Something similar but less intrusive happened to me. 10 years ago I was in the early stages of building a price comparison website, still hosted at home. It scraped product prices of several hundreds of online stores. One day I got a letter from the police asking me to come to the police station. I called them asking what this was about, but they said they couldn't tell me on the phone. I said fine, but I won't bother to make the trip if this is not something serious. They then told me I was suspected of fraud.
So I made an appointment and talked to the investigator. He told me someone placed an order at a web shop, then hacked the iDeal transaction, the electronic payment system in the Netherlands. My home IP address showed up in the logging. I asked him what the IP address was and I confirmed it was indeed my IP address. For the investigator, this was a sure sign I was the hacker, because who on earth knows his IP address by heart unless you're a hacker? Yeah, I know, not a very smart move.
I told him why my IP address had shown up: the scraper had visited the store to update prices. And I told him if I was able to hack iDeal transactions I wouldn't have bothered to make a transaction for a few hundred Euro's. In the end it turned out someone had just placed an order, had it delivered, but didn't pay the invoice afterwards.
After a couple of months I received a letter stating I was no longer a suspect, and that seemed the end of end. But not quite: whenever I buy some form of insurance, one of the questions is if I have ever been suspected of fraud. Answer yes and there's a good chance the insurer will refuse. Answer no, and I'm actually committing fraud and the insurance may not be valid. It's also inconvenient as the same question comes up during screening (I'm a security officer now).
Lesson learned: my home router now routes all traffic through Mullvad. Just in case.
Interesting that "suspected" flies in the EU. I'm not 100% sure, but I don't think an insurer would be allowed to ask anything more than if you've been convicted of fraud in the US.
I seem to recall that US forms not infrequently ask whether you've ever been "arrested" for X (which is another standard falling short of conviction), but maybe that's just govt forms.
I'm not familiar with the legal dynamics of the netherlands, but this is a good example of why you should never talk to police without a lawyer present in the United States.
Good general advice, but I'm not sure if that would have made a difference in my case. I was a suspect already. Giving a statement didn't have any negative consequences for me. Maybe it prevented a raid like in the OP's case.
> whenever I buy some form of insurance, one of the questions is if I have ever been suspected of fraud. Answer yes and there's a good chance the insurer will refuse. Answer no, and I'm actually committing fraud and the insurance may not be valid. It's also inconvenient as the same question comes up during screening (I'm a security officer now).
Yep, his new advice is to insist on a lawyer. You can even say something like "If it's important, I'd love to cooperate and talk to you, so I need a lawyer in order to do that. Let me know if you want me to set that up." That link is to his old talk where he recommends invoking the 5th. His newer talk is:
His book should be easy to find at retailers or cough other ebook sites.
Critical points:
1. The police are almost never trying to railroad anyone, but mistaken evidence, mistaken witnesses, or unfortunate consequences of telling the police things can make you look guilty.
2. You have no idea what the police are investigating. They can and will lie to you about this. They can and will lie to you about anything they want. See point 4.
3. There are tons of laws, especially federal laws, that are BS, and you're playing with fire thinking you can answer questions about what the investigators claim they're investigating without implicating yourself in some other crime.
4. Interrogators are trained to put an enormous amount of psychological pressure on you to help them, even if you realistically can't help, so you'll end up talking about anything and everything until (hopefully) the police realize you're actually not a good suspect, or until you've gotten tripped up and either admitted guilt or said something that makes you look guilty even if you're not.
5. Simply asserting the 5th, your right to remain silent, might now be able to be used against you if you don't do it perfectly and the cops/prosecutors think you're guilty and are willing to twist your invocation of the 5th against you.
6. Asserting the 5th isn't likely to stop interrogations immediately. Asking for a lawyer probably will.
7. Talking through a lawyer shields what you say from being used against you. Prof. Duane doesn't make this point explicitly in his talks, but Randy Barnett does in the second half of the above cato book talk.
8. If cops say they're going to arrest you, remember they're only arresting you if they have probable cause (or worse, they already have an arrest warrant). You need a virtually unassailable alibi that can be immediately verified (and hope the cop will verify it immediately) in order to be likely to talk your way out of being arrested. That almost never happens. A witness who will vouch for you is not the greatest alibi; cops may not believe them, especially if the witness is your friend or family, or the witness may not tell the cops what you hoped. If there's any doubt about your alibi, the cops are going to arrest you and book you anyway and sort things out later. And meanwhile what did you tell them for the 5 minutes or 30 minutes you were trying to talk your way out of it?
And as Prof Duane notes, the advice he gives and that's in his book doesn't really apply to routine traffic stops. However, if it escalates to "can I search your car" or "step out of the vehicle"...
There's actually quite a bit more you can do but it does start to err on the side of being risky. Remember, all of your interactions become evidence during a trial. And the police can say and do things that will invalidate evidence or violate your rights. If you drag out the interaction you can give them more opportunities to screw themselves.
- You can ask the police if you are allowed to speak to an attorney. They can say no, since in some DUI stops you're not entitled to an attorney, but you can ask them to explain why, ask them if you're being arrested, and then ask if you're entitled to an attorney later, then claim in court you were "confused" about your rights. Look up Confusion Doctrine+DUI.
- You can piss them off, and get them to say or do something stupid (Hopefully not shooting you). The cop ends up saying something like "You know I can arrest you for anything I feel like, right?". If you record everything, you might have a chance. I had an interaction like this that was dismissed in trial; the officer requested to dismiss it in the interest of justice, IMHO because what he did was embarrassing.
- You can ask the cops "why" they stopped you or "why" they are questioning you. If they answer the question differently or two officers claim different things, it can raise reasonable doubt. If they neglect to answer you can use exactly the same tactics on them they'd use on a suspect. Tell them you want to help but you need to hear their side of the story.
- You can ask "Am I being arrested?" or "Am I a suspect?" if a cop starts pushing too hard. You can ask them "Why do you think that?" etc. Again, it gives him an opportunity to do something stupid.
Lastly, remember, the police are probably a lot better at all of the above than you, since they do this often. Hence why no attorney is going to give this advice. But it IS possible to pull the same tricks on them that they pull on the people they pull over every day, it just takes a lot of cunning and experience.
Well I just tried some of this. I was being questioned, I answered the question about my name but that was it. I flipped them asking why, i'd love to help but why do they think that, etc. I was then detained, cuffed and placed into a police car.
Cops have more power than you, the average joe. I do not recommend doing the above.
"On advice of every defense lawyer I've ever heard, and even former prosecutors now in a position to give unbiased advice, unlike you, so I'm following their advice."
The real answer to "why" is that "Asking for a lawyer is a ritual incantation that drives cops away like holy water does for vampires."
You can't say that, so blame advice you've been given instead, or just keep repeating "I want a lawyer [in order to be able to talk to you]" like it's a mantra. You don't have to explain yourself. Cops are not interested in "why". They know perfectly well why. They know you don't want a lawyer, you just want to end the cop's interview and fishing expedition. They don't like that, so they're going to make you feel guilty about asking for a lawyer when you know and they know you really don't want one, and they're going to try to make you say something dumb as a result.
> I told them about the script kiddie, the link and that I wasn't using a VPN because I did nothing wrong but of course they were sceptical even thought one of the agents said my story sounded plausible to him.
A) This is a weird thing to tell the cops. "I wasn't using a VPN cause I wasn't doing anything illegal, I only use VPNs when I do illegal things!" Uh... you don't want to tell the cops you do illegal things and have opsec procedures for when you do illegal things! No wonder they were skeptical!
B) This story is literally the explanation of why "If I'm not breaking any laws, why would I worry about my privacy from the police?" is the wrong attitude. You don't have to have known you did something wrong/illegal, you don't even actually have to had done something wrong/illegal -- for the police to really inconvenience you. It could have been a lot worse than this. Even people who never knowingly/intentionally break laws have an interest in keeping their activities from police notice. As this story demonstrates. "If you have done nothing worng you have nothing to hide, why do you mind police surveillance" -- nope nope nope.
surveillance state is the price we pay for a civilized society. abolishing that would mean , like 1% more crime. nobody wants to live in a world like that
A surveillance state wouldn't be such a burden if the rights we had actually could be enforced on the spot the moment they were infringed by a police force.
The fact that you can be imprisoned (borderline indefinitely it seems at times) as well has basically need a lawyer even though your issue is straight up black and white really shows the failures of a police state. Whats the point in having rights in a surveillance state? The government will just make stuff up against you anyway.
Where you say "really shows the failures of a police state." It's a great success, the greatest actually. The people who fail to enforce anything against the police are the same people who need them to act as the tip of their spear. The purpose isn't everyone compliance - just the compliance of those with the potential to change things. Think FBI and MLK, or Aaron Swartz. It's like spear fishing vs mass spam, tracking the individual agents of change and their social network vs fire hoses and dogs at protests.
The only interesting hypothetical I've heard in support of surveillance is when/if some armageddon level technology becomes cheap and easy to employ. If nuclear weapons, self-replicating nanobots, designer viruses didn't happen to require the resources of a wealthy state, then extremely invasive and automated surveillance may be the only thing that can protect us from random trolls wiping out the planet. The risk of surveillance abuse is still there, but would be weighed against the benefits.
This hypothetical also assumes that the surveillance state would be competent, rather than merely oppressive. I think at this point we into a vanishingly small set of possible worlds.
So keeping all of his computers for a year sounds like a major pain in the ass since he's innocent (I'm not that surprised they did it, it's understandable if you're the head detective, perhaps, but being in tech myself I'm more understanding of "I just clicked a link" and wouldn't consider that much of evidence). I'd lose sleep too just at the thought of the pending investigation and the headache that inherently is even if you're innocent of what they suspected you of. But honestly it's refreshing to read a story about a police raid where the police knocked, the warrant was in order, they were polite and sat down to talk, they explained what was going to happen next, and an agent even acknowledged in front of him that his story was reasonable. I've had a few police departments around me that routinely do none of those things.
Yeah that was the thing I was most impressed with too. Cops in the US generally don't know anything and they are unsympathetic to any perfectly sound and rational expertise you have simply because they don't know...and frankly don't care.
Not whom you're replying to, but I have had a fair amount of dealings with police in and around Chicago, mostly from traffic stops, but also from calling them/having had them called on me.
Most of the traffic stops have been for speeding (and I was speeding). It's been about 50/50 on whether I get a ticket or a warning.
I had one traffic stop in Chicago, south of the Loop on State Street, where I was pulled over by CHA (Chicago Housing Authority) for failing to signal while changing lanes (he lied; I always signal, kind of a pet peeve of mine, though I admittedly speed all the time). The same officer illegally ran a red light in front of me w/o his police lights on. What proceeded during that stop was an outright interrogation. Who am I, where was I employed, what I am doing here, etc. I told him that was none of his business and not relevant to the traffic stop. Told him I wasn't answering anymore questions without a lawyer. He threatened to arrest me. Didn't utter another word, just kept both my hands on the steering wheel at 12 o'clock. While he wrote the ticket, the other 2 officers that were with him apologized on his behalf, yet did nothing to prevent the ticket from being written. Guess I just found a dick of an officer on the wrong day. Also think I was profiled a bit. White kid, out of state plates driving through the projects. Pretty sure he thought I was trying to score some drugs, when in reality I was just going to college to take a final. The kicker is, they confiscated my license as bail. I was supposed to fly home for Christmas vacation a few days later, and my license was my only valid ID to fly at the time. I had to get a state ID that cost only $4, but I was in college and broke. I had to pay that $4 in dimes from my change jar because that was literally all I had.
I've also been pulled over by a sheriff's deputy in Montana before. I was visiting my parents around Christmas and I got pulled over for "an aggressive pass". I accelerated rapidly and passed on the right someone that was driving 10 under the limit in the left lane (illegal in MT, btw, slow traffic in the left lane must pull over tot the right). It was somewhat comical because the deputy turned on his lights at me, and I went to pull over, but it was in an area with next to no shoulder. I literally had to drive about 4 miles further, with my signal on as the deputy kept calling at me over his loud speaker to keep going until there was a proper shoulder. The deputy gave me a warning, despite my bloodshot eyes and breath smelling of whiskey (I had been up since 4am CPT, had been travelling all day and it was now 7pm MPT and I'd had a single drink with an old high school friend and I was still wearing contacts at the time).
When I've had to call the police, I've generally been treated fairly well. Most often, it's been because of a traffic accident (I've been in probably 20 accidents in my lifetime, only 1 of which has been my fault). Other times, it's usually been due to noise complaints against neighbors very late at night. One wasn't terribly late, but I was reading a book quietly in my old apartment and I could hear a woman screaming bloody murder. Literally heard through the ceiling "Help! He's going to kill me!". I don't like to get involved in other peoples arguments/disagreements, but yeah, I definitely called the police on that one. Another time, same apartment, I happened to be up late watching TV at like 2am when I noticed a ton of police lights out in the drive/parking lot of my apartment complex (at least 8 cop cars with lights on) and officers wandering around with shotguns, assault rifles and pistols drawn. I live in a pretty affluent suburb of Chicago and this is pretty unheard of around here. I asked the dispatcher what was going on, and initially they wouldn't tell me anything, but later relented a bit and told me that at an adjacent building, there was a domestic dispute and the suspect had fled and they were searching for him (it happened to be snowing pretty heavily at the time, so they were following tracks in the snow).
All in all, I'd say me experience with law enforcement has been positive with one really sour experience. But, then, I'm an affluent white male. That said, I think if you're generally compliant with instructions, you probably won't have issues (this doesn't extend to answering questions - you don't and shouldn't have to without a lawyer present).
A bit of advice if you get a traffic stop: don't immediately get your license and registration out. Just pull over and leave your hands on the steering wheel, in plain site. When the officer approaches your window, explain to them exactly where each requested document is. i.e. "my license is in my wallet in the left rear of my pants and my insurance document is in the glove compartment." And make sure they acknowledge that before you make any movements to retrieve said items.
Edit: forgot the bit about them being called on me
When the police being called on me, it's always been a noise complaint and only happened once or twice.
Both times, I was drunk and didn't realize how drunk I was and how loud my music was. Turning off/down the music solved it without any issues/fines/arrests.
The same thing would happen in the USA too. If you were suspected of hacking into the Democrat or Republican party websites, the FBI would come and confiscate your computers and hold onto them until after your trial had finished. This would easily take a year or longer.
Would it happen the same way though, with a polite knock on the door, a calm chat and orderly evidence collection? In the US they'd probably break the door, pin the guy down on the floor while armed men ransack the house. Call me cynical...
It's true, the jails are so clogged that pre-trial offenders can be held for months and sometimes years without a conviction in the U.S. Not to mention the indeterminate number of people who just disappear out of the computer system and end up being held for months beyond their release date.
What's worse, you could be thrown in jail if you're a witness, even if you're not even suspected of a crime. Some witnesses have been in jail for years.
You learn something new every day! I'm going to start using this. Not because I care (unaffiliated), but because I'm astounded that anyone could be seriously offended by this.
I don’t know if anyone gets offended anymore so than they would to a “your mom” joke. Saying it is mostly just funny to one group while being annoying and juvenile to another.
Generally speaking, I avoid name-calling and ad hominem attacks no matter how good they feel. Folks are doing enough trolling. We need more civility.
> It it a noun vs adjective thing that I'm missing?
Yes, you'll notice they never use the singular "Democrat". They describe democrats, the Democratic party, etc. but only Republicans started using this bizarre "Democrat Party" or the "Democrat nominee" thing.
This confuses me. I've discussed politics for over 10 years online, both in very conservative forums and very liberal forums, and have never once seen a person mention this before. Sometimes I have even been on forums where name calling was quite direct. Yet I've never heard of this before.
A quick google search shows a number of mentions, but it feels so odd that I could've missed this, especially since a person who isn't in the know can easily make the mistake of thinking Democrats belong to the Democrat Party.
Has it historically not been an issue enough to call out? Is this only in some circles and not universally agreed upon? It just seems so odd for me to have missed this being a thing. It is like if one day someone told you 'fish' was a loaded negative term to refer to people who went to college.
It's definitely an intentional thing among prominent Republicans, but especially the "Fox News" set.. like I doubt you'd see Justin Amash saying it, but the Devin Nunes's of the world love it;
Donald Trump speaks about Democrats in a pejorative manner. Sometimes it's even using "Democrat" as a noun in the grammatically correct way. Film at 11?
Nitpick: The singular “Democrat” is still standard if used as a noun, as in “Nancy Pelosi is a Democrat.” It’s only using it as an adjective that’s nonstandard.
I doubt anybody uses "democrat party" for reasons related to the demon-rat moniker.
It seems to be more about disputing that the party is in fact democratic. Among other things, the superdelegates make this clear. It's also the matter of the party making a name-grab for democracy itself, which is a more valuable trademark than anything associated with the republic.
> It seems to be more about disputing that the party is in fact democratic. Among other things, the superdelegates make this clear. It's also the matter of the party making a name-grab for democracy itself, which is a more valuable trademark than anything associated with the republic.
Yes, I'm sure the pejorative use by Republicans of the term that Democrats use to refer to themselves is rooted in Republicans' sincere concern with the structure of the DNC's primary. That must be it.
> burfog 19 hours ago | parent | flag | favorite | on: Iran attack: US airbases in Iraq hit by ballistic ...
> Democrat voters may oppose war, but the same can not be said for democrat politicians.
I could see this being very confusing if you were a non-native English speaker. "Democratic" = OK. "He's a Democrat" = OK. "The Democrat party" = NOT OK.
Nouns can't modify nouns like adjectives can, but they can be modified to be adjectives.
Friend = OK
Friendly = OK
He's a friendly person = OK
He's a friend person = NOT OK
He's a friend = OK
This should be something most speakers learn early, though, maybe they won't know all the rules for modification and will make up an incorrect adjective. I.e., He's a democratly person.
But if the phrase "friend person" caught on (similar to, I don't know, the phrase "my bad"), we wouldn't consider it a "secret handshake" or "dog whistle". Especially since "members of the Democratic party" generally consider Republicans to be less well educated on average. Ascribing this to some kind of intentional, coordinated malice in all cases seems ludicrous to me.
Someone like US Senator Josh Hawley went to Stanford, then to Yale Law, he clerked on the US Appeals Court and then for the Chief Justice of the United States Supreme Court. He was then elected as the Attorney General of Missouri and won the race for US Senator in 2018.
Do you honestly think he doesn't know the proper name of one of the two major parties in the USA, or the body that organizes their elections? It's not subtle. Just super juvenile 'own the libs' silliness.
> Today on Fox & Friends Senator Josh Hawley (R-Mo.) said the Democrat National Committee ...
> “Essentially the Democrat Party bought themselves ...
And it's not remotely unheard-of for the FBI to execute that in the form of an escalated no-knock raid. Paul Manafort is one example that immediately comes to mind, and his was in the middle of the night IIRC.
> Paul Manafort is one example that immediately comes to mind, and his was in the middle of the night IIRC.
Nah, that story was just propaganda to make people feel sorry for a dude who evaded like $20M in taxes by offering political services to corrupt governments and oligarchs. You need special permission from a judge to do a 'no-knock' raid or a night one. (First page here clearly shows it was a daytime search warrant: https://www.emptywheel.net/wp-content/uploads/2018/06/180626...)
The FBI knocked repeatedly, and then used a previously provided key to access Manafort's condo sometime after 6am, which is early but still after dawn in Virginia in August so even the "pre-dawn raid" people were wrong.
Maybe the inhabitant only weighs 80 pounds, and that is all the floor is capable of supporting. The basement holds a large collection of glass containers holding venomous animals.
Your house would be condemned and you would be civilly and criminally liable for any injuries the officers may have. The joists need to support 40 pounds of pressure per square foot in habitable rooms, 10 in non-habitable rooms (e.g. an attic)
I'm in a fairly average US state and previously lived in Africa. As a Libertarian, I tend not to be the biggest fan of those who idealize Europe's policies, but they sure seem to have avoided dysfunctional government employees better than the rest of us. (And honestly if a typical government employee in the US was of that calibre, I'd be less opposed to bigger government).
As an American, police in Europe seem to be more like "Beat you with a stick but keep you out of jail type" and treat citizens in a rational way according to how the industrial world works (as well as protecting workers from losing their jobs, especially when innocent until proven guilty). In the US, it's basically the lottery that nobody wants to win. Cause if a cop wants to ruin your day, month, or year, he absolutely can with 0 recourse.
That's why I'll always view the US government's approach to policing as repressionary unless they actually give workers rights preventing them from being fired, and actually funding the legal system to be more efficient. They run it like a business and intend to keep it that way.
* (disclaimer) for people who have the time and money to actually go through with a lawsuit.
* (disclaimer) cops almost never get convicted so it can be a fruitless, expensive waste of money and years of time.
We had to waste a lot of money and years of our time just to get an offense stricken from my mom's record: a sociopathic dick of a cop in a rural area made up trumped up charges to place on my mom in an escalation with a local school district. Compensation? Haha, good joke! We were lucky to have the money to fight the charges, but that cop received no punishment. Furthermore, my parents run their own business so they had no problem with the amount of time needed.
Lawsuits may as well not exist for a large portion of the population.
I can jump in on this bandwagon a bit. A cop, not on active duty at the time, took a retired German Shepard police dog as a pet. He lived near a college and had his dog running around in his backyard. An event was going on at the college so there were large crowds. The cop didn't watch the dog and it jumped out of his fenced in yard and started attacking the students. My brother got bit pretty bad and had nerve damage in his arm.
It's been 2 years since this happened and the cop has not admitted fault, hasn't had to put the dog down, hasn't been written up, or had to pay a dime. Although the city has agreed to pay because it was their officers fault, the funny thing was, no lawyer would take the case if my parents wanted to sue simply because they know suing the city is impossible (which is frankly ridiculous), and because it involved a cop not on active duty. I mean the city is still dragging their feet paying for his hospital visit and everything, meanwhile my brother is basically in collections for something he isn't supposed to pay for.
If anything the event has really taught me to despise the US government and cops more than ever. Cops individually may be nice people, but that badge and union suddenly turns them into some of the biggest repressionary forces to regular lower income people.
The police in the UK are, on average, pretty damn polite compared to any other country I have ever visited or lived in. I honestly think it’s because they (typical beat cop) don’t have guns, so there is no overwhelming force escalation during an encounter.
You should first consult with an attorney before making any statement to the police, much less handling over incriminating evidence. I'd rather keep the option open to fight over it in court than just giving up the key and hoping that the police will view it in my favor. Also, encryption is a must in case of theft.
Sometimes saying anything at all might incriminate you because you're the only suspect. Don't talk to cops without a lawyer basically is the way to go in the USA.
In Japan, you are currently allowed a lawyer to be present when being questioned, but it wasn't that long ago that you weren't. However, there was a bit of a hack: you were guaranteed to have a translator. It didn't matter how good your Japanese language skills were, you could demand a translator (assuming you spoke another language!) and they had to be present during all interrogation. While not as good as a lawyer, at least you had a witness if something untoward happened during the interrogation (which was apparently quite common in those times). I have heard that since the latest reforms in the last 10 years (lawyers present during questioning and allowance of a trial by jury) the incidence of untoward occurrences has decreased. While police here are an extremely friendly feature in society (very different than any other country I've lived in), you definitely don't want to get on the wrong side of the law one way or the other.
Encrypting everything is a good way to get them to harass you more. First of course they'll compel you to give up the encryption key, so what's the point of encrypting it? Then comes the inevitable lame argument of "if you had nothing to hide, why did you use encryption?!" Encrypt things just for your general privacy (ex. from theft), but against the government, it's counter-productive.
If the police believe you are a suspect in a crime, there is literally nothing you can say or do that will help you. Talking to the police will only hurt you. In the US, key disclosure law is complicated by the 5th amendment. Here's a good example: https://arstechnica.com/tech-policy/2014/06/massachusetts-hi...
> Because Gelfgatt already admitted to police that he owned and controlled the seized computers and had the ability to decrypt them, the court found that the act of decryption would not reveal anything new to the police. Therefore, the act of compelled decryption was not “testimonial.” Normally, the Fifth Amendment privilege prevents the government from forcing a witness to disclose incriminating information in his mind (like a password not written down anywhere else)—but only if that is information the police do not already know.
If he had simply made no statements to the police, he might have been able to invoke his 5th amendment right. But now we'll never now.
Agreed. My first thought was that this makes it incredibly easy for one rogue person in the right place in government and minimal skills covering their own tracks to get anyone they want raided.
Encrypt your harddrives, and have some plausible deniability in case they want the encryption keys. E.g.: I'm researching pseudo random numbers, and my harddrives are full of them.
Or use hidden partitions, or something like that.
The better advice is to know the laws of the country you're in. For example in Germany you can simply refuse to give them your password and they can't use that against you in any way. No need for a reason or plausible deniability. The same strategy wouldn't work in the UK. Here is an overview: https://en.wikipedia.org/wiki/Key_disclosure_law
In addition, and in this specific case, it's a lie that is easily discoverable. Just because your data is encrypted does not mean that it all looks random. For example, AIUI, LUKS has a partition header that contains a magic number, identifying it as a LUKS partition. Additionally, GPT's "partition type" field can identify the partition as a LUKS volume.
What's even scarier is when your browser "clicks" on the link by itself [1] and you don't even realize that you've just sent a request to some 'random' server and that server now has the log of your IP. If you browse 'questionable' sites, definition of which is growing by the day, you should be careful in which log your IP might end up in.
I now disable page prefetch on every browser I use. Some browsers don't even use it (which is a sensible thing in 2020 given the risk vs rewards of having it turned on).
It took me a while to find the setting -- search Chrome preferences found nothing for "prefetch," and a how-to article I found claimed the setting was called "Use a prediction service to load pages more quickly," which also returned nothing, but I finally found it under Advanced -> Privacy -> Preload pages.
I was quite pleased, however, to find that this had already been turned off for me, and enforced, by uBlock Origin: https://imgur.com/a/9seIFEU
Moral of the story is actually to use a VPN regardless of what you do, so you can't be held accountable for someone else's actions or lack of security of IT department of some company.
> After getting my drives back I checked one of my USB drives and it had a .docx file on it that didn't come from me. In this Word file there was a photo of some guy (unpixeled). I have no idea who that is (maybe the script kiddie?) but the federal agency must have put it in there by accident.
Plot twist:
I opened a word document some random agency put on my USB drive and I got a federal trojan.
Or leaving the .docx file was intentional and by opening it, the guy triggered a hidden payload which installs malware which the police use to monitor him.
Would it be possible to hide an exploit or test in a Word doc or image? I suppose they could have planted the image there with some steganographic encryption, and if the author was clever enough to find another link and click it, he would alert authorities to that fact?
It isn't entirely clear to me that Script Kiddie was actually setting Security Researcher up rather than bragging, but let's assume.
The interesting aspect is the weaponization of legit LE - this is similar to swatting. This can easily be extended to harassment by all sorts of random government agencies depending on context. It isn't even really new - you can think of false OSHA reports and the like as similar.
I think the new aspect is about the expanded reach of social connections, combined with people's willingness to be much more vicious when the interaction is virtual.
My first thought was that this was a setup by the Script Kiddie (maybe they did know what they were doing). If you knew that your actions were going to come to light then you might as well messy up the trail for investigators. I wouldn't be surprised to find out this was a planned maneuver
If we apply reasonable doubt that the script kiddie wanted to hurt the author specifically, shouldn't he have spread the link with as many people as possible to bury any particular identity behind tons of random innocent people?
Another reasonable assumption would be that the script kiddie wanted to deflect the attention on one specific person, didn't care who, and in that case might have actually looked for one single IP address to show up at a given (damning) time in the logs.
Alternatively, consider always using at least some kind of VPN.
In the modern climate of VPN ads all over tech videos I doubt it is terribly unusual if you have one, yet it immediately makes this kind of bullshit considerably less likely.
I feel Wireguard (for those not in the know: a VPN protocol and software suite like OpenVPN) provides the kind of performance and latency that is completely acceptable for almost all traffic other than video games, and if you are a Linux user you can even play with things like network namespaces to force some apps through Wireguard (and maybe some through bare metal.)
I am not affiliated with any VPN but I am a happy customer of Mullvad for years, and I don’t recall any time they’ve ended up in the news for bad reasons. I’ve also heard ExpressVPN and PIA are good options.
>The VPN itself will keep track of all your activity
- The trouble here is that the ISP is in the same country as your police. Having a VPN that is in a different jurisdiction requires international warrants. (IANAL.)
- Mullvad claims they do not log, as many VPN providers. I have a tin foil hat usually but I think their track record warrants an unusual amount of trust.
- You can also do multi hop through Wireguard, if you’re into that kind of thing.
>just a warrant away, that’s how they make real money.
Now that is unbelievable. You are suggesting to me that the police are paying VPNs for logs? Why would they pay if they have a warrant?
I don’t think the data that ISPs or VPNs have is actually worth that much. For VPNs most of it is probably genuinely torrent traffic and HTTPS traffic. Even DNS can be encrypted nowadays (and should be imo.)
It’s one thing to say they are selling logs, but it’s hard to believe that’s where they make the real money from. And either way, it’s a completely unsourced claim.
>Now that is unbelievable. You are suggesting to me that the police are paying VPNs for logs? Why would they pay if they have a warrant?
I'm not leaning in either direction here but worth noting that warrants are hard to get without evidence. Illegally obtained information can be used for ostensibly legal targeting, pre-warrant. It's a dangerous, clandestine abuse of power called parallel construction [1].
They sell your activity to data mining companies, retargeting, and ad replacements you’ll never notice; also your email and related profile to marketers. They have your logs. Not having them is a huge liability for them, you have absolutely zero reason to believe they don’t.
Here's the HN discussion about that case [0]. The VPN service was keeping logs of when you signed on and off, not of where you were visiting. The FBI used those timestamps to validate what they already knew from the guy. There was never any working backwards to find an original IP from some VPN-assisted visit.
One of the comments above mentioned that police in the UK (and western Europe) tend to be more polite than the often aggressive police in the U.S. This is believable, so too is the notion that police and the justice apparatus in the US are also more punitive than their western European counterparts. With these things in mind, it's rather ironic that the U.S turns out to be the much better place for protecting ones digital privacy by refusing to disclose passwords. Since it's not even legally allowed in the US due to the Fifth Amendment... (border crossings still being extremely ambiguous places on this).
It seems odd to me that the lesson here wasn’t reporting to the police when some rando you met on IRC has apparently hacked into a political party. Especially given all the state-sponsored meddling in politics recently.
They might have done the same thing and taken all your computers but you probably would be in the clear a lot sooner.
"I was on a site around the time it was hacked and I had no proxy or VPN."
How would a VPN would have saved in this situation. A free public proxy might hide the original ip address to some extent. The VPN would still be linked to his real identity straight away. Right?
This might be a good use case for a RasPi for web browsing. If it gets taken, you have not lost much money. You could PXE boot and have the OS run from ram, so you don't even need a hard drive. It really should not use much power. The PXE boot device could just be a generic cheap consumer NAS. If you need to save a file, just https post or sftp it to the cloud somewhere.
The police will take everything in your home that even tangentially looks like a computer. Cds, usb sticks, cameras, networking equipment, even things like monitors that can’t store any data have all been taken.
The reason seems to be, in part, that they often get to keep the stuff as part of any plea deal and can, and do, use it to equip their computer crime labs with better equipment.
This has been happening since the operation Sundevil days where it was documented in Bruce Sterling’s The Hacker Crackdown.
I have, but I also tend to not visit sites that have a lot of bloat. El Reg and Scientific American are about the most bloated site I visit and I only pull them up once a day.
For US readers it must be quite incredible to read all this took place amicably and - you weren't SWATed with guns drawn and would even talk to the law enforcement people by yourself (as opposed to only through a lawyer) - which was probably unwise even in Austria - they could have not have people experienced enough or just wouldn't want to admit a mistake
FYI, this was in Austria, the BVT is an Austrian agency, this website is on an .AT domain and he writes in his about page that he is a Texan living in Austria =)
So I made an appointment and talked to the investigator. He told me someone placed an order at a web shop, then hacked the iDeal transaction, the electronic payment system in the Netherlands. My home IP address showed up in the logging. I asked him what the IP address was and I confirmed it was indeed my IP address. For the investigator, this was a sure sign I was the hacker, because who on earth knows his IP address by heart unless you're a hacker? Yeah, I know, not a very smart move.
I told him why my IP address had shown up: the scraper had visited the store to update prices. And I told him if I was able to hack iDeal transactions I wouldn't have bothered to make a transaction for a few hundred Euro's. In the end it turned out someone had just placed an order, had it delivered, but didn't pay the invoice afterwards.
After a couple of months I received a letter stating I was no longer a suspect, and that seemed the end of end. But not quite: whenever I buy some form of insurance, one of the questions is if I have ever been suspected of fraud. Answer yes and there's a good chance the insurer will refuse. Answer no, and I'm actually committing fraud and the insurance may not be valid. It's also inconvenient as the same question comes up during screening (I'm a security officer now).
Lesson learned: my home router now routes all traffic through Mullvad. Just in case.