Hacker News new | past | comments | ask | show | jobs | submit login
I opened a link some random person sent me and I got raided (2015) (blog.haschek.at)
251 points by geek_at 14 days ago | hide | past | web | favorite | 170 comments

Something similar but less intrusive happened to me. 10 years ago I was in the early stages of building a price comparison website, still hosted at home. It scraped product prices of several hundreds of online stores. One day I got a letter from the police asking me to come to the police station. I called them asking what this was about, but they said they couldn't tell me on the phone. I said fine, but I won't bother to make the trip if this is not something serious. They then told me I was suspected of fraud.

So I made an appointment and talked to the investigator. He told me someone placed an order at a web shop, then hacked the iDeal transaction, the electronic payment system in the Netherlands. My home IP address showed up in the logging. I asked him what the IP address was and I confirmed it was indeed my IP address. For the investigator, this was a sure sign I was the hacker, because who on earth knows his IP address by heart unless you're a hacker? Yeah, I know, not a very smart move.

I told him why my IP address had shown up: the scraper had visited the store to update prices. And I told him if I was able to hack iDeal transactions I wouldn't have bothered to make a transaction for a few hundred Euro's. In the end it turned out someone had just placed an order, had it delivered, but didn't pay the invoice afterwards.

After a couple of months I received a letter stating I was no longer a suspect, and that seemed the end of end. But not quite: whenever I buy some form of insurance, one of the questions is if I have ever been suspected of fraud. Answer yes and there's a good chance the insurer will refuse. Answer no, and I'm actually committing fraud and the insurance may not be valid. It's also inconvenient as the same question comes up during screening (I'm a security officer now).

Lesson learned: my home router now routes all traffic through Mullvad. Just in case.

Interesting that "suspected" flies in the EU. I'm not 100% sure, but I don't think an insurer would be allowed to ask anything more than if you've been convicted of fraud in the US.

I seem to recall that US forms not infrequently ask whether you've ever been "arrested" for X (which is another standard falling short of conviction), but maybe that's just govt forms.

I'm not familiar with the legal dynamics of the netherlands, but this is a good example of why you should never talk to police without a lawyer present in the United States.

Good general advice, but I'm not sure if that would have made a difference in my case. I was a suspect already. Giving a statement didn't have any negative consequences for me. Maybe it prevented a raid like in the OP's case.

> whenever I buy some form of insurance, one of the questions is if I have ever been suspected of fraud. Answer yes and there's a good chance the insurer will refuse. Answer no, and I'm actually committing fraud and the insurance may not be valid. It's also inconvenient as the same question comes up during screening (I'm a security officer now).

This seems like a negative consequence


Never talk to the police without an attorney!

Yep, his new advice is to insist on a lawyer. You can even say something like "If it's important, I'd love to cooperate and talk to you, so I need a lawyer in order to do that. Let me know if you want me to set that up." That link is to his old talk where he recommends invoking the 5th. His newer talk is:


His book should be easy to find at retailers or cough other ebook sites.

Critical points:

1. The police are almost never trying to railroad anyone, but mistaken evidence, mistaken witnesses, or unfortunate consequences of telling the police things can make you look guilty.

2. You have no idea what the police are investigating. They can and will lie to you about this. They can and will lie to you about anything they want. See point 4.

3. There are tons of laws, especially federal laws, that are BS, and you're playing with fire thinking you can answer questions about what the investigators claim they're investigating without implicating yourself in some other crime.

4. Interrogators are trained to put an enormous amount of psychological pressure on you to help them, even if you realistically can't help, so you'll end up talking about anything and everything until (hopefully) the police realize you're actually not a good suspect, or until you've gotten tripped up and either admitted guilt or said something that makes you look guilty even if you're not.

5. Simply asserting the 5th, your right to remain silent, might now be able to be used against you if you don't do it perfectly and the cops/prosecutors think you're guilty and are willing to twist your invocation of the 5th against you.

6. Asserting the 5th isn't likely to stop interrogations immediately. Asking for a lawyer probably will.

7. Talking through a lawyer shields what you say from being used against you. Prof. Duane doesn't make this point explicitly in his talks, but Randy Barnett does in the second half of the above cato book talk.

8. If cops say they're going to arrest you, remember they're only arresting you if they have probable cause (or worse, they already have an arrest warrant). You need a virtually unassailable alibi that can be immediately verified (and hope the cop will verify it immediately) in order to be likely to talk your way out of being arrested. That almost never happens. A witness who will vouch for you is not the greatest alibi; cops may not believe them, especially if the witness is your friend or family, or the witness may not tell the cops what you hoped. If there's any doubt about your alibi, the cops are going to arrest you and book you anyway and sort things out later. And meanwhile what did you tell them for the 5 minutes or 30 minutes you were trying to talk your way out of it?

And as Prof Duane notes, the advice he gives and that's in his book doesn't really apply to routine traffic stops. However, if it escalates to "can I search your car" or "step out of the vehicle"...

There's actually quite a bit more you can do but it does start to err on the side of being risky. Remember, all of your interactions become evidence during a trial. And the police can say and do things that will invalidate evidence or violate your rights. If you drag out the interaction you can give them more opportunities to screw themselves.

- You can ask the police if you are allowed to speak to an attorney. They can say no, since in some DUI stops you're not entitled to an attorney, but you can ask them to explain why, ask them if you're being arrested, and then ask if you're entitled to an attorney later, then claim in court you were "confused" about your rights. Look up Confusion Doctrine+DUI.

- You can piss them off, and get them to say or do something stupid (Hopefully not shooting you). The cop ends up saying something like "You know I can arrest you for anything I feel like, right?". If you record everything, you might have a chance. I had an interaction like this that was dismissed in trial; the officer requested to dismiss it in the interest of justice, IMHO because what he did was embarrassing.

- You can ask the cops "why" they stopped you or "why" they are questioning you. If they answer the question differently or two officers claim different things, it can raise reasonable doubt. If they neglect to answer you can use exactly the same tactics on them they'd use on a suspect. Tell them you want to help but you need to hear their side of the story.

- You can ask "Am I being arrested?" or "Am I a suspect?" if a cop starts pushing too hard. You can ask them "Why do you think that?" etc. Again, it gives him an opportunity to do something stupid.

Lastly, remember, the police are probably a lot better at all of the above than you, since they do this often. Hence why no attorney is going to give this advice. But it IS possible to pull the same tricks on them that they pull on the people they pull over every day, it just takes a lot of cunning and experience.

Well I just tried some of this. I was being questioned, I answered the question about my name but that was it. I flipped them asking why, i'd love to help but why do they think that, etc. I was then detained, cuffed and placed into a police car.

Cops have more power than you, the average joe. I do not recommend doing the above.

When you say

> “I’d love to cooperate and talk with you, and I need a lawyer to do that”

And the cop says

> “why do you need a lawyer so bad?”

What is one supposed to say?

Blame the lawyers. That's what they're good for.

"On advice of every defense lawyer I've ever heard, and even former prosecutors now in a position to give unbiased advice, unlike you, so I'm following their advice."

The real answer to "why" is that "Asking for a lawyer is a ritual incantation that drives cops away like holy water does for vampires."

You can't say that, so blame advice you've been given instead, or just keep repeating "I want a lawyer [in order to be able to talk to you]" like it's a mantra. You don't have to explain yourself. Cops are not interested in "why". They know perfectly well why. They know you don't want a lawyer, you just want to end the cop's interview and fishing expedition. They don't like that, so they're going to make you feel guilty about asking for a lawyer when you know and they know you really don't want one, and they're going to try to make you say something dumb as a result.

“Because I would like to cooperate!”

Play the circles game with them, all day. And do it with a smile and the happiest attitude in the world.

"I don't know. That's just the advice I've been given by people I trust."

Not a word. They can't make you talk.

“Sorry I’m not answering any (more) questions.”

sure, but what would have changed in this case? he was a already suspect before he talked to the police right?

Lawyer would make him a witness.

Never. Talk. To. The. Police.

It's kind of disturbing that such sloppy police work is the norm.

> I told them about the script kiddie, the link and that I wasn't using a VPN because I did nothing wrong but of course they were sceptical even thought one of the agents said my story sounded plausible to him.

A) This is a weird thing to tell the cops. "I wasn't using a VPN cause I wasn't doing anything illegal, I only use VPNs when I do illegal things!" Uh... you don't want to tell the cops you do illegal things and have opsec procedures for when you do illegal things! No wonder they were skeptical!

B) This story is literally the explanation of why "If I'm not breaking any laws, why would I worry about my privacy from the police?" is the wrong attitude. You don't have to have known you did something wrong/illegal, you don't even actually have to had done something wrong/illegal -- for the police to really inconvenience you. It could have been a lot worse than this. Even people who never knowingly/intentionally break laws have an interest in keeping their activities from police notice. As this story demonstrates. "If you have done nothing worng you have nothing to hide, why do you mind police surveillance" -- nope nope nope.

surveillance state is the price we pay for a civilized society. abolishing that would mean , like 1% more crime. nobody wants to live in a world like that

A surveillance state wouldn't be such a burden if the rights we had actually could be enforced on the spot the moment they were infringed by a police force.

The fact that you can be imprisoned (borderline indefinitely it seems at times) as well has basically need a lawyer even though your issue is straight up black and white really shows the failures of a police state. Whats the point in having rights in a surveillance state? The government will just make stuff up against you anyway.

Where you say "really shows the failures of a police state." It's a great success, the greatest actually. The people who fail to enforce anything against the police are the same people who need them to act as the tip of their spear. The purpose isn't everyone compliance - just the compliance of those with the potential to change things. Think FBI and MLK, or Aaron Swartz. It's like spear fishing vs mass spam, tracking the individual agents of change and their social network vs fire hoses and dogs at protests.

I guess I was coming from the philosophy of why it's bad on a liberalism mindset. I totally get why it's good for a governing body to assume control.

The only interesting hypothetical I've heard in support of surveillance is when/if some armageddon level technology becomes cheap and easy to employ. If nuclear weapons, self-replicating nanobots, designer viruses didn't happen to require the resources of a wealthy state, then extremely invasive and automated surveillance may be the only thing that can protect us from random trolls wiping out the planet. The risk of surveillance abuse is still there, but would be weighed against the benefits.

This hypothetical also assumes that the surveillance state would be competent, rather than merely oppressive. I think at this point we into a vanishingly small set of possible worlds.

So keeping all of his computers for a year sounds like a major pain in the ass since he's innocent (I'm not that surprised they did it, it's understandable if you're the head detective, perhaps, but being in tech myself I'm more understanding of "I just clicked a link" and wouldn't consider that much of evidence). I'd lose sleep too just at the thought of the pending investigation and the headache that inherently is even if you're innocent of what they suspected you of. But honestly it's refreshing to read a story about a police raid where the police knocked, the warrant was in order, they were polite and sat down to talk, they explained what was going to happen next, and an agent even acknowledged in front of him that his story was reasonable. I've had a few police departments around me that routinely do none of those things.

Yeah that was the thing I was most impressed with too. Cops in the US generally don't know anything and they are unsympathetic to any perfectly sound and rational expertise you have simply because they don't know...and frankly don't care.

Interesting. Do you have a lot of first hand experience with law enforcement?

Not whom you're replying to, but I have had a fair amount of dealings with police in and around Chicago, mostly from traffic stops, but also from calling them/having had them called on me.

Most of the traffic stops have been for speeding (and I was speeding). It's been about 50/50 on whether I get a ticket or a warning.

I had one traffic stop in Chicago, south of the Loop on State Street, where I was pulled over by CHA (Chicago Housing Authority) for failing to signal while changing lanes (he lied; I always signal, kind of a pet peeve of mine, though I admittedly speed all the time). The same officer illegally ran a red light in front of me w/o his police lights on. What proceeded during that stop was an outright interrogation. Who am I, where was I employed, what I am doing here, etc. I told him that was none of his business and not relevant to the traffic stop. Told him I wasn't answering anymore questions without a lawyer. He threatened to arrest me. Didn't utter another word, just kept both my hands on the steering wheel at 12 o'clock. While he wrote the ticket, the other 2 officers that were with him apologized on his behalf, yet did nothing to prevent the ticket from being written. Guess I just found a dick of an officer on the wrong day. Also think I was profiled a bit. White kid, out of state plates driving through the projects. Pretty sure he thought I was trying to score some drugs, when in reality I was just going to college to take a final. The kicker is, they confiscated my license as bail. I was supposed to fly home for Christmas vacation a few days later, and my license was my only valid ID to fly at the time. I had to get a state ID that cost only $4, but I was in college and broke. I had to pay that $4 in dimes from my change jar because that was literally all I had.

I've also been pulled over by a sheriff's deputy in Montana before. I was visiting my parents around Christmas and I got pulled over for "an aggressive pass". I accelerated rapidly and passed on the right someone that was driving 10 under the limit in the left lane (illegal in MT, btw, slow traffic in the left lane must pull over tot the right). It was somewhat comical because the deputy turned on his lights at me, and I went to pull over, but it was in an area with next to no shoulder. I literally had to drive about 4 miles further, with my signal on as the deputy kept calling at me over his loud speaker to keep going until there was a proper shoulder. The deputy gave me a warning, despite my bloodshot eyes and breath smelling of whiskey (I had been up since 4am CPT, had been travelling all day and it was now 7pm MPT and I'd had a single drink with an old high school friend and I was still wearing contacts at the time).

When I've had to call the police, I've generally been treated fairly well. Most often, it's been because of a traffic accident (I've been in probably 20 accidents in my lifetime, only 1 of which has been my fault). Other times, it's usually been due to noise complaints against neighbors very late at night. One wasn't terribly late, but I was reading a book quietly in my old apartment and I could hear a woman screaming bloody murder. Literally heard through the ceiling "Help! He's going to kill me!". I don't like to get involved in other peoples arguments/disagreements, but yeah, I definitely called the police on that one. Another time, same apartment, I happened to be up late watching TV at like 2am when I noticed a ton of police lights out in the drive/parking lot of my apartment complex (at least 8 cop cars with lights on) and officers wandering around with shotguns, assault rifles and pistols drawn. I live in a pretty affluent suburb of Chicago and this is pretty unheard of around here. I asked the dispatcher what was going on, and initially they wouldn't tell me anything, but later relented a bit and told me that at an adjacent building, there was a domestic dispute and the suspect had fled and they were searching for him (it happened to be snowing pretty heavily at the time, so they were following tracks in the snow).

All in all, I'd say me experience with law enforcement has been positive with one really sour experience. But, then, I'm an affluent white male. That said, I think if you're generally compliant with instructions, you probably won't have issues (this doesn't extend to answering questions - you don't and shouldn't have to without a lawyer present).

A bit of advice if you get a traffic stop: don't immediately get your license and registration out. Just pull over and leave your hands on the steering wheel, in plain site. When the officer approaches your window, explain to them exactly where each requested document is. i.e. "my license is in my wallet in the left rear of my pants and my insurance document is in the glove compartment." And make sure they acknowledge that before you make any movements to retrieve said items.

Edit: forgot the bit about them being called on me When the police being called on me, it's always been a noise complaint and only happened once or twice.

Both times, I was drunk and didn't realize how drunk I was and how loud my music was. Turning off/down the music solved it without any issues/fines/arrests.

The same thing would happen in the USA too. If you were suspected of hacking into the Democrat or Republican party websites, the FBI would come and confiscate your computers and hold onto them until after your trial had finished. This would easily take a year or longer.

Would it happen the same way though, with a polite knock on the door, a calm chat and orderly evidence collection? In the US they'd probably break the door, pin the guy down on the floor while armed men ransack the house. Call me cynical...

And also throw you in jail and keep you there indefinitely regardless of evidence of you committing a crime.

It's true, the jails are so clogged that pre-trial offenders can be held for months and sometimes years without a conviction in the U.S. Not to mention the indeterminate number of people who just disappear out of the computer system and end up being held for months beyond their release date.

What's worse, you could be thrown in jail if you're a witness, even if you're not even suspected of a crime. Some witnesses have been in jail for years.


It's the Democratic Party, not the Democrat Party.

Saying "Democrat" instead of "Democratic" has, strangely, morphed into a sort of secret-handshake for Republicans.


An easier-to-pronounce corruption of the name spoken with disdain is hardly a "secret handshake"

More like a dog whistle.

You learn something new every day! I'm going to start using this. Not because I care (unaffiliated), but because I'm astounded that anyone could be seriously offended by this.

I don’t know if anyone gets offended anymore so than they would to a “your mom” joke. Saying it is mostly just funny to one group while being annoying and juvenile to another.

Generally speaking, I avoid name-calling and ad hominem attacks no matter how good they feel. Folks are doing enough trolling. We need more civility.

That's what jerks do. "To own the libs". I recommend not being a jerk.

I'm confused - the Democrats/Democratic party uses "Democrat" extensively in their website. It it a noun vs adjective thing that I'm missing?


> It it a noun vs adjective thing that I'm missing?

Yes, you'll notice they never use the singular "Democrat". They describe democrats, the Democratic party, etc. but only Republicans started using this bizarre "Democrat Party" or the "Democrat nominee" thing.

This confuses me. I've discussed politics for over 10 years online, both in very conservative forums and very liberal forums, and have never once seen a person mention this before. Sometimes I have even been on forums where name calling was quite direct. Yet I've never heard of this before.

A quick google search shows a number of mentions, but it feels so odd that I could've missed this, especially since a person who isn't in the know can easily make the mistake of thinking Democrats belong to the Democrat Party.

Has it historically not been an issue enough to call out? Is this only in some circles and not universally agreed upon? It just seems so odd for me to have missed this being a thing. It is like if one day someone told you 'fish' was a loaded negative term to refer to people who went to college.

It's definitely an intentional thing among prominent Republicans, but especially the "Fox News" set.. like I doubt you'd see Justin Amash saying it, but the Devin Nunes's of the world love it;

Here's a Twitter search for Trump with all the times he said "Democrat" singular, almost every occurrence is designed to be a pejorative: https://twitter.com/search?f=tweets&q=from%3A%40realDonaldTr...

Or for Matt Gaetz:


Or Jim Jordan:



Apparently it made it to Wikipedia: https://en.wikipedia.org/wiki/Democrat_Party_(epithet)

Donald Trump speaks about Democrats in a pejorative manner. Sometimes it's even using "Democrat" as a noun in the grammatically correct way. Film at 11?

Nitpick: The singular “Democrat” is still standard if used as a noun, as in “Nancy Pelosi is a Democrat.” It’s only using it as an adjective that’s nonstandard.

It's a play on the last syllable resembling "rat", popularized by Rush Limbaugh's radio show.

I do remember hearing "Republican'ts" and "rethuglicans" from dems but in my experience it's extremely rare.

I doubt anybody uses "democrat party" for reasons related to the demon-rat moniker.

It seems to be more about disputing that the party is in fact democratic. Among other things, the superdelegates make this clear. It's also the matter of the party making a name-grab for democracy itself, which is a more valuable trademark than anything associated with the republic.

> It seems to be more about disputing that the party is in fact democratic. Among other things, the superdelegates make this clear. It's also the matter of the party making a name-grab for democracy itself, which is a more valuable trademark than anything associated with the republic.

Yes, I'm sure the pejorative use by Republicans of the term that Democrats use to refer to themselves is rooted in Republicans' sincere concern with the structure of the DNC's primary. That must be it.

> burfog 19 hours ago | parent | flag | favorite | on: Iran attack: US airbases in Iraq hit by ballistic ...

> Democrat voters may oppose war, but the same can not be said for democrat politicians.


Lol, come on man.

I do believe we hit a nerve... ;)

I could see this being very confusing if you were a non-native English speaker. "Democratic" = OK. "He's a Democrat" = OK. "The Democrat party" = NOT OK.


Nouns can't modify nouns like adjectives can, but they can be modified to be adjectives.

Friend = OK

Friendly = OK

He's a friendly person = OK

He's a friend person = NOT OK

He's a friend = OK

This should be something most speakers learn early, though, maybe they won't know all the rules for modification and will make up an incorrect adjective. I.e., He's a democratly person.

But if the phrase "friend person" caught on (similar to, I don't know, the phrase "my bad"), we wouldn't consider it a "secret handshake" or "dog whistle". Especially since "members of the Democratic party" generally consider Republicans to be less well educated on average. Ascribing this to some kind of intentional, coordinated malice in all cases seems ludicrous to me.

It's obviously intentional coordinated malice.. this isn't new, it's been written about for decades:


Someone like US Senator Josh Hawley went to Stanford, then to Yale Law, he clerked on the US Appeals Court and then for the Chief Justice of the United States Supreme Court. He was then elected as the Attorney General of Missouri and won the race for US Senator in 2018.

Do you honestly think he doesn't know the proper name of one of the two major parties in the USA, or the body that organizes their elections? It's not subtle. Just super juvenile 'own the libs' silliness.

> Today on Fox & Friends Senator Josh Hawley (R-Mo.) said the Democrat National Committee ...

> “Essentially the Democrat Party bought themselves ...


He's a friendly = OK?

And it's not remotely unheard-of for the FBI to execute that in the form of an escalated no-knock raid. Paul Manafort is one example that immediately comes to mind, and his was in the middle of the night IIRC.

> Paul Manafort is one example that immediately comes to mind, and his was in the middle of the night IIRC.

Nah, that story was just propaganda to make people feel sorry for a dude who evaded like $20M in taxes by offering political services to corrupt governments and oligarchs. You need special permission from a judge to do a 'no-knock' raid or a night one. (First page here clearly shows it was a daytime search warrant: https://www.emptywheel.net/wp-content/uploads/2018/06/180626...)

The FBI knocked repeatedly, and then used a previously provided key to access Manafort's condo sometime after 6am, which is early but still after dawn in Virginia in August so even the "pre-dawn raid" people were wrong.


I have a mischievous fantasy for situations where police use illegally excessive force for no-knock warrants.

It involves some combination of:

- A highly reinforced front door, and bulletproof windows.

- Just inside the front door, a floor that's in the middle of being mopped with very slippery soap.

- Copious amounts of glitter and shaving cream. (I'm still working out the details.)

Note: I recognize that most police perform dangerous and necessary work. My fantasy only applies to police committing criminal acts.

I could picture this being used to tack on several more charges...

Note: policing isn’t that dangerous, and the way it used in practice in the US, it’s only necessary for enforcing property law and protecting people who own/run things. https://www.huffpost.com/entry/how-dangerous-is-police-w_b_6...

> I could picture this being used to tack on several more charges...

For sure. There are lots of reason to keep this in the realm of "mischievous fantasy".

Maybe the inhabitant only weighs 80 pounds, and that is all the floor is capable of supporting. The basement holds a large collection of glass containers holding venomous animals.

Your house would be condemned and you would be civilly and criminally liable for any injuries the officers may have. The joists need to support 40 pounds of pressure per square foot in habitable rooms, 10 in non-habitable rooms (e.g. an attic)

Boobytraps are illegal. Have fun with that in court.

Everyday household tripping hazards will do.

Hopefully not trial. Hopefully it would happen the same here as it did there—no charges and computer equipment returned.

What do you think would have happened if you stumbled upon [political party website] open directory and reported it?

are you in US? it looks like he is in Germany as the search warrant is in German

I'm in a fairly average US state and previously lived in Africa. As a Libertarian, I tend not to be the biggest fan of those who idealize Europe's policies, but they sure seem to have avoided dysfunctional government employees better than the rest of us. (And honestly if a typical government employee in the US was of that calibre, I'd be less opposed to bigger government).

As an American, police in Europe seem to be more like "Beat you with a stick but keep you out of jail type" and treat citizens in a rational way according to how the industrial world works (as well as protecting workers from losing their jobs, especially when innocent until proven guilty). In the US, it's basically the lottery that nobody wants to win. Cause if a cop wants to ruin your day, month, or year, he absolutely can with 0 recourse.

That's why I'll always view the US government's approach to policing as repressionary unless they actually give workers rights preventing them from being fired, and actually funding the legal system to be more efficient. They run it like a business and intend to keep it that way.

There are these things in the US, we call them "lawsuits", that compensate people for abuses they may have suffered at the hands of the police.

* (disclaimer) for people who have the time and money to actually go through with a lawsuit.

* (disclaimer) cops almost never get convicted so it can be a fruitless, expensive waste of money and years of time.

We had to waste a lot of money and years of our time just to get an offense stricken from my mom's record: a sociopathic dick of a cop in a rural area made up trumped up charges to place on my mom in an escalation with a local school district. Compensation? Haha, good joke! We were lucky to have the money to fight the charges, but that cop received no punishment. Furthermore, my parents run their own business so they had no problem with the amount of time needed.

Lawsuits may as well not exist for a large portion of the population.

I can jump in on this bandwagon a bit. A cop, not on active duty at the time, took a retired German Shepard police dog as a pet. He lived near a college and had his dog running around in his backyard. An event was going on at the college so there were large crowds. The cop didn't watch the dog and it jumped out of his fenced in yard and started attacking the students. My brother got bit pretty bad and had nerve damage in his arm.

It's been 2 years since this happened and the cop has not admitted fault, hasn't had to put the dog down, hasn't been written up, or had to pay a dime. Although the city has agreed to pay because it was their officers fault, the funny thing was, no lawyer would take the case if my parents wanted to sue simply because they know suing the city is impossible (which is frankly ridiculous), and because it involved a cop not on active duty. I mean the city is still dragging their feet paying for his hospital visit and everything, meanwhile my brother is basically in collections for something he isn't supposed to pay for.

If anything the event has really taught me to despise the US government and cops more than ever. Cops individually may be nice people, but that badge and union suddenly turns them into some of the biggest repressionary forces to regular lower income people.

The police in the UK are, on average, pretty damn polite compared to any other country I have ever visited or lived in. I honestly think it’s because they (typical beat cop) don’t have guns, so there is no overwhelming force escalation during an encounter.

I'm in Australia.

In my experience the cops I've dealt with have been professional and courteous, and they have guns.

Horrible aggressive cops seem to be a mostly American phenomenon.

> opposed to bigger government

not sure if it is libertarian or not but I think big corporations are a worse threat to freedom than big government.

EDIT: the reason being that big corporate can buy laws and regulations that favour them over individuals

No, this was in Austria, not Germany!

The lesson here is not to avoid clicking random links, because that is an unrealistic expectation.

So what is the lesson?

Realize that you can get raided at any time, without any warning, due to random life circumstances. Live life accordingly.

I was raided (secret service) thanks to a boneheaded roommate. Woke up to guns drawn and shouting. My advice:

* Don't talk to the police

* Maintain off site backups because they will take everything, even the whole machine in my case

* Encrypt everything, this event really reinforced that for me

Also, try really hard to not have your dog present when you get raided.

I've been hearing stories of people being detained for refusing to decrypt their drives.

And the author writes:

> I was also asked for my password and if I had any encrypted data on my PC

You should first consult with an attorney before making any statement to the police, much less handling over incriminating evidence. I'd rather keep the option open to fight over it in court than just giving up the key and hoping that the police will view it in my favor. Also, encryption is a must in case of theft.

In some countries, lying or withholding information is a crime itself. The USA is fairly unique with the "right to remain silent."

Sometimes saying anything at all might incriminate you because you're the only suspect. Don't talk to cops without a lawyer basically is the way to go in the USA.

In Japan, you are currently allowed a lawyer to be present when being questioned, but it wasn't that long ago that you weren't. However, there was a bit of a hack: you were guaranteed to have a translator. It didn't matter how good your Japanese language skills were, you could demand a translator (assuming you spoke another language!) and they had to be present during all interrogation. While not as good as a lawyer, at least you had a witness if something untoward happened during the interrogation (which was apparently quite common in those times). I have heard that since the latest reforms in the last 10 years (lawyers present during questioning and allowance of a trial by jury) the incidence of untoward occurrences has decreased. While police here are an extremely friendly feature in society (very different than any other country I've lived in), you definitely don't want to get on the wrong side of the law one way or the other.

The author is also German, thus has less protections than in the US (which would be the case if your raided by the Secret Service)

Which protection in particular is present in US and missing in Germany?

Encrypting everything is a good way to get them to harass you more. First of course they'll compel you to give up the encryption key, so what's the point of encrypting it? Then comes the inevitable lame argument of "if you had nothing to hide, why did you use encryption?!" Encrypt things just for your general privacy (ex. from theft), but against the government, it's counter-productive.

If the police believe you are a suspect in a crime, there is literally nothing you can say or do that will help you. Talking to the police will only hurt you. In the US, key disclosure law is complicated by the 5th amendment. Here's a good example: https://arstechnica.com/tech-policy/2014/06/massachusetts-hi...

> Because Gelfgatt already admitted to police that he owned and controlled the seized computers and had the ability to decrypt them, the court found that the act of decryption would not reveal anything new to the police. Therefore, the act of compelled decryption was not “testimonial.” Normally, the Fifth Amendment privilege prevents the government from forcing a witness to disclose incriminating information in his mind (like a password not written down anywhere else)—but only if that is information the police do not already know.

If he had simply made no statements to the police, he might have been able to invoke his 5th amendment right. But now we'll never now.

Oh sure, never say anything without a lawyer, but also don't give them more reasons to harass you.

Encrypted, Offsite backups are key!

Agreed. My first thought was that this makes it incredibly easy for one rogue person in the right place in government and minimal skills covering their own tracks to get anyone they want raided.

And your calls and movements were surveilled for weeks prior to that.

To be honest that fact felt the most violating in this whole ordeal for me

Encrypt your harddrives, and have some plausible deniability in case they want the encryption keys. E.g.: I'm researching pseudo random numbers, and my harddrives are full of them. Or use hidden partitions, or something like that.

The better advice is to know the laws of the country you're in. For example in Germany you can simply refuse to give them your password and they can't use that against you in any way. No need for a reason or plausible deniability. The same strategy wouldn't work in the UK. Here is an overview: https://en.wikipedia.org/wiki/Key_disclosure_law

Getting better at lying to law enforcement is probably not the right lesson to take away.

In addition, and in this specific case, it's a lie that is easily discoverable. Just because your data is encrypted does not mean that it all looks random. For example, AIUI, LUKS has a partition header that contains a magic number, identifying it as a LUKS partition. Additionally, GPT's "partition type" field can identify the partition as a LUKS volume.

“This police raid has been extremely stressful and I can’t remember” is a perfectly valid statement.

What's even scarier is when your browser "clicks" on the link by itself [1] and you don't even realize that you've just sent a request to some 'random' server and that server now has the log of your IP. If you browse 'questionable' sites, definition of which is growing by the day, you should be careful in which log your IP might end up in.

I now disable page prefetch on every browser I use. Some browsers don't even use it (which is a sensible thing in 2020 given the risk vs rewards of having it turned on).

[1] https://en.wikipedia.org/wiki/Link_prefetching

It took me a while to find the setting -- search Chrome preferences found nothing for "prefetch," and a how-to article I found claimed the setting was called "Use a prediction service to load pages more quickly," which also returned nothing, but I finally found it under Advanced -> Privacy -> Preload pages.

I was quite pleased, however, to find that this had already been turned off for me, and enforced, by uBlock Origin: https://imgur.com/a/9seIFEU

you can find the option in FF in about:config by searching "prefetch", but mine was also disabled already because of uBlock origin.

Moral of the story is actually to use a VPN regardless of what you do, so you can't be held accountable for someone else's actions or lack of security of IT department of some company.

> After getting my drives back I checked one of my USB drives and it had a .docx file on it that didn't come from me. In this Word file there was a photo of some guy (unpixeled). I have no idea who that is (maybe the script kiddie?) but the federal agency must have put it in there by accident.

Plot twist:

I opened a word document some random agency put on my USB drive and I got a federal trojan.

> After getting my drives back I checked one of my USB drives and it had a .docx file on it that didn't come from me.

Booooo. Die BVT dropped the ball on preserving the chain of custody for this evidence. They should have used equipment that bars device writes.

Or leaving the .docx file was intentional and by opening it, the guy triggered a hidden payload which installs malware which the police use to monitor him.

If they had his hardware for a year I don't think they would need him to trigger a hidden payload.

Its to allow them to continue monitoring his activities going forward, without the need for annoying warrants and physical searches.

I think the point is that they could have just installed the malware since they had physical possession for an entire year.

And the counterpoint is that he'd obviously got a new computer and any further surveillance would benefit from access to that one.

That's a good point. I was assuming the old hard drive was loaded on old equipment but that's not necessarily the case.

Why would you ever spin those drives up again? I'd sledgehammer them just to make sure.

Would it be possible to hide an exploit or test in a Word doc or image? I suppose they could have planted the image there with some steganographic encryption, and if the author was clever enough to find another link and click it, he would alert authorities to that fact?

This sounds farfetched when I write it out.

I would reuse an already existing files on the hard drive to do that instead of adding a new one.

By adding a new file, it piques curiosity, or triggers communication to the person in the photo to let them know that they're on to them.

Plausible line of thought.

I was thinking about this too but, at least in my case, would make me doubt about it.

Its common to use Word macros to install malware.

Though in this case mitigated by the split between .docx (macro-less) documents and .docm (macro-enabled).

Either file type can also be unzipped and have their contents inspected for anything suspicious.

It isn't entirely clear to me that Script Kiddie was actually setting Security Researcher up rather than bragging, but let's assume.

The interesting aspect is the weaponization of legit LE - this is similar to swatting. This can easily be extended to harassment by all sorts of random government agencies depending on context. It isn't even really new - you can think of false OSHA reports and the like as similar.

I think the new aspect is about the expanded reach of social connections, combined with people's willingness to be much more vicious when the interaction is virtual.

My first thought was that this was a setup by the Script Kiddie (maybe they did know what they were doing). If you knew that your actions were going to come to light then you might as well messy up the trail for investigators. I wouldn't be surprised to find out this was a planned maneuver

Clicking random links is exactly what HN is all about ;)

That's why I never read the articles, I'm security conscious!

What article?

Yes, but I think that the attack worked precisely because it was shared with few people (possibly just one).

If we apply reasonable doubt that the script kiddie wanted to hurt the author specifically, shouldn't he have spread the link with as many people as possible to bury any particular identity behind tons of random innocent people?

Another reasonable assumption would be that the script kiddie wanted to deflect the attention on one specific person, didn't care who, and in that case might have actually looked for one single IP address to show up at a given (damning) time in the logs.

Why does a security researcher not use a VPN while on IRC? The security community is crawling with bad actors.

>Don’t click random links!

Alternatively, consider always using at least some kind of VPN.

In the modern climate of VPN ads all over tech videos I doubt it is terribly unusual if you have one, yet it immediately makes this kind of bullshit considerably less likely.

I feel Wireguard (for those not in the know: a VPN protocol and software suite like OpenVPN) provides the kind of performance and latency that is completely acceptable for almost all traffic other than video games, and if you are a Linux user you can even play with things like network namespaces to force some apps through Wireguard (and maybe some through bare metal.)

I am not affiliated with any VPN but I am a happy customer of Mullvad for years, and I don’t recall any time they’ve ended up in the news for bad reasons. I’ve also heard ExpressVPN and PIA are good options.

PIA might not be a good option anymore: https://restoreprivacy.com/private-internet-access-kape-cros...

PRQ (run by the people who run the Pirate Bay) has a VPN tunneling service run out of Sweden. It’s about $10/month for the slowest package.


Will that help at all? The VPN itself will keep track of all your activity, just a warrant away, that’s how they make real money.

>The VPN itself will keep track of all your activity

- The trouble here is that the ISP is in the same country as your police. Having a VPN that is in a different jurisdiction requires international warrants. (IANAL.)

- Mullvad claims they do not log, as many VPN providers. I have a tin foil hat usually but I think their track record warrants an unusual amount of trust.

- You can also do multi hop through Wireguard, if you’re into that kind of thing.

>just a warrant away, that’s how they make real money.

Now that is unbelievable. You are suggesting to me that the police are paying VPNs for logs? Why would they pay if they have a warrant?

I don’t think the data that ISPs or VPNs have is actually worth that much. For VPNs most of it is probably genuinely torrent traffic and HTTPS traffic. Even DNS can be encrypted nowadays (and should be imo.)

It’s one thing to say they are selling logs, but it’s hard to believe that’s where they make the real money from. And either way, it’s a completely unsourced claim.

>Now that is unbelievable. You are suggesting to me that the police are paying VPNs for logs? Why would they pay if they have a warrant?

I'm not leaning in either direction here but worth noting that warrants are hard to get without evidence. Illegally obtained information can be used for ostensibly legal targeting, pre-warrant. It's a dangerous, clandestine abuse of power called parallel construction [1].

1. https://en.m.wikipedia.org/wiki/Parallel_construction

I know parallel construction exists. But I highly doubt VPN services make their 'real' money selling logs.

I find that hard to believe these days. It seems that getting a warrant is easier than ever.

https://apnews.com/a2b48c6f1911472986b0e501bdca9f25 - Most Utah warrants approved in less than 3 minutes

They sell your activity to data mining companies, retargeting, and ad replacements you’ll never notice; also your email and related profile to marketers. They have your logs. Not having them is a huge liability for them, you have absolutely zero reason to believe they don’t.


Here's the HN discussion about that case [0]. The VPN service was keeping logs of when you signed on and off, not of where you were visiting. The FBI used those timestamps to validate what they already knew from the guy. There was never any working backwards to find an original IP from some VPN-assisted visit.

[0] https://news.ycombinator.com/item?id=15432827

Can you elaborate on the "that’s how they make real money" part? Do they charge LEOs for complying with a warrant?

> I was also asked for my password and if I had any encrypted data on my PC (which I didn't have at the time).

Today you probably encrypted everything, right? Would they force you to tell your password, or what was the intention of just asking for it?

One of the comments above mentioned that police in the UK (and western Europe) tend to be more polite than the often aggressive police in the U.S. This is believable, so too is the notion that police and the justice apparatus in the US are also more punitive than their western European counterparts. With these things in mind, it's rather ironic that the U.S turns out to be the much better place for protecting ones digital privacy by refusing to disclose passwords. Since it's not even legally allowed in the US due to the Fifth Amendment... (border crossings still being extremely ambiguous places on this).

This is Austria, not Germany, though the laws are probably very similar.

The author of the post says

"I was on a site around the time it was hacked and I had no proxy or VPN."

How would a VPN would have saved in this situation. A free public proxy might hide the original ip address to some extent. The VPN would still be linked to his real identity straight away. Right?

It seems odd to me that the lesson here wasn’t reporting to the police when some rando you met on IRC has apparently hacked into a political party. Especially given all the state-sponsored meddling in politics recently.

They might have done the same thing and taken all your computers but you probably would be in the clear a lot sooner.

Is it safe to open the article, though? 8)

Google search by image reveals its a doberman.


Okay, so who is brave enough to click that link?

I got “stallion,” as in, a horse.

I'm wondering if this happened to me if I would report it and the result might be quite different?

This might be a good use case for a RasPi for web browsing. If it gets taken, you have not lost much money. You could PXE boot and have the OS run from ram, so you don't even need a hard drive. It really should not use much power. The PXE boot device could just be a generic cheap consumer NAS. If you need to save a file, just https post or sftp it to the cloud somewhere.

The police will take everything in your home that even tangentially looks like a computer. Cds, usb sticks, cameras, networking equipment, even things like monitors that can’t store any data have all been taken.

The reason seems to be, in part, that they often get to keep the stuff as part of any plea deal and can, and do, use it to equip their computer crime labs with better equipment.

This has been happening since the operation Sundevil days where it was documented in Bruce Sterling’s The Hacker Crackdown.

That's a good point. So maybe all they should find is a cheap RasPi and the cheapest NAS and wifi AP you can find.

have you ever surfed the web on a Pi? even a 4.. it's not fun :D

I have, but I also tend to not visit sites that have a lot of bloat. El Reg and Scientific American are about the most bloated site I visit and I only pull them up once a day.

There is an embedded version of the webkit browser that has hardware acceleration on the pi and works prety well.

( .. opening link with Startpage's anonymous feature .. )

For US readers it must be quite incredible to read all this took place amicably and - you weren't SWATed with guns drawn and would even talk to the law enforcement people by yourself (as opposed to only through a lawyer) - which was probably unwise even in Austria - they could have not have people experienced enough or just wouldn't want to admit a mistake

FYI, this was in Austria, the BVT is an Austrian agency, this website is on an .AT domain and he writes in his about page that he is a Texan living in Austria =)

Born Texan, that's right but haven't been there since a was a few years old. Still feel strangely connected though

Thanks, fixed.


What other option does he have, exactly?

i would at least destroy the drives, dont care if that s illegal

So how would sitting in prison as a result of that action have made the author's life better?

that depends on the definition of a good life

I'm curious how you see this playing out in the real world. Do you:

a) Destroy every storage device in your home every time you click a random link on IRC.

b) Destroy every storage device in your home "when I opened the door we were greeted by the police, counter terrorism agents and a state-prosecutor".

Option A would be an expensive hobby. Option B seems like it would cause more problems than it solved.

I'm reminded very much of xkcd's $5 wrench. It also seems to me that in this case, his data is his alibi.

>It also seems to me that in this case, his data is his alibi.

Well, there was no evidence on them. If they were destroyed then there would also be no evidence.

Agreed on everything else.

Hey random person, I'm not falling for it!

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact