How the NSA utilized Iranian Cyber Proxies To Participate in the BOUNDLESS INFORMANT Program?

Image for post
Image for post
Sample Publicly Accessible Presentation Slide Showing the Actual IPs Known to have Participated in the BOUNDLESS INFORMANT Top Secret Program

Is there such a thing as free lunch? Think twice.

It appears that the NSA has been keeping itself busy utilizing rogue and fraudulent spread across various forum communities within Iran for the purpose of enticing Iranian-based users into using the rogue and often free VPN providers for the purpose of successfully eavesdropping on their communications in an attempt to feed the data into the BOUNDLESS INFORMANT Top Secret Data Collection Program including the active legal authorization to use various Top Secret Programs presumably targeting owners and individuals operating free and publicly accessible VPN providers in Iran including the active use of specially crafted and publicly accessible free VPN service providers for the purpose of enticing more users — in this case Iranian users into falling victim into the rogue VPN service provider offering with the idea to actively launch a legally authorized surveillance and eavesdropping campaign. How does this work? Keep reading.

Image for post
Image for post
Sample Rogue Free Iranian VPN Service Provider Which Appears to Have Participated in the Top Secret BOUNDLESS INFORMANT Program

Sample Rogue and potentially privacy-violating VPN-service providers known to have participated in the “BOUNDLESS INFORMANT” Top Secret Data Collection Program spread across various publicly accessible Iranian-based Web forums:

  • Vpn3.bluewebx.com
  • bluewebx.us
  • irs1.ga
  • iranianvpn.net
  • IRSV.ME
  • CISCO2.DNSSPEEDY.TK
  • ironvpn.tk
  • ironvpn.pw — Email: ironvpn@yahoo.com; Wegal@yahoo.fr
  • irgomake.win
  • make-account.us
  • make-account.ir
  • IRANTUNEL.COM
  • SSTP.JET-VPN.COM
  • accvpn1.newhost.ir — mokh98@gmail.com
Image for post
Image for post
Sample Facebook Post Detailing the Public Offering of a Free and Commercially Available VPN Service Targeting Iranian Users part of the Top Secret BOUNDLESS INFORMANT Program

Sample Responding IPs Based on Passive DNS Analysis of All the IPs Known to Have Participated in the Top Secret “BOUNDLESS INFORMANT” Program Acting as Rogue and Publicly Accessible VPN Service Providers:

hxxp://uk2.bluewebx.com
hxxp://hikemasat.dyndns.org
hxxp://sokrates.homeunix.net
hxxp://uk-server.vpnmakers.com
hxxp://uk.hidethisip.info
hxxp://uk.myfastport.com
hxxp://uk.vpnmakers.com
hxxp://ipsec.lon.witopia.net
hxxp://ipsec.london.witopia.net
hxxp://s17.worldserver.in
hxxp://ns1.dl.music30ty.net
hxxp://ns2.dl.music30ty.net
hxxp://ns3.music30ty.net
hxxp://ns4.music30ty.net
hxxp://dl.music30ty.net
hxxp://mrwan.dyndns.info
hxxp://mrwan.dyndns.info
hxxp://scatconnect.no-ip.biz
hxxp://revscape.no-ip.biz
hxxp://dibil.zapto.org
hxxp://windows.misconfused.org
hxxp://stats.uk-ln-002.privatetunnel.com
hxxp://us2.aseman-sky.in
hxxp://199–127–100–25.static.avestadns.com
hxxp://sucking.cc
hxxp://hadcoreporntube.com
hxxp://naughtyxxxtube.com
hxxp://erotixtubes.com
hxxp://www.sucking.cc
hxxp://www.erotixtubes.com
hxxp://farzand.no-ip.org
hxxp://kaliou.dyndns.tv

Image for post
Image for post

Sample IPs known to have participated in the Top Secret “BOUNDLESS INFORMANT” Program:

  • 146.185.26.163
  • 176.249.28.104
  • 212.118.232.104
  • 212.118.232.184
  • 212.118.232.50
  • 31.6.17.94
  • 37.130.229.100
  • 37.130.229.101
  • 37.220.10.28
  • 80.84.63.242
  • 84.45.121.218
  • 85.237.211.177
  • 85.237.211.198
  • 85.237.212.52
  • 94.229.78.58
  • 184.154.95.24
  • 198.105.215.147
  • 198.144.105.223
  • 198.144.107.244
  • 198.144.107.45
  • 199.127.100.25
  • 216.172.135.105
  • 216.172.135.136
  • 37.72.168.84
  • 50.115.118.140
  • 50.115.119.172
  • 64.9.146.208
  • 65.49.68.162
  • 68.68.107.164
  • 68.68.108.69
  • 69.175.29.74
Image for post
Image for post
Sample Screenshot of Iranian-Based Public and Free VPN Service Provider Known to Have Participated in the Top Secret BOUNDLESS INFORMANT Program

It should be clearly noted that in restrictive regimes such as for instance Iran the U.S Intelligence Community and the NSA might be interested in successfully tracking down potential hacktivists and their activities including possible “movements” activities for the purpose of launching legal authorization to eavesdrop and launch surveillance campaigns against the actual individuals including active traffic surveillance and basic eavesdropping techniques.

What can Iranian users to properly protect themselves from such type of attacks? Case in point is the use of foreign-managed sophisticated and market-relevant in today’s modern and sophisticated modern Internet where nation-state actors including various other rogue actors including the U.S Intelligence Community and the NSA actively try to launch wide-spread and mass surveillance and eavesdropping campaigns.

Image for post
Image for post
Sample Screenshot of Psiphon — A Popular Anti-Censorship Tool Which Could Be Used to Bypass Common Censorship Attempts and Could Actually Offer More Privacy and Security Compared to a Free VPN Service Providwer

Sample highly recommended tools or the purpose of bypassing common and rogue potentially fraudulent free VPN Service Providers include:

In conclusion — it should be clearly noted that the U.S Intelligence Community including the NSA and its partners will continue to successfully attempt to launch wide-spread surveillance and eavesdropping campaigns potentially targeting the actual project and product owners in the process including the actual users of the free VPN services in question.

What end users and organizations could possible do is to stay on the top of current and emerging cyber threats for the purpose of preserving their Intellectual Property (IP) including to protect their organization’s confidentiality availability and integrity through maintaining a decent situational awareness on current and emerging cyber threats.

Independent Security Consultant OSINT Analyst Threat Intelligence Analyst Security Blogger

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store