HideMyAss provides FBI with logs for LulzSec

That's funny! No surprise though. Nothing surprises me anymore.

 

Depends on what kind of hacker you'll become, but I do agree with the rest of your points though.

 

Bank robbers it would seem, have their equivalent of skiddies

 

Well, Pamela Fayed's killers reportedly drove away in a vehicle rented by her estranged husband's firm.

 

They hacked Sony, no VPN company will have the balls to refuse to cooperate. That's just reality. If they used XB, Sony would've still gotten the logs. If they truly wanted to be anonymous, they should've try to hijack a computer in Cuba, Iran, or Somalia, where their governments doesn't have diplomatic relationships with western governments, and their companies don't give a **** about western governments' requests.

 

But if they were offered some incentive ($$$) to do so, they'd start to give a **** really fast. And as somebody else said, even providers that aren't set up to log will log if threatened with jail time for not cooperating, or offered $ to assist the feds. When you go as far as LS did there's no way around this, no matter how many hops you're using, or where your servers are located. Then all it takes is finding that 1'st person. Preferably the softest, scrawniest one of the bunch... someone that wouldn't last a day in a federal prison, and threaten him with jailtime. Then they start singing and the domino effect begins.

These guys may very well be quite adept on a computer, and more than mere script kiddies. It doesn't really matter if they're elite, that noir style of interrogation is still quite effective, in any time period

 

That's exactly what's going down. LEA didn't suddenly become "smarter", they just now have a few new toys to show to "Bubba", and the singing has started. Someone is always willing to talk, you either just have to scare them badly enough, or sweeten the pot.

 

And how would the FBI use standover tactics if someone chained anonymous proxies through other countries with each proxy stripping out the IP of the previous? Competent hackers, unlike Cody Kretsinger, use international high anonymous proxy chains which are constantly randomised. Just because a UK judge issued a court order against a UK based VPN who conveniently keeps logs for 30 days does not mean that LEAs can find, let alone prosecute, anyone online.

 

The point I'm getting at is that computer-fu was irrelevant in this case. Either LS had a mole, or one of their members got nervous, sensing the inevitable bad ending, and started singing as a proactive measure to avoid prison. They had a rival hactivist group assisting the feds as well, and it's possible that some of them had personal information about LS members that they provided.

The agents working on this case could have obtained all this information without even knowing how to turn on a computer. They collaborated with their enemies, turned the pressure on, then sat back and let them eat each other. This old school, noir style of detective work will never become obsolete, unlike computer hardware & software.

 

Nope I didnt Misunderstand you, I even Quoted what you said in my post #35. ~ Off Topic Comments Removed ~

And yes we were talking about Logging.

 

Exactly bud!!

If they DID PROTECT SOMEONE COMMITING A CRIME,you can bet they would have thier service SHUT DOWN! (Which im sure they wouldnt risk)

 

If by "protect" you mean purposely withholding information from authorities, then yes. But in most of the civilized world, you can't just shut someone down for making a business decision not to keep access logs. That would be like having the government shutting down a retail store for not having security cameras installed, just because one thief got away.

 

I believe the more common scenario is services are "asked" to release information during the investigation phase, before it has been proven that anyone has committed a crime. The service provider has to decide what posture they wish to take based on the law and whatever pressure may be put on them that is not a matter of law. Understandably they may not want to take risks on behalf of customers, however they may wish to defend their boundaries in the face of dubious "search and seizure".

 

Please, just go back and read posts 1 through 6 in this thread. That's all you need to know. They may say they "don't log" but sometimes they say that in complete contradiction to their own small print. Always, always read the terms of service and privacy policies - closely.

 

I know, but I was just making a general statement about legitimate non-logging services--not in any way specific to HMA. Sorry for any confusion.

 

I think some of the policies sound like a contradiction because they're not set up to log user activity. However... if they're pressured by the authorities to do so, they can certainly do it if they want to. There's the contradiction. I'd think it would be a monumental undertaking to monitor the activity of all their customers. Time, effort & money. Who would want to go through that, other than the ones that are honeypots and designed specifically for that purpose? The "one man show" outfits, you can especially rest assured aren't doing it. So that's at least 1 positive for them.

So if people are planning to engage in large scale cyber crime, none of them are probably going to protect you, nor should they. But I think you'd have to give "the man" a lot of reason to exhaust the time, manpower and money to come looking for you. You'd have to be doing some hardcore stuff, like LulzSec. For people just using P2P/torrents, and other petty crap, then having one based in a country other than the one you reside in, with a server in a country other than you reside in, with a no logging policy... will suffice just fine. And I believe that applies to 99.9% of us that would find some value in anonymity/privacy. For the people that find this insufficient, I have to wonder exactly what you're planning on doing... But to point out this 0.1% and use it as a stance to argue against the effectiveness of VPN's is seriously skewing things.

For me personally it's mainly a matter of principal. Even if all I'm doing is looking at Youtube videos, or posting in here, I feel I should be able to do so without being spied on. Just like if I want to pull the blinds on my windows at night so others can't see in. I'm entitled to do that without giving my neighbors an explanation as to why. It scares me that so many people willingly hand over this freedom, and just say: "eh, I'm not doing anything anyway. They'd be pretty bored monitoring me." These people are oblivious to the big picture, by choice or otherwise. The moment we adopt that attitude and give them that inch, they'll take a mile. Before you know it all the freedoms that made us all so proud to be living in a democracy, we will have willingly forfeited. This big picture is why I personally use a VPN, and wish everyone did. And it's why I'm trying to increase awareness on this subject in here... not to give criminals a false sense of security/anonymity/privacy.

 

Monitoring in real-time is obviously impossible. Logging info on what sites are visited for how long from signed-in accounts is simple. There's software for that.

Lucid, I like your posts, but I must say I am mystified by where you came up with the 99.9% versus 0.1% statistics. There's a lot of people doing some serious &^%$ on VPNs and to think that's limited to 0.1% is not understanding the VPN biz.

They log. If they don't - they can at the flip of a switch. Most do, not to have logs ready to hand over to authorities, but to keep those who abuse the service off their VPN, so they don't get kicked off upline.

As for your stand that you use them on principle, I applaud you. It's why many of us do it. But most? No way. I'm still baffled by your stats - did you just pull those out of the air?

 

Well maybe 99%, not 99.9. I think that 99 out of 100 people that either use, or would have use for a VPN, are not hard core cyber criminals targeting huge marks like Sony. Some much smaller offenses, the types of which the feds probably wouldn't go kicking down any doors to raid servers about. Most just doing what I'm doing... some P2P/torrent usage, and maybe want to feel safer doing online banking/purchasing. And the largest chunk of that percentage by far... businesses trying to keep their networks safe and away from prying eyes. And the business men & women that need to connect to them securely from their homes. In fact, that probably covers 90+% from the door. It certainly accounts for "most".

So yeah, I think that LulzSec members (and the type) make up less than 1% of total VPN users all things considered.

 

How about your internal IP? Does a public wifi see that? How unique is an internal IP?

 

It would have been more difficult to get that info from Xerobank or Cryptohippie. But if they had used Tor through a VPN, I would imagine they would have been a lot harder to track.

 

As an American VPN, I bet they'd give anything up for the Feds just for the asking....no warrant required.

 

how would u know? u r just an customer.

Unless u r paid?

 

How do I know? The same way that you already know. It has been discussed here many times.

Because they are incorporated in Panama, they are multihop VPNs spread out across the globe, encrypted servers, no logging, and because LE has to jump through some hoops just to get a response. http://ip.xerobank.com/company/leo/

Cryptohippie has something similar but I can't find it right off. But of course you know all of this already.

 

Actually, none of us know any of that. We just know what providers say. Maybe even providers don't know that, because they rely on other providers.

 

For all practical purposes, your internal IP doesn't exist until you're assigned one by the public wifi access point... so yeah, it definitely "sees" it. However, internal IPs are generally assigned sequentially and re-used over and over again, so it's not all that unique in that sense.