Information Security Asked by user610620 on February 27, 2021
In Mr Robot season 3, the feds are set up in a safe house spying on Elliot’s internet communications (with packet sniffers?) when they intercept an email from Elliot to someone else containing a link that they think is secret information. When Elliot breaks into their safe house shortly after, they realize that clicking the link was Elliot’s way of phishing them.
Does this count as phishing? How could he have derived the street address of the safe house, when usually internet visitors are identified online only by an IP address?
And if we assume the feds were smart enough to use onion routing to hide their true IP address, by what other (technical) means would Elliot have still managed to track down their street address just by luring them to an internet link?
Does this count as phishing?
While people classify multiple things as phishing (often almost calling phishing almost anything), I wouldn't consider this as such, since no credentials are stolen. See for instance PhishTank definition:
Phishing is a fraudulent attempt to get you to provide personal information, including but not limited to, account information.
On the other hand, if the link led them to a page where they provided their FBI username and password, then I would count it as phishing.
How could he have derived the street address of the safe house, when usually internet visitors are identified online only by an IP address?
Through the ISP. While there are databases (both free and commercial) that geolocate IP addresses, they don't work with such precision as to identify an IP address as a given residential house.
The ISP will be assigning IP addresses to the customers (either quite statically, or potentially a new one each time they reboot they router), and only the ISP would know to which address they are assigned a given IP address at a certain time. This should in principle only be disclosed through a subpoena, although it would be possible for Elliot to have access to that if:
Other ways to obtain the address not involving the ISP would include:
The page used the geolocation API to query the browser where it is and
they provided the address to another service, and Elliot was able to fetch that from the other service.
For example: they previously bought pizzas from that connection, and provided their physical address for delivery. Elliot was able to look up (he compromised the pizza company?) that someone from that IP address requested a pizza to a given location 3 hours ago and concluded that the person currently using that same IP address is at that address.
Correct answer by Ángel on February 27, 2021
You can learn some things beyond just the IP address from clicking a link. Some of it is normal stuff that the browser (or other HTTP client) sends, like the "referer" header (in some contexts) and the "user-agent" header (which potentially reveals the software and OS that you are using). Neither of these are useful for determining location, but they can potentially reveal something about you anyhow... though they can also be removed or spoofed, so relying on them is silly.
For determining location specifically, you might look at the message round-trip times. This won't give any more than a rough measure of the distance from their router to yours, but if the page causes multiple requests to different locations you could roughly triangulate the direction. This wouldn't give you anything very precise, thouugh... in theory you could narrow it down to a neighborhood or something but in practice the first hop (outside the property) of every connection for a given location is going to be miles away (an ISP router or switch) and so you're unlikely to get much better than approximately which city. Also, there are lots of ways to fool this; the simplest would be a VPN or proxy with the server located somewhere else, but you could also deliberately introduce delay into your round-trips or send each packet through non-optimal routes.
Either way, unless the attacker is close enough to tap your network line or monitor your WiFi and can correlate that with the traffic to their site, or the request is being sent to a local address that doesn't have to route over the Internet, there's no way they could get your location down to the street address by looking at the network traffic!
Now, if the attacker has access to the ISP's mapping of customer IP addresses... that's another matter. But that's private information that they'd need either government authorization or a security breach at the ISP to gain access to.
Answered by CBHacking on February 27, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP