How did LulzSec get caught?

Discussion in 'privacy problems' started by DesuMaiden, Aug 14, 2014.

Thread Status:
Not open for further replies.
  1. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    I believe it was due to human error. It had NOTHING to do with Tor failing on them. If you forget to use Tor, then that's your fault. If you post personal info while using Tor, that's your fault. Not Tor's fault. I don't believe LulzSec was caught because the FBI was able to break Tor's encryption or anything like that. LulzSec was caught because of human error.

    Rule 1--->Always use Tor to hide your ip address while doing something blatantly illegal online. Never use your real ip address while doing something blatantly illegal online.

    Rule 2--->Never give any of your criminal co-defendants any personal info.

    Sabu got caught because he violated Rule 1. Jeremy Hammond got caught because of violating Rule 2. The fact that several members of LulzSec got caught was not because Tor wasn't/isn't secure. Tor is secure. Everyone should acknowledge that fact. The reason LulzSec was caught was because they broke the two golden rules of blackhat hacking.

    Sorry for bring up another thread on Lulzsec, but someone on 4chan brought them up today. So I felt like making another thread on this interesting group.

    It is impossible for anyone to track your ip address while using Tor, as long as you have Javascript disabled.
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    That's not true!

    It's true that the Freedom Hosting stuff depended on a Firefox/Javascript exploit, which dropped a simple Windows executable. However, there are other exploits, and other payloads. Key defenses overall would have been strong firewall rules, and better yet using Whonix to isolate apps from networking and Tor.

    More generally, Tor is vulnerable to Sybil adversaries that can use malicious relays to compromise Tor circuits. That does take some time, but it's certainly possible.
     
  3. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    Yeah that might be true, but nobody has demonstrated Sybil adversaries. They only demonstrated that Javascript exploits are possible with the Freedom Hosting exploit. Sure other exploits are POSSIBLE, but nobody has demonstrated them yet. And people have already know that Javascript exploits where possible as far back as 2007. It wasn't until August of 2013 that Javascript exploits have been demonstrated to be possible.
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack

    Also see Johnson et al. (2013) Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries
    http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf
     
  5. blainefry

    blainefry Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    165
  6. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
Loading...
Thread Status:
Not open for further replies.