuck_out_tongue: However, it seems to be the safest way to be still anonymous when renting servers :slight_smile:


(Command-Line Ninja) #10

I like to shy away from loading stuff on the disk. It gets messy with popen and stuff.

Could you access tor via onion.to ?


(Hardware Bias!) #11

1.) Connect VPN + TOR in this arrangement: You -> TOR + VPN -> VPN -> destination

2.) do some google dorks for stolen credit card dumps.

3.) Buy BTC with them

4.) Send the BTC to another address in your wallet. Do this atleast 3 times.

5.) Send your BTC through a mixer service.

6.) Again, send your new mixed BTC to another address in your wallet. I’d say do it 3 times again. The more the better.

7.) Buy a virtual credit card with your BTC.

8.) Hire a VPS with that VCC. Use a fake identity if needed.

9.) …

10.) Profit.

Also, don’t care about the rest. Now ofc it is good to encrypt your malware connections to avoid IDS’, but for anonymity? Well how are they going to trace it back? you used a fake identity, the transaction is pretty much untraceable, and you used your TOR + VPN setup so they can’t track down your country either.

Also @dtm, did you call the wannacry creators skrubs? xD

-Phoenix750


#12

If they had been more thorough and more smarter about it, their malware would have probably lasted longer than three days. Not to mention that they handled the payments manually like the apes they are.


(Hardware Bias!) #13

Good points indeed, but something tells me they never anticipated that their attack would be this massive. “Aight guys let’s use this exploit and let’s infect some home netw… HOLY SHIT WE INFECTED HALF OF EUROPE!”


#14

@Phoenix750 maybe this in a combination with “we have to get this shit released as fast as possible before everyone knows/read the nsa leak”

@dtm i heard their support hotline was awesome and people way faster in reacting and more friendly. They even gave discount on the ransom to pay in some cases. Not sure where i read it I’ll link it once i find the reference again


(Silur) #15

Tor hidden services and a relay (like onion.to) if you don’t care about high bandwidth (meterpreter works this way).
Front-gun servers for anything else.

…and the wannacry binary is a piece of joke :smiley:


#16

There’s less than 50 reliable offshore VPS and Dedi providers out there that accept bitcoin, even less that do without verifiable details needed, and way less (as a subset thereof) that are somewhat bulletproof.

One of the caveats with hosting on a VPS/Dedi that you don’t have physical access to is that the provider could just clone your drive and steal your private key for the hidden service (a clearweb equivalent would be DNS poisoning, though in this case it’ll be a problem forever lest you change .onion’s). And that’s not even mentioning all your data

If you don’t know how to defend against this you have no business running a hidden service that has any intrinsic value.

That being said static HTML websites can be served quite safely by the novice, assuming you’re not hosting anything of tangible value for a well resourced adversary.

[This was written in a rush, sorry for any errors]


#17

One way that hosting services do accept payment is through prepaid VIsa/Mastercards.

These can be bought with cash at various stores, and therefore have no name attached.

I would venture this is one way to anonymously rent VPS’s.


#18

:joy: :joy: :joy: :joy: :joy: :joy: :joy: :joy: :joy: :joy:


(system) #19

This topic was automatically closed after 30 days. New replies are no longer allowed.