
Stakeout: how the FBI tracked and busted a Chicago Anon - 3lit3H4ck3r
http://arstechnica.com/tech-policy/news/2012/03/stakeout-how-the-fbi-tracked-and-busted-a-chicago-anon.ars?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+Featured+Content%29
======
tzs
These people were idiots:

    
    
       The document also claimed that more than $500,000 had
       been charged to credit cards and given to "charities
       and revolutionary organizations."
    
       Usernames and e-mail addresses were also released;
       people were exhorted to "use and abuse these password
       lists and credit card information to wreak unholy
       havoc upon the systems and personal e-mail accounts
       of these rich and powerful oppressors."
    

First, a lot of those credit cards belonged to ordinary people, not the "rich
and powerful oppressors".

Second, when the credit card owners see the charges, they will dispute them.
The credit card companies then will take the money back from the "charities
and revolutionary organizations", and hit them with a $15-$30 chargeback fee
per card.

~~~
peterwwillis
To say that this guy was an idiot is an understatement.

He's better known to me and my online pals as "tylerknowsthis", a reference to
Tyler Durden and his philosophy of destroying the capitalist system to "free
the people." Say what you will about his ideals, his methods and actions are
beyond retarded.

Here he is at Defcon in 2004 talking about how they need more "footsoldiers"
to "fuck shit up in the streets" - to the point that Priest has to come on
stage and denounce violent acts or acts that hurt people.
<http://video.google.com/videoplay?docid=1269112265902193941> In general he
defends the use of violence as the last act of a person who is desperate to
defend freedoms for people who didn't ask to be helped. His website
HackThisSite is a sort of propaganda and training tool used to entice young
black hats to join his cause.

You can find a list of his previous run-ins with the law on his wikiepdia
page: <http://en.wikipedia.org/wiki/Jeremy_Hammond> (My favorite is where he
attacked a 70-year-old holocaust denier that was having dinner at a
restaurant.... what productive direct action!)

He claims he steals his power, water and internet access and at times squats
abandoned buildings and eats "freegan" so he isn't helping the capitalist
system flourish. At the same time he kept a part-time computer programming job
to make spare cash. So he can keep fighting the good fight against capitalism.

I think he may have still been on probation during the events of the Stratfor
hack, so he may be royally fucked by the prosecution unless he too snitches -
something he has repeatedly said is the worst thing any good hacktivist can
do.

He's one of the longest-running jokes my online friends and I have. His rants
against "the system" and hypocritical actions which seem to have little
purpose serve to foster flame wars and is frequently banned when people get
tired of his shit. He then comes back and threatens to "curbstomp" or "shiv"
anyone who disliked or banned him. Basically, nobody but the LulzSec freaks
like this guy.

Yet again the same people who try to get away with petty online crime get
caught due to negligence, bragging and misplaced trust in other criminals. If
only they'd learn that trusting a criminal is probably not a good idea they
might not be arrested right now.

edit: In case anyone wants to verify this account (in a WikiLeaks-style full
transparency way), here is a brief dump of a public chatroom on a public irc
server of his comments. I don't have the entire log, just his comments.
<http://pastebin.mozilla.org/?dl=1506078> <http://tinypaste.com/a104418f>
(it's around 1.8MB)

~~~
guelo
I'm having a hard time with calling an obviously talented hacker an idiot just
because you don't share his political ideology.

~~~
peterwwillis
Whether or not he's talented is irrelevant. He's an idiot for the same reason
the thread OP stated he's an idiot: their actions cause more damage to their
supposedly good-natured charities than the victims they stole money from. Not
to mention the braggadocio, carelessness, lack of regard for his fellow
"footsoldiers", and the haphazard way he conducts his attacks (be they
physical or virtual) as to not even be effective at achieving any real
results.

You want to smash the state? You want to end the tyrrany of capitalism? You
want "freedom" ? Running around the streets in bandannas disabling vehicles
and "fucking shit up" ain't gonna get you there buddy. Neither is stealing
money from the majority of the people who used a service as a better-filtered
newswire in the name of some hokey idea that the "security state" needs to be
brought down.

He's a bully and a closed-minded bigot and he's too radical to ever be able to
introduce any real change other than making the police remove more of our
rights in order to combat people like him. He's a terrorist. And an idiot.

But that's just my opinion.

------
there
_On March 1, the agents obtained a court order allowing them to use a "pen
register/trap and trace" device that could reveal only "addressing
information" and not content. In other words, if it worked, agents could see
what IP addresses Hammond was visiting, but they would see nothing else._

 _The FBI describes its device as a "wireless router monitoring device” that
captures addressing and signaling information and transmits it wirelessly
through the air to FBI agents watching the home. It was installed the same day
and was soon showing agents what Hammond was up to online._

I'm curious about this device; it would have to be able to fully decrypt
802.11 frames just to be able to see the layer 3 IP information, so in theory
it is able to see all of the traffic but the agents aren't allowed to look at
(or use) anything beyond the IPs because that would be considered wiretapping.
I have to imagine the guy arrested was technically competent enough to use
WPA2 with a fairly strong non-dictionary-word key, yet this device was able to
crack that key in a short enough amount of time for this sting operation.

~~~
famousactress
It wasn't clear to me that it was a device that was wireless. They said it was
installed.. they called it a wireless router monitoring device, which suggests
wireless, but it seems more plausible that they would have installed something
physical to listen in on the cable connection (or something else north of the
router)... the 'wireless' bit being the transmission of data back to them?

~~~
redthrowaway
SSL would have solved that.

I'm perturbed by the number of hackers getting taken down who blather on about
their personal lives, use a VPN with no encryption and think it's safe, and
_still_ manage to break into these rather large systems. Either they're
skilled but reckless and cavalier, they're idiots and security everywhere is a
joke, or both.

Not sure which of those scenarios is more disturbing. Either way, I suspect
that, in the wake of these latest arrests, we'll see both better opsec from
Anon, as well as an increased focus on security from those who are likely to
be targets. In the meantime, I'll get 15 messages on my facebook wall saying,
"see who's visited your profile!"

 _sigh_

~~~
icebraining
He did use Tor, which encrypts everything up to the exit node, so I don't get
your point.

The only thing they had was the Tor IPs, and SSL doesn't hide IPs.

------
gyardley
Huh -- it certainly appears that the FBI had some advanced notice of the
Stratfor hack.

I'd be a little irritated if my credit card number was released while the FBI
sat back and watched it happen. I'd be a lot more than irritated if I owned
Stratfor, and the FBI sat back and watched some people hack my business. (Yes,
Stratfor's security was awful. But it's still a crime.)

I'm not a lawyer, but I'm curious -- why isn't the FBI liable for this sort of
thing? Surely there has to be some precedent here one way or the other.

~~~
InclinedPlane
Given that Sabu is widely regarded as the de facto leader of lulzsec I'm very
curious about how the Stratfor attack was planned and undertaken. If, as seems
likely, the FBI knew about it before it happened that seems pretty serious.
More so, if Sabu originated the idea for the attack and evangelized it to the
group that raises the issue of entrapment.

~~~
runn1ng
I don't know much about the attack, but the data seem to be 100% legit and
really hacked from the Stratfor database.

My wild guess is that Sabu was not responsible for the idea, but was
instructed by his FBI supervisors to just play along and help people with the
attack to build up credibility. Meaning - the feds didn't modify the data at
all, they probably just used the server to track down the IPs.

Anyway, the fact that Sabu was an informer is surprising to me, a lot.
Especially when he was still posting tweets, accusing OTHERS of being
informers.

------
atlasom
One interesting thing from this was that the FBI couldn't trace him via the
Tor network until they had his physical location. Good for Tor, glad to see
they are still anonymous.

If I had been him, I'd have put Tor on top of a couple of vpses in some select
countries around the world.

That being said, he was reckless and too ideological without considering he
wouldn't be furthering his ideals. Its one thing to dump company secrets, its
another to dump personal CCs.

Now if I was the FBI, I'd be trying to combine the successful methods of
having undercover agents pose as terrorists with a hacker bent. Its the same
sort of system, albeit purely digital.

~~~
sounds
"...the FBI couldn't trace him via the Tor network..."

I honestly think they already knew who he was from his comments - by reviewing
Sabu's chat logs they found he had slipped up and identified himself.

I guess what I'm trying to say is, we have no data either way. Tor may be
secure, or it may not.

Take-aways seem to be:

1\. IRC logs do not contain identifying info - unless you reveal youself

2\. IRC active / away status leaks information about your schedule

3\. Using multiple identities online works pretty well

4\. Trusting criminals = fail

5\. Committing federal crimes = fail

The FBI had a pretty solid case against him. By the time they were doing the
IP sniffing and identifying Tor nodes, they already had the guy under 24/7
surveillance. It sounds like they were solidifying their case.

If this were hollywood, I bet he would have sensed the surveillance somehow -
and tried to make a run for it. But it didn't sound like he had many friends
who would have hidden him.

~~~
HeyLaughingBoy
_IRC logs do not contain identifying info - unless you reveal youself_

You'd be surprised. I was about six years old when I realized I could tell who
was walking upstairs by the sound of their footsteps.

I can identify code that my co-workers have written by their individual
styles. And that's after conforming to our coding standard.

It's common knowledge that individual (prose) writing style can be as
identifiable as a fingerprint.

In short, pretty much every action you take has the potential of adding to a
list of identifying information about you. If your actions are watched long
enough, you _will_ be identified.

------
tokenadult
Perhaps the official FBI press release on the arrests provides a supplement to
the Ars Technica story, showing what is based on independent reporting and
what comes straight from the release:

[http://www.fbi.gov/newyork/press-releases/2012/six-
hackers-i...](http://www.fbi.gov/newyork/press-releases/2012/six-hackers-in-
the-united-states-and-abroad-charged-for-crimes-affecting-over-one-million-
victims)

------
praptak
Wait, how secure is IRC anyway? The article states that he trusted Sabu, but
didn't he also trust the people who ran the IRC servers plus anybody able to
sniff their traffic?

~~~
deno
He connected to IRC via Tor overlay. I don’t know what IRC network is
Anonymous using, but even Freenode offers native Onion gateway to their
network[1].

[1] <http://freenode.net/irc_servers.shtml>

~~~
praptak
Ok, scratch "anybody able to sniff their traffic" (assuming both sides use the
native gateway.) This still leaves the IRC server itself as a potential
vulnerability.

------
vizzah
Everyone of these guys should have been seriously alarmed after that leaked
document on Lulzsec/anonymous on pastebin in Jul 2011.

Apparently some of the names published were real (including Sabu's - even
though under different nickname).. and he was arrested just month later. If
someone in the group would recognize any known real name references, they
should have immediately ceased their activities and went undercover, as they
should have expected raids!

FBi loves turning caught people to informants to catch the others. It's been
that way 10 years ago, when one caught member worked half a year helping to
betray the whole warez group, and it seems to be all the same.. FBI is still
too lame to advance without informants.

------
orbitingpluto
What always confuses me about stories like these is that the guy is always
doing it from his basement apartment. Surprise, you got caught. And if you're
an exit node for tor, you're going to be under the microscope for something
somebody else did.

And if you're hanging out on IRC a little too much, your linguistic
fingerprint is probably strong enough to match up to something somewhere else
on the Internet with your name on it.

If he really wanted to fight 'the man', he could have gotten a nice cushy job
and donated what he made to EFF.

------
samstave
So it would seem that the best defense is to tunnel all traffic from ones home
to an IP in another country, if they are tapping a line and checking which IPs
you're talking to.

~~~
icebraining
The best defense is probably to not blabber to people who might identify you.
That's how they got most of the clues, according to the story.

~~~
xtracto
Exactly, this is the lesson to learn from this story. There is no sense in
using Tor, VPN and other technology to obfuscate the trace of information if
the information itself can identify you.

------
kostko
[http://www.infowars.com/bust-reveals-government-runs-
hacking...](http://www.infowars.com/bust-reveals-government-runs-hacking-
groups/)

