Silk Road forums

Discussion => Silk Road discussion => Topic started by: pine on April 11, 2013, 06:19 pm

Title: DEFCON is Dead.
Post by: pine on April 11, 2013, 06:19 pm
This is depressing, but important.


The underground world of computer hackers has been so thoroughly infiltrated in the US by the FBI and secret service that it is now riddled with paranoia and mistrust, with an estimated one in four hackers secretly informing on their peers, a Guardian investigation has established.

Cyber policing units have had such success in forcing online criminals to co-operate with their investigations through the threat of long prison sentences that they have managed to create an army of informants deep inside the hacking community.

In some cases, popular illegal forums used by cyber criminals as marketplaces for stolen identities and credit card numbers have been run by hacker turncoats acting as FBI moles. In others, undercover FBI agents posing as "carders" – hackers specialising in ID theft – have themselves taken over the management of crime forums, using the intelligence gathered to put dozens of people behind bars.

So ubiquitous has the FBI informant network become that Eric Corley, who publishes the hacker quarterly, 2600, has estimated that 25% of hackers in the US may have been recruited by the federal authorities to be their eyes and ears. "Owing to the harsh penalties involved and the relative inexperience with the law that many hackers have, they are rather susceptible to intimidation," Corley told the Guardian.

"It makes for very tense relationships," said John Young, who runs Cryptome, a website depository for secret documents along the lines of WikiLeaks. "There are dozens and dozens of hackers who have been shopped by people they thought they trusted."

The best-known example of the phenomenon is Adrian Lamo, a convicted hacker who turned informant on Bradley Manning, who is suspected of passing secret documents to WikiLeaks. Manning had entered into a prolonged instant messaging conversation with Lamo, whom he trusted and asked for advice. Lamo repaid that trust by promptly handing over the 23-year-old intelligence specialist to the military authorities. Manning has now been in custody for more than a year.

For acting as he did, Lamo has earned himself the sobriquet of Judas and the "world's most hated hacker", though he has insisted that he acted out of concern for those he believed could be harmed or even killed by the WikiLeaks publication of thousands of US diplomatic cables.

"Obviously it's been much worse for him but it's certainly been no picnic for me," Lamo has said. "He followed his conscience, and I followed mine."

The latest challenge for the FBI in terms of domestic US breaches are the anarchistic co-operatives of "hacktivists" that have launched several high-profile cyber-attacks in recent months designed to make a statement. In the most recent case a group calling itself Lulz Security launched an audacious raid on the FBI's own linked organisation InfraGard. The raid, which was a blatant two fingers up at the agency, was said to have been a response to news that the Pentagon was poised to declare foreign cyber-attacks an act of war.

Lulz Security shares qualities with the hacktivist group Anonymous that has launched attacks against companies including Visa and MasterCard as a protest against their decision to block donations to WikiLeaks. While Lulz Security is so recent a phenomenon that the FBI has yet to get a handle on it, Anonymous is already under pressure from the agency. There were raids on 40 addresses in the US and five in the UK in January, and a grand jury has been hearing evidence against the group in California at the start of a possible federal prosecution.

Kevin Poulsen, senior editor at Wired magazine, believes the collective is classically vulnerable to infiltration and disruption. "We have already begun to see Anonymous members attack each other and out each other's IP addresses. That's the first step towards being susceptible to the FBI."

Barrett Brown, who has acted as a spokesman for the otherwise secretive Anonymous, says it is fully aware of the FBI's interest. "The FBI are always there. They are always watching, always in the chatrooms. You don't know who is an informant and who isn't, and to that extent you are vulnerable."


Supporters of Anonymous have been shocked by revelations that Sabu, one of the hacking collective's kingpins and spiritual leaders, spent the past eight months ensnaring other members in a coordinated FBI sting.

Perhaps they shouldn't have been. As anyone who has followed other high-tech dragnets over the past two decades knows, turncoats are an inevitable ingredient in most probes.

In 1995, for instance, when a fugitive named Kevin Mitnick was apprehended for using cloned cellular devices to hack into dozens of computer networks, federal authorities located him with the help of a cohort named Justin Peterson. A few years earlier, according to hacking folklore, Peterson helped feds find Kevin Poulsen—now a senior editor at Wired who was then a fugitive wanted for a string of wire-fraud and phone-phreaking offenses. Peterson, who was being pursued for hacking crimes of his own, also helped investigators locate Ronald Austin, who was wanted for breaking into Arpanet servers.

"I can't think of any (hacking) case where there wasn't an informant involved because when these guys get busted, they roll," Kevin Mitnick, who is now a professional security consultant, told Ars. "They sing like a bird to get themselves out of trouble. It's common."

More recently, there was the case of Max Butler, a hacker arrested in 2007 for the theft of 2 million credit card numbers following invaluable information cohort Christopher Aragon provided to the FBI.

A few years later, another prolific carder named Albert Gonzalez was undone in part by help given to authorities from an associate who had helped him hack into dozens of retail and payment processor networks and steal data for tens of millions of cards. Besides the sophistication of the operation and the estimated $400 million worth of damage it caused to TJX, Heartland Payment Systems, and other victims, the Gonzalez case was significant for just how deep the duplicity went. Even as he masterminded the crimes, Gonzalez was a paid informant for the Secret Service who helped put away more than a dozen members of Shadowcrew, an online bazaar where crooks went to buy and sell payment card numbers and other data used in fraud.

Adrian Lamo, another hacker who served time in federal prison, also became an informant of sorts when he supplied government investigators with chat transcripts of Bradley Manning detailing his leaking of hundreds of thousands of classified US documents to WikiLeaks.
Enter Sabu

In a series of Fox News exclusives, FBI officials said they arrested Sabu in June and quickly convinced him to become an informant. Court documents filed on Tuesday against five of his alleged associates show just how eager the 28-year-old father of two—whose real name is Hector Xavier Monsegur—was to help build a case against his one-time comrades. In late December, an alleged member of the splinter group Lulzsec entered a password-protected chat channel to report on the progress he was making in reformatting gigabytes of information stolen after breaching the security of Austin, Texas-based Strategic Forecasting Inc. so it could be publicly released on the Internet.

On December 26, when the hacker identified as Jeremy Hammond of Chicago said some 60,000 confidential e-mails were close to being released, Monsegur replied with forced enthusiasm.

"Weee," he replied, as federal agents looked on.

Transcripts of other chats show Monsegur painstakingly drawing incriminating information out of Hammond, who used multiple hacking handles to make it harder for investigators to link them to a single individual. In one session, he referred to Hammond by the aliases "sup_g" and "anarchaos" in what's now a not-so-oblique attempt to help feds prove the handles were masks used to hide the same individual. At other points, Monsegur, who was under constant supervision while conducting the sting, teased out details about a 2004 arrest of Hammond at the Republican National Convention in New York, a conviction the following year for a hack that stole credit card numbers from a politically conservative website, and a 2011 arrest for possession of marijuana.

Transcripts of chats Monsegur conducted with a hacker alternately called "palladium," "polonium," and "anonsacco" show him working tirelessly to establish that the handles belonged to one Donncha O'Cearrbhail of Ireland. Prosecutors ultimately used the sessions to support allegations the 19-year-old infiltrated and recorded a conference call between members of the FBI and UK police on the topic of Anonymous.
The dark side of confidential informants

The transcripts of Sabu's dealings with the people he set up also shows the darker side of law enforcement's reliance on alleged criminals to win indictments and convictions. Discussions about the attack on Stratfor and the resulting exposure of e-mails, credit card details and passwords for more than 800,000 of its clients and employees means that agents monitoring the sessions had advanced notice that crimes would take place and chose not to stop them. From December 6 through early February, about $700,000 in unauthorized charges were made to the payment cards compromised in the hack. The price of protecting the confidentiality of the sting meant they had little choice but to stand by as the charges continued to accrue.
Law enforcement photos

Similarly, agents monitoring Sabu's chats with Anonsacco had advanced notice that the Irish hacker had compromised the e-mail account of a senior UK law enforcement official and planned to use the access to intercept what was supposed to be a confidential conference call between FBI agents and their counterparts in Europe to discuss their investigation into Anonymous. Eleven days later, agents monitoring the chat sat by helplessly as Anonsacco discussed ways to use a recording of the call for maximum effect.

"I think we need to hype it up," the court documents quote Anonsacco as saying during a January 28 chat. "Let the feds think we have been recording their calls. They will be paranoid that none of their communications methods are safe or secure from Anon." A week later, agents found the recording had been posted to YouTube.

Mark D. Rasch, a former US attorney who prosecuted hackers, said investigators often have little choice but to work with confidential informants when pursuing certain types of suspects. Like organized crime gangs, hacking groups are secretive organizations that aren't easily infiltrated. Because charges often revolve around conspiracies, it's crucial that conversations, agreements, and plans among members be carefully documented.
Entrapping others to save yourself

"Informants are an incredibly important tool for prosecutors to use, but like any tool, they need to be appropriately evaluated and used carefully," Rasch told Ars. "You want to get someone who's cooperating but you also need to know what they're doing and have some control over it."

One of the last things a prosecutor wants to see is confidential witnesses like Gonzalez, whose misdeeds overshadow those who are being targeted in the initial investigation, Rasch added.

Mitnick said the pressure on suspects to cooperate is enormous. He estimates the five years he spent in federal prison—eight months of them in solitary confinement—were 25 percent to 50 percent longer than he would have served if he had agreed to become a cooperating witness in other cases. He said he opted out.

"I didn't feel it was right to inform and entrap others to get myself out of my own trouble," he explained. I thought that was a pretty rotten thing to do. Even though I violated the law, my ethics and morals wouldn't let me do it."
Title: Re: DEFCON is Dead.
Post by: pine on April 11, 2013, 06:24 pm
There is a great temptation for hackers to work on behalf of the State if they are intercepted. To supposedly "come good" instead of breaking bad. The problem with this logic is that you're being driven purely by fear of what will happen to you if you don't cooperate. This is not just. Your beliefs are being violated because you'll be put into a cage (for more time, not no time) if you disagree with the agents of the state. It's not enough for them to put you in a cage for x years. They also want to cow you. They want you to kow-tow. This is outrageous.

Consider what is happening to our community in last five years or more. Hackers are being put in prison for absolutely insane reasons left, right and center. Off the top of your head without even trying you can think of a dozen hackers put away for absurd prison sentences that an actual murderer or child abuser wouldn't receive.

The State is the enemy. Don't volunteer your services to fight "China" or "Iran". I don't particularly like the governments of either of those two countries. But the DOJ is a greater threat to your wellbeing than those governments shall ever be. They recognize that we are competition. We don't recognize their authority, they see this as an existential threat merely because we aren't under their thumb.

Too many of you are snitches for the Feds. Almost certainly members of our community are being press-ganged into service for the government. In my view it is time to take a stand. For a hacker to work for the government is fundamentally bizarre. On this network of ours we traverse dozens of countries in seconds, we have relationships with dozens of likeminded hackers from many different cultures and backgrounds. We should be one people, one tribe. The internet is our territory, the State is the Terrorist impinging on our sovereignty. They have been persecuting our community for many years, and it's only gotten worse over time. We are the modern day Jews. It's not as strange as it sounds at first. There is much similarity between the dull conspiracy mongering of the State ("Cyberwar", where anything connected to hacking is 'terroristy'), where Jews, due to their higher than average intelligence as a group and their knowledge of finance were villainized in the press by those jealous of their intellect and business acumen. They became caricatured beyond recognition. Something similar is happening to the hacker community. We don't have the cattle cars coming for us yet certainly, but huge numbers of hackers have been arrested on extremely flimsy grounds and then turned into workhorses for the State. In the event of a nation state war, depend on my analogy becoming ever more accurate.

Let's face it. DEFCON is fucking dead thanks to the Feds. It has been the case for some time. They've poisoned the well with their insane bullshit. We're way too nice for our own good when it comes to those cunts. All the real hacking is going on elsewhere. Next time you spot the Fed, there should be DEFCON bouncers to throw him out. Our values and theirs are just not compatible. That the organizers and members of DEFCON have capitulated to them is sick.

It is one thing to help the police prevent somebody getting murdered or preventing child abuse.

It is entirely another to be bending over backwards for ass rape and coming up with lists of people to include in the procedure.

The fact is that much of the time the Feds are ruining people's lives on flimsy provocation because, well, basically, in most cases the crime is merely embarrassing somebody in a position of authority. Look at what the Feds did to the Director of the CIA. That was entirely uncalled for. Even if the woman making threats needed a rap on the knuckles, they should still have respected this guy's privacy. Instead they ruined his life. This was obviously entirely politically motivated, nothing to do with actual justice.

The FBI and DOJ are political organizations with political objectives. To assume working for them is always "The Right thing to do" just because they intercepted you is moral cowardice.

People like Adrian Lamo and Sabu are scum. Behaving like this cannot and should not be rationalized away. Giving your comrades over to the maw of some ignorant witch trial is not, and never will be right.
Title: Re: DEFCON is Dead.
Post by: smogmonster13 on April 11, 2013, 06:54 pm
Pine, I'm glad you're back. You were missed.

I wish I knew how to identify those who have used their power for evil, but I don't. You could be working for the Feds (no offense) as far as I know.

Secret groups are prone to infiltration. How do we practically prevent it? We probably can't eliminate it, but can we reduce the frequency?
Title: Re: DEFCON is Dead.
Post by: pine on April 11, 2013, 08:03 pm
Pine, I'm glad you're back. You were missed.

I wish I knew how to identify those who have used their power for evil, but I don't. You could be working for the Feds (no offense) as far as I know.

Secret groups are prone to infiltration. How do we practically prevent it? We probably can't eliminate it, but can we reduce the frequency?

I take no offense because it's just true. I often sign my messages at the bottom as "Agent Pine" to remind people using my tutorials or reading my posts to remember that I too could be a LE agent. You can only trust yourself, no matter how friendly somebody else is. Even if you're totally certain they aren't a snitch now, what about in a year's time?

I think we can reduce the frequency alright. Awareness raising about using encryption/anonymizers and higher operational security (9/10 of which is "don't trust anybody" and 1/10 technical fixes), as well as distributing information such as case studies on Sabu, Adrian Lamo can help. That is probably the most effective way to inoculate the hacker population. Killing Lamo and Sabu to make examples of them won't work, you'd be just playing into the State's hands by using their methods at that rate. That said, turning their hard drives into paperweights every so often wouldn't hurt either :D

Title: Re: DEFCON is Dead.
Post by: canuckboy on April 11, 2013, 08:13 pm
I'd better take down those postings on hack BB then.   Heheeh
Title: Re: DEFCON is Dead.
Post by: SelfSovereignty on April 11, 2013, 08:29 pm
That sort of hacking really isn't my thing, so I suppose I shouldn't care so much; it's hard to see injustice whether it involves me or not though.  I'm really beginning to be very fearful of how bad things are going to get.  Well, anyway, thanks Pine.  Good reminders of how important caution is are all too rare if you aren't looking.
Title: Re: DEFCON is Dead.
Post by: pine on April 12, 2013, 08:28 pm
It's no coincidence that DEFCON is now full of hangers-on, groupies and half the talks have nothing to do with hacking. This becomes radically obvious when you look at the material from the first DEFCON talks. It didn't suddenly die, there has been a slow deterioration over time, it's not just me, lots of other people have noticed the same thing, lots of good people just don't go anymore because of it, it's a goddamn waste of time.

I mean just look at the Chaos Computer Club, which is DEFCON's counterpart in Europe. Sterling quality work all the time from the Germans, it is a startling contrast. American conferences used to be like this, BUT VERY CLEARLY the Federal government has decided some secret bullshit program of constant surveillance and infiltration on an epic scale because they have nothing better to do. The CCC people know, know in their bones that the government can be lethal to a community thanks to their fairly fucked up history, but some Americans have yet to receive the memo. The Federal Government will use you and abuse you for their own diabolical ends and that is all. CCC has always been more politically astute.

I say there's a direct connection between the acceptance of LE at the conference and the corresponding rise in irrelevant bullshit and whiteknight faggotry. Who the fuck wants to reveal their new ideas when it'll just bump you up the list of people to bully, culminating in LE agents busting into your house and then making you work for free or very little money due to bullshit charges that would probably never stand up in a jury trial. It's a fucking press-gang mentality that the DEFCON organizers and fellow travelers have essentially acquiesced to, pretending there's such a vast gulf between one hacker and another with their fucking "Hat Theories", or tribalism where a Chinese hacker is subversivebutwrong because American hackers are subversivebutright. I mean Jesus Christ.

The Feds are not "frienemies". They are the enemy full stop. The worse thing another hacker will do to you is nothing in comparison to the way the Feds whittle away our community, with Aaron Swartz and Weev being the most recent perverse examples. There is nothing remotely cool about hanging out with agents who work for the State. I'd prefer to hang out with the local Bingo club, they're cooler than that. I fucking loathed Sabu long before it was revealed he was working for the FBI and I wouldn't even turn him in. Whingeing car part stealing left wing welfare enabled little cunt. Still superior to the morons who take our tax dollars, throw us into cages and act with a overweening grandiose sense of superiority.

It feels like watching a nature documentary on those penguins sitting on an ice ledge, nudging each other so one of the penguins falls into the water and gets done in by the leopard seals while the rest of them fuck off. Actually come to think of it the penguins are even more ethical than these fucks because they don't go to fucking Leopard Seal Station and write down all the addresses of the other penguins that fell into the water five years back.

Hackers need more backbone. Not all of course, but there is definitely a large % who are willing to rationalize any kind of behavior and have no code.

At the next DEFCON, you meet a Fed, you say: FUCK YOU.