How did LulzSec get caught?

I believe it was due to human error. It had NOTHING to do with Tor failing on them. If you forget to use Tor, then that's your fault. If you post personal info while using Tor, that's your fault. Not Tor's fault. I don't believe LulzSec was caught because the FBI was able to break Tor's encryption or anything like that. LulzSec was caught because of human error.

Rule 1--->Always use Tor to hide your ip address while doing something blatantly illegal online. Never use your real ip address while doing something blatantly illegal online.

Rule 2--->Never give any of your criminal co-defendants any personal info.

Sabu got caught because he violated Rule 1. Jeremy Hammond got caught because of violating Rule 2. The fact that several members of LulzSec got caught was not because Tor wasn't/isn't secure. Tor is secure. Everyone should acknowledge that fact. The reason LulzSec was caught was because they broke the two golden rules of blackhat hacking.

Sorry for bring up another thread on Lulzsec, but someone on 4chan brought them up today. So I felt like making another thread on this interesting group.

It is impossible for anyone to track your ip address while using Tor, as long as you have Javascript disabled.

 

That's not true!

It's true that the Freedom Hosting stuff depended on a Firefox/Javascript exploit, which dropped a simple Windows executable. However, there are other exploits, and other payloads. Key defenses overall would have been strong firewall rules, and better yet using Whonix to isolate apps from networking and Tor.

More generally, Tor is vulnerable to Sybil adversaries that can use malicious relays to compromise Tor circuits. That does take some time, but it's certainly possible.

 

Yeah that might be true, but nobody has demonstrated Sybil adversaries. They only demonstrated that Javascript exploits are possible with the Freedom Hosting exploit. Sure other exploits are POSSIBLE, but nobody has demonstrated them yet. And people have already know that Javascript exploits where possible as far back as 2007. It wasn't until August of 2013 that Javascript exploits have been demonstrated to be possible.

 

https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack

Also see Johnson et al. (2013) Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries
http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf

 

Searching the forum, it looks like you actually already asked this question a year ago...

https://www.wilderssecurity.com/thre...ulzsec-hackers-make-to-get-identified.346174/

 

This sitting thread may help.
https://www.wilderssecurity.com/thre...-helped-feds-thwart-300-cyber-attacks.364293/