IP Addresses, Tracing, and Why You're An Imbecile

[Random]

This thread is intended to be a brief guide on:

• what IP addresses are and why they're used; and
• how IP tracing works; and
• why you're a fucking imbecile.

This thread will have much in common with many threads already in the Electronics forum - any thread to do with IP addresses, tracing, or proxies will have relevance here. For more specific answers on these topics, consult those threads.

What is an IP address?
An IP Address is a little bit like your house's address or phone number. If we want to contact you, we'll send something to your house or we'll call your house.

Your computer is a bit like that house, but instead of having an address or phone number, it has this IP address thing. If we want to contact your computer, we'll use this IP address to contact you.

What are IP addresses used for? I don't want you to contact me
Any time you do something with another computer - whether it is sharing files or playing games across a local network, or browsing the internet - you are sending information between computers.

Because there could be (and is) millions of computers transferring information at any one time, the information that YOU are sending needs to know who you are sending it to. That's why we have this IP address thing.

That information that you sent from your computer will find its way to some sort of central hub. That hub will look at the little tag attached to the information you are sending - that tag has things like where the information came from and where it is going, and what type of information it is.

The central hub looks at where you're trying to send it, and then it reads something which is a bit like a phone directory, but it's for IP addresses. It will either find out which cable to send it directly to your friend's computer, or it will send it to a different central hub which does know where to send it.

Without an IP address (or some similar system), your computer can't interact with any other computer.

All I'm doing is posting on a forum. Do the "Feds" watch every bit of information that goes back and forth?
I don't know if they watch every bit of information that goes back and forth, and chances are that they don't know either. I imagine that the process is very much automated and the people get summarised reports to work with.

To get to the point, though, many forums (and other websites and servers - this isn't limited in any way to just forums) will keep logs of what IP addresses have sent information to the server, what they sent, and when they sent it.

If the Feds wanted to chase up someone on these forums, for example, they could either go through the legal process of getting that log information (which is hopefully what they do most of the time), or they could employ counter-security experts (aka. crackers, or "hackers" as the media has misconstrued, but I won't get into that) to break in and get the log information directly.

They would see your little phone number (IP address) sitting there in the logs with the incriminating post. But how the hell could they find your computer amongst the millions of others in the world?

There is a few ways, which I won't go into detail with here. The idea is that...well, remember those central hubs with the phone directories? They work out which one is closest to you, and then get the details of that server (chances are that it's an ISP, similar to...well, whoever sells you your internet, that's an ISP).

Now, right next to that hub's phone directory is ANOTHER log, just like the one on the website server - it has times and addresses and all the rest of it. Through a bit of deduction, Feds can work out which ISP account made the incrminating post, and they can link that up with the ISP's accounting records to get a physical address.

You might not be in the house when they burst through the door, but that's when it becomes the same as a normal crime - they look for witnesses and fingerprints and all of that. If you go to an internet cafe, they might ask the employees for a description or look through security camera footage.

So yes, they can find you by using something as simple as an IP address.

I'm not an imbecile! Fuck you!
Yes, you are. Hiding behind a username (or even a proxy) does not make you invisible, does not hide your electronic fingerprints and footsteps, and definately does not make you safe from prosecution.

Likewise, using an acronym like SWIM or a fictional character in place of yourself to describe a planned or committed crime will not protect you from prosecution. That's like saying you'll get off a speeding ticket if you insist that you weren't speeding...yeah, right...

Why are you an imbecile? Because when you do things on the internet that incriminate you, you forget that they can find you, and if they want to, they will. Don't get cocky, thinking that you're safe hiding behind a username and an acronym.

I think that DIzzIE introduced a quote that sums things up quite nicely...

Quote:

Originally Posted by DIzzIE

"hi I'm planning on committing a crime soon, but first im going to announce it on the internet. No one will ever know its me because im hidden behind a user name and that makes me invisible. As I dont know the full details of how to commit this crime im asking people online so they can be accomplises in the event of an investigation. If you have committed this crime yourself please tell me about it thus incriminating yourself on a medium that can be accessed world wide."

http://www.radio4all.org/aia/security.html

-nihilismus

[Darkshadow666]

IP addresses are scary easy to trace...

Confederate Axis of Darkness IP Trace

[Skelton]

there's a program i can't remember its name but it switches your IP address every so often, they would still be able to track you down but it would be harder or would it be impossible?

[S7@1T3D]

Quote:

Originally Posted by Skelton

there's a program i can't remember its name but it switches your IP address every so often, they would still be able to track you down but it would be harder or would it be impossible?

Isnt that called a proxy??

[Darkshadow666]

is it Tor? I use tor and it works great.

[lovinit52]

I'm not naive enough to think that I couldn't be tracked if someone with the right authority wanted to, but just for my own knowledge I'd like to get something clarified.

I understand how the physical address of the building could be tracked, but anything beyond this is baffling to me.

Say i bring my laptop to somewhere with free wifi (library, coffee shop, university campus, etc.) out of the 100 people on the wireless network at the time, how does it get tracked to me?

[Random]

Quote:

Originally Posted by lovinit52

I'm not naive enough to think that I couldn't be tracked if someone with the right authority wanted to, but just for my own knowledge I'd like to get something clarified.

I understand how the physical address of the building could be tracked, but anything beyond this is baffling to me.

Say i bring my laptop to somewhere with free wifi (library, coffee shop, university campus, etc.) out of the 100 people on the wireless network at the time, how does it get tracked to me?

You will have to connect to the wireless network with a wireless network interface card. Every network interface card has a "unique" identifier - your transmissions across a local network (such as the wireless network you described) will be tagged with your MAC address (the unique identifier), rather than your IP address. Your IP address will be logged alongside your MAC address on the wireless router's records.

Joining a free anonymous local network like the one you have described makes it much harder to be identified, but far from impossible...

[Darkshadow666]

If you live in a densely populated area, you could get onto various other people's wifi and keep switching networks every few minutes.

[Paranoid Ecstasy]

If you truely didn't want to be found, you should just use a library computer.

[Random]

Quote:

Originally Posted by Paranoid Ecstasy

If you truely didn't want to be found, you should just use a library computer.

And then authorities match the MAC address of the internet access with that of the computer you used, and connect the time of access with whom the cameras or library staff reported seeing using that particular computer at that time.

There will always be a trail.

[paininvmuthafuckinass]

Wifi+JAP or VPN (obviosuly of someone you KNOW isn't a rat)+spoofed MAC address+reset BIOS= win

[jbockmon]

(for advanced computer users only, I'm not responsible for what u do with this info)

this is what i would do for ALMOST complete anonymity on the internet

Buy a computer at a flea market or a place that sell computers in cash only with no camera's.

Use the MacChanger program so that the MAC can't be traced back to me

Set up TOR, which stands for The Union Router. (what TOR does is sends your data to other computers in different countries so that if a government agency ever tried to subpoena any logs they would be ripping there hair out talking with the Chines Government or some other foreign country)

If you live in the suburbs than finding a wifi with no security or easily crackable WEP shouldn't be that hard (or if you want just use ur own internet connection if u trust TOR enough)

Now you can do what you want with ALMOST complete anonymity. Make an ATM in Bumsville, Idaho spit out $700 into the street or download the Windows source code just don't blame me and don't do anything stupid

[jbockmon]

Quote:

Originally Posted by 666courtney

It's Onion routing.

Do'h I'm real good with typos

Quote:

Trust is how people get caught.

very true

Quote:

And screwing with banks is how the rest of the "black hat" hackers get caught.

I was referencing the 1995 film Hackers (i can't believe you didn't catch that)

[kikthecan]

park your car outside starbucks.
stay a night at a hotel.
drive down the street until you get a connection.

Really not that hard unless you're too damn lazy to go outside.

[jbockmon]

Quote:

Originally Posted by kikthecan

park your car outside starbucks.
stay a night at a hotel.
drive down the street until you get a connection.

Really not that hard unless you're too damn lazy to go outside.

What about your IP address they will be able to log it. Then the get your MAC address and then they will find the manufacture of the computer ur using and get you home address and all of your information and then our in jail for 6 month lol

[LizzyReikoZ]

Well first off don't do anything really stupid on your own computer, but if you're not hacking anything important to the government, a proxy server in a country like Iran would make things more trouble than it's worth to track you down. The idea of driving by and using random people's networks is excellent, but can cause suspicion, being you're the only one parked outside with a laptop. Thankfully, in large cities, there are multiple networks close enough to your home for you to switch off every once and a while.

[squat251]

Quote:

Originally Posted by LizzyReikoZ

a proxy server in a country like Iran would make things more trouble than it's worth to track you down.

you can stop pushing the idea of using an proxy in iran or any other foreign country...its the dumbest thing i have heard anyone who claims to know what they are talking about say, in a very long time.

first, iran puts limits on the internet, so you cant do nearly as much as you wanted to do.

second, since 911 the feds are looking at connections made to the middle east, for obvious reasons, and would watch everything you did with your false security. incase you dont understand what that means, ANY crime you commit online will immediately be seen by gov't agents, who probably have already traced your IP to where ever you are.

third, why iran? and not, say mexico? thats a non-extraditional (please excuse my spelling) country, so anything done there would be anonymous, right? if your answering no of course not, then your absolutely correct the US will find a way to get any info they need especially if they know you connected to the proxy, and would thus just track all connections out of that proxy pinning any crimes to you, then after searching your HDD they find that you did indeed commit the crimes and prosecute as such. your an imbacile for offering that as a way to get around being caught, and i hope anyone who follows that advice is caught and gets thier balls cut from them (or appropriate anatomical part) for being that stupid.

[LizzyReikoZ]

That isn't for doing REALLY bad things online... but if it's just the local cops that have to try and find you, they'll see an IP from another country and not be able to find anything, so it will end up in a cold case pile somewhere.

The BEST thing to do would be to use multiple wifi networks and proxy servers in lots of different countries. It would take forever to track you down, then just change your MAC address a lot too.

[midsman]

Hi all, new here but have been reading for a while. There are clearly some clever buggers out there at Bombshock!!

The reason I thought I'd chip my first post in on this subject is that I used to work for a company that was scammed out of nearly £1600 (about $3000) over a 12 month period a couple of years ago using the method below.

He eventually got caught as he was videoed outside a train station using cracked WIFI. By the time he was caught the Police reckoned he had made over £1.1 million (about $2 million) by buying fairly low value electronic equipment and selling it on.

Firstly, he had accessed (cracked) the local councils homing database and had a full list of all empty properties.

Secondly, he had multiple fake ID's which he used to set up multiple Paypal accounts. He made sure that none of the purchases ever exceeded the limit at which Paypal required verification. I think at that time it was about £200.00 ($380) and obvioulsy used multiple Paypal accounts per day.

Thirdly, he would buy laptops from small computer outlets, always minimum spec but with Wi-Fi. Not sure about the US but you can buy a decent WI-Fi enabled laptop for around £200 here, or, beleive it or not, get one FREE if you sign up for 3G services (with fake ID, obviously)

So, here's how he did it

He would go and buy a laptop for cash, giving a fake name and address to the (small) retailer he had bought it from. He would always have a few days beard growth, wear a baseball cap etc just in case of CCTV. Apparently he would go to 5 or 6 different outlets in a day and buy 5 or 6 laptops.

He would then travel to places that had free Wi-FI and order several items from multiple web sites using his multiple faked Pay Pal accounts. He would put the delivery address as one of the empty council houses that he had gotten the address for by hacking the Council database. He would then get rid of the laptop completely (never found out where). Think about it. £200 laptop, £1000 - £2000 worth of goods, it's worth getting rid of it.

He would then break into the empty house or flat (apartment for our American Cousins) 3 or 4 days later. Find all of the couriers "we tried to deliver but couldn't, please collect parcel from.........) and then turn up at the couriers Depot with the "we tried to deliver" note and collect the item. I assume he made sure that items that were delivered at the same time were never sent by the same courier.

He would then sell the item.

Although he ripped my old employer off (who was actually a good guy) I did actually think "clever b*stard" and hade a grudging respect for him. Obviously his mistake was using a place where CCTV was everywhere (they are after the Tube bombings, especially by Rail Stations).

I don't know the ins and outs of how they actually related his car to the crime, but I would imagine a guy sitting in his car using a laptop on CCTV at the exact time an order was placed probably did it.

So, there you go, an almost perfect way to do it as long as you are careful.