

FBI arrests LulzSec member "recursion" for Sony Pictures hack - alvivar
http://arstechnica.com/tech-policy/news/2011/09/fbi-arrests-lulzsec-member-for-sony-pictures-hack.ars

======
patrickod
It's hardly surprising that these people are being caught. Using a VPN service
that resides primarily in the USA, the same jurisdiction in which your attacks
are being carried out, seems a bit shortsighted.

~~~
shin_lao
Actually I'm not surprised. They got too comfortable. They got lazy. Properly
covering your tracks is extremely cumbersome and boring.

~~~
tripzilch
Well, there's _that_ and there's using a USA-based VPN service.

They could have picked any other totalitarian police state in the world,
Russian, Chinese proxies, they all accept creditcard, and the FBI could have
done fuck all to get the logs.

Instead you _know_ USA based companies are required to barf up the logs at the
drop of a hat.

It's not just lazy, it's really really dumb.

------
guelo
It would be great if they would go to trial so that maybe we could find out
how the FBI tracked them down. My suspicion is that it's all an abuse of
spying laws intended for terrorism. Unfortunately these guys will probably all
plead.

~~~
Steko
[http://www.thetechherald.com/article.php/201138/7643/Proxy-l...](http://www.thetechherald.com/article.php/201138/7643/Proxy-
logs-helped-FBI-track-and-arrest-LulzSec-member)

"According to HideMyAss.com, “…services such as ours do not exist to hide
people from illegal activity. We will cooperate with law enforcement agencies
if it has become evident that your account has been used for illegal
activities.”

The service stores logs for 30-days when it comes to Website proxy services,
and they store the connecting IP address, as well as time stamps for those
using the VPN offerings."

~~~
redthrowaway
Why on Earth would he use hma when tor is readily available and far better at
hiding your nefarious deeds? At the very least, if you live in the US, use an
extranational vpn. Take some of those "hacking" skills and use your
neighbour's wifi, wiping the logs after each session. For the FBI to have an
IP address that leads back to you means you're incompetent.

The lack of technological sophistication from these guys just further
highlights the negligence on the part of the victims. If someone who knows
_this_ little about security can infiltrate your network and steal your
secrets, then you have serious problems.

------
9999
Nelson Mandela, Aung San Suu Kyi, Liu Xiaobo, Recursion. One of these is not
like the others.

~~~
sophacles
You're right. Neslon Mandela led and participated in a group which committed
violent acts of sabotage and resistance (including human right violations
according to Mandela himself).

I know you mean Recursion, because you are not on the same side as him, but at
least try to pick examples that don't undermine your own freaking point.

------
antimora
In that can how is HideMyAss.com useful? Wasn't the service able to guarantee
the anonymity?

~~~
brownie
Not for illegal activity, according to an article on Tech Herald:

"Logs, seized equipment, and testimony from those arrested, seems to be the
undoing for those connected to Anonymous and LulzSec. ...According to
HideMyAss.com, ...services such as ours do not exist to hide people from
illegal activity. We will cooperate with law enforcement agencies if it has
become evident that your account has been used for illegal activities

The service stores logs for 30-days when it comes to Website proxy services,
and they store the connecting IP address, as well as time stamps for those
using the VPN offerings."

Furthermore - if you're using a VPN service to stay anonymous, you're only
staying anonymous from whatever you're accessing, not the VPN service itself.

~~~
ltamake
The only service I can think of that doesn't store any sort of data is
ipredator.se (which is what I use). I know there are a few more (I think
SwissVPN is safe too), but I can't think of them off the top of my head.

------
Steko
Maybe try 8 proxies next time?

(realize he was not actually behind 7 proxies)

------
tsotha
Good. Throw the book at him.

~~~
sophacles
What a great idea! Now we can focus on how evil this guy is, and not have to
talk about Sony who in an act of pure altruism is requiring any users of their
service to waive their right to hold Sony liable for not bothering to protect
things they have a legal obligation actually protect. (Note: under no
circumstances is allowing an sql injection attack evidence of anything other
than criminal neglect and those who have a susceptible product should be just
as liable as those who manufacture faulty vehicles.)

~~~
coderdude
Quit it with this hippy tech youth crap. The guy committed a crime. Get over
it. It's time for him to face justice. I swear, some people are retarded.

~~~
wnight
Quit it with this codger pissing his diaper routine. I know blindly following
the law is seeming more important as you get old but the "crime" consisted of
sending malformed data and it caused games to go offline. Get over it.

It's time to require Sony to run their business properly instead of
investigating children as if they were mobsters. I swear, some people are
retarded.

~~~
coderdude
This isn't blindly following the law. So someone hacks your site and we praise
the hacker and condemn you? Someone breaks the lock to your front door and we
applaud the burgler and make fun of your lock? Get real. I'm sick of this
attitude. Just because I understand right from wrong doesn't make me some kind
of lackey for the law dogs. People with your attitude convey the wrong
message. You don't like Sony, I get it. But you think it's OK to hack people
and destroy property as long is it's against someone _you_ don't like and that
is not OK.

~~~
sophacles
Let's play the "more appropriate analogy" game:

Say you take your valuables to a bank to put in a safe deposit box. They
position themselves as a leader in safe deposit box technology. Then one night
a burglar notices that the boxes are protected simply by a piece of cardboard
panted to look like a real door, and there are no other security systems.
Further the locks on the boxes can be opened by merely tapping them in the
right place with a screwdriver. He takes your stuff in the heist.

Are you pissed at the burgler? Of course.

Are you pissed ath the bank? You should be ...

But by your logic, we should ignore the facts regarding the bank's complete
lack of proper safe deposit box handling and security. Obviously they must
have tried real hard, and their statements about good security are no match
for the evil burglar.

~~~
davidw
A lot of homes in the US are protected not even by cardboard, but by large
_glass_ windows facing the front of the house.

And yet, generally people get in serious trouble if they smash through that
glass to access the house, despite it being incredibly easy to accomplish.

~~~
sophacles
True, but a home is not even remotely similar to a bank or Sony in this case.
A home is a place where a single person or family is responsible for securing
their own stuff. A bank (and sony) is a place where money was paid with the
understanding of safekeeping. Not just by one person but by many. Since many
people are concentrating stuff worth safekeeping in a single place, it stands
to reason that that single place now needs to be as secure as many homes --
the payout is bigger therefore the burglar investment is bigger. A place that
doesn't account for this but claims security should be held accountable, as
that makes perfect sense.

Further I never claimed that the bank robber shouldn't be held accountable, in
fact, if you read closely you see I explicitly claimed the opposite. I only
added to it by stating that the bank should also be held accountable for not
doing what they said they would (securing stuff without properly analyzing
what securing means).

Tangent: it is questionable that a glass window offers less security than a
piece of cardboard. At least a glass window, upon breaking, makes quite a bit
of noise drawing attention (usually a security asset). The cardboard can be
removed in a much quieter fashion. Neither withstands a minimal effort at
getting past them. I would say both offer the same level of security.

------
maeon3
Arrest these evil-doers, copying information and defacing images.

In other news, why is the FBI suffering from such a shortage of willing
hackers? More hypocrisy after the break.

------
DNeb
Hope he's still lul'ing

