Internet privacy and security course
About translation
Previous Next

Chapter 96

How do they figure you out by IP address

Imagine the situation that you have got the IP-address of the user in your hands and your task is to find out their identity. There is a lot of information on the Internet on this subject, most of which has doubtful effectiveness and value, and some authors even believe that this is impossible. But it is possible, and I will show you how to do it.

  To start to establishing the owner of the IP address it is necessary to do it with a simple check of IP information that can be performed on this site. It is important for us to understand whether this is the true IP address of the target or some tools to hide it are used. If the IP address belongs to the hosting provider or the Tor-network, then we have a server behind which the user is hiding.

Here is an example of the IP address of the user using the VPN. The server belongs to the hosting company Digital Ocean, in which the server with this IP was rented by the owner of the Browsec VPN service, then giving access to the client.

ip

As part of the course, we will teach you more complex ways to check, such as analyzing open ports, ASN, or two-way ping, which can give an exact answer about using a proxy, VPN or Tor to hide an IP address. But for a basic check, it is enough to determine the Internet provider and the country of the IP address.

  It is important that the person interested in it does not use means of hiding the real IP address. Deanonymizing proxy, VPN and Tor users is possible, but it is much more difficult and often it requires an attack on third-party channels. For example, a timing attack using a messenger allows you to identify even an advanced paranoid, not getting out of the Tor-network.

Here is the IP address that belongs to a regular internet provider.

  If the IP address belongs to an internet provider, you need to find out who this IP address was provided to. This data is only available from an Internet provider, to whom law enforcement agencies send an official request and receive information, while hackers order the data hacking it from the black market. If there are significant finances, they contact private detectives; detective agencies can provide such information.

If the Internet provider reports that the IP address was used by a private client in a block of flats at the time of interest, it may seem that success is near, as the contractor’s data will indicate the client who signed it. But do not forget that the IP address, as a rule, is tied to a Wi-Fi router, through which all apartment residents can connect to the network.

In addition, neighbors often break Wi-Fi points nearby to access free internet. I strongly recommend that you check your home Wi-Fi for the presence of uninvited guests. Wi-Fi devices are usually poorly protected by owners and rarely updated, that is why not only neighbors but hackers hack them, using compromised Wi-Fi as a VPN or proxy. Consequently, there is a possibility that the wanted user of the IP address does not live in the apartment where the Wi-Fi router is located.

  Wi-Fi users can be identified more precisely at a specific moment by accessing the router by physically hacking it or remotely. Many routers save information about who connected in one or another period of time. However, this method allows you to get only the MAC address of the device and is usually used when conducting forensic analysis.

First of all, the criminologist receives the MAC addresses of the devices of all the dwellers of the apartment, and then, using the data from the router, checks which device was connected to it at one time or another. Not all Wi-Fi routers save this data, besides having access to devices, you can carry out their forensic analysis and not bother yourself with the router.

If the Wi-Fi router was in a public place, for example, in a cafe, law enforcement agencies usually withdraw surveillance camera recordings and check through a request to the cellular operator which subscribers were in the designated square at that time. You can also get data from the mobile operator on Darknet, but the intelligence services of a number of countries have broader opportunities, they can withdraw the router, get the MAC address and add it to the MAC address search system.

Such systems are located in the centers of many large cities, the essence of their work is simple, they monitor the MAC addresses of devices in a certain radius and as soon as they find the device, they are looking for, they alarm. If a criminal whose MAC address is known will sit down somewhere in a park or cafe and open a laptop, within a few seconds, the system will detect it, if, of course, there is a similar system in this place.

As you could understand from the text above, using a VPN, Tor or proxy can be a barrier for malefactors and protect not only from establishing your access point to the network, but also from a direct attack on your Wi-Fi router. However, not everything is so simple, in the chapter on deanonymization of VPN users, I’ll tell the story how frauds sent a request to the VPN service, posing as employees of the anti-drug department, and the VPN service gave them the real IP address and other client data. The owner of the service thought that he helped in the fight against drugs, and eventually gave out the data of a law-abiding client who became victims.

Previous
4877
Next