11

I see nobody here has asked this question. What if one, instead of just using a single proxy, connected a proxy-to-proxy in a very long chain and downloaded something (illegal) using secure packets (so no one can see what OS, etc.) through the long chain of proxies back to them?

Wouldn't it be too wasteful to go through dozens of proxies finding the last log from the last proxy to continue finding the proxy before that, etc., for authorities to bother with or time to spend for it?

Also, what if one placed an illegal ISO, say, on a cloud server from a chain of proxies, and then, from another device using the same method, one could download the file, and nobody could:

1.Tell who uploaded it without extreme difficulty, if even bothered/possible.

2.Tell who downloaded it, or whether or not anyone can prove that what one uploaded through the chain is illegal in the first place, and that the downloader has knowledge of this(e.g. name similarity, mismatch, misidentification of file name, hard encryption format that the downloader only knows the key to).

So here's my overview:

Does a chain of proxies make it harder and harder for authorities to trace the original IP?

Can't hard encryption prevent anyone from identifying what a file contains if one can't decrypt it, thus, letting illegality off the hook?

Nomad Cla
  • 111
  • 1
  • 1
  • 3

7 Answers7

13

The way an investigator would trace a multi-hop connection to the original source is to follow each hop, and examine either the logs (if the connection is closed) or the network state (if the connection is ongoing) to see where the next hop goes. This can get very difficult if the hops cross political or jurisdictional borders, since the cooperation of multiple authorities may be necessary (and they may not want to cooperate), and more difficult still if the hops involve organizations which do poor security and logkeeping. Depending on the resources of the investigator, tracing such a connection can range from annoying to difficult to simply impossible.

As an alternative, the investigator may look for information leakage through other channels; perhaps the same username or cookie shows up under a different IP, for example.

If the cryptography is done correctly, then it is impossible to tell a file's contents just by the encrypted container, which is the point to cryptography. But to convict a suspect, the authorities need only to convince a panel of jurors that a law has been broken, or in certain cases simply that it was the defendant's intent, which means that decrypting the file may not be necessary. If the corresponding forum post says that the file contains an encrypted copy of X, that may be enough.

Dirk Diggler
  • 103
  • 3
tylerl
  • 82,665
  • 26
  • 149
  • 230
  • nice explanation – Kiwy Jan 06 '14 at 23:29
  • 1
    **One boarder crossing** (e.g. U.S. – China) is in most cases sufficient to provide a very difficult to localize source. Look at the actual huge amount of **connection laundering** through China. This connection laundering is hard enough to analyze that a lot of stupid dummies disseminate the urban legend that attacks are **originating** from China. – dan Jan 07 '14 at 14:53
  • As another leakage of information through an anonymisation chain of proxies I frequently saw, you may quote the field `User-Agent:` within headers of E-mail. – dan Jan 07 '14 at 15:12
2

You've asked two questions. The answer to the first is that it depends on who is looking. If it's a private firm trying to trace the source of a hacker, they likely will be stopped by a proxy server hosted in an unfriendly country. If it's "the authorities", then you're asking us to speculate on the capabilities of organizations like the NSA. We don't know all they're capable of, but they are certainly capable of correlating packets that leave one place within their reach and arrive at another. They have attempted such against Tor.

The other question regarding the "legality" of encrypted files is that illegal content is illegal, regardless of encryption. They may not even have to decrypt the file, if they have a hash from a file from someone else that is encrypted, they can connect you to the original. If "badsite.com" hosts evilmalware.pgp and gets busted, and the MD5 checksum of the file is 12345, and you also have a file on your machine that has the same checksum, that would be sufficient evidence for most investigators.

John Deters
  • 33,897
  • 3
  • 58
  • 112
2

If you are referring to http proxy servers: many proxies add forwarded-for and via headers to the http request. If the proxy is not configured to anonymize traffic, proxy log access may not be needed to determine the origin of a request...

KristoferA
  • 347
  • 3
  • 11
0

Well depending on the amount of illegal stuff we are dealing with
(because if it's illegal enough and you have to deal with the capacity fo an secret service or an army your chance of being find in the end are high)
, let say that for regular Police the use of a lot of proxy crypted or not will make the task to find you very hard.
But if you are for example american and all the proxy your are using are in USA then it will take time but according to law all proxy need to keep log and you need to give access to the server if law enforcment ask for it.

What will make your experience secure is the level of trust you can have in all your proxy, if you have for example one proxy in Iran one in China one in Russia one in UK and one in USA, then there's chance that the only way to find who was using those proxy is to hack into them and reads the logs.

Considering the hiding of your action then your end point will anyway end on internet and your actions could be find anyway, so the most important point here is the level of trust you can have on your proxy, exactly the same as the TOR network.

Kiwy
  • 323
  • 1
  • 13
0

If you're talking about proxies and not VPN's, i can almost guarantee they all keep logs, in other words, they all keep information about who's IP was logged in at that time and what did it do etc.

It can make it harder/longer to trace, but, it can be traced.. depending on why should authorities be searching for it, they could easily emit a subpoena via the legal courts and have the data brought to them by the company/person hosting the proxy.

They could indeed tell who uploaded it by using a subpoena, or just seizing the host servers if they don't comply (depending on which motives they are doing this).

And, if you could invent an encryption that can't be decrypted, you would work for NASA... of the jokes, yes, encryption may help... but if authorities real want and gather your stuff, i'm sure they would decrypt it.

You can't be much anonymous online if you don't use a VPN that has no logs, (which, some may say, doesn't exist.) I'm not into it, so i can't tell myself.

SomeNickName
  • 219
  • 1
  • 8
0

make tracing the original IP harder/impossible?

Harder? - Yes.

Impossible? - No.

Like a security, anonymity is a process, it is struggle of shell and armor.

If you are already familiarized with armament of NSA, here, you probably believe that first points dominance - IXP are under their total control.

That is why, they invite leaders of Tor project to their conferences.


You may setup Proxy Servers/VPN by yourself, without logging. It will prevent The ANT division to gather any information about connections.

Further, timing attack on the IXP's side. - Hmm, make some noise? Add delay. (:


You are really should read about Tor project, they are trying to solve the same task.

0

If you are hopping through multiple Proxies that are not leaving traces on your traffic, are encrypted and are not able to be subpoenaed - it can be very difficult. If you have garnered enough attention and the traffic flows can be monitored globally, traffic analysis may reveal your IP. Say that you download a Gig of 'illegal' data from a file share through your chain of proxies. Everywhere along the way, an analysis can be done at each of the nodes to watch 6 gigs flow in and then 6 gigs flow out. This could lead straight back to your IP. But this kind of detection garners a significant amount of efforts and assets to undertake.

ChrisLoris
  • 151
  • 5