The article is exaggerating the guy’s setup way too much. Opsec doesn’t end at the application level… The OS (the most popular being in bed with US), ISP, tor nodes, Honeypot VPNs, so on and so on could leave a trail.
Using telegram public groups and obfuscating a calculator as a password protection layer is hillbilly level of security.
And i’m glad these fuckos don’t have the knowledge to go beyond App developers marketing.
Goes beyond the OSI model, too. Someone has to pay for that VPN, and there has to be an entry point to getting BTC, using a 2nd hand laptop where they can prove you bought it off of someone off of Craigslist, etc.
Yup, every time I read about something like this, I look at what I’m doing and it’s way overkill, and I have nothing to hide. I’m guessing there are plenty of sickos that don’t get caught because they practice half-decent opsec, but there are a ton that don’t.
Heard about a guy doing insane opsec when selling on the dark web (darknet diaries podcast).
In the end he got busted because a trusted member if his operation got lazy and ignored his rules
Edit: This guy was essentially
Leeching internet via a directional antenna from a neighbour that was significantly away
Not allowing any visitor in with a cell. You had to keep it outside
All drug related actions are done in a cleaned down room.
Tripple sealing dark marketplace orders, wiping everything down with corrosive fluids to destroy any sort of dna material
Not going to the same post office in (I believe 6 months) and only sending of 3-6 shipments at once
Reminds me of the lulzsec leader dude who exposed himself by logging into IRC once without tor on.
Then he folded instantly and became an informant for the FBI to stay out of jail lol.
In the end its really about tradeoffs. You can’t be an expert in everything so you need a team if you want to do anything big, but Cyber criminals are still criminals. They don’t trust each other which is what ultimately leads to their downfall even if they do all the implementation and tech part right.
Some German guy got got for logging into IRC via encrypted wifi, the cops did some war driving and correlated timing of traffic spikes with IRC messages until they had a profile with better hit probability than a DNA match.
The best thing about that? They didn’t even need a search warrant as our genius was broadcasting the side-channel to the whole neighbourhood.
Well without that they would’ve needed probably months correlating things like “goes to bed at X o clock” with those chat logs. For a whole neighbourhood to then get a search warrant with that. Which of course is not above the capabilities of a state actor but depending on how big a fish he was they might not have bothered spending the resources. Being able to pin-point a house in maybe a day when all you have is a municipality is a whole different ballpark.
His relative also admitted their involvement and flipped on him which destroyed the narrow avenue he had to throw out the original evidence for the warrant.
Of course we only ever hear the cases of people who get caught. If he relative hadn’t gotten lazy he may never have been caught.
Does this go to show that authorities needing backdoors to everything in order to do their jobs is actually kind of nonsense?
The article is exaggerating the guy’s setup way too much. Opsec doesn’t end at the application level… The OS (the most popular being in bed with US), ISP, tor nodes, Honeypot VPNs, so on and so on could leave a trail.
Using telegram public groups and obfuscating a calculator as a password protection layer is hillbilly level of security.
And i’m glad these fuckos don’t have the knowledge to go beyond App developers marketing.
Goes beyond the OSI model, too. Someone has to pay for that VPN, and there has to be an entry point to getting BTC, using a 2nd hand laptop where they can prove you bought it off of someone off of Craigslist, etc.
Mullvad let’s you write down an account number on a piece of paper and mail it in with cash and they’ll activate it.
Yup, every time I read about something like this, I look at what I’m doing and it’s way overkill, and I have nothing to hide. I’m guessing there are plenty of sickos that don’t get caught because they practice half-decent opsec, but there are a ton that don’t.
Yeah, it does. Perfect opsec is impossible even with encryption.
Heard about a guy doing insane opsec when selling on the dark web (darknet diaries podcast).
In the end he got busted because a trusted member if his operation got lazy and ignored his rules
Edit: This guy was essentially
Leeching internet via a directional antenna from a neighbour that was significantly away
Not allowing any visitor in with a cell. You had to keep it outside
All drug related actions are done in a cleaned down room.
Tripple sealing dark marketplace orders, wiping everything down with corrosive fluids to destroy any sort of dna material
Not going to the same post office in (I believe 6 months) and only sending of 3-6 shipments at once
I hope I got it correctly. Please go listen to the episode: https://darknetdiaries.com/episode/132/
Reminds me of the lulzsec leader dude who exposed himself by logging into IRC once without tor on.
Then he folded instantly and became an informant for the FBI to stay out of jail lol.
In the end its really about tradeoffs. You can’t be an expert in everything so you need a team if you want to do anything big, but Cyber criminals are still criminals. They don’t trust each other which is what ultimately leads to their downfall even if they do all the implementation and tech part right.
Some German guy got got for logging into IRC via encrypted wifi, the cops did some war driving and correlated timing of traffic spikes with IRC messages until they had a profile with better hit probability than a DNA match.
The best thing about that? They didn’t even need a search warrant as our genius was broadcasting the side-channel to the whole neighbourhood.
Timing attacks work, but if they’re running those then they have a pretty good idea as to both sides of the convo.
Put another way, if they’ve got to that point your opsec has already failed.
Well without that they would’ve needed probably months correlating things like “goes to bed at X o clock” with those chat logs. For a whole neighbourhood to then get a search warrant with that. Which of course is not above the capabilities of a state actor but depending on how big a fish he was they might not have bothered spending the resources. Being able to pin-point a house in maybe a day when all you have is a municipality is a whole different ballpark.
krasse sache
He got his first kid IIRC and was sleep deprived.
That’s sounds mostly correct.
His relative also admitted their involvement and flipped on him which destroyed the narrow avenue he had to throw out the original evidence for the warrant.
Of course we only ever hear the cases of people who get caught. If he relative hadn’t gotten lazy he may never have been caught.
The lesson there is not to involve other people.
Just exterminate all statists within 52’000 km and donezo