Full Disclosure mailing list archives

Re: VPN provider helped track down alleged LulzSec member

From: GloW - XD <doomxd () gmail com>
Date: Sat, 1 Oct 2011 05:33:58 +1000

precisely why i did not screrw with peoples things and thx for poiting this
out.

Providers that steal other peoples hacks don't last long in the
underground. People take that personally :)

This is a BIG reason why, i did not, nor my coadmin, touch things, unless we
were invited to, and, never ever did any 'ircd steals' in that way, people
were paying me for a 'shell' , it was what i decided todo, and, then, i did
never even get once, emails from MY providrs, so why should i listen to some
dud who got his box owned and is spewing... it is kinda how i saw things, my
customers owned them, they compained to me, this caused me nothing but,
making a new user dir and, making new box for the user,..... if this stuff
persisted, ie, nonstop compaints, and, uplink complaints would usually
follow, i still would try rehome them on a priv box.
So, i guess nowdays, maybe id not do this, but this was 2008.
xheers.
xd


On 1 October 2011 02:40, Laurelai <laurelai () oneechan org> wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 9/30/2011 9:46 AM, Paul Schmehl wrote:

IOW, there is no honor among thieves.

This isn't a new concept.

--On September 30, 2011 3:31:06 PM +0100 Darren Martyn
<d.martyn.fulldisclosure () gmail com> wrote:

By screw you over I did not intend to mean "sell you out". I meant a

more

criminal fucking over - where they backdoor the box (Hey, physical

access

and its THEIR server) and steal your criminal assets... i.e. steal, say,
your formgrabber data (and keep it), jack your botnet, etc... SOme of
them guys do just that. The domain "khant.info" used to be a "free

botnet

service" where one could use Khant's servers to run a botnet. It was
marketed toward script kiddies, and after a few short months he ran off
with their bots and their money :)

Just an example of how common it is for a "bulletproof host" or such to
fuck you over.


On Thu, Sep 29, 2011 at 2:56 PM, xD 0x41 <secn3t () gmail com> wrote:


User location determines Judicial Jurisdiction - how is that irrelevant?

it is NOT atall.. he is kidding himself..
I already said just ONE country where i could happily commit crimes, in
the usa or uk from, and thru, panama.
simple as that, they wont execute crap unless you commit fraud etc, on
theyre home.
cheers.
xd






On 29 September 2011 23:54, Louis McCoy <louie () wellandlighthouse com>
wrote:


User location determines Judicial Jurisdiction - how is that irrelevant?


On 9/29/2011 9:27 AM, Benji wrote:

No, you are wrong.


Either; the vpn provider complied with court order, or they face the
legal ramifications of not doing so. User location is irrelevant.


On Thu, Sep 29, 2011 at 2:04 PM, xD 0x41 <secn3t () gmail com> wrote:


indeed :)
but, it is how a proper anon person would operate, well, tht is how i
once did...
anyhow, it is to broad, and, yes, i qwould never believe in bulletproof,
unless i have used it maybe, for 10yrs, thru 10 botnets ;P wich, is very
rare but funnily, possible.
webhosters, are even more corrupt and better at hiding data.. face it,
if the vpn provider had not shat themself, then it would be a non story.






On 29 September 2011 23:00, Benji <me () b3nji com> wrote:


'Abuse' emails and court orders are very different.


On Thu, Sep 29, 2011 at 1:59 PM, xD 0x41 <secn3t () gmail com> wrote:


err, you are limited in those countries dude... id really checkup on

that

... maybe some but, yea i agree, i dont think any hosting is anon, but,

sure know i have kept an anon dedis in past, and was VERY easy to avoid
handing anything over. Unless they had personally seized from my

company,

i was allowed to basically get away with, and if i want to, again, could
do the same 'anonymously' and, indeed keep those details, away.
it is not frigin hard dude, where did Yyou get the idea, that is not
hard to move a user around boxes :P
and rename them, etc etc etc, always change ipv6 tunnels... there is
somany ways, you obv have not ran a dedicated server in a company
environment coz boi, they hide nets on legit hostin now, legit
apparently* companies...and they do it using those simple means, and,
even show logs of them 'removing and deleting' files of the apprent 'bad
user' , this is, a whole different level than even needing to deal with
cops.. so, you are scared too much by laws wich can be smokescreened.
Run a dedis, or simply ask a admin, howmany abuse they get, and howmany
users they actually rm ;)
you would want this service, on your vps ?
i surely wouldnt,. i know, with me, if i offer anon, you stay damn anon,
if you bring cops to MY HOUSE, then i may have to try and, simply keep

my

darn data secure ey ?
how about that ?
simple methods, defeat simple plans benji.
xd





On 29 September 2011 22:53, Benji <me () b3nji com> wrote:


Yes they do. If you buy a server in America for example, even if you are
located in Russia, they are required by federal law to hand over your
details wherever you may reside. I dont know where you've obtained this
idea that they can't.


Just because something is advertised as 'anonymous' doesnt mean it's 'so
anonymous you can break the law' and anyone using a EU/US-related

country

to do this is either stupid or naive.


On Thu, Sep 29, 2011 at 1:50 PM, xD 0x41 <secn3t () gmail com> wrote:


They advertised as anonymous VPN to 'everyone'.
Then, that would mean, especially NOT locally, thats something wich is
also, subject to federal laws though so, in its own country, the

provider

may have to, nomatter whats advertised, BUT outside of country

customers,

should not be handed over.
isp's here dont do it, and havent, for like 20 yrs, they also do not
take down people,issue nor execute other peoples 'takedown orders',

there

is many reasons for this but basically, they loose money from it.
Anyhow, in UK, you maybe right, but outside of there, then, they should
have maybe not advertised as anononymous vpn services for everyone and
anyone. thats obvious crap we know now.
anyhow, cheers,
xd





On 29 September 2011 22:45, Benji <me () b3nji com> wrote:


Im sorry, why is it 'worrying' that a vpn provider that was a UK

business

and was located in the UK, is subject to UK law?





On Thu, Sep 29, 2011 at 9:51 AM, Darren Martyn
<d.martyn.fulldisclosure () gmail com> wrote:


Again, I hope this does not fail to send.
The reasoning behind the "Pure Elite" recruitment channel was A: to
recruit some talented people (and, by all accounts, there were some
talented programmers there) and B: development and idle talk. Now more
interesting was the reasoning behind the name - by putting the

developers

and coders and potential recruits in a channel named "Pure Elite", it

was

essentially an ego boost for the new guys, made them feel valued, etc,
when in fact most were but pawns to be used (IMHO).

This co-operation between VPN providers and LEO, while being nothing new
- remember how hushmail caved in - is indeed worrying for those of us

who

are privacy advocates as well as security researchers.

On a more direct note, Laurelei, do not presume that you know all there
is to know about them. Doing so would be foolish. (Now don't go assuming
that I hate you, I bear you bugger all ill-will, etc).
Good day.




On Wed, Sep 28, 2011 at 5:44 AM, Laurelai Storm <laurelai () oneechan org>
wrote:



Its all good dude. What really concerns me is that vpn providers might
give over logs to oppressive regemes. TOR is starting to look better and
better.


On Sep 27, 2011 11:40 PM, "GloW - XD" <doomxd () gmail com> wrote:

never did... was only for one buttcheek kid that i was alittle pissed

and

thinking things wich, prolly were wrong at the time...
I am adult enough to apologise for what happened back then, and

hopefully it

is just, cool.
:)
cheers, your loved by many, you just have many trollers to :sp
take care ,
xd


On 28 September 2011 14:32, Laurelai Storm <laurelai () oneechan org>

wrote:

Im suprised, someone on the internet who *doesn't * hate me :p
On Sep 27, 2011 11:29 PM, "GloW - XD" <doomxd () gmail com> wrote:

Hello Laurelai ,
Oh i agree it is still a terrible precedent to be set.. I dont even

know

where, legally, i stand anymore...
It is rather disturbing, nomatter WHO it was laurela.
I am all for the hatred against the VPN provs, and this is not just
happening here, and i made a BIG statement about this, and privacy,

in my

channel on efnet, first as i saw it.

Then saw a torrentfreak feed,of someone who was an owner of a huge

torrent

site, was handed to authorities, not by the hoster, no... but by

the

frigging payment handler, ie paypal or alertpay most likely.

This is not good, it makes a grey could now over what is 'anon' and

what

isnt. and thats a bad thing for us all.
To much fraud is causing this, thats plain and simple.Abusing

places like

Sony, and, major banks, only make the authorities turn to politics,

whom

in

turn can bully with federal and state laws of ANY country, i think

this

is

the dangerous part wich is affecting lulzsec members or whoever was

apart

of

it, and, i mean efnet is no recruiting grounds for decent hkrs.
Simple as that, you know it, maybe thru word of mouth ok, but not

alone

by

being in channels but that network, is one federal hideout

now..and, that

is

every channel, if it is not being spied (yea they have a module
m_spychannel.c or similar, wich, they actually had without

realising,

asked

a friend, to code for them.
This was rejected by me/her,but i believe they have the module

running

now.

So, what was to stop them adding theyre own hidden spy mode to it

:s look

at

what they did to my old channel #haqnet, they introduced drinemon

and a

bunch of other things, when it could have been simply worked out

with

words.. but anyhow, i will not brood on the past, i hope this is

mutual

Laurelai, I have nothing bad to say about you, and in turn, expect

the

same.

Respect for respect dear.
I do agree with you about the situation and, as you can see, am not

holding

9undisclosed) crappy things wich happened along time ago, over one

idiotic

kid, on efnet, whom now i know you do not associate with. So, i

want

that,

to be laid rest now.. please.
And, we can only hope that the greater common sense will prevail

and

hopefully, places will be forced to proove anonymity in some way,

wether

that be by showing people email interaction with requester's of

peoples

info, or anything simple even, wich would be then a standard for

VPN, I

do

not use them but, if i bought anonymous vpn, id expect exactly

that,without

political interaction and grey areas about who and what is now

legal and

not

legal on the internet, on chatrooms, and on even websites.
ok, thats plenty, cheers!
xd


On 28 September 2011 13:41, Laurelai <laurelai () oneechan org>

wrote:

On 9/27/2011 10:10 PM, sandeep k wrote:

Lolz members was really insane ,i m not why to use that crapy hma.
On Sep 27, 2011 8:36 PM, "Ferenc Kovacs" <tyra3l () gmail com>

wrote:

yeah, and usually the same goes for calling others "kids" ;)

On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD <doomxd () gmail com>

wrote:

#pure-elite , rofl... yes indeed :P
hehe... nice story tho...funny about the elite channel thing...

why

do

ppl

tag themselves as elite? usually when they are not...
ohwell, thats efnut :s (irc sucks)
xd


On 27 September 2011 19:03, Darren Martyn
<d.martyn.fulldisclosure () gmail com> wrote:


Hope this sends correctly, new email client and all... But

seeing as

it

is

an international investigation many people have been bending

over

backwards

to assist LEO on this. HMA and perfect privacy were the VPN's

of

choice

for

them it would appear, oh, and he was part of the #pure-elite

channel

on

that

IRC server, and hence, considered by LEO and others as "Part

of

LulzSec".


TL;DR, this is nothing new.

On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm <

laurelai () oneechan org

wrote:


And the guy wasnt even a part of lulzsec

On Sep 26, 2011 10:37 PM, "Jeffrey Walton"

<noloader () gmail com>

wrote:

On Mon, Sep 26, 2011 at 8:47 PM, Ivan . <ivanhec () gmail com

wrote:

http://www.h-online.com/security/news/item/VPN-provider-helped-track-down

-alleged-LulzSec-member-1349666.html

Though HMA claims they complied with a court order, it

looks as

if

they facilitated a law enforcement request. The US and the

FBI

have

no

jurisdiction in the UK.

Jeff

_______________________________________________
Full-Disclosure - We believe in it.
Charter:

http://lists.grok.org.uk/full-disclosure-charter.html

Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter:

http://lists.grok.org.uk/full-disclosure-charter.html

Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter:

http://lists.grok.org.uk/full-disclosure-charter.html

Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--
Ferenc Kovács
@Tyr43l - http://tyrael.hu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

From my understanding they used the channel as a possible

recruitment

ground, though only 6 people were officially a part of lulzsec , i

find

it

disturbing that law enforcement considers being in an irc channel

tantamount

to being a part of lulzsec.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
















_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Providers that steal other peoples hacks don't last long in the
underground. People take that personally :)


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJOhfEJAAoJEMtrOhzH8m1pIlAP/1lt7/q+VKEC80I8LrYbaqFn
wiGYUZCzUims6wZ5hXJ2nSx42jVIeTnlNNIiOwcMHRY9GBWLnbSp6C7xbF1CugiX
NGlEQJc4ssFNL5Q2WwbVgl6sxbHs9ZTFZrWGZx6rNJKxvRIjZA2nkuottkioizL4
cEIGwSs+1H3GY8CV5PdHXdikJ+jsVGrmo7x8cwD/FoTMXRc+AjaGA3jsV5fp8627
B6Ev6Zq6dHJIdpUMRe1j6U2BmjgtXgMvwq1FdO11+0rO97YWFWqfgQG/xCPZi1rg
oZ2sT8HdKOIapJ3PtpWKXJAM+BgVJ/8UWDJOVsLTt9ojQ8n9hukEt5rv4ECtHZLu
M8rNsU1k+ko4ggFLKYnr7BcbOLnXNyX098eXuELF1te001Y0tt6DAJ5cps6ILZzK
AHj+CVxdLTh2SUOPk1gLJZVySwPhb7SxB2c9wd9lwN4RwzfzoidaIQUrMVcZCPdt
zfW5C1HOY0qZmwyLWUlFvrZminQzsoH52O+1Fdc2g8s2dIQIt19lqBKgJg8U6SWV
SmUimy2FZQRt0MnGhc27PmeP7D4cfoTu5H0wde5vsfw95O1QGTLoOatsGDYKXIUN
t69NAH/twUk1/izc/m399Ns4Q/mfOQ8bpnRw6pcTBtNOiBboED2u2JxP0Ez3IFet
Wnp8xsGfe7ftX8Go/My+
=5IuM
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: VPN provider helped track down alleged LulzSec member, (continued)
- - - Re: VPN provider helped track down alleged LulzSec member Darren Martyn (Sep 29)
    - Re: VPN provider helped track down alleged LulzSec member xD 0x41 (Sep 30)
    - Re: VPN provider helped track down alleged LulzSec member xD 0x41 (Sep 30)
    - Re: VPN provider helped track down alleged LulzSec member Darren Martyn (Sep 30)
    - Re: VPN provider helped track down alleged LulzSec member Paul Schmehl (Sep 30)
    - Re: VPN provider helped track down alleged LulzSec member adam (Sep 30)
    - Re: VPN provider helped track down alleged LulzSec member Laurelai (Sep 30)
    - Re: VPN provider helped track down alleged LulzSec member Laurelai (Sep 30)
    - Re: VPN provider helped track down alleged LulzSec member adam (Sep 30)
    - Re: VPN provider helped track down alleged LulzSec member Laurelai (Sep 30)
    - Re: VPN provider helped track down alleged LulzSec member GloW - XD (Sep 30)
    - Re: VPN provider helped track down alleged LulzSec member Laurelai (Sep 29)