How Tor Users Get Caught By Saying Too Much
Summary
TLDRThe video script discusses the common obsession with low-level technical details in digital security, such as VPNs and anonymizing networks, which often distracts from the real issues. It highlights that hackers are usually caught not due to technical flaws but by oversharing personal information. Examples include the cases of Sabu and Jeremy Hammond from the hacking group LulzSec, who were doxed and caught due to excessive personal disclosures in IRC chats rather than any technical missteps.
Takeaways
- đ The obsession with low-level technical details often distracts from more critical operational security (opsec) practices.
- đŁïž Excessive talking and sharing personal details, rather than technical mistakes, is what usually leads to hackers getting caught.
- đ”ïžââïž High-profile malware cases like Pegasus and Stuxnet were traced back to human error in communication, not technical flaws.
- đĄ Users of the Tor network got caught due to operational mistakes, such as logging into IRC channels without a proxy to hide their IP address.
- đ 'Sabu' from Anonymous was doxed and caught due to his careless online behavior, including frequent mentions of a personal website with real-life details.
- đ The overlap of hacker aliases and revealing personal information led to Jeremy Hammond's identification and arrest.
- đ Technical configurations like using Tor or a VPN are less important than ensuring one's personal details and operational methods are not exposed.
- đ€ The importance of silence and discretion in communications cannot be overstated, as every detail shared can be a potential lead for investigators.
- đ Historical arrest records and political affiliations, when shared carelessly, can provide law enforcement with enough information to identify and locate an individual.
- đŹ Even within trusted groups, it's crucial to avoid sharing specific details about one's technical setup or personal life that could compromise security.
- đ The script emphasizes that operational security is more about being cautious with the information one shares rather than the specific tools or technologies one uses.
Q & A
What is the main concern expressed in the transcript about people who want to improve their digital security?
-The main concern is that people often obsess over low-level technical details, such as the trustworthiness of anonymizing networks or the security of different operating systems, rather than focusing on operational security (opsec).
What is the common mistake made by hackers that leads to their capture according to the transcript?
-The common mistake is not a technical one but rather saying too much, which can lead to their identification and capture.
Can you provide an example of how hackers were caught due to their own mistakes, as mentioned in the transcript?
-Hector Monsegur, known as Sabu, was caught because he logged into an IRC channel without using a proxy, exposing his IP address, and also because he frequently mentioned a personal website with his real information.
What was the significance of the personal website 'pvt.org' in the context of Sabu's capture?
-The website 'pvt.org' was significant because it contained Sabu's real name, phone number, and email, which could be easily found through a whois search, aiding in his identification.
How did Jeremy Hammond's involvement with anarchist groups contribute to his capture?
-Hammond's involvement with anarchist groups was a mistake because he mentioned it in IRC chats, which allowed the FBI to collaborate with the Chicago PD to find information about his past arrests and activities.
What is the importance of not revealing personal details or political affiliations during operational activities?
-Revealing personal details or political affiliations can compromise ops security by providing law enforcement with additional information that can be used to identify and locate an individual.
Why is it a mistake to discuss technical setup details like using a VPN or specific hardware during operations?
-Discussing technical setup details can give away too much information about how an operation is conducted, which can be used by law enforcement to narrow down suspects and gather evidence.
What is the analogy made in the transcript between the Miranda Rights and operational security?
-The analogy is that just as the Miranda Rights advise you to remain silent to prevent self-incrimination, operational security requires minimizing the information shared to prevent identification and capture.
What is the takeaway message from the transcript regarding the focus of digital security?
-The takeaway message is that focusing on operational security, such as not revealing too much information, is more important than obsessing over specific technical tools or systems.
How does the transcript suggest that the use of multiple identities can be compromised?
-The use of multiple identities can be compromised when those identities overlap, as seen with Jeremy Hammond, where he used different usernames in the same chat, revealing his connections to various hacker aliases.
What is the relevance of the indictment details for Jeremy Hammond mentioned in the transcript?
-The indictment details are relevant because they show how Hammond's own words in IRC chats, revealing personal and operational details, were used as evidence against him by the FBI.
Outlines
đ The Pitfalls of Obsessing Over Technical Details in OpSec
The first paragraph discusses the common mistake of focusing too much on low-level technical details in digital security, such as trusting certain anonymizing networks or the debate over VPN usage and operating systems. It emphasizes that hackers are rarely caught due to technical flaws but rather from revealing too much information. The paragraph uses the example of Hector Monsegur, known as Sabu, who was caught due to not masking his IP address and sharing personal details on a website, leading to his identification and subsequent cooperation with the FBI.
đ”ïžââïž The Consequences of Oversharing in Hacking Communities
The second paragraph delves into the story of Jeremy Hammond, another hacker who was caught not because of technical errors but due to oversharing personal information. Despite not making obvious technical mistakes during his involvement with the hacking group LulzSec, Hammond's multiple hacker aliases were linked through his excessive communication in IRC chats. His arrest history and political affiliations were mentioned, which the FBI used to corroborate his identity and activities, highlighting the importance of maintaining separate identities and being cautious with the information shared online.
đŁïž The Importance of Silence in Maintaining Operational Security
The third paragraph underscores the critical role of discretion in operational security (opsec). It points out that even with sophisticated tools, revealing personal details or operational methods can lead to identification and capture. The example of Hammond continues, illustrating how he disclosed too much about his current operations, such as using Tor and an Apple laptop, which the FBI confirmed during surveillance. The paragraph concludes by drawing a parallel between the Miranda Rights and the need for silence in online chats, especially when engaging in illicit activities, to prevent self-incrimination.
Mindmap
Keywords
đĄDigital Obsc
đĄAnonymizing Network
đĄVPN
đĄOpsec
đĄZero Day
đĄPegasus
đĄIRC
đĄDoxxing
đĄFBI
đĄMitigation
đĄMiranda Rights
Highlights
The obsession with low-level technical details such as the trustworthiness of anonymizing networks often fuels endless online debates.
Being aware of different technologies and experimenting with them for educational purposes is sensible, but overemphasis on technicalities can be counterproductive.
Hackers are rarely caught due to complicated technical mistakes; instead, it's often due to oversharing information.
State-sponsored malware like Pegasus and Stuxnet are developed with intelligence gathered from information leaks, not just technical prowess.
Hector Monsegur, aka Sabu, was caught due to a technical slip-up and revealing personal details on a personal website.
Sabu's case illustrates the importance of not correlating personal information with hacking activities.
Jeremy Hammond's arrest was facilitated by his overlapping hacker identities and excessive information sharing in IRC chats.
Hammond's political affiliations and personal history were used against him, highlighting the risk of sharing personal beliefs in operational contexts.
Technical mistakes are less common reasons for getting caught compared to operational security failures like revealing too much about one's methods and tools.
The importance of treating all online communications as if they are monitored by law enforcement to maintain operational security.
The Miranda Rights illustrate the principle that only information that can be used against you will be remembered and used in court.
The transcript emphasizes that operational security is more about discretion and less about the specific tools or technologies used.
Sharing technical setup details like using Tor or a VPN can be as damaging as revealing personal information.
The transcript suggests that operational security is better served by silence and discretion rather than technical complexity.
The value of maintaining separate identities and not correlating personal information with operational activities in the context of hacking.
The transcript provides real-world examples of how information disclosed in online chats can be used for doxing and legal prosecution.
The importance of not discussing personal legal history or political affiliations that could compromise one's operational security.
The transcript concludes that in the context of operational security, the principle of 'less said, better secured' holds true.
Transcripts
so many people who want to improve their
digital obsc spend way too much time
obsessing over low-level technical
details like whether or not tour or some
other anonymizing network can be trusted
and I think that this kind of obsession
over the technical details is what fuels
these endless online conversations I see
about whether or not you should use a
VPN together with t or whether one
operating system is going to be you know
more secure give you better opsc over
another or even whether you should use
libbre booted Hardware you know an open-
Source bios on Hardware that's a decade
old for certain operations and of course
it makes sense to at least be aware of
these different Technologies and to
experiment with them for educational
purposes or to possibly even learn how
they work to work them into your
operations and improve your opsec but if
we look at ways that hackers actually
get caught you know the mistakes that
they made and thus what details should
really be obsessed over there's rarely a
complicated technical mistake at play
it's almost never a zero day in the
Linux kernel that gets them caught it's
never the Intel management it's almost
never a flaw with tour's protocols or
someone's encryption being broken but
what is always involved is someone
saying too much and even in these
extreme cases where you know a lot of
money and resources are thrown into
creating some Advanced malware like
Pegasus or even something like stuck net
where you know the state is deploying
malware and in information leak somebody
saying too much is what ultimately leads
to that malware's Target being picked
and in the case of stuck net
intelligence was actually gathered about
the target which was Iran's nuclear
program and the Machinery involved with
that enrichment
process prior to the malware being
developed that intelligence helped them
develop the malware because then they
knew you know what machines were going
to be used and so they could make them
malware to attack those devices
directly so let's look at some examples
of how tour users hackers that were
using tour got caught so this is Hector
moniger also known by his hacker name
saboom who was a member of anonymous and
the founder of another hacking group
called LC that was a pretty notorious
hacker group that was active in the
early
2010s so he had actually gotten doxed by
members of back trays who were former
members of anonymous prior to his FBI
arrest but Sabu was under FBI
surveillance at this time and so that's
why backra actually took down uh their
docks that or at least the links to the
docs that they had published um because
you know he once mistakenly logged into
an IRC Channel where he was discussing
operations with other hackers without
using a proxy to mask his real IP
address so this exposes his IP and then
of course the FBI can get his name from
that but what also aided the FBI in
Catching Sabu and back Trace in doxing
him in the first place was his frequent
mentions of a personal website that he
had in the early 2000s called pvt. org
where he had his real name and F phone
number and email listed in the contact
information for the domain so anybody
could have just done a who is on pvt.
org and get sabo's docs which is
probably what back trce ended up doing
to uh get his docs and of course they
had uh tons of screenshots from IRC
chats where he's just saying too much
you know he's giving away a lot of
information about where he lives and
things that he does so that they're able
to correlate that with the who is D
details um so yeah
obviously Sabu leaking his IP that was a
big fail since the fbii just got his
info from the ISP but the who is docs
and Sabu talking about this website in
IRC corroborates that IP address
evidence and it gets twice as much
surveillance sent to you twice as fast
and it's pretty much over once close
surveillance starts because the FBI I
once they surveilled him quickly
realized that Sabu was taking care of
his two young cousins and so they were
able to use that against him when the
FBI raided his house apparently
according to him they didn't bust down
his door do anything crazy like that
they basically just knocked on the door
and told him to cooperate with them or
he was going to go to jail for life and
the state would take his younger cousins
away and so SAU became
informant and this led to others in his
ring like Jeremy Hammond to get caught
now what's interesting about Hammond is
apparently he didn't make any technical
mistakes like signing on to IRC without
using a proxy at least not during his
involvement with LC but again he talked
too much and he let these various
identities you know various hacker
identi ities overlap so you can see that
he's got numerous hacker
aliases in his indictment but there were
multiple incidents in recorded IRC chats
and you should be assuming that any
every IRC Chaz
recorded where he would have one
username but then he would respond to
another or he would use another username
and then tell people that he's this user
as well the whole point of using
multiple identities is to reduce how
much someone knows about you so if you
let those identities overlap then that's
going to unravel all of your efforts uh
so we can see here I mean this is a
perfect example of saying too much um so
this is the indictment for uh Jeremy
Hammond and it says in a chat with
covert witness one this would be Sabu
honor about July 21st 2011 an individual
using the Alias and our chaos later
identified as the defendant Jeremy
Hammond told Sabu that he had been
arrested for weed and did two weeks in
county jail and then later in that same
chat the individual said don't tell
anyone cuz it could compromise my
identity but I am on probation I've done
time before though it's all cool so
quick tip if you've got to tell somebody
not to tell anybody else that's
something that you shouldn't be telling
that person in the first place because
they could be an informant as you see
here uh but regardless of who you're
talking to this kind of information you
know saying that uh you got arrested for
weed and that you're on probation stuff
could very likely be used by a civilian
to get your docks it can definitely be
used by an FBI agent obviously here it
was used by the FBI to get his docks um
um so you got to be aware when
conducting these kinds of operations
really you've got to assume that every
single chat is going to be read by an
FBI agent at some point uh and we can
also see that uh Hammond when he used
the Alias
subg was telling Sabu that he was
involved with these Anarchist groups uh
he described him self as an anarchist
communist and said that he supported the
anarchist movement and that he was also
involved in militant anti-racist groups
now obviously this was another huge
mistake because the FBI were able to
talk with the Chicago PD to get
information about Hammond's arrest for
involvement and various Anarchist
protest and involvement in the hacking
of a white supremacist site years prior
and that's something that he wasn't even
charged for that's just something where
you know they had his details because I
believe he uh didn't mask his IP address
the whole time when he was breaking into
uh that white supremacist site he did
make technical mistakes in the past but
not you know so many when he was again
involved with LC but a lot of the arrest
information right typically arrest
information and you know things that
you're convicted of
uh end up becoming public record which
is why divulging this information about
yourself which isn't even relevant to
your current
operations is such a grave error you
know people who aren't even in law
enforcement would have been able to dox
him with this with all of these details
plus introducing a bunch of political
stuff or stating your strong political
opinions when it's not necessary to your
current operation in a group like this
is a bad idea because it could set
people with opposing opinions against
you you know like these are
controversial ideas like I guess you
could consider L SEC an anarchist
hacking group to some extent but as
they've stated many times they mostly
hacked for the lulls so telling people
that you're a pot smoking
anti-racist frean Anarchist that's
currently on probation in the midwest in
a hacker IRC channel is truly uh
horrific opsac you know it doesn't
matter if you always used a Quantum
resistant VPN with t if the feds have
your name and they know you're in
Chicago then they can identify you as
the guy with weed and the anarchist
t-shirt getting lunch out of a dumpster
now in addition to giving away too many
details about his personal life and past
operations he had taken part in Hammond
was giving away too many details about
how he was conducting his current
operations with lolx so for example he
stated on
IRC that all of his connections were
being made over tour over the tour
Network and he even complained about
stuff like YouTube being really slow
over
tour he also said that used an Apple
laptop so of course during the
surveillance phase the FBI confirmed
that he was sending all of his traffic
through tour and that the MAC address of
his computer matched to an Apple
computer it's not necessary to
divulge those details to anyone you know
even the people who you're working with
in your current operation don't need to
know that you use a Mac or that you're
always using tour or tour with a VPN or
residential proxies or whatever it
doesn't matter you really should treat
your IRC chats or any online chats for
that matter like you're talking directly
to the police after you've been
mirandized especially if you're engaging
in this kind of activity um and you know
speaking of that like if you ever paid
attention to the wording of the Miranda
Rights and I'm sure that other countries
have a similar version of this but here
in the states when the cops arrest you
before questioning they tell you that
you have the right to remain silent
everything you say can and will be used
against you in a court of law what that
means is the only things you say that
are going to be written down and
remembered by the cops and used are
things that can be used against you in
court not for you which is why a good
lawyer is going to tell you to not say
anything after you've been mirandized
you know even if you say something that
might exonerate you later on something
that makes sense to you know like oh I
wasn't there it wasn't me that statement
isn't going to be written down it's not
going to be remembered by the people
talking to you and it's not going to be
used in court right un not unless
somehow your lawyer can get a recording
of that and try to get it entered into
evidence the cops and the da certainly
AR going to enter it into evidence if it
makes you seem not guilty uh so yeah
it's turns out when it comes to obac
Simply shutting the up is so much
more important than what VPN proxy or
operating system you're using
Voir Plus de Vidéos Connexes
Cybersecurity and crime | Internet 101 | Computer Science | Khan Academy
Headache, Causes, Signs and Symptoms, Diagnosis and Treatment.
The Dangers of Oversharing
why people stare at you while on semen retention
Penyelesaian Non Yudisial Pelanggaran HAM Berat
Criminólogo entrevistó a un descuartizador y explica una macabra anécdota a Jordi Wild
5.0 / 5 (0 votes)