4-Chan 'Anonymous' web-site hackers arrested.

Meh people are attacking gov websites all the time according to our logs :p

No idea why, but our guest wireless access at work whilst still controlled/filtered, is an open wireless connection for all to see and use.
 
It seems some think that all the police/whoever have to do is get your IP. This is entirely not the case. UK law requires that there is enough evidence to prove beyond reasonable doubt. Simply having someone's IP address won't do this.

So on this point, when they identify the public IP found to be the originating source of these messages, they apply for a warrant to seize all machines that are behind that IP (so if at your home, they will seize all laptops, workstations, PDAs, iPhones, iPads etc. etc.)

Then they will then begin "forensic analysis" of said machines. Simply put, they'll poke through your hard drive looking for evidence of foul play. 90% of the time, it is to find any messages, emails, browser history of forum posts etc. etc. to prove that you conspired and purposefully committed the act, not just had some Trojan do it on the behalf of someone else. These idiots who used LOIC (which is a load testing tool, and not a "hacking tool" as described) will have had plenty of "OMGZ I R LEET HAXORING AMAZON LOLOLOLOL!111!11" messages to convict them with.

The various security forces are not IT illiterate idiots, and their lawyers (and the defence lawyers) know how to present this evidence that will not confuse 72 year old Mrs Billpot who is on the Jury.
 
Last edited:
Dj_Jestar said:
It seems some think that all the police/whoever have to do is get your IP. This is entirely not the case. UK law requires that there is enough evidence to prove beyond reasonable doubt. Simply having someone's IP address won't do this.

So on this point, when they identify the public IP found to be the originating source of these messages, they apply for a warrant to seize all machines that are behind that IP (so if at your home, they will seize all laptops, workstations, PDAs, iPhones, iPads etc. etc.)

Then they will then begin "forensic analysis" of said machines. Simply put, they'll poke through your hard drive looking for evidence of foul play. 90% of the time, it is to find any messages, emails, browser history of forum posts etc. etc. to prove that you conspired and purposefully committed the act, not just had some Trojan do it on the behalf of someone else. These idiots who used LOIC (which is a load testing tool, and not a "hacking tool" as described) will have had plenty of "OMGZ I R LEET HAXORING AMAZON LOLOLOLOL!111!11" messages to convict them with.

The various security forces are not IT illiterate idiots, and their lawyers (and the defence lawyers) know how to present this evidence that will not confuse 72 year old Mrs Billpot who is on the Jury.
Click to expand...

But what if I have control of your computer? They'd seize your computer and find all sorts.

OH SHI*

Don't drop the soap.
 
steve-h said:
But what if I have control of your computer? They'd seize your computer and find all sorts.

OH SHI*
Click to expand...
They'd also see the virus/whatever it is you've used to take control. Like I said, they are not idiots ;) they won't just do a preliminary scan with Norton and leave it at that.

They'd also find various things to prove that it was me using that machine, such as anything on Facebook or other such site where I have used my credentials. A popular one is internet purchases using a credit/debit card, to prove beyond reasonable doubt that I was at the machine.
 
Dj_Jestar said:
They'd also see the virus/whatever it is you've used to take control. Like I said, they are not idiots ;) they won't just do a preliminary scan with Norton and leave it at that.

They'd also find various things to prove that it was me using that machine, such as anything on Facebook or other such site where I have used my credentials. A popular one is internet purchases using a credit/debit card, to prove beyond reasonable doubt that I was at the machine.
Click to expand...

I wish there were a way to prove it, but I'm seriously willing to bet I could successfully frame someone without them getting suspicious of anyone else's activity on the machine... never mind having it point back to me.
 
Ahhhh man I used to love using my LOIC is C&C to destroy enemy building, then then send in the bombers to finish anything off whilst those things with the two legs moved in to blast troops to pieces.

Quality game, can't believe people are doing it IRL though. Crazy times.

:p
 
Dj_Jestar said:
They'd also see the virus/whatever it is you've used to take control. Like I said, they are not idiots ;) they won't just do a preliminary scan with Norton and leave it at that.

They'd also find various things to prove that it was me using that machine, such as anything on Facebook or other such site where I have used my credentials. A popular one is internet purchases using a credit/debit card, to prove beyond reasonable doubt that I was at the machine.
Click to expand...

So it could go both ways then, if someone wanted to do it and make it look like they're innocent they could place a trojan or virus and perhaps leave their wireless open at the time, either way when it comes to computers theres just so many possibilities that i don't see how they can ever get enough evidence beyond reasonable doubt.
 
Radiation said:
So it could go both ways then, if someone wanted to do it and make it look like they're innocent they could place a trojan or virus and perhaps leave their wireless open at the time, either way when it comes to computers theres just so many possibilities that i don't see how they can ever get enough evidence beyond reasonable doubt.
Click to expand...

Yep, a good idea. Let's just hope they're able to find it!

Dj_Jestar said:
My sister works in computer forensics :)
Click to expand...

Maybe you could pick her brains for us then :D Are publicly available, open source tools used? Do they use their own as well as? Just how hard do they look for malware, and do they bother/have the skills to reverse engineer it?

How do they deal with people encrypting their hard drives and... forgetting... their passwords? What if the attacker, after doing his malicious deeds, does this? :eek:

I'd love to know, I'm genuinely interested.
 
If the attack is successful then the server won't record the IP addresses anyway. There are other ways of hiding them. Of course, you could always just go down to a coffee shop or pub and use free wifi ;)

Also, 4Chan is not Anonymous, by any stretch of the imagination.
 
Radiation said:
So it could go both ways then, if someone wanted to do it and make it look like they're innocent they could place a trojan or virus and perhaps leave their wireless open at the time, either way when it comes to computers theres just so many possibilities that i don't see how they can ever get enough evidence beyond reasonable doubt.
Click to expand...

It's very difficult to feign innocence. Network traffic using said trojan horse would be needed, and the cycle continues.

Usually just destroying the machine is all it needs before going to all that trouble :p
 
steve-h said:
Yep, a good idea. Let's just hope they're able to find it!



Maybe you could pick her brains for us then :D Are publicly available, open source tools used? Do they use their own as well as? Just how hard do they look for malware, and do they bother/have the skills to reverse engineer it?

How do they deal with people encrypting their hard drives and... forgetting... their passwords? What if the attacker, after doing his malicious deeds, does this? :eek:

I'd love to know, I'm genuinely interested.
Click to expand...

A mixture. They have some in-house tools to crunch numbers that aren't available elsewhere. For encryption with "lost" keys, they do it the old fashioned way. A massive data warehouse with 100s upon 100s of CPUs for brute forcing. They take copies upon copies to eliminate the "three strike" systems that will destroy the data if incorrect passwords used more than three times etc.* this does mean that sometimes getting at the data can take years, but the CPS are happy to do it, if the crime warrants it of course. :)

* They'll take copies of the original disk, and will attempt key combination, if a copy destroys the data, they will replace with next copy (and then make a new one) and continue the cycle.
 
Dj_Jestar said:
They'd also see the virus/whatever it is you've used to take control. Like I said, they are not idiots ;) they won't just do a preliminary scan with Norton and leave it at that.

They'd also find various things to prove that it was me using that machine, such as anything on Facebook or other such site where I have used my credentials. A popular one is internet purchases using a credit/debit card, to prove beyond reasonable doubt that I was at the machine.
Click to expand...

Sadly you really underestimate the police.

Have a read of guilford 4 or Birmingham six to see how far police look when looking for someone to arrest...

http://en.wikipedia.org/wiki/Guildford_Four_and_Maguire_Seven



:(

I'd bet they would do a preliminary scan and leave it at that.

Oh they'll also look for child pron.
 
I already know they don't just do a preliminary scan.. My sister is regularly providing services for the CPS, as I already posted :p

I'm not going to tar the entire police force and CPS based on a few terrible mistakes some have made that form not even a fraction of the number of successful and properly processed charges they present to court. :)
 
JBod said:
Actually you can hide your IP address by crafting TCP packets to spoof the sender IP, just don't expect to get anything back again.... which of course for a DOS is not a requirement.
Click to expand...
True but any half decent ISP will implement reverse path filtering on a per customer basis. Spoofed packets will be dropped before leaving the ISP.
 
You must log in or register to reply here.
Back
Top Bottom