Think password reuse is a problem? So is screen name reuse. So is having the same friends over time. So is trusting people.
A person's digital fingerprint is huge these days, and a human weakness can break the chain apart. And once one person's in custody? How much discipline do you think each member has to not snitch in the face of prison time?
In my imagination, they'll start with Aurenheimer's hdd. The world isn't that big. Think how the head of the CIA is probably 7 people away from anyone in luzsec.
Cops work like hackers in the sense that both groups attack vulnerabilities. The vulnerabilities here are clear: these guys have big mouths and they're overconfident. They'll talk to somebody someday, and when that happens, it will provide an opening for the fuzz.
Would be interesting to hear some of them.
This might involve (erroneously) shared contacts. Shared VoIP numbers. Shared MAC addresses, or shared IP addresses. Shared passwords. IRC channels or web sites.
Even what times you are active, what words and what phrases you use, and your browser strings can provide clues.
A group within (IIRC) Lebanon was reportedly identified a while back because of an opsec error; one of the folks involved in the group used a "restricted" cellular phone to call his girlfriend, and that broke open the identities.
The German Ultra encryption system was targeted and was sometimes vulnerable due to opsec errors. Opening such as key reuse, or sending duplicate messages, can provide openings that allowed decryption.
This area is related to the classic "covert channels" discussions within information security; on the expected information leakage, and around how a "defender" wants to keep leakage at a minimum, and how an "attacker" is looking for clues and errors.
This is also a corollary to the classic difficulties with maintaining server security; leave one sufficiently egregious opening in your security, and you can be toast.
Is that legal in the UK? Because in the US it'd be unconstitutional.
Which isn't to say that I think the feebs have compromised TOR, because I think that's pretty unlikely.
Ultimately, it comes down to human fuckups. Bradley Manning is not in jail because he didn't take security precautions, he's in jail because he talked to someone he shouldn't have. The same will be true of any reasonably sophisticated hacking organization. They can take all the precautions in the world, but a vengeful ex can bring the whole thing crashing down.
The law enforcement exposure they just did undoubtedly made it much easier to get warrants or FISA approval if they did have some targets.
"The Navy made it, why'd they release it?"
-They released it because it's entirely useless if the military are the only ones using it.
"It's not theoretically effective. There's lots of ways to break it."
-Sure, there have been papers written about ways to break TOR. I've yet to see someone actually do it. That doesn't mean the NSA or whoever isn't doing it, but you'd think if someone had compromised the system you'd see some story about it. Somebody who was using TOR would have been tracked down and they would have thought, "hey, wait a minute..."
-Meh. Again, if they compromised TOR, you'd hear about it. They'd have given the IPs of hidden wiki visitors to the feds, and some pedo would have been arrested. If PV don't care about pedos, they would have given the feds some information about somebody that would have led to some sort of action. The fact that none of this has come to light is pretty strong evidence that PV has not compromised TOR.
"Wikileaks uses TOR"
-So the fuck what? They have a pretty clear use case, and the fact that ioerror is a contributor means he's concerned about anonymity (for obvious reasons), not that Wikileaks has hatched a plot to snoop on anonymized traffic and leak details. Why the hell would they bother? They've got more than enough stuff to leak handed to them. What are the chances that someone using TOR would be transmitting data that WL would care about?
This is just stream-of-consciousness FUD from Zed, of the type we're used to seeing from him. He throws out a bunch of what ifs and pretends it's an argument. Show me the evidence. Show me some indication that TOR has been breached and I'll be the first one to question whether it should be used. In the meantime, TOR is only getting more secure as more people talk about it and use it.
Your machine -> TOR -> hacked home user or server -> your target.
This way you only transfer the files between the target and the hacked server, and from there on to a torrent, and heck, why not let that machine seed it too.
Chances are that they even used a chain of hacked machines to get to their target. It gets pretty complicated pretty quickly if you (as in FBI et al) have to raid several companies to get your hands on machines to do forensics on.
I doubt these files (or much of anything else) ever touched the criminal's physical machine. Unless, of course, they fucked up by, say, posting to pastebin or a tweet or something else that is seemingly insignificant (at the time) using their own IP.
Most tend to.
People do run their own private onions.
I'm a quite technical guy and I barely understand a thing. No wonders AT&T are having troubles with fixing their network troubles, it looks like a massive, massive beast of technology.
I found the frequency chart fascinating. It's available publicly here:
Also, the paper collected timestamps of each keystroke, something that'd need to done on suspects; however, if they are already suspecting you, they probably have other ways to identify you.
Finally, how in the world does a paper like this get away with having 'nowadays' in it? I know its a legit word, but, just seems awkward.
Maybe they were seeing how long it would take for the news to come out without their help.
They would only release the data to the public once they are done using it.
> NATO’s e-Bookshop is a separate service for the public for the release of NATO information and does not contain any classified data.
EDIT: or, I could've spent a single moment to read the contents of the aforementioned link.
* EA (Battlefield Heroes)
* Misc other forums
The first of these purports to be 200K+ users.
Or to put my high school poetics into plain English:
They will want to blend in with the Anonymous masses, until they deem it safe to once again to craft new identities for themselves.
Not too smart either why include the number of Lulzsec members?
2.) What makes you think that they're not lying?
2.) They almost certainly are. I could see them saying how many people they actually had almost as a bluff, but more than likely they're just throwing out misinformation.
But its only 6 that are active in illegal stuff
Basically, they're notable for a) the number of targets they've hit, b) how brazen they are about it (hitting the FBI, CIA, and other law enforcement agencies), and c) how vigorously they court publicity (270k followers on Twitter).