Retired Cryptocloud forum
Retired Cryptocloud forum
Retired Cryptocloud forum
Would you like to react to this message? Create an account in a few clicks or log in to continue.
Retired Cryptocloud forum

forum moved to permanent home at!
HomeHome  SearchSearch  RegisterRegister  Log in  

Display results as :
Rechercher Advanced Search
Latest topics
June 2021
free forum


 Snitchware 101: Hide My Ass (...or not, actually)

Go down 

Would you trust a confirmed snitchware VPN company with your security online?
Snitchware 101: Hide My Ass (...or not, actually) Vote_lcap0%Snitchware 101: Hide My Ass (...or not, actually) Vote_rcap
 0% [ 0 ]
Hell no!
Snitchware 101: Hide My Ass (...or not, actually) Vote_lcap33%Snitchware 101: Hide My Ass (...or not, actually) Vote_rcap
 33% [ 1 ]
Not in a million years
Snitchware 101: Hide My Ass (...or not, actually) Vote_lcap67%Snitchware 101: Hide My Ass (...or not, actually) Vote_rcap
 67% [ 2 ]
Sure, why not... what could _possibly_ go wrong?
Snitchware 101: Hide My Ass (...or not, actually) Vote_lcap0%Snitchware 101: Hide My Ass (...or not, actually) Vote_rcap
 0% [ 0 ]
Total Votes : 3


Posts : 57
Join date : 2012-08-04

Snitchware 101: Hide My Ass (...or not, actually) Empty
PostSubject: Snitchware 101: Hide My Ass (...or not, actually)   Snitchware 101: Hide My Ass (...or not, actually) EmptySun Aug 05, 2012 6:15 pm

Quote :
LulzSec Hacker Exposed by the Service He Thought Would Hide Him
Adam Martin 30,538 ViewsSep 23, 2011

On Thursday, the FBI arrested two suspected hackers who allegedly participated in Anonymous and LulzSec attacks. One of them, Cody Kretsinger, faces 15 years in prison for allegedly helping break into the Sony Pictures website with an SQL injection and publishing user data. As we described on Thursday, the indictment against Kretsinger says he used what's called a proxy server to hide his identity while carrying out the attack. But on Friday it emerged that the site he allegedly used to disguise his identity cooperated with police working to track him down. That's got some in the online privacy community very nervous.

The federal indictment against Kretsinger charges that he used a proxy server site called to disguise his Internet protocol address. Very basically, a proxy server works as an intermediary stop for a signal between one computer and another. By transmitting data through the proxy, a hacker can hide his or her ISP from the target. But since the proxy server gets between the machines on either end of that exchange, it is in a position to know details about the hacker. And if somebody investigating a hacking job gets access to that server, it can reveal their identity. That's apparently what happened in the investigation into Kretsinger. The details of that search haven't been made public yet, but a post on Hidemyass's blog says the company cooperated with police investigating the LulzSec actions.

Quote :
It first came to our attention when leaked IRC chat logs were released, in these logs participants discussed about various VPN services they use, and it became apparent that some members were using our service. No action was taken, after all there was no evidence to suggest wrongdoing and nothing to identify which accounts with us they were using. At a later date it came as no surprise to have received a court order asking for information relating to an account associated with some or all of the above cases. As stated in our terms of service and privacy policy our service is not to be used for illegal activity, and as a legitimate company we will cooperate with law enforcement if we receive a court order (equivalent of a subpoena in the US).

Normal businesses do indeed regularly obey court orders. But something doing business as might not be thought to be a normal business. The service claims that "the world-wide-web should be world-wide and not censored in anyway," after which it goes on to highlight its popularity among protesters in Egypt when the government blocked access to Twitter. As the group Privacy International noted on its blog, that sets them up as "supra-legal arbiters of morality" who can choose to cooperate with some government requests and not others. Sony and the federal government see LulzSec hackers as criminal miscreants, but LulzSec sees itself as a revolutionary group.

The notion that a proxy server could or would identify its users to investigators has privacy advocates crying foul. " is 'probably' run by the FBI. I know I would have put a number VPN and anonymizers out there hoping they would use them," wrote one (hopefully tongue-in-cheek) commenter on Ars Technica. Jason, who writes the blog Securityphile and doesn't publish his last name, tweeted, "hide my ass privacy service just became sell my ass to the feds." In the comments on the Privacy International blog post, PI technology adviser Eric King wrote: "There are many services who make far less grandiose claims about 'complete privacy' whose architecture inherently prevents them from being able to track or log users' activity. AirVPN and the Tor Project both offer similar services we'd happily recommend." AirVPN, for its part, issued a lengthy statement on Friday reassuring its customers of its own privacy safeguards and advising rattled users on how to take their own.

But for LulzSec members who have already used, the damage is done. Only one, named "neuron," mentions it in the leaked IRC logs, but since Kretsinger went by the handle "recursion" it's a safe assumption there's at least one other user out there who may be on the hook.
Back to top Go down
Snitchware 101: Hide My Ass (...or not, actually)
Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
Retired Cryptocloud forum :: :: General Discussion-
Jump to: