-2

When hackers use tor or irc or proxies to attack or use CNC servers behind these to evade. Why can't they be traced?

For example, something like wanna cry or any other known malware, when something is happening which is affecting globally then why can't they find the chain as every new proxy or VPN does have the IP from which they are connected from?

Even if connected to about 10 proxies and 10 VPNs we can always backtrack to the original source. And when things happen at such international levels, countries do there best to use all legal ways to find.

If today I have a VPN company and I get to know that I am stuck in some legal problem so obviously ill reveal the connections and logs and so would all the people in the chain. Finally reaching to the ISP of the source and then to the person.

Still, hackers evade how?

Bruteforce
  • 33
  • 8
  • Tor is untracable. That's the whole idea behind it. They use tor to connect to compromised servers. Same with payments which are made via tor as well. – Aria Jan 27 '18 at 09:21
  • unfortunately, tor is traceable! That's the world biggest misconception. The person having the access to the exit nodes does get to see everything and various other ways too – Bruteforce Jan 27 '18 at 09:34
  • 1
    Seeing the exit nodes does not make it tracable. – Aria Jan 27 '18 at 09:38
  • leave tor as of now, apart from tor the above-stated things answer those someone. – Bruteforce Jan 27 '18 at 09:44
  • 2
    *"And when things happen at such international levels, countries do there best to use all legal ways to find."* - that is a claim I very much doubt. This assumes that all countries share the same interest to find somebody who attacks a specific country. But, it might actually be in the interest of one country if a competitor gets attacked. – Steffen Ullrich Jan 27 '18 at 09:45
  • 1
    *"Even if connected to about 10 proxies and 10 VPNs we can always backtrack to the original source."* - this is also a just a claim without proof. I've voted the question down because it has several of such unproven and IMHO unfounded claims. – Steffen Ullrich Jan 27 '18 at 09:47
  • its an example dude not a claim – Bruteforce Jan 27 '18 at 09:55
  • you surely even wouldnt know what and where a connection is going via before reaching the final thing @SteffenUllrich – Bruteforce Jan 27 '18 at 09:56
  • 1
    @Bruteforce yes, that's a claim. Paragraphs 2, 3, and 4 describe your assumptions about how things happen and then you ask us to explain based on that foundation. We cannot. The explanation is that each of your assumptions is incorrect. That's how hackers evade. Countries do not cooperate, VPN companies do not share, there is not always legal troubles, and ISP might not care. So, to borrow from Buhddist tradition, the answer is "mu". There is no answer because you asked the wrong question. – schroeder Jan 27 '18 at 11:55

1 Answers1

6

By claiming that it should be possible to find the original hacker simply by tracing back all connections this question implicitly assumes multiple things which are not true:

  • All countries would need to work together to find the attacker because otherwise the attacker could just hide their path by connecting through several countries. But, this would mean that all countries must either have an interest in finding the attacker or that they could somehow be forced into helping. Given that some attacks are state sponsored in the first place or that it is in the interest of one country to damage another (competing) country it will not happen that all nations work together in all cases to track down an attacker.
  • Everything is logged and law enforcement can force parties to reveal the logs. First there are legal and illegal ways for an attacker to hide its way. Legal ways (in many but not all countries) are VPN or Tor. Some VPN keep logs, others claim to not do it. Most can probably be forced by the country they are in (but not by other countries) to cooperate with law enforcement. This is much harder with Tor which explicitly does not log and where because of the onion-architecture one would need to control many of the nodes to effectively trace the way of an attacker through the network. Given that different countries have interest in getting that much access it is unlikely that a single country or some cooperating countries get enough access to trace back an arbitrary hacker.
  • Apart from these (mostly) legal ways to hide the path there are also ways which are usually illegal: hacking the system of some innocent party and hiding behind this system when doing attacks. It is likely that the initially hacked system does not log everything which means that the attack might be traced back to this innocent system but not further.

Apart from these structural problems to trace back an attacker there is also a resource problem. Given that there is no trivial way to find an attacker lots of resources (i.e. IT-security experts and money) are needed. It is often not worth to spend these resources, especially not if the damage was low or if the attacker is probably outside the local jurisdiction anyway and thus cannot be made liable for the damage.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424