The experiment was as the following, an experienced person was given a military phone, his mission was to find out as many details as possible about other departments and teams in a certain facility.

So, he began his research. His first step was to try calling near numbers to his, so if his number was 213991, he phoned 213992 and so on until he got a response. Once someone answered he asked for “John”, most of the times, in most phone calls he was told that there is no John in here and he probably dialed the wrong number. Every few phone calls he tried retrieving some data in a stealth fashion, for example “Oh, there’s no John there? I was given that number by another department.. hold on, where did I call?”, and although it sounds stupid and simple, the soldiers answered his questions.

When he called and there was in fact a “John” present, he started talking to him as he knew him and talked to him before, and then that John stopped him and told him that he doesn’t think he knows him and he must be confused. And then, he asked him “Hold on, which john am I speaking to?”, and John answered his full name, the next question was “Wait. Where did I call?”. And again, of couse, John answered.

In these methods and other similar to this, the person assigned for that mission was able to map the whole branch of which he was assigned to in under a week and all that was possible because of the human factor in the security chain.

Using tools like NMap, can help you get even more information.
Nmap is a network discovery tool, it’s highly sophisticated and can analyse networks in many different formats.

One of its main features is to tell you what kind of hardware is used within an organization. Nmap does that by calculating time delays between responses and learning certain stamps that every hardware vendor has.

Knowing that a certain organization is using a specific model of “Cisco” routers in order to route his whole network is a lot of power. Because a very simple method is just to call the organization and tell them that you are a technician from Cisco, and you know that they are using this specific model and they are currently exposed to a security breach. In order to prevent that you have to come over there and install a security patch. Or even better, you can say that you can do it remotely, but you will need to have the password.

And by knowing the specific model, you have gained trust. Because the way the Technical Department of that organization sees it is that only Cisco or any other trusted company could know and have the records that they are using that specific model.

Nowadays there are courses that teaches workers to ask more questions and to be curious. Because if I were to do something like that kind of scam, I would get nervous when someone started asking me a whole bunch of questions.

For instance, if that John guy from the beginning of the post just asked the question “Which department are you from”, he could tell that the other guy was lying and trying to manipulate him.

I hope everyone will try to educate their workers to be more curious and always be just a little bit paranoid, not too much.

Nowadays you can’t do that anymore because webhosts got smart and they are using tools that disables this threat.

The thing webhosts didn’t figure out yet is that at the end of the month, everything comes down to Bandwidth.
Bandwidth is the key that holds webhosts by its balls, each webhost limits their users to a certain amount of bandwidth (There are some that allows a huge amount of bandwidth, but it is not common). The average bandwidth of a small website travels between 10-30gb per month.

If you go over the limit, the webhost will shut your website down till the following month (where the quota renews).
Webhosts do so because bandwidth is really expensive, and they cannot afford clients to take as much as they like.

Some webhosts sell “unmetered” bandwidth hosting packages, which are VERY expensive and they are targetted for specific clients who has a lot of visitors (100,000+, depends on the size/nature of the website).

Some webhosts on the other hand sell bandwidth according to the amount you used every month. Meaning if you used 10gb this month they will charge you for 10gb. They will never shut your website down, even if you got to 100gb this month, becuase you will pay for the whole 100gb.

My point is, by using a very simple method of downloading (and redownloading every second) the web pages of a website constantly, you can easily break the bandwidth limit of a website and shut it down, or in other cases you can make people shut their own website down because they end up paying thousands of dollars to the webhosting company.

Lets do the math:
10mbit line can produce 1.25mbps
1.25×60 = 75MB per minute
75×60 = 4500MB per hour
4500×24 = 108000MB per day
108GB per day. Using just one 10mbit line.

108GB is the MONTHLY bandwidth limit for most small-mid websites.

Of course, the line of the website also has to be at least 10mbit.

The only thing a webhost can do, is to block your IP address (or IP block).
If you have a dynamic IP address, you win. If you don’t, you lose.

You can use Metaproducts Offline Explorer or ever wget to do so.
Simple, yet dangerous.

Identifying a webmaster could be done in a few ways:
First, pulling the domain WHOIS records is the easiest part of the process. But not all domains/registrars will reveal that information.

The second thing you want to do is to Google for any email addresses of the webmaster.
For example, if the website has an info@ mail address or a webmaster@ one you should search it because sometimes people are very discrete regarding their identity in a controversial website, but forget to do so in other places like support forums, talkbacks etc.

and The final thing you could do is to search and analyze the website logs. This is abit tricky (and partially illegal) because you have to guess the path for the website logs/statistics.
Usually a website statistical information will remain confidential in a “secret” path that no one knows, though the folder that contains the information will usually not be password protected.

Common paths for websites logs/statistics are the following:
/stat
/stats
/statistics
/webstats
/logs
/log
/webalizer
/awstats
/awstats.pl
/cgi-bin/awstats
/cgi-bin/awstats.pl
/cgi-bin/awstats/awstats.pl
/usage

After you found the stat system you can find out the IP address of the website owner by checking out who is viewing certain files or directories in the webserver. For example, the webmaster will probably be the one who is visiting the “/admin” directory, or the one who is eating most of the website bandwidth.

Examples of website statistics

There are only two things that identifies you in a Wireless world, Your username/password and you MAC address.

You can work out the first if you steal someones credentials, and the second identifier is not very helpful for those who are looking to identify you.

Think about it.
Right now you are probably connected to the internet using a wired connection (Even if you use a wireless router, it ends up connecting to the internet using a wired line), Which means you can be identified by the authorities within seconds because the telephone line is registered to a specific person.
So even if you steal someones username and password for his internet account, you can still be easily identified.

In a wireless world, someone that uses another person credentials, could NEVER be identified.

Even now, Internet cafes and insecure wireless routers are everywhere. You can sit in a cafe (cameraless) and order a cup of coffee while spreading the latest virus attack that will cause damange in millions of dollars.
If you do so, rest assure you will not be caught.

Wimax will probably boost up anonymity aswell because it offers the same thing WiFi does, but for long ranges.

When you are logged in to your Google account, You will probably see different search results from those you would get if you were not logged in.

If you are registered to Google (Gmail for instance) you will get personalized search results according to the following:

- What you have searched in this session
- What you have searched in general - Google categorizes your search profile.
- Your Emails
- Your contacts it knows (in your public address book)
- Geographical Information - Search will differ between regions

If you are not registered (or logged in) to Google, they will consider everything above except for “What you searched in general” because they do not have your search history, your emails (because they don’t know if you even have one) and your public address book of course.

If you want a clean search results page, Delete your cookies and your cached pages.

Using Wikiscanner you can check out who edited values on wikipedia.org while filtering on IP ranges or organization names.

Another interesting thing about Wikiscanner is the ability to add IP ranges to their list and identifying them as a specific organization.
Meaning, you can see stuff that aren’t shown on RIPE, ARIN, AFRINIC or all the other IP Authorities.

Try it, it’s interesting.

Google Toolbar offers Pagerank information of every website we visit.
That means, if we have Google toolbar installed, and we type yahoo.com in the address bar (without using google’s search engine), Google will still know because the toolbar is checking yahoo.com’s pagerank using Google servers.

This lets google know which websites we visit, even if we don’t use their search engine.

Alexa on the other hand gives its users statistics regarding the websites they visit.
So if I visit yahoo.com and I have Alexa Toolbar, I’ll be able to know how many visitors it has and other statistical information.
And of course, it lets them know which websites the toolbar users visited.
Using that information, Alexa is able to provide more advanced statistics regarding websites. Stuff like geographical percentage of visitors per website and the number of visitors per day (Taken only from its toolbar users).

If anonymity is your primary goal, I suggest you NOT to install the Alexa Toolbar (Its even considered spyware by some security applications).
and I suggest you to disable Google Toolbar Pagerank checker.

You can use the link at the top of this page, or just click here

- Full Name
- Business Name
- Telephone Number
- Home/Work Address
- E-Mail Address

Almost every registrar will verify in one way or another that all of the details you provided are real, though there are a few that will allow you to use false details.
You can use DomainTools to search for any domain’s WHOIS Records

How can I protect my WHOIS Information?

There are service providers that does exactly that.
These service providers uses its details to register YOUR domain name. Meaning, their information will be in the domain WHOIS information and not yours. These service providers will hold your details confidently at their database.

Lately, some domain registrars made agreements with some of these service providers so customers of the registrar could immediately hide their WHOIS information upon registration (additional fee is sometimes required).

The following companies offers its customers to hide their WHOIS information under their name:
Contactprivacy - Hiding approximately 432,197 Domain Names
WhoisGuard - Hiding approximately 326,912 Domain Names

These two are the largest companies I found providing such a service (If you know more, please let me know).

For better anonymity, It is important to avoid keeping any unique information regarding your computer, Including your MAC Address.

You can view your MAC Address by running the command “ipconfig /all” (without the quotes) under the cmd.exe window.
It looks like this:

How to change your MAC Address:
Recent network adapters provides the ability to change the address through the adapter driver.
Check if your adapter allows this by entering:
Control Panel -> System -> Hardware -> Device Manager -> Network Adapters -> Right click on your network adapter you wish to change its MAC Address -> Properties -> Advanced -> Network Address
Under the Network address you can place any address you like (0-9 and A-F combination).

If you do not have the ability to change your address through the driver, Use applications like SMAC to change your network adapter MAC Address.

Be careful, If you change your MAC Address to be identical as another adapter in your intranet, they will collide and you will not be able to connect to your local intranet.

P.S
If you are using VMware your MAC Address is already spoofed.