Can Hackers Really “Bounce” Their Signal All Over the World?
TV shows and films rarely represent hackers accurately. We’re all familiar with the old trope of the hoodie-clad digital criminal frantically typing into a black terminal before triumphantly whispering, “We’re in.”
But does Hollywood ever get it right? Sometimes.
Don’t Believe Everything You See on TV
Both the small and silver screens have portrayed hackers who bounce an internet connection around the world to stay ahead of law enforcement. While these depictions are usually a bit more colorful than what you’d see in reality, there are real-world parallels.
Perhaps the most ludicrous fictional example of this was in the schlocky, 2001 Hugh Jackman flick, Swordfish. At the film’s climax, retired hacker, Stanley Jobson, bounces stolen money through hacked bank accounts across the globe, each represented by an IP address.
“The accounts are encrypted with a 1024-bit cipher. Even I can’t break through the firewall,” said Jobson, elevating Hollywood technobabble to unforeseen new heights.
So, how about in real life? Can this really be done? Well, one strategy someone could use to move his digital footprint through multiple jurisdictions is a process called “VPN chaining,” aka multi-hopping VPNs or VPN cascading.
VPN chaining is exactly what it sounds like. You connect multiple virtual private networks together, and then funnel your traffic through several predetermined servers until it reaches its destination.
So, what’s the advantage of this? Perhaps the biggest is that it ensures only one server knows your real IP address. The other VPN servers only know the IP addresses of the machine adjacent to them in the chain. It removes the single point of failure you have if you use only one VPN to protect your anonymity.
However, there are obvious drawbacks. Bouncing your traffic through several VPN nodes will increase the latency of your connection. This spells doom for online gaming and, to a lesser extent, VoIP applications. You can also expect a significant decrease in speed, as well.
Many VPN providers offer VPN chaining, albeit, in a limited form, with a maximum of two chained VPN servers. Others offer multiple hops—in some cases, as many as five.
There are a couple of caveats here, though. First, as this is a bit of a niche feature, the providers that offer it tend to be pricier. Second, the hops tend to stay within the provider’s network. If you want to connect servers from multiple providers, you must brace yourself for a bit of technical legwork.
What does this look like in practice? One configuration might involve a VPN enabled on your router, another on your computer, and yet another running on a virtual machine, on which you’ll do most of your browsing. If that sounds convoluted, that’s because it is.
A Less TOR-turous Approach
And then there’s Tor, i.e., The Onion Router. This network is infamous for its association with dark web criminals, who use it to trade contraband and swap stolen data.
But here’s the irony: the core concepts for Tor were developed in the 1990s at the U.S. Naval Research Laboratory to protect American intelligence operations overseas. A subsequent non-profit was then created to guide the development of Tor. It received a significant amount of its funding from the U.S. government, but with good reason. The same technology that allows someone to anonymously buy drugs also protects dissidents living under repressive regimes.
Tor siphons your traffic through multiple, randomly selected points on an encrypted network. So, effectively, it is bounced around the world. The origin and destination of the traffic are obscured from each intermediate relay node until it reaches an exit node. The traffic then leaves the network.
Using Tor doesn’t guarantee anonymity, however. Locally-running malware could undermine your efforts, or your data might pass through a malicious exit node that captures and analyzes all outbound traffic.
Most TV shows or movies about hackers usually conclude with someone in handcuffs being led into the back seat of a waiting Ford Crown Victoria. This is arguably the most realistic facet of the hacking world.
In recent years, law enforcement has become increasingly adept at tackling the cross-border nature of cybercrime. Collaboration between international police departments is particularly strong. This is also aided by institutions like Interpol, Eurojust, and Europol, as well as instruments like the European Arrest Warrant.
So, yes, it’s possible to bounce your Internet connection across the globe, but internet traffic isn’t the only way investigators can track you.
Perhaps the best example of this is Ross Ulbricht. Using the pseudonym Dread Pirate Roberts, Ulbricht ran the Silk Road dark web marketplace. Despite using Tor to hide his activities, he was caught after he used his real name to solicit technical support on an online message board.
In the end, no amount of technical sophistication can overcome basic human error.