• Eggyhead@fedia.io
    link
    fedilink
    arrow-up
    97
    arrow-down
    1
    ·
    3 months ago

    Does this go to show that authorities needing backdoors to everything in order to do their jobs is actually kind of nonsense?

    • pop@lemmy.ml
      link
      fedilink
      English
      arrow-up
      63
      ·
      3 months ago

      The article is exaggerating the guy’s setup way too much. Opsec doesn’t end at the application level… The OS (the most popular being in bed with US), ISP, tor nodes, Honeypot VPNs, so on and so on could leave a trail.

      Using telegram public groups and obfuscating a calculator as a password protection layer is hillbilly level of security.

      And i’m glad these fuckos don’t have the knowledge to go beyond App developers marketing.

      • psmgx@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        3 months ago

        Goes beyond the OSI model, too. Someone has to pay for that VPN, and there has to be an entry point to getting BTC, using a 2nd hand laptop where they can prove you bought it off of someone off of Craigslist, etc.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 months ago

        Yup, every time I read about something like this, I look at what I’m doing and it’s way overkill, and I have nothing to hide. I’m guessing there are plenty of sickos that don’t get caught because they practice half-decent opsec, but there are a ton that don’t.

      • Appoxo@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        67
        ·
        edit-2
        3 months ago

        Heard about a guy doing insane opsec when selling on the dark web (darknet diaries podcast).
        In the end he got busted because a trusted member if his operation got lazy and ignored his rules

        Edit: This guy was essentially
        Leeching internet via a directional antenna from a neighbour that was significantly away
        Not allowing any visitor in with a cell. You had to keep it outside
        All drug related actions are done in a cleaned down room.
        Tripple sealing dark marketplace orders, wiping everything down with corrosive fluids to destroy any sort of dna material
        Not going to the same post office in (I believe 6 months) and only sending of 3-6 shipments at once

        I hope I got it correctly. Please go listen to the episode: https://darknetdiaries.com/episode/132/

        • mlg@lemmy.world
          link
          fedilink
          English
          arrow-up
          36
          arrow-down
          1
          ·
          3 months ago

          Reminds me of the lulzsec leader dude who exposed himself by logging into IRC once without tor on.

          Then he folded instantly and became an informant for the FBI to stay out of jail lol.

          In the end its really about tradeoffs. You can’t be an expert in everything so you need a team if you want to do anything big, but Cyber criminals are still criminals. They don’t trust each other which is what ultimately leads to their downfall even if they do all the implementation and tech part right.

          • barsoap@lemm.ee
            link
            fedilink
            English
            arrow-up
            18
            ·
            edit-2
            3 months ago

            Some German guy got got for logging into IRC via encrypted wifi, the cops did some war driving and correlated timing of traffic spikes with IRC messages until they had a profile with better hit probability than a DNA match.

            The best thing about that? They didn’t even need a search warrant as our genius was broadcasting the side-channel to the whole neighbourhood.

            • Emotet@slrpnk.net
              link
              fedilink
              English
              arrow-up
              6
              ·
              3 months ago

              Sounds interesting, got any links for further reading on that?

              I can’t quite connect the dots between wifi/internet traffic spikes when IRC is so light on traffic that it’s basically background noise and war driving.

              • barsoap@lemm.ee
                link
                fedilink
                English
                arrow-up
                7
                ·
                3 months ago

                When you send a message, that usually fits into an IP packet. That gets completely encrypted by the wifi, but you know that a data packet approximately that size has been sent at exactly that time. Simultaneously, you watch the IRC channel and see when messages are arriving from your suspect, or someone else types a message and that should correlate with another encrypted wifi package.

                The mistake was a) using wifi, exposing the data in the first place and b) not torrenting while you’re chatting. That would’ve obscured the time correlations.

                • AugustWest@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  3 months ago

                  Laymen with no understanding here. Obviously there were other mistakes, all of which make sense to me on a rudimentary level, but the first mistake you listed was him using wifi? What is the more secure alternative? Or do you just mean sending data directly over a true wifi connection and not using TOR or another medium?

                  • barsoap@lemm.ee
                    link
                    fedilink
                    English
                    arrow-up
                    4
                    ·
                    3 months ago

                    Had he used an ethernet connection, that is, a cable, he would not have broadcasted his traffic to the neighbourhood and police would have needed much more of a clue where he lives (not just “this general area”) and also a search warrant.

                    What’s particularly remarkable is that not having wifi at all at home, or only for their phone, is quite common among IT professionals: It’s faster, less prone to interference, and in case you mess up some encryption stuff at least you’re not broadcasting everything into the whole neighbourhood. All around the better option no paranoia required. But then you have an actual black hat, the type of people who tend to not just wear tinfoil hats but tinfoil underwear, make such a basic OPSEC mistake.

                • Emotet@slrpnk.net
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  3 months ago

                  I have an understanding of the underlying concepts. I’m mostly interested in the war driving. War driving, at least in my understanding, implies that someone, a state agency in this case, physically went to the very specific location of the suspect, penetrated their (wireless) network and therefore executed a successful traffic correlation attack.

                  I’m interested in how they got their suspects narrowed down that drastically in the first place. Traffic correlation attacks, at least in my experience, usually happen in a WAN context, not LAN, for example with the help of ISPs.

                  • barsoap@lemm.ee
                    link
                    fedilink
                    English
                    arrow-up
                    4
                    ·
                    3 months ago

                    I’m interested in how they got their suspects narrowed down that drastically in the first place.

                    They listened in on the chat he was in and could glean from chatter that he lived in a particular municipality or something, rough area. Stuff like, dunno, complain that the supermarket is closed because they had a water leak or something and pin-pointing that. The rest was driving around and see if anything correlates roughly, then park there long enough to make that correlation court-proof.

            • psmgx@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              ·
              3 months ago

              Timing attacks work, but if they’re running those then they have a pretty good idea as to both sides of the convo.

              Put another way, if they’ve got to that point your opsec has already failed.

              • barsoap@lemm.ee
                link
                fedilink
                English
                arrow-up
                2
                ·
                edit-2
                3 months ago

                Well without that they would’ve needed probably months correlating things like “goes to bed at X o clock” with those chat logs. For a whole neighbourhood to then get a search warrant with that. Which of course is not above the capabilities of a state actor but depending on how big a fish he was they might not have bothered spending the resources. Being able to pin-point a house in maybe a day when all you have is a municipality is a whole different ballpark.

        • Clent@lemmy.world
          link
          fedilink
          English
          arrow-up
          10
          arrow-down
          1
          ·
          3 months ago

          That’s sounds mostly correct.

          His relative also admitted their involvement and flipped on him which destroyed the narrow avenue he had to throw out the original evidence for the warrant.

          Of course we only ever hear the cases of people who get caught. If he relative hadn’t gotten lazy he may never have been caught.

          The lesson there is not to involve other people.