Considering they'd even earlier today advertised a Monday booty release, I suspect that, rather than abandoning the Lulzsec facade after 50 days, it's that the fuzz is a little too hot on their trail for comfort.
I'd have to agree. Even now I think that with time they will all be outed - if they've not already. Some of these 'raids' have just been too daring to expect to get away with forever.
Really though, if all of your traffic is going through TOR to a vpn in eastern europe, the chances of being tracked down are slim to nil. Sure, there are theoretical weaknesses in TOR, but you'd need to control quite a few exit nodes to even begin to have a chance of pinpointing the endpoints. Combine that with a compromised wifi as a last resort (which you erase the logs of regularly), and you're pretty damned safe. All of the people who were arrested for hacking the CIA or DoD were caught many years ago, when anonymization tools weren't nearly so well developed, and the need for anonymization wasn't so clearly recognized. I'd like to see a modern story of the authorities finding someone who was hidden by TOR + vpn. I just don't see it happening any time soon.
Just like the low security systems they crack, the weakest link in their own chain is the human element.
Think password reuse is a problem? So is screen name reuse. So is having the same friends over time. So is trusting people.
A person's digital fingerprint is huge these days, and a human weakness can break the chain apart. And once one person's in custody? How much discipline do you think each member has to not snitch in the face of prison time?
Exactly right. We have images of government forces tracing connections across a glowing map thanks to movies, but really they just tap their network of informants, or do personal research.
In my imagination, they'll start with Aurenheimer's hdd. The world isn't that big. Think how the head of the CIA is probably 7 people away from anyone in luzsec.
The human element is clearly the weak point, but it's also the easiest to overcome. The cracker who speaks to no one is secure beyond reproach. That they inevitably speak to others in search of recognition and respect is a flaw in the operators, not the system.
You're assuming they're safe because their technology stack is safe, but there are about 20 ways that law enforcement could possibly track these guys down that don't require particularly l33t skillz.
Cops work like hackers in the sense that both groups attack vulnerabilities. The vulnerabilities here are clear: these guys have big mouths and they're overconfident. They'll talk to somebody someday, and when that happens, it will provide an opening for the fuzz.
Most any overlap between your "secret" identity and your "normal" identity can provide an opening.
This might involve (erroneously) shared contacts. Shared VoIP numbers. Shared MAC addresses, or shared IP addresses. Shared passwords. IRC channels or web sites.
Even what times you are active, what words and what phrases you use, and your browser strings can provide clues.
A group within (IIRC) Lebanon was reportedly identified a while back because of an opsec error; one of the folks involved in the group used a "restricted" cellular phone to call his girlfriend, and that broke open the identities.
The German Ultra encryption system was targeted and was sometimes vulnerable due to opsec errors. Opening such as key reuse, or sending duplicate messages, can provide openings that allowed decryption.
This area is related to the classic "covert channels" discussions within information security; on the expected information leakage, and around how a "defender" wants to keep leakage at a minimum, and how an "attacker" is looking for clues and errors.
This is also a corollary to the classic difficulties with maintaining server security; leave one sufficiently egregious opening in your security, and you can be toast.
Right, but then they'd be prosecuted, and the means would come out. You wouldn't be able to both put people in jail based upon evidence gained from compromising TOR, as well as keep secret the fact that TOR was compromised. Not for long, at any rate.
Pretty simple really, at least in the UK. Just get someone to make an allegation against them (underage porn, etc), and their computers get seized. If the police just happen to discover a ton of other things they're really involved in whilst analysing them, there you go. If encrypted, under UK law you have to divulge the keys or go to jail, so you're guaranteed to get them some jail time.
I've seen news about child porn allegations in the UK that usually lead to nowhere in the latest years, mostly because of some credit card issues. I remember it happening with Pete Townshend (from The Who) and Robert Del Naja (from Massive Attack), plus some football player whose name I can't remember.
In the UK they can seize your computers from your home for creating a public nuisance or wasting police time (they actually did this to a journo a few years back). Oh, and they don't give them back. I mean yeah I think they're supposed to but they don't exactly get around to it quickly.
I'm pretty sure confidential informants are tailor made for covering up illegal or undisclosed investigation techniques. It's not like they haven't had a little practice trying to protect wiretaps.
Which isn't to say that I think the feebs have compromised TOR, because I think that's pretty unlikely.
That's an interesting perspective. Still, in order for the anonymous source's testimony to carry any weight, there'd have to be some solid evidence. Either they'd have to show traffic logs, or they'd have to show the results of forensics done on the suspect's hdd. If you've properly distanced yourself from your activities, then there shouldn't be anything on your hard drive to implicate you.
Ultimately, it comes down to human fuckups. Bradley Manning is not in jail because he didn't take security precautions, he's in jail because he talked to someone he shouldn't have. The same will be true of any reasonably sophisticated hacking organization. They can take all the precautions in the world, but a vengeful ex can bring the whole thing crashing down.
If they were serious about the investigation they'd probably get a sneak and peak warrant to install a keylogger/etc. (either electronically or physically) instead of just a smash and grab. That way they'd have some good trial evidence, because as you say relying on forensics for computer crime is quite dicey - something the bureau is all too familiar with. If they can beat the system electronically this also gives them a chance to see whether there is anything that'd make a quick seizure worth it.
The law enforcement exposure they just did undoubtedly made it much easier to get warrants or FISA approval if they did have some targets.
Addressing his points one by one (quotation marks should in no way be thought of as referring to a quote):
"The Navy made it, why'd they release it?"
-They released it because it's entirely useless if the military are the only ones using it.
"It's not theoretically effective. There's lots of ways to break it."
-Sure, there have been papers written about ways to break TOR. I've yet to see someone actually do it. That doesn't mean the NSA or whoever isn't doing it, but you'd think if someone had compromised the system you'd see some story about it. Somebody who was using TOR would have been tracked down and they would have thought, "hey, wait a minute..."
"Project Vigilant"
-Meh. Again, if they compromised TOR, you'd hear about it. They'd have given the IPs of hidden wiki visitors to the feds, and some pedo would have been arrested. If PV don't care about pedos, they would have given the feds some information about somebody that would have led to some sort of action. The fact that none of this has come to light is pretty strong evidence that PV has not compromised TOR.
"Wikileaks uses TOR"
-So the fuck what? They have a pretty clear use case, and the fact that ioerror is a contributor means he's concerned about anonymity (for obvious reasons), not that Wikileaks has hatched a plot to snoop on anonymized traffic and leak details. Why the hell would they bother? They've got more than enough stuff to leak handed to them. What are the chances that someone using TOR would be transmitting data that WL would care about?
This is just stream-of-consciousness FUD from Zed, of the type we're used to seeing from him. He throws out a bunch of what ifs and pretends it's an argument. Show me the evidence. Show me some indication that TOR has been breached and I'll be the first one to question whether it should be used. In the meantime, TOR is only getting more secure as more people talk about it and use it.
There's a lot to be said about super-node pattern analysis with TOR, as well as the flaws in the exit nodes with regard to unencrypted communications, but I couldn't get past the fact that Zed's entire post was a massive Godwin.
"P.S. I have a long bet that SELinux is an NSA backdoor. Any takers?" Really? Zed Shaw lost the credibility to talk about anything security related with that one sentence ...
Well, I think its just a matter of the amount of pressure a group puts on the feds for finding them. TOR is not 100% percent, iirc there are some rather successfull attacks against it, so once a group like LulzSec starts releasing stuff that is really hot (millitary documents, e.g. US war logs or the nuclear weapon codes :D ) the feds or rather the nsa will think of something new. I guess they have the monetary means to setup a few TOR nodes...
What do you mean by large projects? The size of the files they transfer?
Your machine -> TOR -> hacked home user or server -> your target.
This way you only transfer the files between the target and the hacked server, and from there on to a torrent, and heck, why not let that machine seed it too.
Chances are that they even used a chain of hacked machines to get to their target. It gets pretty complicated pretty quickly if you (as in FBI et al) have to raid several companies to get your hands on machines to do forensics on.
I doubt these files (or much of anything else) ever touched the criminal's physical machine. Unless, of course, they fucked up by, say, posting to pastebin or a tweet or something else that is seemingly insignificant (at the time) using their own IP.
This mirrors an idea that I had. TOR is a military project, and you know at least some of the exit nodes are controlled by the US gov't. Why not replicate TOR with a botnet? Bounce your communications around a plethora of average joes and you have yourself a more stable tor. If you spread the botnet without a CnC server and have the infected machines bounce random traffic around, it would be damned difficult to break. TOR is open source, so it shouldn't be too hard to modify it to work on a private network. The nice thing about it is that if you attract to much heat you can always ditch the network and start a new one.
Third world governments aren't exactly known for being cooperative with western governments. I'd rather have a rooted box in China or Pakistan than in North America or Europe.
That's the unfortunate bit -- some innocent people are likely to get their dog shot as the FBI busts down their door with assault rifles to seize a laptop.
Damn, the AT&T-release is especially juicy. It contains a lot of highly confidential information about technology and strategy that their competitors would love to get their hands on.
I'm a quite technical guy and I barely understand a thing. No wonders AT&T are having troubles with fixing their network troubles, it looks like a massive, massive beast of technology.
Because if they ever got caught the company would be sued out of existence (probably bought by competitors at that point). They have too much to lose in most cases.
My first job out of college was at Nortel, coding their 4G data network infrastructure. I still think I only understood about 20% of the big picture by the time I left. So many moving parts, massive code base and tons of acronyms.
What about analyzing their writing? They release quite a bit of text...somebody likes to write. Considering there are efforts to identify people by typing patterns, I wonder if this is how they'll get caught: http://petsymposium.org/2011/papers/hotpets11-final8Chairunn...
Unfortunately given the scope of that paper, it doesn't sound like typing patterns can be used just yet. A sample size of 36 participants doesn't handle the scale involved when going against 'The Internet'.
Also, the paper collected timestamps of each keystroke, something that'd need to done on suspects; however, if they are already suspecting you, they probably have other ways to identify you.
Finally, how in the world does a paper like this get away with having 'nowadays' in it? I know its a legit word, but, just seems awkward.
Was it written by an ESL speaker? Sometimes non-English speakers feel insecure starting a point without "However", "Because of this", and other conjunctions. If you don't need a conjunctions, you can say "Nowadays", but you don't need it. It's like the "auto" keyword in C. Because ESL speakers cram a lot of grammar into a few years, rather than spending years making simple sentences, they often use advanced patterns when simpler ones would suffice.
Note that the press release was two days ago, after NATO was notified by police. AFAIK, this is the first that Lulzsec has disclosed that the NATO bookstore was hit, which means the police knew before we did. That can't be good for those behind the mask.
AFAIK, this is the first that Lulzsec has disclosed that the NATO bookstore was hit, which means the police knew before we did. That can't be good for those behind the mask.
Maybe they were seeing how long it would take for the news to come out without their help.
My guess is that they spent a few days trying to see if they can access accounts of anyone important from the NATO dump. The passwords were in plaintext.
They would only release the data to the public once they are done using it.
After thinking about it for a few moments, I would guess that they largely sell books and research papers and suchlike on subjects that are of interest to those in member militaries, but aren't of sufficient general interest to make it to Amazon or otherwise.
EDIT: or, I could've spent a single moment to read the contents of the aforementioned link.
My question was badly phrased. I'm not that surprised that there are books/documents produced by NATO. I'm surprised they sell them. I think everything (public) produced by NATO should be freely accessible to everyone. This was so obvious to me that I'm surprised it's not the case, another little reminder of the world we live in.
Hm, are you sure? I have a couple accounts there (and they are appearing in the dump) and they are not simply md5(password). Of course they were long, random passwords and I don't play this game anymore, but I'm curious. Where did you read that?
Given that the LulzSec name was a clique from AnonOps rebranding itself to begin with, I would bet on the latter. Although it may be a while before we hear of them pulling such flamboyant stunts again.
Looks like they were a getting a bit anxious that they were going to be outed, which will ultimately still happen anyway. Regardless, it was a fun reading their Pastebins and Twitter feeds every few days making a mockery of multiple corporations information security.
1.) What information does the number of columns in a MySQL database convey? It's not just that there are six of them, but that records could be poured over for various irc servers in an attempt to link the 6 accounts that interacted with eachother the most. It allows for deeper inspection, and perhaps more information. However,
2.) They almost certainly are. I could see them saying how many people they actually had almost as a bluff, but more than likely they're just throwing out misinformation.
I was going to say something snarky, but I checked your comment history and it seems you are on here seldom enough to explain an honest lack of knowledge about them. Basically, LulzSec is a hacking group that has been attacking many targets very publicly over the past 2 months. They've been all over HN, /., reddit, etc. They've even earned some mentions in the MSM.
Basically, they're notable for a) the number of targets they've hit, b) how brazen they are about it (hitting the FBI, CIA, and other law enforcement agencies), and c) how vigorously they court publicity (270k followers on Twitter).
