Deanonymization: how to avoid falling for the tricks of attackers

Deanonymization: how to avoid falling for the tricks of attackers

We talk about Internet security very often, because this is a truly pressing problem for many modern users. But not everyone pays proper attention to this. In particular, have you personally thought about what would happen if your personal information ended up in the hands of cybercriminals? And the most dangerous thing in all this is that absolutely anyone can become a victim of attackers, regardless of gender, age, preferences and even online activity.

Now let us dwell in more detail on such a concept as de-anonymization. Let's describe what it is and what types there are. Let's talk about the ways in which attackers can disclose your personal information, and here are some of the most common solutions. We'll show you how you can provide yourself with a sufficient level of protection. Now let's talk about everything in order.

What is de-anonymization?

Surely you have already heard about such a concept as anonymity on the Internet. This is what will allow you to visit different sites, send online messages, without fear that your personal data will be disclosed. And in parallel with the anonymization of actions on the Internet, there is an opposite term — deanonymization.

Deanonymization, or as it is also called deanon for short — is the process of collecting information about users on the Internet for the purpose of disclosing it. So, they resort to a similar solution if they want to determine the author of an anonymous blog, find the person behind a popular development, find a member of a hacker group, etc.

The digital footprint plays a significant role in revealing one’s identity. This is the data that we, either through carelessness or simply because we don’t want to bother, leave behind on the Internet. This includes a huge amount of data:

  • telephone numbers and email addresses;
  • contact details, phone numbers of friends;
  • residence address, taxi routes;
  • history of flights, trips;
  • photos, including intimate ones;
  • store databases;
  • bank accounts;
  • information about personal property;
  • left under posts in comments, likes.

All this and much more is already online. All those sites that you open, all those parameters that you enter on the Internet, are recorded and stored on the servers of the applications you use. And in this case, we can only hope for the decency of the resource owners or employees who serve them. But if one of them makes a mistake by mistake or on purpose, then all this information may fall into the hands of unscrupulous individuals. And who knows how they will use it. They may pretend to be bank employees and try to withdraw money from your card or sell you to advertisers who will bombard you with advertisements. We can talk for a very long time about how this information will be used, because attackers are constantly expanding their skills, coming up with new ways and tricks to make money from ordinary network users, moreover, through deception and theft.

We would like to immediately draw your attention to two related techniques that are also used by attackers and with which de-anonymization is very often confused:

  1. Doxing. This term has become a derivative of the English word docs, that is, documents. It also involves gaining access to personal data, but only the purpose is already known — blackmailing a user by publishing personal data. Last year alone, over 40 million US residents faced a similar problem. A similar study was conducted by Kaspersky Lab on the Russian market. The results showed that over 20% of network users became victims of blackmail, and another 60% consider the level of protection of confidential data that is currently provided on the network insufficient and that their personal data is at risk. And whether to respond to this blackmail or not mainly depends on what information ended up in the hands of the attackers. It’s one thing if these are comments, likes on posts, and quite another if these are personal photos or bank details. Here people have to accept conditions for criminals.
  2. Swatting. This is also part of de-anonymization. After the attackers gain access to your data, they will report a false crime on your behalf to the appropriate structures. Not only cybercriminals are into this, but even schoolchildren who bomb schools by phone in order to skip classes. But if in the second case the “false miners” are easily identified by the relevant structures, then cybercriminals act much more carefully, building complex chains of interactions. And their goals can be different, ranging from deliberate persecution of the victim and up to putting pressure on government agencies.

That is, both of these techniques — These are derivatives of de-anonymization. It’s just that the purpose for which this very data is being stolen is already clearly present here.

Main types of deanonymization

There are 2 main methods of de-anonymization on the Internet:

  1. Passive. This involves collecting data from any publicly available sources. These can be public databases, various social networks where the user is registered, Internet resources, in particular networks that require personal user data during authorization. By and large, there is nothing illegal in such actions, since the attacker is simply systematically collecting data that is freely available on the network. And the problem here is that you, as users, leave behind such a tasty trail for them.
  2. Active. In this case, it is assumed that cybercriminals use active methods to collect user information. This could be phishing, a JavaScript attack based on the presence of vulnerabilities in the browser and, accordingly, gaining access to the user’s device. In particular, attackers are primarily interested in the IP address of a personal computer, all saved documents, the history of visits to Internet sites, social networks where the user was registered.

A cybercriminal can achieve his goal in different ways. Let's look at the most common solutions in more detail.

Deanonymization methods that are most often used in practice

Modern attackers, in order to reveal personal data of users, can resort to different methods depending on the initial task, as well as the technical capabilities at their disposal. The most common methods include:

  • Network traffic monitoring. It assumes constant control by the attacker over all actions that the user performs on the network. Thanks to this, you can identify his device and reveal the IP-address. This will not be a problem and will not cause any difficulties if the user does not use VPN or mobile proxies in his work , browsers that can provide a sufficient level of anonymity.
  • Data correlation. In this case, it is assumed that cybercriminals will combine information obtained from various sources in order to find out the information they need, in particular the identity of a person. In this case, social activities on the same social networks, forums, written comments, as well as other sources containing public user data are analyzed.
  • Checking metadata. These are the parameters that contain detailed information about each message or file that is sent over the Internet. Information such as the date and time of sending, geolocation and a number of other parameters will be present here. The information obtained will also allow attackers to identify the real identity of the user.
  • Phishing. It involves a hacker attack on a user's device in order to determine personal data, in particular logins and access passwords, including to bank accounts.
  • Analysis of behavioral factors. By understanding how a network user behaves, a skilled hacker can easily figure out the real identity. Here attention is paid to preferences, communication style, interests.
  • Attacks on anonymizers. For the most part, browsers that provide anonymity for user work on the Internet are subject to similar effects, such as the TOR browser.
  • Use of malicious software. If such software gets onto a user’s device, an attacker can easily gain access to the PC, and at the same time to all the information stored on it.
  • Hacker attacks on sessions and cookies. This is what the system uses to track user actions. True, initially this was necessary in order to provide the most correct and quick answers to user requests. But today, unscrupulous individuals often take advantage of this opportunity.
  • Interception of communications and their thorough analysis. We are talking about emails, as well as any other interactions between network users that can help attackers identify people's personal data.
  • Social engineering. Quite an impressive set of measures aimed at deceiving users. The attacker makes sure that the person voluntarily reveals his own data to him and even, for the most part, gives him money. But here we need to find vulnerabilities, and then use them in practice.

How users are de-anonymized

You can obtain data about Internet users in different ways. All kinds of streaming services, marketing agencies, brands, providers, suppliers and vendors of software, smartphones, Bolsheviks and other digital devices can take part in this. We have only listed categories that know personal information about users, although they do not directly use it to harm their customers and do not plan to sell this information to third parties. In this way, they simply collect a portrait of their target audience in order to personalize advertising, and with it the goods and services provided.

But the majority of Internet users, without realizing it, reveal quite a lot of information about themselves, including information that should not be public. This means that an attacker does not have to spend much time and effort to obtain the user information they need. Moreover, today there is an effectively working technology for collecting data about individual users or companies from open sources. It was called OSINT — is an acronym for open source intelligence. It was originally created more than 80 years ago by US intelligence services and during this time has not lost its relevance. Today it is used by detectives, journalists conducting their own investigations, and social engineers. Hackers have also adopted it to collect user data.

The most popular methods of de-anonymization performed through OSINT technologies include the disclosure of personal user data through:

  1. IP-address of the user device.
  2. Social networks.
  3. Phone number.
  4. Photos.
  5. Databases that someone leaked early to the network.
  6. Cookies.

Let's consider all these points in more detail.

How deanonymization is performed by IP-address

IP-address — This is a unique code that is assigned by the provider to each user device that connects to the network. There is no secrecy here. This address is necessary so that the server can see where to send the response to the received request. That is, the IP-address is identified by each website you connect to. For the most part, this address is linked to geolocation. That is, if an attacker finds out your IP, he can automatically determine not only the country where you are, but even the city or region.

But be aware, it is not possible for them to determine the real identity of the user, since only the provider knows who exactly is hidden with him at certain addresses. And these unique identifiers are stored on its servers. And not every attacker will be able to gain access to them. But alas, this cannot provide you with protection from the disclosure of personal data.

Today, Internet attackers have at their disposal a variety of utilities that will help them find out all the necessary information about the user via the IP address. The most common solution here — sending a series of requests to the router. In practice, there have also been cases when hackers contacted providers on behalf of the services, asking them for information about a person hidden under a particular IP address under the pretext that illegal actions were carried out from him.

What is de-anonymization through social networks

Those Internet users who have open profiles on social networks could encounter a similar phenomenon. You just need to enter the user's first name, last name or login to find detailed information about him. With the help of modern Telegram bots or specialized services, you can find all the photos that you once published, the comments you left, track all the changes that were made to your profile, and see hidden friends. That is, if at some point in time you created an account on one or another social network, then if you wish, you can easily find it. And it doesn’t matter that you haven’t used it in practice for a very long time. That is, you must understand that even a forgotten children's page in the same Odnoklassniki can become the reason for your denomination today.

For this purpose, OSINT provides for writing your own scripts, which can provide detailed information about which services and when a particular person entered their logins, phone number, and email. And the best thing you can do to prevent the disclosure of personal information in this way is to make all your social network profiles private, and immediately delete those accounts that you no longer use.

Features of de-anonymization by phone number

Unfortunately, today on the shadow Internet you can find dozens, hundreds of sites where, for a certain amount of money, they will provide you with an impressive amount of personal data about the owners of a particular phone number. This will not only be calls made or messages sent, but also geolocation, and even passport data. Often, personnel of cellular network operators are involved in such leaks. In order to make money, they provide data to their own client databases with a clear conscience.

And, having access to a phone number, hackers can immediately connect to all instant messengers used by this or that person, be it Telegram, Viber, WhatsApp. Here, users themselves indicate their personal data, in particular their first and last name, and attach a real photo to their profile. Attackers can easily find out the exact location of a potential victim through bulletin boards, which they can also access via a phone number. As a result, knowing just a phone number, an attacker can obtain the maximum amount of information about a particular user.

How can you de-anonymize a user based on his photo

With modern technology, it is not so difficult to find a person if you have at least a photo of him at your disposal. Modern neural networks provide unlimited opportunities for activities in this segment. So, they can easily find all the pages to which the user added his own photos. These can be the same social networks, marketplaces, forums, instant messengers, etc.

Along with services powered by artificial intelligence, you can find out information about the user from a photo simply through the Google browser or Yandex.Images. In addition, today there are many specialized services on the Internet whose job is to search for a particular person using a photograph. To obtain the most accurate information, a hacker will simply have to cut out the face of the person they would like to find from a general photo and upload it to the appropriate service. As a result, the attacker will have a complete set of data about the user: his first and last name, place of residence, all the services he uses in practice. And it’s good if it doesn’t come down to bank details.

Deanonymization through leaked databases

If employees of cellular network operators can be said to constantly leak the phone numbers of their clients, then the leak of data from clients of certain corporations, financial institutions — This is the exception rather than the norm. But still, in practice, this happens quite often. Thus, in the last year alone, according to Roskomnadzor, more than 50 fairly large companies encountered leaks of Polish data.

It turns out that in this case a hacker attack is being carried out on the company’s servers. And if it is successful, then customer data will fall into the hands of attackers. At one time, clients of Yandex.Food, Rostelecom, MTS Bank, SDEK, Delivery Club, Gemotest, GeekBrains, Tele2, as well as a number of other equally well-known organizations faced similar problems. And even if the relevant services manage to minimize the consequences of such attacks, user data will still end up on the shadow Internet, and the same hackers will earn a considerable amount from this.

Features of de-anonymization using cookies

Remember how many times you had to click on the “Accept cookies” button? when trying to access a particular site? Surely there is far more than one, because similar options are implemented on almost every website today. The resource does this in order to determine the preferences of its clients or simply visitors. Thus, the next time he logs in, he will be able to provide the most relevant and useful information without time delays. That is, by giving permission to a site to collect cookies, you thereby allow it to collect this or that information about you, in particular the pages you visit, sites that interest you, this or that product, service.

Yes, here all kinds of data are stored in an anonymized format. That is, the sites do not know your real first and last name. They focus solely on the IP-address. And cookie-files themselves are absolutely not dangerous. In addition, the system stores them in encrypted form. They do not penetrate the system files of your device and do not provide access to personal information. In some cases, they are used to launch targeted advertising, which is initially oriented towards certain user requests and preferences.

But attackers can reveal your identity even with the help of cookies. That is, if you are not sure of the reliability of a particular resource, then it is better not to allow it to use these files. The best thing is that you wait a few extra seconds for the site to load the information you need, rather than become a victim of attackers and lose your personal data.

How can a user ensure protection from de-anonymization

Unfortunately, any work on the network implies that each user leaves a so-called digital trace. This is how attackers calculate a user’s real identity. Now we will give a number of basic recommendations that will increase the level of security and anonymity of working on the Internet:

  • never use the same logins and passwords when accessing different sites, be it social networks, forums, online stores, etc.;
  • do not publish photographs that may reveal your identity, including those of children, as well as those photographs that indicate a specific location associated with you;
  • do not reveal your real name, surname, try to avoid indicating your phone number;
  • for online payments, use a separate card (virtual) that is not linked to your real bank account;
  • be as discreet as possible in all comments and publications so as not to reveal your identity;
  • try to set up maximum anonymity wherever possible: don’t be too lazy to spend a few extra minutes of time on this;
  • use two-factor authentication wherever possible;
  • use special applications and tools that can ensure anonymity when working online.

A striking example of the latest option for ensuring the confidentiality of actions on the Internet will be mobile proxies. Such intermediary servers will replace the real IP-address and GEO of your device with their own technical parameters, thereby ensuring the concealment of your personal data. And one of the best solutions here — These are mobile proxies from the MobileProxy.Space service. In this case, you get a reliable assistant who will significantly increase the level of your security and anonymity of working on the Internet, and will provide protection from all kinds of unauthorized access, including hacker attacks. And with their help, you can bypass all kinds of regional restrictions, thereby gaining access to sites from different countries and regions of the world.

Follow the link to learn more about mobile proxy from the MobileProxy.Space service, current tariffs, as well as all available tools that will make your work on the Internet more functional, stable and convenient. You will have at your disposal a free two-hour product test before purchasing, as well as a professional technical support service that works 24/7.

Remember: you won’t be able to completely disappear online, nor will you be able to give up using the Internet in general. But this does not mean that you should relax and rely on the fact that everything will work out. You must be aware of all the risks that you may encounter in practice and think through ways to counter them. Use the recommendations that we have given in the review to ensure the most confidential and secure work on the network, as well as minimize all possible risks. Believe me, there is nothing complicated or impossible in this, and the result will be the preservation of anonymity.

Mobile proxies from the MobileProxy.Space service

Share this article: