He is employed by a multi national to secure their system and is apparently a 'white hat' hacker.
Nice guy but a bit shy around women.
Is this BS????
- Thread starter mrsCALoki
- Start date
- Status
Nice guy but a bit shy around women.
I hope he's hacking your communication then. Because if it's anything else, he loses white hat status once he's caught. As a former white hat who keeps his certifications, I wouldn't do anything to prove I can like you claim. Instant violation of white hat ethics.He is employed by a multi national to secure their system and is apparently a 'white hat' hacker.
Nice guy but a bit shy around women.
You can even do this yourself to get an idea of the probable routers to most destination IPs by using a basic command called tracert (pronouced 'trace route'). It gives you a list of all the routers an ICMP packet (ping) had to go through to get to a destination.
Try for yourself - go to a command prompt and run tracert to www.google.com like this:
tracert www.google.com
It'll take a few seconds but you should get a list of the routers between your computer and www.google.com
If you run it a few times, you'll see that the routers don't change too much, if at all.
The last few routers on the list are the ones most likely to see most of the traffic going to the destination.
The final router should see all of the traffic that will end up at the destination.
Caveats:
- google uses round-robin dns for load balancing, but I wanted to choose something for you to try that would work well
- some destinations are firewalled for ICMP (ping) and you'll only get asterisks
Hope that's useful
Thanks, I know what a string is. But I don't sign emails. I also encrypt everything public so there are no strings to search. As for legality, think of packets as letter mail. I can open your mailbox and read the front of your mail. I see you have a letter from grandma, an offer for a new visa, a few sweepstakes entries and a letter from the government. I know that by looking at the outsides of your letters. I have no idea what the content of them is unless I open then. But it is illegal for me to open your mail without your permission.Clearly I do not, but I am learning.
LOL I probably am / will. It was worth it to see. And no it not just reading someones email.
It does not need to be the same email. Just a common string in each email. I bet you sign your emails? There is a common string. Emails were just an example. I will ask the legal question On Tuesday
The outside of the envelope is the header. It doesn't matter that one has a hue visa stamp and is addressed to "Resident", clearly spam, clearly the same letter I received, clearly the one available online to see...I still can't open it. I know the contents are public domain, but communication is protected by law. Likewise, I can extract your header, see who it's from and to, maybe even be able to tell it's Wikipedia sending your browser the article you asked for...I still can't open it. It's protected like your spam letter mail.
If you have access, you don't have to predict. The router is a computer. If A, it does B. if you have access to the routing table, you know exactly where data is going, no need to try and predict what's likely. But if you have the destination IP, it's probably easier to hack that then the commercial-grade, secured router.
Alternatively, you just spoof a computer to look like a router, send out a false routing table update to the routes in the network, then let all their data flow to you. Now you don't have to take per anything. Ideally, I put my computer into the network right before your destination, cutting it off from the network except through me, then route all data through me. Assuming I used an anonymous entry point, no one can ever track me down. Any unencrypted data I can instantly read. Anything encrypted I can start to try and crack, assuming I want that.
Accessimg routing tables isn't necessarily the solution to the complexities of intercepting data. Understanding what they are and how they work, however, is.
Probably not, just adjacently threatening to.
However I find it interesting that he/she claims to be so traumatized by my simple disproving the presence of an imaginary yacht and itinerary yet she went on to such great lengths to describe (in the public section of The Toronto Escort Review Board), that he/she continued to try to prove to FatOne the next day her St. Johns-Labrador-Ireland journey and further particularized it by giving a date of leaving St John's NF on June 28, 2012.
And that she claims to be "frightened" at the prospect that I am going to somehow board her imaginary ship out at sea where she is standing "watch" like some Somali pirate!
Now she has ostensibly taken an interest in hacking? She has looked for a hacker while at sea to packet sniff such that she has put "in the high four figures" on the line for a "white hat" hacker to prove he can intercept e-mail and chat traffic? What sort of person does that? Sorry, I already have drawn a conclusion so it is a rhetorical question. I'm happy for her to employ such a person as there is some schadenfruede in knowing that someone is going to golden fleece her for "in the high four figures". She can't go to the cops or a lawyer to claim she was ripped off in an criminal conspiracy to intercept private communications*!
And her whole understanding of law is so ridiculous! LOL.
She thinks some lawyer is going to draw up a civil suit, go to court to plead in front of a civil court Judge to enter an order on behalf of a supposed offshore British Citizen living a "gypsy lifestyle" who insists on remaining anonymous that she was "frightened" while on the high seas in international waters so (!) that TERB disgorge IP address' for a private sex board over a non-issue/vexatious action with no pecuniary damages? Then go to the ISP and order them to disclose their customer information over a ridiculous civil matter with with no damages nor risk of harm? LMAO!
FFS, the only result of that would be a lawyer being disbarred for taking the vexatious case and being ordered to donate his new Ferrari he bought from fleecing the client! And let's suppose she is a she and she does have this Loki guy trapped. How far do you think he is going to go to let her pursue her insane vendetta. Unless he is indeed she, he would have to be equally insane!
So now he/she is not satisfied that nobody (especially) me cares who he/she really is, where her imaginary boat is or where her fantasy is taking her and her newborn baby on the high seas. She wants vengeance! Anonymous vengeance!
What surprises me is why Fred allows the character to exist after she has threatened legal action, and now has posted asking details about how to hack and sniff packets to identify not just me, but any TERB user not prudent enough to use a VPN while on TERB? Aside from the slowdowns on TERB that are probably caused by do-gooder and n'er do well hackers screwing with TERB already. I suspect that his business would suffer if it became more widely known in the industry that there is a headcase stalker that is bound and determined to have TERB disclose their user IP addresses.
But personally, I'd rather she stay visible and keep posting her plans as it continues to add to the evidence of his/her craziness and allows anyone to take appropriate measures to protect themselves. This is as good as any time to realize what can happen on the internet with so many crazy people out there. And a great reminder not to divulge any personal information. Least of all the detailed biography created by the *Loki character(s).
TERB blocks many VPN IP's so you might have to look around a bit and try to find one that isn't And if you are really want to anonymize yourself, select a VPN provider that does not keep records. Many of them do keep records that can be subpeona'd. Here is a brief of some VPN's and their record keeping policies
*Criminal Code of Canada S184. (1) Every one who, by means of any electro-magnetic, acoustic, mechanical or other device, wilfully intercepts a private communication is guilty of an indictable offence and liable to imprisonment for a term not exceeding five years.
No more evidence needed. We all know the truth about Mr.Loco.
Great job shlong, giving Loco a nervous breakdown.:thumb:
I did not mean to talk down to you, I appreciate your help. I am just trying to not make assumptions and hope you will correct me if I am off.
Thank you, I am just wrapping my head around a new universe.
How can you encrypt everything public? I thought anything that went to anything other than another computer with the same encryption had to be sent open text?
Ok, so your belief / knowledge is that reading the header is by definition legal. And if the content are in the public domain searching on that string is also legal, right?
All the rerouting stuff sounds at best grey legal. But apparently just sitting watching the traffic entering one of the servers/hubs is very legal. It is also legal to record the headers of each packet that meets those criteria. I will have to check this all on Tuesday but t does sound viable
Next challenge is for me to understand VPN. As I understand it, they are either software or hardware that takes your communications, and then changes the header information and spits it out at another location, or the same location. Sort of like diving into a pipe in Detroit, and emerging with false papers and new clothing in Atlanta. And it works both ways. And only the people running the pipe know know who went in to it. Is that accurate for a layman discussion?
So if it is an accurate description, the process we are discussing pretty much would just track the header back to where ever the pipe popped the information out?
Ok so far so good. So once you had it traced, it becomes a more or less dead end. But if you can guess roughly where the origin is from, you can still pick up the trail from the personal computer to the VPN, (assuming it is not a hard ware VPN. That sounds oddly wrong to me. I sent a note asking for clarification but his answers are rather hard to understand.
What do you think?
Oh no, of course not. That would be rude and terrible.
I am just trying to find out how hard it would be to find me
Did you never wonder how secure your identity is?
Yes sadly I am very traumatized. And I shall be driven to seeing a very well reviewed therapist. Not much I can do except pay for the therapy.
when it comes to hacking i don't know as much as others. as for finding someone it is really not hard. if you are spending a day and a half of research on it you are looking in the wrong spots.Oh no, of course not. That would be rude and terrible.
I am just trying to find out how hard it would be to find me
Did you never wonder how secure your identity is?
Given enough (State security) reason and resources, the federal government can trace just about any online communication.
Local law enforcement is often able to unravel the source if given enough time to seek warrants, set up bait sites etc. Their resources are so limited though, that they pretty much stick to child porn cases. And even then, they only have enough manpower to catch a few percent of them. Try going to the cops with a tens of thousands dollar criminal fraud with tons of evidence including e-mail headers etc and you will be told "it is a civil matter" and told to get out ofthe station.
If you are worried about people who you send e-mails to, yes they can trace you by your detailed header showing the originating IP. Some webmail services like Gmail block this originating IP so nobody you email can trace it.
If you are worried about TERB, no. Other users can't see your IP address but Administrators can. TERB has huge reasons to keep that private and I'd suspect they would even fight a court order to protect the principle. Otherwise, the John's would never trust the site and flee.
Can YOU try to set up a packet sniffer to try to intercept the IP addresses that TERB takes active steps to keeps private to protect the expected privacy of its users?
No. It is a Criminal offence in Canada as is your efforts in furtherance of a conspiracy to do so.
184. (1) Every one who, by means of any electro-magnetic, acoustic, mechanical or other device, wilfully intercepts a private communication is guilty of an indictable offence and liable to imprisonment for a term not exceeding five years.
Marginal note:Saving provision
(2) Subsection (1) does not apply to
(a) a person who has the consent to intercept, express or implied, of the originator of the private communication or of the person intended by the originator thereof to receive it;
(b) a person who intercepts a private communication in accordance with an authorization or pursuant to section 184.4 or any person who in good faith aids in any way another person who the aiding person believes on reasonable grounds is acting with an authorization or pursuant to section 184.4;
(c) a person engaged in providing a telephone, telegraph or other communication service to the public who intercepts a private communication,
(i) if the interception is necessary for the purpose of providing the service,
(ii) in the course of service observing or random monitoring necessary for the purpose of mechanical or service quality control checks, or
(iii) if the interception is necessary to protect the person’s rights or property directly related to providing the service;
You can protect your privacy by the VPN you claimed in a previous thread you "needed to figure out how to turn off" from your Satellite iternet service. And your satellite service will appear on any IP headers as originiating from their main hub.
But you knew that part.
You just want to rattle my cage into thinking you are going to find a hacker or lawyer to identify me. As you can tell.. I'm shaking in my boots!
Local law enforcement is often able to unravel the source if given enough time to seek warrants, set up bait sites etc. Their resources are so limited though, that they pretty much stick to child porn cases. And even then, they only have enough manpower to catch a few percent of them. Try going to the cops with a tens of thousands dollar criminal fraud with tons of evidence including e-mail headers etc and you will be told "it is a civil matter" and told to get out ofthe station.
If you are worried about people who you send e-mails to, yes they can trace you by your detailed header showing the originating IP. Some webmail services like Gmail block this originating IP so nobody you email can trace it.
If you are worried about TERB, no. Other users can't see your IP address but Administrators can. TERB has huge reasons to keep that private and I'd suspect they would even fight a court order to protect the principle. Otherwise, the John's would never trust the site and flee.
Can YOU try to set up a packet sniffer to try to intercept the IP addresses that TERB takes active steps to keeps private to protect the expected privacy of its users?
No. It is a Criminal offence in Canada as is your efforts in furtherance of a conspiracy to do so.
184. (1) Every one who, by means of any electro-magnetic, acoustic, mechanical or other device, wilfully intercepts a private communication is guilty of an indictable offence and liable to imprisonment for a term not exceeding five years.
Marginal note:Saving provision
(2) Subsection (1) does not apply to
(a) a person who has the consent to intercept, express or implied, of the originator of the private communication or of the person intended by the originator thereof to receive it;
(b) a person who intercepts a private communication in accordance with an authorization or pursuant to section 184.4 or any person who in good faith aids in any way another person who the aiding person believes on reasonable grounds is acting with an authorization or pursuant to section 184.4;
(c) a person engaged in providing a telephone, telegraph or other communication service to the public who intercepts a private communication,
(i) if the interception is necessary for the purpose of providing the service,
(ii) in the course of service observing or random monitoring necessary for the purpose of mechanical or service quality control checks, or
(iii) if the interception is necessary to protect the person’s rights or property directly related to providing the service;
You can protect your privacy by the VPN you claimed in a previous thread you "needed to figure out how to turn off" from your Satellite iternet service. And your satellite service will appear on any IP headers as originiating from their main hub.
But you knew that part.
You just want to rattle my cage into thinking you are going to find a hacker or lawyer to identify me. As you can tell.. I'm shaking in my boots!
Perhaps
But I love learning new things. And I guess it is just a symptom of my having been traumatized.
And this Internet thing is fascinating.
No. Cryptography is a very complex thing. Somewhere on the other end, data needs to be unencrypted, that's true. I won't get in to how I go about securing my data, but suffice it to say a hacker can only see what I'm letting him see.
No. That's not at all what I said, the header is the outside of an envelope. It has to be public domain or no one would ever be allowed to deliver mail. The inside of the packet, regardless of the content, is protected, like the inside of your letter. Not legal. I can read the outside of your mail, I can't open it..even if I know it's junk mail. Likewise, I read the headers of your data, I can't read what's inside.
Not even grey legal, just illegal. The Rogers routers are owned by Rogers. Updating routing tables without their permission is highly illegal. Otherwise Poviders would keep screwing up the competitions routing tables to slow them down. Monitoring traffic on a network your aren't authorized to is also illegal. Imagine I had a device that would tell me what phone number you called. So I walk over to your house, clamp it onto your phone line, and collect all the numbers you call. I didn't listen to your private calls, but I still violated your privacy.All the rerouting stuff sounds at best grey legal. But apparently just sitting watching the traffic entering one of the servers/hubs is very legal. It is also legal to record the headers of each packet that meets those criteria. I will have to check this all on Tuesday but t does sound viable
VPN is encrypted two-communication. Yes, many VPN's allow you to use the destination computer as a gateway and route your interned traffic through it, many do not. But that has less to do with VPN's and more to do with network theory. If you have 2 computers at home, you network them through the router. A VPN is a way of making another computer or set of cokputers that's outside your network part of your network as if it was right there beside you plugged into that same router. That's all a VPN is. Yes, you can use that connection to tunnel out if it is configured to do that, but that's not part of the VPN, that's just part of networking.
Depends on the header. If you intercept the packet between the local network and the remote one (while it's in the VPN tunnel), it can only lead you to those two networks. If the VPN is being used to obfuscate your connection and you catch packets between the VPN and whatever the endpoint is, you only have access to the VPN. If you know that VPN is only being used by one person AND you have access to the network back to origin, you can follow it all the way back. Otherwise you can't and most VPN's are used by A LOT of people. In truth, there are ways to still track the packet, but they are extremely complicated and unless you're working within very specific parameters, highly illegal.
Oh, I got ahead of you and copy paste on my tablet sucks. :S You can maybe pick it up, but it's very, very, very hard and you need a lot of information. I personally rely on social engineering at this point to gather intel and make the work easier. But you also need a lot, a lot, a lot, a lot of math. You would need to catch the data returning from the enpoint to the VPN. Extract the header and read the data. Figure out what the data would look like encrypted, then strip headers off every outbound packet looking for the matching value. Once found, check the header from that packet and see where it's going. All this assumed you can figure out the encrypted version of the data before the packets are sent, or you can store copies of the insane amount of data until you're able to evaluate it.Ok so far so good. So once you had it traced, it becomes a more or less dead end. But if you can guess roughly where the origin is from, you can still pick up the trail from the personal computer to the VPN, (assuming it is not a hard ware VPN. That sounds oddly wrong to me. I sent a note asking for clarification but his answers are rather hard to understand.
Honestly? I think you're trying to win a 1,000 m sprint but don't know how to crawl yet. Hackers learn computers first. What's memory? How does it work? How does data get from one part of the computer to another? How is Wall-E nothing but bumps on a round disc, then 1s and 0s through my computer, then a signal through some wires, and then an HD image and sound on my home theatre? Then they learn networking. What is an IP address? What's a subnet? Why do I need them? What does a gateway do? How does my computer convert the electronic signal in my wire into youtube videos on my screen? Once you start learning networking, you'll realize how big it is and that'll soak up most of your time for serval years. Then you can start learning encryption, assuming you know discrete math, matrices, algebra and calculus.
If you really want to learn it correctly, start by getting an A+ certification, then a Network+, then a CCNA, then a CISSP, then a CEH. That's the minimum. Or, if you want someone else to do all the hard work for you but still want to do a little hacking, sign up for the courses online. SANS is the company I would recommend. And learn Linux. You can't hack very well without using Linux
I'm not 100% sure what you mean by 'encrypt everything public', but I'm going to guess you mean that if you are sending data to someone else over the public internet, how you could keep it secret. I think you already on the right track, you use a VPN (virtual private network). The endpoints of a VPN encrypt the data before putting it on the public internet so that in theory it is impossible to see what the two endpoints are sending to each other, even if it travels over the internet because the encrypted data looks pretty much like random noise. AFAIK, it is difficult or impossible to decrypt the traffic unless you happen to know the 'shared secret' - the key that is used to encrypt the traffic on the VPN.
I'm not a lawyer, but I too suspect it is a legal gray area. Just to clarify though - the use of the 'string' to do a search is simply to narrow down the firehose of raw data when you intercept a stream from a router. If you can intercept the stream, you can theoretically capture every single byte of info - but it could potentially be hundreds of gigabytes of data per hour so the practical issue of holding that data is the problem, you're gonna run out of drive space. So, what a hacker would do is instead of capturing hundreds of gigabytes of data per hour, he might set the protocol analyzer (packet sniffer) to watch the stream of data as it goes by and only copy down packets that have a particular known string - which might only be a few kilobytes of data per hour.
I can't comment on the legality of any of thoseAll the rerouting stuff sounds at best grey legal. But apparently just sitting watching the traffic entering one of the servers/hubs is very legal. It is also legal to record the headers of each packet that meets those criteria. I will have to check this all on Tuesday but t does sound viable
Not quite - as I said above, for VPNs the PAYLOAD of the packet is also encrypted. The headers are altered as well, but that's just so the VPN will 'work' because it's typically translating between a private network and the public network. The key is understanding that the stuff inside the VPN is encrypted, so that when it travels on the internet it is nearly impossible for someone watching it to read the payload.
I guess that's close enough, but that analogy still makes me cring a little.
I'm having trouble parsing this sentence, sorry - but if it helps, basically anyone watching the VPN traffic on the internet can see that there IS traffic going between two points, but they can no longer read the traffic between those points because it's now encrypted. Perhaps a better way to describe a VPN is the analogy of a postcard vs a letter. Most internet traffic is like a postcard - the 'content' is readable by any postman who is carrying the postcard. VPN traffic is like a letter inside an indestructible envelope. It the postmen can carry it to the destination but he can no longer read what is inside.
A hardware VPN is frequently a gateway router or firewall appliance that is doing the encryption of the traffic at the edge of the network, right before it is put on the public internet. They are typically used for site-to-site VPNs like between a branch office and a head office. Within the branch office itself, nothing is encrypted. But if you need to send something to the head office, the router will automatically encrypt the data and send it to it's partner router at the head office to decrypt it. And, just to re-iterate, even though this encrypted traffic travels over the internet, and people can see that SOMETHING is going between the branch office and the head office, no one can actually read the payload.Ok so far so good. So once you had it traced, it becomes a more or less dead end. But if you can guess roughly where the origin is from, you can still pick up the trail from the personal computer to the VPN, (assuming it is not a hard ware VPN. That sounds oddly wrong to me. I sent a note asking for clarification but his answers are rather hard to understand.
What do you think?
For software VPNs, the software on your computer itself forms the tunnel to the other VPN endpoint instead of having it done at your gateway router. I'm not sure of the distinction your 'white hat' friend is making between a software and hardware VPN because in most cases, your computer is still going to be behind a NAT router. Perhaps he is thinking of situations where the computer itself has a public IP address and there is no NATing occurring? In such a case, I guess it's conceivable you could get more information about the computer itself, but computers are rarely directly connected like this anymore - most people stick a NAT router in front of their computer so they can share the internet connection.
So smiley, is MrsCALoki at risk from some hacker discovering her IP and boarding her yacht steaming across the ocean?
Or to my Jane and Finch apartment?
Or to my Jane and Finch apartment?
Or could MrsCaloki's lawyers and hackers sniff up my VPN? :fear:
Faceless VPN
Response to Q1: “We do not log any IP addresses and no information about what data is accessed by our users, so we have no information that could be interesting to third-parties.”
Response to Q2: “We have servers in The Netherlands and our company is based in Cyprus. If authorities would contact us we would have to tell them that we have no connection logs or IP-addresses saved on our systems.”
Faceless VPN
Response to Q1: “We do not log any IP addresses and no information about what data is accessed by our users, so we have no information that could be interesting to third-parties.”
Response to Q2: “We have servers in The Netherlands and our company is based in Cyprus. If authorities would contact us we would have to tell them that we have no connection logs or IP-addresses saved on our systems.”
So recording the destination, the exact date and time of day, and the originating computer are all legal because they are in the header?
He never mentioned writing to those tables. I got the impression it was more like reading the front of the envelope as ants carried it past your feet and up to the house <=== analogy
He was talking stochastic analysis to determine the match at both ends. But that it only worked if you could limit the search area. If our vpn front end is in Bolivia it takes a lot of time (like WAY to long) to get a match randomly.
WOW way over my head.
I honestly cannot imagine ever getting in that far. I mostly want to understand if the idea of popping out an originating IP, using the technique is BS.
I could never imagine doing it myself. The guy who mentioned it was a hacker and got caught and started working for a multi-national. But I do not have the knowledge of computers to judge this kind of stuff.
Thanks for answering though, it made this a lot more easy to understand.
- Status
