How Tor Users Get Caught By Saying Too Much

00:00

so many people who want to improve their

00:03

digital obsc spend way too much time

00:06

obsessing over low-level technical

00:09

details like whether or not tour or some

00:12

other anonymizing network can be trusted

00:16

and I think that this kind of obsession

00:18

over the technical details is what fuels

00:21

these endless online conversations I see

00:24

about whether or not you should use a

00:26

VPN together with t or whether one

00:30

operating system is going to be you know

00:32

more secure give you better opsc over

00:34

another or even whether you should use

00:38

libbre booted Hardware you know an open-

00:40

Source bios on Hardware that's a decade

00:44

old for certain operations and of course

00:47

it makes sense to at least be aware of

00:51

these different Technologies and to

00:53

experiment with them for educational

00:55

purposes or to possibly even learn how

00:57

they work to work them into your

01:00

operations and improve your opsec but if

01:03

we look at ways that hackers actually

01:06

get caught you know the mistakes that

01:08

they made and thus what details should

01:12

really be obsessed over there's rarely a

01:17

complicated technical mistake at play

01:21

it's almost never a zero day in the

01:25

Linux kernel that gets them caught it's

01:28

never the Intel management it's almost

01:30

never a flaw with tour's protocols or

01:34

someone's encryption being broken but

01:37

what is always involved is someone

01:40

saying too much and even in these

01:44

extreme cases where you know a lot of

01:46

money and resources are thrown into

01:50

creating some Advanced malware like

01:52

Pegasus or even something like stuck net

01:55

where you know the state is deploying

01:58

malware and in information leak somebody

02:01

saying too much is what ultimately leads

02:04

to that malware's Target being picked

02:08

and in the case of stuck net

02:10

intelligence was actually gathered about

02:12

the target which was Iran's nuclear

02:14

program and the Machinery involved with

02:18

that enrichment

02:19

process prior to the malware being

02:22

developed that intelligence helped them

02:24

develop the malware because then they

02:26

knew you know what machines were going

02:27

to be used and so they could make them

02:29

malware to attack those devices

02:32

directly so let's look at some examples

02:35

of how tour users hackers that were

02:38

using tour got caught so this is Hector

02:42

moniger also known by his hacker name

02:46

saboom who was a member of anonymous and

02:49

the founder of another hacking group

02:52

called LC that was a pretty notorious

02:55

hacker group that was active in the

02:57

early

02:58

2010s so he had actually gotten doxed by

03:03

members of back trays who were former

03:05

members of anonymous prior to his FBI

03:09

arrest but Sabu was under FBI

03:12

surveillance at this time and so that's

03:14

why backra actually took down uh their

03:17

docks that or at least the links to the

03:19

docs that they had published um because

03:23

you know he once mistakenly logged into

03:26

an IRC Channel where he was discussing

03:29

operations with other hackers without

03:31

using a proxy to mask his real IP

03:33

address so this exposes his IP and then

03:38

of course the FBI can get his name from

03:41

that but what also aided the FBI in

03:44

Catching Sabu and back Trace in doxing

03:47

him in the first place was his frequent

03:50

mentions of a personal website that he

03:53

had in the early 2000s called pvt. org

03:58

where he had his real name and F phone

03:59

number and email listed in the contact

04:01

information for the domain so anybody

04:05

could have just done a who is on pvt.

04:08

org and get sabo's docs which is

04:11

probably what back trce ended up doing

04:13

to uh get his docs and of course they

04:15

had uh tons of screenshots from IRC

04:18

chats where he's just saying too much

04:21

you know he's giving away a lot of

04:22

information about where he lives and

04:25

things that he does so that they're able

04:27

to correlate that with the who is D

04:29

details um so yeah

04:31

obviously Sabu leaking his IP that was a

04:35

big fail since the fbii just got his

04:38

info from the ISP but the who is docs

04:41

and Sabu talking about this website in

04:43

IRC corroborates that IP address

04:47

evidence and it gets twice as much

04:49

surveillance sent to you twice as fast

04:52

and it's pretty much over once close

04:56

surveillance starts because the FBI I

05:00

once they surveilled him quickly

05:02

realized that Sabu was taking care of

05:05

his two young cousins and so they were

05:08

able to use that against him when the

05:10

FBI raided his house apparently

05:13

according to him they didn't bust down

05:15

his door do anything crazy like that

05:17

they basically just knocked on the door

05:19

and told him to cooperate with them or

05:21

he was going to go to jail for life and

05:23

the state would take his younger cousins

05:26

away and so SAU became

05:30

informant and this led to others in his

05:33

ring like Jeremy Hammond to get caught

05:37

now what's interesting about Hammond is

05:39

apparently he didn't make any technical

05:42

mistakes like signing on to IRC without

05:46

using a proxy at least not during his

05:49

involvement with LC but again he talked

05:53

too much and he let these various

05:57

identities you know various hacker

05:59

identi ities overlap so you can see that

06:02

he's got numerous hacker

06:04

aliases in his indictment but there were

06:08

multiple incidents in recorded IRC chats

06:12

and you should be assuming that any

06:14

every IRC Chaz

06:16

recorded where he would have one

06:19

username but then he would respond to

06:21

another or he would use another username

06:24

and then tell people that he's this user

06:26

as well the whole point of using

06:29

multiple identities is to reduce how

06:32

much someone knows about you so if you

06:34

let those identities overlap then that's

06:36

going to unravel all of your efforts uh

06:39

so we can see here I mean this is a

06:41

perfect example of saying too much um so

06:44

this is the indictment for uh Jeremy

06:47

Hammond and it says in a chat with

06:50

covert witness one this would be Sabu

06:53

honor about July 21st 2011 an individual

06:57

using the Alias and our chaos later

07:01

identified as the defendant Jeremy

07:03

Hammond told Sabu that he had been

07:06

arrested for weed and did two weeks in

07:09

county jail and then later in that same

07:12

chat the individual said don't tell

07:13

anyone cuz it could compromise my

07:16

identity but I am on probation I've done

07:19

time before though it's all cool so

07:23

quick tip if you've got to tell somebody

07:26

not to tell anybody else that's

07:29

something that you shouldn't be telling

07:31

that person in the first place because

07:34

they could be an informant as you see

07:37

here uh but regardless of who you're

07:39

talking to this kind of information you

07:41

know saying that uh you got arrested for

07:45

weed and that you're on probation stuff

07:48

could very likely be used by a civilian

07:51

to get your docks it can definitely be

07:54

used by an FBI agent obviously here it

07:56

was used by the FBI to get his docks um

07:59

um so you got to be aware when

08:02

conducting these kinds of operations

08:04

really you've got to assume that every

08:06

single chat is going to be read by an

08:10

FBI agent at some point uh and we can

08:13

also see that uh Hammond when he used

08:18

the Alias

08:21

subg was telling Sabu that he was

08:24

involved with these Anarchist groups uh

08:28

he described him self as an anarchist

08:32

communist and said that he supported the

08:35

anarchist movement and that he was also

08:37

involved in militant anti-racist groups

08:41

now obviously this was another huge

08:44

mistake because the FBI were able to

08:46

talk with the Chicago PD to get

08:49

information about Hammond's arrest for

08:52

involvement and various Anarchist

08:54

protest and involvement in the hacking

08:57

of a white supremacist site years prior

09:01

and that's something that he wasn't even

09:02

charged for that's just something where

09:05

you know they had his details because I

09:06

believe he uh didn't mask his IP address

09:09

the whole time when he was breaking into

09:11

uh that white supremacist site he did

09:13

make technical mistakes in the past but

09:15

not you know so many when he was again

09:19

involved with LC but a lot of the arrest

09:23

information right typically arrest

09:26

information and you know things that

09:27

you're convicted of

09:29

uh end up becoming public record which

09:33

is why divulging this information about

09:35

yourself which isn't even relevant to

09:38

your current

09:39

operations is such a grave error you

09:42

know people who aren't even in law

09:45

enforcement would have been able to dox

09:47

him with this with all of these details

09:50

plus introducing a bunch of political

09:52

stuff or stating your strong political

09:54

opinions when it's not necessary to your

09:57

current operation in a group like this

10:00

is a bad idea because it could set

10:03

people with opposing opinions against

10:05

you you know like these are

10:06

controversial ideas like I guess you

10:09

could consider L SEC an anarchist

10:11

hacking group to some extent but as

10:14

they've stated many times they mostly

10:17

hacked for the lulls so telling people

10:20

that you're a pot smoking

10:24

anti-racist frean Anarchist that's

10:27

currently on probation in the midwest in

10:30

a hacker IRC channel is truly uh

10:33

horrific opsac you know it doesn't

10:35

matter if you always used a Quantum

10:38

resistant VPN with t if the feds have

10:41

your name and they know you're in

10:43

Chicago then they can identify you as

10:47

the guy with weed and the anarchist

10:49

t-shirt getting lunch out of a dumpster

10:52

now in addition to giving away too many

10:55

details about his personal life and past

10:59

operations he had taken part in Hammond

11:03

was giving away too many details about

11:05

how he was conducting his current

11:07

operations with lolx so for example he

11:11

stated on

11:13

IRC that all of his connections were

11:17

being made over tour over the tour

11:20

Network and he even complained about

11:23

stuff like YouTube being really slow

11:25

over

11:26

tour he also said that used an Apple

11:30

laptop so of course during the

11:32

surveillance phase the FBI confirmed

11:35

that he was sending all of his traffic

11:37

through tour and that the MAC address of

11:39

his computer matched to an Apple

11:43

computer it's not necessary to

11:46

divulge those details to anyone you know

11:49

even the people who you're working with

11:51

in your current operation don't need to

11:53

know that you use a Mac or that you're

11:56

always using tour or tour with a VPN or

11:59

residential proxies or whatever it

12:00

doesn't matter you really should treat

12:04

your IRC chats or any online chats for

12:08

that matter like you're talking directly

12:10

to the police after you've been

12:12

mirandized especially if you're engaging

12:14

in this kind of activity um and you know

12:17

speaking of that like if you ever paid

12:19

attention to the wording of the Miranda

12:22

Rights and I'm sure that other countries

12:24

have a similar version of this but here

12:25

in the states when the cops arrest you

12:28

before questioning they tell you that

12:32

you have the right to remain silent

12:34

everything you say can and will be used

12:37

against you in a court of law what that

12:40

means is the only things you say that

12:44

are going to be written down and

12:46

remembered by the cops and used are

12:49

things that can be used against you in

12:51

court not for you which is why a good

12:55

lawyer is going to tell you to not say

12:57

anything after you've been mirandized

12:59

you know even if you say something that

13:01

might exonerate you later on something

13:03

that makes sense to you know like oh I

13:06

wasn't there it wasn't me that statement

13:08

isn't going to be written down it's not

13:10

going to be remembered by the people

13:11

talking to you and it's not going to be

13:13

used in court right un not unless

13:16

somehow your lawyer can get a recording

13:18

of that and try to get it entered into

13:20

evidence the cops and the da certainly

13:22

AR going to enter it into evidence if it

13:25

makes you seem not guilty uh so yeah

13:28

it's turns out when it comes to obac

13:31

Simply shutting the up is so much

13:34

more important than what VPN proxy or

13:38

operating system you're using