Accused LulzSec Members Left Trail of Clues Online

Trailrunner7 writes "When the long arm of the law reached in to arrest members of Anonymous's senior leadership on Tuesday, speculation immediately turned to the identities of the six men behind the Guy Fawkes mask. With the benefit of hindsight, it turns out that many had been hiding in plain sight, with day jobs, burgeoning online lives and — for those who knew where to look — plenty of clues about their extracurricular activities on behalf of the world's most famous hacking crew. Two of the accused, Darren Martyn (aka 'pwnsauce,' 'raepsauce,' and 'networkkitten,') and Donncha O'Cearbhail, formerly known as Donncha Carroll (aka 'Palladium'), sported significant online footprints and made little effort to hide their affinity for hacking. In other areas, however, Martyn (who was reported to be 25, but claimed to be 19), seemed to be on his way to bigger and better things. He was a local chapter leader of the Open Web Application Security Project in Galway, Ireland. He spent some of his free time with a small collective of computer researchers with Insecurety Research, under the name 'infodox.'"

Dump summery

[Weezul]

LulzSec were their own hacker group operating under their own name to bolder their own egos. Please don't conflate them with Anonymous.

LulzSec shared some aims and humor with Anonymous, but they always wanted to be identified. And that egotism helped get them caught.

Re:The Irish Connection

[Anonymous Coward]

Luckily for Martyn and Ó Cearall, the Irish Supreme Court just made their extradition—if it were sought by the US or anyone else—a lot more difficult. Last week's Ian Bailey case confirmed that if an Irish citizen (as I assume these two are) commits an act within the State which is a criminal offence under Irish law, they will not be extradited upon request, but rather they will be tried in Ireland. If acquitted, or if the DPP decides there is not enough evidence to prosecute (or decides not to prosecute for any other reason), extradition will still be impossible. That case concerned the European Arrest Warrant, but I didn't detect anything in the judgments which wouldn't also apply to any other extradition system.

Re:Protest doesn't require breaking the law.

[MarkvW]

I'm kind of tired of all the juvenile whining. A bunch of stupid juvenile copycat vandals are not going to accomplish anything positive.

The potential of the Internet for change hasn't even been anywhere near fully explored yet.

Re:So it goes

[Anonymous Coward]

Rules to Hack and stay Free by:

1. Never hack where you sleep, live, work, go to school, play, etc. To extend this idea a little, never hack from a location where there is any way at all to correlate your real identity. This includes public wifi spots where there are cameras, for example. As another example, if you use a library (assuming they don't also have cameras) it would be a bad idea to check a book out... or even have a card there.
1b. This also includes recon and conversations related to hacking.
1c. Leave your cellphone at home, or remove the battery.

2. Most hackers can't afford to use a fresh, clean system for every hack or related activity. If you can, great. But if not, be sure you use a fully sanitized system, preferably one reserved just for hacking. A clean system running a non-installed OS and relying on virtual machines is the best option, encryption is a must-have and you absolutely have to be able to alter your NIC's MAC address. The hardware virtualization should be able to be altered so that nothing about the system will generate a consistent "fingerprint" across boots.

3. Do not use public proxies or ones supplied by a 3rd party. Use only systems which you have personally compromised as a proxy agent.
3b. All proxies should be regarded as already compromised, or even as honeypots. They should only be used to slow down the hunters, and assume that eventually they may yield some information even if they get scrubbed.

4. Leave false trails when it is practical.
4b. It is better to not leave a false trail, then it is to leave a false one and in the process create another real one.

5. Never re-use handles, login names, passwords, drop locations, proxies, etc. Consider all that data one-time use only.

6. Last, and most important is: Never become attached to anything which you cannot walk away from if you feel the Heat coming.

Most hackers violate all these rules on a regular basis. They get lazy and sloppy, so they hack from home and re-use systems. They brag about what they did, intermix details of their real life with various handles, and re-use names, passwords, locations, and methods. People who don't follow these rules are Amateurs, not Professionals. Professionals can walk away from their entire real life if it ends up becoming compromised... most people who hack cannot do this and as such will never truly be "Elite".

google it

[decora]

Sabu was an FBI agent, the FBI helped him find servers for the stratfor leak. all over the news in the past few days.