1

It got me thinking recently. Wouldn't a fake/incorrect address be enough to deter investigating/finding a criminal via cyberspace? The reason we know it's so easy to find someone is because they give their real address/info to an ISP -- so obviously with this info they can easily get to someone's residence.

What if you sign-up for some kind of ISP/service while:

1.Giving a different name/alias than your birth/real name (usually allowed).

2.Do so online (anonymity -- you can use any kind of library, cafe, public IP, VPN, etc. with a throaway device) and thus nobody can see/know who is signing up and can't act as a witness for someone.

3.Use some prepaid card/etc. that was also registered with an alias and has no real address linked.

4.Do something blatantly illegal using this ISP (which doesn't have a social security number since it's not require -- i.e., you can get a phone service with ISP and do not need SSN/etc. in the U.S. -- and also no real name, number or address to where they can provide authorities any real kind of leads).

How could they find the person? If they use the ISP given, it can be local or remote. If it's remote they can try and ask the company for info, but the company will only give the info they got and it's insufficient to have any possible leads with an alias; no social security number; and no real address.

You can argue it's possible to narrow down where the person could live, but they could move. Also, nobody knows what they look like and could be using highly anonymous means (i.e., very secured operating system leaving no means of a network trace). With all of this it seems theoretically impossible to identify any criminal. Payment method has no easy trace; everything could be done online these days and fake/wrong addresses are among the easiest things to provide. Face is unknown due to internet anonymity from the very source to the very end of the means of a crime.

Using the internet isn't like a phone call -- you can't merely triangulate/narrow down an exact location a person is connecting from if there is no way to find GPS traces/etc. from such a device.

On TV shows like Criminal Minds they make it seem like they can super-easily trace and lock-down even the smartest criminals, but I'm skeptical that in real-life these methods are anywhere comparable. Also, with zero leads and no address/name I'd imagine most authorities would give up.

So how easy is it really to be untraceable or theoretically untraceable given the ease of fake info/no face/no traces or leads/no social security info/addresses/lack of details to even begin identifying?

Not Trolling
  • 11
  • 1
  • 1
    What kind of ISP? It'd be a lot harder to do this with ADSL than with satellite internet. – forest Dec 21 '18 at 00:36
  • To echo @forest - an ISP provides your connection to the Internet, so they have to know where you physically are in order to do so. Unless maybe you mean something else by "ISP". – Mark Beadles Dec 21 '18 at 00:40
  • 1
    @MarkBeadles WISPs don't need to know exactly where you are, but many kinds, like cellular networks, can triangulate your location from individual cell towers. – forest Dec 21 '18 at 00:42
  • 1
    if you want an internet wire to your home your ISP needs to know your address and thus you're identifyable. There are already plenty of guides and technologies out there discussing internet anonymity: signing contracts under false name might be a good or bad idra depending on where you're doing it. Here in germany I wouldn't do it. Theoretically it's much more trouble-free to just not have any ISP contract yourself but use the local library or starbucks for internet. – BlueWizard Dec 21 '18 at 00:44
  • 1
    But please know that these places know their locals. When you always log in tuesday afternoon and you're the only person who is _always_ there tuesday afternoon for the given timeframe then it's fairly "obvious". That's how they got Dread Pirate Roberts. – BlueWizard Dec 21 '18 at 00:45
  • @BlueWizard Tor + good OPSEC is usually enough. Compartmentalize activities for bonus points. – forest Dec 21 '18 at 01:22

1 Answers1

2

This depends entirely on the type of ISP you had in mind. Wired ISPs need to know your physical location in order to wire up your house, or at least they need to be able to tell contractors where you are so they can connect you to the ISP's Point of Presence. This includes dial-up, DSL and variants, cable, fiber, etc. If you give them a fake address, they aren't going to be able to provide you with any networking services.

There are also Wireless ISPs, or WISPs. You can theoretically give these ISPs a fake address or purchase it anonymously, but many of them can still locate you if they need to. Cellular networks, for example, can pinpoint your location by triangulation using multiple cell towers. One way to mitigate this threat would be to move to an area that is serviced by only one tower, making triangulation impossible. Another partial mitigation is to configure your cellular receiver to connect to the most distant tower it can rather than the closest, which can fool geolocation to a limited extent.

It would be easiest to be anonymous with satellite internet, assuming of course it was either purchased anonymously or obtained illicitly without a subscription (there are various guides to do this, but it requires building your own satellite equipment). As far as I am aware, it is very difficult to track bidirectional satellite internet when registered under a false address without expending considerable resources to track the location of the satellite dish on the ground. It would require a lot of time and a specialized plane to locate you. Note that both HughesNet and ViaSat in the USA send data through L3, which was found out to be one of the companies sharing information with the NSA. If your threat model is such that anonymity at the expense of privacy is acceptable, then satellite internet may be what you want.

forest
  • 64,616
  • 20
  • 206
  • 257