Being unknown, anonymous, untraceable, totally invisible is key to being a successful hacker, if one is referring to the garden variety black hats or anti-hero type gray hats. They have to be in order to evade law enforcement. Good hackers are almost perpetually connected but might as well be off the grid though various tools and techniques which, with a little time an effort can be achieved by those of us obsessed with online privacy. So how do hackers manage to stay anonymous online? Here’s how.
Use VPNs. Do not connect directly to the internet.
Now, hackers are just like any other individual using a paid internet connection, unless they hacked the neighbor’s powerful Wi-Fi. But that paid connection’s IP will not be available to prying eyes thanks to VPNs and TOR. For those of us who want privacy when surfing the internet, an encrypted VPN connection should be sufficient to prevent the usual suspects from tracking online activity. To be truly., practically untraceable, unless you’re a person of interest of law enforcement, you use a combination of TOR and a VPN.
VPNs (Virtual Private Network) enable internet traffic to pass through a private encrypted tunnel and will only be traced conventionally to the address of the VPN server. TOR on the other hand routes the network traffic through a series of thousands of encrypted relays. A combination of TOR and VPN will make tracing extremely difficult.
DO NOT USE WINDOWS
Windows, as an operating system, is good enough for most users to do work, play games and consume media. But for those invested in privacy, Windows has plenty of security holes as well as plenty of telemetry functions users don’t know about, nor are able to disable. If you wish to use Windows without compromising your privacy to Microsoft and its partners, use it with without being connected to the internet or use the version called Windows Ameliorated. But seriously, no Windows.
Windows is easily compromised by malware or spyware that will render a VPN/TOR connection moot. There are plenty of secure Linux distributions available such as Whonix, Parrot Security OS, Tails and Kali Linux. And since Linux is open source, a hacker good with programming might even have his/her own secure Linux distro.
MAC Spoofing
Computers are traceable through their unique MAC Address, even through VPNs. And a person’s activity can be determined by someone monitoring public Wi-Fi, which is also something a good hacker should avoid using as much as possible without necessary precautions. But if dirty work needs to be done outside the home, then MAC spoofing is important. While the hardware MAC address can’t be changed, it can be changed at the OS level.
Avoid Using Google
We all know Google’s business is tracking your activity in exchange for search results. Using it, even while using all the above opens you up for circumstantial evidence of your activity or aspects of your personality. Use other search engines that don’t track user activity such as DuckDuckGo and StartPage.
Use a Dummy Email Address
If you ever need to email someone or use email to subscribe to various services, use a dummy email address, something that can’t be traced back to you. It can be tough, but it is possible. Prepare a burner phone in case the service requires multi-factor authentication. Then, use an anonymous remailer service which will transmit emails anonymously. Some remailers allow replies but with the risk of divulging your email address in case they’re compromised. Remailing services can even be daisy-chained for additional layers of anonymity.
Use Cryptocurrency
It’s no secret that ransomware actors use cryptocurrency such as Bitcoin to transact with their victims. That’s because like good-ole unmarked cash, it’s practically untraceable. When doing dirty work, transact with crypto. If simply obsessed with privacy, transact with crypto.
Instant Messaging
Instant messaging is important since email can take time. Run-of-the-mill instant messengers are easily tracked. Telegram swears that it’s private, but Signal comes highly recommended when it comes with instant messaging. However, Signal is not completely secure though it tries its darndest. Which is why, it’s best to use Signal in combination with TOR.
Other Steps
If possible, use different machines when doing ordinary browsing and doing TOR browsing. Use different machines when doing different jobs that require subterfuge. MAC spoofing also works. Do not accept cookies. Do not allow suspicious app permission requests and avoid using home assistants and other IoT devices unless you’re able to modify them to use the layers of security described above.
{To learn more about being invisible on the internet or as a hacker, learn from the great granddaddy himself, Kevin Mitnick, from his book The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data }
