Potential Lulz: Security Experts Think UK Police Tricked Into Arresting The Wrong Person Over LulzSec Hacks
from the now-wouldn't-that-be-funny dept
Police in the UK recently reported that they had arrested a hacker who goes by the name Topiary, and often acts as the spokesperson for LulzSec. There's just one problem. A number of the people who follow LulzSec closely (and who have attempted to expose who they really are) note that much of the evidence they have suggests that Topiary is someone entirely different, and that the real Topiary purposely copied his "identity" from a "troll." They're suggesting that the police caught the "troll" instead of the real Topiary. At this point, who knows what's the actual situation, but it wouldn't surprise me if the folks involved in LulzSec were slightly better at covering their tracks (or using misdirection) than the police were at tracking them...
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Of course they have the right guy.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
They are being played by teenagers and twenty-somethings who are their intellectual masters. (Which is not to say that they won't eventually catch some of the LulzSec folks: after all, these baboons are well-known to use illegal methods in order to compensate for their lack of rudimentary critical thinking skills. And sometimes those illegal methods work.)
But your point is quite apt: anyone who was actually seriously bent on doing harm would have no trouble evading the baboons. That's a pretty sobering thought.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
stupid troll is... in jail.
True nerd rage can be an awe-inspiring and terrible thing to behold. :)
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Oh, and an IP adderess is iron-clad proof that the guy is a fruitcake. Well, according to LulzSec anyway.
[ link to this | view in chronology ]
The only thing that could have made it more awesome would have been Topiarys cell ringing as they were taking him into custody and the police looking confused as Rick Astley serenaded them....
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Levels of deception
First, we had the police saying they arrested the correct guy.
Then, we have people saying the police were tricked into arresting the wrong guy.
But I would not be surprised if this has even more levels of mindfuck. We could have the police arresting the correct guy and we being tricked into thinking they arrested the wrong guy. Or they could have arrested the wrong guy, and we are being tricked into thinking they arrested a different wrong guy.
Or perhaps the police arrested the wrong guy, and they are trying to make us believe that they have the correct guy and that the cries of "you got the wrong guy" are just misdirection (reverse psychology-like). Or perhaps that is what they want you to think, and they have the correct guy after all. Or perhaps the correct guy does not exist, and is a character role-played by two or more people. Or perhaps he is a NSA plant, pretending to be Anonymous pretending to be a NSA plant.
Once you start thinking things might not be what they seem, it is turtles all the way down.
[ link to this | view in chronology ]
Re: Levels of deception
An IP address and/or online identity is poor proof (it can be faked, spoofed, etc). Police used that as evidence and got "someone", which COULD have been the wrong guy.
Without further data, we can say nothing, but it is worrisome if it turns out to be true.
[ link to this | view in chronology ]
Re: Levels of deception
I've blown your cover AC.
You're Donald Rumsfeld aren't you?
[ link to this | view in chronology ]
Re: Re: Levels of deception
Weapon of mass corruption?
[ link to this | view in chronology ]
Re: Levels of deception
They are used to going after crackheads on crack, and crack dealers who sell drugs to crackheads. They are used to going after victimless criminals. They are used to going after people with half a brain, people even stupider than them. They have an easy job that requires no brains.
When they have to go after people 100 times smarter and more intelligent then they are, they're going to get ran around in circles 100 times over. They think that just because they can catch some crackheads and maybe outsmart them a little bit, they can do the same to educated technocrats. They have a whole new thing coming to them. They're police, what do you expect? They don't know anything.
[ link to this | view in chronology ]
Re: Re: Levels of deception
[ link to this | view in chronology ]
counting coup
You trick the police, so that they arrest someone as you but it's really
A random stranger........................... 1 point
A troll.......................................... 2 points
A pensioner who doesn't use internet... 30 points
A police officer.............................. 50 points (+5 for every level of rank above Inspector, +100 if undercover trying to infiltrate LulzSec)
An anti-tech government official........ 100 points (UK House of Commons, Scottish Parliament, clueless judge, etc.)
A serial killer................................ 400 points
All scores increased by 10% for each day police fail to realize the mistake, up to 30 days. Scores doubled if prisoner is brought to trial as you, tripled if convicted, quadrupled if killed trying to escape.
[ link to this | view in chronology ]
Re: counting coup
[ link to this | view in chronology ]
Re: Re: counting coup
[ link to this | view in chronology ]
Re: Re: Re: counting coup
[ link to this | view in chronology ]
Re: counting coup
[ link to this | view in chronology ]
Re: Re: counting coup
[ link to this | view in chronology ]
Re: Re: Re: counting coup
[ link to this | view in chronology ]
Re: counting coup
Also, if I get an enemy of mine arrested how much would I get?
I'd add the following points but it'd still be incomplete:
The Pope ...................... 600 points
The US president .............. 800 points
Lady Gaga ..................... 1000 points
Chuck Norris .................. 10^480 points
[ link to this | view in chronology ]
Re: Re: counting coup
[ link to this | view in chronology ]
Re: Re: counting coup
[ link to this | view in chronology ]
Re: counting coup
[ link to this | view in chronology ]
A competent hacker will access the internet from an open / hacked wifi connection / university internet lab, and route his / her handy-work through a network of rooted servers (spread around the world), with possibly a VPN (paid for with stolen credit card) and/ or TOR thrown in for good measure.
If the authorities are able to trace an attack through this web to its origin (and this in itself is unlikely) the person that they will arrest will be a hapless idiot with an insecure wifi account / or rooted machine. Of course anyone of us could be that hapless idiot as the hackers have demonstrated that they are able to make "experts" from law enforcement and internet security companies look like infants.
[ link to this | view in chronology ]
Re: "masterminds behind LulzSec and Anonymous..."
[ link to this | view in chronology ]
Re: Re: "masterminds behind LulzSec and Anonymous..."
I have to agree if anyone understands the internet less than our government and law enforcement its the general public. They say suspects arrested people believe it no matter how unlikely it is that any competent hacker is hacking from home.
[ link to this | view in chronology ]
"A group calling themselves the Web Ninjas..."
You people are gauging difficulty of tracking by tools available to you, and it leads to wrong conclusions. I'm going to bet that the technical resources available to the police for tapping the net and seeing where the "tunnels" lead are better than those that the "Web Ninjas" have. The police can not only apply filters to catch net traffic, but can do man in the middle tracing in real time, or require websites to turn over logs.
Scotland seems to have some odder-than-usual activity: "Gay Girl in Damascus", who turned out to be a 40 year old American, was residing there.
[ link to this | view in chronology ]
Re: "A group calling themselves the Web Ninjas..."
Seriously, you use something in a linked story to try and attack Mike, then go on the offensive against "you people" for things nobody here has said.
"Scotland seems to have some odder-than-usual activity: "Gay Girl in Damascus", who turned out to be a 40 year old American, was residing there."
So, Americans are weird and spend their time trolling. I think there's another strange American who goes by the handle out_of_the_blue - what's his excuse?
[ link to this | view in chronology ]
Re: "A group calling themselves the Web Ninjas..."
A poor bet. From a cerain amount of inside knowledge I can tell you that law enforcement privately admit that they can only really catch the "low hanging fruit".
[ link to this | view in chronology ]
Re: Re: "A group calling themselves the Web Ninjas..."
Yes most law enforcement is technically challenged.
No there are people who are seriously tracked and who do pose major risk. These people are seriously tracked by agencies like the NSA who are in a class above everyone else.
[ link to this | view in chronology ]
Re: Re: Re: "A group calling themselves the Web Ninjas..."
Yeah those agencies are different - including the one that employed the guy who invented RSA 5 years before R, S and A did. Those agencies take on the best programmers coming out of Universities so they do know what they're talking about. However generally speaking they don't bother themselves with this kind of stuff.
When it comes to the people who they do track they know perfectly well not to try the "front door" - modern encryption is, for practical purposes, watertight. They will be looking for the peripheral stuff that gives you away - but the effort required to do that simply isn't worth it for this type of target.
[ link to this | view in chronology ]
Re: "A group calling themselves the Web Ninjas..."
You don't know much about networks, do you? The tools the police has are the same you and I have. The only advantage they have is more information sources (they can ask the ISPs directly for collaboration), which us average people don't have.
Perhaps you should learn how the Internet works. And play a little game called Uplink (yeah, it's not entirely realistic, but the idea of it is about on par with reality).
[ link to this | view in chronology ]
CSI is fiction!
~HB Gary Federal (Internet Security experts ... lol)
~Italian Police (the cyber crime evidence server ... lol)
While it is possible that certain intelligence agencies have tools and people at the their disposal which may allow them to "see where the tunnels lead", I very much doubt that the authorities would allow these tools (if they actually exist) to be used in garden variety criminal matters and certainly would not allow these techniques to be documented in court (such techniques would have to break a few laws).
I suspect that many of the arrests that have been made over the last few months are related to the use of the LOIC software as it is not really feasible to stealth the identity of machines running a DDoS tool (proxy'ing DDoS scale traffic would be difficult).
As for the identity of Topiary...maybe it is kid in Scotland, or maybe a kid in Sweden...or maybe this is all just disinformation (which is what I would expect from the spokesperson of a hacker group).
[ link to this | view in chronology ]
Re: "A group calling themselves the Web Ninjas..."
The ONLY chance that the baboons have is to use illegal methods: illegal searches, illegal wiretaps, illegal detainment, illegal questioning, illegal intimidation.
[ link to this | view in chronology ]
Re: "A group calling themselves the Web Ninjas..."
Well, we KNOW that's true.
You see it on TV all the time: A bunch of detectives huddled around a computer staring at a grainy JPEG, and then suddenly one of them says "Enhance." And then, the bespectacled rookie lab guy types a few random things on his keyboard (no mouse clicks necessary), and before you know it, the computer lets out a bleep, the image scans down, and suddenly the police have a perfect, high-definition photograph of their suspect.
I mean, I certainly don't have access to that type of technology. But I'm not some totally boss cop tracking down evil hackers, am I?
[ link to this | view in chronology ]
Re: Re: "A group calling themselves the Web Ninjas..."
[ link to this | view in chronology ]
Re: "A group calling themselves the Web Ninjas..."
The tool sets you're speculating about are in the hands of those bound by non-disclosure where mere confirmation of their existence can and does result in removal from society.
The police can not be trusted with such informations, they are, after all, just police and it is these same police that would be the first to start changing sides when any realisation sets in that they are, in fact, directly supporting the bad guys.
[ link to this | view in chronology ]
Re: "A group calling themselves the Web Ninjas..."
Even if that were true, how the hell do they "trace" the "tunnel" when sneakernet (ie, leaving one's house) and open WiFi (ie, not using one's personal internet connection) are involved? Do they just click their heels three times and say "I wish there was justice?" I know its plausible they might actually do real police work rather than rely the current erosion of privacy rights, but I find it unlikely that LulzSec could have survived as long as it has with all of the heat its drawn were they as stupid as you're suggesting.
[ link to this | view in chronology ]
Re: Re: "A group calling themselves the Web Ninjas..."
sneakernet isn't really much safer.
[ link to this | view in chronology ]
Re: "A group calling themselves the Web Ninjas..."
LOIC is a perfect example. Nobody with even half a brain would turn that thing on, yet many did and many have been arrested as a result. None of the leaders of these groups would get caught dead with LOIC running on their machines. They need the sheeple to do the work, and most of those are in the 12 - 18 year old range, running out of Mom's basement or at best their college dorm room. They are the idiots of the revolution, the "ensign with the different colored uniform" of hacktivism.
In the end, the leaders have to communicate to their sheeple, and that will always be the weak point. There will be logs, there will be connections made, and there will be exposure. Soon enough, one of the idiots at the top will get caught, and he will sing like a canary and everyone else will fall down with them, because he (or she) isn't going to want to do a long stretch in prison while everyone else plays GTA and posts naughty pics on anon.
tick tick tick... the 15 minutes is almost up.
[ link to this | view in chronology ]
Re: Re: "A group calling themselves the Web Ninjas..."
The really funny part is you believing that.
[ link to this | view in chronology ]
Also: the "Web Ninjas" claim to know who the real "Topiary" is!
[ link to this | view in chronology ]
Re: Also: the "Web Ninjas" claim to know who the real "Topiary" is!
If Top[iary was known, then they would have him/her already.
[ link to this | view in chronology ]
Interesting use of resources
Yet the UK police seem to feel it necessary to go after Topiary.
[ link to this | view in chronology ]
Re: Interesting use of resources
[ link to this | view in chronology ]
LoLSec is not script kiddies
[ link to this | view in chronology ]
@20
[ link to this | view in chronology ]
@29
[ link to this | view in chronology ]
@30 then @33
THIS IS late 90's tech for top notch hackers.
---------
@33 think aobut how much blackmail rupert prolly has on most of the very people that would have to arrest him....yaaaaa.
[ link to this | view in chronology ]
Tell me the police didn't go to the Shetlands to arrest some dude.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
From the article:I smell something extremely fishy.
[ link to this | view in chronology ]