Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
An Ethical Guide to Cyber Anonymity

You're reading from   An Ethical Guide to Cyber Anonymity Concepts, tools, and techniques to protect your anonymity from criminals, unethical hackers, and governments

Arrow left icon
Product type Paperback
Published in Dec 2022
Publisher Packt
ISBN-13 9781801810210
Length 322 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Kushantha Gunawardana Kushantha Gunawardana
Author Profile Icon Kushantha Gunawardana
Kushantha Gunawardana
Arrow right icon
View More author details
Toc

Table of Contents (16) Chapters Close

Preface 1. Part 1: The Basics of Privacy and Cyber Anonymity
2. Chapter 1: Understanding Sensitive Information FREE CHAPTER 3. Chapter 2: Ways That Attackers Use Your Data 4. Part 2: Methods and Artifacts That Attackers and Competitors Can Collect from You
5. Chapter 3: Ways That Attackers Reveal the Privacy of Individuals and Companies 6. Chapter 4: Techniques that Attackers Use to Compromise Privacy 7. Chapter 5: Tools and Techniques That Attackers Use 8. Chapter 6: Artifacts that Attackers Can Collect from You 9. Part 3: Concepts and Maintaining Cyber Anonymity
10. Chapter 7: Introduction to Cyber Anonymity 11. Chapter 8: Understanding the Scope of Access 12. Chapter 9: Avoiding Behavior Tracking Applications and Browsers 13. Chapter 10: Proxy Chains and Anonymizers 14. Index 15. Other Books You May Enjoy

Cyber anonymity

We have discussed how our privacy can be compromised and different levels of privacy.

Cyber anonymity is the state of being unknown. With cyber anonymity, the activities performed in cyberspace will remain, but the state will be unknown. As an example, if an attacker performs an attack anonymously, the attack will still be effective but the attacker’s identity will be unknown. Being completely anonymous is a complex process as there are multiple layers of collecting information, as explained earlier.

If we look at the same set of layers that we discussed, to be anonymous in cyberspace, we need to concentrate on each layer. The main idea here is for the attacker to eliminate all traces of themselves as if even a single amount of information is left, they can be identified. That’s how many anonymous groups have been traced, in some cases after many years of research.

There was one case related to the world-famous Silk Road, an anonymous marketplace on the dark web mostly selling drugs to over 100,000 buyers around the world. Later, the Federal Bureau of Investigation (FBI) seized the site. With the site, the United States government seized over 1 billion US dollars' worth of Bitcoin connected to Silk Road. Even though the main actors behind Silk Road were arrested, the administrators of the site started Silk Road 2, but that was also seized by the US government. However, the site was completely anonymous for a few years until the FBI traced and shut it down. According to the media, the infamous Dread Pirate Roberts, the pseudonym of Ross Ulbricht, the founder of Silk Road, was taken down because of a misconfigured server. This server was used to maintain the cyber anonymity of Silk Road, but due to a single misconfiguration, it uncovered the real IPs of some requests instead of them being anonymous. As a result, the FBI was able to track down the communication and traced the perpetrator using the IP.

This is a classic example to illustrate how even though efforts were made to remain anonymous on all layers, a small mistake revealed their whereabouts. This is why it is stated that cyber anonymity is a complicated process that involves various technologies. Also, it requires concentrating on all the layers to be completely anonymous. There are many common technologies, including Virtual Private Networks (VPNs), proxy servers, censorship circumvention tools, and chain proxies, that help with maintaining cyber anonymity, which will be discussed in upcoming chapters.

Typically, all operating systems, applications, and appliances are designed to keep different types of information in the form of logs to maintain accountability and to be able to help with troubleshooting. This information can be volatile or static. Volatile information will be available until the next reboot or shutdown of the system in memory. Forensic and memory-capturing tools can be used to dump volatile data, which can then be analyzed to find out specific information.

Static data can be found in temporary files, registries, log files, and other locations, depending on the operating system or application. Some information that is available is created by the user activity and some is created as a part of the system process.

If you need to maintain complete anonymity, this information is useful as you need to minimize or prevent the footprints created in different layers. To overcome this challenge, the most used technique is using live boot systems. Most Linux systems provide the flexibility of running a live operating system, using CDs/DVDs, live boot USB drives, or virtual systems directly connected to an ISO file. Some operating systems that have the live boot option available are as follows:

  • Kali Linux live boot – penetration testing environment
  • Parrot Security or Parrot OS live boot – security testing
  • Gentoo – based on FreeBSD
  • Predator OS
  • Knoppix – based on Debian
  • PCLinuxOS – based on Mandrake
  • Ubuntu – based on Debian
  • Kubuntu – KDE Ubuntu version
  • Xubuntu – light Ubuntu version that uses an Xfce desktop environment
  • Damn Small Linux – Debian (Knoppix remaster)
  • Puppy Linux – Barry Kauler wrote almost everything from scratch
  • Ultimate Boot CD (UBCD) – diagnostics CD
  • openSUSE Live – based on the Jurix distribution
  • SystemRescue CD – Linux system on a bootable CD-ROM for repairing your system and your data after a crash
  • Feather Linux – Knoppix remaster (based on Debian)
  • FreeBSD – derived from BSD
  • Fedora – another community-driven Linux distribution
  • Linux Mint – an elegant remix based on Ubuntu
  • Hiren’s BootCD PE (Preinstallation Environment) – Windows 10-based live CD with a range of free tools

Once you boot from live boot systems, it reduces or prevents creating logs and temporary files on the actual operating system straight away. Once the live boot system is shut down or rebooted, volatile data and static data are created because your activities are completely removed; when you boot next time, it will be a brand-new operating system. If you require, you always have the option to permanently install most of these operating systems.

Whenever you access the internet, DNS information will be cached in the local system until you manually remove it, the Time to Live (TTL) value is reached, or you run an automated tool. When you access any website, the local DNS resolver resolves it and keeps it in the cache until the TTL value becomes 0. When configuring DNS on the domain service provider’s portal or DNS server, usually, the TTL values are added.

As an example, by using the nslookup command, we can check the TTL value.

Let’s use nslookup on microsoft.com:

Figure 1.10 – DNS information retrieval with nslookup

Figure 1.10 – DNS information retrieval with nslookup

This shows the TTL value of microsoft.com is 300 seconds/5 minutes.

If we access the Microsoft website, this DNS entry will be cached in the local cache.

We can check this by executing ipconfig /displaydns on Windows Command Prompt.

Figure 1.11 – Information retrieved by ipconfig/displaydns

Figure 1.11 – Information retrieved by ipconfig/displaydns

If you are using PowerShell, you can use the Get-DnsClientCache cmdlet to get a similar result.

Figure 1.12 – Information retrieved by Get-DnsClientCache

Figure 1.12 – Information retrieved by Get-DnsClientCache

This information is categorized as volatile information. However, until your next reboot or shutdown, these entries will be there if the TTL value has not reached 0.

If you execute the preceding command a few times, with some intervals, you will realize every time you run it, the TTL value of the result is always less than the previous TTL value. When the TTL value becomes 0, the entry will be automatically removed. This is how DNS has been designed, to provide optimum performance during the runtime and when you change the DNS entry. That’s the reason why when you change the DNS entry, it can take up to 48 hours to completely replicate the DNS as some clients might still have resolved IPs from DNS entries in their cache.

This is not just the case on the local cache; if you have DNS servers in the infrastructure, these DNS servers also cache the resolved DNS entries for later use.

You have been reading a chapter from
An Ethical Guide to Cyber Anonymity
Published in: Dec 2022
Publisher: Packt
ISBN-13: 9781801810210
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image