Forgot your password?
typodupeerror
Security

The Hunt For LulzSec's Missing Sixth Member 104

Posted by Unknown Lamer
from the imaginary-hackers dept.
DavidGilbert99 writes "LulzSec's star burnt brightly in the short period it was active, but things quickly turned sour when its core members began getting arrested. Last week three of the six core members were sentenced in the UK, but this only served to highlight the fact that one member of the group, known as Avunit, has been able to remain unidentified despite the FBI having turned the group's leader Sabu into an informant. Who is Avunit? And does he hold the purse strings of the group's Bitcoin wallet which could have up to $180,000 in it?" As usual, be warned of the horrendous autoplaying video ads surrounding good content at the primary link.
This discussion has been archived. No new comments can be posted.

The Hunt For LulzSec's Missing Sixth Member

Comments Filter:
  • I'm.... (Score:5, Funny)

    by maroberts (15852) on Tuesday May 21, 2013 @03:18AM (#43779251) Homepage Journal

    Spartacus^H^H Avunit

  • Why link to junk? (Score:5, Informative)

    by ozmanjusri (601766) <aussie_bob@@@hotmail...com> on Tuesday May 21, 2013 @03:20AM (#43779257) Journal

    If IBTimes wants to piss people off with autoplay videos, why link to them?

    Here's El Reg's version of the same story:

    http://www.theregister.co.uk/2013/05/17/lulzsec_analysis/ [theregister.co.uk]

    • by cffrost (885375)

      [...] autoplay videos [...]

      Your computer is broken.

    • by wvmarle (1070040)

      What "autoplay videos" are you talking about? Other than that there is no left margin to the text, the page as a whole was good to read.

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      Typical American. Oblivious to the social engineering surrounding him at ever living second of his life.

      He linked to them, *because that makes him money*! Remember: Slashdot nowadays is an *advertisement* website. There is no such thing as a real actual article. He wrote that, not to warn you, but to make you more accepting towards those ads. Seems like it worked.

    • by Anonymous Coward

      "Here's El Reg's version of the same story:"

      Sure, but I was hoping you were going to link to a site that wasn't junk given your post's subject line?

  • by Guinness Beaumont (2901413) on Tuesday May 21, 2013 @03:27AM (#43779269)

    Captain Pedantic here,

    A "bitcoin wallet" has $0 USD in it, by definition.

    Excelsior!

    • by wvmarle (1070040) on Tuesday May 21, 2013 @04:10AM (#43779415)

      Another thing about bitcoin: they are trackable. Hard to track, but as I understand it's possible, as every single transaction is logged by the network, and that it is possible to track down the whereabouts of every single bitcoin at every moment in the past since it was mined.

      They received some 3,000 bitcoins in donations back in the day, can't those bitcoins be traced to a certain wallet? And - related - can they (or the wallet itself) be anyhow confiscated?

      Now I'm the first to admit I still don't really understand the intricacies of bitcoin - my understanding is mostly from reading about it here and on other sites. So I may be totally off, if anyone knows better I'd love to hear.

      • You can't confiscate them but you can track them if you know the history of some of the bitcoins in their possession. Problem is that there's nothing stopping someone from passing those bitcoins through a thousand anonymous parties connecting over Tor then trading them with others for other bitcoins before cashing them out or exchanging them for something.

        • by wvmarle (1070040)

          In this case it's a donation - and I for one would want to make a donation directly to the cause, not via some shady individuals (now in this case the cause itself is shady as well of course). Just to have the feeling that my donation arrives where it's supposed to arrive, and that it's used for what it's supposed to be used.

          Now when this avunit guy is going to spend the coins, that's again a different matter. However the suggestion is that little to no of the donations have been spent, and that he's hoardi

        • It's simplier to launder coins. You move them to one of the many exchanges that keep coins in a common pool. Then you withdraw coins to a new address - chain is broken. Bounce around to a few exchanges in different countries. That's the easy way, there are even services specifically designed for laundering.
      • by ledow (319597) on Tuesday May 21, 2013 @04:56AM (#43779553) Homepage

        You've obviously not used Bitcoin a lot.

        You can have as many wallets as you like and a wallet can generate as many "addresses" as you want to receive money on. Outsiders have no idea that two distinct Bitcoin destinations aren't in fact the same wallet.

        Additionally, only the network as a whole really knows where the transactions are coming from, an individual Bitcoin user doesn't (otherwise it would be pointless!). It's peer-to-peer so somewhere, some peer knows what IP generated that transaction. But without having control of a vast proportion of the whole network, down to the IP level, there's no way to reliably trace anything back to a "real" IP, person, wallet.

        Transactions are logged. But with wallet addresses. And you can tell what wallet addresses should have how much money in each. But you can't tell which wallet addresses are the same address, nor where they come from, nor who owns them. A transaction will just appear in the blockchain and come from several thousand peers almost simultaneously who share the information across the network and even the first one on the list isn't necessarily the client who first saw the transaction.

        And those clients are private peer-to-peer clients. If my client was the first to see your transaction, you'd have to raid ME to get the IP information from my systems - and what are the chances of a random Bitcoin user having full network traces of all the actions on their network, going back to the transaction you're interested in, by the time you find them?

        Transactions are basically sent to random people in the swarm. They talk to more random people and eventually the network all sees the transaction. Finding out which Bitcoin address first saw the transaction is nigh-on impossible even with complete knowledge. Raiding them and finding information on their systems that links back that transaction to an originating IP is incredibly unlikely even if you could do that. And if they used Tor or a proxy to initiate the transaction? You're stuffed.

        Even collection of funds? They can publish any number of Bitcoin wallet addresses that secretly correspond to a single wallet and anyone who sends them money will NEVER KNOW where it's going. The transaction goes into the swarm and after a while, all clients agreed that wallet address X has amount Y in it. The total wallet, though, might have several million addresses associated with it and even the last client on the route to informing that wallet of a received transaction won't ever know that it's talking to the wallet holder.

        No matter what you think of it as a currency, Bitcoin is a fabulously-designed anonymous transaction protocol. About the only threat is one entity holding 50% of the hashing power, but that just gives them the power to control the block chain, not identify users.

        • by wvmarle (1070040)

          As a matter of fact I never directly used Bitcoin. I don't exactly trust it as a currency and for various reasons I don't think this is the future; however I find the concept very interesting from a technical pov. As you say it's a very well designed protocol, no doubt about that.

        • by Anonymous Coward on Tuesday May 21, 2013 @05:29AM (#43779657)

          Well we use to have banking privacy. Banks knew who had the account, but your transactions were secret unless there was evidence of a crime in which case the bank could be forced to hand over the details.

          Then as an anti-laundering measure, the data was given to SWIFT, and recorded by them, but that was OK because SWIFT was owned by the banks and would only turn over the data if evidence of a crime existed as they were under Belgian law.

          Then the USA grabbed all of SWIFT's data post 9/11 deciding they should see every transaction made in the world.

          Then the EU Commission *gave* them the right to receive all EU future data, after SWIFT moved their head quarters and servers from USA to Switzerland. So now the EU obtains the data from SWIFT and sends it to the USA.

          Then the USA extracted some data related to tax havens, like British Virgin Islands and handed that to the press and gave all the rest of that data to UK and Australia. At the same time using the press stories to market the 'tax evasion' angle, and override the fact that a lot of privacy laws were broken when they handed private banking data to their allies.

          http://www.bbc.co.uk/news/world-europe-22599324#sa-ns_mchannel=rss&ns_source=PublicRSS20-sa

          So watch Bitcoin, because they'll declare Bitcoin trackable, and require forced declaration of all transactions to the USA. If you imagine they won't, take a look at SWIFT, if I send money from Belgium to Germany, the record is taken and handed to the USA, and that's despite the privacy law in the EU, and the criminal privacy law in Belgium and the financial privacy law in Germany.

          At some point we all became criminals here in Europe, and the EU Commission decided it had the right to waive privacy, and we see 'leaks' of data on 'certain' politicians, but not others, as the USA gets to pick and choose who can be a politician by leaking their banking data to their allies.

        • by PopeRatzo (965947)

          You've obviously not used Bitcoin a lot.

          You could accurately say that everyone has obviously not used Bitcoin a lot.

          • by ledow (319597)

            Given that I'm on a geek website, I was expecting a flurry of corrections, actually. Maybe Slashdot isn't the geek hangout that I thought any more. Maybe we're all just naysayers following everyone else because "Bitcoin is stupid" or whatever.

            I've barely looked into Bitcoin myself and don't mine and wouldn't come close to some of the insane setups I've seen documented for mining even if I did.

            But:

            https://blockchain.info/charts/n-unique-addresses [blockchain.info]

            Something like 90,000 unique Bitcoin addresses seen every sin

      • by pantaril (1624521)

        They received some 3,000 bitcoins in donations back in the day, can't those bitcoins be traced to a certain wallet?

        You can trace bitcoins to certain wallet easily by inspecting the blockchain (public log of all bitcoin transactions). The problem is, you usually can't find to whom does the wallet belong. If the bitcoins were send trough some kind of mixing/anonymising service which doen't keep track of real-world identities of its users, you are usually out of luck.

        And - related - can they (or the wallet itself) be anyhow confiscated?

        The wallet can be confiscated (or bitcoins could be transfered out of it) if you know the private keys stored in the wallet. This is very hard unless you have

      • by TheCarp (96830)

        Hard? Nah they are easy to "track", the problem is, the tracking pretty much relies on someone being a bit careless.

        Thing is, every bitcoin address is a public key, so they are anonymous, anyone can generate a new address. So each new transaction, to a new account, is nearly impossible to "track". You just don't know if the coins changed hands or not, nor do you know which one.

        Lets say there are X bitcoins in account A. A new transaction is generated sending Y bitcoins to account B and Z bitcoins to account

  • Wow (Score:5, Insightful)

    by MichaelSmith (789609) on Tuesday May 21, 2013 @03:40AM (#43779307) Homepage Journal

    Given the general leakyness of the Lulzsec "organisation", this person has done well to remain unidentified.

    • by tqk (413719)

      Given the general leakyness of the Lulzsec "organisation", this person has done well to remain unidentified.

      This's pretty much how Anonymous in total have been characterized from the beginning; < 10 "smart cookies" surrounded by thousands of LOIC armed script kiddies, and everyone including the fibbies gets to have a fun time.

  • Clever guy (Score:5, Interesting)

    by wvmarle (1070040) on Tuesday May 21, 2013 @03:41AM (#43779311)

    Clever guy, he should add this to his resume, should get him far in security firms. He obviously knows very well how the Internet works. Just don't apply to a job at the FBI.

    Pity the article is so short on details. How did he do it? Using Tor all the time or so? At least he's using Twitter apparently - and Twitter logs IP addresses. So must be doing something about that.

    • by king neckbeard (1801738) on Tuesday May 21, 2013 @03:46AM (#43779337)
      Probably the tried and true method of 7 proxies
    • Re:Clever guy (Score:5, Insightful)

      by Bobakitoo (1814374) on Tuesday May 21, 2013 @04:01AM (#43779383)

      So must be doing something about that.

      Maybe he is fictive? Number three pigs '1', '2', and '4'. And laugh your ass off as the police search pig number 3 for months if not years.

      Multiple aliases are better to remain anonymous. When the author is found, there is no way to know if all his aliases are discovered. Undiscovered aliases could be confused as a other person. Even if someone confess there is a sixth person it could be misinformation or plain ignorance.

      • by wvmarle (1070040)

        Possible. But then, who is still using that Twitter account?

        • by MrMickS (568778)

          Someone in it for the Lulz

          • by wvmarle (1070040)

            Which would imply the account is hacked. I mean, I'm assuming that the individual who set up the account is the AvunitAnon they're looking for - the LulzSec member. It is at least treated as "official" communication channel with that person in the articles. Twitter accounts require a password, in contrast to a typical IRC chatbox where anyone can log in, using any name.

            Now with the skills he's shown elsewhere, I'd expect he'd secure his Twitter account as good as technically possible, and I think it being h

            • by Anonymous Coward

              Or he could have given out the details in a chatroom to some random.... misdirection...

            • by MrMickS (568778)

              Usernames and passwords can be shared...

        • What is a bot?

      • Nice, that would actually be kind of fun. Always make reference to some member ("Dave") of your group who is the real mastermind behind all of your acts of infamy, then take turns performing various actions in his name. When they come to arrest all of you, offer to turn King's Evidence, and help them catch "Dave," who, after they read through your logs, etc. they will really want. In the final scene, lead them to an apartment filled with weaponry, half-finished pamphlets calling for a revolution against the

      • by mjwalshe (1680392)
        Well the mole hunt for the fifth and mooted sixth man didn't do the UK and US security services much good arguably helped drive Jesus Angleton (the real one not the Laudry files one) round the bend.
      • There's a more likely reason he hasn't be identified. I'd bet Avunit was caught first and outed or helped out Sabu and the others in exchange for no jail time and not being publicly named. If you think about it Sabu doesn't appear to have gotten much of a break for helping the FBI, the best offers would go to the first turncoat... Avunit. But maybe I'm wrong, perhaps he really is that good.
    • by ledow (319597)

      There's any number of ways, it's just a matter of how careful you are.

      Control a botnet, use that, make sure the botnet can't be traced back to you.

      Use public wifi in random locations at random times. Pretty damn easy to do even if you're broadcasting a static MAC - those sorts of places rarely have proper logs.

      Use tor, proxies, intermediaries (shell servers bought with Bitcoin etc. would be hard to trace, etc.). There are any number of ways.

      But the important thing is to be careful and watch the trail that

    • If AVunit has any sense he should leave that alias behind for ever and probably change his ISP(s)/hardware/OS/location.
      • by wvmarle (1070040)

        If I were to engage in such hacking activity, I'd not use my home/office ISP. Always use some open WiFi, an Internet cafe, Starbucks, whatever.

        Maybe even an anonymous prepaid SIM (paid in cash, thethering through a phone bought second hand in cash). And after the SIM is empty/expires, buy a new one and trade in the phone for another one. And again do not use the phone at home, but always on the move, sitting in some random park, etc.

        That should take care of the direct-connecting-it-to-a-person part. But in

    • by Anonymous Coward

      He most likely probably already works in some area like that.

      I'm sure there was supposedly some dude in Lulzsec who was ex-military.
      I'm not sure if he was one of the ones caught or not. But that is all I know sadly.
      Mind you, I could be thinking of someone else, I never did pay much attention to their attention-whoring.

      To have been able to evade capture this long, he is either very smart, or doesn't exist. Or both.
      He could just be a ghost, a codename, something agreed upon that is lost to time used to tric

      • by tqk (413719)

        ... he is either very smart, or doesn't exist. Or both.

        What? Doesn't exist and is very smart. Remind me to avoid your code.

    • by Anonymous Coward

      Just don't apply to a job at the FBI.

      He's already on the team looking for himself.

  • by backslashdot (95548) on Tuesday May 21, 2013 @04:36AM (#43779491)

    Why can't browsers tell me which tab or window (let alone frame etc) is playing sound and also offer a way to disable it? It's cause their customers are doing it. Oh well, I woulda expected better from Firefox.

  • by Bearhouse (1034238) on Tuesday May 21, 2013 @04:41AM (#43779509)

    As usual, be warned of the horrendous autoplaying video ads surrounding good content at the primary link.

    Not a problem if you're running adblockers, noscript etc.

    I opt IN for ads on the sites I wish to support, and I which I believe to be safe.

  • by Anonymous Coward

    an FBI agent provocateur responsible for directing this false flag operation to discredit online "hacktivism" everywhere. Look at the changed opinions on slashdot of "anonymous" before and after Lulzsec.

    • To anyone with any level of maturity "hacktivists" come across as nothing more than immature glory hunters trying to get noticed as they attempt to stick it to The Man and who simply make life difficult for the 99.999% of normal internet users who just want go about their fscking business without some teenager going through the standard issue rebellious phase trying to DDOS some corp because in his tiny mind he's making some highly original and deeply profound protest.

      • by Iskender (1040286)

        I have no real opinion here but heh, you just supported GP's point. :)

        • by Viol8 (599362)

          Not really. I thought anonymous were a bunch of jackasses from the start. Its hard to take seriously a bunch of kids who wear the mask of a character from a comic - sorry , "graphic novel" - in an attempt to seem mysterious and ineffable. The irony was obvious lost on them.

  • by bmo (77928)

    >As usual, be warned of the horrendous autoplaying video ads surrounding good content at the primary link.

    As usual, I have added img.ibtimes.co.uk to the blocklist.

    What autoplaying video?

    If content providers would stop the in-your-face stuff, I wouldn't need things like Flashblock or Adblock Plus. But they won't, and I won't stop using them.

    well.bye.jpeg

    --
    BMO

  • But the feds will never believe me.

    House speaker Bohner is actually the 6th member. He is always hanging out in hacker bars and dressing like Neo from the Matrix.

  • And as long as this obviously dangerous cyberterrorist is still on loose, you'll all have to agree that certain civil rights...
  • he's at John McAffee's place learning survival and evasion (and comparing recipes for 'bath salts')

  • That is, the real-world version of HOLMES IV's Mycroft. And the NSA's playing right into his hands, so to speak, by building that fantastic new processing center with direct access to all communications and data.
    Watch out for falling rocks!

  • by Anonymous Coward

    Maybe Steve was the 6th?

I use technology in order to hate it more properly. -- Nam June Paik

Working...