Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member



I know of one case, where the server was in australia and owner in usa. the
owner was hacked and his mailserver owned, they did arrest the kid because
the guy paid for PI's to goto au, and, they got hold of the school wich was
constantly connected to it, wich was a large one.. so, they used CCTV
footage of the hacker logging onto the same pc over and over, and basically
leaving it open rdp desktop.. they were ONLY able to because it was funded
by, the owner, and the people who ran the server wich was responsible,
mailenable.com , watched it and, the man did not blame theyre software but,
he had the scholkid at the least arrested fand, probably removed from school
as it was rather small and awhile ago..but it happened yes.
it is rare.
cheers.
xd


On 30 September 2011 00:02, Darren Martyn <d.martyn.fulldisclosure@xxxxxxxxx
wrote:

They will get the info either way, the jurisdiction stuff only comes in if
the country the attacker is in decides to play ball. And sometimes they
simply do not. The old example is of an attacker bouncing his/her attacks
via compromised machines in several countries to make tracing harder - a
trick money launderers use (except they bounce money, not attacks, and via
banks, not owned boxes, etc).

On Thu, Sep 29, 2011 at 2:56 PM, Benji <me@xxxxxxxxx> wrote:

If you use a British/American server for example, it is irrelevant of
where the 'rentee' of that server is. Crime committed on UK/US soil.

If you dispute this line of thought, look at Rustock and Microsoft's
proceedings.

On Thu, Sep 29, 2011 at 2:54 PM, Louis McCoy <louie@xxxxxxxxxxxxxxxxxxxxx
wrote:

User location determines Judicial Jurisdiction - how is that irrelevant?



On 9/29/2011 9:27 AM, Benji wrote:

No, you are wrong.

Either; the vpn provider complied with court order, or they face the
legal ramifications of not doing so. User location is irrelevant.

On Thu, Sep 29, 2011 at 2:04 PM, xD 0x41 <secn3t@xxxxxxxxx> wrote:

indeed :)
but, it is how a proper anon person would operate, well, tht is how i
once did...
anyhow, it is to broad, and, yes, i qwould never believe in bulletproof,
unless i have used it maybe, for 10yrs, thru 10 botnets ;P wich, is very
rare but funnily, possible.
webhosters, are even more corrupt and better at hiding data.. face it,
if the vpn provider had not shat themself, then it would be a non story.




On 29 September 2011 23:00, Benji <me@xxxxxxxxx> wrote:

'Abuse' emails and court orders are very different.

On Thu, Sep 29, 2011 at 1:59 PM, xD 0x41 <secn3t@xxxxxxxxx> wrote:

err, you are limited in those countries dude... id really checkup on
that ... maybe some but, yea i agree, i dont think any hosting is anon, but,
i sure know i have kept an anon dedis in past, and was VERY easy to avoid
handing anything over. Unless they had personally seized from my company, i
was allowed to basically get away with, and if i want to, again, could do
the same 'anonymously' and, indeed keep those details, away.
it is not frigin hard dude, where did Yyou get the idea, that is not
hard to move a user around boxes :P
and rename them, etc etc etc, always change ipv6 tunnels... there is
somany ways, you obv have not ran a dedicated server in a company
environment coz boi, they hide nets on legit hostin now, legit apparently*
companies...and they do it using those simple means, and, even show logs of
them 'removing and deleting' files of the apprent 'bad user' , this is, a
whole different level than even needing to deal with cops.. so, you are
scared too much by laws wich can be smokescreened.
Run a dedis, or simply ask a admin, howmany abuse they get, and
howmany users they actually rm ;)
you would want this service, on your vps ?
i surely wouldnt,. i know, with me, if i offer anon, you stay damn
anon, if you bring cops to MY HOUSE, then i may have to try and, simply keep
my darn data secure ey ?
how about that ?
simple methods, defeat simple plans benji.
xd



On 29 September 2011 22:53, Benji <me@xxxxxxxxx> wrote:

Yes they do. If you buy a server in America for example, even if you
are located in Russia, they are required by federal law to hand over your
details wherever you may reside. I dont know where you've obtained this idea
that they can't.

Just because something is advertised as 'anonymous' doesnt mean
it's 'so anonymous you can break the law' and anyone using a EU/US-related
country to do this is either stupid or naive.

On Thu, Sep 29, 2011 at 1:50 PM, xD 0x41 <secn3t@xxxxxxxxx> wrote:

They advertised as anonymous VPN to 'everyone'.
Then, that would mean, especially NOT locally, thats something wich
is also, subject to federal laws though so, in its own country, the provider
may have to, nomatter whats advertised, BUT outside of country customers,
should not be handed over.
isp's here dont do it, and havent, for like 20 yrs, they also do not
take down people,issue nor execute other peoples 'takedown orders', there is
many reasons for this but basically, they loose money from it.
Anyhow, in UK, you maybe right, but outside of there, then, they
should have maybe not advertised as anononymous vpn services for everyone
and anyone. thats obvious crap we know now.
anyhow, cheers,
xd



On 29 September 2011 22:45, Benji <me@xxxxxxxxx> wrote:

Im sorry, why is it 'worrying' that a vpn provider that was a UK
business and was located in the UK, is subject to UK law?



On Thu, Sep 29, 2011 at 9:51 AM, Darren Martyn <
d.martyn.fulldisclosure@xxxxxxxxx> wrote:

Again, I hope this does not fail to send.
The reasoning behind the "Pure Elite" recruitment channel was A:
to recruit some talented people (and, by all accounts, there were some
talented programmers there) and B: development and idle talk. Now more
interesting was the reasoning behind the name - by putting the developers
and coders and potential recruits in a channel named "Pure Elite", it was
essentially an ego boost for the new guys, made them feel valued, etc, when
in fact most were but pawns to be used (IMHO).

This co-operation between VPN providers and LEO, while being
nothing new - remember how hushmail caved in - is indeed worrying for those
of us who are privacy advocates as well as security researchers.

On a more direct note, Laurelei, do not presume that you know all
there is to know about them. Doing so would be foolish. (Now don't go
assuming that I hate you, I bear you bugger all ill-will, etc).
Good day.


On Wed, Sep 28, 2011 at 5:44 AM, Laurelai Storm <
laurelai@xxxxxxxxxxxx> wrote:

Its all good dude. What really concerns me is that vpn providers
might give over logs to oppressive regemes. TOR is starting to look better
and better.
On Sep 27, 2011 11:40 PM, "GloW - XD" <doomxd@xxxxxxxxx> wrote:
never did... was only for one buttcheek kid that i was alittle
pissed and
thinking things wich, prolly were wrong at the time...
I am adult enough to apologise for what happened back then, and
hopefully it
is just, cool.
:)
cheers, your loved by many, you just have many trollers to :sp
take care ,
xd


On 28 September 2011 14:32, Laurelai Storm <
laurelai@xxxxxxxxxxxx> wrote:

Im suprised, someone on the internet who *doesn't * hate me :p
On Sep 27, 2011 11:29 PM, "GloW - XD" <doomxd@xxxxxxxxx>
wrote:
Hello Laurelai ,
Oh i agree it is still a terrible precedent to be set.. I
dont even know
where, legally, i stand anymore...
It is rather disturbing, nomatter WHO it was laurela.
I am all for the hatred against the VPN provs, and this is
not just
happening here, and i made a BIG statement about this, and
privacy, in my
channel on efnet, first as i saw it.

Then saw a torrentfreak feed,of someone who was an owner of
a huge
torrent
site, was handed to authorities, not by the hoster, no...
but by the
frigging payment handler, ie paypal or alertpay most likely.

This is not good, it makes a grey could now over what is
'anon' and what
isnt. and thats a bad thing for us all.
To much fraud is causing this, thats plain and
simple.Abusing places like
Sony, and, major banks, only make the authorities turn to
politics, whom
in
turn can bully with federal and state laws of ANY country, i
think this
is
the dangerous part wich is affecting lulzsec members or
whoever was apart
of
it, and, i mean efnet is no recruiting grounds for decent
hkrs.
Simple as that, you know it, maybe thru word of mouth ok,
but not alone
by
being in channels but that network, is one federal hideout
now..and, that
is
every channel, if it is not being spied (yea they have a
module
m_spychannel.c or similar, wich, they actually had without
realising,
asked
a friend, to code for them.
This was rejected by me/her,but i believe they have the
module running
now.
So, what was to stop them adding theyre own hidden spy mode
to it :s look
at
what they did to my old channel #haqnet, they introduced
drinemon and a
bunch of other things, when it could have been simply worked
out with
words.. but anyhow, i will not brood on the past, i hope
this is mutual
Laurelai, I have nothing bad to say about you, and in turn,
expect the
same.
Respect for respect dear.
I do agree with you about the situation and, as you can see,
am not
holding
9undisclosed) crappy things wich happened along time ago,
over one
idiotic
kid, on efnet, whom now i know you do not associate with.
So, i want
that,
to be laid rest now.. please.
And, we can only hope that the greater common sense will
prevail and
hopefully, places will be forced to proove anonymity in some
way, wether
that be by showing people email interaction with requester's
of peoples
info, or anything simple even, wich would be then a standard
for VPN, I
do
not use them but, if i bought anonymous vpn, id expect
exactly
that,without
political interaction and grey areas about who and what is
now legal and
not
legal on the internet, on chatrooms, and on even websites.
ok, thats plenty, cheers!
xd


On 28 September 2011 13:41, Laurelai <laurelai@xxxxxxxxxxxx>
wrote:

On 9/27/2011 10:10 PM, sandeep k wrote:

Lolz members was really insane ,i m not why to use that
crapy hma.
On Sep 27, 2011 8:36 PM, "Ferenc Kovacs" <tyra3l@xxxxxxxxx>
wrote:
yeah, and usually the same goes for calling others "kids"
;)

On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD <
doomxd@xxxxxxxxx> wrote:
#pure-elite , rofl... yes indeed :P
hehe... nice story tho...funny about the elite channel
thing... why
do
ppl
tag themselves as elite? usually when they are not...
ohwell, thats efnut :s (irc sucks)
xd


On 27 September 2011 19:03, Darren Martyn
<d.martyn.fulldisclosure@xxxxxxxxx> wrote:

Hope this sends correctly, new email client and all....
But seeing as
it
is
an international investigation many people have been
bending over
backwards
to assist LEO on this. HMA and perfect privacy were the
VPN's of
choice
for
them it would appear, oh, and he was part of the
#pure-elite channel
on
that
IRC server, and hence, considered by LEO and others as
"Part of
LulzSec".

TL;DR, this is nothing new.

On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm <
laurelai@xxxxxxxxxxxx

wrote:

And the guy wasnt even a part of lulzsec

On Sep 26, 2011 10:37 PM, "Jeffrey Walton" <
noloader@xxxxxxxxx>
wrote:
On Mon, Sep 26, 2011 at 8:47 PM, Ivan . <
ivanhec@xxxxxxxxx>
wrote:




http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html
Though HMA claims they complied with a court order,
it looks as
if
they facilitated a law enforcement request. The US
and the FBI
have
no
jurisdiction in the UK.

Jeff

_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--
Ferenc Kovács
@Tyr43l - http://tyrael.hu

_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

From my understanding they used the channel as a possible
recruitment
ground, though only 6 people were officially a part of
lulzsec , i find
it
disturbing that law enforcement considers being in an irc
channel
tantamount
to being a part of lulzsec.

_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/









_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages