Virtual Espionage A guide to doing it and protecting yourself from it By: The Mob Boss Espionage is something that goes on everyday. No I am not talking about the movies and I am not talking about the bullshit you see on your local news. I am talking about the information gathering that goes on every day, specifically the kind that goes on the vast world we call the internet. Lets face it the net and phone network has become something of virtual world. It's a place where shopping, work, communication, and leisure occurs on a day to day basis. If you think about it, this creation of a new world was inevitable with hundreds of people from all over the world discovering it for the first time each day. With some much information on one network is it that bizarre to think that someone might want to gather more information then they were meant to know. To want to find out information about someone else on that vast network is not so strange when you consider the many people who LIVE on IRC and other means of communication. Not to mention with so much money flowing through those phone and cable lines, its obvious someone might want to steal it. Now it's nothing to be paranoid about and its not something to avoid the web over, its just something to be aware of. For instance how do you know someone you pissed of on IRC is spying on you? How do you know some law enforcement agency is not monitoring a channel or newsgroup you frequent? Well that's what this article is about so if you still interested keep on reading. Ok so you understand there are prying eyes and ears out there so what kind of precautions do you plan to take? That depends on what kind of things you do online. For instance if you are some sort of holy man online then I doubt the government is concerned with you. But let's consider you someone who thinks freely and does things that might be somewhat questionable, then you might want to consider watching yourself. First step to becoming anonymous on the web is thinking about what forms of identification there are to tell who you really are. In real life that may be your drivers license, fingerprint, or signature. Online though, your IP, email address, and most importantly your phone number will lead back to you. The key is learning how to bypass that. For instance your IP address is left whenever you visit a page, whenever you sign on to chat, when ever you post to a discussion group. So what can you do about that you ask? You can bounce your IP. Something we can use to achieve this is proxies and wingates. Now although it seems simple enough most people don't go through the trouble of doing this for everyday things. I suggest that if you have two web browsers, that at least one of those should have an http proxy setup on it. So it slows you down a little, no big deal, good things come to those who wait. Here's a freebie proxy which will probably go dead as soon as I release this, proxy.escape.ca:3128, now that should be placed in your preferences under proxies. Read the help file for your browser to see the specifics on how to specify your proxy. Most HTTP proxies run on either 8080 or 3128 so if that one goes dead just fire up nmap or your favorite scanner and look for IP's connecting on those ports. Now for you IRC chatting you have the option of either using a wingate, which is something like a proxy that connects on port 23 and identifies itself by the "wingate>" prompt, or you can use an IRC proxy, which will probably be easier, especially if you are using some sort of mIRC. I personally like wingates when I use BitchX and proxies for when I use mIRC. That's my personal opinion but feel free to form your own thoughts. Now if you don't already know how to use a wingate there are plenty of good texts out there on it. One I strongly recommend is by a friend of mine Alphavers, I don't know exactly remember the name but you can obtain it directly from him on Undernet #ANSI, he's on there all day, seven days a week. As for IRC proxies I am not going to give a freebie of this because I don't have more then two at the moment myself, I will say though they run on port 1080 (socks proxy) so like I said earlier fire up that IP scanner. You can also use a proxy to telnet, FTP, and even send mail by directly connecting to the smtp port (25). As I suggested earlier read up on wingates. If you would like to see a wingate for yourself you can always find the ones that were g-lined on IRC by giving the "/stat g" command, just look for exploitable wingate or too many connections and telnet to it. Most likely you will be sitting at the wingate prompt. Now that you are protecting your IP, what are you doing about giving information under your own free will? One thing that a lot of people do which is very, very, stupid is having their full name on their email address. If you do then its a good idea to keep that email address private and open up a free web-based email address such as one available at http://mail.yahoo.com or www.hotmail.com and use fake info only providing your internet handle. So now using a http proxy and an email address with fake info, you know have become somewhat anonymous because those headers will automatically show the IP of your proxy rather then yours when you send an email. Now another thing to consider is what you say online. Posting to some sex newsgroup and then using the same email address on Usenet to get involved in something else is probably a bad idea because those records of where you post are available to the public through www.dejanews.com and will probably be dug up. Also what do you tell people about yourself. Do you mention your real name to people? Do you tell people where you work or talk about your family? All those things can be used against you. Someone following you around in chat may be able to gather quite an extensive amount of information about you. Keeping your mouth shut may be something that comes hard at first but will definitely be worthwhile in the long run. You don't have to make like the dumb guard from Hogan's Heroes and do the "I know nothing" routine but being somewhat vague is definitely something smart. You don't want to make others suspicious of you but keeping your information private is what is the number one priority. Keep an eye out to see if a certain nick keeps popping up in the same channel or chat room you are in. Using the same street smarts you would use in real life are just as important on the net. Now that you know how to protect yourself its time to learn how to go on the offensive. How to become on the virtual James Bond. Most likely it won't be that exciting but it may come in handy. Lets start off by sizing up the target. Who is he? What does he do online? What is it we want to know or achieve? Once you have questioned your motives you are ready to begin. Setting up a dossier on the person is the first step. You should begin to note everything you already know about the person such as their handle, email address, ISP, and anything else you know off the top of the head. Secondly find out where they hang out and what handle do they go by. Frequent the places they go and follow them if you can but don't make the person suspicious or you will fuck up your whole operation. Note who their friends are. If you can get the persons AIM screen name, Yahoo Pager handle, or ICQ number by all means add them by using any excuse you can or don't give an excuse. If questioned by the person ignoring them might be the best bet. Getting to know their patterns for coming online is a good idea so you can know when to expect them. Now by doing all this you are putting yourself in a position to be able to spy on them and even clone their online identity. Posing as someone who uses AOL as his or her ISP would definitely be easy because those accounts are not too difficult to get. Noting their ident on IRC is also a good idea if you ever plan to try to snatch information by posing as them. Now I highly recommend you do the background work before you try that so that you don't screw up and blow your cover. Now after you have done that its time to give yourself a new identity and try to get close to them. Now if the person is usually very friendly then it shouldn't be too hard. Hang around where they do under your new identity which should be from a forged IP, a free email account with bogus info, and anything else someone online might have a like ICQ. Get to know the person and add to the conversations. Make friends with the person, never hinting who you are. Your own boasting is what might get you in trouble as it always seems to do it to everyone. Now for instance if this person is into h/p sharing some good info that you know they would be interested is something that you should attempt. If you share enough real info with them they may trust you enough so that you can slip them a trojan if you feel the need. Now I am in NO way advocating the use of trojan's but if you must you must to obtain your goal then use your best judgement and let it be on your head. By this time you should have already checked their computer by scanning it, seeing what operating system they use as well as any security breaches may be possible on it. Use your creativity and you will be fine. Gaining their trust is something that should not be rushed, if you do then its highly likely that you will fail in your motives. That's it for this article, I know this is a little different from my usual articles but I think its something everyone on h/p scene should be aware of since I have seen this on many notes throughout my career and felt it should be addressed. -The Mob Boss; http://mobboss.dragx.cx Voice mail and fax: 1-877-203-3043 Edited by Glock _____________________ / * BBS LIST * /| /____________________/ | | |M | | The Sacrifial Lamb|O | | english.gh0st.net |B | | | | | Ripco BBS |B | | ripco2.ripco.com |O | | |S | | The NorthLand |S | | Underground BBS | | | nub.dhs.org | | | | | | L0pht BBS | | | bbs.l0pht.com | / |___________________|/ This has been a publication written by THE MOB BOSS; He is in no way responsible for the accuracy or results from the use of info in this article. Anything done is totally done at the users discretion. THE MOB BOSS in no way or form supports, aids, or participates in the act of criminal hacking or phreaking. Any ideas, beliefs, and information gathered in all publications published by THE MOB BOSS are strictly for informational purposes only. THE MOB BOSS (c) 1999 all rights reserved