How the NSA utilized Iranian Cyber Proxies To Participate in the BOUNDLESS INFORMANT Program?

Dancho Danchev
Oct 27 · 4 min read
Sample Publicly Accessible Presentation Slide Showing the Actual IPs Known to have Participated in the BOUNDLESS INFORMANT Top Secret Program

Is there such a thing as free lunch? Think twice.

It appears that the NSA has been keeping itself busy utilizing rogue and fraudulent spread across various forum communities within Iran for the purpose of enticing Iranian-based users into using the rogue and often free VPN providers for the purpose of successfully eavesdropping on their communications in an attempt to feed the data into the BOUNDLESS INFORMANT Top Secret Data Collection Program including the active legal authorization to use various Top Secret Programs presumably targeting owners and individuals operating free and publicly accessible VPN providers in Iran including the active use of specially crafted and publicly accessible free VPN service providers for the purpose of enticing more users — in this case Iranian users into falling victim into the rogue VPN service provider offering with the idea to actively launch a legally authorized surveillance and eavesdropping campaign. How does this work? Keep reading.

Sample Rogue Free Iranian VPN Service Provider Which Appears to Have Participated in the Top Secret BOUNDLESS INFORMANT Program

Sample Rogue and potentially privacy-violating VPN-service providers known to have participated in the “BOUNDLESS INFORMANT” Top Secret Data Collection Program spread across various publicly accessible Iranian-based Web forums:

  • Vpn3.bluewebx.com
  • bluewebx.us
  • irs1.ga
  • iranianvpn.net
  • IRSV.ME
  • CISCO2.DNSSPEEDY.TK
  • ironvpn.tk
  • ironvpn.pw — Email: ironvpn@yahoo.com; Wegal@yahoo.fr
  • irgomake.win
  • make-account.us
  • make-account.ir
  • IRANTUNEL.COM
  • SSTP.JET-VPN.COM
  • accvpn1.newhost.ir — mokh98@gmail.com
Sample Facebook Post Detailing the Public Offering of a Free and Commercially Available VPN Service Targeting Iranian Users part of the Top Secret BOUNDLESS INFORMANT Program

Sample Responding IPs Based on Passive DNS Analysis of All the IPs Known to Have Participated in the Top Secret “BOUNDLESS INFORMANT” Program Acting as Rogue and Publicly Accessible VPN Service Providers:

hxxp://uk2.bluewebx.com
hxxp://hikemasat.dyndns.org
hxxp://sokrates.homeunix.net
hxxp://uk-server.vpnmakers.com
hxxp://uk.hidethisip.info
hxxp://uk.myfastport.com
hxxp://uk.vpnmakers.com
hxxp://ipsec.lon.witopia.net
hxxp://ipsec.london.witopia.net
hxxp://s17.worldserver.in
hxxp://ns1.dl.music30ty.net
hxxp://ns2.dl.music30ty.net
hxxp://ns3.music30ty.net
hxxp://ns4.music30ty.net
hxxp://dl.music30ty.net
hxxp://mrwan.dyndns.info
hxxp://mrwan.dyndns.info
hxxp://scatconnect.no-ip.biz
hxxp://revscape.no-ip.biz
hxxp://dibil.zapto.org
hxxp://windows.misconfused.org
hxxp://stats.uk-ln-002.privatetunnel.com
hxxp://us2.aseman-sky.in
hxxp://199–127–100–25.static.avestadns.com
hxxp://sucking.cc
hxxp://hadcoreporntube.com
hxxp://naughtyxxxtube.com
hxxp://erotixtubes.com
hxxp://www.sucking.cc
hxxp://www.erotixtubes.com
hxxp://farzand.no-ip.org
hxxp://kaliou.dyndns.tv

Sample IPs known to have participated in the Top Secret “BOUNDLESS INFORMANT” Program:

  • 146.185.26.163
  • 176.249.28.104
  • 212.118.232.104
  • 212.118.232.184
  • 212.118.232.50
  • 31.6.17.94
  • 37.130.229.100
  • 37.130.229.101
  • 37.220.10.28
  • 80.84.63.242
  • 84.45.121.218
  • 85.237.211.177
  • 85.237.211.198
  • 85.237.212.52
  • 94.229.78.58
  • 184.154.95.24
  • 198.105.215.147
  • 198.144.105.223
  • 198.144.107.244
  • 198.144.107.45
  • 199.127.100.25
  • 216.172.135.105
  • 216.172.135.136
  • 37.72.168.84
  • 50.115.118.140
  • 50.115.119.172
  • 64.9.146.208
  • 65.49.68.162
  • 68.68.107.164
  • 68.68.108.69
  • 69.175.29.74
Sample Screenshot of Iranian-Based Public and Free VPN Service Provider Known to Have Participated in the Top Secret BOUNDLESS INFORMANT Program

It should be clearly noted that in restrictive regimes such as for instance Iran the U.S Intelligence Community and the NSA might be interested in successfully tracking down potential hacktivists and their activities including possible “movements” activities for the purpose of launching legal authorization to eavesdrop and launch surveillance campaigns against the actual individuals including active traffic surveillance and basic eavesdropping techniques.

What can Iranian users to properly protect themselves from such type of attacks? Case in point is the use of foreign-managed sophisticated and market-relevant in today’s modern and sophisticated modern Internet where nation-state actors including various other rogue actors including the U.S Intelligence Community and the NSA actively try to launch wide-spread and mass surveillance and eavesdropping campaigns.

Sample Screenshot of Psiphon — A Popular Anti-Censorship Tool Which Could Be Used to Bypass Common Censorship Attempts and Could Actually Offer More Privacy and Security Compared to a Free VPN Service Providwer

Sample highly recommended tools or the purpose of bypassing common and rogue potentially fraudulent free VPN Service Providers include:

In conclusion — it should be clearly noted that the U.S Intelligence Community including the NSA and its partners will continue to successfully attempt to launch wide-spread surveillance and eavesdropping campaigns potentially targeting the actual project and product owners in the process including the actual users of the free VPN services in question.

What end users and organizations could possible do is to stay on the top of current and emerging cyber threats for the purpose of preserving their Intellectual Property (IP) including to protect their organization’s confidentiality availability and integrity through maintaining a decent situational awareness on current and emerging cyber threats.

Dancho Danchev

Written by

The World’s Leading Expert in the field of Cybercrime Research and Threat Intelligence Gathering — https://ddanchev.blogspot.com

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade