MetaPhysical:



Bro,
STOP!

Any "publicly networkED" device registers itself for tracking, simple!

Notice i said "public" and i also said "networked"....and not "network" There is difference between the two.

If you are networked and access open infrastructure you submit yourself to tracking.

Nobody is looking to track you....you yourself willingly surrender your ip and the network your ip came from (which can be geo-tracked) to SS7 database and as well to numerous registers.

The duty of investigators is to access those databases, nodes and registers and find one person out of trillions of records. The cost is monumental and if a criminal activity has no value, even though it broke laws, more than likely it will be ignored.....but for reasons of forecasting a particular instance might be tagged.

Example - if I break into Ministry of Transportation Microsoft Exchange server and start snooping on email traffic but not doing anything to them...like stealing the files. This is unauthorized access and exploits. Its a violation of law. If there is no other instance of access it could be dismissed as a glitch and no one will come after me but nonetheless I will be tagged as a possible violator to watch for. If I could break into Ministry of Transportation I could break into Defense server....I could break into Aso Rock server.

So for anyone to come looking for you is a waste of valuable resource ....unless of course your exploits has considerable value that can influence commercial or security interests. But even at that....no one Agency has all the information to nail you. Your footprints are scattered as dots.......all over the internet and those dots needs to be connected together to build a case beyond reasonable doubt to get conviction. The dots are distributed into different proprietary resources and so all the owners of these resources collaborate and piece the dots together and the whole picture then emerges.

Let me share a secret with you since we are on this topic. If you think your smart phone is totally off network when you power it off you are a joker!

When you turn your phone off it still pings cell tower. Even if you dont send SMS, no multimedia (whatsap, twitter, fb, ig...), no talk, no data, .....your phone reports your whereabout to the cell tower. Given enough interest to come after you, security will penetrate your invicibility and snatch you up.

NGRsenate:


If you’re smart enough to break into a government server, you should be smart enough to cover your tracks.

It’s not one olaniyi somewhere applying for management job that you can easily track that will be breaking into high risk servers.

And of course, none of those breaking into those servers will be doing it on their personal devices or personal networks.

I put it to you sir that there are still some entities you yourself cannot track. When FBI cannot track some people is it now you?

Osama was caught because of a snitch, mind you. And if you know much of the high risk break ins like you say you do, you’ll know that they mostly work alone or in a tightly knit micro group.

You find someone who applied for a job doesn’t mean you have arrived.

There are people that will cripple all the bank networks in Nigeria, siphon funds and nobody will ever know who they are or even how they did it.

If a whole fbi still has to serve a warrant to get access to a resource they believe will aid their investigation, then who do you work for that has any power greater than that?

Tracing someone is not beans. It’s expensive, overwhelmingly expensive. imagine you have to trace someone who has bounced his connection through over 800 nodes, that’s more or less 800 ip addresses you have to trace(and please just don’t mention logging in on your personal device or anything, there are entities that don’t make mistakes), it can go to as much as 1500 nodes.

It’s even impossible if those nodes are outside the 5, 9 or 14 eyes countries.

I rest my case.

ConqueredWest:


You said it all.

For FBI to request google and co to release info in order to aid their investigation in order to get some certain criminals, it is a proof that some people are gurus in cybercrime.

One day, livebyday and metaphysical go jam such gurus.

NGRsenate:


If the fbi couldn’t get access to email(s), the last option would be to run a trace on ip(s) they find.

Due to the cost and if he used a vpn, they probably may not get far either; it also depends on how careful the person they’re looking for is with browsing on a private or public network and some other factors.

ConqueredWest:


You said it all.

For FBI to request google and co to release info in order to aid their investigation so as to get some certain criminals, it is a proof that some people are gurus in cybercrime.

One day, livebyday and metaphysical go jam such gurus.

MetaPhysical:


Reason fbi requested info from google is not because they could not access and retrieve the info themselves from google servers. Its because if they did they are also breaking into proprietary infrastructure to get that info. At trial and during cross examination the method used to obtain the info will be asked and if it appears that fbi hacked into non governmental resource the defense lawyer will have weapons to demand a mistrial on technical grounds. Fbi will lose the case. To win it...they are approaching with care and propriety.

Fbi breaks into russian servers....so who is google?

MetaPhysical:


----------modified--------
The dependency is not a credit to level of difficulty inherent in the cybercriminal's strategy but rather a projected desire on authority's side not to err and be embarassed.
-------------------

Reason fbi requested info from google is not because they could not access and retrieve the info themselves from google servers. Its because if they did they are also breaking into proprietary infrastructure to get that info. At trial and during cross examination the method used to obtain the info will be asked and if it appears that fbi hacked into non governmental resource the defense lawyer will have weapons to demand a mistrial on technical grounds. Fbi will lose the case. To win it...they are approaching with care and propriety.

Fbi breaks into russian servers....so who is google?

NGRsenate:


Of course. You’re right. But of what use will it be if there’s nothing that “leads” anywhere inside after hacking. A warrant is really all they need; much harder if the provider is outside the US though and not obligated to answer to the US.

The koko is just being careful. Google collects too many information, way too much info

MetaPhysical:


Google apps are open source. This means they are available free and accessible to anyone...but.....

The "but" is covered in EULA (End Iser License Agreement).

Your bank know more about you and have much damning information on you than google does. Are you aware of this? That doggone plastic you carry around reveals more about you than a browser does. .

We must not stop living because we dont want to be tracked...we should just have awareness of what we agreed to in EULA and hold google accountable if they exceed limits.

If you really want to hide behind a screen on internet and not be conspicous i suggest using virtual machine running on top a operating system. You can use xp if you have windows 10....or run in sudo mode in linux if you use mac.

MetaPhysical:



Bro,
STOP!

Any "publicly networkED" device registers itself for tracking, simple!

Notice i said "public" and i also said "networked"....and not "network" There is difference between the two.

If you are networked and access open infrastructure you submit yourself to tracking.

Nobody is looking to track you....you yourself willingly surrender your ip and the network your ip came from (which can be geo-tracked) to SS7 database and as well to numerous registers.

The duty of investigators is to access those databases, nodes and registers and find one person out of trillions of records. The cost is monumental and if a criminal activity has no value, even though it broke laws, more than likely it will be ignored.....but for reasons of forecasting a particular instance might be tagged.

Example - if I break into Ministry of Transportation Microsoft Exchange server and start snooping on email traffic but not doing anything to them...like stealing the files. This is unauthorized access and exploits. Its a violation of law. If there is no other instance of access it could be dismissed as a glitch and no one will come after me but nonetheless I will be tagged as a possible violator to watch for. If I could break into Ministry of Transportation I could break into Defense server....I could break into Aso Rock server.

So for anyone to come looking for you is a waste of valuable resource ....unless of course your exploits has considerable value that can influence commercial or security interests. But even at that....no one Agency has all the information to nail you. Your footprints are scattered as dots.......all over the internet and those dots needs to be connected together to build a case beyond reasonable doubt to get conviction. The dots are distributed into different proprietary resources and so all the owners of these resources collaborate and piece the dots together and the whole picture then emerges.

Let me share a secret with you since we are on this topic. If you think your smart phone is totally off network when you power it off you are a joker!

When you turn your phone off it still pings cell tower. Even if you dont send SMS, no multimedia (whatsap, twitter, fb, ig...), no talk, no data, .....your phone reports your whereabout to the cell tower. Given enough interest to come after you, security will penetrate your invicibility and snatch you up.

MetaPhysical:


Bro, Ive not claim any credits for anything here. Ive not told you i serve anyone. I have not even claimed any skill or knowledge or any know how.

Cybersecurity and law enforcement is far deeper and concerned with big fish....those who have people on payroll and operate a syndicate. Not the puperized model you described who buys a non published number and a camera-less device. Thats not a security threat to reckon....thats just a wanna-be rat looking for money to steal so he could buy a gold necklace and a range rover....and then post on social media for bragging rights.

Dude, batteries on mac computers are sealed in, plus macs have device trackers. Assume your mac is stolen in PortHarcourt. You report it and its tracked to a specific address and house number in Lagos. Many people faced with this choice would be wise not to go retrieve the item. Some stewpid ones would see a cause and be passionate to go retrieve the stolen item. It is not wise to spend 500,000 naira to go retrieve an item whose value is only half that cost. This wisdom applies as well when chasing and investigating online fraud.

When serious case is on the target investigators throw everything at it to bring the culprit down. They will even bait you into a fake corporation and play along and allow you to steal data and valuables. Its necessary to convince judge "beyond reasonable doubt"

I also want to correct your knowledge, it appears you have mixed some cyber-myths with the facts.

1. All numbers are accessible to emergency operators like 911, 611, 411 and so on...but it is not possible for a non-registered number to place call across carriers. Your attempt to do so will result in error. Calls are made across trunks and a number that does not have active translations will not generate SYN/ACK session with a 200 resolution....and will therefore not work.

2. To target a vulnerability and exploit it you must first break into it. No server, even in its default setting and basic configuration will allow you in without registration and authentication.

3. The only way you can avoid tracking and detection of any kind is truly not to use smartphone or pc and never to jump in to social media.
Are you aware that when you use google assistant or siri or any other voice assist application your voice synthethis and signature is stored in the cloud? If you ever use a device with face recognition or finger recognition....your biometrics are stored?

Unatrac, who reported being scammed, failed to follow standard accounting procedures. If they did Obi would have found it tough to scam them. The standard procedure calls for approval check-balance; which means there would be more than one authorized approval for amounts above a certain value. If they had that in place the CEO and the Accountant would have discovered much earlier that something was not right..

The company itself was engaged in some questionable practices....they were advancing money irresponsibly and may have blocked transparency to avoid detection....and so a thief becomes victim to a thief.


Abeg make we no argue blindly on this issue. Bottom line is, yes its possible to dodge detection but you will also not be active online to do so. You cannot be actively using internet and expect your activity or its source not to be detected....anyone that believes it lives in fools paradise!

livebyday:
Hello all ,

Looking at the recent arrest of high profile Yahoo boys Obiwanne there have been alot of conspiracy theorist about how his nairaland account played into this and I want to help.seperate facts from fiction.

Before I go further let me drop a bit of a clue into why I am doing this. I know someone who helps with digital forensic profiling or individuals, for NGOs, Embassies, law enforcement and such

For instance a recuritment firm hiring for an international NGO like Oxfam might want to vet the final list of candidates and this recruiting firm will send such a list to.him to screen out the red flags like , Religious hate, tribal hate, anti-Semitism , Homophobia etc..

Sometimes embassies who receive asylum applications from individuals claiming to be gay or whatnot send such lists to certain firms who engage my services to vet..

This individual traces digital foot prints and profile you... Even if it's one of your numerous Facebook, Nairaland, or Myspace account where you commented on how you hate bobrisky or how you wish gays are killed or how you wish , yorubas are wiped out by fulani herdsmen or how you believe ibos are pigs or how you think hausa fulani are all evil ... depending on what your applied for or the information the company is looking for
It will all show in your report ...

Sometimes companies request for certain information, like how this candidate leans in regards to violence against women.. so if you have ever made a post with one of your nairaland accounts in the romance section saying how some women deserve to be slapped or beaten well it will be found

I know you are wondering how possible this is when you may have even closed these accounts hence they read as nobody or deleted the posts on Facebook or opened over 200 accounts so you think surely it can't be traced ?

It can and it is very easy to do if you know how.. I won't go into details because that way you will know how to be totally anonymous hence making the person's work.harder so no.

But just know that you should keep track of people who follow you on this platform

Some of you whom I follow know why I do that.

My point is , all these TRIBALISM and Religious hate posts you make will only work against you in the ever competitive Nigerian employment market

As at last week Sage announced to their staff they are leaving Nigeria, so you have more professionals coming to join the unemployment market .

Alot of you who are in school posting tribal hate thinking for now you don't need a job just an internship well... Don't get discouraged when you don't get called up or retained afterwards

My advise start censoring yourself or live with the consequences.cheers


Cc: Mynd44 OAM4J

livebyday:
To the gentleman above who feels this is a stretch

9 years ago on this forum when.this prediction in soccer betting thing was new

Someone advertised just put a number I asked him to be certain it wasn't a scam he said it wasn't

Long story short he scammed me and blocked me on Whatsapp

Mind you this number wasn't a registered number

I traced him, found his four Facebook accounts, I found his wife's Facebook , his wife's mobile number and the church where they wedded, I sent him his wedding photos too.

None of this information was ever on nairaland, in his seven nairaland accounts he claimed he stays in Lagos , I traced him to jos in ,4 hours

His real name and his location in Jo's and sent all to his other number on WhatsApp he never posted on nairaland
He repaid me in full and interest begging not to be persecuted
I am.sure he is here and maybe reading this

This was 9 years ago

Don't be deceived, there is nothing like online anonymity, it's a myth In today's world. Any Yahoo boys that hasn't been arrested either hasn't stolen a serious amount of funds to justify being traced, or follows SAP protocols
Cheers

Sleevia:


I can not doubt your claims. I was here when SurveyProf or SurveyCash (can't remember which of the survey handle) was unearthing tracks of Omowunmi Allen on the thread titled Oruko Ti Ape Aigbe... It was an interesting thread, he was bring out her ids, location, bank details. Omowunmi Allen defrauded Amearon (i might have spelt that wrong), same Surveyprof did some dangerous tracks on one dude who scammed another... but unfortunately, some persons just fell into his trap and he couldn't be tracked.

Do not mind these guys... dem no know wetin dey.

tpiar:
It's called www for a reason, the problem isn't only facebook and nairaland, neither is it necessarily what you put online.

Web is the operating word.

watino:
Very informative thread.
God bless you guys.
I would like to learn cyber security. I am ready to study and find a job with it.
Anyone interested to teach me?

MetaPhysical:



I will not recommend learning cybersecurity online. Get into a training class. Use a hands-on approach. If you are lucky to find a good class you can kill two birds with one stone, get a network cert and also security cert. On the low end of salary range, guaranteed $60,000 for a rookie working for bank, $80,000 if you are in oil & gas. . Oh, thats dollars, in case you didnt see it!

watino:
Thanks bro,
Could you recommend any good place to study that?
God bless

Sleevia:


I can not doubt your claims. I was here when SurveyProf or SurveyCash (can't remember which of the survey handle) was unearthing tracks of Omowunmi Allen on the thread titled Oruko Ti Ape Aigbe... It was an interesting thread, he was bring out her ids, location, bank details. Omowunmi Allen defrauded Amearon (i might have spelt that wrong), same Surveyprof did some dangerous tracks on one dude who scammed another... but unfortunately, some persons just fell into his trap and he couldn't be tracked.

Do not mind these guys... dem no know wetin dey.

Charleys:
Livebyday can you travel me...
50K if you can do it.

surveycash:


Definitely not Surveycash

Basher8583:


I'm not here to teach you hacking/forensic models (Not obligated to by law). Just to let you know what you know is just a scratch on the surface. I was almost compelled to provide you a 2nd screenshot which will clearly meet your expectations but that will too much info.
Summary is that you can be traced if needed.
Now for the tips you require. I will give you a few more. This will focus on TOR usage for anonymity since that's what you require. There are several mistakes people make while using TOR believing they are anonymous. Lol
1. Tor is as safe and anonymous as the the user that uses it. You don't use it well you get busted. Avoid using Tor browser on your mobile phone. Nothing is anonymous there. Tor is just an application on a bigger app which is the phone os. You are better off using Tor on a well sanitised PC.
2. You should never maximize your Tor Browser window. By doing so, websites can determine the size of your device’s screen, which can narrow down which device you are using and help those sites track your activity.
3. Don't try using BitTorrent over Tor. Torrenting sends out your real IP address when tracking your GET request, fvcking you up big time.
4. Never open documents you downloaded through the Tor Browser while online. These documents could contain flags that can reveal your true IP address. You must disconnect from the internet first to view the document.


Now this is the last discussion I will have on this.

Have a nice day

livebyday:


Not necessarily

I m happy with alot of sound minds on this thread I opened

Cheers to colleagues in the house like Basher8583 & MetaPhysical

Maybe we should talk about having a dedicated cyber security thread on this forum especially with the how advanced cyber crime is now

To my earlier comment there is actually a used code one can send offering any service once you open I can get all your info without you replying

The rabbit hole goes very far my friend Nigerians just don't know what's going one ...

Unfortunately only these criminals fraudsters are making strides


They travel to China and Taiwan to get high level decrypters and spoofers

Gentle men are you aware there is an illegal network run in Lagos , Abuja , Bayelsa and Kano here in Nigeria ?

There's guys have hacked into MTN and Globacom masts and broadcast their uw network hence running simcards , doing wire transfers and aiding Terrorists and corrupt politicians move funds around?

Anyways the FBI and.interpol are on it , a young man who helps with running this was picked up in nyanyan in Abuja last week.

Basically the network infrastructure is placed around the city in some people's apartments and they fit a generator an inverter and a laptop for the admin to ensure the network stays up

They have their own network , not mtn, not glo not Airtel or 9mobile

They use this network to do all their correspondence

Cheers