Re: VPN provider helped track down alleged LulzSec member

[Paul Schmehl <pschmehl_lists () tx rr com>]

IOW, there is no honor among thieves.

This isn't a new concept.

--On September 30, 2011 3:31:06 PM +0100 Darren Martyn 
<d.martyn.fulldisclosure () gmail com> wrote:

> By screw you over I did not intend to mean "sell you out". I meant a more
> criminal fucking over - where they backdoor the box (Hey, physical access
> and its THEIR server) and steal your criminal assets... i.e. steal, say,
> your formgrabber data (and keep it), jack your botnet, etc... SOme of
> them guys do just that. The domain "khant.info" used to be a "free botnet
> service" where one could use Khant's servers to run a botnet. It was
> marketed toward script kiddies, and after a few short months he ran off
> with their bots and their money :)
>
> Just an example of how common it is for a "bulletproof host" or such to
> fuck you over.
>
>
> On Thu, Sep 29, 2011 at 2:56 PM, xD 0x41 <secn3t () gmail com> wrote:
>
>
> User location determines Judicial Jurisdiction - how is that irrelevant?
>
> it is NOT atall.. he is kidding himself..
> I already said just ONE country where i could happily commit crimes, in
> the usa or uk from, and thru, panama.
> simple as that, they wont execute crap unless you commit fraud etc, on
> theyre home.
> cheers.
> xd
>
>
>
>
>
>
> On 29 September 2011 23:54, Louis McCoy <louie () wellandlighthouse com>
> wrote:
>
>
> User location determines Judicial Jurisdiction - how is that irrelevant?
>
>
> On 9/29/2011 9:27 AM, Benji wrote:
>
> No, you are wrong. 
>
>
> Either; the vpn provider complied with court order, or they face the
> legal ramifications of not doing so. User location is irrelevant. 
>
>
> On Thu, Sep 29, 2011 at 2:04 PM, xD 0x41 <secn3t () gmail com> wrote:
>
>
> indeed :)
>  but, it is how a proper anon person would operate, well, tht is how i
> once did...
>  anyhow, it is to broad, and, yes, i qwould never believe in bulletproof,
> unless i have used it maybe, for 10yrs, thru 10 botnets ;P wich, is very
> rare but funnily, possible.
>  webhosters, are even more corrupt and better at hiding data.. face it,
> if the vpn provider had not shat themself, then it would be a non story.
>
>
>
>
>
>
> On 29 September 2011 23:00, Benji <me () b3nji com> wrote:
>
>
> 'Abuse' emails and court orders are very different.
>
>
> On Thu, Sep 29, 2011 at 1:59 PM, xD 0x41 <secn3t () gmail com> wrote:
>
>
> err, you are limited in those countries dude... id really checkup on that
> ... maybe some but, yea i agree, i dont think any hosting is anon, but, i
> sure know i have kept an anon dedis in past, and was VERY easy to avoid
> handing anything over. Unless they had personally seized from my company,
> i was allowed to basically get away with, and if i want to, again, could
> do the same  'anonymously' and, indeed keep those details, away.
>  it is not frigin hard dude, where did Yyou get the idea, that is not
> hard to move a user around boxes :P
>   and rename them, etc etc etc, always change ipv6 tunnels... there is
> somany ways, you obv have not ran a dedicated server in a company
> environment coz boi, they hide nets on legit hostin now, legit
> apparently* companies...and they do it using those simple means, and,
> even show logs of them 'removing and deleting' files of the apprent 'bad
> user' , this is, a whole different level than even needing to deal with
> cops.. so, you are scared too much by laws  wich can be smokescreened.
>  Run a dedis, or simply ask a admin, howmany abuse they get, and howmany
> users they actually rm ;)
>  you would want this service, on your vps ?
>  i surely wouldnt,. i know, with me, if i offer anon, you stay damn anon,
> if you bring cops to MY HOUSE, then i may have to try and, simply keep my
> darn data secure ey ?
>  how about that ?
>  simple methods, defeat simple plans benji.
>  xd
>
>
>
>
>
> On 29 September 2011 22:53, Benji <me () b3nji com> wrote:
>
>
> Yes they do. If you buy a server in America for example, even if you are
> located in Russia, they are required by federal law to hand over your
> details wherever you may reside. I dont know where you've obtained this
> idea that they can't.
>
>
> Just because something is advertised as 'anonymous' doesnt mean it's 'so
> anonymous you can break the law' and anyone using a EU/US-related country
> to do this is either stupid or naive.
>
>
> On Thu, Sep 29, 2011 at 1:50 PM, xD 0x41 <secn3t () gmail com> wrote:
>
>
> They advertised as anonymous VPN to 'everyone'.
>  Then, that would mean, especially NOT locally, thats something wich is
> also, subject to federal laws though so, in its own country, the provider
> may have to, nomatter whats advertised, BUT outside of country customers,
> should not be handed over.
>  isp's here dont do it, and havent, for like 20 yrs, they also do not
> take down people,issue nor execute other peoples 'takedown orders', there
> is many reasons for this but basically, they loose money from it.
>  Anyhow, in UK, you maybe right, but outside of there, then, they should
> have maybe not advertised as anononymous vpn services for everyone and
> anyone. thats obvious crap we know now.
>  anyhow, cheers,
>  xd
>
>
>
>
>
> On 29 September 2011 22:45, Benji <me () b3nji com> wrote:
>
>
> Im sorry, why is it 'worrying' that a vpn provider that was a UK business
> and was located in the UK, is subject to UK law?
>
>
>
>
>
> On Thu, Sep 29, 2011 at 9:51 AM, Darren Martyn
> <d.martyn.fulldisclosure () gmail com> wrote:
>
>
> Again, I hope this does not fail to send.
>  The reasoning behind the "Pure Elite" recruitment channel was A: to
> recruit some talented people (and, by all accounts, there were some
> talented programmers there) and B: development and idle talk. Now more
> interesting was the reasoning behind the name - by putting the developers
> and coders and potential recruits in a channel named "Pure Elite", it was
> essentially an ego boost for the new guys, made them feel valued, etc,
> when in fact most were but pawns to be used (IMHO).
>
> This co-operation between VPN providers and LEO, while being nothing new
> - remember how hushmail caved in - is indeed worrying for those of us who
> are privacy advocates as well as security researchers.
>
> On a more direct note, Laurelei, do not presume that you know all there
> is to know about them. Doing so would be foolish. (Now don't go assuming
> that I hate you, I bear you bugger all ill-will, etc).
>  Good day.
>
>
>
>
> On Wed, Sep 28, 2011 at 5:44 AM, Laurelai Storm <laurelai () oneechan org>
> wrote:
>
>
>
> Its all good dude. What really concerns me is that vpn providers might
> give over logs to oppressive regemes. TOR is starting to look better and
> better.
>
>
> On Sep 27, 2011 11:40 PM, "GloW - XD" <doomxd () gmail com> wrote:
>  > never did... was only for one buttcheek kid that i was alittle pissed
> and
>  > thinking things wich, prolly were wrong at the time...
>  > I am adult enough to apologise for what happened back then, and
> hopefully it
>  > is just, cool.
>  > :)
>  > cheers, your loved by many, you just have many trollers to :sp
>  > take care ,
>  > xd
>  >
> > On 28 September 2011 14:32, Laurelai Storm <laurelai () oneechan org> wrote:
>  >
> > > Im suprised, someone on the internet who *doesn't * hate me :p
>  >> On Sep 27, 2011 11:29 PM, "GloW - XD" <doomxd () gmail com> wrote:
>  >> > Hello Laurelai ,
>  >> > Oh i agree it is still a terrible precedent to be set.. I dont even
> know
>  >> > where, legally, i stand anymore...
>  >> > It is rather disturbing, nomatter WHO it was laurela.
>  >> > I am all for the hatred against the VPN provs, and this is not just
>  >> > happening here, and i made a BIG statement about this, and privacy,
> in my
>  >> > channel on efnet, first as i saw it.
>  >> >
>  >> > Then saw a torrentfreak feed,of someone who was an owner of a huge
>  >> torrent
>  >> > site, was handed to authorities, not by the hoster, no... but by the
>  >> > frigging payment handler, ie paypal or alertpay most likely.
>  >> >
>  >> > This is not good, it makes a grey could now over what is 'anon' and
> what
>  >> > isnt. and thats a bad thing for us all.
>  >> > To much fraud is causing this, thats plain and simple.Abusing
> places like
>  >> > Sony, and, major banks, only make the authorities turn to politics,
> whom
>  >> in
>  >> > turn can bully with federal and state laws of ANY country, i think
> this
>  >> is
>  >> > the dangerous part wich is affecting lulzsec members or whoever was
> apart
>  >> of
>  >> > it, and, i mean efnet is no recruiting grounds for decent hkrs.
>  >> > Simple as that, you know it, maybe thru word of mouth ok, but not
> alone
>  >> by
>  >> > being in channels but that network, is one federal hideout
> now..and, that
>  >> is
>  >> > every channel, if it is not being spied (yea they have a module
>  >> > m_spychannel.c or similar, wich, they actually had without
> realising,
>  >> asked
>  >> > a friend, to code for them.
>  >> > This was rejected by me/her,but i believe they have the module
> running
>  >> now.
>  >> > So, what was to stop them adding theyre own hidden spy mode to it
> :s look
>  >> at
>  >> > what they did to my old channel #haqnet, they introduced drinemon
> and a
>  >> > bunch of other things, when it could have been simply worked out
> with
>  >> > words.. but anyhow, i will not brood on the past, i hope this is
> mutual
>  >> > Laurelai, I have nothing bad to say about you, and in turn, expect
> the
>  >> same.
>  >> > Respect for respect dear.
>  >> > I do agree with you about the situation and, as you can see, am not
>  >> holding
>  >> > 9undisclosed) crappy things wich happened along time ago, over one
>  >> idiotic
>  >> > kid, on efnet, whom now i know you do not associate with. So, i want
>  >> that,
>  >> > to be laid rest now.. please.
>  >> > And, we can only hope that the greater common sense will prevail and
>  >> > hopefully, places will be forced to proove anonymity in some way,
> wether
>  >> > that be by showing people email interaction with requester's of
> peoples
>  >> > info, or anything simple even, wich would be then a standard for
> VPN, I
>  >> do
>  >> > not use them but, if i bought anonymous vpn, id expect exactly
>  >> that,without
>  >> > political interaction and grey areas about who and what is now
> legal and
>  >> not
>  >> > legal on the internet, on chatrooms, and on even websites.
>  >> > ok, thats plenty, cheers!
>  >> > xd
>  >> >
>  >> >
>  >> > On 28 September 2011 13:41, Laurelai <laurelai () oneechan org> wrote:
>  >> >
>  >> >> On 9/27/2011 10:10 PM, sandeep k wrote:
>  >> >>
>  >> >> Lolz members was really insane ,i m not why to use that crapy hma.
>  >> >> On Sep 27, 2011 8:36 PM, "Ferenc Kovacs" <tyra3l () gmail com> wrote:
>  >> >> > yeah, and usually the same goes for calling others "kids" ;)
>  >> >> >
>  >> >> > On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD <doomxd () gmail com>
> wrote:
>  >> >> >> #pure-elite , rofl... yes indeed :P
>  >> >> >> hehe... nice story tho...funny about the elite channel thing...
> why
>  >> do
>  >> >> ppl
>  >> >> >> tag themselves as elite? usually when they are not...
>  >> >> >> ohwell, thats efnut :s (irc sucks)
>  >> >> >> xd
>  >> >> >>
>  >> >> >>
>  >> >> >> On 27 September 2011 19:03, Darren Martyn
>  >> >> >> <d.martyn.fulldisclosure () gmail com> wrote:
>  >> >> >>>
>  >> >> >>> Hope this sends correctly, new email client and all... But
> seeing as
>  >> it
>  >> >> is
>  >> >> >>> an international investigation many people have been bending
> over
>  >> >> backwards
>  >> >> >>> to assist LEO on this. HMA and perfect privacy were the VPN's
> of
>  >> choice
>  >> >> for
>  >> >> >>> them it would appear, oh, and he was part of the #pure-elite
> channel
>  >> on
>  >> >> that
>  >> >> >>> IRC server, and hence, considered by LEO and others as "Part of
>  >> >> LulzSec".
>  >> >> >>>
>  >> >> >>> TL;DR, this is nothing new.
>  >> >> >>>
>  >> >> >>> On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm <
>  >> laurelai () oneechan org
>  >> >> >
>  >> >> >>> wrote:
>  >> >> >>>>
>  >> >> >>>> And the guy wasnt even a part of lulzsec
>  >> >> >>>>
>  >> >> >>>> On Sep 26, 2011 10:37 PM, "Jeffrey Walton"
> <noloader () gmail com>
>  >> >> wrote:
>  >> >> >>>> > On Mon, Sep 26, 2011 at 8:47 PM, Ivan . <ivanhec () gmail com>
>  >> wrote:
>  >> >> >>>> >>
>  >> >> >>>> >>
>  >> >>
>  >>
> http://www.h-online.com/security/news/item/VPN-provider-helped-track-down
> -alleged-LulzSec-member-1349666.html
>  >> >> >>>> > Though HMA claims they complied with a court order, it
> looks as
>  >> if
>  >> >> >>>> > they facilitated a law enforcement request. The US and the
> FBI
>  >> have
>  >> >> no
>  >> >> >>>> > jurisdiction in the UK.
>  >> >> >>>> >
>  >> >> >>>> > Jeff
>  >> >> >>>> >
>  >> >> >>>> > _______________________________________________
>  >> >> >>>> > Full-Disclosure - We believe in it.
>  >> >> >>>> > Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
>  >> >> >>>> > Hosted and sponsored by Secunia - http://secunia.com/
>  >> >> >>>>
>  >> >> >>>> _______________________________________________
>  >> >> >>>> Full-Disclosure - We believe in it.
>  >> >> >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  >> >> >>>> Hosted and sponsored by Secunia - http://secunia.com/
>  >> >> >>>
>  >> >> >>>
>  >> >> >>> _______________________________________________
>  >> >> >>> Full-Disclosure - We believe in it.
>  >> >> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  >> >> >>> Hosted and sponsored by Secunia - http://secunia.com/
>  >> >> >>
>  >> >> >>
>  >> >> >> _______________________________________________
>  >> >> >> Full-Disclosure - We believe in it.
>  >> >> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  >> >> >> Hosted and sponsored by Secunia - http://secunia.com/
>  >> >> >>
>  >> >> >
>  >> >> >
>  >> >> >
>  >> >> > --
>  >> >> > Ferenc Kovács
>  >> >> > @Tyr43l - http://tyrael.hu
>  >> >> >
>  >> >> > _______________________________________________
>  >> >> > Full-Disclosure - We believe in it.
>  >> >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  >> >> > Hosted and sponsored by Secunia - http://secunia.com/
>  >> >>
>  >> >>
>  >> >> _______________________________________________
>  >> >> Full-Disclosure - We believe in it.
>  >> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  >> >> Hosted and sponsored by Secunia - http://secunia.com/
>  >> >>
>  >> >> >From my understanding they used the channel as a possible
> recruitment
>  >> >> ground, though only 6 people were officially a part of lulzsec , i
> find
>  >> it
>  >> >> disturbing that law enforcement considers being in an irc channel
>  >> tantamount
>  >> >> to being a part of lulzsec.
>  >> >>
>  >> >> _______________________________________________
>  >> >> Full-Disclosure - We believe in it.
>  >> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  >> >> Hosted and sponsored by Secunia - http://secunia.com/
>  >> >>
>  >>
>
> _______________________________________________
>  Full-Disclosure - We believe in it.
>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
> _______________________________________________
>  Full-Disclosure - We believe in it.
>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
> _______________________________________________
>  Full-Disclosure - We believe in it.
>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/



-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson
"There are some ideas so wrong that only a very
intelligent person could believe in them." George Orwell

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/