Posted by david b.
on April 13, 2013
In this part of the presentation, The Grugq continues exemplifying the common violations that freedom fighters should under no circumstances make.
Be proactively paranoid
In this case palladium was insufficiently paranoid (see image)
. After he got busted, they took him to an interview and they showed him logs that they had collected from Sabu of the IRC channels where he was doing all of this stuff, and they said to him: “We know everything about you, we’ve got the logs, as you can see”. Then they released him on bail, he gets back on these compromised IRC channels and he says: “Hey everyone, I know for a fact that the feds are monitoring these channels”, and Sabu says: “No way, I don’t believe you, why would you think that? I’m certainly not a covert witness”, to which palladium says: “I was shown them during my interrogation.”
So, he’s now not only confirmed for a fact that he is polonium by verifying that he was busted and has been interrogated in this way, he’s now being in the same channels that are being logged as stating that he was just arrested and interrogated. It’s shockingly dumb.
Stay paranoid all the way
Then Sabu starts sort of quizzing him again to make sure he knows who this guy is. Sabu is acting proactively paranoid, like: “I don’t know who you are. Who are you? You’re saying shit’s being logged, I know shit’s being logged. You’ve just shown up out of nowhere.” He says: “Yes, I don’t want to tell you who I am, because I don’t want to be associated with a compromised handle”, and then he points out that he was raided, and again verifies that he is who he says he is (see image above)
The chat that I showed earlier where Sabu says to him: “Who is this?” – he responded with the username of the individual that was arrested. Again, you have to be proactively paranoid. Here is a huge warning sign: when he got raided and when they interrogated him, they asked him about a large number of other people involved in the chat, but not about Sabu, because obviously they don’t need to ask about Sabu – they’ve already got him and he’s acting as a covert witness. So, that should be a red warning sign: if out of your entire gang one guy gets arrested, and he’s asked about informational details of everyone else except for one person, there’s a very high likelihood that this one person has already been arrested and compromised. So you need to be proactively paranoid and make sure that no one involved with you is going to be able to compromise and reveal information about you.
Violation: Be paranoid
Virus and Sabu chatting
Here’s a guy that actually did good. This is Virus (see image)
. Virus was in a chat with Sabu, and basically Virus says: “Do not start accusing me of being an informant, especially after you fucking disappeared and came back offering to pay me for shit. That’s fed tactics. And then your friend, fucking Topiary, that no one knows where the fuck he is – he’s never been docked, no one knows who he is, he gets fucking busted,” and Sabu is like: “What? I never did that. Who offered to pay you for information?” And Virus points out: “Yes, you offered me money for docs. Only informants ever offer up cash for shit.”
So, again, here’s a warning sign: if someone disappears for a while, then they come back and start offering to buy information about things, cash is one of the things that feds are able to throw at a problem. They might not have the intellectual resources, but they have the financial resources, so once they compromise someone, they can then start using money to get other information. If someone starts offering up money for shit, he’s probably not a hacker, because hackers generally have no fucking money, otherwise they would be penetration testers, and penetration testers don’t do stupid shit. There is actually a happy ending: Virus, who is smart and proactively paranoid, has not been busted.
Happy Ending: Virus is still free
Avoid contamination as hard as you can
This slide (see right-hand image)
is basically just for examination later on; it discusses various ways that you can contaminate an identity, so it lists different activities that the feds can do to correlate between online handles and use that to figure out that all of these handles are associated with one individual. Then they try and figure out who that one individual is. So, never contaminate.
Violation: Never contaminate
Linking Hammond to the sup_g alias
Here is just the information on how, once they believed that Hammond was the guy to go after (see right-hand image)
. They started conducting surveillance on his premises, on his domicile, where he lived. They used that surveillance to link his online activity of the sup_g handle to his presence in his home. When he was at home, they would call up Sabu and be like: “Is sup_g online?” And then when he would leave, they would call up and say: “Is sup_g online? Cause he just left now.” And they used that correlation between online activity and physical activity to further link Hammond to the sup_g persona.
The infamous pic from w0rmer
Everyone recognize these? (See left-hand image)
This was a JPEG that was put up on defaced sites by the fucking genius w0rmer, who is now in jail. He got busted, because when he uploaded this picture, which was sent to him by his girlfriend in Australia, he never removed the Exif metadata, which included the GPS tags for where it was taken, which was from her home, which was then linked to her Facebook account where her Facebook boyfriend was w0rmer. This is incredibly bad OPSEC.
w0rmer’s unwise reasonings on Pastebin
Then, after he’d gotten busted, he went and posted a huge dump of his reasonings online on Pastebin and sent that out (see right-hand image)
, so he has made the job of his public defender incredibly difficult: “This is my name, this is my online handle. I was taken to the office, I turned over all the evidence I had, I’m not going to jail. I hate myself, I’m a dumbass.” He fell for one of the oldest tricks in the book; the FBI agent basically said: “You have no skills, you’re no good”, so it’s kind of like nagging – basically, the guy doing the interrogation will belittle the abilities of the person they’re interrogating, and the large ego of the person they’re interrogating will cause them to then correct the mistakes and demonstrate that they actually have the skills that are being demeaned, and in that process they confess to everything.
Do not underestimate FBI’s expertise
Here he points out in particular that neither the DPS administration nor the FBI understand the complexity of SQL injections (see image)
. I would guess that the FBI might understand the complexity of SQL injections, particularly if they’re interrogating someone who does not understand the complexity of Exif data.
Those are some examples of dumbass fucking things that you can do and how they will end you in jail. It turns out that it’s pretty low-hanging fruit that you need to go after. It’s very difficult to be sufficiently paranoid, but being more paranoid than these dudes isn’t that hard.
Read previous: Hacker’s Guide to Stay out of Jail 3: LulzSec Failures
Read next: Hacker’s Guide to Stay out of Jail 5: Anonymity and Defense
Like This Article? Let Others Know!
Comment via Facebook: