206 lines
11 KiB
Plaintext
206 lines
11 KiB
Plaintext
Virtual Espionage
|
|
A guide to doing it and protecting yourself from it
|
|
|
|
By: The Mob Boss
|
|
|
|
Espionage is something that goes on everyday. No I am not
|
|
talking about the movies and I am not talking about the
|
|
bullshit you see on your local news. I am talking about the
|
|
information gathering that goes on every day, specifically
|
|
the kind that goes on the vast world we call the internet.
|
|
Lets face it the net and phone network has become something
|
|
of virtual world. It's a place where shopping, work,
|
|
communication, and leisure occurs on a day to day basis. If
|
|
you think about it, this creation of a new world was
|
|
inevitable with hundreds of people from all over the world
|
|
discovering it for the first time each day. With some much
|
|
information on one network is it that bizarre to think that
|
|
someone might want to gather more information then they were
|
|
meant to know. To want to find out information about someone
|
|
else on that vast network is not so strange when you
|
|
consider the many people who LIVE on IRC and other means of
|
|
communication. Not to mention with so much money flowing
|
|
through those phone and cable lines, its obvious someone
|
|
might want to steal it. Now it's nothing to be paranoid about
|
|
and its not something to avoid the web over, its just
|
|
something to be aware of. For instance how do you know
|
|
someone you pissed of on IRC is spying on you? How do you
|
|
know some law enforcement agency is not monitoring a channel
|
|
or newsgroup you frequent? Well that's what this article is
|
|
about so if you still interested keep on reading.
|
|
Ok so you understand there are prying eyes and ears out
|
|
there so what kind of precautions do you plan to take? That
|
|
depends on what kind of things you do online. For instance
|
|
if you are some sort of holy man online then I doubt the
|
|
government is concerned with you. But let's consider you
|
|
someone who thinks freely and does things that might be
|
|
somewhat questionable, then you might want to consider
|
|
watching yourself. First step to becoming anonymous on the
|
|
web is thinking about what forms of identification there are
|
|
to tell who you really are. In real life that may be your
|
|
drivers license, fingerprint, or signature. Online though,
|
|
your IP, email address, and most importantly your phone
|
|
number will lead back to you. The key is learning how to
|
|
bypass that. For instance your IP address is left whenever
|
|
you visit a page, whenever you sign on to chat, when ever
|
|
you post to a discussion group. So what can you do about
|
|
that you ask? You can bounce your IP. Something we can use
|
|
to achieve this is proxies and wingates. Now although it
|
|
seems simple enough most people don't go through the trouble
|
|
of doing this for everyday things. I suggest that if you
|
|
have two web browsers, that at least one of those should
|
|
have an http proxy setup on it. So it slows you down a
|
|
little, no big deal, good things come to those who wait.
|
|
Here's a freebie proxy which will probably go dead as soon as
|
|
I release this, proxy.escape.ca:3128, now that should be
|
|
placed in your preferences under proxies. Read the help file
|
|
for your browser to see the specifics on how to specify your
|
|
proxy. Most HTTP proxies run on either 8080 or 3128 so if
|
|
that one goes dead just fire up nmap or your favorite
|
|
scanner and look for IP's connecting on those ports. Now for
|
|
you IRC chatting you have the option of either using a
|
|
wingate, which is something like a proxy that connects on
|
|
port 23 and identifies itself by the "wingate>" prompt, or
|
|
you can use an IRC proxy, which will probably be easier,
|
|
especially if you are using some sort of mIRC. I personally
|
|
like wingates when I use BitchX and proxies for when I use
|
|
mIRC. That's my personal opinion but feel free to form your
|
|
own thoughts. Now if you don't already know how to use a
|
|
wingate there are plenty of good texts out there on it. One
|
|
I strongly recommend is by a friend of mine Alphavers, I
|
|
don't know exactly remember the name but you can obtain it
|
|
directly from him on Undernet #ANSI, he's on there all day,
|
|
seven days a week. As for IRC proxies I am not going to give
|
|
a freebie of this because I don't have more then two at the
|
|
moment myself, I will say though they run on port 1080
|
|
(socks proxy) so like I said earlier fire up that IP
|
|
scanner. You can also use a proxy to telnet, FTP, and even
|
|
send mail by directly connecting to the smtp port (25). As I
|
|
suggested earlier read up on wingates. If you would like to
|
|
see a wingate for yourself you can always find the ones that
|
|
were g-lined on IRC by giving the "/stat g" command, just
|
|
look for exploitable wingate or too many connections and
|
|
telnet to it. Most likely you will be sitting at the wingate
|
|
prompt. Now that you are protecting your IP, what are you
|
|
doing about giving information under your own free will? One
|
|
thing that a lot of people do which is very, very, stupid is
|
|
having their full name on their email address. If you do
|
|
then its a good idea to keep that email address private and
|
|
open up a free web-based email address such as one available
|
|
at http://mail.yahoo.com or www.hotmail.com and use fake
|
|
info only providing your internet handle. So now using a
|
|
http proxy and an email address with fake info, you know
|
|
have become somewhat anonymous because those headers will
|
|
automatically show the IP of your proxy rather then yours
|
|
when you send an email. Now another thing to consider is
|
|
what you say online. Posting to some sex newsgroup and then
|
|
using the same email address on Usenet to get involved in
|
|
something else is probably a bad idea because those records
|
|
of where you post are available to the public through
|
|
www.dejanews.com and will probably be dug up. Also what do
|
|
you tell people about yourself. Do you mention your real
|
|
name to people? Do you tell people where you work or talk
|
|
about your family? All those things can be used against you.
|
|
Someone following you around in chat may be able to gather
|
|
quite an extensive amount of information about you. Keeping
|
|
your mouth shut may be something that comes hard at first
|
|
but will definitely be worthwhile in the long run. You don't
|
|
have to make like the dumb guard from Hogan's Heroes and do
|
|
the "I know nothing" routine but being somewhat vague is
|
|
definitely something smart. You don't want to make others
|
|
suspicious of you but keeping your information private is
|
|
what is the number one priority. Keep an eye out to see if a
|
|
certain nick keeps popping up in the same channel or chat
|
|
room you are in. Using the same street smarts you would use
|
|
in real life are just as important on the net.
|
|
Now that you know how to protect yourself its time to
|
|
learn how to go on the offensive. How to become on the
|
|
virtual James Bond. Most likely it won't be that exciting
|
|
but it may come in handy. Lets start off by sizing up the
|
|
target. Who is he? What does he do online? What is it we
|
|
want to know or achieve? Once you have questioned your
|
|
motives you are ready to begin. Setting up a dossier on the
|
|
person is the first step. You should begin to note
|
|
everything you already know about the person such as their
|
|
handle, email address, ISP, and anything else you know off
|
|
the top of the head. Secondly find out where they hang out
|
|
and what handle do they go by. Frequent the places they go
|
|
and follow them if you can but don't make the person
|
|
suspicious or you will fuck up your whole operation. Note
|
|
who their friends are. If you can get the persons AIM screen
|
|
name, Yahoo Pager handle, or ICQ number by all means add
|
|
them by using any excuse you can or don't give an excuse. If
|
|
questioned by the person ignoring them might be the best
|
|
bet. Getting to know their patterns for coming online is a
|
|
good idea so you can know when to expect them. Now by doing
|
|
all this you are putting yourself in a position to be able to
|
|
spy on them and even clone their online identity. Posing as
|
|
someone who uses AOL as his or her ISP would definitely be easy
|
|
because those accounts are not too difficult to get. Noting
|
|
their ident on IRC is also a good idea if you ever plan to
|
|
try to snatch information by posing as them. Now I highly
|
|
recommend you do the background work before you try that so
|
|
that you don't screw up and blow your cover. Now after you
|
|
have done that its time to give yourself a new identity and
|
|
try to get close to them. Now if the person is usually very
|
|
friendly then it shouldn't be too hard. Hang around where
|
|
they do under your new identity which should be from a
|
|
forged IP, a free email account with bogus info, and
|
|
anything else someone online might have a like ICQ. Get to
|
|
know the person and add to the conversations. Make friends
|
|
with the person, never hinting who you are. Your own
|
|
boasting is what might get you in trouble as it always seems
|
|
to do it to everyone. Now for instance if this person is
|
|
into h/p sharing some good info that you know they would be
|
|
interested is something that you should attempt. If you
|
|
share enough real info with them they may trust you enough
|
|
so that you can slip them a trojan if you feel the need. Now
|
|
I am in NO way advocating the use of trojan's but if you must
|
|
you must to obtain your goal then use your best judgement
|
|
and let it be on your head. By this time you should have
|
|
already checked their computer by scanning it, seeing what
|
|
operating system they use as well as any security breaches
|
|
may be possible on it. Use your creativity and you will be
|
|
fine. Gaining their trust is something that should not be
|
|
rushed, if you do then its highly likely that you will fail
|
|
in your motives.
|
|
That's it for this article, I know this is a little
|
|
different from my usual articles but I think its something
|
|
everyone on h/p scene should be aware of since I have seen
|
|
this on many notes throughout my career and felt it should
|
|
be addressed.
|
|
|
|
-The Mob Boss; http://mobboss.dragx.cx
|
|
Voice mail and fax: 1-877-203-3043
|
|
|
|
Edited by Glock
|
|
_____________________
|
|
/ * BBS LIST * /|
|
|
/____________________/ |
|
|
| |M |
|
|
| The Sacrifial Lamb|O |
|
|
| english.gh0st.net |B |
|
|
| | |
|
|
| Ripco BBS |B |
|
|
| ripco2.ripco.com |O |
|
|
| |S |
|
|
| The NorthLand |S |
|
|
| Underground BBS | |
|
|
| nub.dhs.org | |
|
|
| | |
|
|
| L0pht BBS | |
|
|
| bbs.l0pht.com | /
|
|
|___________________|/
|
|
|
|
This has been a publication written by THE MOB BOSS;
|
|
He is in no way responsible for the accuracy or results from the use of info in this article.
|
|
Anything done is totally done at the users discretion.
|
|
THE MOB BOSS in no way or form supports, aids, or participates
|
|
in the act of criminal hacking or phreaking.
|
|
Any ideas, beliefs, and information gathered in all publications published by THE MOB BOSS
|
|
are strictly for informational purposes only.
|
|
|
|
THE MOB BOSS (c) 1999 all rights reserved
|
|
|
|
|