Chasing down cybercrooks in the deep web
More and more people are opting for best VPN services in order to protect their privacy and anonymity online. One of the common motivations for doing so is to unlock geo-restricted websites. However, some people want to hide their misdoings. Meanwhile, a lot of users are sure that VPN provides complete online anonymity. This is a misconception, and I’m going to tell you why.
VPN was never intended for anonymity. Although security and anonymity belong to the same domain, they aren’t identical. The objective of VPN is to create an encrypted channel between the client and the server. At this point, there is only one secure VPN technology -- OpenVPN using TLS protocol version 1.2. The others are known to have been compromised.
Just like the average network resource, any VPN tool consists of three layers:
- It’s a physical or logical server; in other words, a machine.
- The VPN technology proper.
- It’s an IP address used by the service.
Speaking of IP addresses and event logs, it doesn’t matter whether a VPN maintains logs as long as it’s a VPN of your own. The IP addresses of any third-party VPN service, for instance, one offered by a hosting provider, are that provider’s property. All the other parties simply rent it.
No provider will ever disable event logs. Firstly, otherwise, it won’t comply with telecommunications licensing criteria. Secondly, logs facilitate troubleshooting and network maintenance while also helping detect network attacks.
Consequently, bear the following in mind: even if you disable event logs at the VPN server level, your provider will keep them anyway.
What is the fundamental difference between a public and private VPN server?
By analyzing logs, your provider can retrieve details on the IP address, port, and the protocol used to secure your communication. That’s it. They won’t be able to see anything else.
At the level of the VPN server proper as a data transmission entity, it’s possible to enable the traffic interception system. In other words, any perpetrator can open the VPN service and sniff network traffic. This, in its turn, allows cybercrooks to intercept data on cryptocurrency wallets, personal chats, emails --everything, except for the information protected with SSL or TLS encryption.
If you run a private server you can avoid the above issues, because it’s you who created it and therefore you know what’s inside it. Consequently, the only secure resource is one that we have complete (root) access to.
Now, let’s dwell on the location of servers. There is an opinion that you can choose a VPN server in Panama or Qatar -- and you’re good to go. That’s a half-truth, though. Why? Because official inquiries are more powerful than you could ever imagine.
Let’s see how secret services work with the above-mentioned Panama. This country never gives away any information to anyone. Except for the U.S. law enforcement.
So, your country’s secret services submit an inquiry to the Interpol, indicate an IP address and mention that the case has to do with terrorism. Interpol forwards this inquiry to a corresponding U.S. law enforcement agency, which then submits it further to Panama. The response follows a reverse order to get back to the original sender.
The same applies to Qatar, except that the inquiry goes to Saudi Arabia. Long story short, they’ll find you anyway if they really want to.
Machines cannot replace the good old police investigation. As soon as sleuths spot real-world drug trafficking activity, they start looking for clues online. Surveillance and undercover operations help determine where the real and virtual worlds meet. For instance, Ross Ulbricht’s arrest in 2013 took place when he used public Wi-Fi, which co-occurred with the Silk Road admin’s appearance online.
Retrieving data from open sources
Drug dealers use their thoroughly camouflaged sites only as web stores but look for clients on publicly accessible networks. This makes them much more vulnerable. The law obliges the owners of regular Internet services to provide the police with any user information they request. For example, five Reddit forum users who discussed the sale of prohibited goods via r/darknetmarkets were apprehended after Reddit administrators gave away their contact details. The above-mentioned Ulbricht had also left his real email address here and there while doing his Silk Road related shenanigans.
Law enforcement agencies cooperate with postal services in order to inspect suspicious packages. Police officers can also obtain the tracking code of any package like that in order to hunt down the recipient.
Big data and machine learning
The police can leverage big data to unearth connections that otherwise cannot be identified. They analyze IP addresses and various types of information posted online, drawing logical conclusions and teaching artificial intelligence to do the same. This is an expensive and complex system, but it definitely pays off in the long run.
Chasing the money
Although the Bitcoin cryptocurrency boasts a high degree of anonymity, its weak link is the trading ecosystem. The police can request information from Bitcoin exchanges on who completed specific deals and when. To this end, law enforcement can also cooperate with banks.
The service called Elliptic is one of the most popular solutions in terms of monitoring illegal Bitcoin turnover. This project collaborates with financial institutions and law enforcement agencies.
Undercover cops often gain the trust of darknet website administrators and also pretend to be sellers as well as retail and wholesale buyers.
The police and the FBI can use modified software to identify deep web users. For example, that’s exactly how a major darknet forum was exposed -- FBI officers injected a vulnerability in it that exfiltrated users’ IP addresses to the Bureau’s server.
In practice, the anonymity of deep web users tends to be overstated. Malicious actors usually stay on the loose until law enforcement agencies start adopting countermeasures, some of which are based on classic investigation techniques rather than cutting-edge machine learning technologies.
David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking. As part of his work at Privacy-PC, Mr. Balaban has interviewed such security celebrities as Dave Kennedy, Jay Jacobs and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.