If only we knew OBL's Discord handle then we would have known he was about where we figured he was all along...
And then this whole thing gets thrown off if one uses a VPN with an endpoint somewhere other than where you are. Click a button, suddenly my datacenter is AMS. Click it again, suddenly its OTP...
>If only we knew OBL's Discord handle then we would have known he was about where we figured he was all along...
Discord is just an example, this can apparently work with many apps that store user attachments on Cloudflare.
>Click a button, suddenly my datacenter is AMS. Click it again, suddenly its OTP...
Well, if the location keeps changing, it's obvious it's not their real location. But if it’s always the same, no matter what, that’s a huge clue. Of course, this works best when you’ve got some other data to back it up. It’s kind of like playing Akinator - the more answers you get, the closer you get to figuring out the target. One answer might not tell you much, but three or four?
In their example target it pinged two datacenters, one in Dallas and on in San Franciso. Their requests might bounce between datacenters even if they aren't on a VPN.
This assumes that Osama bin Laden has poor enough opsec that he's using (eg.) Discord without a proxy. State actors have much more sophisticated techniques available.
(It's still an interesting vector, though! But it's true that the headline and writeup are a bit sensationalized.)