PDA

View Full Version : Question about computer hacking technology and how it works.



ironpony
08-13-2016, 07:23 PM
In my story, the villains have set up a website where they broadcast their crimes in videos for people to watch and the website is virtually untraceable. Kind of like what the villain was doing in the movie Untraceable (2008).

One of the cop's plan is to upload their own video to the website, making other characters think that the killers uploaded it, as part of their plan to catch the killers. Now in my research I read that a virtually untraceable website can be traced with a lot of work, down the road.

However, if the cops or the FBI haven't traced the website yet, could they hack into it, and upload their own video to it? If they haven't been able to trace the website yet, could they still hack into it?

Dennis E. Taylor
08-13-2016, 07:37 PM
The standard way to handle this is for one of the cops to have a nephew who is an 3733t hacker extraordinaire, who can write a program in 30 seconds on a phone (the old kind, with no keyboard). Or maybe he knows someone who knows someone...

Seriously, it requires inside knowledge, great skill, or dumb luck. Or a little of each.

Pony.
08-13-2016, 09:25 PM
How all that stuff works, we may never know. For about 70$ and some long nights spent studying you can find out.

https://store.boingboing.net/sales/computer-hacker-professional-certification-package-ceh-chfi-cism-cisa-cissp

AW Admin
08-13-2016, 09:27 PM
There's no such thing as an "untraceable" website.

King Neptune
08-13-2016, 09:30 PM
There are many traceroute programs that will find a site that is behind multiple aliases. Just search "traceroute freeware", and you will find what you want. Remember that if people can view videos that are on their site, then a browser must have been able to find the site.

Then there's the possibility of hijacking another site to host the videos.

P-Baker
08-13-2016, 10:09 PM
Now in my research I read that a virtually untraceable website can be traced with a lot of work, down the road.

However, if the cops or the FBI haven't traced the website yet, could they hack into it, and upload their own video to it? If they haven't been able to trace the website yet, could they still hack into it?

There is no such thing as an untraceable website, given the nature of web communication. What there is, though, is the heavy use of cut-outs, cracked servers, hijacked computers and others means of throwing up roadblocks so that it can be hard to figure out the origin of a particular file. Hard, but never impossible. The biggest obstacle in such a case isn't finding the hardware, it's locating the person responsible for it. If your villains are in China or Russia, that would keep the Feds off their backs because of our relations with those countries. If they're in a friendly country, our security people would get together with theirs, and the villains would be dealt with by the local law enforcement.

As for your last question, if uploading their own video is vital to their plan it would depend on who the target audience is. That is, they absolutely cannot use the same server if they haven't found it, and a truly savvy viewer would know how to check the provenance of the video and so would discover it's not from the villains. However, if these videos are meant to tittilate random viewers, then the Feds could easily fool that type with a fake video, so long as it looks similar to the real ones.

AW Admin
08-13-2016, 10:22 PM
These people wouldn't use a website; they'd use a torrent.

cmhbob
08-13-2016, 10:59 PM
The basic nature of the WWW is that websites HAVE to be traceable. How else would people link to them?

What you might mean is that the actual server is untraceable in the sense that the physical box - the actual location of the computer - is difficult to find. But even that is not really how things work. Once the IP address is known - and it has to be known in some form to be able to get to the files on the server, like the videos - the server can be blocked. You can obfuscate the Ip address by bouncing internet traffic around, but people are still going to be able to find the IP address eventually.

Your bad guys would be better off using sites like Liveleak or other video-sharing sites, where they're using someone else's bandwidth and hosting resources. There's less risk to the bad guys that way. There was a thread (http://absolutewrite.com/forums/showthread.php?320388-Where-to-post-my-sex-tape) in the last couple of weeks about video hosting that might give you some ideas.

You might consider something like Vine for a more modern idea, or Facebook Live.

jclarkdawe
08-14-2016, 12:50 AM
If you want as untraceable as it gets, you take a flash drive and record whatever, then send it by snail mail to someone who you think would be likely to post it. You'd want a flash drive that is not recorded at the time of sale. You're now into whether people can figure out who mailed a specific package. There are some hurdles here, including cameras, and fingerprints. There's also some ways for a flash drive to identify what computer it came from, but there are ways around that issue.

However, the question here is whether the police could insert a video into someone else's stream, without the owner of the stream knowing it was fake. It would present some legal issues, but more importantly, it won't work. An untraceable website or torrent is fed through multiple computers. The police would insert whatever they wanted as close to the source as they could. However, the bad guys know their source. They know their second site that they go through. All you do is check your second site and check what uploads have occurred. The police insert would not be there, therefore it was inserted by someone upstream.

More likely the police would say the video is bullshit with no one really dying and challenge the bad guys to prove it. It is frequently possible to prove that a video was spliced. It is impossible, other than through looking at the original film, to determine whether a video was spliced. Cuts can be inserted easily and if you do it right, you'll never see it. With digital recording, you can never "prove" that your video is the original, other than through eyewitnesses. And the police are going to be scoffing. They're going to ask for more and more "proof." This is how you catch the bad guys in this type of situation.

Jim Clark-Dawe

EMaree
08-14-2016, 01:48 AM
You could have them use a .onion site (https://www.quora.com/How-are-onion-sites-guaranteed-to-be-untraceable) on the dark web. I imagine it's not entirely untraceable, but the dark web is well-known enough through TV and news that most readers only need to hear it mentioned and they'll accept whatever hacker-y handwaving your story needs.

Also, it sounds super spooky and mysterious! THE DARK WEEEEBBB. The reality of it is a bit dull, but isn't that always the way?

AW Admin
08-14-2016, 02:01 AM
Insert Java Script in the video; there are multiple ways to do this, via one of the tracks, via embedded code in an image inserted in the video, etc.

The script essentially calls home and installs tracking code on every cpu it's on.

It could even collect the network card's MAC address.

This is a real-world fairly common technique, though usually used by the forces of evil.

EMaree
08-14-2016, 02:45 AM
Insert Java Script in the video; there are multiple ways to do this, via one of the tracks, via embedded code in an image inserted in the video, etc.

The script essentially calls home and installs tracking code on every cpu it's on.

It could even collect the network card's MAC address.

This is a real-world fairly common technique, though usually used by the forces of evil.

Oooohhh I love this.

To get around the untraceable website issue for this one, you could have the police's cyber security team target the video host instead of the crimes website. Video streaming is expensive, so chances are your crime-streaming website would be using some shoddy, advert-filled third party video host to keep their costs down. Imagine a clunky version of YouTube that doesn't bother to remove questionable videos, it just wants people to view their videos so they can serve pop-up ads and streamed adverts.

The cyber security guys could a) compromise the video host or b) just convince them to co-operate (often the easiest option) and then upload their own video with the Javascript exploit.

ironpony
08-14-2016, 11:05 PM
Okay thanks. Well even though the website or torrent would be traceable technically, it would take a long time, like even a few months or years, like silk road. I could have the villains upload their videos to a separate video streaming site, as suggested. But would a streaming site allow videos of real murders sent in by the killer?

King Neptune
08-15-2016, 06:00 PM
Okay thanks. Well even though the website or torrent would be traceable technically, it would take a long time, like even a few months or years, like silk road. I could have the villains upload their videos to a separate video streaming site, as suggested. But would a streaming site allow videos of real murders sent in by the killer?

"even a few months or years, like silk road"
Silk Road was traced everyday. Silk Road, as I understand it, changed IP address frequently. Tracing the website was not difficult, but tying the site to individuals was difficult.

P-Baker
08-15-2016, 07:25 PM
You're correct. It's never the hardware that's very difficult to locate, it's the people, and proving that they're committing a crime. Which is why any videos uploaded anywhere on the net will be easy to trace to wherever they're hosted, even if law enforcement might never figure out who uploaded them.

EMaree
08-15-2016, 09:12 PM
But would a streaming site allow videos of real murders sent in by the killer?

Y'know how I said in my last post "Imagine a clunky version of YouTube that doesn't bother to remove questionable videos, it just wants people to view their videos so they can serve pop-up ads and streamed adverts"? I can see how that would have read as entirely hypothetical, sorry 'bout that, but those websites are very real.

There are lots of video hosts out there that have a completely hands-off approach to what they host. And there are many, many corners of the normal (not-the-darkweb) internet that specialise in collecting videos of religious beheadings, snuff videos, live-recorded suicides, and murders caught on camera. People go and comment on it all, gawking and lol-ing at the gore. (*shudders*)

So yeah, all those gross gore websites find places to host their videos with no bother. A lot of the time it's from official sources, Fox News-ish channels in third world countries who want the page views a graphic murder video gets. Even Facebook quite regularly lets videos of beheading and murder stay up -- the reporting system there is bloody dreadful, and it takes ages for anything to get taken down.

ironpony
08-15-2016, 11:02 PM
Okay thanks. However, would the police or FBI have the power to shut down such a website? For example, in one of the villain's videos, he kills a cop, who was investigating them on the video, and says that any other cop who attempts to get too close will die.

Would the FBI attempt to get this video removed from a "clunky version of youtube", or would the FBI have no legal power and the video stays?

cmhbob
08-15-2016, 11:10 PM
It's going to depend on where the site is hosted, and if the country and the host want to play nice with US cops. That's why a lot of these sites are hosted overseas.

King Neptune
08-15-2016, 11:42 PM
In addition to the location of the server there is the matter of whether any crime is being committed by having it posted.

ironpony
08-16-2016, 12:21 AM
Well if the villains show the victim's face, and they can match the face to the victim, the cops would still consider the masked men in the video to be the prime suspects, since they are the only ones admitting to it, and have no other evidence to go on, since any DNA found on the bodies, are not on file. So the police will still treat them as the prime suspects, since the victim's face is consistent with the face in the video.

But I could write it so they are uploading to a site in another country, that and that the cops are able to join the site themselves, pretending to be unknown people, and upload their own video, pretending to be the villains, in order to get the villains, to react and flush them out, since they already have a suspect they are spying on, and will see what that suspect will do as a result.