💾 Archived View for spam.works › mirrors › textfiles › uploads › spy.txt captured on 2023-06-16 at 20:58:42.
-=-=-=-=-=-=-
Virtual Espionage
A guide to doing it and protecting yourself from it
By: The Mob Boss
Espionage is something that goes on everyday. No I am not
talking about the movies and I am not talking about the
bullshit you see on your local news. I am talking about the
information gathering that goes on every day, specifically
the kind that goes on the vast world we call the internet.
Lets face it the net and phone network has become something
of virtual world. It's a place where shopping, work,
communication, and leisure occurs on a day to day basis. If
you think about it, this creation of a new world was
inevitable with hundreds of people from all over the world
discovering it for the first time each day. With some much
information on one network is it that bizarre to think that
someone might want to gather more information then they were
meant to know. To want to find out information about someone
else on that vast network is not so strange when you
consider the many people who LIVE on IRC and other means of
communication. Not to mention with so much money flowing
through those phone and cable lines, its obvious someone
might want to steal it. Now it's nothing to be paranoid about
and its not something to avoid the web over, its just
something to be aware of. For instance how do you know
someone you pissed of on IRC is spying on you? How do you
know some law enforcement agency is not monitoring a channel
or newsgroup you frequent? Well that's what this article is
about so if you still interested keep on reading.
Ok so you understand there are prying eyes and ears out
there so what kind of precautions do you plan to take? That
depends on what kind of things you do online. For instance
if you are some sort of holy man online then I doubt the
government is concerned with you. But let's consider you
someone who thinks freely and does things that might be
somewhat questionable, then you might want to consider
watching yourself. First step to becoming anonymous on the
web is thinking about what forms of identification there are
to tell who you really are. In real life that may be your
drivers license, fingerprint, or signature. Online though,
your IP, email address, and most importantly your phone
number will lead back to you. The key is learning how to
bypass that. For instance your IP address is left whenever
you visit a page, whenever you sign on to chat, when ever
you post to a discussion group. So what can you do about
that you ask? You can bounce your IP. Something we can use
to achieve this is proxies and wingates. Now although it
seems simple enough most people don't go through the trouble
of doing this for everyday things. I suggest that if you
have two web browsers, that at least one of those should
have an http proxy setup on it. So it slows you down a
little, no big deal, good things come to those who wait.
Here's a freebie proxy which will probably go dead as soon as
I release this, proxy.escape.ca:3128, now that should be
placed in your preferences under proxies. Read the help file
for your browser to see the specifics on how to specify your
proxy. Most HTTP proxies run on either 8080 or 3128 so if
that one goes dead just fire up nmap or your favorite
scanner and look for IP's connecting on those ports. Now for
you IRC chatting you have the option of either using a
wingate, which is something like a proxy that connects on
port 23 and identifies itself by the "wingate>" prompt, or
you can use an IRC proxy, which will probably be easier,
especially if you are using some sort of mIRC. I personally
like wingates when I use BitchX and proxies for when I use
mIRC. That's my personal opinion but feel free to form your
own thoughts. Now if you don't already know how to use a
wingate there are plenty of good texts out there on it. One
I strongly recommend is by a friend of mine Alphavers, I
don't know exactly remember the name but you can obtain it
directly from him on Undernet #ANSI, he's on there all day,
seven days a week. As for IRC proxies I am not going to give
a freebie of this because I don't have more then two at the
moment myself, I will say though they run on port 1080
(socks proxy) so like I said earlier fire up that IP
scanner. You can also use a proxy to telnet, FTP, and even
send mail by directly connecting to the smtp port (25). As I
suggested earlier read up on wingates. If you would like to
see a wingate for yourself you can always find the ones that
were g-lined on IRC by giving the "/stat g" command, just
look for exploitable wingate or too many connections and
telnet to it. Most likely you will be sitting at the wingate
prompt. Now that you are protecting your IP, what are you
doing about giving information under your own free will? One
thing that a lot of people do which is very, very, stupid is
having their full name on their email address. If you do
then its a good idea to keep that email address private and
open up a free web-based email address such as one available
at http://mail.yahoo.com or www.hotmail.com and use fake
info only providing your internet handle. So now using a
http proxy and an email address with fake info, you know
have become somewhat anonymous because those headers will
automatically show the IP of your proxy rather then yours
when you send an email. Now another thing to consider is
what you say online. Posting to some sex newsgroup and then
using the same email address on Usenet to get involved in
something else is probably a bad idea because those records
of where you post are available to the public through
www.dejanews.com and will probably be dug up. Also what do
you tell people about yourself. Do you mention your real
name to people? Do you tell people where you work or talk
about your family? All those things can be used against you.
Someone following you around in chat may be able to gather
quite an extensive amount of information about you. Keeping
your mouth shut may be something that comes hard at first
but will definitely be worthwhile in the long run. You don't
have to make like the dumb guard from Hogan's Heroes and do
the "I know nothing" routine but being somewhat vague is
definitely something smart. You don't want to make others
suspicious of you but keeping your information private is
what is the number one priority. Keep an eye out to see if a
certain nick keeps popping up in the same channel or chat
room you are in. Using the same street smarts you would use
in real life are just as important on the net.
Now that you know how to protect yourself its time to
learn how to go on the offensive. How to become on the
virtual James Bond. Most likely it won't be that exciting
but it may come in handy. Lets start off by sizing up the
target. Who is he? What does he do online? What is it we
want to know or achieve? Once you have questioned your
motives you are ready to begin. Setting up a dossier on the
person is the first step. You should begin to note
everything you already know about the person such as their
handle, email address, ISP, and anything else you know off
the top of the head. Secondly find out where they hang out
and what handle do they go by. Frequent the places they go
and follow them if you can but don't make the person
suspicious or you will fuck up your whole operation. Note
who their friends are. If you can get the persons AIM screen
name, Yahoo Pager handle, or ICQ number by all means add
them by using any excuse you can or don't give an excuse. If
questioned by the person ignoring them might be the best
bet. Getting to know their patterns for coming online is a
good idea so you can know when to expect them. Now by doing
all this you are putting yourself in a position to be able to
spy on them and even clone their online identity. Posing as
someone who uses AOL as his or her ISP would definitely be easy
because those accounts are not too difficult to get. Noting
their ident on IRC is also a good idea if you ever plan to
try to snatch information by posing as them. Now I highly
recommend you do the background work before you try that so
that you don't screw up and blow your cover. Now after you
have done that its time to give yourself a new identity and
try to get close to them. Now if the person is usually very
friendly then it shouldn't be too hard. Hang around where
they do under your new identity which should be from a
forged IP, a free email account with bogus info, and
anything else someone online might have a like ICQ. Get to
know the person and add to the conversations. Make friends
with the person, never hinting who you are. Your own
boasting is what might get you in trouble as it always seems
to do it to everyone. Now for instance if this person is
into h/p sharing some good info that you know they would be
interested is something that you should attempt. If you
share enough real info with them they may trust you enough
so that you can slip them a trojan if you feel the need. Now
I am in NO way advocating the use of trojan's but if you must
you must to obtain your goal then use your best judgement
and let it be on your head. By this time you should have
already checked their computer by scanning it, seeing what
operating system they use as well as any security breaches
may be possible on it. Use your creativity and you will be
fine. Gaining their trust is something that should not be
rushed, if you do then its highly likely that you will fail
in your motives.
That's it for this article, I know this is a little
different from my usual articles but I think its something
everyone on h/p scene should be aware of since I have seen
this on many notes throughout my career and felt it should
be addressed.
-The Mob Boss; http://mobboss.dragx.cx
Voice mail and fax: 1-877-203-3043
Edited by Glock
_____________________
/ * BBS LIST * /|
/____________________/ |
| |M |
| The Sacrifial Lamb|O |
| english.gh0st.net |B |
| | |
| Ripco BBS |B |
| ripco2.ripco.com |O |
| |S |
| The NorthLand |S |
| Underground BBS | |
| nub.dhs.org | |
| | |
| L0pht BBS | |
| bbs.l0pht.com | /
|___________________|/
This has been a publication written by THE MOB BOSS;
He is in no way responsible for the accuracy or results from the use of info in this article.
Anything done is totally done at the users discretion.
THE MOB BOSS in no way or form supports, aids, or participates
in the act of criminal hacking or phreaking.
Any ideas, beliefs, and information gathered in all publications published by THE MOB BOSS
are strictly for informational purposes only.
THE MOB BOSS (c) 1999 all rights reserved