So it goes like this — It’s 4:00, you come home from school or your job stacking coconuts at the supermarket, whatever; and you log on to your internet enabled device of choice, be it laptop, tablet, or microwave oven. You have a hankering for some down-home, all-fresh, free-range Club Penguin army news, so where do you go?
You go to CPAC, of course.
But what’s this? Shady dealings? IP addresses stolen? It was already looking bad, but while you’re scrolling through the post, you happen upon something wonderful and terrible at the same time: your name. Yes, right there on the screen, someone has nabbed your unauthorized, unsolicited, and totally unasked for likeness and pasted it in a scary list alongside some sinister string of numbers. But it’s your name, right? Free publicity! What could possibly go wrong with that? Wait… what does that say? Did this string of text just call you a try-hard jerk for the whole net to see?
Oh no! Obviously you’re in trouble, but how much trouble?
Aside from that, how did it happen? You can’t remember hanging out in shady forums or clicking on any “Windows 9 Free Trial” ads, so why is your name and IP address displayed for all to see? Welcome to the first stage of a doxing, a convoluted process by which small minds with long reach sow fear and disorder on the internet.
How do you know if you’ve been doxed? Typically, as is the custom of those who find pinching and compiling personal information a viable alternative to team sports, it will be released in a massive ‘blast’ post on some obscure message board and linked to on a popular forum, like CPAC. Once the shady saboteur posts the first link,–usually under a pseudonym handpicked from the wiki page listing the names all the Call of Duty troopers whose only duty is to die in massive set piece explosions, like “Redcell, Specter, Goony, or Silent Rip”–they will then rely on the power of human curiosity to further their objective. Once the link is out there, you can bet that at least a dozen visitors have ctrl+V’d the **** out of that thing and will be pasting it elsewhere.
You can block it, make a PSA, complain to the host site, but it won’t matter. That’s the nature of the internet. Once a file is posted, it’s there for good and will spring up again somewhere else. There’s no hiding it, no keeping it a secret: it’s out for all to see.
That’s a problem, right? The good times are over, you might as well just unplug your computer and uninstall the internet, because now that your IP address is out there, hackers have free reign over everything from your credit card to your laptop battery. They can totally pinpoint your location from orbit or sell your identity to the Nicaraguans, can’t they?
Actually… not so much. First it’s imperative to understand just what has been taken from you. An “Internet Protocol Address” is a unique identifying number given to every internet-capable device on the web. Like a vehicle’s license plate, it is a special serial number used for identification. That means your Xbox, your phone, your computer and even some vending machines all have an IP address that is unique to them.
IP addresses are typically assigned by your internet service provider, loaned out of a huge pool for your use. IP addresses have two common formats. IP version 4 addresses are comprised of four numbers-only segments separated by dots:
- 1 188.8.131.525
IP version 6 addresses are more complex and are composed of eight segments of alphanumeric characters.
An IP address is simply a way that your computer declares itself to be a self-contained entity on the world-wide web, and tells anyone interested where your device can be found. This means that at any time of day, from anywhere in the world, anyone inclined can zero in and locate the pepsi machine down the hall, determining whether it is off or on in the process. It can also be used against an individual user in a concentrated effort to gather personal details and make them public.
The problem is, they may actually have something on you if they’re a dedicated group willing to spend lots of time posing as a long-lost BFF or that one girl you met that one time down by the wharves. What am I talking about? (And what were you doing down by the wharves?) I’m talking about social media–like facebook, or twitter. If you use them a lot, you’ll probably have your name and location listed publicly, or a friend or family member will. There are a lot of ‘John Smith”s in the world, but if they’ve got a John Smith who lives in Vancouver, Washington, and you’ve listed yourself as John Smith of Vancouver, Washington, the pieces start to come together. Suddenly they’ve got your full name, age, and pictures of your twelfth birthday party complete with your uncle Leroy dressed as the clown.
Now they’ve got something on you, and depending on how lax your security is, they may be able to go through your life and find the answers to your password security questions like “name of first pet” or “mother’s maiden name”. From there, it gets really hard to tell where the problems will stop, and it can be a real hassle to go through and change all your passwords because just one got hacked.
But how did they get this super-sensitive information that gives them backstage access to your online life? Surely there must be some crazy security on such an important number? Surprisingly… there isn’t.
As a matter of fact, the IP address is not encrypted in any way. All a webpage has to do to obtain it is simply to request it. Wordpress actually requests and stores your IP address every time you place a comment.
Try it: open a google search page and type “IP Address”. Your public IP will come up as a search result. Be sure you have no enemies or secret agents standing over your shoulder as you do this, because your firewall will not prevent them from seeing it.
So what can you do? After all this doom-and-gloom, is there any point in trying to escape the coming calamity, or should you just change your name and skip town?
Thankfully, we at CPAC are experts on the subject. Defending the site from DDOS attacks is practically our company pastime. Dealing with a doxing now and again is just another perk that comes with the job. How do we beat it?
Well, we change our names and skip town. But every now and again due to some deadline or other, it becomes necessary to take a stand and fight back against net crime.
- Don’t give out personal information online
Like, never. Not to your battle buddy, not to that chick with the hot avatar, and not even to people you know from school or home. As stated, the internet never forgets. Once you’ve put it out there, it can be found. Leave your name in a xat box where you’ve been chatting with a friend, and it may still be there for the next person who comes through. Likewise with forums.
- Use a proxy
A ‘proxy’ or proxy server is an online application which shields your identity from other users. When you use a proxy, you are actually entering your commands into a remote server which then follows your orders and relays the information back to you, leaving your computer and IP address safely out of the equation. Some proxys are free, but many lack functions. Proxy servers can be useful for when you aren’t certain of the validity or safety of a site. They are not a substitute for a firewall.
- Make sure your firewall is up-to-date
Most new computers come with a free trial of antivirus software. These range in quality from top-of-the-line security software to “look-what-I-cooked-up-in-mom’s-basement” freeware. Websites can run harmful scripts in the background without ever alerting you, but a good firewall will block it and prompt you to move to safety.
- Just change it
Perhaps the damage has been done and your IP address is already in the unwashed and clammy hands of some sinister desk-bound individual. You can’t undo what’s already been done, but if you don’t want anyone else following the trail of breadcrumbs, it’s easy enough just to change your IP address. As most ISP companies provide dynamic IP addresses, a changeout is as simple as unplugging your router for a few hours.
And there you go. Now you’re well on your way to becoming suave internet secret agents like we are. For posterity’s sake, I have to get serious for a moment and remind you that CPAC will not now or ever be a forum for sharing ilegally obtained or intentionally harmful information with viewers. If you post a link to the stuff, it will be removed, and we will do lunch. Without you. So don’t do it.
– Delcrux –
Has a cool Job at CPAC
Filed under: Uncategorized |