IP Addresses, Tracing, and Why You're An Imbecile

[Random]

This thread is intended to be a brief guide on:

• what IP addresses are and why they're used; and
• how IP tracing works; and
• why you're a fucking imbecile.

This thread will have much in common with many threads already in the Electronics forum - any thread to do with IP addresses, tracing, or proxies will have relevance here. For more specific answers on these topics, consult those threads.

What is an IP address?
An IP Address is a little bit like your house's address or phone number. If we want to contact you, we'll send something to your house or we'll call your house.

Your computer is a bit like that house, but instead of having an address or phone number, it has this IP address thing. If we want to contact your computer, we'll use this IP address to contact you.

What are IP addresses used for? I don't want you to contact me
Any time you do something with another computer - whether it is sharing files or playing games across a local network, or browsing the internet - you are sending information between computers.

Because there could be (and is) millions of computers transferring information at any one time, the information that YOU are sending needs to know who you are sending it to. That's why we have this IP address thing.

That information that you sent from your computer will find its way to some sort of central hub. That hub will look at the little tag attached to the information you are sending - that tag has things like where the information came from and where it is going, and what type of information it is.

The central hub looks at where you're trying to send it, and then it reads something which is a bit like a phone directory, but it's for IP addresses. It will either find out which cable to send it directly to your friend's computer, or it will send it to a different central hub which does know where to send it.

Without an IP address (or some similar system), your computer can't interact with any other computer.

All I'm doing is posting on a forum. Do the "Feds" watch every bit of information that goes back and forth?
I don't know if they watch every bit of information that goes back and forth, and chances are that they don't know either. I imagine that the process is very much automated and the people get summarised reports to work with.

To get to the point, though, many forums (and other websites and servers - this isn't limited in any way to just forums) will keep logs of what IP addresses have sent information to the server, what they sent, and when they sent it.

If the Feds wanted to chase up someone on these forums, for example, they could either go through the legal process of getting that log information (which is hopefully what they do most of the time), or they could employ counter-security experts (aka. crackers, or "hackers" as the media has misconstrued, but I won't get into that) to break in and get the log information directly.

They would see your little phone number (IP address) sitting there in the logs with the incriminating post. But how the hell could they find your computer amongst the millions of others in the world?

There is a few ways, which I won't go into detail with here. The idea is that...well, remember those central hubs with the phone directories? They work out which one is closest to you, and then get the details of that server (chances are that it's an ISP, similar to...well, whoever sells you your internet, that's an ISP).

Now, right next to that hub's phone directory is ANOTHER log, just like the one on the website server - it has times and addresses and all the rest of it. Through a bit of deduction, Feds can work out which ISP account made the incrminating post, and they can link that up with the ISP's accounting records to get a physical address.

You might not be in the house when they burst through the door, but that's when it becomes the same as a normal crime - they look for witnesses and fingerprints and all of that. If you go to an internet cafe, they might ask the employees for a description or look through security camera footage.

So yes, they can find you by using something as simple as an IP address.

I'm not an imbecile! Fuck you!
Yes, you are. Hiding behind a username (or even a proxy) does not make you invisible, does not hide your electronic fingerprints and footsteps, and definately does not make you safe from prosecution.

Likewise, using an acronym like SWIM or a fictional character in place of yourself to describe a planned or committed crime will not protect you from prosecution. That's like saying you'll get off a speeding ticket if you insist that you weren't speeding...yeah, right...

Why are you an imbecile? Because when you do things on the internet that incriminate you, you forget that they can find you, and if they want to, they will. Don't get cocky, thinking that you're safe hiding behind a username and an acronym.

I think that DIzzIE introduced a quote that sums things up quite nicely...

Quote:

Originally Posted by DIzzIE

"hi I'm planning on committing a crime soon, but first im going to announce it on the internet. No one will ever know its me because im hidden behind a user name and that makes me invisible. As I dont know the full details of how to commit this crime im asking people online so they can be accomplises in the event of an investigation. If you have committed this crime yourself please tell me about it thus incriminating yourself on a medium that can be accessed world wide."

http://www.radio4all.org/aia/security.html

-nihilismus

[Darkshadow666]

IP addresses are scary easy to trace...

Confederate Axis of Darkness IP Trace

[Skelton]

there's a program i can't remember its name but it switches your IP address every so often, they would still be able to track you down but it would be harder or would it be impossible?

[S7@1T3D]

Quote:

Originally Posted by Skelton

there's a program i can't remember its name but it switches your IP address every so often, they would still be able to track you down but it would be harder or would it be impossible?

Isnt that called a proxy??

[Darkshadow666]

is it Tor? I use tor and it works great.

[lovinit52]

I'm not naive enough to think that I couldn't be tracked if someone with the right authority wanted to, but just for my own knowledge I'd like to get something clarified.

I understand how the physical address of the building could be tracked, but anything beyond this is baffling to me.

Say i bring my laptop to somewhere with free wifi (library, coffee shop, university campus, etc.) out of the 100 people on the wireless network at the time, how does it get tracked to me?

[Random]

Quote:

Originally Posted by lovinit52

I'm not naive enough to think that I couldn't be tracked if someone with the right authority wanted to, but just for my own knowledge I'd like to get something clarified.

I understand how the physical address of the building could be tracked, but anything beyond this is baffling to me.

Say i bring my laptop to somewhere with free wifi (library, coffee shop, university campus, etc.) out of the 100 people on the wireless network at the time, how does it get tracked to me?

You will have to connect to the wireless network with a wireless network interface card. Every network interface card has a "unique" identifier - your transmissions across a local network (such as the wireless network you described) will be tagged with your MAC address (the unique identifier), rather than your IP address. Your IP address will be logged alongside your MAC address on the wireless router's records.

Joining a free anonymous local network like the one you have described makes it much harder to be identified, but far from impossible...

[Darkshadow666]

If you live in a densely populated area, you could get onto various other people's wifi and keep switching networks every few minutes.

[Paranoid Ecstasy]

If you truely didn't want to be found, you should just use a library computer.

[Random]

Quote:

Originally Posted by Paranoid Ecstasy

If you truely didn't want to be found, you should just use a library computer.

And then authorities match the MAC address of the internet access with that of the computer you used, and connect the time of access with whom the cameras or library staff reported seeing using that particular computer at that time.

There will always be a trail.

[paininvmuthafuckinass]

Wifi+JAP or VPN (obviosuly of someone you KNOW isn't a rat)+spoofed MAC address+reset BIOS= win

[jbockmon]

(for advanced computer users only, I'm not responsible for what u do with this info)

this is what i would do for ALMOST complete anonymity on the internet

Buy a computer at a flea market or a place that sell computers in cash only with no camera's.

Use the MacChanger program so that the MAC can't be traced back to me

Set up TOR, which stands for The Union Router. (what TOR does is sends your data to other computers in different countries so that if a government agency ever tried to subpoena any logs they would be ripping there hair out talking with the Chines Government or some other foreign country)

If you live in the suburbs than finding a wifi with no security or easily crackable WEP shouldn't be that hard (or if you want just use ur own internet connection if u trust TOR enough)

Now you can do what you want with ALMOST complete anonymity. Make an ATM in Bumsville, Idaho spit out $700 into the street or download the Windows source code just don't blame me and don't do anything stupid

[jbockmon]

Quote:

Originally Posted by 666courtney

It's Onion routing.

Do'h I'm real good with typos

Quote:

Trust is how people get caught.

very true

Quote:

And screwing with banks is how the rest of the "black hat" hackers get caught.

I was referencing the 1995 film Hackers (i can't believe you didn't catch that)

[kikthecan]

park your car outside starbucks.
stay a night at a hotel.
drive down the street until you get a connection.

Really not that hard unless you're too damn lazy to go outside.

[jbockmon]

Quote:

Originally Posted by kikthecan

park your car outside starbucks.
stay a night at a hotel.
drive down the street until you get a connection.

Really not that hard unless you're too damn lazy to go outside.

What about your IP address they will be able to log it. Then the get your MAC address and then they will find the manufacture of the computer ur using and get you home address and all of your information and then our in jail for 6 month lol

[LizzyReikoZ]

Well first off don't do anything really stupid on your own computer, but if you're not hacking anything important to the government, a proxy server in a country like Iran would make things more trouble than it's worth to track you down. The idea of driving by and using random people's networks is excellent, but can cause suspicion, being you're the only one parked outside with a laptop. Thankfully, in large cities, there are multiple networks close enough to your home for you to switch off every once and a while.

[squat251]

Quote:

Originally Posted by LizzyReikoZ

a proxy server in a country like Iran would make things more trouble than it's worth to track you down.

you can stop pushing the idea of using an proxy in iran or any other foreign country...its the dumbest thing i have heard anyone who claims to know what they are talking about say, in a very long time.

first, iran puts limits on the internet, so you cant do nearly as much as you wanted to do.

second, since 911 the feds are looking at connections made to the middle east, for obvious reasons, and would watch everything you did with your false security. incase you dont understand what that means, ANY crime you commit online will immediately be seen by gov't agents, who probably have already traced your IP to where ever you are.

third, why iran? and not, say mexico? thats a non-extraditional (please excuse my spelling) country, so anything done there would be anonymous, right? if your answering no of course not, then your absolutely correct the US will find a way to get any info they need especially if they know you connected to the proxy, and would thus just track all connections out of that proxy pinning any crimes to you, then after searching your HDD they find that you did indeed commit the crimes and prosecute as such. your an imbacile for offering that as a way to get around being caught, and i hope anyone who follows that advice is caught and gets thier balls cut from them (or appropriate anatomical part) for being that stupid.

[LizzyReikoZ]

That isn't for doing REALLY bad things online... but if it's just the local cops that have to try and find you, they'll see an IP from another country and not be able to find anything, so it will end up in a cold case pile somewhere.

The BEST thing to do would be to use multiple wifi networks and proxy servers in lots of different countries. It would take forever to track you down, then just change your MAC address a lot too.

[midsman]

Hi all, new here but have been reading for a while. There are clearly some clever buggers out there at Bombshock!!

The reason I thought I'd chip my first post in on this subject is that I used to work for a company that was scammed out of nearly £1600 (about $3000) over a 12 month period a couple of years ago using the method below.

He eventually got caught as he was videoed outside a train station using cracked WIFI. By the time he was caught the Police reckoned he had made over £1.1 million (about $2 million) by buying fairly low value electronic equipment and selling it on.

Firstly, he had accessed (cracked) the local councils homing database and had a full list of all empty properties.

Secondly, he had multiple fake ID's which he used to set up multiple Paypal accounts. He made sure that none of the purchases ever exceeded the limit at which Paypal required verification. I think at that time it was about £200.00 ($380) and obvioulsy used multiple Paypal accounts per day.

Thirdly, he would buy laptops from small computer outlets, always minimum spec but with Wi-Fi. Not sure about the US but you can buy a decent WI-Fi enabled laptop for around £200 here, or, beleive it or not, get one FREE if you sign up for 3G services (with fake ID, obviously)

So, here's how he did it

He would go and buy a laptop for cash, giving a fake name and address to the (small) retailer he had bought it from. He would always have a few days beard growth, wear a baseball cap etc just in case of CCTV. Apparently he would go to 5 or 6 different outlets in a day and buy 5 or 6 laptops.

He would then travel to places that had free Wi-FI and order several items from multiple web sites using his multiple faked Pay Pal accounts. He would put the delivery address as one of the empty council houses that he had gotten the address for by hacking the Council database. He would then get rid of the laptop completely (never found out where). Think about it. £200 laptop, £1000 - £2000 worth of goods, it's worth getting rid of it.

He would then break into the empty house or flat (apartment for our American Cousins) 3 or 4 days later. Find all of the couriers "we tried to deliver but couldn't, please collect parcel from.........) and then turn up at the couriers Depot with the "we tried to deliver" note and collect the item. I assume he made sure that items that were delivered at the same time were never sent by the same courier.

He would then sell the item.

Although he ripped my old employer off (who was actually a good guy) I did actually think "clever b*stard" and hade a grudging respect for him. Obviously his mistake was using a place where CCTV was everywhere (they are after the Tube bombings, especially by Rail Stations).

I don't know the ins and outs of how they actually related his car to the crime, but I would imagine a guy sitting in his car using a laptop on CCTV at the exact time an order was placed probably did it.

So, there you go, an almost perfect way to do it as long as you are careful.

[LizzyReikoZ]

For doing that, I would recommend driving through an upper class neighborhood with a laptop with a WiFi card. Use something like AirSnort to crack WiFi signals that are encrypted (with WEP), and then place orders that way.

[Beyond]

Quote:

Originally Posted by Random

And then authorities match the MAC address of the internet access with that of the computer you used, and connect the time of access with whom the cameras or library staff reported seeing using that particular computer at that time.

There will always be a trail.

Oh, completely hypothetical.

That's ensuring that:

A) There is a large enough need to warrant any of that effort.
B) The library has a camera system in place.
C) The library has a camera system in place to monitor specifically the computers.
D) The library has a camera system in place to monitor specifically the computer in question.
E) The quality of the CCTV being used is good enough to produce images that can be used to positively identify someone.
F) The library, authorities, etc. have a system in place to identify, link, and apprehend any Joe Schmoe that uses a computer based solely off of a surveillance video.

Etc., etc., etc.

I mean come on, just because a camera is there doesn't mean it's a case closed. Do you realize how many crimes are unsolved even when capturing the suspect on film? Do you realize how many crimes are unsolved even when capturing the suspect on film and positively identifying him/her?

A vast majority of libraries, especially in the States', don't use surveillance equipment inside the building itself. It's hard to warrant a $10,000 addition to a library in Bumfuck, Montana where they have 1,000 citizens and the crime rate is next to nothing. That's a far extreme but I live in a town of 100,000 and even our library doesn't have exterior cameras.

Hypothetically your plan works but in reality? You're buying into technology a little too much.

[LizzyReikoZ]

If they think you're a terrorist, there are no limits to how far the government will go to track you down.

[Beyond]

Quote:

Originally Posted by LizzyReikoZ

If they think you're a terrorist, there are no limits to how far the government will go to track you down.

Doesn't mean they'll catch you. Ever heard of Osama Bin Laden?

[Random]

Quote:

Originally Posted by Beyond

Oh, completely hypothetical.

That's ensuring that:

A) There is a large enough need to warrant any of that effort.
B) The library has a camera system in place.
C) The library has a camera system in place to monitor specifically the computers.
D) The library has a camera system in place to monitor specifically the computer in question.
E) The quality of the CCTV being used is good enough to produce images that can be used to positively identify someone.
F) The library, authorities, etc. have a system in place to identify, link, and apprehend any Joe Schmoe that uses a computer based solely off of a surveillance video.

Etc., etc., etc.

I mean come on, just because a camera is there doesn't mean it's a case closed. Do you realize how many crimes are unsolved even when capturing the suspect on film? Do you realize how many crimes are unsolved even when capturing the suspect on film and positively identifying him/her?

A vast majority of libraries, especially in the States', don't use surveillance equipment inside the building itself. It's hard to warrant a $10,000 addition to a library in Bumfuck, Montana where they have 1,000 citizens and the crime rate is next to nothing. That's a far extreme but I live in a town of 100,000 and even our library doesn't have exterior cameras.

Hypothetically your plan works but in reality? You're buying into technology a little too much.

When I created this thread, I had seen too many requests for foolproof ways of doing things online and not getting caught, or people actively denying that it was at all possible for them to be traced.

The intention of this thread was to point out that, while the chance may be small (perhaps infinitely so), any person can be traced and found should the pursuer put in enough effort.

[Dozer]

There's so much ignorance in this thread I can hardly decide where to begin... The main thing I want to say is that while tracing your IP may be easier than you think, it's also much harder than you think.

If you are using a GOOD proxy and someone elses WIFI connection then, for the most part, you are a ghost. MAC addresses are virtually useless unless you put yourself in stupid situations.

Here's a scenario for you, if you're using what I described above:

1) You do wrong on the internet.
2) The feds/authorities decide to pursue you.
3) They get your IP and they contact the owner of the IP (an ISP or whoever).
4) They're told that the IP belongs to someone (the proxy).
5) They go to a judge, get a warrant.
6) They seize the proxy machine (home pc, server, whatever)
7) They discover that it was not the bad guy, but a proxy. They pull the logs to find where it was redirecting to.
8) They find it was redirecting to a starbucks in New York (this could be 2000 miles or more from the proxy).
9) They go to that wifi location, pull the router logs and find SEVERAL DOZEN people connected to that router at the time of the crime.
10) Now, the last step... they hope that the WIFI router keeps decent logs and is able to tell them specifically which mac address was doing the crime. Otherwise they may have several dozen mac addresses to search thru. At this point they have to begin scouring all of NYC's ISP's for ALL these mac addresses and getting warrants for all of them, or at least interviewing all of them, to find out who the criminal is....

Sound easy? Not hardly. The biggest obstacle in this story:
Many proxy services clear their logs every 7 days. This means that unless they get a warrant and get to the proxy service within 7 days, the records are GONE.

[Mitchell_Leary]

As a former conspiritor I can assure you of this: Groups like this are allowed to exist for one reason and that is to collect intelligence on participants. From potential school shooters to home-grown terrorists, they're all here. This group has been heavily infiltrated by every three-lettered agency that exists.

Many groups like this one are actually fronts created BY those three-lettered agencies. It's an age old intelligence collection method. Before the internet they advertised in magazines like Soldier of Fortune--strictly to find out the names of people that are interested in this deep fringe information.

The internet has actually made this so much easier for them. Another example is kiddie porn websites. These groups and websites pop up overnight, some have existed for ages. It would take a very unstable mind to think you're going to get away with this for more than a month. Most of them are nothing but fronts...and they work!

New and improved domestic telecommunications laws have gone into effect in these last few months, no longer is a court order required by law enforcement to monitor electronic communications. One in five telephone conversations are reviewed. ALL conversations are monitored via computer for key words.

Big Brother is alive and well and right here in this group.

[Random]

Quote:

Originally Posted by Mitchell_Leary

Big Brother is alive and well and right here in this group.

I have no doubt, but...

Quote:

Originally Posted by Mitchell_Leary

One in five telephone conversations are reviewed. ALL conversations are monitored via computer for key words.

Got evidence or reputable third-party sources to support this claim?

[Lestat666]

JAP is a Project from german college Dresden and Regensburg.
You can used it to surf anonym, but...
when you make shit in the net, the The Federal Criminal Police Office of Germany (in German: Bundeskriminalamt or BKA) get the information and try to find you out.
And don´t feel safety, because you lived in the states or a another europe country. The german Cops haven´t no problems to give the information to cops from another country.

I would maybe vote TOR.

Use Mozilla or an alternative Browser, not IE from Microsoftporn
& g00ge Chrome.
Disable Cookies + Javascript. You can use "No Script for Firefox.

Take Mozilla Thunderbird for ya mails. Mod this programm with
PGP + Enigma/Enigmail? to crypt your e-mail.

Fuck Icq. Take Pidgin and install the OTR (Off the Record)

Don´t used a normal version from emule. Everybody can see ya IP.
That is the same, if you will steal it directly from a shop
Rapidshare or other 1-Click-Hoster is a good service to get some
files for free.

ok, i hope somebody can used this infos.

[Lone Gunman]

The best way to not get caught for committing crime is to simply not brag about it online... For example never give specifics like locations, dates or even the said crime etc.

[Titchmeister]

Note. I haven't actualy done this in real life as i am broke and can't be bothered but it works perfectly well in theory. This is for informational purposes only and i will not be held responsible for what you do with this info.
By far the most effective but by far one of the most challenging ways to make yourself extremely close to anonymous is to do the following:
1)Buy several crappy laptops either with wifi built in or get a few wireless adaptors
2)Use a MAC changer program to change your MAC address on all laptops
3)Create pretty big ad-hoc network linking all the laptops to a public terminal (cyber-cafe library etc) make sure that it's password protected
4)Place all laptops as far away from the public terminal and eachother (and out of sight obviously) but close enough that they can still pick up eachother's singal, this will allow you to use said public terminal to connect to the internet even if you are several hundred feet away ( bird's eye view should look like this you@--@--@--@--$ (@=laptop $= public terminal))
5)On the laptop furthest from the public terminal connect to the internet through ALL of the other laptops and public terminal
6)Go on and use several proxy sites (as many as it takes for you to feel secure) whilst trying to avoid the ones set up by feds or summat lol
7)Do W/E obviously illegal activities you are trying to do
This will make it preatty damn near inpossible for anyone that doesn't have a few months spare time to track you down as they will have to go through about 20 i.p. and mac addresses, about 4 of which are fake lol, espescialy if the laptop you are actualy using has been bought with a credit card regisistered to a fake person .
You could also make it even harder to track you by making several ad-hoc networks e.g. laptop1-laptop2, laptop2-laptop3, laptop3-public terminal, making sure that you use a different password for each network.
Perfect for all your hyper-illegal activities