Forgot your password?
typodupeerror
Security IT

Accused LulzSec Members Left Trail of Clues Online 221

Posted by Soulskill
from the didn't-need-sherlock-for-this-one dept.
Trailrunner7 writes "When the long arm of the law reached in to arrest members of Anonymous's senior leadership on Tuesday, speculation immediately turned to the identities of the six men behind the Guy Fawkes mask. With the benefit of hindsight, it turns out that many had been hiding in plain sight, with day jobs, burgeoning online lives and — for those who knew where to look — plenty of clues about their extracurricular activities on behalf of the world's most famous hacking crew. Two of the accused, Darren Martyn (aka 'pwnsauce,' 'raepsauce,' and 'networkkitten,') and Donncha O'Cearbhail, formerly known as Donncha Carroll (aka 'Palladium'), sported significant online footprints and made little effort to hide their affinity for hacking. In other areas, however, Martyn (who was reported to be 25, but claimed to be 19), seemed to be on his way to bigger and better things. He was a local chapter leader of the Open Web Application Security Project in Galway, Ireland. He spent some of his free time with a small collective of computer researchers with Insecurety Research, under the name 'infodox.'"
This discussion has been archived. No new comments can be posted.

Accused LulzSec Members Left Trail of Clues Online

Comments Filter:
  • Story time (Score:5, Interesting)

    by girlintraining (1395911) on Sunday March 11, 2012 @05:29PM (#39319999)
    A bit of time ago, I met a man who was very good at computer and physical security. He works now as a consultant for a local law enforcement agency; They bring him in for high tech crimes that are beyond their resources to crack. I know I'm being a bit short on details here, but bear with me. Anyway, he became a consultant because in his earlier life, he had gotten into some financial hardship and made a couple poor judgement calls, as seems to happen so often to otherwise highly intelligent people. Well, part of that contract was that he had to work for some unsavory folk helping them bypass security. That group of individuals then graduated from protection racket and simple ID theft to clearing out a dozen floors of a skyscraper under cover of darkness.

    The police didn't know what to do, and they didn't make it public because the enormity of the crime would have rocked the downtown financial district. Now my friend didn't want to be doing this forever, but he was rather stuck -- because now that the crimes were done, he was a liability, but at the same time, an asset to the organization he worked for. He knew it was only a matter of time before the liability side of the equation exceeded his usefulness and they ended him.

    So he did what anyone would do: He asked for help. Not straight out. Not directly, because he was under surveillance all the time by his "friends". So he started leaving clues. Misplaced equipment that would, say, print out his initials over and over again when found later at the crime scene. Subtle things. But enough that law enforcement got the idea that someone was trying to say "help me get out."

    Eventually, without his testimony being needed, they were able to piece together the bread crumb trail and nail the entire criminal organization in one sweep. He had to do time of course, but after only a year or so, they let him out on a very generous probation on one condition: Help them solve other crimes too complex for them to deal with.

    Now there was no movie ever made about this guy, no book deals, nothing. But he's not the first, he surely won't be the last, and I think it would behoove you people to consider that these people might have wanted to get caught. Sometimes people just get tired. Sometimes they have a change of heart. Sometimes they find out that it was all fun and games until they found out who was writing the paycheck. These "security researchers" are more than likely ex-members of similar organizations that are doing the same thing for the lulzsec people that someone else once did for them: Extradite them from a situation they've gotten too far into.

    So people, just remember: You may have their names. It's almost assured you do not have their story.
  • The Irish Connection (Score:5, Interesting)

    by CanEHdian (1098955) on Sunday March 11, 2012 @05:41PM (#39320081)
    Isn't it funny that these two guys in the story, Darren Martyn and Donncha O'Cearbhaill happen to be the ones that are currently not in US custody? Are we already setting the scene for the extradiction process?
  • by artor3 (1344997) on Sunday March 11, 2012 @06:23PM (#39320373)

    Are you insinuating that because there are worse crimes, we shouldn't enforce laws against the other crimes?

    Because that would be a really, really stupid argument.

  • by Lumpy (12016) on Sunday March 11, 2012 @09:47PM (#39321933) Homepage

    "Routers can do it as well. Don't do it from McDonalds because they use CCTV."

    Um yeah. You have never hacked anything have you.

    McDonalds is awesome. 1 small yagi and I can be hundreds of feet away and connect to the Mickey D's AP and hack away. If you think a "hacker" sits in the restaurant with his trenchcoat and flat black laptop with a silver skull spraypainted on it, you really need to learn about the subject.

    A uber hax0r will have a nice log of open AP's in an area. he also will have a log of WEP AP's and other routers/AP's as well. He then will do some testing to find good low latency connections.

    If he is really good, he will have purchased several sheevaplugs with harmless stickers like "HP Printer" or "ADT security" on them. Gain access to some locations and you plant the box, just plug it in to the wall and network. Small businesses will never notice and most dont have a managed network. Now you just installed a great proxy to go in and out of. Set that sheevaplug up right and it will not only not hold any logs, but erase it's self when the network is unplugged, add a small battery, and it will erase it's self when power is lost.

    The security on most company networks is a joke, a device like I mentioned could go years without detection.

  • by Anonymous Coward on Sunday March 11, 2012 @10:31PM (#39322227)

    Well then the lesson seams to be if you are gaming the systems then aim for billions then in most cases you are not going to get punished :)

  • Re:Story time (Score:4, Interesting)

    by girlintraining (1395911) on Monday March 12, 2012 @12:07AM (#39322845)

    When it's past the statute of limitations, speaking details is still stupid to reveal, but technique is not. If information can keep a curious kid from getting ass raped by the system, that is a good thing.

    A good observation unfortunately lost to this crowd. They all imagine themselves to be capable of being criminal masterminds, and think that it's only "stupid" people that get caught, and other self-deluding beliefs. And in either event, nobody seems to have noticed that I pointed out the person in question here did, in fact, get busted. Guilty. Convicted. There's no reason left to lie, and given that I have met this person in real life, at a real police station, with real suspects, and seen real evidence sitting on his very real desk, all the admonishments of the wannabe intellectual crowd here on slashdot means nothing to me. They're too into themselves to realize that most criminal activity doesn't happen for the reasons they think it does. I've talked to this person's coworkers; They just as often feel bad for the person they're dragging in for questioning as not -- not because they think he's innocent, but because they can understand why he did what they're charging him with. But a crime is a crime, you know... and everybody has a story. It doesn't change the fact they have a job to do, and the reasons for doing it really just do not matter.

    That's all I wanted to point out about the lulzsec members: There's probably a story here that's quite different than what's known or being published. Only very rarely does the media get the full story at the time of arrest. Hell, even after a conviction, there's usually a lot of unanswered questions. If they've managed to stay ahead of law enforcement for this long, there's a reason for that even if we don't know it. And there's a reason they're being brought in now too, and I'm pretty sure we don't know that reason either. But... I can offer my experience and knowledge here and suggest that, whatever lulzsec was publicly, privately there was probably organized criminal activity that was creating profit for someone... and these arrests are probably just the tip of a much larger iceberg. Doing it "for the lulz" has got to be one of the stupidest reasons for organized crime I've ever heard and I'm really disappointed anyone here believes that.

  • Re:So it goes (Score:5, Interesting)

    by lightknight (213164) on Monday March 12, 2012 @12:49AM (#39323053) Homepage

    Cultural programming. If you're going to do something illegal, be sure to announce it to the world: that means you need to be sure to tell a friend, a family member, talk about it on an IRC channel, or with a stranger at a bar. And if you're brought it for questioning, be sure to share a jail cell with a snitch, because it's always a good idea to confide in a criminal. Be sure to tell him that you totally did it, and have no remorse for your actions. Hell, if you are lucky enough, you'll get a roommate who will tell the people in charge that you've confessed, even if you haven't; don't worry, the judge will totally believe him (the standards for evidence these days is abysmal).

    And I second Taco Cowboy's post. I believe the rule, back in the day, was to launch an attack through several boxes (SSH -> SSH -> SSH -> SSH -> SSH), and being especially sure to kill the syslogger before doing anything. Finally, be sure to launch it all from a laptop that you haven't used for anything else, on a connection that isn't your own.

    And yes, the false leads are useful. The FBI loves it when they spend time tracing the breadcrumbs back to one of their own boxes (surprising the number of attacks, over the years, that have been launched from www.fbi.gov).

    Finally, never reuse a box you've used before. Laptop gets an extra squeaky clean format (and a copy of Slack or something), and all boxes between point A and Z are now permanently off-limits. Keep a good lawyer on retainer, and never h@x0r a box inside your own country. Never use a nickname that you've used or mentioned elsewhere (randomly generated is the way to go). For me, were I to engage in some hypothetical cracking, I would never use 'lightknight' as the login, password, or key to anything. Wouldn't reuse the password tied to this account either.

IF I HAD A MINE SHAFT, I don't think I would just abandon it. There's got to be a better way. -- Jack Handley, The New Mexican, 1988.

Working...