Virtual Espionage 
A guide to doing it and protecting yourself from it 
By: The Mob Boss 

Espionage is something that goes on everyday. No I am not 
talking about the movies and I am not talking about the 
bullshit you see on your local news. I am talking about the 
information gathering that goes on every day, specifically 
the kind that goes on the vast world we call the internet. 
Lets face it the net and phone network has become something 
of virtual world. It's a place where shopping, work, 
communication, and leisure occurs on a day to day basis. If 
you think about it, this creation of a new world was 
inevitable with hundreds of people from all over the world 
discovering it for the first time each day. With some much 
information on one network is it that bizarre to think that 
someone might want to gather more information then they were 
meant to know. To want to find out information about someone 
else on that vast network is not so strange when you 
consider the many people who LIVE on IRC and other means of 
communication. Not to mention with so much money flowing 
through those phone and cable lines, its obvious someone 
might want to steal it. Now it's nothing to be paranoid about 
and its not something to avoid the web over, its just 
something to be aware of. For instance how do you know 
someone you pissed of on IRC is spying on you? How do you 
know some law enforcement agency is not monitoring a channel 
or newsgroup you frequent? Well that's what this article is 
about so if you still interested keep on reading. 
 Ok so you understand there are prying eyes and ears out 
there so what kind of precautions do you plan to take? That 
depends on what kind of things you do online. For instance 
if you are some sort of holy man online then I doubt the 
government is concerned with you. But let's consider you 
someone who thinks freely and does things that might be 
somewhat questionable, then you might want to consider 
watching yourself. First step to becoming anonymous on the 
web is thinking about what forms of identification there are 
to tell who you really are. In real life that may be your 
drivers license, fingerprint, or signature. Online though, 
your IP, email address, and most importantly your phone 
number will lead back to you. The key is learning how to 
bypass that. For instance your IP address is left whenever 
you visit a page, whenever you sign on to chat, when ever 
you post to a discussion group. So what can you do about 
that you ask? You can bounce your IP. Something we can use 
to achieve this is proxies and wingates. Now although it 
seems simple enough most people don't go through the trouble 
of doing this for everyday things. I suggest that if you 
have two web browsers, that at least one of those should 
have an http proxy setup on it. So it slows you down a 
little, no big deal, good things come to those who wait. 
Here's a freebie proxy which will probably go dead as soon as 
I release this, proxy.escape.ca:3128, now that should be 
placed in your preferences under proxies. Read the help file 
for your browser to see the specifics on how to specify your 
proxy. Most HTTP proxies run on either 8080 or 3128 so if 
that one goes dead just fire up nmap or your favorite 
scanner and look for IP's connecting on those ports. Now for 
you IRC chatting you have the option of either using a 
wingate, which is something like a proxy that connects on 
port 23 and identifies itself by the "wingate>" prompt, or 
you can use an IRC proxy, which will probably be easier, 
especially if you are using some sort of mIRC. I personally 
like wingates when I use BitchX and proxies for when I use 
mIRC. That's my personal opinion but feel free to form your 
own thoughts. Now if you don't already know how to use a 
wingate there are plenty of good texts out there on it. One 
I strongly recommend is by a friend of mine Alphavers, I 
don't know exactly remember the name but you can obtain it 
directly from him on Undernet #ANSI, he's on there all day, 
seven days a week. As for IRC proxies I am not going to give 
a freebie of this because I don't have more then two at the 
moment myself, I will say though they run on port 1080 
(socks proxy) so like I said earlier fire up that IP 
scanner. You can also use a proxy to telnet, FTP, and even 
send mail by directly connecting to the smtp port (25). As I 
suggested earlier read up on wingates. If you would like to 
see a wingate for yourself you can always find the ones that 
were g-lined on IRC by giving the "/stat g" command, just 
look for exploitable wingate or too many connections and 
telnet to it. Most likely you will be sitting at the wingate 
prompt. Now that you are protecting your IP, what are you 
doing about giving information under your own free will? One 
thing that a lot of people do which is very, very, stupid is 
having their full name on their email address. If you do 
then its a good idea to keep that email address private and 
open up a free web-based email address such as one available 
at http://mail.yahoo.com or www.hotmail.com and use fake 
info only providing your internet handle. So now using a 
http proxy and an email address with fake info, you know 
have become somewhat anonymous because those headers will 
automatically show the IP of your proxy rather then yours 
when you send an email. Now another thing to consider is 
what you say online. Posting to some sex newsgroup and then 
using the same email address on Usenet to get involved in 
something else is probably a bad idea because those records 
of where you post are available to the public through 
www.dejanews.com and will probably be dug up. Also what do 
you tell people about yourself. Do you mention your real 
name to people? Do you tell people where you work or talk 
about your family? All those things can be used against you. 
Someone following you around in chat may be able to gather 
quite an extensive amount of information about you. Keeping 
your mouth shut may be something that comes hard at first 
but will definitely be worthwhile in the long run. You don't 
have to make like the dumb guard from Hogan's Heroes and do 
the "I know nothing" routine but being somewhat vague is 
definitely something smart. You don't want to make others 
suspicious of you but keeping your information private is 
what is the number one priority. Keep an eye out to see if a 
certain nick keeps popping up in the same channel or chat 
room you are in. Using the same street smarts you would use 
in real life are just as important on the net. 
 Now that you know how to protect yourself its time to 
learn how to go on the offensive. How to become on the 
virtual James Bond. Most likely it won't be that exciting 
but it may come in handy. Lets start off by sizing up the 
target. Who is he? What does he do online? What is it we 
want to know or achieve? Once you have questioned your 
motives you are ready to begin. Setting up a dossier on the 
person is the first step. You should begin to note 
everything you already know about the person such as their 
handle, email address, ISP, and anything else you know off 
the top of the head. Secondly find out where they hang out 
and what handle do they go by. Frequent the places they go 
and follow them if you can but don't make the person 
suspicious or you will fuck up your whole operation. Note 
who their friends are. If you can get the persons AIM screen 
name, Yahoo Pager handle, or ICQ number by all means add 
them by using any excuse you can or don't give an excuse. If 
questioned by the person ignoring them might be the best 
bet. Getting to know their patterns for coming online is a 
good idea so you can know when to expect them. Now by doing 
all this you are putting yourself in a position to be able to 
spy on them and even clone their online identity. Posing as 
someone who uses AOL as his or her ISP would definitely be easy 
because those accounts are not too difficult to get. Noting 
their ident on IRC is also a good idea if you ever plan to 
try to snatch information by posing as them. Now I highly 
recommend you do the background work before you try that so 
that you don't screw up and blow your cover. Now after you 
have done that its time to give yourself a new identity and 
try to get close to them. Now if the person is usually very 
friendly then it shouldn't be too hard. Hang around where 
they do under your new identity which should be from a 
forged IP, a free email account with bogus info, and 
anything else someone online might have a like ICQ. Get to 
know the person and add to the conversations. Make friends 
with the person, never hinting who you are. Your own 
boasting is what might get you in trouble as it always seems 
to do it to everyone. Now for instance if this person is 
into h/p sharing some good info that you know they would be 
interested is something that you should attempt. If you 
share enough real info with them they may trust you enough 
so that you can slip them a trojan if you feel the need. Now 
I am in NO way advocating the use of trojan's but if you must 
you must to obtain your goal then use your best judgement 
and let it be on your head. By this time you should have 
already checked their computer by scanning it, seeing what 
operating system they use as well as any security breaches 
may be possible on it. Use your creativity and you will be 
fine. Gaining their trust is something that should not be 
rushed, if you do then its highly likely that you will fail 
in your motives. 
 That's it for this article, I know this is a little 
different from my usual articles but I think its something 
everyone on h/p scene should be aware of since I have seen 
this on many notes throughout my career and felt it should 
be addressed. 

-The Mob Boss; http://mobboss.dragx.cx 
 Voice mail and fax: 1-877-203-3043 

Edited by Glock 

This has been a publication written by THE MOB BOSS; 
He is in no way responsible for the accuracy or results from the use of info in this article. 
Anything done is totally done at the users discretion. 
THE MOB BOSS in no way or form supports, aids, or participates 
in the act of criminal hacking or phreaking. 
Any ideas, beliefs, and information gathered in all publications published by THE MOB BOSS 
are strictly for informational purposes only. 

THE MOB BOSS (c) 1999 all rights reserved 
  
  
  
