How Intelligence Agencies Track People Hiding Behind VPNs

By Ava McKinneyOnline Safety

How Intelligence Agencies Track People Hiding Behind VPNs

There are several different methods that can be used to de-anonymize a VPN user. Let’s imagine a scenario: you’re in Moscow and connect to a VPN server located in Paris. You then commit some illegal activity online. What happens next?

The victim reports the incident to law enforcement. Using their operational search systems, the authorities send a request to Russian internet providers, both fixed-line and mobile. They ask who connected to that specific Paris IP address, since all they saw was your Paris IP, not your real Moscow one. Your internet provider checks their logs and, of course, reveals that you connected to that IP address. That’s it—you’ve been de-anonymized.

Using Multiple VPNs (Double VPN, Triple VPN, etc.)

Now, let’s consider another scenario. You set up a double VPN chain, connecting through two VPNs in sequence. You could even use triple, quadruple, or as many VPNs as you want in a chain.

For example, you connect from Moscow to Amsterdam, then from Amsterdam to Frankfurt, and then commit illegal activity online. The process starts the same way: law enforcement gets involved and uses their search systems. They look for your Frankfurt IP address. They ask Russian providers who connected to that IP, but no one did—because your provider only sees your connection to Amsterdam, not Frankfurt. The victim only sees the connection from Frankfurt.

But if you think this second method gives you true anonymity, it only buys you a little time—maybe a couple of days. In the first scenario, you’d be exposed in about two hours. The second method just gives you a head start to “run for the hills.”

Why will they still find you? Because every IP address belongs to a provider, and providers keep logs of who connects to what. Authorities contact the Frankfurt provider, find out who rents the server, send a request to the renter, and the renter reveals who connected at that time. They repeat this process for each server in the chain, eventually tracing it back to your real IP address. So, the number of VPN servers in your chain only delays the process.

The Myth of Server Location

There’s a common belief that using a VPN in Panama or Qatar will keep you safe. That’s only partially true. Why? Because official requests can get almost anything done.

Here’s how intelligence agencies work with Panama: Panama never gives out any data—except to U.S. intelligence agencies. So, Russian authorities send a request to Interpol, specifying the IP address and alleging a connection to terrorism. Interpol forwards the request to U.S. agencies, who then contact Panama. The answer comes back the same way. The same process works with Qatar, except the request goes through Saudi Arabia. In any case, if someone really wants to find you, they will. But we’re not hiding from intelligence agencies, right?

We’re just using intelligence agencies as the gold standard for de-anonymization.

Are Intelligence Agencies Really That Inept?

There’s another myth that all intelligence agents are clueless. That’s not true. Sure, no one is going to spend hours tracking you for a low salary. That’s why the agencies have either recruited people who have been “caught” and are now working for them, or they use people who are just there for show.

The main strength of intelligence agencies is their administrative resources and influence—nothing more.

So, How Can Our Fictional Hero Hide?

So, purely from a creative, fictional standpoint—since we’re just writing stories—how would our hero hide? The answer is TOR.

Leave a Reply