Potential Lulz: Security Experts Think UK Police Tricked Into Arresting The Wrong Person Over LulzSec Hacks
from the now-wouldn't-that-be-funny dept
Police in the UK recently reported that they had arrested a hacker who goes by the name Topiary, and often acts as the spokesperson for LulzSec. There’s just one problem. A number of the people who follow LulzSec closely (and who have attempted to expose who they really are) note that much of the evidence they have suggests that Topiary is someone entirely different, and that the real Topiary purposely copied his “identity” from a “troll.” They’re suggesting that the police caught the “troll” instead of the real Topiary. At this point, who knows what’s the actual situation, but it wouldn’t surprise me if the folks involved in LulzSec were slightly better at covering their tracks (or using misdirection) than the police were at tracking them…
Comments on “Potential Lulz: Security Experts Think UK Police Tricked Into Arresting The Wrong Person Over LulzSec Hacks”
Now that’s trolling!
They have an IP address.
Of course they have the right guy.
Re: Re:
“Topiary”, as he was being arrested: Hey! Wait! I still have two strikes left!
Re: Re:
And if another Topiary shows up and starts hacking, then other people must be trying to copy cat.
Man, if this is true, then we are screwed. If some punks that like to play Internet pranks can fool law enforcement with some basic misdirection (IP address spoofing? Impersonating a ‘troll’?), then what would someone that wants to intentionally cause harm do?
Re: Re:
Of COURSE this is true. You don’t seriously think the baboons who work for law enforcement have the intellectual capability, the experience, and the knowledge to deal with the complex nuances of tunneling, redirection, encryption, routing, etc.?
They are being played by teenagers and twenty-somethings who are their intellectual masters. (Which is not to say that they won’t eventually catch some of the LulzSec folks: after all, these baboons are well-known to use illegal methods in order to compensate for their lack of rudimentary critical thinking skills. And sometimes those illegal methods work.)
But your point is quite apt: anyone who was actually seriously bent on doing harm would have no trouble evading the baboons. That’s a pretty sobering thought.
Re: Re: Re:
I thought I saw tongue in cheek – maybe not …
Re: Re: Re:
Looks like Topiary got out on bail.
lulz
stupid troll is… in jail.
True nerd rage can be an awe-inspiring and terrible thing to behold. 🙂
…but the RIAA told me that an IP address was incontrovertible evidence that a person is a pirate! How can they be wrong?
Re: Re:
The person can unknowingly have Sub7 (or a modern equivalent) on his computer. Someone else could be pulling the strings through his computer.
It is funny as the guy was arrested on a remote Scottish island I doubt it is the right man.
Re: Re:
Never underestimate stupid. And don’t misunderestimate the police.
Oh, and an IP adderess is iron-clad proof that the guy is a fruitcake. Well, according to LulzSec anyway.
They have “experts” warning them that the collective could be overtaken and directed by the KGB, and we think they understand the tech proof?
The only thing that could have made it more awesome would have been Topiarys cell ringing as they were taking him into custody and the police looking confused as Rick Astley serenaded them….
arrests, exciting and new, come aboard there expecting you…
Levels of deception
So, what do we have here.
First, we had the police saying they arrested the correct guy.
Then, we have people saying the police were tricked into arresting the wrong guy.
But I would not be surprised if this has even more levels of mindfuck. We could have the police arresting the correct guy and we being tricked into thinking they arrested the wrong guy. Or they could have arrested the wrong guy, and we are being tricked into thinking they arrested a different wrong guy.
Or perhaps the police arrested the wrong guy, and they are trying to make us believe that they have the correct guy and that the cries of “you got the wrong guy” are just misdirection (reverse psychology-like). Or perhaps that is what they want you to think, and they have the correct guy after all. Or perhaps the correct guy does not exist, and is a character role-played by two or more people. Or perhaps he is a NSA plant, pretending to be Anonymous pretending to be a NSA plant.
Once you start thinking things might not be what they seem, it is turtles all the way down.
Re: Levels of deception
Occam’s Razor:
An IP address and/or online identity is poor proof (it can be faked, spoofed, etc). Police used that as evidence and got “someone”, which COULD have been the wrong guy.
Without further data, we can say nothing, but it is worrisome if it turns out to be true.
Re: Levels of deception
Or perhaps the police arrested the wrong guy, and they are trying to make us believe that they have the correct guy and that the cries of “you got the wrong guy” are just misdirection (reverse psychology-like). Or perhaps that is what they want you to think, and they have the correct guy after all. Or perhaps the correct guy does not exist, and is a character role-played by two or more people. Or perhaps he is a NSA plant, pretending to be Anonymous pretending to be a NSA plant.
I’ve blown your cover AC.
You’re Donald Rumsfeld aren’t you?
Re: Re: Levels of deception
“Donald Rumsfeld”
Weapon of mass corruption?
Re: Levels of deception
The problem is that police are mostly uneducated. They don’t know anything. If they did, they wouldn’t be police. Most governments, and their employees, are stupid. That includes the FBI, and just about any other agency.
They are used to going after crackheads on crack, and crack dealers who sell drugs to crackheads. They are used to going after victimless criminals. They are used to going after people with half a brain, people even stupider than them. They have an easy job that requires no brains.
When they have to go after people 100 times smarter and more intelligent then they are, they’re going to get ran around in circles 100 times over. They think that just because they can catch some crackheads and maybe outsmart them a little bit, they can do the same to educated technocrats. They have a whole new thing coming to them. They’re police, what do you expect? They don’t know anything.
Re: Re: Levels of deception
Heck, the FBI et al still haven’t set up their e-mail addresses in most of their state departments. If you try to forward something to them, you need to forward it to the FBI department in your specific state. Unfortunately, most of them, on their website, still say something to the extent of, we’re working on creating an e-mail server. These people are too retarded to even operate an e-mail server. Almost every private corporation has an e-mail address and has had one for several years now. Governments are incompetent.
counting coup
Yes, that’s kind of impressive. I suppose.
You trick the police, so that they arrest someone as you but it’s really
A random stranger……………………… 1 point
A troll…………………………………… 2 points
A pensioner who doesn’t use internet… 30 points
A police officer………………………… 50 points (+5 for every level of rank above Inspector, +100 if undercover trying to infiltrate LulzSec)
An anti-tech government official…….. 100 points (UK House of Commons, Scottish Parliament, clueless judge, etc.)
A serial killer………………………….. 400 points
All scores increased by 10% for each day police fail to realize the mistake, up to 30 days. Scores doubled if prisoner is brought to trial as you, tripled if convicted, quadrupled if killed trying to escape.
Re: counting coup
I wonder what the current high score is.
Re: Re: counting coup
I have a score of 9001.
Re: Re: Re: counting coup
Woah!! Over NINE THOU… wait.. I see what you did there.
Re: counting coup
How much for a dead person?
Re: Re: counting coup
Depends on if you’re American or not.
Re: Re: Re: counting coup
And if they won an election.
Re: counting coup
That’s a pretty nice game, can we play in group taking turns trying to get some other person arrested?
Also, if I get an enemy of mine arrested how much would I get?
I’d add the following points but it’d still be incomplete:
The Pope …………………. 600 points
The US president ………….. 800 points
Lady Gaga ………………… 1000 points
Chuck Norris ……………… 10^480 points
Re: Re: counting coup
Oh, how could I forget the Pope? And +400 for televised chase involving Popemobile.
Re: Re: counting coup
There aren’t enough point in the world for arresting chuck Norris, which is btw impossible…
Re: counting coup
That must be one hell of a drinking game.
The masterminds behind LulzSec and Anonymous have established that they are competent hackers.
A competent hacker will access the internet from an open / hacked wifi connection / university internet lab, and route his / her handy-work through a network of rooted servers (spread around the world), with possibly a VPN (paid for with stolen credit card) and/ or TOR thrown in for good measure.
If the authorities are able to trace an attack through this web to its origin (and this in itself is unlikely) the person that they will arrest will be a hapless idiot with an insecure wifi account / or rooted machine. Of course anyone of us could be that hapless idiot as the hackers have demonstrated that they are able to make “experts” from law enforcement and internet security companies look like infants.
Re: "masterminds behind LulzSec and Anonymous..."
Are probably FBI agents doing yet another set up of witless patsies, as in the numerous “terrorists” rounded up for show trial. Activities of these “masterminds” just happen to be handy for justifying an increase of surveillance and requiring ISPs to keep extensive logs. So at best, this publicly touted yet not actually serious “hacking” is helping the police state along.
Re: Re: "masterminds behind LulzSec and Anonymous..."
wow OOTB making sense, gratz.
I have to agree if anyone understands the internet less than our government and law enforcement its the general public. They say suspects arrested people believe it no matter how unlikely it is that any competent hacker is hacking from home.
"A group calling themselves the Web Ninjas..."
how do we know those soi-disant experts are anything more than teen script kiddies? Because the NYTimes says so and Mike takes anything in the NYTimes as gospel?
You people are gauging difficulty of tracking by tools available to you, and it leads to wrong conclusions. I’m going to bet that the technical resources available to the police for tapping the net and seeing where the “tunnels” lead are better than those that the “Web Ninjas” have. The police can not only apply filters to catch net traffic, but can do man in the middle tracing in real time, or require websites to turn over logs.
Scotland seems to have some odder-than-usual activity: “Gay Girl in Damascus”, who turned out to be a 40 year old American, was residing there.
Re: "A group calling themselves the Web Ninjas..."
They may call themselves web ninjas, but your troll-fu is weak today…
Seriously, you use something in a linked story to try and attack Mike, then go on the offensive against “you people” for things nobody here has said.
“Scotland seems to have some odder-than-usual activity: “Gay Girl in Damascus”, who turned out to be a 40 year old American, was residing there.”
So, Americans are weird and spend their time trolling. I think there’s another strange American who goes by the handle out_of_the_blue – what’s his excuse?
Re: "A group calling themselves the Web Ninjas..."
I’m going to bet that the technical resources available to the police for tapping the net and seeing where the “tunnels” lead are better than those that the “Web Ninjas” have.
A poor bet. From a cerain amount of inside knowledge I can tell you that law enforcement privately admit that they can only really catch the “low hanging fruit”.
Re: Re: "A group calling themselves the Web Ninjas..."
Yes and No.
Yes most law enforcement is technically challenged.
No there are people who are seriously tracked and who do pose major risk. These people are seriously tracked by agencies like the NSA who are in a class above everyone else.
Re: Re: Re: "A group calling themselves the Web Ninjas..."
These people are seriously tracked by agencies like the NSA who are in a class above everyone else.
Yeah those agencies are different – including the one that employed the guy who invented RSA 5 years before R, S and A did. Those agencies take on the best programmers coming out of Universities so they do know what they’re talking about. However generally speaking they don’t bother themselves with this kind of stuff.
When it comes to the people who they do track they know perfectly well not to try the “front door” – modern encryption is, for practical purposes, watertight. They will be looking for the peripheral stuff that gives you away – but the effort required to do that simply isn’t worth it for this type of target.
Re: "A group calling themselves the Web Ninjas..."
“You people are gauging difficulty of tracking by tools available to you, and it leads to wrong conclusions. I’m going to bet that the technical resources available to the police for tapping the net and seeing where the “tunnels” lead are better than those that the “Web Ninjas” have.”
You don’t know much about networks, do you? The tools the police has are the same you and I have. The only advantage they have is more information sources (they can ask the ISPs directly for collaboration), which us average people don’t have.
Perhaps you should learn how the Internet works. And play a little game called Uplink (yeah, it’s not entirely realistic, but the idea of it is about on par with reality).
Re: CSI is fiction!
Script kiddies would NOT have been able to hack:
~HB Gary Federal (Internet Security experts … lol)
~Italian Police (the cyber crime evidence server … lol)
While it is possible that certain intelligence agencies have tools and people at the their disposal which may allow them to “see where the tunnels lead”, I very much doubt that the authorities would allow these tools (if they actually exist) to be used in garden variety criminal matters and certainly would not allow these techniques to be documented in court (such techniques would have to break a few laws).
I suspect that many of the arrests that have been made over the last few months are related to the use of the LOIC software as it is not really feasible to stealth the identity of machines running a DDoS tool (proxy’ing DDoS scale traffic would be difficult).
As for the identity of Topiary…maybe it is kid in Scotland, or maybe a kid in Sweden…or maybe this is all just disinformation (which is what I would expect from the spokesperson of a hacker group).
Re: "A group calling themselves the Web Ninjas..."
Really? You seriously think that the baboons have more network clue that the people who designed the protocols and wrote the code?
The ONLY chance that the baboons have is to use illegal methods: illegal searches, illegal wiretaps, illegal detainment, illegal questioning, illegal intimidation.
Re: "A group calling themselves the Web Ninjas..."
I’m going to bet that the technical resources available to the police for tapping the net and seeing where the “tunnels” lead are better than those that the “Web Ninjas” have.
Well, we KNOW that’s true.
You see it on TV all the time: A bunch of detectives huddled around a computer staring at a grainy JPEG, and then suddenly one of them says “Enhance.” And then, the bespectacled rookie lab guy types a few random things on his keyboard (no mouse clicks necessary), and before you know it, the computer lets out a bleep, the image scans down, and suddenly the police have a perfect, high-definition photograph of their suspect.
I mean, I certainly don’t have access to that type of technology. But I’m not some totally boss cop tracking down evil hackers, am I?
Re: Re: "A group calling themselves the Web Ninjas..."
Lol. You see that Blade Runner Lite scene in almost every cop show now.
Re: "A group calling themselves the Web Ninjas..."
The tool sets available to the police are rudimentary and readily available. The data sets they maintain and have access to however grow stronger, broader and deeper.
The tool sets you’re speculating about are in the hands of those bound by non-disclosure where mere confirmation of their existence can and does result in removal from society.
The police can not be trusted with such informations, they are, after all, just police and it is these same police that would be the first to start changing sides when any realisation sets in that they are, in fact, directly supporting the bad guys.
Re: "A group calling themselves the Web Ninjas..."
“I’m going to bet that the technical resources available to the police for tapping the net and seeing where the “tunnels” lead are better than those that the “Web Ninjas” have.”
Even if that were true, how the hell do they “trace” the “tunnel” when sneakernet (ie, leaving one’s house) and open WiFi (ie, not using one’s personal internet connection) are involved? Do they just click their heels three times and say “I wish there was justice?” I know its plausible they might actually do real police work rather than rely the current erosion of privacy rights, but I find it unlikely that LulzSec could have survived as long as it has with all of the heat its drawn were they as stupid as you’re suggesting.
Re: Re: "A group calling themselves the Web Ninjas..."
Many places that have open internet also have security cameras. You know, it’s funny how it works, but sooner or later they will figure out which guy is always at the given location at the given time.
sneakernet isn’t really much safer.
Re: "A group calling themselves the Web Ninjas..."
The funny part is that for the most part, these hacker groups seem to be a couple of intelligent people and bunch of children they have tricked into doing the dirty work for them.
LOIC is a perfect example. Nobody with even half a brain would turn that thing on, yet many did and many have been arrested as a result. None of the leaders of these groups would get caught dead with LOIC running on their machines. They need the sheeple to do the work, and most of those are in the 12 – 18 year old range, running out of Mom’s basement or at best their college dorm room. They are the idiots of the revolution, the “ensign with the different colored uniform” of hacktivism.
In the end, the leaders have to communicate to their sheeple, and that will always be the weak point. There will be logs, there will be connections made, and there will be exposure. Soon enough, one of the idiots at the top will get caught, and he will sing like a canary and everyone else will fall down with them, because he (or she) isn’t going to want to do a long stretch in prison while everyone else plays GTA and posts naughty pics on anon.
tick tick tick… the 15 minutes is almost up.
Re: Re: "A group calling themselves the Web Ninjas..."
The funny part is that for the most part, these hacker groups seem to be a couple of intelligent people and bunch of children they have tricked into doing the dirty work for them.
The really funny part is you believing that.
Also: the "Web Ninjas" claim to know who the real "Topiary" is!
So how well is he hidden if amateurs can find this “mastermind”? — Perhaps the “Web Ninjas” have done better at analyzing clues, BUT still Topiary is KNOWN!
Re: Also: the "Web Ninjas" claim to know who the real "Topiary" is!
lolwut?
If Top[iary was known, then they would have him/her already.
Interesting use of resources
Rupert Murdoch hasn’t (yet) been arrested, yet it’s obvious to everyone that he and his employees have been engaged in wiretapping, interference with criminal investigations, fraud, etc. on a grand scale for many years.
Yet the UK police seem to feel it necessary to go after Topiary.
Re: Interesting use of resources
Well, it’s because Topiary doesn’t (yet) have the skeletons that NewsInt know about).
LoLSec is not script kiddies
i told you all and i’ll say it again THEY ARE NOT SCRIPT KIDDIES…. and it don’t take much to get to there level.
@20
google proxy chains and enjoy how everything you said dies a quick death ….
@29
and apparently neither do you cause with various types of proxies and chaining htem none can ever catch a real determined hacker…you just don’t think properly and you DONT DO IT FORM HOME…at least not your home LOL….
@30 then @33
FACT you speak truth script kiddies are mostly able to use DDoS attacks…BUT while those go on some one else goes …hrrmmm good front to really pull a wing raid…BAMB goods gotten moved and moved and moved and shoved up to public….all automated without them having to touch or have anything physically come near them….
THIS IS late 90’s tech for top notch hackers.
———
@33 think aobut how much blackmail rupert prolly has on most of the very people that would have to arrest him….yaaaaa.
Shetlands? really?
Tell me the police didn’t go to the Shetlands to arrest some dude.
Re: Re:
Well, it’s better than going to the Faroes. Or the Pharoh’s, for that matter.
Re:
They wanted to ride the pony…
Re: Re:
Not only arrest, they have kept the guy over the normal holding period, and have been given the ability to keep them in custody even longer, all without one charge being laid.
From the article:
I smell something extremely fishy.