Offbeat

Virtual Private Networks and the hidden IPs: Law in Motion- 27 by Rupin Sharma

Virtual Private Networks and the hidden IPs: Law in Motion- 27 by Rupin Sharma

Kohima, May 14 (NEx): An article in Law in motion (27): Cyber Crimes- 11 written by Rupin Sharma, IPS.

Topics covered are:

1. Is the use of VPN an absolute safeguard and security against attacks?

2. What can Police Do to access VPN Logs?

3. Can a VPN really hide you from the police? Is the anonymity absolute?

4. Can a VPN really hide you from the police? Is the anonymity absolute?

5. How does police deal with VPNs?

6. How can LEAs detect VPN usage?

7. How can the Police or Victim find out more about a VPN or narrow down on a VPN?

8. What is a decent advice to someone who thinks he can escape using a VPN?

Law In Motion- 27: Cyber Crimes- 11

Let us briefly continue with the Virtual Private Networks and the hidden IPs.

1. Is the use of of VPN an absolute safeguard and security against attacks?

It is very much possible to know your location even if you are using a VPN. Your VPN can leak your DNS and hence you can be tracked. Similarly, if your device GPS is on, then your VPN is of no use.

Most devices don’t change device Time Zone automatically unless you are using VPN within a router like DD-WRT. Therefore, your time in your system will at least make it clear that you are using VPN.

Most VPNs maintain logs from which IP you connected to their service and that can help to track the exact location from where you are using the device to connect to their service. However, the VPNs do not give away their logs to anyone or without due authorisations.

Most VPNs keep up logs from which IP you associated with their administration and that can assist the Law Enforcement Agencies whenever required. They can provide details of the specific area from where you are utilizing the gadget to interface with their administration.

2. What can Police Do to access VPN Logs?

It is a very simplistic statement to premise that “Police will just contact VPN company”. For example, it may be extremely difficult to get the VPN logs from a VPN company which is located overseas. These usually involve complicated and tedious processes of International Cooperation through Mutual Legal assistance Treaty Requests or requests based on ‘reciprocity’. Imagine the difficulty if there are multiple VPNs involved across multiple jurisdictions. It could take months or possibly years to get the required information.

3. Can a VPN really hide you from the police? Is the anonymity absolute?

No, not even a little bit. Every single VPN operator that is providing service would usually respond Law Enforcement Agency (LEA) request.

Though usually getting the VPN or internet traffic information is a time- consuming job, but if the crime is serious enough like a terror attack/incident or drugs trafficking or a murder or any incident which adversely impact law and order, the law enforcement agencies can get their act together very quickly and trace/track you very quickly.

A VPN may be able to merely make it slightly cumbersome for LEAs to try and fetch the details in low priority investigations.

However, if the VPN provider says that it does not keep logs, it merely gives the LEAs the authority to grab everyone’s traffic from the VPN provider and then “isolate your traffic.”

4. Can a VPN really hide you from the police? Is the anonymity absolute?
No, not even a little bit.

Every single VPN operator that is providing service would usually respond Law Enforcement Agency (LEA) request.

Though usually getting the VPN or internet traffic information is a time- consuming job, but if the crime is serious enough like a terror attack/incident or drugs trafficking or a murder or any incident which adversely impact law and order, the law enforcement agencies can get their act together very quickly and trace/track you very quickly.

A VPN may be able to merely make it slightly cumbersome for LEAs to try and fetch the details in low priority investigations.

However, if the VPN provider says that it doesn’t keep logs, it merely give the LEAs the authority to grab everyone’s traffic from the VPN provider and then “isolate your traffic.”

5. How does police deal with VPNs?

Most of VPN services require the users to download and install client software in the users’ PC. Since a client is installed and links to the VPN server, it is easy for the client software to know a VPNs IP address and vice-versa.

However, if the VPN, is set up in a different country from the police or LEAs, it would be quite difficult to track or trace the user due to issues of territorial or jurisdiction coordination and conflicts.
There can be some other reasons too:

The proxy server at the use end of the VPN starts a whole new session, using its own IP address, to send your data. User’s IP address is stripped out completely and replaced by the VPN proxy’s IP.

The VPN service provider may or may not keep logs that show when your IP made a connection. They are unlikely to share that information with anyone unless required by law enforcement.
They might not keep logs at all.

Law enforcement in one country would have no jurisdiction in another country, so they would have to be able to persuade their counterparts in the other country to become involved.

If the traffic or the VPN connection passes through several anonymizers, the originating IP becomes very difficult to trace.

However, from a LEA perspective, to establish the VPN connection between your PC and VPN servers, the VPN server must know your IP Address. A connection with the server needs to be established which means that packets of data with IP signatures are sent/received by the server of VPN. Therefore, the server still would know the user’s IP address, the user sends the IP packet to the VPN server, and the VPN server sends it to the real destination. For sending IP packet to the users, the VPN server must know the user’s IP address otherwise it doesn’t know where the packets are to be sent.

Your VPN still runs from your IP address to the VPN server. Your ISP can still see all the packets running from your computer to the VPN server, and although they may not be able to decode the contents or final destinations of them, they can usually still identify the kind of traffic.

However, from an LEA point of view, if the user uses his regular browser, even on VPN, the user will be exposing all of your cookies, and websites will come to know the user’s real identity because the IP address is usually immaterial to them. Thus, the LEAs can ask the service providers for details.

6. How can LEAs detect VPN usage?
Here are possible pointers for LEAs:

-VPN services have a list of blacklisted IPs and a website can use it to compare this with their visitors’ IPs;

-Numerous accounts created from one IP address;

-Geo-location inconsistency whereby an account registered in one country seems to receive data from another country;

-A lot of encrypted data moving to an unknown location;

(a) Non-technical indicators

Human errors and daily habits like specific websites being visited or net-surfing schedules can be give-aways to persons using VPNs.

(b) Unintended network traffic

Most VPNs come with a server-client configuration where the client is to be installed on user’s computer. It is not easy to make sure that all traffic flows through the internet only when the VPN is on. Sometimes, the computer could re-boot or the internet connectivity might be cut short. There is nothing that can be done if a system reboots itself and the real IP address can be given out at this juncture.

(c) Leaks from careless human OpSec (operational security)

Observers can check activity cycles to detect a targeted individual’s time zone or special characters in messages that pinpoint a particular language that corresponds to a particular country.

(d) All data packages directed to one IP address

Normally, people request information from numerous sites and every site has its own IP address. But when a VPN is used, all package are destined to a single server. If a package capture reveals that a device sends all its traffic to one IP, this is a clear sign of a proxy or VPN in use.

7. How can the Police or Victim find out more about a VPN or narrow down on a VPN?

When a company registers, they disclose the company name. This goes into a database with every other IP. It is public information. When any of the RIRs are queried, one can get the following details:

Name/Designation of Contact person, Name of the Company, Street, City, Street/Province, Postal Code, Country, Registration Date, Last Update of Registration, Phone Number, Email address etc.

Having obtained this information from the RIR database, a quick Google search reveals what they do. All this data is easy to obtain.

8. What is a decent advice to someone who thinks he can escape using a VPN?

Any expert who looks at or analyses the internet traffic cannot be tricked by you using a VPN. Experts might not know exactly where your traffic originated, but the fact that you are using an anonymizer service for part of the journey is not a secret. This is also, by the way, why personal VPN services are a bad idea for security.

The bottom line is – you leave your contact on the internet, it is your signature and fingerprint. Depending on the seriousness of the crime committed, there are very little chances of escape if the crime is serious enough to attract attention.