Slashdot Mirror
Accused LulzSec Members Left Trail of Clues Online
Trailrunner7 writes "When the long arm of the law reached in to arrest members of Anonymous's senior leadership on Tuesday, speculation immediately turned to the identities of the six men behind the Guy Fawkes mask. With the benefit of hindsight, it turns out that many had been hiding in plain sight, with day jobs, burgeoning online lives and — for those who knew where to look — plenty of clues about their extracurricular activities on behalf of the world's most famous hacking crew. Two of the accused, Darren Martyn (aka 'pwnsauce,' 'raepsauce,' and 'networkkitten,') and Donncha O'Cearbhail, formerly known as Donncha Carroll (aka 'Palladium'), sported significant online footprints and made little effort to hide their affinity for hacking. In other areas, however, Martyn (who was reported to be 25, but claimed to be 19), seemed to be on his way to bigger and better things. He was a local chapter leader of the Open Web Application Security Project in Galway, Ireland. He spent some of his free time with a small collective of computer researchers with Insecurety Research, under the name 'infodox.'"
They're all human, obviously. And perhaps the risk aversion that would have driven them to meticulously fly under the radar ultimately would have prevented them from creating such a spectacle in the first place?
Emotions! In your brain!
You laugh. Given the tract record of our government, our heroes in office may decide to pass another epic failure of a bill. DHS mandated list of federal certified software developers. All compilations are recorded, audited, and the compiler software itself certified by the feds. Give another 10 years. It will happen. Not because it should, but because it can be.
I never said any of this was rational. Just projecting a future based on the insanity that's going on now.
Life is not for the lazy.
Whoa, whoa, whoa. Are you suggesting that we don't need dozens of armed policemen and helicopters to arrest the owner of a website that facilitated the copying of copyrighted material!? Are you actually suggesting that murder is worse than 'hacking' a website or infringing upon someone's copyright and that perhaps these expensive investigations aren't necessary!?
How dare you!
They're children going up against people who have been trained to play this game by masters at it. They were nothing until they became a significant irritant and when that happened they ended up under a sledgehammer. It is a most dangerous game where you cannot make a mistake at as your life is at stake. I don't know how badly they will fall but they're tagged now and most likely will be assigned to someone to watch for some time to come.
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
Taking a website down costs the company money and we all know the governments, law makers and law enforcers are in the pockets of the big corporations.
On the other hand terrorists help to MAKE money for the corporations (arms, oil etc etc) so there is much less incentive to catch them.
Capitalism at it's finest.
A bit of time ago, I met a man who was very good at computer and physical security. He works now as a consultant for a local law enforcement agency; They bring him in for high tech crimes that are beyond their resources to crack. I know I'm being a bit short on details here, but bear with me. Anyway, he became a consultant because in his earlier life, he had gotten into some financial hardship and made a couple poor judgement calls, as seems to happen so often to otherwise highly intelligent people. Well, part of that contract was that he had to work for some unsavory folk helping them bypass security. That group of individuals then graduated from protection racket and simple ID theft to clearing out a dozen floors of a skyscraper under cover of darkness.
The police didn't know what to do, and they didn't make it public because the enormity of the crime would have rocked the downtown financial district. Now my friend didn't want to be doing this forever, but he was rather stuck -- because now that the crimes were done, he was a liability, but at the same time, an asset to the organization he worked for. He knew it was only a matter of time before the liability side of the equation exceeded his usefulness and they ended him.
So he did what anyone would do: He asked for help. Not straight out. Not directly, because he was under surveillance all the time by his "friends". So he started leaving clues. Misplaced equipment that would, say, print out his initials over and over again when found later at the crime scene. Subtle things. But enough that law enforcement got the idea that someone was trying to say "help me get out."
Eventually, without his testimony being needed, they were able to piece together the bread crumb trail and nail the entire criminal organization in one sweep. He had to do time of course, but after only a year or so, they let him out on a very generous probation on one condition: Help them solve other crimes too complex for them to deal with.
Now there was no movie ever made about this guy, no book deals, nothing. But he's not the first, he surely won't be the last, and I think it would behoove you people to consider that these people might have wanted to get caught. Sometimes people just get tired. Sometimes they have a change of heart. Sometimes they find out that it was all fun and games until they found out who was writing the paycheck. These "security researchers" are more than likely ex-members of similar organizations that are doing the same thing for the lulzsec people that someone else once did for them: Extradite them from a situation they've gotten too far into.
So people, just remember: You may have their names. It's almost assured you do not have their story.
#fuckbeta #iamslashdot #dicemustdie
We have people who are killing others. They are bombing innocents. They are threatening the security of the free World. And they are eluding authorities.
But God forbid you attack some Big Corps website and *gasp* force their website down! Then there's a HUGE manhunt to get those criminals!
Every one of these "law enforcement" officials should get a swift kick in the ass and their priorities straightened out.
You don't assign every police officer to murder cases and let cases of car theft go uninvestigated, do you? You don't spend all of your resources going after counterfeiters and ignore the guy stealing social security checks from peoples' mailboxes. The people going after Anonymous are specialized for this kind of investigation. It would be pointless to put them on an anti-terrorism investigation.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
The things they mention sound just like any other security specialist. How is it obvious from this information they did all this stuff?
Remember that kids. Its not only servers which log connections. Routers can do it as well. Don't do it from McDonalds because they use CCTV. Steal a connection but try not to leave DNA and only use any given connection once. Don't use a car which can be traced to you either. Don't associate with other hackers because they are probably spies. Don't promote your activities on twitter etc because that makes it too fucking easy for the police to come and get you.
Also in the summary its supposed to be "plain sight", not "plain site". They are two different words.
http://michaelsmith.id.au
Isn't it funny that these two guys in the story, Darren Martyn and Donncha O'Cearbhaill happen to be the ones that are currently not in US custody? Are we already setting the scene for the extradiction process?
When the copyright term is "forever minus a day", live every day like it's the last.
LulzSec were their own hacker group operating under their own name to bolder their own egos. Please don't conflate them with Anonymous.
LulzSec shared some aims and humor with Anonymous, but they always wanted to be identified. And that egotism helped get them caught.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
Are you insinuating that because there are worse crimes, we shouldn't enforce laws against the other crimes?
Because that would be a really, really stupid argument.
Perhaps he's insinuating that, if there's manpower to spare on either of those things, it should go to the more serious crimes. And the punishment should also fit the crime, and not be blown out of proportion.
Even if he's not insinuating that, perhaps I should do so.
"It's about laws and ethics, and people have to determine whether they want to follow the speed limit, follow the law," Thomas Brennan, who is a director of OWASP's parent group, told Reuters. "We have the same skill set as the bad guys, but the only difference is ethics."
The law is about morality. It's ethical to break the law provided you have no possibility of getting caught or paying the consequences. It only becomes unethical when the consequences outweigh the benefits. Morality isn't about the consequences of following a certain law, morality is about what you are conditioned to do based on trends, religion, tradition.
Anyone can be moral. Simply do exactly what society expects you to do and no more. To be ethical however requires you to do what produces the best consequences for yourself AND for society. John Nash proved this already so it's not really up for debate as the math of game theory is out there. Ethics are calculations to produce the best consequences, or to produce equilibrium while morals might produce terrible consequences for society and even for the individual in the long term.
So let me make it simple, being moral allows you to have a life where you never have to worry about going to prison because you'll never break the law. You'll never rebel against authority so there is less of a chance that authority will crack down on you. The consequence is you sacrifice your personal opinions and feelings in order to adapt to the rules of society. You become a robot of society in exchange for being moral.
Most people are moral, few people are ethical, and fewer are both ethical and moral. I try to be ethical and moral. Meaning I wont break the law because I don't want to go to jail, but I don't decide right and wrong based on the law because the law doesn't protect me all the time and I've got to protect myself.
And there is nothing more to say about it.
Let me make something clear to any would be members of these groups or individuals who think hackers are cool. If you are a hacker expect to go to jail. Don't protest or do anything which isn't worth going to jail for. Most of the hacks these individuals participated in were not the sort of stuff that in hindsight they will believe was worth sacrificing their life for.
These individuals may not be physically dead but they have no future, no career. The rumored snitch Sabu has it the worst because if what they say about him is true he's not going to be accepted in the criminal or police world so he's fucking gone.
LulzSec always seemed like a dumbass group. I'm not a big fan of the whole AntiSec agenda, and I don't think LulzSec can be compared to Anonymous. LulzSec was not defending human rights in any way, while at least with Anonymous you have people who believe in something other than lulz.
Comply or Die. Dont dare to change the system or the system will erase you.
Yes just like in the Soviet Union or in the USA during the 60s.
And it doesn't require pissing off the feds. You can protest in a smart way or in a dumb way and many of Anonymous choose the dumb way with dumb consequences. If they are going to be political freedom fighters, warriors, then they will have to act like warriors and think like warriors.
Young people need to be educated so they know when they get involved with these groups it's like getting involved with a mafia or terrorist organization. Their life is changed forever, many of them might not survive it, those who do could have their life destroyed in all kinds of ways, basically it's young people sacrificing their future.
LulzSec in my opinion were sacrificing their future for dumb reasons. Was it worth going to jail over? Now they are useless to society and can't do shit.
We have people who are killing others. They are bombing innocents. They are threatening the security of the free World. And they are eluding authorities.
But God forbid you attack some Big Corps website and *gasp* force their website down! Then there's a HUGE manhunt to get those criminals!
Every one of these "law enforcement" officials should get a swift kick in the ass and their priorities straightened out.
Right, because identity theft and monetary fraud should be ignored so long as there are murderers and rapists out there. And yes, the Lulzsec guys did, in fact, steal CC and SSN numbers and use them to commit fraud. Our present financial system, like it or not, is based around electronic identity and credit/debit. Comitting fraud like that destroys the trust in the system, which in turn contributes to economic insecurity for our entire economy.
Was what they did as bad as the CEOs of mega-corporations who gamed the system, or a random murderer? No. Was it illegal and destructive to society, and therefore worthy of prosecution? Yes. Perhaps more importantly, if they let these guys continue, it gives other hackers confidence to try the same thing, and you can bet they won't all restrict themselves to hacking Stratfor: very soon, it would be your bank and your money that gets stolen, potentially destroying your entire life. Lawlessness cannot be allowed to continue, or it will spread. It happens every time.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
Not just dumping random documents of stuff which only functions as PR but actual evidence.
If the US government is committing war crimes or if some other government is, then produce the evidence and take it to the UN. Even if nothing happens at least the world will know and this sort of activity makes sense. But what LulzSec was doing was not exposing war crimes, or protecting life, or protecting human rights, they were going around stealing credit card information and other really stupid crimes. They were going with this anti-sec f the police mentality.
There are police who believe in human rights and who have family and children. Anonymous isn't providing any evidence of any illegal activity which the police could use to do anything. If the issue is the police are too corrupt to do anything then where is the evidence of police corruption? Basically Anonymous is breaking laws just to break them and hacking just to hack in many cases.
And now it seems every protest they do requires some sort of illegal activity. Maybe they'd get more people to support them if not every protest requires DDOS attacks or taking down websites or breaking laws. Some people have a lot to lose, have families, and cannot afford to break the law. Some people are the police, or are in positions of authority.
You aren't even following your own thoughts to their logical conclusions.
So whenever we have manpower to spare for other things, it should be diverted to more serious crimes. That's what you're claiming -- I'm not even significantly changing your wording. Can you really not see that the ONLY possible outcome of that approach is having literally 100% of resources focused on whatever the single worst crime is? That until that outcome is reached, you can ALWAYS complain that we should take resources away from lesser crimes and focus them on worse ones?
Look, if you think hacking and piracy should be legal, come out and say it. Don't put forward these facile arguments that society is incapable of enforcing multiple laws at once.
You don't assign every police officer to murder cases and let cases of car theft go uninvestigated, do you? You don't spend all of your resources going after counterfeiters and ignore the guy stealing social security checks from peoples' mailboxes.
No, but neither do you assign 1000% more funding to the social security check thieves than the anti-counterfeiting squad, and spend time training up all ten times more people to perform the former function than the latter.
Yes, those particular officers aren't interchangeable. That doesn't mean anti-piracy tunnel-vision isn't an endemic problem in US law enforcement.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
Well, piracy is a problem for the Navy, not the FBI, so I don't see how is that relevant.
Dilbert RSS feed
From what I could tell, they could've avoided being caught by simply keeping their mouth shut and not tell their life story to each other.
Dilbert RSS feed
You are optimistic. I give it 5 years before we all live behind digital walled gardens, tended by the feds.
Be sure to keep backups of tools... before they are gone.
---- Booth was a patriot ----
Do most states even have actual speed limits? In my state, there are "speed limit" signs with numbers on them posted through the road system, but the actual state code uses language that suggests otherwise - the actual law is that drivers must drive at "reasonable and prudent" speeds, and that exceeding the posted limit is "prima facie" evidence of violation.
Can you be Even More Awesome?!
"Routers can do it as well. Don't do it from McDonalds because they use CCTV."
Um yeah. You have never hacked anything have you.
McDonalds is awesome. 1 small yagi and I can be hundreds of feet away and connect to the Mickey D's AP and hack away. If you think a "hacker" sits in the restaurant with his trenchcoat and flat black laptop with a silver skull spraypainted on it, you really need to learn about the subject.
A uber hax0r will have a nice log of open AP's in an area. he also will have a log of WEP AP's and other routers/AP's as well. He then will do some testing to find good low latency connections.
If he is really good, he will have purchased several sheevaplugs with harmless stickers like "HP Printer" or "ADT security" on them. Gain access to some locations and you plant the box, just plug it in to the wall and network. Small businesses will never notice and most dont have a managed network. Now you just installed a great proxy to go in and out of. Set that sheevaplug up right and it will not only not hold any logs, but erase it's self when the network is unplugged, add a small battery, and it will erase it's self when power is lost.
The security on most company networks is a joke, a device like I mentioned could go years without detection.
Do not look at laser with remaining good eye.
Every time they make this claim, I can't help but giggle.
Well then the lesson seams to be if you are gaming the systems then aim for billions then in most cases you are not going to get punished :)
Hackers nowadays don't even know the rules of hacking
First rule of hacking - Don't leave any trail behind
Second rule of hacking - Leave false leads
Muchas Gracias, Señor Edward Snowden !
Sabu was essentially an FBI agent. all the hacks that happened within the past 6 months under the guise of anonymous were, essentially, controlled and directed by the FBI. the FBI even hosted servers for them to use in their operation.
the first rule of hacking would seem to be - if someone asks you to do something illegal and stupid, it's probably an FBI sting operation.
Never tell your MO. You have just described the guy that hacked my employers systems. The only way you know how they did that, is if you were that guy. Busted!
I was promised a flying car. Where is my flying car?
"You don't assign every police officer to murder cases and let cases of car theft go uninvestigated, do you? "
So I can pull all the cops off of the murder cases to take down a serial jay walker?
Hey, Sarge! I need all the helicopter units, Yeah screw that missing child search, I got a hacker!
I'll agree with you when they stop being corporate enforcement puppets.
Do not look at laser with remaining good eye.
People who whine about the Big Corps and CEOs and all that seem to forget that quite often what they were doing was NOT illegal. You cannot punish someone ex post facto in the US. You can't say "What you were doing was perfectly legal when you did it, but now we want it to be illegal so we are going to punish you." That isn't just a concept in US law, it is one of those things made explicit by the constitution. Some of it is still legal now (like high frequency trading).
The feds do, in fact, go after CEOs engaged in illegal behaviour. Bernie Madoff would e the most high profile recent example, but there are more if you care to look in to it. They don't just go and arrest anyone that some random geeks feel were bad though.