Slashdot Mirror
Accused LulzSec Members Left Trail of Clues Online
Trailrunner7 writes "When the long arm of the law reached in to arrest members of Anonymous's senior leadership on Tuesday, speculation immediately turned to the identities of the six men behind the Guy Fawkes mask. With the benefit of hindsight, it turns out that many had been hiding in plain sight, with day jobs, burgeoning online lives and — for those who knew where to look — plenty of clues about their extracurricular activities on behalf of the world's most famous hacking crew. Two of the accused, Darren Martyn (aka 'pwnsauce,' 'raepsauce,' and 'networkkitten,') and Donncha O'Cearbhail, formerly known as Donncha Carroll (aka 'Palladium'), sported significant online footprints and made little effort to hide their affinity for hacking. In other areas, however, Martyn (who was reported to be 25, but claimed to be 19), seemed to be on his way to bigger and better things. He was a local chapter leader of the Open Web Application Security Project in Galway, Ireland. He spent some of his free time with a small collective of computer researchers with Insecurety Research, under the name 'infodox.'"
They're all human, obviously. And perhaps the risk aversion that would have driven them to meticulously fly under the radar ultimately would have prevented them from creating such a spectacle in the first place?
Emotions! In your brain!
... only outlaws will own compilers.
We have people who are killing others. They are bombing innocents. They are threatening the security of the free World. And they are eluding authorities.
But God forbid you attack some Big Corps website and *gasp* force their website down! Then there's a HUGE manhunt to get those criminals!
Every one of these "law enforcement" officials should get a swift kick in the ass and their priorities straightened out.
http://th3j35t3r.wordpress.com/2011/11/19/if-i-am-wrong-ill-say-im-wrong-heres-my-apology/
They're children going up against people who have been trained to play this game by masters at it. They were nothing until they became a significant irritant and when that happened they ended up under a sledgehammer. It is a most dangerous game where you cannot make a mistake at as your life is at stake. I don't know how badly they will fall but they're tagged now and most likely will be assigned to someone to watch for some time to come.
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
A bit of time ago, I met a man who was very good at computer and physical security. He works now as a consultant for a local law enforcement agency; They bring him in for high tech crimes that are beyond their resources to crack. I know I'm being a bit short on details here, but bear with me. Anyway, he became a consultant because in his earlier life, he had gotten into some financial hardship and made a couple poor judgement calls, as seems to happen so often to otherwise highly intelligent people. Well, part of that contract was that he had to work for some unsavory folk helping them bypass security. That group of individuals then graduated from protection racket and simple ID theft to clearing out a dozen floors of a skyscraper under cover of darkness.
The police didn't know what to do, and they didn't make it public because the enormity of the crime would have rocked the downtown financial district. Now my friend didn't want to be doing this forever, but he was rather stuck -- because now that the crimes were done, he was a liability, but at the same time, an asset to the organization he worked for. He knew it was only a matter of time before the liability side of the equation exceeded his usefulness and they ended him.
So he did what anyone would do: He asked for help. Not straight out. Not directly, because he was under surveillance all the time by his "friends". So he started leaving clues. Misplaced equipment that would, say, print out his initials over and over again when found later at the crime scene. Subtle things. But enough that law enforcement got the idea that someone was trying to say "help me get out."
Eventually, without his testimony being needed, they were able to piece together the bread crumb trail and nail the entire criminal organization in one sweep. He had to do time of course, but after only a year or so, they let him out on a very generous probation on one condition: Help them solve other crimes too complex for them to deal with.
Now there was no movie ever made about this guy, no book deals, nothing. But he's not the first, he surely won't be the last, and I think it would behoove you people to consider that these people might have wanted to get caught. Sometimes people just get tired. Sometimes they have a change of heart. Sometimes they find out that it was all fun and games until they found out who was writing the paycheck. These "security researchers" are more than likely ex-members of similar organizations that are doing the same thing for the lulzsec people that someone else once did for them: Extradite them from a situation they've gotten too far into.
So people, just remember: You may have their names. It's almost assured you do not have their story.
#fuckbeta #iamslashdot #dicemustdie
The things they mention sound just like any other security specialist. How is it obvious from this information they did all this stuff?
Remember that kids. Its not only servers which log connections. Routers can do it as well. Don't do it from McDonalds because they use CCTV. Steal a connection but try not to leave DNA and only use any given connection once. Don't use a car which can be traced to you either. Don't associate with other hackers because they are probably spies. Don't promote your activities on twitter etc because that makes it too fucking easy for the police to come and get you.
Also in the summary its supposed to be "plain sight", not "plain site". They are two different words.
http://michaelsmith.id.au
Isn't it funny that these two guys in the story, Darren Martyn and Donncha O'Cearbhaill happen to be the ones that are currently not in US custody? Are we already setting the scene for the extradiction process?
When the copyright term is "forever minus a day", live every day like it's the last.
LulzSec were their own hacker group operating under their own name to bolder their own egos. Please don't conflate them with Anonymous.
LulzSec shared some aims and humor with Anonymous, but they always wanted to be identified. And that egotism helped get them caught.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
tEy VV4Z 3Lee7e.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Comply or Die. Dont dare to change the system or the system will erase you.
They got caught because they had a publicity department. They wanted the public to know what was going on. I don't think it is that hard to live a double life as long as you want to keep an aspect of your life secret.
http://michaelsmith.id.au
What for?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
God bless those freedom fighers. May this arrest teach the others to burrow a bit deeper next time.
"It's about laws and ethics, and people have to determine whether they want to follow the speed limit, follow the law," Thomas Brennan, who is a director of OWASP's parent group, told Reuters. "We have the same skill set as the bad guys, but the only difference is ethics."
The law is about morality. It's ethical to break the law provided you have no possibility of getting caught or paying the consequences. It only becomes unethical when the consequences outweigh the benefits. Morality isn't about the consequences of following a certain law, morality is about what you are conditioned to do based on trends, religion, tradition.
Anyone can be moral. Simply do exactly what society expects you to do and no more. To be ethical however requires you to do what produces the best consequences for yourself AND for society. John Nash proved this already so it's not really up for debate as the math of game theory is out there. Ethics are calculations to produce the best consequences, or to produce equilibrium while morals might produce terrible consequences for society and even for the individual in the long term.
So let me make it simple, being moral allows you to have a life where you never have to worry about going to prison because you'll never break the law. You'll never rebel against authority so there is less of a chance that authority will crack down on you. The consequence is you sacrifice your personal opinions and feelings in order to adapt to the rules of society. You become a robot of society in exchange for being moral.
Most people are moral, few people are ethical, and fewer are both ethical and moral. I try to be ethical and moral. Meaning I wont break the law because I don't want to go to jail, but I don't decide right and wrong based on the law because the law doesn't protect me all the time and I've got to protect myself.
And there is nothing more to say about it.
Let me make something clear to any would be members of these groups or individuals who think hackers are cool. If you are a hacker expect to go to jail. Don't protest or do anything which isn't worth going to jail for. Most of the hacks these individuals participated in were not the sort of stuff that in hindsight they will believe was worth sacrificing their life for.
These individuals may not be physically dead but they have no future, no career. The rumored snitch Sabu has it the worst because if what they say about him is true he's not going to be accepted in the criminal or police world so he's fucking gone.
LulzSec always seemed like a dumbass group. I'm not a big fan of the whole AntiSec agenda, and I don't think LulzSec can be compared to Anonymous. LulzSec was not defending human rights in any way, while at least with Anonymous you have people who believe in something other than lulz.
And it doesn't require pissing off the feds. You can protest in a smart way or in a dumb way and many of Anonymous choose the dumb way with dumb consequences. If they are going to be political freedom fighters, warriors, then they will have to act like warriors and think like warriors.
Young people need to be educated so they know when they get involved with these groups it's like getting involved with a mafia or terrorist organization. Their life is changed forever, many of them might not survive it, those who do could have their life destroyed in all kinds of ways, basically it's young people sacrificing their future.
LulzSec in my opinion were sacrificing their future for dumb reasons. Was it worth going to jail over? Now they are useless to society and can't do shit.
that never stopped anyone from being sent to gitmo...
Not just dumping random documents of stuff which only functions as PR but actual evidence.
If the US government is committing war crimes or if some other government is, then produce the evidence and take it to the UN. Even if nothing happens at least the world will know and this sort of activity makes sense. But what LulzSec was doing was not exposing war crimes, or protecting life, or protecting human rights, they were going around stealing credit card information and other really stupid crimes. They were going with this anti-sec f the police mentality.
There are police who believe in human rights and who have family and children. Anonymous isn't providing any evidence of any illegal activity which the police could use to do anything. If the issue is the police are too corrupt to do anything then where is the evidence of police corruption? Basically Anonymous is breaking laws just to break them and hacking just to hack in many cases.
And now it seems every protest they do requires some sort of illegal activity. Maybe they'd get more people to support them if not every protest requires DDOS attacks or taking down websites or breaking laws. Some people have a lot to lose, have families, and cannot afford to break the law. Some people are the police, or are in positions of authority.
Google Cache Link: http://webcache.googleusercontent.com/search?bih=966&sclient=psy-ab&q=cache%3Ahttps%3A%2F%2Fthreatpost.com%2Fen_us%2Fblogs%2Fmask-gone-anonymous-leaders-left-big-footprint-online-030912&oq=cache%3Ahttps%3A%2F%2Fthreatpost.com%2Fen_us%2Fblogs%2Fmask-gone-anonymous-leaders-left-big-footprint-online-030912&aq=f&aqi=&aql=&gs_sm=3&gs_upl=4796l8893l1l9242l8l6l1l0l0l0l158l652l4.2l7l0&gs_l=serp.3...4796l8893l1l9242l8l6l1l0l0l0l158l652l4j2l7l0&pbx=1
From what I could tell, they could've avoided being caught by simply keeping their mouth shut and not tell their life story to each other.
Dilbert RSS feed
They are actually agents of wintermute, recruited in Chiba city, duped into doing the dirty work of an AI on the loose. This is best handled by the Turing authority.
music lover since 1969
EVERYBODY RATS.
It's rule #1.
Not to the extent that he did it. You can torture a confession out of anyone but Sabu was actually working FOR the feds not just broken by them. You're right if tortured anyone can be broken given enough time but thats not the same situation.
Honestly, hacking from home is the first thing you learn on the "only idiots do this" hacking guide.
#2 is keep your meatspace separate from your cyberspace.
They were n00bs, and got tagged, Just like how Mitnick was pretty much a n00b, he was a moron and got himself caught. Although I'm wondering if they were patsy's set up by the real leaders. Like how the President of Iran really is a worthless meatbag that cant do anything, it's the ayatollah that is the actual leader.
And FYI: NSA,BATF,HSA spooks. All you found here is an old retired security expert. nothing to see here, move along. I was smart enough to never know anything about any friends that I may or may not have had, and made sure they did not know anything about me. Getting to see the guys get nailed that I may have heard of in the Legion of Doom and the 411's was enough for me to keep my nose clean.
Basically, I did nothing, nobody saw me do anything, no logs point back at me. Only morons let other hackers know who they really are.
"Routers can do it as well. Don't do it from McDonalds because they use CCTV."
Um yeah. You have never hacked anything have you.
McDonalds is awesome. 1 small yagi and I can be hundreds of feet away and connect to the Mickey D's AP and hack away. If you think a "hacker" sits in the restaurant with his trenchcoat and flat black laptop with a silver skull spraypainted on it, you really need to learn about the subject.
A uber hax0r will have a nice log of open AP's in an area. he also will have a log of WEP AP's and other routers/AP's as well. He then will do some testing to find good low latency connections.
If he is really good, he will have purchased several sheevaplugs with harmless stickers like "HP Printer" or "ADT security" on them. Gain access to some locations and you plant the box, just plug it in to the wall and network. Small businesses will never notice and most dont have a managed network. Now you just installed a great proxy to go in and out of. Set that sheevaplug up right and it will not only not hold any logs, but erase it's self when the network is unplugged, add a small battery, and it will erase it's self when power is lost.
The security on most company networks is a joke, a device like I mentioned could go years without detection.
Do not look at laser with remaining good eye.
All good points and far better than working from their home ADSL lines which is what LulzSec were apparently doing. I hadn't considered using a directional antenna but that would certainly make you harder to find.
http://michaelsmith.id.au
Every time they make this claim, I can't help but giggle.
Hackers nowadays don't even know the rules of hacking
First rule of hacking - Don't leave any trail behind
Second rule of hacking - Leave false leads
Muchas Gracias, Señor Edward Snowden !
Sabu was essentially an FBI agent. all the hacks that happened within the past 6 months under the guise of anonymous were, essentially, controlled and directed by the FBI. the FBI even hosted servers for them to use in their operation.
the first rule of hacking would seem to be - if someone asks you to do something illegal and stupid, it's probably an FBI sting operation.
Yes. Do it from the telecom's central office. They love that.
I am John Hurt.
Hmm. Let's see here. They're using cracking skills from 1995 and the movie "Hackers"...and there are a hideous number of security companies (including one former anti-virus company) that want to be fed...
Definite possibility.
I am John Hurt.
Never tell your MO. You have just described the guy that hacked my employers systems. The only way you know how they did that, is if you were that guy. Busted!
I was promised a flying car. Where is my flying car?
LulzSec in my opinion were sacrificing their future for dumb reasons. Was it worth going to jail over?
Many Bothans died to bring us these Lulz.
No, what he meant is that everyone in prison or under threat of same rats. Read some true crime. Talk to admins or guards from a prison. Don't bother with prisoners because they lie. Too much reputation to protect. Most of these jailhouse turds would sell their own mother for an extra slice of bread at lunchtime.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Makes me wonder if LulzSec was the creation of the FBI.
If LulzSec was a creation of the FBI why are all the members being arrested by the FBI?
Sabu whomever he is, his life is ruined as a reward for helping the FBI. Those others involved their lives are ruined because they got arrested by the FBI. I don't see how this equates to the FBI creating LulzSec unless you know something we don't.
No, what he meant is that everyone in prison or under threat of same rats. Read some true crime. Talk to admins or guards from a prison. Don't bother with prisoners because they lie. Too much reputation to protect. Most of these jailhouse turds would sell their own mother for an extra slice of bread at lunchtime.
I don't see your point. Yes there are traitors in prison but there are even more traitors outside of prison. Hackers could never trust each other.
I mean they want to scoop up some people who are associated with Anonymous so they start with this guy Sabu who already has a record and they push him into creating a new, smaller organisation and recruiting people to join it. Then Sabu builds LulzSec to the point where they do a few operations, all the time feeding evidence to the FBI. Once the FBI have enough information the arrests start. It all comes down to the order or operations. Did the FBI start working with Sabu before or after LulzSec started up?
http://michaelsmith.id.au
Way upthread you implied that only pussies become snitches. The AC and I disagree with that assessment.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Way upthread you implied that only pussies become snitches. The AC and I disagree with that assessment.
There is a difference between being tortured and broken and testifying on the stand against your brother. The snitch is testifying against his brother while the torture victim is saying anything to make the pain stop.
The information from someone who has been tortured is notoriously unreliable because we know they'll say anything the authorities want them to say even if it's bullshit. What Sabu did went far beyond just saying stuff, he actually entrapped people according to the documents so he's an absolute snitch, traitor, etc.
The last guy who resembled Sabu was Albert Gonzalez. Nobody can trust a snitch, not the feds and not the community. What happened the moment the feds were finished exploiting Sabu as a resource? They threw him overboard like trash.
They just can't help but run their mouth. To some extent it is just human condition, we all like to talk, but of course when what you are talking about it perfectly legal it doesn't matter. However criminals in particular like to get all braggey. They are very proud of the fact that they pulled one over on "the man" and want to talk about it. Police are only all to happy to use that against them.
People who whine about the Big Corps and CEOs and all that seem to forget that quite often what they were doing was NOT illegal. You cannot punish someone ex post facto in the US. You can't say "What you were doing was perfectly legal when you did it, but now we want it to be illegal so we are going to punish you." That isn't just a concept in US law, it is one of those things made explicit by the constitution. Some of it is still legal now (like high frequency trading).
The feds do, in fact, go after CEOs engaged in illegal behaviour. Bernie Madoff would e the most high profile recent example, but there are more if you care to look in to it. They don't just go and arrest anyone that some random geeks feel were bad though.
Sabu's life isn't ruined. Looks like he will just about "get-away" with his involvement because he gave leads to catch the others.
Most likely once the others have been to trial the FBI, at tax-payer expense will give him a new name- in a new city, a large pay-cheque- and have him do work for them.
Far from being ruined. Sabu's life has probably been made.
"That's the way to do it" - Punch
....Professional-level OPSEC from amateurs?
XD
Regards;
Sabu was an FBI agent, the FBI helped him find servers for the stratfor leak. all over the news in the past few days.
Regular SQL injection exploits is nothing to shake a stick at.
I would even go as far as saying they seemed like amateurs when they publicized their trivial "hacks" that most security scanners would discover within minutes.
Change is certain; progress is not obligatory.
Protest may not require breaking the law but it's more effective when protesters do. It's called Civil Disobedience!
How many "Occupy" protesters are in the SF or NY judicial system because they were protesting? Would we know about their cause if they just stood down the street holding up signs? I would argue, NO!. That level of civil disobedience was required to get media attention. There was no media coverage of the Occupy events for weeks.
How many were jailed while protesting nuclear power plants in their home towns? Many of those arrests resulted in the plant NOT being constructed. All of those arrests resulted in a dramatic reduction in new nuclear power plants in the US. Can you say those arrested protesters were not effective? Only now are we seeing new projects breaking ground and those are being vehemently protested resulting in arrests.
This level of civil disobedience may be required to bring your cause before the courts. Do you disagree? then go back to school and take Civics 101. It's how our system works so stop vilifying protesters.
LulzSec had a specific mission, separate and distinct from Anonymous. It's mission was to point out the incompetency of people we trust to secure our digital society. They did so in an embarrassingly effective way. I believe they all knew the risks involved in what they were doing. I support that belief by pointing out the steps they took to cloak their identity and avoid prosecution for the laws they knew they were breaking. In my mind that makes them patriots willing to suffer persecution for standing up against corruption and incompetence in the very agencies we charge with security. Were I the sentencing judge I would have to give them the recommended minimum sentence but I would also charge the people they exposed with negligence and complicity. If someone breaks in and steals from you, jail them. If someone breaks in then leaves a note behind and tells you how they did it, hire them!
I hope and expect that these people cited as being "senior leadership" were in fact just inexperienced noobs that got caught. I'm ashamed to say my government has a long history of holding up some patsy as the "Ring Leader" because it makes good press rather than because the assertion has any validity. I see this as another reason to repeal "Qualified Immunity". It made sense 100 year ago but no longer. Today "Qualified Immunity" only creates a group of people "above the law" and empowers them with laziness and incompetence. A public detective can get malpractice insurance the same as a private detective or a doctor or any of a thousand other professions. When will we stop coddling incompetence? When will we stop letting them run amok when someone embarrasses them?