How do hacking groups register domains remaining anonymous?

  • Let's take lulzsec as an example; they registered lulzsecurity.com. There are two problems that I don't understand how they solved:

    • They had to pay for it. Tracking down money is generally much easier than tracking down IP addresses. I assume they didn't use stolen credit cards (with all the attention they received, people would have quickly found out and taken away their domain).. And even with prepaid credit cards it's relatively easy to find out who bought it, with security cameras/etc.
    • They had to have played by ICANN's rules - again, because of the attention they received, if they hadn't people would have found out and they would have lost the domain. This means giving valid contact information.

    Somebody had to spell it out for me, because I wouldn't have guessed on my own: criminals purchase domain names using stolen credit card information.

    These guys view themselves as black hat activists, not theives. Using a stolen credit card would be stealing from a random innocent invidividual, which is not their thing. Bitcoins or prepaid cards are far more likely.

    @mgjk if only you knew then what you know now re: Sabu's cc theft :)

    I'm not sure what he did to earn the fraud charges. It would be profoundly dumb to pay for a highly trafficked domain with a stolen card. OTOH, I always told conspiracy theorists that the NSA would certainly never engage on mass orwellian espionage of the public because the damage to the reputation of the government would be so severe that they would be stupid to even consider it. Any level of dumb is possible.... this decade has been generally insane.

  • chao-mu

    chao-mu Correct answer

    9 years ago

    Here is one method of purchasing a domain name pretty close to anonymously.

    1. Use Tor. Understand its weaknesses
    2. Buy a prepaid credit card in cash, specifically one not requiring activation or signature.
    3. Randomly generate a full alias to use during online registration.
    4. Register an account at a domain registrar.
    5. Use the prepaid credit card to buy a domain.
    6. Repeat for other needed services.

    Note that 2. requires non-anonymous interaction and is therefore the riskiest. Let's try another path.

    1. Use Tor. Understand its weaknesses
    2. Randomly generate a full alias to use during online registration.
    3. Earn some Bitcoins anonymously online, thus seeding without human contact.
    4. Chose a domain registrar and DNS host that supports Bitcoins
    5. Repeat for other needed services.

    Step 3. in your second variant isn't trivial either.

    Step 1. in either. Understand that a large amount of the exit nodes can be compromised at any one time (Jul 2014) and that Russia is looking for several different ways of cracking the system besides providing exit nodes. NSA is only one of many who are honeypotting for your paranoia.

    @FiascoLabs any decent regitrar uses https. Also note that if a potential interceptor wanted to correlate their connections, they would need to control their local network/entrypoint **and** log its traffic continously, as they wouldn't know in advance when lulzsec was going to buy their domain).

    What about using hacked/public one time AP and Tor in step 1? This would sure provide very good anonymity as the potential interceptor would trace back to the hacked/public AP.

    Honestly, method 2 is more "sketchy", isn't it? If you're really paranoid, you could pay some kid a few bucks to buy a prepaid card (with cash, at Walmart = ya good, anyway); whereas "domain registered via bitcoin over Tor" is going to practically scream "PLS INVESTIGATE THIS FAKE NAME"

    I feel like the worst thing to do for anonymity in this situation is pay some kid a few bucks to assist in any way.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM