Hack in the Dark

Is spy software legal? Is hacking legal? How do you protect yourself?

Read this article about when it is legal to install computer monitoring software on employees, spouse, etc. http://spysoftware.redpill.co.za/2016/01/legal-to-monitor-employees.html The fact that you are reading this document means that you are probably interested in more than just monitoring an employee or a spouse … let me say that again: DO NOT BREAK THE LAW! That being said, lets say you are a hacktivist, hacking for a good cause, or an ethical hacker working as a PI, or even someone from the authorities busy with an investigation … what is and isn't legal is a grey area especially when it comes to the cyber world. It is better to be safe – so be a bit paranoid

How to protect yourself

If you are doing ethical hacking or penetration testing, then most of these steps will not be necessary. For educational purposes however, we will look at ways to protect your identity:

  • Create an alias and contact your target using the alias. Never send a payload as yourself. Although the level of trust might be higher and the target will be more likely to open the payload if he receives it from someone he knows, it is better to create an alias and spend a couple of weeks getting familiar with the target using your new alias.
  • Use fake details when creating an alias email account - but use believable info. No one is going to open and attachment from Jason Bourne.
  • Bragging – the one thing that gets most hackers caught! They do a perfect job that cannot be traced back to them, but then they need to go and brag about it. You say something to a friend, that says it to another friend, that ...
  • Gmail might ask to send a verification code to a cell phone number when you create a new account. Use a prepaid phone that cannot be traced back to you.
  • If you need to accept payments from your clients, use bitcoins and make sure you use the bitcoins in a way the the transactions cannot be traced back to you. Hide your IP and use a different bitcoin address every time.
  • When you purchase a domain for your con, use a credit card and details that cannot be traced back to you. You could also purchase a domain using Bitcoins or Pefrect Money. We will discuss this in more detail later.
  • Encrypt emails when you need to communicate with partners and hide your IP address (more on this later)

Work in the Darknet

If you think getting an IP address or account information from a gmail account is long legal process … think again! Have a look at the google transparency report below. They comply with thousands or requests for information about specific user accounts from authorities all over the world! https://www.google.com/transparencyreport/userdatarequests/?metric=users_accounts

In 2015 there where 68 908 requests where google provided data to authorities. You will also notice when you look at the graph that the number of requests per year is growing. Keep in mind, that this is just gmail. All other email providers receive similar requests. To be anonymous and to hide your IP address, you can work in the Darknet.

With the Internet one computer connects to another computer and it is easy to get the IP address of the original computer. On the darknet, the internet requests are bumped around on computers (or nodes) in a way that it is not possible to get the original IP Address. You use the darknet with special software like Tor. There are other packages that you can purchase that will hide your IP, but Tor is free and works. Tor can be downloaded at: https://www.torproject.org

Darknet Tor Project

Tor uses a network of computers to let your encrypted internet request jump around several computers. There is no way for the authorities to check who visited the website. To use Tor is easy, just install it and use Tor instead of your normal browser. You can still use your normal browser for activities that you feel you don't need to keep private.

Protecting your Identity when using redpill Hacker

redpill Hacker will not use the Tor network even if your Tor browser is open. It will use your normal internet connection.
Ways to protect your IP address when using redpill Hacker:

  • Use your laptop and connect to a public hotspot or an internet cafe (some allow you to plug in your own laptop or connect to their network).
  • Use a mobile connection with a prepaid cellphone card that cannot be traced back to you. If you want to be 100% sure don't connect from your home as the authorities will be able to get your general location from your mobile provider (not your exact location like GPS).
  • You could purchase software like HideMyIP that will mask your IP address for all internet activities on your computer and not just within a specific browser like Tor. However some of these software products might not allow some of the features of redpill Hacker to work (like uploading files to a website).

Things you can safely use Tor for:

  • Creating email accounts
  • Purchasing domains and website hosting
  • Social Engineering with the target
  • Bitcoin transactions
  • Etc.

All activities like creating payloads, editing templates, adding targets, you can safely do in redpill Hacker without needing to hide your IP. The only time redpill Hacker will connect to the internet and you need to hide your IP is when doing on of the following:

  • Testing an email account. You can add an account, but when you click on 'Test', it will connect to your account.
  • Creating a link payload.
  • Creating a website.
  • Sending an email from redpill Hacker (using the attack feature in redill Hacker).
  • Doing a dictionary attack.

Encrypting Emails

If you are working in a group or with clients, it is also important to encrypt your emails. An easy way to encrypt your emails is to use gmail with Mailvelope: Look at the video on how to send and receive encrypted emails: https://youtu.be/Ro3MSBS9w-A Note: The video also shows how to upload your public key to a key server. This step is optional and not needed as you can simply email your public key to the person you need to email.