LEARNING FROM OTHERS' MISTAKES. LIBERTAS, DPR, SABU, LULZSEC

pumpingiron22

Member
AnabolicLab.com Supporter
LEARNING FROM OTHERS' MISTAKES. LIBERTAS, DPR, SABU, LULZSEC

A little change of pace for this next post. I want to talk about one of our fallen moderators Libertas.

It has finally been confirmed, what we all were hoping for that Libertas, one of the 3 arrested moderators was released on bail recently according to an article.

The Silk Road’s Libertas Is Free, To The Annoyance Of U.S. Authorities, While DoJ Mulls BTC Sell-Off

Quote
The Silk Road moderator Gary Davis, aka Libertas, is officially free on bail and awaiting an extradition hearing on February 13.

The FBI flew to Ireland that night for the express purpose of taking Davis into custody and interrogating him in Ireland, with regard to his position and functions “being a moderator on a website allowing transactions to facilitate the sale of drugs online.”

So as you can see, just because Libertas was a moderator on the site, he is being charged with allowing transactions to faciliate sales of drugs. He is basically being charged as a drug dealer.

Quote
However, Davis was found in possession of illicit substances which could result in a minimum sentence.

He unfortunately was found with drugs on him at the time of his arrest, which made things much easier to keep him in custody. And it turns out that the alleged former owner of Silk Road, Ross Ulbricht is fully complying with law enforcement to attempt to identify senior vendors on Silk Road. According to the article, Ross communicated with the vendors frequently and likely in plain text (is my guess).

The reason I bring this up, is that we need to remind every user on here of the mistakes that were made by Ross, and the other three moderators so that we can hopefully learn from them. We need to avoid these types of mistakes, never ever EVER give anybody any personal information about yourself online. The story goes, that Ross required moderators to give him copies of their IDs in order to become moderators of Silk Road, and he likely kept a record of these on his computer. Unfortunately, these are now in the hands of the FBI and 3 moderators have been arrested as a result since. And now, according to the article, they are after senior vendors as well.

A few take homes are; Always use PGP encryption in all your communications, which unfortunately in this case would not have mattered because Ross ended up giving up his private keys to the feds. But it is still another hurdle in their way to protect you from them taking away your freedom. Never give out any personal information to anybody online about yourself. Never put your trust in somebody else's hands, because at the end of the day, nobody is going to go to jail for you. Ross found an opportunity to possibly reduce his sentence and he is fully taking advantage of the opportunity.

This exact same scenario happened with Sabu from LulzSec was threatened with 112 years in prison, he quickly turned on all his friends and worked with the feds to get them all locked up to help reduce his sentence. Sabu has 2 kids and obviously decided he would rather snitch out his friends and have a chance at being a father rather than spend the rest of his life locked up in jail. Again, nobody is going to go to jail for you.
 

pumpingiron22

Member
AnabolicLab.com Supporter
HOW FAR WILL LAW ENFORCEMENT GO?

Today we are going to talk about the lengths that law enforcement (LE) will go to try and catch you slipping.

The thread that inspired this post was the following SR thread.

http://silkroad5v7dywlc.onion/index.php?topic=8788.0

The first question is, can LE ship drugs to buyers to try and set them up for drug charges? Let us just say, that they have done it to a Silk Road user before who went by the name of Flush aka Chronicpain aka Curtis Green

DEA sting yields guilty plea in Silk Road conspiracy

Quote
In April 2012, a DEA undercover agent in Maryland posing as a drug smuggler began communicating with "Dread Pirate Roberts" on Silk Road about selling a large amount of illegal drugs. "Dread Pirate Roberts" instructed [Curtis] Green to help the smuggler find a drug dealer who could buy a large amount of drugs, court papers say. Green found a buyer and agreed to act as the middleman for a $27,000 sale of a kilogram of cocaine. Green gave the DEA agent his address.

An undercover U.S. Postal Service inspector delivered the cocaine to Green's house in Utah on Jan. 17.

So as you can see, whether you view it as entrapment or not, once they have evidence against you, they will eventually figure out a way to get something on you and bust you for it like they did to Curtis Green.

The Secret Service posed as a vendor for fake IDs online for 5 years and actually shipped fake IDs that they made to buyers on an online Russian forum.

How the Secret Service Sold Fake IDs to Catch Identity Crooks - Tested.com

Quote
The US Government's "Operation Open Market" resulted in indictments against 55 defendants. According to Wired, Special Agent Mike Adams shipped out more than 125 fake IDs over about five years of activity while going by the username Celtic. Amazingly, the entire scheme started when the government arrested the real Celtic, a Nevada man who got caught shopping at a Whole Foods where he'd previously used a fake credit card.

Law enforcement discovered counterfeiting equipment among his possessions and learned about his online activities. Adams assumed his online identity and even improved Celtic's cred, shipping near-flawless IDs and becoming a trusted seller on Carder.ru.

As you can see in this article, the Secret Service again sold illegal items to people online in order to bust them. Several of the buyers used their real addresses and sent real photos of themselves to this officer to have their IDs made, resulting in being arrested by the feds.

And in this particular case, the feds charged all the defendants under something called the RICO act.

Quote
"The main indictment is noteworthy because, in addition to the usual mix of credit card fraud and false identification charges, the 39 defendants have been charged under the mob-busting RICO act – a first for a cybercrime prosecution.

Enacted in 1970 to help the FBI crack down on the mafia, the Racketeer Influenced and Corrupt Organizations Act lets the feds hold every member of a criminal organization individually responsible for the actions of the group as a whole. The losses collectively inflicted by the Carder.su members are easily enough to give every RICO defendant 20 years in prison."

When you commit crimes online, especially in an online community, the feds may be able to hold you accountable for the actions of other users on that same community. So make sure when you do your freedom fighting, or whatever you choose to do, that you take this into considering. Always weigh out the worst case scenario, should you get busted, because the LE will try and set you up.

One last example of how LE will try and set you up, but not relating to online communities is when they put together a fake sweepstakes in Los Angeles.

Police Inspired by The Simpsons to Catch Criminals

Quote
Sheriff's deputies in La Mirada attempted a rope-a-dope on some alleged criminals by offering them a fake sweepstakes prize. Out of the 960 letters sent to these "people of interest" only eight showed up at the La Mirada Holiday Inn to collect their prize, according to the Whittier Daily News.

Posing as the "Pelican Marketing Group," deputies sent letters last week to people throughout the county wanted in connection with crimes ranging from misdemeanor warrants to murder.

According to the report, the suspects were advised to bring their letter and identification to the Holiday Inn, and told that they were guaranteed a prize worth at least $100, and would be one of 200 people with a chance to win a 2010 BMW 238i sedan.

They were all smiles when they showed up to collect their prizes, Deputy Janet Ramirez told the newspaper. "Once they tell them they're under arrest, the smile fades quickly," she said.

So the reason I made this post, was for those of you who think that LE will not go to certain lengths to try and set you up for charges. They will do it if they want you bad enough, and if you fall for it, they might get you on some tough charges. Curtis Green is facing up to 40 years for the sting operation by the DEA on him and the users who purchased fake IDs on the Russian forum could face up to 20 years each since they can be charged under the RICO act. Always keep these things in mind when conducting activities online and always take the worst case scenario into account.

It only takes one mistake to get caught and the government has unlimited resources and super computers to try and catch you slipping. You may only have a few laptops, desktops, servers, but nothing compared to the what they have. Be careful everyone.
 
Excellent article, thank you. Just an update, if I may. Libertas will be in court in about another two weeks, where a decision on his extradition from Ireland to the United States will likely be decided (barring any further delays).

I don't know whether or not the Irish government will permit his extradition, but it is most interesting to read about the DOJ's tactics in attempting to get at Libertas' emails. Libertas had an account with msn.com, which account was hosted at an Irish datacentre. Microsoft's policy has been for some years to locate customer data at a server geographically close to the customer's stated location both for latency and other reasons.

A couple of years back, a U.S. magistrate judge in the Southern District of New York (where Ross Ulbricht was tried) issued a subpoena for Libertas' emails. This order, given to Microsoft, demanded the contents of Libertas' email account, even though the data was physically hosted in Ireland. Microsoft refused, and was found in contempt. They appealed, and the case is still winding its' way through the courts.

Microsoft's position here is that an American court does not have the power to compel production of data held or stored in a foreign jurisdiction. There is considerable merit in their argument. The DOJ, for their part, complains that the Mutual Legal Assistance process is long, slow, and cumbersome -- besides which, the Irish have the right under the treaty to simply refuse to hand over the data.

What can we learn from this?

First, and foremost, if you are an American, your email should be hosted in a foreign country, and preferably by a company not owned or controlled by Americans. The Irish are hardly hostile to American interests and, in most cases, they will give the Americans what they want. The fact that the DOJ is complaining about the difficulty of going through the MLAT process only underscores the effectiveness of this tactic.

If you really want to keep your emails out of the hands of the government, you should be using PGP.

Now, there is one flaw with PGP, which is well-known -- the fact that it uses long-lived keys. Let's take the case of Ross Ulbricht as an example.

When Ross was arrested, and his laptop seized, the authorities found his PGP private key, and his passphrase, which he had stored in a folder on his laptop -- this came from the evidence produced at trial.

Given that Ross had used the same key for 2+ years, when the Feds got their mitts on his private key, they were able to decrypt every communication that had been encrypted with that key -- this was in excess of two full years traffic.

How Ross could have avoided this, would have been to use a PGP key with a dedicated encryption subkey. He could have expired these subkeys at regular intervals, e.g. 3 months, after which the subkeys could be destroyed. If he had done that, the Feds would have been able to decrypt no more than the last 3 months traffic, maximum.

If there is any interest, I can post a tutorial on how to accomplish this.
 
One of the reasons that Libertas, SSBD and Inigo were so quickly arrested after the bust of Ross Ulbricht, and the seizure of Silk Road 1.0, was that Ulbricht doxxed his paid employees:

Perhaps fearing law enforcement infiltration or personal betrayal, he [Ulbricht/DPR] asked Silk Road moderators to scan their driver’s licenses and send them to him. In a directory on his computer, there were multiple encrypted files, neatly labeled with moderator names.

If the passphrase to decrypt the files was cached at the time the laptop was seized, the decrypted files would have just been one click away. -- Unmasked: The Man Behind Silk Road -- Andy Greenberg
 

grey

Member
AnabolicLab.com Supporter
When Ross was arrested, and his laptop seized, the authorities found his PGP private key, and his passphrase, which he had stored in a folder on his laptop -- this came from the evidence produced at trial.


Goddamn. Why even bother with PGP and then just store shit like this?
 
Goddamn. Why even bother with PGP and then just store shit like this?

To be honest, Ulbricht didn't like PGP, and avoided its' use as much as he could. In her book Silk Road, Eileen Ormsby recounts how she would send DPR PGP-encrypted messages, to which he would reply in the clear (i.e. unencrypted).

He was also a world-class hypocrite. In one court filing, a chat log is produced where he asks Inigo if he has logging turned on in his chat client? Inigo replies, "No, you told us not to do that." So, there were one set of rules for him, and another for his underlings. Ulbricht thought he was the smartest person in the room, and that led to a feeling of invulnerability -- he didn't have to follow the rules -- the rules were for the little people, not for him.
 
Here is an update on the case of Microsoft Ireland v United States. This is a welcome piece of news.

In privacy victory, Microsoft wins appeal over foreign data warrant

Justice Department said it's "considering" its options in response to the appeal.
By Zack Whittaker for Zero Day | July 14, 2016 -- 15:15 GMT (16:15 BST) | Topic: Security

In privacy victory, Microsoft wins appeal over foreign data warrant | ZDNet

Microsoft has won an appeal over a US search warrant that aimed to force the company to turn over data it stored overseas.

The Second Circuit Court of Appeals in New York reversed the decision in a 63-page decision on Thursday.

The case centered on a uniquely-different warrant that was issued by US prosecutors in that it was for data stored in an email account stored by Microsoft overseas. Prosecutors said that because the data was hosted by a US-based company, Microsoft must comply.

But the judges concluded that Congress did not intend the law used in the case -- the Stored Communications Act -- to apply outside the US.

Judge Gerard Lynch said in added remarks it was a "rational policy outcome" and should be "celebrated as a milestone in protecting privacy".

"The warrant in this case may not lawfully be used to compel Microsoft to produce to the government the contents of a customer's email account stored exclusively in Ireland. Because Microsoft has otherwise complied with the warrant, it has no remaining lawful obligation to produce materials to the government," the ruling said.

The appeals court also reversed a charge of contempt, which allowed the company to trigger an appeal.

A spokesperson for the Justice Department would not say if it would appeal the ruling.

"We are disappointed with the court's decision and are considering our options. Lawfully accessing information stored by American providers outside the United States quickly enough to act on evolving criminal or national security threats that impact public safety is crucial to fulfilling our mission to protect citizens and obtain justice for victims of crime," said spokesperson Peter Carr.

The software giant has been battling US prosecutors for two years over data held in its Dublin, Ireland datacenter, which it said cannot be accessed or retrieved by a US search warrant.

Both Microsoft and Irish authorities have long asked the US government to go through the international mutual legal assistance treaties set up between the two countries.

Realizing the implications, a number of companies filed "friends of the court" briefs in Microsoft's defense. Verizon submitted an amicus brief in Microsoft's support, concerned that its overseas data could also be at risk. Apple, AT&T, and Cisco also lent their support.

Microsoft president Brad Smith said in a statement that he "welcomes" the decision.

"The decision is important for three reasons: it ensures that people's privacy rights are protected by the laws of their own countries; it helps ensure that the legal protections of the physical world apply in the digital domain; and it paves the way for better solutions to address both privacy and law enforcement needs," said Smith.

The American Civil Liberties Union (ACLU), which also filed a brief in support of Microsoft, said that the "significant decision" was "yet another reminder" that the laws need updating.

"As the concurring opinion points out, our online privacy laws are not the bulwarks of privacy that Congress thought they were when it enacted them in 1986," said ACLU attorney Alex Abdo.

"Now is the time for Congress to finally pass reform protecting our privacy in the digital age," he said.
 
Maybe they'd even set up a fake source website to catch juicers?
Some say it already happened

What is more likely is that the Feds would take over an already existing operation. That way, they would already have a good reputation, and a pre-existing customer base.
 
Update: Last week, Gary Davis, a.k.a. Libertas was ordered extradited to the United States by the Irish courts. Extradition was postponed to allow a ten-day period for filing an appeal. An appeal is expected to be filed shortly, and will take somewhere between two and four years to conclude.

If Davis's appeal fails, he will be extradited to the United States to face trial. I have seen documents that indicate that the acquittal rate in both Federal and State courts is is between 1 and 2%, making it almost a certainty that Davis will be convicted. Articles in the Irish media have stated that as the last man to be indicted, and put on trial, that he will not be offered any mercy. One Irish media source has even tweeted that they had been contacted by an FBI agent, who stated that Davis was being 'groomed' to take over Silk Road from its original owner. This tells me that the Feds are very likely to ask for the same penalties to be imposed on Davis as were imposed on Ross Ulbricht, i.e. a life sentence.
 

TS561

Member
With the way feds work. Why bother with a take over? A man-in-the-middle attack, firmware, or simple key logging. No muss, no fuss, and you have every single bit of data you need. From that, just compiling until you feel like dropping the hammer. We know they have Tor nodes captured already. The data is encrypted, but statistical analysis tools allow them to discover a users real identity eventually. After they know who a key player is. Well is just back to the basics I mentioned earlier, and let the case against you build itself.
 
Top