[HN Gopher] Ask HN: Are there recorded instances of people being...
___________________________________________________________________
Ask HN: Are there recorded instances of people being framed through
hacking?
I don't believe I'm a person of interest to anyone, however I
imagine some people are. With the hacking capabilities of
government and organisations, would planting incriminating material
on somebody's computer be trivial?
Author : desertraven
Score : 140 points
Date : 2022-10-22 11:26 UTC (11 hours ago)
| micromacrofoot wrote:
| you could probably frame most people by sending them an unlabeled
| usb stick in the mail with a simple script that copies a file to
| their hard drive - curiosity often gets the best of us
| robswc wrote:
| I could maybe see this working if you have a year or so to do
| it.
|
| Make it look like a game or something but copy incriminating
| stuff in the background. Then "tip" the authorities a year
| later, the person would probably forget all about it.
|
| If it's too soon they might still have the USB stick. No idea
| if that would pose an issue tho.
|
| I dunno tho. Not a cyber security guy or lawyer, but
| interesting "problem" to think about, haha.
| GekkePrutser wrote:
| > If it's too soon they might still have the USB stick. No
| idea if that would pose an issue tho.
|
| Not really, if you manage to autorun arbitrary code from it
| (which is more difficult on the latest OSes), you can also
| make it wipe itself or something. It's hard to completely
| wipe USB sticks because of write leveling but a few rewrites
| should do it. Cheap sticks don't have much spare capacity.
|
| In fact if you're really good you can even trick the
| controller to hide or wipe it somehow. After all you're
| supplying the hardware so you're in full control of
| everything.
| robswc wrote:
| I guess I'm thinking more on the "how will it be handled by
| detectives/lawyers/whoever is involved."
|
| I mean, say they found corporate secrets on your computer.
| You say "no idea how they got here but look at this weird
| USB." Would they be able to see that a small USB sized
| package was delivered on the day the victim claimed? Would
| they even look that far, etc, etc.
|
| Thanks for providing some answers on the technical side
| though. That's def a thought too. I mean, seems you could
| be screwed if you're dealing with someone smart if you're
| being careless.
| GekkePrutser wrote:
| Does that USB stick trick still actually work?? It's pretty old
| by now and every corporate security training warns about it.
| micromacrofoot wrote:
| Yes. An old co-worker in security used to leave them on the
| floor in the lobby and had to stop when a C-level got mad
| about falling for it. It rarely _didn't_ work. The company
| has mandatory annual security training.
| ipython wrote:
| Fabricated evidence in a trial against a supposed coup attempt in
| Turkey: https://balyozdavasivegercekler.com/2012/10/04/dani-
| rodrik-d...
| agilob wrote:
| I remember reading here on HN a story of a US journalist, who was
| documenting some darkweb stories, one day he found out he was the
| target on some forum, people were crowdfunding to buy drugs
| online and deliver to his address, notify police about drug
| possession. He notified the police first.
| mtlynch wrote:
| It sounds like you're thinking of Brian Krebs:
|
| https://krebsonsecurity.com/2019/09/interview-with-the-guy-w...
| agilob wrote:
| Yes
| eivarv wrote:
| Yes - and not only for government and organizations:
|
| > In 1999, NetBus was used to plant child pornography on the work
| computer of a law scholar at Lund University. The 3,500 images
| were discovered by system administrators, and the law scholar was
| assumed to have downloaded them knowingly. He lost his research
| position at the faculty, and following the publication of his
| name fled the country and had to seek professional medical care
| to cope with the stress. He was acquitted from criminal charges
| in late 2004, as a court found that NetBus had been used to
| control his computer.
|
| https://en.wikipedia.org/wiki/NetBus
| jliptzin wrote:
| Even a law professor couldn't escape being framed, what does
| that mean for the rest of us?
| pardon_me wrote:
| Cheaper and quicker to just disappear us
| cylon13 wrote:
| Why would you expect a law professor to be an expert in
| avoiding being framed?
| jliptzin wrote:
| They might have the resources (experience, connections,
| money) to mount a successful defense that the average
| person wouldn't have access to?
| rovr138 wrote:
| So, not avoid being framed, but defending against it
| successfully, which they did.
| jliptzin wrote:
| Not before losing his career and having to flee his
| country, probably because his reputation was dragged
| through the mud. News of the acquittal doesn't travel
| nearly as far as the initial arrest - see sibling comment
| below.
| aliqot wrote:
| If you spelled netbus backwards you get subten, which is where
| the other tool subseven got its name.
| derbOac wrote:
| What was the motive for framing the scholar? I read through
| some of the material and didn't see an explanation of that
| part.
| bjornsing wrote:
| Interesting. I was a student at Lund University in 1999. I
| vaguely remember hearing about a law professor getting caught
| with child pornography, but the exoneration never reached me.
| yieldcrv wrote:
| It could happen to you.
| mikercampbell wrote:
| This is where I feel like reporting goes terribly wrong.
| Failure to correct stories like this just cements the wrong
| idea. It's not slander, but it's like slander by omission.
|
| It's as if bad news and boogie monsters sell better than "we
| reported incorrectly" I know, but still.
| rlt wrote:
| In this age of search engines and social media
| "amplification" a correction wouldn't even be sufficient.
| The original story will always be more salacious than the
| correction, thus more widely shared and more likely to
| appear in search results (unless Google etc somehow weight
| the correction higher, I have no idea if they do)
| tonywebster wrote:
| After a Minnesota lawyer reported his neighbor for allegedly
| sexually assaulting his son, that neighbor cracked the lawyer's
| wi-fi WEP encryption and proceeded to attempt to frame him for
| CSAM crimes, sexual harassment, and threatening of politicians.
| The lawyer's employer hired an outside firm to investigate, the
| Secret Service showed up, and ultimately a search warrant at the
| neighbor's home found evidence that he was the true culprit. He
| was given 18 years in prison.
|
| [1] https://www.wired.com/2011/07/hacking-neighbor-from-hell/
| lamontcg wrote:
| From earlier this year "Wife Framed Husband By Planting Child
| Sexual Abuse Images On Phone: Police" (https://www.msn.com/en-
| us/news/crime/wife-framed-husband-by-...)
| ThrowawayTestr wrote:
| Jeez, imagine if the guy didn't have the support of his
| employer.
| [deleted]
| magpi3 wrote:
| Here was an attempted framing that backfired. Talk about making a
| poor life decision.
|
| https://techland.time.com/2011/07/14/man-hacks-into-neighbor...
| pkrotich wrote:
| Sourced Wired article here
|
| https://www.wired.com/2011/07/hacking-neighbor-from-hell/
| mikercampbell wrote:
| I think most policemen are "good" (it's complicated) but I still
| perk up when I see one in my rearview mirror. I used to feel bad
| about it, thinking that I was paranoid, until I read a tweet that
| a policeman can kill you without much consequence, and so you
| have every right to be unsettled.
|
| I say this as someone who's sister was killed by a policeman who
| ran a red light, but was revived by the paramedics. She had
| severe brain hemorrhages, lacerated organs, broke her spine in a
| dozen places, and her pelvis in another dozen, and lost the use
| of 1/3rd of her brain tissue from blunt trauma. And while she was
| in a coma, the policeman tried to illegally access her phone,
| obtain blood and urine samples without a warrant, and more, all
| in an attempt to frame her. And to top it all off, on the one
| year anniversary of her surviving, she was served papers in the
| driveway on our way to dinner for "emotional trauma" and his
| sprained wrist from the incident. The judge sided with the
| policeman, despite the tire marks, forensics, and eye witnesses
| that demonstrated he ran that red light. She was fined her net
| worth, which included her entire college savings.
|
| She is alive and well, but will never be the same.
|
| This isn't a statement on police or police reform as much as it
| is an example of systems put in place to protect us (courts, FBI,
| the internet and its attempt at security) but can with one false
| swipe destroy everything we've ever worked for or loved. It
| sounds dramatic, but there are a dozen stories on this thread
| that demonstrate that.
|
| I'm not sure exactly what I'm trying to say, but it's insane how
| our social immune system isn't free from autoimmune diseases,
| where the mechanisms put in place to protect can instantly be
| flipped by a single bad actor.
|
| The template is like this:
|
| 1) Someone plants evidence on your device 2) Investigators are
| tipped off or find it 3) You get fired, registered as a sex
| offender, thrown in prison, flee the country, and your reputation
| is in shambles. 4) the media, rumormill, or even public
| statements from government, your former employer, university,
| etc. are distributed like wildfire. 5) it's proven that it wasn't
| actually you, you were just framed 6) society bears no
| responsibility in repairing anything it damaged in the process.
| You're not guaranteed anything, and not only that, scary news
| travels faster and further than "redaction-based news". 7) you
| might as well have committed the crime because you faced all the
| consequences of doing it in the first place.
|
| Did I get that right?
| jliptzin wrote:
| Yes, you got that all right but left out the cherry on top.
| Prosecutors will try to make a deal with you for admitting your
| guilt. As an innocent person your instinct would obviously be
| to reject any admission of guilt and go to trial, surely the
| jury will find you innocent? But in that scenario, prosecutors
| make clear they will seek the maximum penalty, which for
| possession of CSAM could very possibly be 50+ years in prison.
| Do you take the risk? After all, _technically_ you are in
| possession of the material even though you know it wasn't you
| who put you there. Who knows what the jury will think. Or do
| you take the deal and go on with the rest of your life falsely
| being labeled an admitted, convicted pedophile?
|
| My heart aches for your sister by the way, I hope she can
| somehow heal.
| TEP_Kim_Il_Sung wrote:
| Arguably, Ross Ulbricht was framed. The agents arresting him had
| full admin access and opportunity to plant all the evidence.
| pencilguin wrote:
| Yes. All the evidence in his case was badly tainted. Doesn't
| mean he is innocent, but that is what we are supposed to
| presume in absence of anything reliable.
| charleslmunger wrote:
| https://www.nytimes.com/2016/12/09/world/europe/vladimir-put...
| gdy wrote:
| Seriously? Putin must have also bought off British detectives
| and a prosecutor.
|
| "Bukovsky, who was expelled from the Soviet Union in 1976, told
| detectives he had indecent material, the court heard. "He
| [Bukovsky] responded immediately by saying he did download
| images and that they would be on the computer in his study,"
| Carter said.
|
| The police subsequently discovered "a very great deal of
| material" on two hard drives. It showed some "very young"
| children up to the ages of 12 and 13. They were "largely but by
| no means exclusively boys", the court was told. There were some
| adults involved.
|
| In an interview, Bukovsky told detectives he had become
| interested in child abuse images in the 1990s in the context of
| a debate on the control and censorship of the internet. "He
| became curious," Carter said. Bukovsky then looked for and
| discovered this material online, the prosecutor said.
|
| "Bukovsky said his initial curiosity turned into a hobby,
| rather like stamp collecting," Carter said. The dissident
| continued to download images between 1999 and 2014, and
| estimated that he had accumulated a collection of "1,500
| movies". His interest varied year by year. The last downloads
| took place days before his arrest.
|
| "His computer was looking for material constantly," Carter told
| the jury. "Mr Bukovsky said in essence he didn't see what harm
| he was doing. He said the children in most of the material
| looked as if they were enjoying themselves."
|
| The prosecution acknowledged that Bukovsky was a notable
| Kremlin critic seen as a hero by those who supported "the
| extension of human rights and democratic reform in Russia".
|
| "There was unfortunately another side to this man, which was
| far from laudable: an extensive interest in real children being
| really abused," Carter said."
|
| https://www.theguardian.com/uk-news/2016/dec/12/soviet-dissi...
| scarface74 wrote:
| I've read articles with various degrees of credibility. From this
| one that was seemed very credible
|
| https://www.deccanchronicle.com/technology/in-other-news/120...
|
| To this one that seemed to have been a scam
|
| https://thehill.com/homenews/media/477482-paul-krugman-my-co...
|
| Just to be clear. I don't mean that Krugman was lying and he was
| actually downloading child porn and he was trying to cover his
| tracks. I mean that someone fooled him into thinking that he had
| been hacked. To make it more clear. There was no indication that
| Krugman ever had child porn on his computer that either he
| downloaded or that he was hacked.
| hedora wrote:
| I can't find the article, but some people don't realize gmail's
| sent folder can contain incoming messages. (Google insists this
| is a feature.)
|
| Anyway, people have been fired because a coworker received a
| forged harassing email, and IT found the message in the true
| victim's sent box.
|
| Not really hacking, but, unlike every other mail client, GMail
| BCC (blind carbon copy) displays the BCC list to every recipient.
| This has caused significant trouble for people too.
|
| Examples: Send carefully worded response to harassing coworker,
| and BCC HR. Coworker sees the BCC, gets further bent out of
| shape. Alternatively, sales person BCCs some corporate VP or
| legal or other person the customer is not supposed to know about.
|
| As they say, if you are not paying, you are the product.
| kelnos wrote:
| > _GMail BCC (blind carbon copy) displays the BCC list to every
| recipient_
|
| Uhhhh... no it doesn't.
| davchana wrote:
| > Not really hacking, but, unlike every other mail client,
| GMail BCC (blind carbon copy) displays the BCC list to every
| recipient. This has caused significant trouble for people too.
|
| Do you mean if Smith was in TO field, Tom in CC, John in BCC,
| all these will be true?
|
| Smith & Tom should be able to see Smith as TO & Tom as CC. Both
| of them should not see John as BCC.
|
| John should be able to see all,TO, CC & BCC.
| jliptzin wrote:
| You don't need the hacking capabilities of a government, simply
| transferring files (like child porn) onto someone's computer
| without them knowing would be trivial to do once an exploit is
| found on the target's computer - certainly a lot simpler than
| ransomware which seems pervasive. Surprised it does not happen
| more often considering how easy it is, or maybe it does, after
| all who is giving an accused pedophile the benefit of the doubt?
| rosnd wrote:
| Yes. Australian federal police arrested Matthew Flannery aka
| Aush0k in 2013 claiming that he was the "leader of lulzsec". They
| even held a big press conference about this, but in reality
| Flannery had been framed and never held any ties to lulzsec.
|
| This happened because a bunch of people had been defacing
| Australian government websites with messages from "Aush0k, the
| leader of lulzsec" in order to mess with him.
|
| Those mean hackers even defaced MIT.edu with his name
| (https://news.ycombinator.com/item?id=5098218)
|
| Flannery was later found guilty of some computer crimes, but not
| the ones for which he was initially jailed.
| SideburnsOfDoom wrote:
| If the attempt to frame someone succeeded, by definition you
| won't hear abut it as "someone being framed".
| crtasm wrote:
| If the reality of the events were later proven, yes you would.
| SideburnsOfDoom wrote:
| If that happens, then it didn't ultimately succeed. By
| definition.
| macintux wrote:
| Money, imprisonment, trauma, stress, career destroyed...how
| much "success" do you want?
| SideburnsOfDoom wrote:
| I fully take your point about damage done, sure, but
| framing someone is an act of deception. If it is
| _ultimately_ uncovered, then the deception did not hold.
| dylan604 wrote:
| It depends on the ultimate goal of the one doing the
| framing though. If it was to just get someone removed
| from their position, it doesn't matter if it is later
| found to have been a case of being framed. It is unlikely
| the person will be reinstated. So in those cases, the
| framing was successful.
| SideburnsOfDoom wrote:
| This is why there are usually legal penalties for framing
| someone - so that "it does matter".
|
| If someone in a corporate setting gained a position by
| framing a rival, and it was then found out, there's a
| "wrongful termination" lawsuit against the company
| waiting to happen. Why would HR let the culprit continue
| in that position? Getting fired for malfeasance is IMHO
| not exactly "success".
|
| This is only a _risk_ not a certainty for the criminal
| who does it, but being found out does matter.
| dylan604 wrote:
| This type of thing does not necessarily mean that the
| person doing the framing is going to be the one replacing
| the job role. It doesn't even have to be done from an
| employee in the company. It could be done for any number
| of reasons. Someone from a competitor does it so that
| their company gets the benefit vs personal benefit. So so
| many other possibilities.
|
| In these situations, the person that filled the role is
| not guilty of anything.
| robswc wrote:
| You make a really good point.
|
| However, nobody would "frame" someone for deception's
| sake. There's gotta be an underlying motive. If the
| deception works to achieve that goal (or even 90% of it)
| I'd say its pretty successful.
|
| I agree it's a weird gray area though and you're correct
| that a "perfect framing" would never be found out.
| SideburnsOfDoom wrote:
| > If the deception works to achieve that goal (or even
| 90% of it) I'd say its pretty successful.
|
| That is true, but also anyone (With the usual exception
| of "untouchable" state agencies) who is found out to be
| framing someone, can expect to be prosecuted, regardless
| of if their frame was found before the intended damage
| was done, or after.
|
| "Perverting the Course of Justice" is a serious crime,
| and a frame qualifies as such: https://www.stoneking.co.u
| k/literature/e-bulletins/pervertin...
| lazide wrote:
| By 'expect to be prosecuted' i think you mean 'can expect
| to be prosecuted only in a tiny percentage of high
| profile cases'.
|
| Even murders have less than a 50% clearance rate.
| pencilguin wrote:
| > _" nobody would frame someone for deception's sake"_
|
| What you must have meant is that most people would not.
|
| I have known people who certainly would, even without any
| antipathy toward the person framed, just because they
| could. Stir in a trace of resentment, and they would go
| out of their way to do it.
|
| Maybe you have heard of Alex Jones, Roger Stone, or Steve
| Bannon? They have ardent fans.
| scantis wrote:
| The usage of locally forbidden material in online gaming, to
| insta ban opponents or as a form of protest is a well known
| trivial hack. Some games allow to spray an image file to a wall,
| the picture is downloaded by all players. Locally enforced
| censorship then causes disconnects and even legal repurcussians
| to some gamers.
|
| In some countries you are strongly obligated to make contact with
| illegal images know to the authorities. Failing to do so is
| punishable.
|
| Such an attack is as trivial, as annomously sending illegal
| material to the target, depending on the country. There are
| thousand of cases of minors sending nudes and causing legal
| investigations. You find articles of parents sending pictures to
| doctors and being banned from online services, which are known.
|
| Other social attacks, such as giving out free USB sticks with
| incriminating material are thinkable. Allthoug I am not aware of
| this being proven to have happened, one can find cases where
| people used this as a defense.
|
| People providing free uncensored internet by running a Tor node
| are known to have lots of legal troubles because of it, with
| different severity depending on the country. Even making it to no
| flight lists.
|
| Illegal pictures might not be viewed by the public. A government
| could just claim they found them on your device and may have a
| way to exclude them to be viewn by anyone. So an individual may
| have to start a defense from the fact that illegal material has
| been found on a device, without a chance to ever see the image.
| Again depending on the country and legal system, there might not
| even be a need for those illegal pictures to actually exist. Here
| a document from a governmental entity suffices.
| driverdan wrote:
| > There are thousand of cases of minors sending nudes and
| causing legal investigations.
|
| Do you have any evidence of this?
| bombcar wrote:
| I mean I guess you could say Stuxnet was a "free usb hack".
|
| A similar variation popular on Reddit is sock-puppeting
| illegal/forbidden material faster than the moderators can deal
| with it, and then get the admins to shut it down.
| prvit wrote:
| > The usage of locally forbidden material in online gaming, to
| insta ban opponents or as a form of protest is a well known
| trivial hack. Some games allow to spray an image file to a
| wall, the picture is downloaded by all players. Locally
| enforced censorship then causes disconnects and even legal
| repurcussians to some gamers.
|
| Any examples?
| hermitdev wrote:
| The original counter strike supported this. I was certainly
| guilty of using pornographic sprays back in college in the
| early 2000s.
| prvit wrote:
| Nobody was getting automatically disconnected from counter
| strike because of pornographic sprays though.
| whoknew1122 wrote:
| I know this was technically possible in Rust (the game, not
| the language) circa 2015 (when I last played). I'm not sure
| how often it was used to trigger bans or local law
| enforcement action, but I wouldn't put it past people in that
| community. I stopped playing specifically due to the
| community's toxicity.
| prvit wrote:
| Can you actually show a documented example of this?
|
| I strongly suspect this is a myth akin to the common reddit
| copypasta supposed to trigger Chinese filters (and that one
| is way more likely to work, at least it's HTTP traffic).
| whoknew1122 wrote:
| I didn't take any pictures 7 years ago to provide
| evidence to a forum I didn't even know about at the time,
| no.
|
| But there's someone on Reddit complaining about the same
| thing at the same time period.[1] NSFW words (not
| pictures) in the link
|
| [1] https://www.reddit.com/r/playrust/comments/3jdjdc/can
| _we_tal...
| prvit wrote:
| Oh, yeah, you could totally upload nasty pictures. What
| I'm questioning is the original claim that people have
| been using these mechanisms to trigger automatic internet
| censorship systems to kick people off game servers.
| mlry wrote:
| A German bank was investigated in 2010 [0] for allegedly planting
| discriminating evidence on the PC of a manager who they wanted to
| get rid of. I don't know exactly the outcome of this, but that
| bank was involved in a lot of scandals at that time.
|
| [0] https://www.businessinsider.com/details-on-the-wild-
| allegati...
| pencilguin wrote:
| Officers of Wells Fargo, Credit Suisse, and HSBC all seem to
| get away with a very great deal.
|
| I had gathered that HSBC, in particular, was (in the past, and
| maybe still?) the favored financial conduit of CIA projects,
| making investigating anything there what is called a "career-
| limiting activity" for any incautious FBI agent.
| DeathArrow wrote:
| >With the hacking capabilities of government and organisations,
| would planting incriminating material on somebody's computer be
| trivial?
|
| I do believe so. Twenty years ago as an curious teen it was easy
| for me to penetrate various systems and to dox people. Now the
| security is better but also the attack vectors and tools evolved.
|
| If we aren't talking about oranizations with good security
| practices or paranoid individuals, it won't take a large
| organization to break in a target. A good prepared hacker could
| do it. Maybe not in a few hours or days, but in some time it is
| doable if that person is sufficiently knowledgeable and
| determined.
|
| But we have to ask what for? Nobody is going to hack your
| personal system without having nothing to gain. And even if he
| has something to gain, the prior condition is for him to know
| this.
| ClumsyPilot wrote:
| > But we have to ask what for?
|
| Journalists and political activists were always targets of
| violence
| lookagain wrote:
| I can foresee one answer to the question 'why would someone do
| this?'. It's called a potent cocktail of vengeance and self-
| destruction. People who self-medicate through harming others
| are always looking for a way to escalate. Look up the story of
| UGNazi, and don't skip the ending.
| DeathArrow wrote:
| Well, I am one of the many people who theoretically can hack
| someone's system while not leaving evidences of it, at least
| not evidences pointing to myself.
|
| I do have people I dislike, and yet I don't hack in their
| systems to plant false evidences.
| iwillbenice wrote:
| While I am sure you are competent like most folks on here,
| I will say this: I have met a good number of people who
| claim they can "get in and get out un-noticed". In
| retrospect, I think rarely did they consider the
| possibilities of observation beyond the actual target
| system.
|
| My point is this: There is no defense against 0-day/X-day
| exploits in the wild. But the second best thing against
| being patched is logging and properly tuned alerting. In my
| 20-ish years of working in this field I've caught half a
| dozen attackers/intruders via logs and anomaly alerts.
| Without those 2nd best things in place the entire
| network(s) would probably have been compromised.
|
| Cheers.
| Stamp01 wrote:
| If you want to get back at someone, you could just punch
| them in the face or kick them in the nuts. We live in a
| world where simple assault results in less serious
| consequences than hacking.
| lookagain wrote:
| lookagain wrote:
| Some crimes are trivial to commit. Walking away unscathed
| from committing the crime is far harder than one might
| think. Consequences are inevitable, one way or another.
| hgarg wrote:
| Here is one https://www.wired.com/story/modified-elephant-
| planted-eviden...
| RunSet wrote:
| https://www.forbes.com/sites/augustinefou/2021/06/07/the-cur...
| VLM wrote:
| Hillary's email server?
| tablespoon wrote:
| Yes, an instance was documented in the documentary _The Net_ from
| 1995.
| bigmattystyles wrote:
| With that girl from the bus
| jrm4 wrote:
| I suspect this happens A LOT.
|
| This wasn't "recorded" because the victim is a very private
| person; but I was part of a team that caught _the prosecution_ in
| a little podunk town attempting to either interfere or plant
| evidence on a server DURING trial.
|
| We absolutely caught them red-handed. Perhaps it could have been
| made into a bigger issue, but it's kind of like, it's a small
| town no one cares about -- the judge is obviously one of "them","
| and the victim REALLY doesn't want to be caught up in big news
| stuff, so we're all opting to be quiet about it.
| niom wrote:
| Why would you need hacking for that? Classic https://xkcd.com/538
| nerd imagination.
|
| Simply seize some devices and place the incriminating evidence on
| them. Or just place a device with incriminating evidence among
| other seized evidence. Crime shows make you think every item is
| individually serialized and bagged or whatever but in reality
| they're just going to make a bag labelled "15 SD cards and 6 USB
| sticks". Stuff like hard drives is just going to be "hard drive
| #6" in the log. Just swap the stickers, easy as pie. You think
| evidence is stored securely? Secure is expensive, and it's all
| stuff of guilty people anyway (otherwise it wouldn't be seized).
| goodpoint wrote:
| xkcd is just a comic, not a tool for reasoning.
| devteambravo wrote:
| Sure, and memes are just cats.
| cmeacham98 wrote:
| It would be ""useful"" if the malicious government isn't the
| one with jurisdiction over the target. Put something on their
| computer that is illegal in the target's jurisdiction (obvious
| example: child porn), and "tip off" the relevant authorities.
| ensignavenger wrote:
| I jave had the misfortune of being tangentially involved in two
| separate CSAM investigations, and in both cases, the inventory
| of items seized was pretty detailed, including serial numbers
| when they were legible.
|
| In one case the suspect was innocent and no evidence was
| planted to try to convict. (The daughter of the woman who made
| the initial report admitted several months later that her mom
| had made the report up in order to bolster her child custody
| case- there were no consequences for the woman who made the
| false report...)
|
| In the other case, the suspect admitted guilt forthrightly.
|
| Now, I can't say what the norm is across the country/world,
| just my own experience with the system.
| pencilguin wrote:
| "Admitted guilt forthrightly" is also suspicious.
|
| The principal activity of higher level spooks and
| investigators is coercing people. Even when they don't have
| anything on the coercee, they can have, or claim to have,
| things on someone one cares about: a spouse, parent, sibling.
| Spooks are mainly supposed to coerce information delivery.
| Cops are supposed to coerce confessions and (if necessary,
| false) testimony.
|
| They may choose to coerce other things, of course, of less
| interest to their employers. Sociopaths love these jobs.
| ensignavenger wrote:
| While there is always some chance of that, I know enough
| about this particular case to say I don't have any
| reasonable doubt that the person was in fact guilty.
| pencilguin wrote:
| You may be entirely correct in this case, but the result
| doesn't generalize.
| tablespoon wrote:
| > "Admitted guilt forthrightly" is also suspicious.
|
| Not really. IMHO, it's pretty common impulse try to
| apologize when caught doing something in order to get less
| punishment. An apology is often effectively a confession.
|
| > The principal activity of higher level spooks and
| investigators is coercing people...
|
| So? Even if there are people who do stuff like that, it's a
| _tiny_ fraction of cases like this.
| pencilguin wrote:
| Are you unfamiliar with the definition of "principal
| activity"?
| lazide wrote:
| There have been cases of people who are not law enforcement
| planting evidence on someone's computer, then calling law
| enforcement. Which law enforcement then persues aggressively,
| of course. Links in sibling comments.
| bitwize wrote:
| I've watched cop shows and noticed that there are scenes when
| the DA comes in and chews out the chief of police for doing
| slipshod work because he doesn't have enough evidence to
| convict. When the reality is more like a Chappellian "sprinkle
| some crack on the evidence". Or the cops will just lie on the
| stand and the jury will take them at their word.
| buran77 wrote:
| Most popular cop shows running now (like Law and Order) are
| pure fantasy, propaganda, and wishful thinking. They're made
| to present a much better version of reality because the real
| story would turn people's stomachs and lead to a level of
| unrest and distrust that would help no one in the short term,
| least of all the police.
|
| And trying to make a show highlighting the dark side of
| policing would be close to impossible these days. Movie
| shooting relies a lot on the police for things like crowd and
| traffic control, and even for using real cops and equipment
| in some scenes. The police can make it very hard to continue
| effectively. It's the same story as with the Pentagon and
| military themed movies [0][1].
|
| [0] https://news.ycombinator.com/item?id=29835933
|
| [1] https://news.ycombinator.com/item?id=22590378
| robbintt wrote:
| Check out "We Own This City" on HBO now, a more modern view
| of "The Wire". Unfortunately the story is still wrapped in
| people getting caught and justice being served, but it's a
| start.
| dylan604 wrote:
| The Wire is a work of fiction. We Own This City is based
| on a non-fiction book about actual cops convicted for the
| crimes they committed. They both are set in Baltimore,
| the same producer is involved, and there are many actors
| appearing in both series, but the story lines have
| nothing to do with each other. So not sure about the
| "modern view".
| mandmandam wrote:
| In Ireland we had a huge bruhaha over our Tanaiste (a high up
| in government) being "terrorized" at a protest in Jobstown.
|
| For weeks, headlines across the country talked about how she
| was "trapped" in her car "for hours". She was "terrified"!
| Protesters were brought up on serious criminal charges over
| this incident of "kidnapping" and "forceful detention".
|
| High ranking police-people testified on the stand that her
| car was unable to leave the area due to the protesters, for
| hours.
|
| Then, it came out - leaked on social media - that video
| footage from multiple angles proved beyond doubt that the
| incident had been completely overblown.
|
| In fact, she could have left at any time, with plenty of
| space behind her car. All those police sergeants and the
| Tanaiste herself were lying out of their teeth.
|
| The response from Irish media was to try and put restrictions
| on social media. They ignored the story for a while, then a
| few years later printed stories about her "recalling her
| trauma" at the protest.
|
| So yeah. This was a high profile incident with an entire
| country watching - imagine what they do when the accused is
| 'just some professor or journalist or whatever'.
| GekkePrutser wrote:
| I think the OP was primarily thinking about placing actual
| incriminating evidence on an innocent subject to be used to
| convict them in a court of law. What was done here was
| stupid but not illegal, and it was done in favour of the
| subject (basically PR). Also no hacking was involved, just
| media 'spin'.
|
| It's indeed stupid how the Irish media are obeying the
| government's spin though.
| mandmandam wrote:
| Fair points, though I'd say lying under oath is illegal
| even if you're in high office.
|
| You've reminded me about what happened to Maurice McCabe
| though.
|
| Summing up from memory: he gave detailed evidence about
| widespread systematic corruption at the highest levels
| and below in the Irish police.
|
| Shortly after, he was accused of stealing a pedo priest's
| hard drive from evidence. Accusations, later found
| completely untrue, were made by a garda of him doing bad
| things to young people.
|
| Shortly after, a "copy and paste error" in a Tusla (Irish
| child services) database accused him of molesting a
| Garda's underage daughter at a birthday party.
|
| After a huge fight involving many years of horrific
| struggle, multiple Garda Commissioners and a Minister for
| Justice resigned over the series of incidents. McCabe
| received a 5 million euro settlement. But for many years,
| the vast majority of the Irish media refused to touch his
| story; and even after it all came out they continued to
| report on it in the most twisted way possible. For
| example, they never mention, when discussing the "copy
| paste error", that this was in fact the third attempt to
| smear McCabe in this way.
|
| (A brief timeline of the saga:
| https://www.irishexaminer.com/news/arid-20442857.html)
|
| Stupid isn't the word you're looking for - it's
| 'complicit'.
| lazide wrote:
| The really insidious part is they often aren't even
| 'obeying' (which implies a directive), it's often 'goes
| along with' in the hope of getting better access to
| interesting stories and drama, and selling more papers.
| ravenstine wrote:
| "simply"
|
| In principle, yes, xkcd brings up a valid point. And it's not
| entirely sound. The entire point of hacking is to _not_ have to
| get your hands dirty, figuratively speaking, and to obtain far
| more opportunities for exploitation than what might be had by
| drugging and torturing someone. After all, one could physically
| beat a single password out of someone to and find that said
| password has no value, all while putting one 's self at risk of
| being targeted for committing crimes against humanity. If a
| password obtained through hacking leads to nothing, it's
| entirely possible no one will ever know you had it or bother
| coming after you.
|
| And in this particular subject, placing material on stolen
| physical media carries a greater risk of being traced back to
| you than if a purely digital exploit was taken advantage of. It
| comes with less plausible deniability and a greater risk of
| getting caught in the act IRL.
| robswc wrote:
| Honestly really good point. Comic is funny but I like that
| you're bringing a bit more sanity here.
| jimlongton wrote:
| Yes, look up the Bhima Koregaon case in India. Indian police used
| Israeli spyware to hack the phones of lawyers, human rights
| activists and critics of Modi. They also used phishing and other
| malware to plant terrorist material and then imprisoned them.
|
| > In Wilson's case, a piece of malware known as NetWire had added
| 32 files to a folder of the computer's hard drive, including a
| letter in which Wilson appeared to be conspiring with a banned
| Maoist group to assassinate Indian prime minister Narendra Modi.
|
| [1] https://www.washingtonpost.com/world/2021/07/20/indian-
| activ...
|
| [2] https://www.wired.com/story/modified-elephant-planted-
| eviden...
| pencilguin wrote:
| Just last year an NSA ... contractor? ... was convicted for
| mishandling classified materials, and, curiously, not for
| possessing the child pornography they also accused him of
| having on his computer. There was a wholly credulous New Yorker
| article about it, linked on HN.
|
| Supposedly he had foolishly exposed all the passwords of his
| phone and online accounts so they could freely find anything
| they liked, or that had been planted. _And_ the unit he worked
| in was, IIRC, _coincidentally_ exactly involved in cracking
| security on accounts, and somebody else he had worked with,
| there, had developed an antipathy toward him, to the point that
| he had filed an HR case expressing fear for his own safety.
|
| That a top-level security expert would have left all his own
| passwords exposed was transparently ludicrous, and the author
| and jury should both have been deeply suspicious of any
| evidence claimed to come from it, but seemed entirely
| oblivious.
|
| It is just possible the jury saw evidence not derived from
| online records. But I doubt it.
| 2OEH8eoCRo0 wrote:
| While in jail he had his passwords for his contraband phone
| written down in his notebook. How was that fabricated?
|
| https://www.newyorker.com/magazine/2022/06/13/the-surreal-
| ca...
| nathan3212 wrote:
| You're confusing a few details, he was a CIA employee and he
| was almost certainly guilty. You should read through the
| court transcripts, they basically recovered logs showing him
| doing it on his workstation and managed to narrow it down to
| the leak on the basis of a typo in a command that existed in
| the logs and in the copy of the dump sent to wikileaks.
|
| He spread a lot of FUD in his defence though, so if you don't
| pay attention and bother to read the court transcripts you'll
| walk away with the opinion you have.
|
| For the record, he was barely computer literate-- they made
| their living writing programs that basically just inject DLLs
| and copy files. I'm probably being a little untruthful
| calling him border-line computer illiterate, he has a
| bachelors in CS or similar, but he was just a basic
| programmer and not some sort of super hacker or exquisite
| computer all-star.
| pencilguin wrote:
| Logs are as easy to fabricate as anything else. Especially
| for people in that line of work. Which could easily be what
| they actually did on a day to day basis.
| GekkePrutser wrote:
| > That a top-level security expert would have left all his
| own passwords exposed was transparently ludicrous
|
| Not quite. Some experts apply all their own expertise to
| themselves, others are more lackluster about their own opsec
| because they 'know what they are doing' or 'this isn't
| anything important'. Never underestimate human laziness.
|
| I work in IT security and I see the full range of total
| disinterest to full tinfoil hat mode in this environment when
| it comes to people's own resources.
|
| Also, it depends on people's area of expertise. Most of our
| networking security specialists are running segmented VLANs
| and IDS at home, and WPA3 with all the trimmings. The Windows
| AD security guys would just have whatever router the provider
| provides and sometimes don't even change the provided wifi
| password (which in many cases is algorithm-generated based on
| the MAC address or something!), but their windows
| workstations would be top-notch secured.
| pencilguin wrote:
| It is transparently ludicrous to assume as a matter of
| evidence. Yes, many people are stupidly incautious,
| particularly when they "have nothing to hide". But having
| nothing to hide and therefore being incautious make
| planting anything easy.
| ev1 wrote:
| Back in the office days I'd see senior-tier engineers
| without uBlock, loading blatantly malicious ads and being
| redirected to fake flash player download pages while giving
| a presentation, Firefox message saying that their SSO
| password (saved in browser of course) is reused in other
| places and shows up in compromises, browser addons on work
| PCs that exfiltrate every URL visited and inject rubbish
| onto every page like Honey or Rakuten, signed into personal
| accounts on a work device...
|
| It's kind of bizarre.
| resoluteteeth wrote:
| There was a case in Japan in 2012 where someone sent death
| threats through other people's computers, initially leading to
| people whose computers were compromised being arrested:
| https://www.pcworld.com/article/439407/cathacking-japanese-m...
| mikewarot wrote:
| A similar tactic is SWATting, the act of fraudulently calling
| emergency services to another person's address. [1]
|
| [1] https://en.wikipedia.org/wiki/Swatting
| Stamp01 wrote:
| People get hacked because of iframes all the time. This is called
| clickjacking. It's an example of the so-called confused deputy
| problem. Developers can and should mitigate the issue by setting
| the X-Frame-Options and Content-Security-Policy headers
| appropriately.
| yieldcrv wrote:
| I think its a ripe vulnerability that is being exploited and the
| people being framed have no clue what is happening or how to
| prove they are a victim.
|
| So that also means we don't have proof they are being framed
| because they haven't been vindicated yet.
|
| Aside from criminal issues, most of this is happening in
| arbitration and civil courts.
|
| I can give one or two suspect examples that mostly involve
| ignorance, resulting in the wrong defendant being there, the TV
| arbitrator finding the defendant absurd, and rewarding the
| plaintiff. Despite the defendant echoing well known issues in IT
| and cybersecurity circles.
___________________________________________________________________
(page generated 2022-10-22 23:01 UTC)