In the first part of this series we had a closer look at the basic precondition how an attacker prepares his own computer to eliminate telltale traces when surfing the Internet. In this second part we will go into the details how they connect to the Internet anonymously without leaving a betraying IP address which would reveal their identity.

1. Anonymizing proxies

Reasons why attackers work from home is laziness and the desire for comfort. The means that offer the regular Internet user anonymity and privacy are also quite convenient for people with malicious  intentions. Anonymizing services like TOR or I2P are popular among people who want to protect their privacy. And so do the hackers. They profit from these anonymizing services too which allows them doing their business from home with low risk being traced back.

2. The phone booth

There were times, many years ago at about 1993, where acoustic couplers were still in use and often found as a part in the service technicians equipment box.When connecting to the Internet or an other dial-up computer from home the home modem was the first choice. They replaced the acoustic couplers from the home offices and urged them into their niche. An acoustic coupler allows to connect to the Internet by putting it to a regular telephone jack and establishing a modem connection to an ISP (Internet Service Provider). By using an acoustic coupler from a phone booth, a place where the phone number is not related with the caller, the identity of the user can not be determined. This is an ideal way for an attacker to protect his identity.

But public phone booths are everything else but anonymous. At least concerning the physical presence and when other people are watching someone with half his home computer equipment installation inside the booth people get curious what is going on inside. This method requires some previous precautions to ensure none takes note of the attackers presence and his activities what makes it to a rather uncomfortable method.

3. Accessible telephone switch box

When walking through the neighbourhood and having a closer look at the buildings you can see the boxes from the telcos electric installations fixed on the outside wall or just somewhere close to the building. If you open these boxes you find the telephone copper wire pairs. One pair for each apartment. When connecting the internal laptop modem to these wire pairs an attacker gets a carrier signal that is ready to use. But as with the the phone booth the physical presence poses a big obstacle to an attacker that he has to overcome first. A person standing with a laptop on a switch box is quite suspicious and will attract peoples attention. Exactly the opposite of his planned goal, to stay anonymous.

4. Neighbouring wireless LANs

Internet access is available in almost every household in industrialized countries and if one is not living in a remote place somewhere up in the mountains, at least one of the neighbours has an Internet access and a router with the wireless access point activated. In the small village where I live when walking around my house and searching for WLANs there are at least 10 of them. So availability shouldn’t be a problem nowadays but rather whether the access points have activated protection mechanisms. But even if these mechanisms are activated the days where WEP stopped people from using other persons WLAN actually never existed. And also using WPA or WPA2 can’t protect from every attack and with more or less effort also these obstacles can be overcome. For further information how to crack WEP/WPA have a look at this document.

Using a neighbours wireless LAN alone to access the Internet is not really effective to hide ones identity. If a notorious hacker is living next to a person with no previous conviction and he is now blamed for unleashing malware because his IP address was found in the log files it is more likely the hacker is a suspect considering the neighbour has a weakly protected access point at home. Using a neighbours open wireless LAN is a weak layer of protection when attacking a system and probably preferred by people that don’t want to pay for Internet access but want to use it anyway.

5. Using wireless LANs

Instead of using the neighbours WLAN access point it is safer to use a WLAN outside the own town. Sitting in the car, driving through the quarters and scanning for open or weakly protected wireless LANs is a promising tactic to get anonymous access to the Internet. And it eliminates the drawback from the previous example not attracting the attention to the area where the attacker is living.

6. Public Internet access

As a last possibility how to access the Internet anonymously is via publicly accessible Internet spots. The time where Internet access was available in the typical Internet Cafes or in shops where they offered their access to the public are actually over. Mainly tourists who want to write the friends in their countries how life is abroad are ready to pay that money. Internet cafes are rare but still exist and in towns at train stations or airports phone booths with integrated Internet surf stations are available.
Depending on the goal an attacker wants to achieve, a Internet phone booth is safe and comfortable enough to surf and hack via the web browser. To unleash malware a computer is required that allows to read your portable data storage. The attacker copies the malware on the computer and spreads it from there.

tags: Anonymity, Hacker