What anonymity techniques did LulzSec hackers use to stay anonymous online?

I know Sabu and several other LulzSec hackers used Tor.

Some other hackers used VPNs (like Hide Your Ass ) which weren't actually that anonymous since they held ip logs lol.

Did they use any anonymouzing techniques more advanced than just Tor, VPNs, or Tor + VPN chaining (inside nested virtual machines) such as hacking into other people's computers and using them as proxies (or hiding behind botnets)? Or were LulzSec hackers just using basic anonymity techniques such as Tor, VPNs, Tor + VPN chaining, and etc?

Was their level of anonymity relatively easy to achieve?

 

they found putty alternative(i cant remember the name of it right now) on kayla's system,and if i know right then you can use putty to create a ssh tunnel to a compromised system in some other part of the world(and those guys had a bunch of compromised system which they used to host IRC chat servers etc) and then surf using that,visited websites would see the ip address of the compromised system but again you are going to leave your real ip in the compromised system logs.

 

Most haven't been caught, so we don't know For those that have been, they seemed to make some big mistakes, that a lot of us here shook our heads at.

PD

 

Revealing too much personal information (Jacob Hammond)
Forgetting to log into IRC with Tor (Sabu)
and what else?

 

Using HideMyAss

 

The key to staying safe for those people is simple.

Do what you have to do, or want to do, then go away. Shut down your security, and live your online life like you never were a part of anything. Then, when you want to do something else, boot up again. Being like a machine and having no emotional contact with what you are doing is the only way, as a machine is much less likely to make a mistake.

 

"One cannot be betrayed if one has no people"

Keep to yourself, don't talk to anyone on IRC, TorPM, Jabber. And if you do tell anyone make sure they know you will break their fingerts and legs if they snitch. They have to know your for real and don't muck around.

Alot of it is how you carry yourself. Same goes for IRL. And never travel out of your country with your laptop/PC. Never.

I have to agree with this statement. Become a machine and you will go far.

 

Well, it goes beyond that IMO. Those make it sound like one simple mistake got them. Why no Anon VPN? Why not VPN on the router? Why was any connection without the VPN possible? Why no software firewalls rules in place? Spoofed MAC's? CAT6 Cable? Etc... Like I said, stuff that makes most of go "amateurs".

PD

 

Hard to know that the people that didn't get caught were using. But a combination of a VPN, TOR, Firefox + Ghostery + Adblock Plus + No flash + No Java should be enough to stay hidden. Although you could improve further it's hard to believe anyone would be compromised if using the above combination without making other mistakes (such as revealing your real name)

 

Cookies, Iframes.

I found you

 

How would you know who I am by using an iframe or a cookie? I'm talking about a clean browser install, without any third party cookies, used solely for staying anonymous. Always connected through a VPN and/or TOR. A cookie or an iframe does not help you to identify who I am.

 

You can send small data packets through iframes. Your VPN won't stay connected all the time. Simple IP recording program that sends IP back to a host. It can be very small and use command for all its actions.

 

That wouldn't work if the target machine never saw the Internet except through its VPN and/or Tor setup. One way to accomplish that is using virtual networks of pfSense VPN-client VMs and Tor-gateway VMs. Using a pfSense VPN-client VM plus the Whonix VMs gives you Tor via VPN. Configuring a VPN connection in the Whonix browser gives you VPN2 via Tor via VPN1. Running an additional VPN-client VM gives you VPN3 via Tor via VPN2 via VPN1.

 

Guy above gave me parameters. I was creating a way he could be found using them. He did not specify a virtual machine, and 99% of people using a VPN can't run it 100% of the time, due to using a computer for PayPal, online banking. Tor is not full-proof either. Using similar small packet drops you can find anyone using Tor that is not using a VPN on the other end, even more sophisticated it would not even matter. Only way to protect against is to run virtual all your activities.

 

"Never from home" defeats all this stuff. "Never from the same place twice" is even stronger. It's 2013...connectivity is everywhere. Nobody said it'd be easy, but jail isn't easy either

PD

 

Who would be going to jail? I am not doing anything illegal with my internet connection. I am just a bored guy that is a little obsessive compulsive with a drive to learn everything about security and privacy.

I guess my goal is privacy in an ever more open world. I don't really care about big brother, because big brother does not care about me. I care more about little sister spying, then big brother caring about me.

 

Not using your home connection makes little difference. Let's say I do something highly illegal from various hotspots around my city. The FBI finds my real ip address or my real identity (if I accidentally reveal too much damning personal info). You are HOSED. Using various hotspots around a city only delays the inevitable--your capture. They have public cameras everywhere so you cannot hack anywhere anonymously.

Yes, I couldn't agree with you anymore. Last thing anyone wants is Big Brother interested in them.

I say a good set up for staying untraceable would be Tor + VPN (both inside a VM). All of the connections on the VM are forced through the VPN so if the VPN disconnects your real IP address is never exposed (since you are not connected to your real ip in the VM). Only your host OS is connected to your real ip.

I don't see how your real ip could be traced through this set up.

Also never reveal personal info. Only make up personal information i.e. I am a 30-40 year old unemployed computer engineer. Does anyone believe that? IIRC Kayla pretended to be a 16 year old girl lol even though he was a 20 something year old male.

 

That was more of a perversion then a way to be anonymous, I assume he was getting off on vicariously pretending to be a girl as some guys in that field like all the extra attention being a girl would get you.

 

Well, "16 year old girl" and "20 year old guy" aren't that different

 

Who do you think would get more attention playing xbox. The attention was his reason.

 

That won't work because my internet connection gets blocked as soon as the VPN disconnects. So iframes or cookies won't help you to identify me. I've never seen anyone provide any valid counter for this setup:

- Clean browser install
- Browser only started once VPN is running
- When VPN disconnects all internet traffic is blocked
- Browser extensions: adblock plus, ghostery. No flash or java installed
- Use Google public DNS servers (thanks to dogbite)

I'm interested if anyone can think of a valid case where this setup would reveal my real IP address to the outside world.

edit: added tip from dogbite

 

What about a DNS leak that you are not aware of?

 

There are many, I won't even bother to elaborate, your last post is hinched on the fact your set-up never fails, as we know no system is 100% all the time.

 

You fail to give any concrete evidence for a weakness in the proposed setup. With this setup my real IP address stays hidden all the time combined with the fact that my browser fingerprint is unique and tracking cookies are blocked.

This system would be 100% secure for hiding my real IP address (except to the vpn provider) and location unless you can provide me with an example of when this setup fails.

 

The topic is about LULZSEC...they would probably go to jail. I am not talking about anyone here. If it's good enough to keep them out, it is definitely good enough for the law abiding Joe from being found in a dragnet vacuum type of data dump.

P