Computer hardware and networking

2021-10-06 15:37:58 Use



Ss



Before URL for download any type of video from YouTube. Open / Comment

2021-10-05 12:55:36 AOMEI Partition Assistant Standard is FREE disk partition management software, which has earned its reputation among users worldwide. It comes with so many powerful features that allows you to completely control your hard disk and partitions. For example, the " Resize Partition" enables you to increase partition size to solve low disk space problems, or shrink partition size to make partition size more reasonable. You can flexibly manage disk space with "Create Partition", "Merge Partitions", "Delete Partition", "Format Partition", "Copy Partition" and so on.

AOMEI Partition Assistant embeds sector-level data protection technology.
It enables you to realize even safer partitioning operations that meet your expectations. Open / Comment

2021-10-05 10:18:31 By telling everyone they hacked something
Using their real IP address (Which is very stupid and only script kiddies do that)
Leaving behind a trace
Not using strong enough anonymity software
If they know that they had used weak anonymity software than not wiping everything on their hard drive.
Selling the stolen goods with their real name
Not deleting the logs
Leaving behind a backdoor that could lead back to you
And a lot more I can’t remember, hackers are humans they make mistakes but some sophisticated attacks are too well planned, they could be planning for months maybe years to counter any defense they would find on the target. But the defenders always keeps an eye on every suspect, one mistake could take the hacker to jail, google how many drug site owners from the deep web got caught even after they were using tor. Open / Comment

2021-10-05 10:17:30 And a lot more I can’t remember, hackers are humans they make mistakes but some sophisticated attacks are too well planned, they could be planning for months maybe years to counter any defense they would find on the target. But the defenders always keeps an eye on every suspect, one mistake could take the hacker to jail, google how many drug site owners from the deep web got caught even after they were using tor. Open / Comment

2021-10-05 10:17:30 Repeat Step 2 repeatedly to build a graph of activity surrounding the compromised machine, a network of relationships related to the attack.
As you execute step 3, to keep the scope reasonable, you prune out machines that seem to have no sign of malicious activity. Depending on the network's capabilities you may also be able to identify other instances of the malware or other indicators that machines are compromised and start new searches from these new machines. You know you're missing something if the graph isn't fully connected.
At some point, you may find "patient(s) 0", the ingress point for the attacker, with some sign as to how they got in such as a phishing email or exploit. There may be more than one ingress point. On the other hand, sometimes reports of phishing can tip you off to the campaign in the first place and you'll know exactly how the attacker got in.
At some point, you will likely find that the malware is talking to a command-and-control server living outside your network. You will need to work with the owner of that server and possibly the legal authorities to find out what it's talking to. This is slow, and you may not be able to do it at all, either due to uncooperative owners or locales, Tor nodes, or because the attacker moves the server. This is usually where the trail goes cold. However, in the best case, you can access the logs of that machine forensically and figure out which machines it's talking to. Repeat that until you get blocked or find the actual attacker.
Separately there are ways to identify information about the attacker without actually tracing them. For example, if their active hours correspond to the working hours of a particular locale, the attacker may be working there (or may be trying to make you think they do). If they execute scripts, in what language are the scripts named, and if you can recover one, what language are the comments in? Are the malware and tactics similar to those used by a previously known attacker? They often share/steal from each other, but groups tend to have distinct MOs. For example, one group may strongly prefer to get Domain Admin rights and create lots of back doors to ensure persistence, while another group may compromise only the accounts they need for a particular goal and never write malware to disk, in order to minimize the chance of discovery. Also, their vulnerabilities tend to follow patterns - one group may like font exploits while another prefers Flash. Just like any other organization, individuals in attack organizations develop specialties and these specialties determine the organization's operational preferences.

Another angle: what were they trying to steal and who would want that? Often you can identify the group very precisely by the combination of tactics, malware reuse, and goals. An obvious case is Stuxnet: only a very limited number of groups have both the skill to create such a piece of malware and the desire to target Iranian nuclear facilities.

Keep in mind that even if a defender identifies the attacker by name, address and phone number, they may not get arrested if they live in a jurisdiction that is unfriendly to the victim's country or that has high corruption. And since many attackers are employed by their government, those guys aren't going to jail either, though I suppose they might get fired for having gotten caught :).

By telling everyone they hacked something
Using their real IP address (Which is very stupid and only script kiddies do that)
Leaving behind a trace
Not using strong enough anonymity software
If they know that they had used weak anonymity software than not wiping everything on their hard drive.
Selling the stolen goods with their real name
Not deleting the logs
Leaving behind a backdoor that could lead back to you Open / Comment

2021-10-05 10:17:30 Perhaps the IP is traced back to a coffee shop's wifi. Perhaps it is traced to another country or an anonymous proxy. Perhaps you trace it to a person and find out their system is infected with malware, allowing the attacker to use their machine for the attack without the owner's knowledge. Perhaps the attacker hired someone else to do the crime for them. These are just a few ways an attacker could make themselves difficult to trace.

On the other hand, attackers often make dumb mistakes even when they succeed in hiding their tracks well. 'Anonymous' gives a great example in another answer to this question where the attacker taunts authorities by posting a photo to Twitter, bragging about their role in an attack. Twitter attaches GPS coordinates to photo uploads by default. Many, many computer criminals have been caught because they can't resist bragging or boasting. Sometimes they're caught in very low-tech ways - bragging about it on a phone call after authorities' suspicions have resulted in a wire tap. Bragging about it at work. At a bar. On social media.

Many don't get caught though - the amount of effort that goes into investigating computer crimes is generally much larger than the effort it takes to commit them. Often, the crime just doesn't justify spending hundreds of hours trying to subpoena records from a South African ISP or trying to take down a small botnet run by the Russian mafia. Due to limited resources, often only the largest computer crimes get investigated.

Grumpy Kim, here is a start to a very detailed answer:

Hackers get caught no different than murders who get caught, they both leave forensic evidence behind. Here are some bullet points:

IP Addresses tracking back to suspect
Too much surveillance on target (many people dont hide ip address when doing surveillance)
Shitty proxy services (NSA, Warrants, Hacks)
Not using Live Boot Linux during hacks (No proof I did shit)
Witnesses (Bragging, using same alias, narcs)
Method of Operation (MO). Using certain tools in specific patterns link you to multiple other breaches. (North Korea)
Sloppy work. Your programming has references to you, your nationality, etc via typos, slang, etc. (Stuxnet)
Who you target. Target rich company in US and you will may have hell on you. Target some dumb kid while in Nigeria, no one gives a fuck.
Just plain dumb. This hacker left his metadata of his gf's gps location on her boob photo:

I'll let others add to the list... Sharing is caring
How come most hackers are never caught? Can’t service providers see where money was transferred to, in the case of bank or Paypal fraud?
How did the greatest hackers of all time (like Jonathon James and Kevin Mitnick) get caught? They managed to get into most secured networks but they failed to hide their identity. How and why?
How can I completely stay anonymous? What great hackers does to stay anonymous? I said great hacker, who have never been caught.
Great hackers not only don't get caught, they don't even get noticed. However, in the vast majority of cases, it's actually not that tricky to trace an attack, just time consuming and tedious. Here's how it works:

You find out something is compromised. Let's say it's a particular PC, though it could be an account, system, or data.
You look at all the accounts that accessed that machine. Then you look at all the machines that those accounts accessed both before and after accessing that machine. Also, you examine the machine forensically for anomalous files (unknown malware) or known malware. One way that great attackers hide is to carefully cover their tracks by altering log files and other traces of activity as they go. However there are ways to prevent this and it's difficult for the attacker to get it 100% right due to the myriad different logging and monitoring configurations in real world systems. Open / Comment

2021-10-05 10:15:40 Repeat Step 2 repeatedly to build a graph of activity surrounding the compromised machine, a network of relationships related to the attack.
As you execute step 3, to keep the scope reasonable, you prune out machines that seem to have no sign of malicious activity. Depending on the network's capabilities you may also be able to identify other instances of the malware or other indicators that machines are compromised and start new searches from these new machines. You know you're missing something if the graph isn't fully connected.
At some point, you may find "patient(s) 0", the ingress point for the attacker, with some sign as to how they got in such as a phishing email or exploit. There may be more than one ingress point. On the other hand, sometimes reports of phishing can tip you off to the campaign in the first place and you'll know exactly how the attacker got in.
At some point, you will likely find that the malware is talking to a command-and-control server living outside your network. You will need to work with the owner of that server and possibly the legal authorities to find out what it's talking to. This is slow, and you may not be able to do it at all, either due to uncooperative owners or locales, Tor nodes, or because the attacker moves the server. This is usually where the trail goes cold. However, in the best case, you can access the logs of that machine forensically and figure out which machines it's talking to. Repeat that until you get blocked or find the actual attacker.
Separately there are ways to identify information about the attacker without actually tracing them. For example, if their active hours correspond to the working hours of a particular locale, the attacker may be working there (or may be trying to make you think they do). If they execute scripts, in what language are the scripts named, and if you can recover one, what language are the comments in? Are the malware and tactics similar to those used by a previously known attacker? They often share/steal from each other, but groups tend to have distinct MOs. For example, one group may strongly prefer to get Domain Admin rights and create lots of back doors to ensure persistence, while another group may compromise only the accounts they need for a particular goal and never write malware to disk, in order to minimize the chance of discovery. Also, their vulnerabilities tend to follow patterns - one group may like font exploits while another prefers Flash. Just like any other organization, individuals in attack organizations develop specialties and these specialties determine the organization's operational preferences.

Another angle: what were they trying to steal and who would want that? Often you can identify the group very precisely by the combination of tactics, malware reuse, and goals. An obvious case is Stuxnet: only a very limited number of groups have both the skill to create such a piece of malware and the desire to target Iranian nuclear facilities.

Keep in mind that even if a defender identifies the attacker by name, address and phone number, they may not get arrested if they live in a jurisdiction that is unfriendly to the victim's country or that has high corruption. And since many attackers are employed by their government, those guys aren't going to jail either, though I suppose they might get fired for having gotten caught :). Open / Comment

2021-10-05 10:15:40 There are a myriad of ways for the attacker to hide their true identity, IP and location. Perhaps the IP is traced back to a coffee shop's wifi. Perhaps it is traced to another country or an anonymous proxy. Perhaps you trace it to a person and find out their system is infected with malware, allowing the attacker to use their machine for the attack without the owner's knowledge. Perhaps the attacker hired someone else to do the crime for them. These are just a few ways an attacker could make themselves difficult to trace.

On the other hand, attackers often make dumb mistakes even when they succeed in hiding their tracks well. 'Anonymous' gives a great example in another answer to this question where the attacker taunts authorities by posting a photo to Twitter, bragging about their role in an attack. Twitter attaches GPS coordinates to photo uploads by default. Many, many computer criminals have been caught because they can't resist bragging or boasting. Sometimes they're caught in very low-tech ways - bragging about it on a phone call after authorities' suspicions have resulted in a wire tap. Bragging about it at work. At a bar. On social media.

Many don't get caught though - the amount of effort that goes into investigating computer crimes is generally much larger than the effort it takes to commit them. Often, the crime just doesn't justify spending hundreds of hours trying to subpoena records from a South African ISP or trying to take down a small botnet run by the Russian mafia. Due to limited resources, often only the largest computer crimes get investigated.

Grumpy Kim, here is a start to a very detailed answer:

Hackers get caught no different than murders who get caught, they both leave forensic evidence behind. Here are some bullet points:

IP Addresses tracking back to suspect
Too much surveillance on target (many people dont hide ip address when doing surveillance)
Shitty proxy services (NSA, Warrants, Hacks)
Not using Live Boot Linux during hacks (No proof I did shit)
Witnesses (Bragging, using same alias, narcs)
Method of Operation (MO). Using certain tools in specific patterns link you to multiple other breaches. (North Korea)
Sloppy work. Your programming has references to you, your nationality, etc via typos, slang, etc. (Stuxnet)
Who you target. Target rich company in US and you will may have hell on you. Target some dumb kid while in Nigeria, no one gives a fuck.
Just plain dumb. This hacker left his metadata of his gf's gps location on her boob photo:

I'll let others add to the list... Sharing is caring
How come most hackers are never caught? Can’t service providers see where money was transferred to, in the case of bank or Paypal fraud?
How did the greatest hackers of all time (like Jonathon James and Kevin Mitnick) get caught? They managed to get into most secured networks but they failed to hide their identity. How and why?
How can I completely stay anonymous? What great hackers does to stay anonymous? I said great hacker, who have never been caught.
Great hackers not only don't get caught, they don't even get noticed. However, in the vast majority of cases, it's actually not that tricky to trace an attack, just time consuming and tedious. Here's how it works:

You find out something is compromised. Let's say it's a particular PC, though it could be an account, system, or data.
You look at all the accounts that accessed that machine. Then you look at all the machines that those accounts accessed both before and after accessing that machine. Also, you examine the machine forensically for anomalous files (unknown malware) or known malware. One way that great attackers hide is to carefully cover their tracks by altering log files and other traces of activity as they go. However there are ways to prevent this and it's difficult for the attacker to get it 100% right due to the myriad different logging and monitoring configurations in real world systems. Open / Comment