How Tor Users Get Caught By Saying Too Much
Summary
TLDREl video destaca la importancia de no revelar información personal o detalles de operaciones en línea, a pesar de la obsesión de algunas personas con detalles técnicos como VPNs y sistemas operativos. A menudo, los errores de los hackers no son técnicos, sino que hablan en exceso. Ejemplos como el caso de Sabu y Jeremy Hammond ilustran cómo detalles como IP, afiliaciones políticas y metas pasadas son utilizadas en su contra. El video subraya que mantener la discreción es más crucial que el uso de tecnología de seguridad avanzada.
Takeaways
- 🔒 La obsesión por detalles técnicos menores, como el uso de VPN o redes de enmascaramiento, a menudo distrae de las verdaderas prácticas de seguridad.
- 🕵️♂️ Los errores técnicos complejos son raramente la causa de la captura de hackers; en su lugar, suele ser la información excesiva o la falta de discreción.
- 💬 El exceso de información compartida, incluso en contextos aparentemente seguros, puede ser utilizada en contra de uno mismo y comprometer la seguridad.
- 🎯 Los hackers capturados a menudo son descubiertos debido a la falta de separación entre sus identidades en línea y sus vidas personales.
- 📜 La información de registro de IRC y chats en línea puede ser usada para correlacionar identidades y ubicaciones, exponiendo a los hackers.
- 🔗 Las publicaciones en línea pasadas, como sitios web personales, pueden contener información de contacto que lleva a la identificación de una persona.
- 🚨 La colaboración con las autoridades es a menudo incentivada por la presión y la amenaza de consecuencias personales o legales.
- 🔎 La vigilancia y la intuición policial pueden ser tan efectivas como cualquier herramienta tecnológica para rastrear y capturar a los hackers.
- 💭 La asunción de que las conversaciones en línea están protegidas o privadas es un error común y peligroso.
- 🛡️ La mejor práctica de seguridad (opsec) no depende de herramientas tecnológicas, sino de la discreción y el sentido común en la comunicación.
- 🤐 El principio de no hablar más de lo necesario es crucial, especialmente cuando se están involucrados en actividades que pueden ser consideradas ilegales o cuestionables.
Q & A
¿Qué es la opsec y por qué es importante en el contexto del script?
-La opsec, o operativa de seguridad, es la práctica de proteger la privacidad, seguridad y confidencialidad de las operaciones en un entorno digital o en general. En el contexto del script, es crucial porque se destaca la importancia de no revelar información personal o detalles de operaciones que podrían comprometer a los individuos o grupos involucrados en actividades en línea.
¿Por qué el enfoque en detalles técnicos menores no siempre es productivo para mejorar la seguridad en línea?
-El enfoque en detalles técnicos menores puede distraer de los problemas reales que afectan la seguridad en línea. El script destaca que los errores más comunes que llevan a la captura de hackers no son problemas técnicos complejos, sino fallas en la operativa de seguridad, como revelar demasiada información o no manejar adecuadamente las identidades en línea.
¿Qué pasó con Hector Monsegur (Sabu) y cómo fue su captura relacionada con la opsec?
-Hector Monsegur, conocido como Sabu, fue miembro de Anonymous y fundador de otro grupo de hacking llamado LC. Su captura estuvo relacionada con la opsec porque fue expuesto por otros miembros de Anonymous y también porque cometió errores como no usar un proxy para ocultar su dirección IP al participar en canales IRC, lo que expuso su información personal y facilitó su identificación y arresto por parte del FBI.
¿Qué errores cometió Jeremy Hammond en términos de opsec que llevaron a su captura?
-Jeremy Hammond cometió varios errores en términos de opsec, incluyendo hablar en exceso sobre su vida personal, pasado y operaciones en línea en IRC, permitir que sus identidades en línea se solapan, y revelar detalles sobre su hardware y conexiones utilizadas, lo que facilitó que las autoridades lo rastrearan y lo identificaran.
¿Qué le sucedió a Sabu después de que el FBI lo localizara y cómo afectó esto a otros hackers?
-Después de que el FBI localizara a Sabu, él fue confrontado y se convirtió en informante para las autoridades. Esto llevó a la captura de otros hackers en su círculo, como Jeremy Hammond, ya que Sabu cooperó con el FBI para identificar y exponer a otros individuos involucrados en actividades de hacking.
¿Qué se puede aprender de los errores de los hackers en términos de cómo manejar identidades en línea y proteger la privacidad?
-Se puede aprender que manejar adecuadamente las identidades en línea y evitar que se solapen es crucial para proteger la privacidad y evitar la identificación. También se aprende la importancia de no revelar información personal o detalles de operaciones que puedan ser utilizados en contra de uno en el futuro.
¿Por qué es importante asumir que todas las conversaciones en línea pueden ser leídas por las autoridades?
-Es importante asumir que todas las conversaciones en línea pueden ser leídas por las autoridades porque, como se muestra en el script, las autoridades pueden utilizar cualquier información revelada en línea para rastrear, identificar y arrestar a los individuos. Esta precaución puede ayudar a evitar la exposición no deseada y los posibles riesgos legales.
¿Qué se puede hacer para mejorar la opsec al realizar operaciones en línea?
-Para mejorar la opsec, se puede utilizar hardware y software de seguridad, manejar cuidadosamente las identidades en línea, evitar revelar información personal o detalles de operaciones, y ser consciente de las herramientas y técnicas que se utilizan para proteger la privacidad y la seguridad en línea.
¿Qué es TORS y cómo se relaciona con la seguridad en línea según el script?
-TORS, o The Onion Router, es una red de enrutamiento de tráfico con varias capas de enrutamiento para proteger la privacidad y la seguridad de los usuarios. Según el script, aunque es importante estar al tanto de tecnologías como TORS, no se debe obsesionar excesivamente con los detalles técnicos, ya que los errores en la opsec suelen ser más relacionados con la gestión de información y la identidad en línea que con las fallas técnicas.
¿Qué es la Ley de Miranda y cómo se relaciona con la importancia de no revelar información en línea?
-La Ley de Miranda es una ley en algunos países, como Estados Unidos, que requiere que las autoridades informen a un sospechoso de sus derechos antes de interrogarlo. Se relaciona con la importancia de no revelar información en línea porque, al igual que con los derechos establecidos por la Ley de Miranda, el contenido de las conversaciones en línea puede ser utilizado en contra de uno. Por lo tanto, es crucial ser consciente de lo que se comparte en línea y asumir que podría ser leído por terceros.
¿Cuál es la moraleja final del script en términos de cómo protegerse en el entorno en línea?
-La moraleja final del script es que, en lugar de obsesionarse con los detalles técnicos, es mucho más importante centrarse en la gestión adecuada de la información y la identidad en línea. Esto incluye no revelar detalles personales o de operaciones, manejar identidades en línea de manera segura y ser consciente de cómo se puede exponer a uno mismo en el entorno digital.
Outlines
🔒 Exceso de preocupación por detalles técnicos
Este párrafo discute cómo muchas personas que buscan mejorar su seguridad digital gastan demasiado tiempo obsesionadas con detalles técnicos menores, como la confiabilidad de redes anónimas o el uso de VPN. Sin embargo, el autor argumenta que estas obsesiones no son las causas principales de los errores de los hackers capturados, ya que raramente se debe a fallas técnicas complicadas o a problemas de seguridad零day, sino a la información revelada excesivamente.
🕵️♂️ Cómo los hackers son capturados: el caso de Sabu
En este párrafo se relata el caso de Sabu, un hacker que fue capturado debido a que reveló demasiado sobre sí mismo en IRC chats y su sitio web personal. A pesar de que no se detectaron errores técnicos significativos, como la exposición de su IP, la información personal en su sitio web y detalles de su vida personal, contribuyeron a su captura. Además, se menciona cómo la información sobre su vida familiar fue utilizada para presionarlo a colaborar con las autoridades.
🗣️ La importancia de no revelar información personal
Este párrafo enfatiza la importancia de no compartir información personal o detalles sobre las operaciones actuales en chats en línea, ya que esto puede ser utilizado en contra de uno. Se describe el caso de Jeremy Hammond, quien, a pesar de no haber cometido errores técnicos evidentes, fue capturado debido a que compartió información excesiva sobre su vida personal, sus actividades pasadas y su ideología política en canales de IRC. El texto advierte sobre las consecuencias de revelar tal información y cómo puede comprometer la seguridad y el anonimato.
Mindmap
Keywords
💡obsc
💡VPN
💡tor
💡opsec
💡doxing
💡FBI
💡IRC
💡anonymity
💡arrest
💡probation
💡opsec failure
💡Miranda Rights
Highlights
许多人在提高他们的数字安全方面花费太多时间,纠结于低级的技术细节,例如是否使用tor或其他匿名网络。
对于技术细节的过度关注导致了无休止的在线讨论,例如是否应该同时使用VPN和tor,或者哪个操作系统更安全。
黑客被抓住的真正原因很少是复杂的技术错误,而是因为他们说得太多。
在高级恶意软件如Pegasus或Stuxnet的开发中,信息泄露通常是由于某人说太多而非技术缺陷。
Hector Monsegur(又名Sabu)因在IRC频道中未隐藏真实IP地址而被揭露。
Sabu早期个人网站pvt.org上的联系信息暴露了他的真实身份。
Jeremy Hammond因在IRC聊天中透露过多个人信息而被识别和逮捕。
Hammond在IRC聊天中使用了多个黑客身份,但未能保持这些身份之间的分离,导致了他的身份暴露。
Hammond在IRC中提到自己因大麻被捕和处于缓刑期,这些信息被用来对他进行调查。
Hammond透露了自己支持无政府主义运动和参与反种族主义团体的信息,这些信息被FBI用来进一步调查他。
Hammond在IRC中提到他所有的连接都是通过tor网络进行的,这为FBI提供了调查线索。
在进行此类操作时,应假设每个聊天记录最终都会被FBI阅读。
在任何在线聊天中,都应像对待警察在场的情况下一样谨慎,特别是在涉及敏感操作时。
Miranda权利的措辞强调了保持沉默的重要性,以避免在法庭上对自己不利。
在提高操作安全性(opsec)方面,保持沉默比使用任何VPN、代理或操作系统更为重要。
Transcripts
so many people who want to improve their
digital obsc spend way too much time
obsessing over low-level technical
details like whether or not tour or some
other anonymizing network can be trusted
and I think that this kind of obsession
over the technical details is what fuels
these endless online conversations I see
about whether or not you should use a
VPN together with t or whether one
operating system is going to be you know
more secure give you better opsc over
another or even whether you should use
libbre booted Hardware you know an open-
Source bios on Hardware that's a decade
old for certain operations and of course
it makes sense to at least be aware of
these different Technologies and to
experiment with them for educational
purposes or to possibly even learn how
they work to work them into your
operations and improve your opsec but if
we look at ways that hackers actually
get caught you know the mistakes that
they made and thus what details should
really be obsessed over there's rarely a
complicated technical mistake at play
it's almost never a zero day in the
Linux kernel that gets them caught it's
never the Intel management it's almost
never a flaw with tour's protocols or
someone's encryption being broken but
what is always involved is someone
saying too much and even in these
extreme cases where you know a lot of
money and resources are thrown into
creating some Advanced malware like
Pegasus or even something like stuck net
where you know the state is deploying
malware and in information leak somebody
saying too much is what ultimately leads
to that malware's Target being picked
and in the case of stuck net
intelligence was actually gathered about
the target which was Iran's nuclear
program and the Machinery involved with
that enrichment
process prior to the malware being
developed that intelligence helped them
develop the malware because then they
knew you know what machines were going
to be used and so they could make them
malware to attack those devices
directly so let's look at some examples
of how tour users hackers that were
using tour got caught so this is Hector
moniger also known by his hacker name
saboom who was a member of anonymous and
the founder of another hacking group
called LC that was a pretty notorious
hacker group that was active in the
early
2010s so he had actually gotten doxed by
members of back trays who were former
members of anonymous prior to his FBI
arrest but Sabu was under FBI
surveillance at this time and so that's
why backra actually took down uh their
docks that or at least the links to the
docs that they had published um because
you know he once mistakenly logged into
an IRC Channel where he was discussing
operations with other hackers without
using a proxy to mask his real IP
address so this exposes his IP and then
of course the FBI can get his name from
that but what also aided the FBI in
Catching Sabu and back Trace in doxing
him in the first place was his frequent
mentions of a personal website that he
had in the early 2000s called pvt. org
where he had his real name and F phone
number and email listed in the contact
information for the domain so anybody
could have just done a who is on pvt.
org and get sabo's docs which is
probably what back trce ended up doing
to uh get his docs and of course they
had uh tons of screenshots from IRC
chats where he's just saying too much
you know he's giving away a lot of
information about where he lives and
things that he does so that they're able
to correlate that with the who is D
details um so yeah
obviously Sabu leaking his IP that was a
big fail since the fbii just got his
info from the ISP but the who is docs
and Sabu talking about this website in
IRC corroborates that IP address
evidence and it gets twice as much
surveillance sent to you twice as fast
and it's pretty much over once close
surveillance starts because the FBI I
once they surveilled him quickly
realized that Sabu was taking care of
his two young cousins and so they were
able to use that against him when the
FBI raided his house apparently
according to him they didn't bust down
his door do anything crazy like that
they basically just knocked on the door
and told him to cooperate with them or
he was going to go to jail for life and
the state would take his younger cousins
away and so SAU became
informant and this led to others in his
ring like Jeremy Hammond to get caught
now what's interesting about Hammond is
apparently he didn't make any technical
mistakes like signing on to IRC without
using a proxy at least not during his
involvement with LC but again he talked
too much and he let these various
identities you know various hacker
identi ities overlap so you can see that
he's got numerous hacker
aliases in his indictment but there were
multiple incidents in recorded IRC chats
and you should be assuming that any
every IRC Chaz
recorded where he would have one
username but then he would respond to
another or he would use another username
and then tell people that he's this user
as well the whole point of using
multiple identities is to reduce how
much someone knows about you so if you
let those identities overlap then that's
going to unravel all of your efforts uh
so we can see here I mean this is a
perfect example of saying too much um so
this is the indictment for uh Jeremy
Hammond and it says in a chat with
covert witness one this would be Sabu
honor about July 21st 2011 an individual
using the Alias and our chaos later
identified as the defendant Jeremy
Hammond told Sabu that he had been
arrested for weed and did two weeks in
county jail and then later in that same
chat the individual said don't tell
anyone cuz it could compromise my
identity but I am on probation I've done
time before though it's all cool so
quick tip if you've got to tell somebody
not to tell anybody else that's
something that you shouldn't be telling
that person in the first place because
they could be an informant as you see
here uh but regardless of who you're
talking to this kind of information you
know saying that uh you got arrested for
weed and that you're on probation stuff
could very likely be used by a civilian
to get your docks it can definitely be
used by an FBI agent obviously here it
was used by the FBI to get his docks um
um so you got to be aware when
conducting these kinds of operations
really you've got to assume that every
single chat is going to be read by an
FBI agent at some point uh and we can
also see that uh Hammond when he used
the Alias
subg was telling Sabu that he was
involved with these Anarchist groups uh
he described him self as an anarchist
communist and said that he supported the
anarchist movement and that he was also
involved in militant anti-racist groups
now obviously this was another huge
mistake because the FBI were able to
talk with the Chicago PD to get
information about Hammond's arrest for
involvement and various Anarchist
protest and involvement in the hacking
of a white supremacist site years prior
and that's something that he wasn't even
charged for that's just something where
you know they had his details because I
believe he uh didn't mask his IP address
the whole time when he was breaking into
uh that white supremacist site he did
make technical mistakes in the past but
not you know so many when he was again
involved with LC but a lot of the arrest
information right typically arrest
information and you know things that
you're convicted of
uh end up becoming public record which
is why divulging this information about
yourself which isn't even relevant to
your current
operations is such a grave error you
know people who aren't even in law
enforcement would have been able to dox
him with this with all of these details
plus introducing a bunch of political
stuff or stating your strong political
opinions when it's not necessary to your
current operation in a group like this
is a bad idea because it could set
people with opposing opinions against
you you know like these are
controversial ideas like I guess you
could consider L SEC an anarchist
hacking group to some extent but as
they've stated many times they mostly
hacked for the lulls so telling people
that you're a pot smoking
anti-racist frean Anarchist that's
currently on probation in the midwest in
a hacker IRC channel is truly uh
horrific opsac you know it doesn't
matter if you always used a Quantum
resistant VPN with t if the feds have
your name and they know you're in
Chicago then they can identify you as
the guy with weed and the anarchist
t-shirt getting lunch out of a dumpster
now in addition to giving away too many
details about his personal life and past
operations he had taken part in Hammond
was giving away too many details about
how he was conducting his current
operations with lolx so for example he
stated on
IRC that all of his connections were
being made over tour over the tour
Network and he even complained about
stuff like YouTube being really slow
over
tour he also said that used an Apple
laptop so of course during the
surveillance phase the FBI confirmed
that he was sending all of his traffic
through tour and that the MAC address of
his computer matched to an Apple
computer it's not necessary to
divulge those details to anyone you know
even the people who you're working with
in your current operation don't need to
know that you use a Mac or that you're
always using tour or tour with a VPN or
residential proxies or whatever it
doesn't matter you really should treat
your IRC chats or any online chats for
that matter like you're talking directly
to the police after you've been
mirandized especially if you're engaging
in this kind of activity um and you know
speaking of that like if you ever paid
attention to the wording of the Miranda
Rights and I'm sure that other countries
have a similar version of this but here
in the states when the cops arrest you
before questioning they tell you that
you have the right to remain silent
everything you say can and will be used
against you in a court of law what that
means is the only things you say that
are going to be written down and
remembered by the cops and used are
things that can be used against you in
court not for you which is why a good
lawyer is going to tell you to not say
anything after you've been mirandized
you know even if you say something that
might exonerate you later on something
that makes sense to you know like oh I
wasn't there it wasn't me that statement
isn't going to be written down it's not
going to be remembered by the people
talking to you and it's not going to be
used in court right un not unless
somehow your lawyer can get a recording
of that and try to get it entered into
evidence the cops and the da certainly
AR going to enter it into evidence if it
makes you seem not guilty uh so yeah
it's turns out when it comes to obac
Simply shutting the up is so much
more important than what VPN proxy or
operating system you're using
5.0 / 5 (0 votes)