Two weeks ago I decided I wanted to contact a hacker who did not want to be tracked. While this may sound difficult, I was able to communicate with the hacker using an array of online tools so that both he and I were happy with the level of privacy and felt we could speak freely.
Here is how I did it:
I became aware of a teenage hacker who made a malware platform called Tox that was quite powerful. The hacker communicated using the dark web — forums on websites that could only be accessed using web browsers that anonymize traffic. He also posted a few updates on Pastebin, a website hackers frequently post messages, including the announcement that he wanted to leave behind his life of cybercrime.
Using the information this Tox hacker had posted, I had very few details on how to contact him. It boiled down to a possible email address that he used and a PGP key (see my explanation on what that is below). Using these two pieces of information, I delved further, and ultimately found a way for us to talk in private.
What is a PGP key?
PGP stands for Pretty Good Privacy — no joke. A PGP key is a way that internet users can encrypt their messages, making it nearly impossible for anyone but the sender and receiver to read the message. Everyone using PGP must have two keys — a public key and a private key.
PGP works like this: If I want to send a message to you, I first need to know your public key (there are online repositories with public keys available). Then, using software, I write my message and the text is ciphered in a way that is unique only to your public key.
But the only way for this message to be deciphered is to use the second part of the puzzle — your private key. So I send you a message that is encrypted using your public key. You must then put your private key into the PGP software to decrypt the message.
Given that no one but you knows the private key, it is nearly impossible for anyone to intercept the message and decode it.
I generated my own encryption key using software called GPG Suite. It is a program that makes it easy for people to encrypt and decrypt messages. (I won’t go into great detail about all the things GPG Suite can do, but here’s a bunch of documentation about the software if you’re interested in learning more.)