If hackers use VPN’s how do hackers get caught?
Read for example a story of a very cautious man, that got caught many years later after making a mistake of reusing some account name in a forum which traced back to his illegal activities. Ross Ulbricht and a Silk Road story.
VPN won’t prevent you from disclosing your identity.
By doing other things that are not protected by VPN, or by having the VPN logs handed to law enforcement when they ask for them.
There’s more to tracking than IP addresses. Digital footprints are left everywhere, think about browser agents, software fingerprints. Techniques used, tools used, the same spelling errors. Payment methods used, for vpns, sign up accounts etc. At some point they will make an operational error and reveal themselves just as most criminals do. Remember, big hacks take a long time to pull off which increases the chances of making mistakes.
In my experience they’re just over glorified proxies which slow u down, while 10x I get have proxies properly configured hitting at least 1k CPM ultra fast. Neither alone will properly fully mask u tho. an rotating IP address + a MAC address changer obfuscator help a lot
VPNs only protect from someone trying to sniff traffic while in transit. This can be defeated if it’s the only protection in place, kind of like a castle with walls on only one side.
If your data hygiene on the internet is lousy (using the same username/password everywhere, etc) then your VPN won’t protect your accounts from getting breached.
If you’re on wifi and your router uses an old encryption standard, someone could attempt to sniff the traffic before it gets encrypted.
If the place your traffic is going is insecure, it could get hacked that way, after it gets decrypted.
VPNs are nice, but unless you stand up your own VPN, I wouldn’t trust that your activity isn’t being logged. They also don’t make you invisible. Your ISP will be able to tell that you use a VPN, and probably even which provider you use.
They really only protect against the content of your traffic being intelligible as it goes along the wire. There’s always a lot more attack surface than just the stuff in transit.
Heres a good read. Don't use VPN services. · GitHub
Most VPN services log the traffic and with your user account you can easy get caught.
Better is to use proxys, best to use proxy chaining (connecting to many proxys in row). Most proxys are from private people and have no logs and even when no government really knows that. And when you use 5-10 proxys in row it’s even harder. But it’s still possible to catch someone.
you can catch hackers with stuff as strange as the language they use on forums. It’s bizarre but forensic linguistics is getting more widespread use with the advent of better ML.
Two answers.
-
using the wrong VPN.
-
timing attacks. If you’re a 5 eyes member, you just track packet in and packet out. If you’re a spook, correlation does equal causation.
Infiltration, Undercover sting operations and good old-fashioned police-work. Drug dealers and other criminals need to trust clients to sell their wares. You can pose as a buyer, build up a reputation and then gain the trust of the bigger fish in the network. Once you understand the network, you need to bust some mid-level operatives and get them to turn evidence. It works the same way in all organized crime investigations.
-
main ways:
-
Via a weakness in the VPN. If the VPN is not coded well, it can leak the hackers info.
-
Warrants. Depending on jurisdiction and the logs the VPN company keeps, a police warrant for the VPN company can give them access to the hackers info. (While VPN ip addresses cant be traced to a soecific user easily, they are very easily traced to the VPN provider)
-
Good old fashioned police work. A VPN only hides your IP and encrypts your traffic. There is a lot of other evidence (both digital and physical) that a hacker can leave behind. For example, the creator of the silk road drug website wasnt found because police cracked his security but because they looked at every online post related to running a hidden website, tracked them all down, and eventually found one made by the silk road guy years prior. They then watched him every day and eventually tackled him in a public library after he logged into the drug website. Hackers are often digital security experts, but rarely experienced criminals or experts in police investigations.
Sometimes key words or actions they do can tip it off.
For example someone may have disclosed a Microsoft 0 day to only Microsoft and explained how they did it. If someone did that and no one else knew about the 0 day it would directly point to them.
Some are things such as emails for ransom notes, ways they type, etc etc
Why do you need VPN when you can route your network with whonix gateway?
Footprints…unfortunately
But VPN’s like Nord don’t keep logs, right? So how can someone ask for something that doesn’t exist?
2 years too late, but this is an outstanding answer. Thanks for taking the time to write this.
you just track packet in and packet out. If you’re a spook, correlation does equal causation.
Can you explain a little more what you mean by this? Even if there are a lot of packets going out at 1 time, that’s still not enough evidence to prove X is the hacker.
Very naive assumption/belief.
If they are required by local law to keep Logs, they’ll keep Logs or be shut down by the authority.
You time it all, and see what patterns correlate. VPNs don’t pad out packets and don’t fill the silence with meaningless noise packets. If they can communicate with you, they can find you. Send you a series of IMs at a very specific intervals, match the pattern. Downloading from a server they’ve compromised? They can put a very specific delay in the packets. They don’t need to compromise the server, they can insert themselves in between you and a server you’re connecting to, and screw with the buffer to create a pattern, they don’t need to touch the payload, just have the FIFO buffer let packets out in a pattern.
Consider this ASCII art diagram. @ is an VPN packet between you and the VPN server, % is unencrypted, between the VPN and the public server, and . is no packet.
…%…%…%…%…%…%…%…%…%…%…%…%
…@…@…@…@…@…@…@…@…@…@…@…@
It makes a pattern, match up the pattern, and you’ve got your guy, without ever breaking your VPN.