[HN Gopher] SBF Caught Using VPN While Awaiting Criminal Trial [...
___________________________________________________________________
SBF Caught Using VPN While Awaiting Criminal Trial [pdf]
Author : 1vuio0pswjnm7
Score : 101 points
Date : 2023-02-15 21:13 UTC (1 hours ago)
(HTM) web link (ia801508.us.archive.org)
(TXT) w3m dump (ia801508.us.archive.org)
| pphysch wrote:
| > Today, it came to the Government's attention--based on data
| obtained through the use of a pen register on the defendant's
| gmail account--that the defendant used a VPN or "Virtual Private
| Network" to access the internet on January 29, 2023, and February
| 12, 2023.
|
| https://en.wikipedia.org/wiki/Pen_register
| gzer0 wrote:
| I mean, I knew that there was mass surveillance occurring, but
| to this extent... perhaps I needed a refresher on just how much
| warrantless data is being collected on the citizens of the
| United States.
|
| The DEA has warrantless access to with no judicial oversight
| under "administrative subpoenas" originated by the DEA. The DEA
| pays AT&T to maintain employees throughout the country devoted
| to investigating call records through this database for the
| DEA. The database grows by 4 billion records per day, and
| presumably covers all traffic that crosses AT&T's network.
| Internal directives instructed participants never to reveal the
| project publicly.
|
| Information that is legally collectible according to 2014 pen
| trap laws includes:
|
| Phone * Dialed numbers * Received call
| numbers * The time the call was made * Whether the
| call was answered, or went to voice-mail * The length of
| each call * Content of SMS text messages * The
| real-time location of a cell phone to within a few meters
|
| Email * All email header information other than
| the subject line * The email addresses of the people to
| whom an email was sent * The email addresses of people
| whom received the email * The time each email is sent or
| received * The size of each email that is sent or
| received
|
| Internet * IP address, port, and protocol used
| * The IP address of other computers on the Internet that
| information was exchanged with * Time-stamp and size
| information of Internet access * Protocol traffic
| analysis to obtain URL web addresses surfed on the web, emails
| posted or read, instant messages exchanged, and information
| posted onto message boards
|
| The last one is particularly damning. Interesting that no
| warrant is needed for any of this.
|
| [1] https://www.nytimes.com/2013/09/02/us/drug-agents-use-
| vast-p...
|
| [2]
| https://archive.nytimes.com/www.nytimes.com/interactive/2013...
|
| ---
|
| _Crucially, they said, the phone data is stored by AT &T, and
| not by the government as in the N.S.A. program. It is queried
| for phone numbers of interest mainly using what are called
| "administrative subpoenas," those issued not by a grand jury or
| a judge but by a federal agency, in this case the D.E.A._
|
| Administrative subpoena authorities allow executive branch
| agencies to issue a compulsory request for documents or
| testimony _without prior approval from a grand jury, court, or
| other judicial entity._
|
| ---
|
| Planting AT&T employees and deeply embedding them within the
| government like that, utilizing "administrative subpoena's"
| that require no grand jury OR judge (just the DEA themselves)
| is, in my personal opinion, a breach of my 4th amendment right.
| popilewiz wrote:
| The dude is under several investigations, including a
| criminal one. I'm pretty certain one of them mandates the
| monitoring of his internet use. Not that the info you
| provided is not disconcerting.
| mlindner wrote:
| Warrants that mandate a monitor of a specific email address
| are not "mass surveillance".
| gzer0 wrote:
| Warrants that are granted by no grand jury, nor a judge?
| are these even valid warrants at this point?
|
| [1] https://en.wikipedia.org/wiki/Administrative_subpoena
|
| I'm not defending SBF. The man needs to be charged and be
| put behind bars for the crimes committed. I'm just stating
| that this article was eye opening to me.
| harmon wrote:
| Mass surveillance is out of control as you say, and I am
| a strong proponent of reigning in warrantless wiretaps
| and governmental overreach. However, as many people have
| stated, a pen register (which requires a warrant) against
| a specific individual suspected of a crime where there is
| a MASSIVE amount of evidence suggesting that the suspect
| is guilty has nothing to do with mass surveillance. This
| is targeted, narrowly scoped surveillance of a specific
| suspect and is precisely what law enforcement should be
| doing.
| JumpCrisscross wrote:
| > _granted by no grand jury, nor a judge?_
|
| Pen register orders require court approval [1].
|
| [1] https://www.law.cornell.edu/uscode/text/18/3123
| gzer0 wrote:
| An administrative subpoena under U.S. law is a subpoena
| issued by a federal agency without prior judicial
| oversight.
|
| I didn't say a court wasn't needed; I implied that this
| is a Kangaroo Court
| RhodesianHunter wrote:
| What makes you assume no warrant in this case?
| sho_hn wrote:
| The Wikipedia page on "Pen register" suggests you don't
| need a warrant.
| cldellow wrote:
| The Wikipedia page talks about the history of pen
| registers over the last 100 years.
|
| It's a lengthy, complicated page, and I'm not a lawyer...
| but I think the relevant section that describes their
| current use is this one, which suggests to me that you do
| need a warrant:
|
| > For law enforcement agencies to get a pen register
| approved for surveillance, they must get a court order
| from a judge. According to 18 U.S.C. SS 3123(a)(1), the
| "court shall enter an ex parte order authorizing the
| installation and use of a pen register or trap and trace
| device anywhere within the United States, if the court
| finds that the attorney for the Government has certified
| to the court that the information likely to be obtained
| by such installation and use is relevant to an ongoing
| criminal investigation".
| salawat wrote:
| Keep in mind, any 3rd party record is not covered by the 4th
| Amendment. There is no expectation of privacy nased on 3rd
| Party Doctrine.
|
| Also, there is a forensics package that can be hot loaded on
| just about every router out there for law enforcement
| purposes.
| munk-a wrote:
| While I agree this level of surveillance is worrying since
| it's probably also being applied to normal people.... SBF has
| been charged and has been awaiting trial domestically since
| Dec 30, 2022. They are, from a spectator[1] point of view,
| quite clearly guilty of a lot of shady stuff and it would
| honestly be pretty bonkers if they had access to private
| communication for non-privileged conversations at this point.
|
| 1. Edited as per comment below.
| pwillia7 wrote:
| > peanut gallery
|
| I didn't know this until recently --
| https://www.rwjbh.org/why-rwjbarnabas-health-/ending-
| racism/...
| munk-a wrote:
| I was completely unaware as well - edited.
| [deleted]
| spiralx wrote:
| That page also claims that "picnic" has a racist origin
| based on lynching, despite being derived from a French
| word from the 1690s:
|
| https://www.etymonline.com/word/picnic
|
| Their entries on "long time no see" and "no can do" seem
| pretty spurious as well, which undermines the whole
| page's validity. It's a shame TBH, those are really
| strange unforced errors to have included.
| danjoredd wrote:
| I assume that they are paying special attention to his
| internet connection considering the extent of his fraud.
| While a VPN can hide your IP, your ISP can still tell when
| a connection is using a VPN so if the courts allow law
| enforcement to monitor his connection then they would know.
|
| Now, if SBF connected through a McDonalds wifi somewhere
| and they somehow found out it was him using a VPN, that
| would be concerning because there is no way they should
| know that its his laptop unless they knew he was on his way
| there ahead of time and somehow got permission to monitor
| their public wifi. That feels very unlikely
| Animats wrote:
| It's amusing that the Government calls what they're doing with
| Google a "pen register". They usually do that to squeeze
| through the small exception in the Fourth Amendment created by
| _Smith v. Maryland._
|
| The pen register shown in that Wikipedia article is mine. To
| use it, you need physical access to a phone line, probably at
| the central office. You put in a blank spool of paper tape, add
| stamp pad ink to the ink roller, and wind it up with a big
| brass key. When it detects a dial pulse, the clockwork
| mechanism starts the tape moving, and each dial pulse produces
| a dash on the tape. There's a mechanical idle timer which stops
| tape movement after a few seconds of idle time. I built a box
| with a phone dial to run that brass device as a demo.
|
| That's what law enforcement had to use in the days of
| electromagnetic central offices. Only long distance calls were
| logged. Local calls were, at most, counted. That's why the
| Supreme Court decision refers to a pen register as an
| "extremely limited" device.
| cloudripper wrote:
| Fascinating.. Thank you for the history lesson. Do you happen
| to have video of your demo functioning that you'd be willing
| to share?
| dragonwriter wrote:
| > It's amusing that the Government calls what they're doing
| with Google a "pen register". They usually do that to squeeze
| through the small exception in the Fourth Amendment created
| by Smith v. Maryland.
|
| Well, they do it most directly because it is a "pen register"
| as defined in law: _...the term "pen register" means a device
| or process which records or decodes dialing, routing,
| addressing, or signaling information transmitted by an
| instrument or facility from which a wire or electronic
| communication is transmitted, provided, however, that such
| information shall not include the contents of any
| communication, but such term does not include any device or
| process used by a provider or customer of a wire or
| electronic communication service for billing, or recording as
| an incident to billing, for communications services provided
| by such provider or any device or process used by a provider
| or customer of a wire communication service for cost
| accounting or other like purposes in the ordinary course of
| its business;..._ 18 U.S.C 3127.
|
| You are correct that this statute was created to manage the
| process related to the exception identified in Smith v.
| Maryland, but I don't think that there is a good-faith
| argument that it is either inconsistent with the scope of the
| exception _or_ anything except a _limitation_ on law
| enforcement compared to _not_ having the statute.
| sschueller wrote:
| So in this case it's basically a BCC on his Gmail?
| alwayslikethis wrote:
| Should have gone with Mullvad (not affiliated). They don't
| require or send emails.
| davidcbc wrote:
| At this point I'm convinced the only reason he's allowed out on
| bail is so that the prosecutors can run up the score on how many
| crimes he'll ultimately be charged with
| rogers18445 wrote:
| They apparently caught him because he logged into a wiretapped
| gmail with a VPN. It's not difficult to segment your network such
| that some software does not use a VPN tunnel. On Linux, it can
| even be made fool-proof with network namespaces.
|
| You can even render the default network namespace barren such
| that any accidentally launched software has no network of any
| kind.
| cmeacham98 wrote:
| I interpreted it differently - I'm assuming what "pen register"
| means in relation to GMail is that they get the metadata (i.e.
| who he is sending/receiving email from) and saw that he used
| his email to sign up for a VPN.
| Thorentis wrote:
| If true, is that actually a breach of bail conditions? How
| did they prove that he actually _used_ the VPN rather than
| just, for the sake of argument, signing up to NordVPN to
| support his favourite YouTube creator?
| cmeacham98 wrote:
| It is not a breach of bail conditions (at least not
| currently). The prosecution is arguing that VPN use makes
| SBF more of a flight risk, and is asking the court to make
| the bail conditions more strict because of it.
| panki27 wrote:
| Using an anonymization software to access a service which
| directly identifies you... yeah, who would have guessed this is
| not a good idea.
| throw10920 wrote:
| > You can even render the default network namespace barren such
| that any accidentally launched software has no network of any
| kind.
|
| This sounds extremely appealing. Do you have any quick-start
| resources for this, or do we just have to read the complete
| documentation for Linux namespaces?
| notch898a wrote:
| "Your honor I shared my gmail password with someone else before
| the bail conditions were set."
| kube-system wrote:
| The classic "I didn't do it" defense.
| serf wrote:
| a defense that gets stronger and more likely as human
| automation becomes more prevalent.
|
| checking your email earlier on in history meant more as a
| signal than it does now when 20 devices check an account
| 200 times a day automatically.
|
| (not to defend SBF, but I think a fair amount of us are
| checking our email a lot more often than when we actually
| touch a device.)
| londons_explore wrote:
| So... let me get this straight... SBF is currently on bail... and
| the state and his lawyers are arguing about the exact bail terms
| that should apply...
|
| Shouldn't the terms of bail be set before bail is granted?
| anigbrowl wrote:
| His lawyers are trying to create an issue where none exists,
| with the implicit threat of bringing up civil rights claims in
| motion work and at appeal, jacking up the cost to the
| prosecution.
|
| This is how wealthy defendants operate: argue every little
| thing to death, then plant stories in the media like
| 'prosecutors have spent amazing high $/% of budgeted taxpayer
| monies on trying to prosecute one guy'.
| notch898a wrote:
| SBF says he only has at most $100k. At this point that's
| probably all gone especially considering hiring daily private
| security squads. How can he afford all this litigation?
| dev_hugepages wrote:
| He could be simply lying
| billiallards wrote:
| The same way he afforded bail.
|
| His parents used the house that he bought for them as
| collateral, and a few unnamed benefactors also contributed.
|
| Looks like the court just named them today, though. Larry
| Kramer and Andreas Paepke, heavyweights from the Stanford
| clique who might be friends of his family:
|
| https://www.cnbc.com/2023/02/15/sam-bankman-frieds-two-
| bond-...
| austhrow743 wrote:
| Presumably his rich parents want him to have a good
| defence.
| londons_explore wrote:
| And worse, they then asked the defence lawyers if it would be
| acceptable to add a 'no VPN' term...
|
| Those defence lawyers then presumably consulted their client
| before agreeing to it...
|
| So... SBF used a VPN, and was then asked "Heya, we're
| considering banning you from using VPN's because we can't track
| what you do on them, what do ya think??". And only later did a
| ban come into force... Giving plenty of time to use a VPN for
| whatever deeds he doesn't want the court to know about...
| JumpCrisscross wrote:
| > _plenty of time to use a VPN for whatever deeds he doesn 't
| want the court to know about_
|
| This is why SBF's counsel "represented that the defendant
| will not use a VPN in the interim." Absent that
| representation, the government would have petitioned the
| court to revoke bail.
| [deleted]
| JumpCrisscross wrote:
| > _the state and his lawyers are arguing about the exact bail
| terms that should apply_
|
| My understanding is his bail terms didn't mention a VPN. The
| government is petitioning the court to alter the bail terms to
| now prohibit the use of a VPN.
| Laaas wrote:
| Are they going to disallow HTTPS, DNS over HTTPS, and
| encrypted SNI too?
| hesdeadjim wrote:
| Maybe his strategy is to be such a fucking idiot that he can
| pretend there is no way he could mastermind such a big scam.
| time_to_smile wrote:
| It's remarkable to me the consequences of people telling you
| you're a mega-genius without you realizing they're telling you
| for _their own_ benefit.
|
| It makes perfect sense why everyone, sincere and fraudster
| alike, would want to promote SBF as a boy genius. It's a great
| marketing tool, it helps convince people who don't understand
| crypto to have faith in the product, and you also get someone
| who believes the spotlight should be on them, which is
| particularly useful for any fraudsters who would prefer to
| remain in the shadows.
|
| Clearly SBF never questioned that praise (who would at the
| time?), and still is operating as though he were smarter and
| more special than everyone around him. The sad irony is it
| reveals that he's markedly less clever than most of the people
| he associates with. Caroline Ellison, at least from what I've
| seen, seems to have realized quite quickly that the smartest
| choice was to quickly realize she wasn't a brilliant as she had
| been told.
| toyg wrote:
| _> [SBF] is operating as though he were smarter and more
| special than everyone around him_
|
| I mean, let's be honest among ourselves: in IT this sort of
| psychological profile is table stakes.
| mikestew wrote:
| That hypothesis comes up repeatedly, but I imagine it would
| hinge on whether or not judges would say to themselves, "he's
| too stupid to jail". IANAL, but I believe judgement is based on
| whether or not you did "it", whatever "it" might be. Then _at
| sentencing_ a judge could use "stupid" as a mitigating factor.
| For example, "normally you'd get 20 years, but because you're
| stupid..."
|
| But I can not emphasize enough that IANAL, and this is just (as
| with most folks, I would guess) something I pulled out of my
| butt. Based on what little interaction I've had with the U. S.
| justice system, man, I sure wouldn't let the outcome rest on
| the judge's view of my intelligence, though.
| munk-a wrote:
| I believe the above post was mostly in jest but just to
| clarify - to qualify for any sort of lighter sentencing you'd
| need to demonstrate a far more impactful intellectual
| disability.
|
| Idiots are everywhere in society - there are idiot
| billionaires, idiot crypto bros and idiots that you pass on
| the street everyday. Normal idiocy is not a defense -
| otherwise it probably would've been significantly easier for
| Elon Musk to back out of the acquisition of Twitter.
| Eduard wrote:
| Additionally, a narcist can be too proud for exploiting a
| "I did a stupid mistake" defense.
| cmeacham98 wrote:
| My (albeit limited) understanding is that if SBF's lawyers
| can convince the jury that he was simply very incompetent
| that would be better (still a crime, but a less severe one)
| than if he intentionally defrauded customers. Similar to
| the difference between murder and manslaughter.
|
| I don't think he's actually trying to bolster his defense
| though, I think he's largely an idiot and used to getting
| away with almost anything with few/no consequences.
| yieldcrv wrote:
| > Fifth, a VPN is a more secure and covert method of accessing
| the dark web.
|
| This is not accurate, unless they are considering Tor a VPN too?
|
| I guess using a VPN before accessing Tor could make it so your
| local router and ISP not know but its super insecure to give a
| VPN all your Tor traffic, and Tor Bridges also do that.
| jdkee wrote:
| He needs to be locked up.
| wombatpm wrote:
| I think there is enough money and enough people of wealth and
| power involved that they are going to give him the Epstein
| treatment when they revoke his bail
| [deleted]
| dang wrote:
| https://news.ycombinator.com/item?id=34810681 has a different
| document. Which is the more interesting/informative? and what
| should the title be?
|
| (I'm running out the door but will try to check this later)
| notch898a wrote:
| The state is playing whack-a-mole on somebody who's allowed
| internet access. It's a losing proposition, he will always find
| another way to technically not break the rules.
| cmeacham98 wrote:
| The problem is not that he's "breaking the rules" (technically
| or not), the problem is that the government is afraid SBF will
| use the VPN to cash out crypto he has through a no-KYC exchange
| and make a run for it.
|
| It's about bail - if you know somebody could easily obtain
| money without the government knowing (and is doing the thing
| that would enable them to do that), then they become much more
| of a flight risk (at least in the prosecution's eyes, and they
| hope the court agrees).
| notch898a wrote:
| You're talking about the reason for the rules. I'm saying as
| long as he has internet access they will be playing whack-a-
| mole to make rules that achieve the very goal you express. I
| don't see any reasons why both our statements cannot exist
| without opposing each other.
|
| As an aside, I would squabble that breaking the rules, or
| not, is a relevant problem.
| elif wrote:
| No, mostly they are concerned about him communicating with
| other defendants and/or victims and/or paid fall guys and
| pre-orchestrating his trial.
|
| He wouldn't get very far if he tried to outsmart interpol.
| mywittyname wrote:
| Maybe he shouldn't be out on bail if he's so huge of a risk.
| selectodude wrote:
| I think most people would agree. Unfortunately the one
| person who matters is the judge and the 78 year old Lewis
| A. Kaplan does not seem to be swayed by that argument.
| radicaldreamer wrote:
| Obviously... bail was initially granted by a judge who's
| famous for being lenient to white collar criminals, until
| that judge stepped aside because her husband worked for a
| firm which did work for FTX...
| tombert wrote:
| I think you're right, but I have to think that if this is
| something they're genuinely concerned about, then maybe he
| should, you know, _not_ be given bail?
|
| IANAL, but isn't it pretty common for people who are flight
| risks to not be let out on bail?
| inasio wrote:
| There's also the possibility that the state doesn't really want
| to stop SBF from incriminating himself, he seems to have been
| doing a pretty good job so far.
| anonkogudhyfhhf wrote:
| And his well connected family of high profile lawyers will get
| him out of any punishment
|
| https://mobile.twitter.com/unusual_whales/status/16259299432...
| ceejayoz wrote:
| We'll see. "His well connected family of high profile lawyers
| will get him out of any indictment" was a common opinion here
| leading up to his indictment.
| hnthrowaway0315 wrote:
| I think this is too big. Look who signed on that bail. Best
| case they made some deals under the table and let SBF eat all
| of the shit. Worst case SBF hang himself or something
| similar.
| mblevin wrote:
| This dude just cannot tell the truth even for a second.
|
| Obviously nobody needs a VPN to watch something on a national
| broadcast and he's clearly up to SOMETHING that he shouldn't be
| under the guise of accessing his NFL game pass account.
|
| This is continual sociopath behavior from someone who can't
| possibly believe that they could ever do anything wrong, and they
| are simply misunderstood.
|
| It's utterly maddening.
| elif wrote:
| I might feel that entitled too if I just got to fly a stolen
| first class ticket to my stolen mansion when I was meant to be
| in jail.
|
| Then again maybe he actually is entitled and I'm the dumb one
| for thinking rules apply to rich people.
| eddsh1994 wrote:
| Stolen mansion?
| pvarangot wrote:
| He bought a house for his parents with the money from his
| allegedly-very-fraudulent business and is now living there.
| I think part of his bail money is also from a mortgage on
| said house.
| NotYourLawyer wrote:
| Keep digging, Sam.
| corbulo wrote:
| Sam is about to settle the debate of whether the earths core is
| spinning
| eastbound wrote:
| You can't dig a bigger hole when you're already fully fried.
___________________________________________________________________
(page generated 2023-02-15 23:01 UTC)