Public Proxy Servers - A Route to Anonymity

public proxy servers cartoon
For those who use free public proxy servers as a way to keep their surfing secure , I will share this experience. Some of the work I do is as a security consultant , mainly based on securing windows infrastructure, but in smaller places I get involved in all sorts of areas.

I was doing some work in a school/college last week trying to upgrade their security. These sort of educational establishments have a lot of issues with security usually because there will always be quite a few technically savvy people trying to 'work the system'. Public proxy servers and anonymous proxies are often used to circumvent restrictions on social networking sites and other web sites.

Anyway to cut a long story short this school had much more serious problems, in one open area computer lab there was a single linux machine which nobody really used anymore, however this single machine was responsible for over 70% of all the traffic that was generated in the whole school. The server had been hacked into (presumably by someone in the school) and was actually running as a free public proxy server. The intention was obvious, many of the kids in the school were using it to browse the internet without any of the normal restrictions however they had left this anonymous proxy completely open (and as such it was actually being used by thousands of people all over the world to surf through.)

The Insecurity of Public Proxy Servers

We started logging for a while to pick up the IP addresses of internal users and the web sites they visited, but of course we also picked up the IP addresses and full web browsing logs of everyone who was using it. The amount of data we picked up was incredible - at one point there were 14 active connections in the school and over 250 users from the internet.

I was able to parse the log and created a huge list of IP addresses and all the web browsing they did through that server. Of course it was all in clear text as they browsed through HTTP and I also picked up many account names and passwords.   Here's one of the best tools to capture traffic, it's free so you can download yourself and have a look, it's called Wireshark (although used to be known as Ethereal some years ago)

The ironic thing is that these people who picked up the address of my school proxy server on the internet had absolutely no idea where they were surfing, they also had no idea that all their web browsing was being logged and analysed by a security consultant, an IT Technician and an interested College Principal - if they thought they were being anonymous on the internet by using this free public proxy server, they couldn't be further from the truth.

It does of course illustrates the danger all too well of anonymous proxies you just 'find on the internet' - many of them are also logged by identity thieves and hackers. It's a simple way to obtain information - they can profit in many ways, stealing identities, blackmail and straightforward theft from bank accounts. You can see the attraction for a criminal - the potential to steal thousands from people in a country far away with little chance of being prosecuted. All you need to do is to set up a few free public proxy servers and wait for people to start sending you their web traffic.

Honestly, just stay away from these free public proxies, if you want proper security use proper secure, professional run proxies like Identity Cloaker who delete logs and encrypt all your traffic.