Why the "never hack from home rule" is completely obsolete and pointless

Discussion in 'privacy problems' started by DesuMaiden, May 24, 2013.

Thread Status:
Not open for further replies.
  1. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    Some of you guys claim that hacking from home is extremely dangerous even with Tor. I disagree. There is a REASON hackers like Sabu and sup_g hacked from home. Your ip address is practically impossible to trace. Yes there are a few theoretical attacks that can reveal your real IP. However, these attacks are illegal for police to perform. For example, poisoned Tor nodes are illegal for police to set up. That's because an overwhelming percentage of people are using Tor for perfectly legal and ethical reasons, so it would be completely unfair and unethical to endanger them. The same goes for MiTM attacks.

    tl;dr there are only a handful of feasible theoretical attacks which are in practice IMPOSSIBLE to perform.

    So what's the point of hacking from a public wifi? Tor is more or less completely untraceable, so hacking from home is more or less perfectly safe. Especially if you have all forms of scripting disabled.

    The only way a hacker or other malcontent using Tor can get caught is through human error. Always very stupid mistakes. Revealing personal info is the BIGGEST weakness of Tor. Then again that's not Tor's fault eh? It's YOUR fault. A prime example of this is sup_g revealing his city of residence and exquisite details of his criminal history. Epic fail on his behalf but not Tor's.

    In order to NOT reveal personal info to others, you mustn't ever befriend other hackers. You have to assume every hacker is either an undercover or informant to the police. TRUST NO ONE.
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    That's especially so for those who talk about "hacking" on public boards ;)
     
  3. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    Assume everyone is a cop. Who knows? The hacker on the other side of the screen could be very good at acting.
     
  4. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    You assume that police will follow the rule of law... You do that at your own risk. :ninja:
     
  5. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    Yeah, here in the US of A, they rarely do. So you might wanna be careful.
     
  6. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Uhhh...Sabu and Hammond were caught at home, by techniques that targeted the technology that they used at home.

    No offense, and IMO only of course, but this post is nuts to me.


    But by all means, instead of sitting in a car or on a bench in a public place, within range of open WiFi....do it from your house, it's safer :D You WILL make a mistake...we all have. When my IRC chat falls off of Tor, I'd much rather have the IP come back to a coffee shop, than sabus.apartment.internet.comcast.net.

    PD
     
    Last edited: Jun 1, 2013
  7. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    They raided Sabu's house on more than just his ip address. They had a crap ton of evidence aside from just an ip address.
     
    Last edited: Jun 4, 2013
  8. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    According to Wikipedia, one private individual *guessed* on who he was, in March 2011.

    Other hackers guessed wrongly a few times.

    Federal LE can't guess, they need proof. His slip up when logging on to IRC from his home is what got him arrested.

    If you can direct me to other federal proof of his identity (aka "a crap ton of evidence"), I'll take a look at it.

    PD
     
  9. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Mistakes and failures like these can be prevented with a software firewall that controls outbound and loopback traffic.
     
  10. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    Sabu already had a paper-trail leading back to his real identity. Forgetting to mask his ip address was the final nail in the coffin. Police already had proof of credit card theft and other crimes.
     
  11. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Yes, I agree. I talked about it in the thread about how they get caught. In this case however, he would have been fine if not at home.

    PD
     
  12. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Then why was he not arrested then? Having proof that "Sabu" was responsible, is not the same as having proof that "Hector Monsegur at 123 Main St, NY, NY" is responsible. Why was he only arrested after exposing his apartment's internet connection? It makes no sense that they knew who he was IRL, but wouldn't arrest until they had his IRL IP. And...what if that never came? I will accept any link, to any info that police had probable cause to issue an arrest warrant prior to his exposure of his home IP. The indictment is usually the state's "dream sheet" of what they think they can prove...so any info about knowing who he was, prior to the IRC faux pa, would be in there.

    PD
     
  13. JohnMatrix

    JohnMatrix Registered Member

    Joined:
    Apr 12, 2012
    Posts:
    48
    Location:
    Behind you
    If something goes wrongs, let's say your VPN connection drops and your firewall rules that block outgoing traffic without a VPN fail (for example because the rule syntax has changed after an update and you failed to check the firewall after each update) then you're happy you are not sitting at home.

    And you mention TOR, but TOR does not work when you login using SSH or do something other than "web hacking".
     
  14. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    Sabu made himself a very high profile target and used the same username across too many sites.Then again, chances are exposing your real ip address even ONCE will get you busted regardless of how wanted you are.
     
  15. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,049
    Location:
    USA
    Ok, we assume you're a cop. Now what? :ninja: :D
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Nothing special, given that we're all cops ;)

    The point, I think, is always being discrete and prudent.
     
  17. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    A web-server based chat-room is safer than IRC. IRC isn't fail-safe, since it is possible to forget to route it through Tor. Whereas, a Web Server based chatroom is fail-safe, because you can Bookmark the chatroom on Tor Browser. Access the chat-room from Tor Browser's Bookmarks, and therefore it would be impossible to access the chatroom without Tor
     
  18. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Why do you keep bringing this up? Web Chat .vs IRC, who cares? Home=Jail more than 'Sitting In A Parking Lot'=Jail.

    PD
     
  19. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    However most hackers are too lazy to hack from outside of the warm, confines of their home.
     
  20. Fontaine

    Fontaine Registered Member

    Joined:
    Jan 29, 2008
    Posts:
    245
    Sabu, like many hackers, had certain habits and characteristics that he did not to change. His identity was revealed by a private entity, not law enforcement.
     
  21. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    How was his identity revealed? Who revealed it?
     
  22. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    There were some guesses by other hackers/security researchers. Only one got it right, IIRC (yup, see below). But having a private citizen say "this is him" isn't enough for an arrest warrant. Him, being at home, when a machine revealed it's ISP supplied IP address, *was* enough proof.

    He was arrested in June. I'm sure this may have caused him to be more heavily surveilled, but to the law, you need proof. For the purpose of this thread, that specific piece of proof wouldn't have come, if he was at a coffee shop.

    PD
     
Loading...
Thread Status:
Not open for further replies.