
Tracking the Owner of Kickass Torrents – Schneier on Security - e-sushi
https://www.schneier.com/blog/archives/2016/07/tracking_the_ow.html
======
dx034
He put his real name and email address in the WHOIS entry for one of the
domains. Anyone with an internet connection could've tracked him down.

The proof they collected by connecting the IP to Facebook is a bit more
advanced (although not complicated if you have a court order), but it appears
that he didn't take any measures to hide his identity.

I thought that using a (non-US based) VPN and fake data for domains is the
least you'd do if you run a website that could cause trouble. And accepting
bitcoins is nice but not anonymous if you register the wallet with the apple
ID that you use everywhere else as well..

~~~
jupp0r
Agreed, but beware hindsight bias.

~~~
dx034
I don't see that as a case of hindsight bias. I was expecting that every owner
of a torrent site pays domains and hosting with bitcoins and always uses VPNs
if not even TOR for work that could be logged somewhere (e.g. emails using a
large provider).

Had it just been this one Apple purchase or a Facebook visit then I'd agree,
there's always something you'll miss and it's much easier to point this out
afterwards. But it appears that he didn't use a single method to hide his
identity.

On the other hand, perhaps he thought that living in the Ukraine would give
him enough protection against US agents.

~~~
anc84
It's crazy how torrent site owners are criminalised. Eg Oink who got raided
and his site shut down, then found not guilty more than 2 years later, with
his amazing community stomped into the ground by the copyright police. He did
nothing wrong, nothing was illegal, yet they used their power to kill it.

~~~
imaginenore
He probably has the legal recourse.

------
nxzero
As someone that lives a largely anonymous life, not that I'm engaged in
anything that would interest law enforcement, bullet proof operational
security is impossible, and at some point mistakes happen. If you think it's
easy, it's not.

[https://en.m.wikipedia.org/wiki/Operations_security](https://en.m.wikipedia.org/wiki/Operations_security)

Yes, putting your name in a Whois record is stupid, but just because that's
what was publicly disclosed doesn't mean that's how they found him.

[https://en.m.wikipedia.org/wiki/Parallel_construction](https://en.m.wikipedia.org/wiki/Parallel_construction)

------
contingencies
Comment gold!

 _The irony is that it was actually buying something online from Apple instead
of pirating it that got him caught._

~~~
Lordarminius
> _The irony is that it was actually buying something online from Apple
> instead of pirating it that got him caught._

I dunno ... this gets repeated a lot because it is the official version of
events but I am by default skeptical of such claims in operations like these
as the authorities are fully incentivized to hide sources and methods.

Edit: I just read down a bit further in the discussion and _nxzero_ holds a
similar and well expressed view.

------
eis
I expected Schneier to have some insight into this story but the blog posting
just quotes an article from Engadget and links to another one from techdirt.
And those are articles from the time when the site went down two months ago,
nothing new either.

~~~
ComodoHacker
Nothing insightful here. Bad opsec, as usual.

------
smoyer
The second article linked from Schneier's post says the owner of KAT "gets the
Megaupload treatment".

I think the first article is much closer to being correct - KAT is like The
Pirate Bay as it "facilitates" copyright infringement. I still find it wrong
that linking to other content can be deemed criminal (both in the case of
trackers and that there are public resources you can't legally link to).

~~~
wslh
Google results contain torrents, so it can be difficult to make a difference
with Kickass Torrents. Google can even detect if a file is a torrent or not
and if it infringes copyright material with hashes and audio/video
recognition.

~~~
watwatwatwat
> if it infringes copyright material with hashes and audio/video recognition.

which they already do with youtube

------
blackbagboys
Of note, the DHS agent responsible for this case was the same guy who was the
DHS case agent for the Silk Road investigation. I guess he is their go-to
'high profile Internet investigations' guy.

~~~
nxzero
Yes, same DHS agent, his father is a federal judge in Chicago.

------
JohnStrange
It's pretty Kafkaesque that a "Department of Homeland Security" investigates
citizens who run simple torrent trackers.

I just can't get used to this terminology.

~~~
pdkl95
Enforcing copyright under the excuse of "homeland security" is a subsidy to
the media cartels.

/* Regulatory capture sucks.*/

------
2200001426
Can someone really stay anonymous online nowadays?

Recently I have been too paranoid to even use the same throwaway account
because doxing has almost become an automated process. For example if you have
a reddit account you can summarize your comment history with:
[http://www.snoopsnoo.com/](http://www.snoopsnoo.com/).

Note I am not even considering the case of people with privileged information.
The people who run HN certainly already know who I am since I didn't bother to
clean up before switching accounts.

But I think it will be an inevitable certainty for you to be automatically
deanonymized with just speech/thought patterns from comments alone. For
example if you google for the phrase I just used, "inevitable certainty", they
are only ~7000 search results. And now that I think about it, it is a really
weird way to say it but it also a phrase I have used before.

If I'd kept using weird phrasings or kept making consistent grammatical errors
like that, it will eventually be enough to build a fingerprint based on my
vocabulary, understanding of grammatical rules, beliefs, timezone, etc. The
more I talk the more information I am giving away for people or just machine
learning algorithms to cross reference and link together my anonymous and real
accounts. See this post for a real example (but limited to just the bitcoin
subreddit instead of across the internet):
[https://www.reddit.com/r/Bitcoin/comments/3hf5z7/determining...](https://www.reddit.com/r/Bitcoin/comments/3hf5z7/determining_manipulation_via_sock_puppet_accounts/)

If you __need __to stay anonymous, don 't interact with the world...

------
repomies691
It looks more like he didn't attempt to cover his tracks as all. Pretty much a
non-story.

