Announcement

Collapse
No announcement yet.

VPN's

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • VPN's

    Okay, i have always thought i knew this, but saw a post that totally contradiced that, so i want to get this clear: How safe is a VPN?
    Assume VPN does not log any kind of information, and are flawless in their service.

    So, let's say, worst case scenario: You hacked the FBI and CIA database and stole all the information, and in addition to that, you hacked the air force's computers, and crashed a bunch of drones. FBI "knows" it was you, but needs proof. Both FBI and ISP is cooperating to find proof that you did it, but you used a VPN that does not keep logs. Would they ever be able to find out what you did while you were using your VPN? If yes, please explain what extra measure of security that needs to be added or what you need to avoid to be 100% secure.

    I know a guy from lulzsec got caught for hacking but he used hidemyass, who do keep logs.


  • #2
    If the FBI/CIA want you in jail, they will do it whether they have proof or not...

    But as regard to VPN's, if you did do something, it does rely on whether they keep logs or not. Here is a list of VPN's that keep logs and don't keep logs: http://torrentfreak.com/which-vpn-pr...iously-111007/

    Comment


    • #3
      I believe a system exist, and what I mean is few rare people in the "deep" net area may have the resources to put all the work to stay 100% with [Security Engineering]

      That being said I am going to tell you what you already know and believed in,

      1) VPN servers are not designed to be used for illegal activities
      2) It is stupid and naive to believe that by paying a subscription fee for a VPN you are free to break the law without any consequences
      3) I quote "This includes certain hardcore privacy services which claim you will never be identified, these types of services that do not cooperate are more likely to have their entire VPN network monitored and tapped by law enforcement, thus affecting all legitimate customers."
      4) Take the example of hush mail, many use it for privacy, but everyone knows that they cooperate with police and law enforcement.
      5) Using a VPN gives someone a reason to see what you are hiding, its like buying a gun and then buying a silencer, it gives people a reason to think you might do something bad by buying a silencer to use it without getting noticed.


      AND on that bomb shell the fact these hacktivist used it on the actual government knowing they might get caught and got caught should send you signals that the answer to your question........well I'll let you fill in the blanks

      Comment


      • #4
        If the VPN server is set up correctly (no logs, everything encrypted and the server itself has no security holes, disks encrypted) it's basically untraceable, but the bottleneck are usually the payments or stuff like that. You obviously can't pay for a VPN or server where you run the VPN on with a creditcard that's traceable back to you. Even the tiniest mistake like, logging in on the PayPal account you pay the server that does the nasty things, with your real IP address can break your neck.

        Will answer more deeply later ...
        Last edited by Magister; October 24, 2011, 02:29 AM.
        sigpic
        If you need help feel free to PM me, but keep in mind that asking for an invite is not considered help.

        Comment


        • #5


          There is safe and then there is safe. A flawless VPN just means that there are no records. So in practical terms its a dead end for most people that would try to track you down.

          But your scenario takes this up a notch. The FBi/CIA/NSA/NRO have resources that mere mortals don't have access to. The US intelligence budget is in excess of $30 billion annually. FBI programs such as carnivore and it's successors require ISPs to log and keep records on customer traffic. The NSA is known to have a raw data feed of all traffic going through a number of large data centers. Never mind the VPN. They can see the traffic on both sides of it.

          The NSA Ft. Meade computer super computer complex employees 15,000. Their trailblazer and echelon programs are reputed to intercept in excess of 90% of world wide telephone, fax and computer traffic. Not to mention tempest, tinker and more recent initiatives that expand and refine SIGINT (signals intelligence) data mining.

          So in your example, a VPN would protect you about as much as a kleenex umbrella.


          Last edited by Copper; October 24, 2011, 02:24 AM.
          Fortune and love favour the brave .-. Ovid ....

          Comment


          • #6
            Originally posted by Logan96 View Post
            I believe a system exist, and what I mean is few rare people in the "deep" net area may have the resources to put all the work to stay 100% with [Security Engineering]

            That being said I am going to tell you what you already know and believed in,

            1) VPN servers are not designed to be used for illegal activities
            2) It is stupid and naive to believe that by paying a subscription fee for a VPN you are free to break the law without any consequences
            3) I quote "This includes certain hardcore privacy services which claim you will never be identified, these types of services that do not cooperate are more likely to have their entire VPN network monitored and tapped by law enforcement, thus affecting all legitimate customers."
            4) Take the example of hush mail, many use it for privacy, but everyone knows that they cooperate with police and law enforcement.
            5) Using a VPN gives someone a reason to see what you are hiding, its like buying a gun and then buying a silencer, it gives people a reason to think you might do something bad by buying a silencer to use it without getting noticed.


            AND on that bomb shell the fact these hacktivist used it on the actual government knowing they might get caught and got caught should send you signals that the answer to your question........well I'll let you fill in the blanks
            Umm, just because I ask this question does not mean that I am going to do any of what i said, so I have no idea why you are suggesting that I am going to break the law, and neither do i need any legal advice.

            Else than that, thank you for advise.

            And thanks for the useful info copper! I feel that my interstanding on how www works increased by .0001% just because of your post. I guess that I'd have to use the neightbours network when I'm realeaseing my evil plans of controlling the whole internet. :) Will leave this open if anyone else wants to come with new inputs

            Comment


            • #7
              hahah, this has nothing to do with you, this info was given because of what Magister said on the other thread, hence you creating this thread

              Comment


              • #8
                Discussing what Copper wrote about all the "gadgets" that organized government agencies supposedly have to intercept you. You packed a lot of information in few lines, but of what you said is incomplete or incorrect. It sounded to me you wanted to scare users out more than anything else. Let's make some order.
                Carnivore project:
                It's a over ten yours old program that act just like a sniffer. It captures e-mail messages as well the network traffic to and from a specific user's account or IP address. It's necessary a court order for the FBI to be so invasive. There needs to be probable-cause and, of course, the ISP needs to have your logs recorded as the interception as to be target on a specific user. Otherwise they can just record the number you dial or the number of the calls you receive.
                It's important to stress that Carnivore can only be used against an investigated user of choice as widespread monitoring of the internet is not allowed by law. Moreover there a lots on method to fool Carnivore and they are all well known. You can forge email using Trojans so introducing false evidence, or you can use encryption software like PGP etc.
                It's been replaced in 2005, because obsolete.

                Trailblazer is been shut down few years now because it was disappointing and a waste of money to some. It did go over-budget and was mostly a failure

                Turbulence is the new beast. Seems to include nine core programs, with intriguing names such as Turmoil, Tutelage and Traffic Thief. Among their goals: mapping social networks based on intercepted communications, embedding technology on networks to collect data, and searching for patterns across hundreds of NSA databases. It's impossible to tell how far this goes though as anything surrounding it is confidential. It costs 500 million dollars a year, so it should be taken seriously, considering that the administrators of the system had the balls to hide the program successfully from the Congress in the first year of existence. Since it can inject content into the traffic too, it can also operate as mean of attack...

                The referral to ECHELON is out of place in this context. It was originally created to monitor the military and diplomatic communications of the USSR (and the Eastern Bloc allies) during the Cold War in the early 1960s. Nowadays it's used to intercept and inspect telephone calls, fax, e-mail and other data traffic globally through the interception of communication bearers including satellite transmission, public switches telephone networks, which once carried most Internet traffic and microwave links, mainly for anti-terrorism purposes.
                Not the network that exist today or your personal traffic. No idea where you take that
                in excess of 90% of worldwide telephone, fax and computer traffic
                That's science fiction still, besides being illegal, even if it was true, which I have no recollection it is.

                Tempest, Tinker? Can you explain what are you referring to, please?

                VPN are safe enough if the company DOESN’T save records of your loggings AND you can pay the service anonymously. The rest is smoke. As a matter of fact the will to get your traffic more anonymous increases suspicions hence potential surveillance.

                Comment


                • #9
                  Just sticking my nose in here.

                  I work in the that field.

                  For what it's worth, we are forced to use VPN's to connect to the net all the time. Without exception. There is one built into the router where I currently live, I have another on top of that as well as an SSH tunnel.

                  VPN's work.

                  Of course, if there was reason enough and agencies wanted it enough, your VPN will be broken. They're not impenetrable, they are not all-securing, as many commercial VPN providers claim.

                  If you want to secure your connection, use a VPN. I hope the guys above me, talking about programs to sniff your traffic and whatnot that "government agencies" "use", realize that anything they use is not publicly available, nor documented. As well as the fact that there is no "standard" application.

                  If you were ever targeted (which let me tell you, you will not be), yes your VPN would make very little difference. However, if you wish to remain fairly anonymous online, use one. Find a good provider, with good reviews, read through their ToS thoroughly and ensure that they do not log anything. Unless you people are serious criminals, which I sincerely hope you're not, "government agencies", will not be targeting you.
                  • Secure VPN (Not PPTP, read the providers ToS)
                  • SSH tunnel through your own server, using a SOCK5 proxy in FireFox. Not Chrome.
                  • Even better, run your own VPN, on your own server.
                  Use the above combination and unless you are really doing some bad things, in which case I suggest you re-evaluate yourself and what you are doing, you will be just fine online.

                  Oh, and please be aware that VPN's are not allowed here at T-I. You must browse using your real IP

                  If anyone has any questions, just PM me. I barely scratched the surface of what can be said about VPN's.

                  Cheers,
                  -Pulser
                  Last edited by pulser; October 25, 2011, 01:16 PM.
                  "Dear World, I am leaving because I am bored. I feel I have lived long enough. I am leaving you with your worries in this sweet cesspool. Good luck."

                  Comment


                  • #10
                    There have been some brilliant replies already in this thread, and I just want to add one thing, and that's about payments: Ukash. Ukash is available in several countries and can be bought at your local store basically, and if you avoid being too obvious and being caught on camera, then you can at least safe-proof one crucial part of the VPN chain. Next part is obtaining a reliable VPN without logs - you pay for the VPN service or your own server, setting up your own VPN service, by using Ukash.

                    Comment


                    • #11
                      Okay, so from reading your posts, the only thing we can be sure of is that we can't be sure if it's 100% secure?

                      Comment


                      • #12
                        I'm not sure if this helps. I never used a VPN.

                        If you pay for an VPN, you had to use some sort of credit card to purchase it. can't they just track that credit card to that VPN?

                        sigpic

                        Comment


                        • #13
                          There was already a discussion about that in this thread. and it got resolved. Just read the posts.

                          Comment


                          • #14


                            There is a lot of confusion about VPNs. I will try to clear some of that up. As pulser noted, a properly implemented VPN works. It does protect traffic from individuals, corporations and even courts that would seek to see what you are doing. If logs are not kept, it is in practical terms impossible to trace where the endpoint is. And non-governmental bodies are not going to be able to break that encryption. Realize that the OP posited an unusual situation of throwing the resources of a major government at this. That changes the answer. But intelligence agencies have little interest or time to chase torrenters or much else that you would do. So unless you are a big time criminal it is highly unlikely that the NSA will be trying to unravel your VPN.

                            It is difficult to overstate the gap between the resources available to the intelligence community and the rest of society. When you assemble tens of thousands of phD scientists and technicians it is amazing what technologies come out of that collaboration. Magnitud3 states that the programs that I cited are largely obsolete. There is some truth to that. I cited well known examples that are well documented just to give a glimpse into the vast resources that can be brought to bear in the community. Many of those specific programs are a decade or more old. And still the capabilities are astonishing. I can tell you little about current programs. They are largely outside public purview. What little I know, is bound by confidentiality. And most is simply unknown to me or other outsiders. What we find out is much after the fact, long after such programs are largely superseded by bolder initiatives.

                            Echelon remains relevant because of the pervasive data mining. Even though the mandate of this program is to intercept foreign data traffic, myriad examples of domestic exceptions and abuse have been documented. Still, unless you are a terrorist or drug czar you need not lose much sleep over it.

                            And what of MajorNil's followup question? What would a hacker need to do? He would want a tortuous path to his target. One that was redundant and had physical/mechanical links in a chain, not just electronic routing. You'd want things like zombie relays, rewritten logs and undocumented ghost uplinks off satellite sidebands. Multiple VPNs and removable links in your communications chain. You'd want uncertainty and deception to obscure the point of origin. You expect that your path will be traced and take steps to deal with that. And fastidious attention to details as any one misstep can bring down the whole house of cards. So many things could trip him up. From credit card receipts, finger prints or surveillance video to a SIGINT intercept of a cell phone conversation talking about your exploit. A really good hack would be one that no one is even aware of.


                            Last edited by Copper; October 27, 2011, 02:54 PM.
                            Fortune and love favour the brave .-. Ovid ....

                            Comment


                            • #15
                              It's worth noting that pre-pay credit cards are available from many department stores around the world (generally sold as gift cards or as a way to purchase goods online for people with poor credit ratings). These can usually be purchased anonymously with cash. Iirc, wallmart does one.

                              Just another option to ucash (sp? was it?) mentioned above

                              H.

                              Comment

                              Working...
                              X