[HN Gopher] U.S. Army Soldier Arrested in AT&T, Verizon Extortions
___________________________________________________________________
U.S. Army Soldier Arrested in AT&T, Verizon Extortions
Author : mmsc
Score : 267 points
Date : 2024-12-31 08:24 UTC (14 hours ago)
(HTM) web link (krebsonsecurity.com)
(TXT) w3m dump (krebsonsecurity.com)
| fifteen1506 wrote:
| Thank god EU is going to take this in consideration next time
| ChatControl is being proposed.
|
| /s
| cynicalsecurity wrote:
| Thanks flying Spaghetti monster EU is more free than US.
| daghamm wrote:
| I first heard about this dude many months ago. Why did it take so
| long to bring him in? He was pretty open about who he is and what
| he is doing.
| soneca wrote:
| The article establishing his identity was only published a
| month ago[1] and the security expert seems to be impressed with
| how fast it took to bring him in.
|
| _"Between when we, and an anonymous colleague, found his opsec
| mistake on November 10th to his last Telegram activity on
| December 6, law enforcement set the speed record for the
| fastest turnaround time for an American federal cyber case that
| I have witnessed in my career," she said._
|
| [1] https://krebsonsecurity.com/2024/11/hacker-in-snowflake-
| exto...
| daghamm wrote:
| By the time kerb published his story this has being going on
| for a long long while. He was openly bragging about being in
| army and stationed in SK.
|
| I mean, didn't army or some agency start investigating this
| before Kerb?
| jjulius wrote:
| > I mean, didn't army or some agency start investigating
| this before Kerb?
|
| How do we know that they didn't?
| siva7 wrote:
| So what was his opsec mistake so that we can learn something from
| this case?
| throwaway290 wrote:
| > On November 26, KrebsOnSecurity published a story that
| followed a trail of clues left behind by Kiberphantom
| indicating he was a U.S. Army soldier stationed in South Korea
|
| Read the article, There is a link in that sentence.
| formerly_proven wrote:
| https://news.ycombinator.com/item?id=42251799
| oefrha wrote:
| The main takeaway for me is the following. Everything you post
| online will end up in a public archive. That includes
| everything you post to supposedly private or semi-private
| venues, like Telegram channels. Everything you posted when you
| were a dumb kid will be there too, however long ago that was.
| So, if you're gonna be a cybercrminal, make absolutely sure
| that you start with a clean slate. No one can know the
| connections to your past, because even if you're careful, other
| idiots can let slip (like using your old moniker to address
| you) at any time. And don't post fucking photos, ever.
| gorbachev wrote:
| And don't brag about your crimes after the fact online, or
| anywhere else either.
| oefrha wrote:
| Boasting is required in his line of work, that's how they
| build street rep, sell their products/services, and recruit
| people. (Contrast this to spycraft where the acceptable
| amount of boasting is zero.)
|
| What did him in was boasting from a non-clean slate
| identity among other things. He needed strict separation
| between big time jobs which require an absolute clean slate
| because all the attention will be there, small time jobs
| that are likely numerous and sloppier but no one will
| bother to investigate, and pleasure. He didn't have that.
| Arrath wrote:
| Remember kids, only break one law at a time. And once
| you're done, shut the hell up!!
| rscho wrote:
| Hilarious case in point
|
| https://www.cbsnews.com/news/carl-stewart-drug-dealer-
| identi...
| mvdtnz wrote:
| I don't buy that they got his fingerprints and palm prints
| from that photo.
| wongarsu wrote:
| Why not? Seems like a pretty clear shot of three of his
| fingers and a good partial print of his thumb. I assume
| the original was higher resolution than the version in
| the article.
|
| The CCC made a point a couple years ago by publishing
| finger prints of high ranking German government officials
| extracted from photos
| machine_coffee wrote:
| I think they went even further and 3d printed their
| thumbprint and unlocked their phone with it, if I
| remember correctly.
| GoblinSlayer wrote:
| Just change your thumbprint after a leak, no problem.
| dylan604 wrote:
| A dedicated criminal wouldn't have fingerprints.
| datavirtue wrote:
| Fingerprint tech is ridiculously advanced. I saw a
| documentary where they lifted a print off a pillow case
| decades later.
| Kostchei wrote:
| I did fingerprints from a digital photo in 2012 maybe
| earlier. Old mate was holding up drugs to be
| photographed. Bit of contrast, blew it up, sent it to
| fingerprint bureau and what would you know, we had those
| prints on file. Not the crime of the century and not
| absolute proof, but a damn good start for a case from a
| simple post on socials. More useful than most
| intel/hearsay that ends up in crimestoppers or similar
| channels.
| normie3000 wrote:
| No longer a friend?
| wipash wrote:
| "Old mate" is an Australian/NZ colloquial term for
| someone who you either don't know or don't want to name.
| Zambyte wrote:
| The ads under that article are about as funny as the
| article itself. Lots of hilariously bad AI generated images
| and stuff
| pavel_lishin wrote:
| You don't run an adblocker?
| hluska wrote:
| Clearly they don't.
| chatmasta wrote:
| Maybe his comment is an opsec deflection strategy.
| bandrami wrote:
| Remember when the NYT published a high-res, straight-on
| photo of the TSA luggage master key? Good times.
| malfist wrote:
| It's not like you can't find them on Amazon for cheap.
| There's also more than one master key it's a whole set.
| That said, when the lock picking lawyer bought a bunch of
| TSA locks, they all used master key #7 I think.
| Aloisius wrote:
| Eh. Wasn't a big deal honestly.
|
| It takes little effort to reproduce the key by
| disassembling the lock to get access to the plug.
| eterm wrote:
| I assume the original was a lot higher resolution, else
| that stinks of parallel reconstruction.
| hnuser123456 wrote:
| The article also mentioned the whole platform he was
| using was cracked by police. They might have been able to
| get the metadata but not want to explain that to others
| still using that platform.
| meigwilym wrote:
| The BBC made a good podcast about the busting of
| Enchrochat.
|
| https://www.bbc.co.uk/programmes/m001v9ds
|
| Possibly/probably only available to UK IP addresses.
| af78 wrote:
| Plays fine in France.
| frereubu wrote:
| I think most audio-only BBC programmes are available
| globally, even if they sometimes have ads inserted into
| them which aren't present if you're in the UK.
| coryfklein wrote:
| Here's a direct podcast URL you can add via your favorite
| podcast app:
|
| https://podcasts.apple.com/ca/podcast/gangster/id15628433
| 29
| grecy wrote:
| That is exactly how the Silk Road guy was finally identified
| and caught.
| jasdi wrote:
| That's not enough. Even the best people and teams, can make
| mistakes and they do so all the time.
| Y_Y wrote:
| But how are they to be tied together? If you don't use the
| same name, or talk about very specific or correlateable
| things, then it's hard for me to imagine how you're tying my
| old IRC chats to my facebooks groups to my Telegram
| conspiracies. As far as I'm aware the really useful metadata
| is rarely available since only the site operator had that and
| most likely deleted it or threw it in a drawer.
| sjsdaiuasgdia wrote:
| You might want to give the prior Krebs post on this guy a
| read - https://krebsonsecurity.com/2024/11/hacker-in-
| snowflake-exto...
|
| It shows how small bits of information from several sources
| are used to tie this guy's aliases together.
| Y_Y wrote:
| Thanks, that's exactly what I was looking for.
| potato3732842 wrote:
| I'm worried this new "level up" of communication and record
| keeping technology at a time when fundamental ideological
| differences between groups in the western world are causing
| problems is going to result in a repeat of 1500s europe.
| warner25 wrote:
| This reminds me of things that I've read about intelligence
| agencies increasingly finding it impossible to give agents
| fake identities for cover; everyone now has just left too
| much of a trail of data behind them. And if you find or
| create someone with no such trail, that stands out as being
| suspicious.
|
| As an aside, this is a paradox that has fascinated me for a
| while. Potentially any step that we take to be more private
| or anonymous makes us stand out more, thus easier to track
| and re-identify, because we end up in a smaller crowd (i.e.
| anonymity set).
| grumple wrote:
| He expressed negative sentiments about South Korea and showed
| he accessed a particular website at a given time.
|
| Don't post anything on the internet if you wish to remain
| anonymous. Don't express opinions about anything.
|
| We've had a few different posts on HN demonstrating that it is
| trivial to link aliases based on writing style. To avoid this
| you'd have to pipe everything you write through an LLM. And
| then you have another potential data point.
| staunton wrote:
| > We've had a few different posts on HN demonstrating that it
| is trivial to link aliases based on writing style.
|
| Do you have a link? I wasn't able to find it...
| ailef wrote:
| https://news.ycombinator.com/item?id=33755016
| randunel wrote:
| In spite of every programmer at work following the same
| styling guidelines and programming patterns, I can quite
| easily identify the author of a pull request by reading
| their code alone. The commenter's claim seems plausible to
| me.
| Marsymars wrote:
| I might actually have an easier time identifying authors
| by commit messages/patterns rather than their content
| since the styling guidelines are mostly handled by
| linters.
| ilamont wrote:
| Someone created a tool two years ago that does this,
| https://stylometry.net but it appears to be offline. The
| creator at the time said:
|
| _This site lets you put in a username and get the users
| with the most similar writing style to that user. It
| confirmed several users who I suspected were alts and after
| informally asking around has identified abandoned accounts
| of people I know from many years ago. I made this site
| mostly to show how easy this is and how it can erode online
| privacy. If some guy with a little bit of Python, and $8 to
| rent a decent dedicated server for a day can make this,
| imagine what a company with millions of dollars and a
| couple dozen PhD linguists could do._
|
| https://news.ycombinator.com/item?id=33755016
|
| It's also possible to eyeball similar writing styles,
| although not at scale. That's how "Fake Steve Jobs" was
| uncovered in 2007:
|
| _Last year, his agent showed the manuscript to several
| book publishers and told them the anonymous author was a
| published novelist and writer for a major business
| magazine. The New York Times found Mr. Lyons by looking for
| writers who fit those two criteria, and then by comparing
| the writing of "Fake Steve" to a blog Mr. Lyons writes in
| his own name, called Floating Point_
|
| https://www.nytimes.com/2007/08/06/technology/06steve.html#
| :....
| cynicalsecurity wrote:
| This sounds like an advice for living in a crazy
| authoritarian country, not in the West.
|
| It's astonishing how people are supposed to have freedom of
| speech and freedom from being spied on, since they live in
| the West and not in a Stasi controlled state, but they are
| given an advice not to talk too much, or the Big Brother is
| going to get them.
| amanaplanacanal wrote:
| That was advice for a criminal who wants to avoid getting
| caught, not what you are talking about.
| echoangle wrote:
| Well Big Brother is going to get you if you're a criminal.
| This advice was for cybercriminals who don't want to get
| caught, not some random person disagreeing with the
| government on the internet.
| grumple wrote:
| I do think there is some danger in writing anything
| publicly. Our next government could decide to jail you
| based on something you said. Society could decide that
| some widely held opinion you once had is now forbidden.
| Anything you write could be used by nuts to dox you and
| expose you to harm.
| krapp wrote:
| You might as well say there is some danger to going
| outside because any random person could just stab you in
| the street. There is some danger to eating because
| anything you eat may have been poisoned. Yes,
| theoretically, everything but the laws of physics are
| arbitrary, anything is possible, and everything is
| dangerous. But this isn't an insightful or interesting
| observation to make.
| angoragoats wrote:
| In a vacuum you might be right, but come next month the
| serial stabbers and food-poisoners will be in charge of
| the executive branch of the US government. So it's
| correct to be concerned about it, if you live there.
| hhh wrote:
| You can say whatever you want as a citizen, the advice is
| for criminals to avoid identification.
| kristiandupont wrote:
| That freedom may disappear in the future. And you won't be
| able to delete your trails then.
| krapp wrote:
| Just follow the advice of The Wire and don't take notes on
| your criminal conspiracy, much less post them to the
| internet.
| jcpham2 wrote:
| I will consciously alter the way in which I write wordz on le
| intranetz to make it more difficult to single me out as a
| Vietnamese female. I'm guessing not everyone puts this much
| thought into making words for posterity :-)
| Y_Y wrote:
| I already have this filter applied to HN.
|
| See e.g. https://idiomreplacex.de/ (German language)
|
| It used to be a fun lab prank to set text filters on
| browsers of unattended laptops, like swapping all gendered
| words. A colleague spent a week in an alternate universe
| before he realized something was amiss when he read a movie
| review for "The Lady of the Rings".
| sureglymop wrote:
| I will say that, because this is so trivial, I wish there was
| at least a way to delete ones profile here.
|
| It wouldn't imply deleting the content too, the username
| could just be `[deleted]` or `ghost` or something.
| AnimalMuppet wrote:
| Yeah, deleting _comments_ doesn 't work because of the
| threaded nature of conversations here. Deleting the _user_
| , though... you might suggest this to dang
| (hn@ycombinator.com).
| normie3000 wrote:
| Reddit has threads and allows deleting comments. It's
| quite annoying when reading historical [deleted]
| duxup wrote:
| Yeah spammers and non serious trolls use that method a
| lot, it's a bummer.
| kelnos wrote:
| If you click through the FAQ link, there's a link to a
| comment from dang that says they'll reassign comments to
| throwaway accounts on request, or even change your
| distance to something random, which will in effect delete
| your account, but keep all your comments attributable to
| a single "anonymous" entity.
|
| I think allowing for account deletion line reddit does
| (with all comments attributed to "[deleted]") is bad for
| following a conversation after the fact. I'm fine with
| HN's policy here and think they've struck a decent
| balance. I think this should be a case of "if you're not
| ok with this, don't post on HN".
| mkl wrote:
| From the FAQ link at the bottom of the page: https://news.y
| combinator.com/newsfaq.html#:~:text=Can%20I%20...
| jcpham2 wrote:
| The previous Krebs article [1] on this walks through the opsec
| mistake(s) but it always comes down to email address re-use and
| nickname/ handle re-usage. As more data breaches happen the
| likelihood of an opsec mistake increases. Once a handle is
| burned it's best to never re-use it again... ever. Even if it's
| been a decade.
|
| Also, the reuse of email or any form of contact information on
| a service/ web hosting or DNS registration is another common
| opsec oopsie
|
| [1] https://krebsonsecurity.com/2024/11/hacker-in-snowflake-
| exto...
| lawgimenez wrote:
| Loose lips, sink ships. Based on the articles he brags too
| much.
| markus_zhang wrote:
| I have watched a Defcon tall about a drug dealer and his opsec
| was already pretty good (fake name and address, yagi for wifi,
| etc.) but he still got caught because of one of the guys he
| used to launder Bitcoin was caught.
|
| So I think the point is not to get into the bullseye of the
| state.
| red-iron-pine wrote:
| it we're thinking of the same one it's this:
|
| https://www.youtube.com/watch?v=01oeaBb85Xc
|
| DEF CON 30 - Sam Bent - Tor - Darknet Opsec By a Veteran
| Darknet Vendor
| markus_zhang wrote:
| Yep that's him!
| seanhunter wrote:
| He committed the oldest opsec mistake of all - bragging about
| what he did.
|
| "He who would keep a secret must keep secret that he has a
| secret to keep" - Sir Humphrey Appleby but I think he was
| paraphrasing Goethe
|
| That said, opsec is (to all practical intents and purposes)
| impossible in the long run in the face of a very determined
| adversary. If they want to find you, you will have done
| _something_ to give someone a lead and there will be enough
| pieces to put the picture together.
| silvestrov wrote:
| "He that would keep a secret must keep it secret,
| that he hath the secret to keep." Who said that?
| It was Sir Humphrey. - Who said it originally?
| - Francis Bacon, wasn't it?
|
| Starting a subtitle 2653 in https://yes-
| minister.com/ym2x01-2x07.srt
| FredPret wrote:
| Best show ever
| ratherbefuddled wrote:
| Still _perfectly_ relevant today as well.
| FredPret wrote:
| Human nature never changes
| moomin wrote:
| I read an OpSec manual around the time of GamerGate. One
| truly basic thing: never do anything to link two accounts
| together. Never mention it, never promote it. I doubt many
| people know who I am on reddit but I 100% know that anyone
| sufficiently inclined could identify me.
|
| Next: obviously avoid biographical details. People can
| compile a lot of information about you online.
| wutwutwat wrote:
| if your profiles are not filled with random made up data
| that is never the same across accounts, you're doing it
| wrong :)
| redserk wrote:
| As a former president of the United States, I'm inclined
| to agree but the random made up data needs to be subtle
| enough not to warrant suspicion.
| duxup wrote:
| I wonder if that really works / throws anything off?
|
| Every time we see someone caught it is one very solid and
| clear link that triggers the rest of pieces to fall into
| place. It almost never seems like it's a bunch of minor
| bits making up the whole.
| pests wrote:
| Profiles with random data stand out and get extra
| attention. What's the same between your accounts? Random
| data.
| bee_rider wrote:
| Quite a while ago somebody shared some post analysis tool
| that would try to pair up the accounts of multi-account
| users. Used some cosine distance magic IIRC. Anyway, can't
| remember the link, but it seemed to impress folks (I have
| only one account so wasn't able to test it myself).
|
| I wouldn't be surprised if anybody you wanted to do opsec
| against had a much better version of that tool...
|
| I do sort of wonder where that sort of stuff will go. In
| one hand, we're all mostly just shitposting anyway so we
| don't really need privacy. On the other, I dunno, we all
| enjoy being able to explore ideas pseudonymously, right? I
| wonder if we'll all end up having to pass our arguments
| into LLMs to get any sort of pseudonymity in the future.
| loeg wrote:
| https://news.ycombinator.com/item?id=33755016 (offline
| now, though).
| bookofjoe wrote:
| I can't help but recall a NYC robbery around 20-30 years ago
| where the perps took photos of each other with a Polaroid
| camera they found at the scene and left the Polaroids behind.
| bradly wrote:
| > So what was his opsec mistake so that we can learn something
| from this case?
|
| From the article:
|
| "Anonymously extorting the President and VP as a member of the
| military is a bad idea, but it's an even worse idea to harass
| people who specialize in de-anonymizing cybercriminals"
| perihelions wrote:
| Additional comments here,
|
| https://news.ycombinator.com/item?id=42251799 ( _" Hacker in
| Snowflake extortions may be a U.S. soldier
| (krebsonsecurity.com)"_; 34 days ago, 195 comments)
| reversethread wrote:
| Funny looking back on all the comments about how it was
| potentially a false flag.
| t_mann wrote:
| Which comments are you looking at? By a brief scan, the vast
| majority of comments, including practically all the top-voted
| ones, are calling out his "opsec troll" as a deflection
| strategy, which appears to have been confirmed now. Even if
| there are some that bought his story, your comment does not
| seem like an adequate reflection of the general tone of that
| thread.
| 542354234235 wrote:
| >your comment does not seem like an adequate reflection of
| the general tone of that thread.
|
| I don't think they were trying to capture the "general
| tone" but a pervasive idea that kept coming up in the
| comments. When I saw the headline, the first thing I
| thought about was this thread and "all the comments"
| talking about 3D chess false flag moves. Not the majority,
| not the overall sentiment, but just a significant number of
| eye rolling comments.
| jjulius wrote:
| Yeah, like this comment confidently stating that he's not
| a US soldier and the fatigues aren't military-issue...
|
| https://news.ycombinator.com/item?id=42256857
| duxup wrote:
| It's not like military-issue fatigues would even be hard
| to come by. People's conspiracy theory gotchas always
| seem awkward / unlikely at best.
| krisoft wrote:
| > It's not like military-issue fatigues would even be
| hard to come by.
|
| That is exactly the point the linked comment makes. It is
| in agreement with you on that. Fatigues like the one on
| the image he shared are easy to come by. This is what the
| comment says and this is what you say.
|
| > People's conspiracy theory gotchas
|
| There is no conspiracy theory in the linked comment. It
| just says that they believe the perpatrator is not really
| in the military just pretending to be. That is hardly a
| conspiracy theory.
| duxup wrote:
| False flag theories always seem so much more complicated than
| necessary / actually would seem to introduce MORE risk of
| being uncovered because of the complexity.
| mktemp-d wrote:
| Telegram users spinning up their own honeypots and blindly
| trusting a client/server message encryption system is never not a
| great idea for new grass root criminal enterprises.
| assanineass wrote:
| By grass root you mean not state sponsored? Agreed it's not a
| good idea using Telegram as a server, people forget bots have
| chat history you can replay too
| duxup wrote:
| I find that some folks who know just a little about security
| are some of the worst at it. Their ability to confidently make
| terrible choices and inexplicably expose themselves to more
| risk than some rando citizen is amazing. It's like their strong
| enthusiasm / personal beliefs drive them head long into
| inexplicable choices and now their eggs are all in one insecure
| basket and they put a lot of foolish things there.
|
| In contrast a more nervous / unknowing person might think "oh
| man I better not talk about this anywhere, I don't know who
| could be listening".
| JohnMakin wrote:
| It's like that classic bell curve troll meme - "oh man I
| better not talk about this anywhere, I don't know who could
| be listening" is a correct instinct, especially in a western
| country. Doing _anything_ on the web, whether it be crimes
| and ecommerce, is _absolutely_ not anonymous. They re-use
| handles or emails that have personally identifying
| information, they don 't use clean workstations, they brag
| (dumbest opsec thing ever, giving away information for
| absolutely no reason than your big ego), they taunt law
| enforcement. Osama bin Laden basically vanished off the face
| of the planet when much of the world's most powerful
| intelligence and militaries were hunting him, and he wasn't
| hiding in a cave, but he was not connected to the internet in
| any way whatsoever and communicated via courier, which
| _still_ got got. The only reason you are anonymous or think
| you are anonymous is because no one powerful or determined
| enough has gone looking yet. This is a fact I am convinced
| of, and I am much more fearful of successful obfuscation
| tactics and red herrings left on purpose rather than a 20
| year old kid engaging in a fantasy that he 's so l33t he'll
| never get caught.
|
| The other thing I'd say to any aspiring criminals out there
| is it's usually much less stressful and still profitable to
| get gainful employment if you are actually a talented hacker.
| Most of these guys seem like script kiddies, that do not
| understand the ramifications of what they are doing. Some of
| these breaches will be felt and cleaned up for decades, all
| so they could get a laugh and a few shekels and their e-peens
| stroked by other criminals.
| duxup wrote:
| >especially in a western country
|
| I'm not really convinced this is a distinction that
| matters.
| JohnMakin wrote:
| To me it does, in terms of data privacy and isolation if
| your goal is to remain undetected by anyone you wish not
| to be - it's the wild west, even if you believe the GDPR
| has been effective. Even if you do believe it's just as
| bad in the rest of the world, we're heading into some
| sort of crisis when sufficiently powerful computing
| becomes commercially available (if it isn't already
| somewhere in a lab) and all the data these countries have
| been hoovering up and storing for who knows how long
| becomes decrypted, I would much rather be living in other
| parts of the world in terms of my privacy if/when that
| day comes.
| duxup wrote:
| I'm not sure I understand.
|
| I guess I was saying that I don't see "especially" the
| west as far as privacy goes.
| sofixa wrote:
| Are you under the impression things are somehow better in
| e.g. Saudi Arabia or Russia or China? Maybe if the
| qualification was "developed countries", because
| developing ones might not have the budget, but "the west"
| is just wrong.
| profsummergig wrote:
| Here's the tragedy: the free world actually needs people with his
| skills working on their side.
| trimethylpurine wrote:
| According to the article he attempted to sell data that a
| different person obtained. He didn't retrieve the data himself,
| so I'm not so sure that he has any skills we need. He isn't
| even a good salesman, apparently.
|
| > _Judische said he had no interest in selling the data he'd
| stolen from Snowflake customers and telecom providers, and that
| he preferred to outsource that to Kiberphant0m and others.
| Meanwhile, Kiberphant0m claimed in posts on Telegram that he
| was responsible for hacking into at least 15 telecommunications
| firms, including AT &T and Verizon._
| hoofhearted wrote:
| No we don't lol..
|
| That's like saying we need plumbers and electricians who come
| into your house and steal everything.
| alt227 wrote:
| Make no mistake, he will be forced into hacking for the NSA for
| the rest of his life under threat of child porn offenses.
| llamaimperative wrote:
| Sure I'll make no mistake on this if you can share some
| evidence
| myko wrote:
| what an odd comment
| oyashirochama wrote:
| That's not how it works, they don't want people who have
| broke laws anymore especially due to the prior hacker leaks
| (Snowden).
| jcpham2 wrote:
| "Law Enforcement wants to put you in jail for a very long time"
|
| The CFAA[1][2] is an arcane and ancient piece of legislation that
| could use an overhaul, especially with some of the vague language
| it contains. A person would definitely want to make sure they are
| authorized prior to touching a computer or even data that may not
| have authorization for.
|
| Unauthorized use of a computer is the easiest felony to commit
| accidentally it would seem. Although in this case I don't think
| that's a legitimate argument to be made. This person or persons
| knew they were committing crimes.
|
| I'm not defending the hacker either, the quote at the end of the
| article rings true.
|
| [1] https://www.justice.gov/jm/jm-9-48000-computer-fraud
|
| [2] https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act
| tg180 wrote:
| > The CFAA[1][2] is an arcane and ancient piece of legislation
| that could use an overhaul, especially with some of the vague
| language it contains.
|
| I imagine that this is the reason why the charge is "unlawful
| transfer of confidential phone records", which is something
| much more specific.
|
| From PACER, it's also stated that he filled out the CJA23
| financial affidavit to demonstrate his inability to afford a
| lawyer (it's quite something to get caught like this and not
| even manage to earn enough to pay for a lawyer).
|
| Additionally, "the defendant waives the rights provided by Rule
| 5 and/or Rule 32.1 of the Federal Rules of Criminal Procedure"
| means that he is choosing to streamline the initial procedures
| and is waiving supervised release or probation, suggesting that
| the prosecution's case is strong and that he is opting for an
| expedited process.
| oyashirochama wrote:
| One fun thing is personal recording isn't a protected right
| in the military and has to be stated if you're recording in
| an office for personal reasons. (official recording is
| usually stated as a usage agreement), or literally put on the
| device as a sticker.
|
| He's also a low level enlisted so its not surprising he was
| unable to afford a lawyer.
| oyashirochama wrote:
| Archaic? Yes, but its typically pretty easy to prove if its not
| required within their job to use. Unauthorized use is basically
| the "did anyone say you could or couldn't do this" in
| written/signed form. Basically accidental breaking of it has to
| fail the intent and purpose reason most of the time.
| boomskats wrote:
| So does anyone know whether he did the full Cornholio impression
| when they arrested him?
| MarkusWandel wrote:
| Curious: What happens to a military service member who does this?
| Punished within the military and then booted out (and with what
| kind of discharge?) Or booted out first (with what kind of
| discharge?) and then punished in the regular civilian system? Or
| possibly even retained in the military?
| christina97 wrote:
| It's called a court martial.
| oyashirochama wrote:
| Courts martial, its weirdly plural since its a title/noun of
| something specific.
| Symbiote wrote:
| It's a court martial, since the use was singular.
|
| https://en.wikipedia.org/wiki/Court-martial
| xyst wrote:
| Probably sent here:
| https://en.m.wikipedia.org/wiki/United_States_Disciplinary_B...
| (Leavenworth)
| oyashirochama wrote:
| Depends on length, if he's convicted for greater than I think
| 90 days, he'll be there, less it'll be base confinement
| usually to his dorms/barracks. They will likely just do a
| quick boot and access removal since it sounds like he was
| just a middleman. and a BCD discharge at worst, or other-
| than-honorable discharge.
| bumby wrote:
| They are generally under the jurisdiction of the Uniform Code
| of Military Justice. So usually punished and sentenced within
| the military and eventually separated with a bad conduct or
| other-than-honorable discharge. Dishonorable discharge is
| exceedingly rare.
| LanceH wrote:
| If he was on base, probably UCMJ.
|
| If the crimes were committed entirely off base against non
| military victims, then probably civilian court, followed by
| additional UCMJ punishments and discharge.
|
| I had a roommate who got drunk and assaulted a cop (it went
| very badly for him). He remained in the military for his
| surgery and court time while confined to quarters, reduction
| to e-1, and forfeiture of pay. He had a civilian trial and
| was convicted and served 90 days. Then came back to be
| discharged. Oddly, I don't even know what discharge he
| received -- he was my roommate when he went out that night,
| and wasn't after that.
| llamaimperative wrote:
| This is a serious NatSec/intelligence issue though... not
| punching a cop?
| xyst wrote:
| So this person, "kiberphant0m", was just a middleman to sell the
| data? At best, he is a skid and low level foot soldier.
|
| Government using this to send a loud message to future skiddies -
| "don't fuck with us"
| 9cb14c1ec0 wrote:
| So an army soldier who was clearly part of military intelligence
| services goes rogue and does some hacking on his own. I've always
| wondered what it would look like if an NSA-type went rogue. Now
| we know.
| ChumpGPT wrote:
| Did you forget about Edward Snowden?
| anonym29 wrote:
| The hero who revealed to the American public that their own
| government was secretly treating them like hostile foreigners
| and lying about it to our faces? And that everyone who
| collaborated to build the collection infrastructure violated
| the oath they swore to uphold the constitution, given that
| the mere collection itself was ruled unconstitutional by a
| federal judge?
|
| That's not going rogue, that was the most heroic and
| patriotic thing anyone in his shoes could possibly do.
| 2OEH8eoCRo0 wrote:
| Snowdon is a traitor and a coward. Where is he living these
| days?
| booleandilemma wrote:
| Somewhere our beloved leaders can't arrest him and send
| him to a CIA black site for the rest of his life.
| wyldfire wrote:
| I don't think he's a traitor, especially if you consider
| the intent of his disclosures and the care he took to
| make sure that only the info that needed to be disclosed
| was. I suppose we can agree to disagree on that topic.
|
| But "cowardice" - that claim is just mind-boggling. What
| he did, even if you disagree with his motivations,
| required self sacrifice and bravery. Fleeing (what he
| believes to be) unjust laws that would punish him for his
| work is not at all cowardly.
| hollerith wrote:
| I agree. Snowden's most traitorous act IMHO seems to have
| been mistakenly assuming that Beijing and the government
| of Hong Kong could afford to antagonize the national-
| security establishment in Washington to the extent of
| letting him reside in Hong Kong.
| Yiin wrote:
| Where can he live anyways? Every other country will
| extradite his ass back to US, be real.
| anonym29 wrote:
| In the country he was transiting through en-route to his
| final destination in South America, before POTUS
| deliberately and specifically revoked his passport after
| ensuring Snowden had landed at his layover airport, in
| order to construct and disseminate the false narrative
| you're currently regurgitating.
| oyashirochama wrote:
| He did break the law and all, means to an end isn't a
| good path unfortnately when you have no power. There were
| options to take to whistle blow the surveillance of
| citizens and it's illegal under NSA's own policy that
| they ignored illegally, and there's a technically
| independent section/organization for leaking these issues
| to OCA. Though I'm not sure if it was around in Snowden's
| time, it could literally have been made due to his
| concerns ironically.
| simoncion wrote:
| > There were options to take to whistle blow the
| surveillance of citizens...
|
| You should read Snowden's statements on the official
| channels he attempted to use, and those he disregarded.
| You should also go read up on what Daniel Ellsberg
| thought of Snowden's chances for getting a fair trial
| after publicly blowing the whistle on the long-running
| violation of federal domestic spying law. [0]
|
| [0] In the mid-1970's, FedGov treated whistleblowers who
| released classified information very, very poorly. These
| days (and back in the mid 2000's), FedGov fucking
| _crucifies_ such people behind closed doors.
| 2OEH8eoCRo0 wrote:
| He never attempted to use official channels.
|
| > "As a legal matter, during his time with NSA, Edward
| Snowden did not use whistleblower procedures under either
| law or regulation to raise his objections to U.S.
| intelligence activities, and thus, is not considered a
| whistleblower under current law." (p. 18)
|
| https://intelligence.house.gov/news/documentsingle.aspx?D
| ocu...
|
| You should give these docs a skim, I'd be curious what
| your thoughts are. I used to sympathize with Snowden (and
| Assange) until I read into what actually went down.
| simoncion wrote:
| In hindsight, given what happened to Julian Assange, it
| turns out to have been a very lucky thing for Snowden
| that the US State Department revoked his passport before
| he was able to actually arrive in Ecuador.
|
| While the State Department stranding him in Russia means
| that chronically uniformed folks will forever call the
| guy names like "Russian plant", at least he's very
| unlikely to ever be extradited.
| anonym29 wrote:
| Fair point. The US Federal Government certainly hasn't
| had any moral qualms with shadowy assassination plots, to
| say nothing of blatantly covering up illegal, geneva-
| convention-violating murders conducted by US Federal
| Government employees in Vietnam, Iraq, Afghanistan,
| Syria, etc.
| wyldfire wrote:
| Well, on one hand I'm surprised to see this take on HN. OTOH
| it's nice that it's not strictly a hive-mind.
| the-chitmonger wrote:
| There's nothing inherently negative about going rogue and
| hacking - I think few would deny that that's what Snowden
| did.
| 9cb14c1ec0 wrote:
| Maybe I read this story wrong, but I wouldn't put Snowden in
| the same crowd as this person. Much more of a criminal in
| this case versus a whistleblower.
| whimsicalism wrote:
| i don't think that's correct, it seems from the article he was
| mostly involved in reselling the data.
|
| i don't think we generally deploy our actual good hackers
| abroad (i'm also not sure how many of them are directly
| employed by the govt vs contractors)
| warner25 wrote:
| From the dawn of cyber operations elements within the US
| military, and continuing today, I think there has been a
| culture of trying to push them out to the "tactical edge."
| Basically, senior leaders have always been wary of them
| becoming totally disjoint from the rest of the force. So I
| wouldn't assume that they don't deploy abroad.
|
| However, I would be skeptical that the people in uniform are
| the "actual good hackers." Unfortunately, uniformed career
| paths (set by law, in many cases, and certainly long
| tradition) are not conducive to anyone developing any deep,
| technical expertise. I think we have cyber operators in
| uniform largely to do the things that legally can't be done
| by someone who's not in uniform. I think they are backed by a
| lot of civil servants and contractors (including academics on
| loan or moonlighting) with the deeper expertise. I think this
| is true for a lot of the more technical military systems, by
| the way, not just a cyber thing, e.g. aviation, air defense,
| nuclear stuff.
| Rebelgecko wrote:
| It sounds like he was more of a comm/IT guy, not MI
| datavirtue wrote:
| That bold font needs to die in a fire.
| c64d81744074dfa wrote:
| For some reason I find this kind of sad. This kid seems like a
| Dunning Kruger effect poster boy.
|
| I mean, when I was younger I would have been gleeful about some
| bragging idiot getting busted but now, *shrug*, everyone just has
| some "condition".
| chmod775 wrote:
| Am I the only one who feels that Brian's tendency to include lots
| of personal details (of suspects and people he doesn't like) in
| his articles is weird and creepy?
|
| His reporting looks more and more like the Daily Mail of
| cybersecurity.
|
| Occasionally very good investigative journalism, yet always
| aggressively devoid of class.
| mardifoufs wrote:
| Yes, not sure what it adds to the articles either. The only
| thing that it ends up doing is making any miss from his end a
| much more serious thing, because he basically can't get stuff
| wrong without more or less defaming someone (which has happened
| in the past)
| ipdashc wrote:
| > Am I the only one
|
| Nope, I've heard others mention it before as well. I subscribed
| to the newsletter at one point and I don't think I've gotten a
| single useful technical article (which is fair, that's not
| necessarily his niche), but I have gotten a bunch of emails
| that just doxx random people.
| santoshalper wrote:
| I don't see how you're going to catch people like this without
| doxxing them. They rely on opsec and misdirection to avoid
| getting caught. Do you have examples where the information was
| gratuitous?
| chmod775 wrote:
| I'm specifically speaking of what he chooses to include in
| his articles.
| simoncion wrote:
| The following isn't really directed at you, but are more
| general questions for the folks who are throwing around
| doxxing claims:
|
| When the has-never-been-sealed Federal Grand Jury indictment
| that the article links to has the fellow's full name and
| alleged area of operation during the alleged crime, is
| publishing their full name in your article doxing them?
|
| If it isn't, is providing screenshots of their publicly-
| available Facebook profile photos doxxing?
|
| Is providing the presumably-willingly-given-for-publication
| name of the person's mother who you performed an on-the-
| record interview for the topic of the article doxxing?
|
| Is it doxxing to provide details from previous investigative
| articles that you've done into folks who use their handles to
| credibly publicly declare that they've committed noteworthy
| computer crimes?
| dtgriscom wrote:
| Agreed:
|
| > The profile photo on Wagenius' Facebook page was deleted
| within hours of my Nov. 26 story identifying Kiberphant0m as a
| likely U.S. Army soldier
|
| Translation: "People pay attention to me!"
| dotty- wrote:
| I don't get that at all. I understand this to point to an
| attempt at scrubbing information that could lead back to him
| personally -- but done poorly as Krebs pointed out that other
| personal photos continued to exist on the Facebook account
| afterwards.
| otterley wrote:
| Perhaps he believes that humiliating criminals and exposing
| their related actions is a good way to dissuade others from
| committing such crimes. (We'll never know what he prevented, so
| it can never be proved.)
| sofixa wrote:
| > humiliating criminals
|
| More widely, the US "justice" system is wild and much more
| concerned with vengeance than actual justice. What criminals?
| We have someone who was indicted. The guy might be completely
| innocent, but his name will forever be plastered around the
| internet as a "criminal" to be humiliated.
|
| In other developed countries, there is a presumption of
| innocence which also applies publicly. You're kept (pseudo)
| anonymous until sentencing, to make sure no innocent people
| get labeled as criminals.
| tptacek wrote:
| Could you be more specific about the personal details he's
| including that you find creepy? Are they things a major
| newspaper would include? That's Krebs' background.
| chmod775 wrote:
| Pretty much everything. From his name, to his mother name and
| birthplace, photos of him as a teen, etc.
|
| Especially for young people the _decent_ thing to do is to
| not name them in this kind of reporting.
|
| Now not only he, but also is his mother, have to live with
| this article being the first result when you google either of
| their names. What did his mother do to deserve this? Should
| something he (possibly) did as a teen haunt him for the rest
| of his life, even assuming he is found guilty and served his
| sentence? It's absolutely disgusting and despicable.
|
| > Are they things a major newspaper would include?
|
| Yes. If they're the Daily Mail, which is the bottom of the
| barrel. There's a special place in hell for some of those
| journalists.
| tptacek wrote:
| The position you're taking here is that "young" suspects in
| crime reporting should be unnamed? If so, what's an example
| of a newspaper that respects that norm?
| chmod775 wrote:
| Nearly every news organization in Germany (even for adult
| suspects and convicts)[1] will rarely publish names, and
| also many of the more reputable ones in Britain will
| weigh public interest against privacy as a matter of
| policy. At least in Scotland it is even illegal to name
| suspects under 18.
|
| You'll find mention of the issue in many journalistic
| ethics codes, and many newspaper's policies. For a US
| example from the SPJ's Code of Ethics[2]:
|
| > Balance the public's need for information against
| potential harm or discomfort. Pursuit of the news is not
| a license for arrogance or undue intrusiveness.
|
| > Show compassion for those who may be affected by news
| coverage. Use heightened sensitivity when dealing with
| juveniles, [..]
|
| > Realize that private people have a greater right to
| control information about themselves than public figures
| and others who seek power, influence or attention. Weigh
| the consequences of publishing or broadcasting personal
| information.
|
| > Avoid pandering to lurid curiosity, even if others do.
|
| > Consider the long-term implications of the extended
| reach and permanence of publication.
|
| In the UK, for radio and TV, the Ofcom Broadcasting Code
| contains similar guidelines in less straightforward
| language.
|
| [1] https://www.presserat.de/pressekodex.html#ziffer08
|
| [2] https://www.spj.org/spj-code-of-ethics/
| mr_luc wrote:
| He's 20, right?
| simoncion wrote:
| The article claims that this is true, yeah:
|
| > Federal authorities have arrested and indicted a
| 20-year-old U.S. Army soldier on suspicion of being
| Kiberphant0m...
|
| The article also claims to have spoken on the record with
| the accused's mother, so I have no reason to doubt the
| article's claim about the fellow's age.
| chmod775 wrote:
| Likely 18 and 19 when most of this happened, but him
| barely not being legally considered a minor doesn't make
| the ethics of this much better.
| tptacek wrote:
| I think I'm on safe ground saying printing the names of
| criminal suspects is a longstanding norm in American
| print journalism.
| chmod775 wrote:
| It is. Comparatively it is even very common in most of
| the Anglosphere, however not for lack of trying by more
| ethical journalists. If you search for "the juvenile
| suspect" on google news, you'll get plenty of hits for US
| newspapers (and occasionally police) applying some
| consideration.
|
| In the west, English speaking countries are the odd ones
| out: For example in Germany, Poland, Sweden, the
| Netherlands, Finland, Switzerland, Austria, and France,
| identifying suspects (not just juvenile ones) is either
| uncommon or even forbidden by law.
| kasey_junk wrote:
| It's actually an open discussion in journalism ethics.
|
| Many news organizations won't name juveniles even in
| jurisdictions where it is allowed.
|
| Other guides will be based on the nature of the crime.
|
| Most wire services for instance now don't name suspects
| for "minor crimes". Here is the ap announcement on the
| topic: https://www.ap.org/the-definitive-source/behind-
| the-news/why...
|
| Note that their argument tends to be around the biasing
| impact on the persons life. As they are unlikely to
| follow up on the criminal outcome there won't be a chance
| to clear the persons name.
|
| In this case I think Krebs is on solid ground as it's a)
| not a minor crime b) he can later follow up.
|
| But it's certainly not an area that is black & white.
| WarOnPrivacy wrote:
| > tendency to include lots of personal details (of suspects and
| people he doesn't like) in his articles is weird and creepy?
|
| I think it's weird and creepy when LEO eagerly distribute
| suspects' personal details (via PR, website, etc). Which they
| seem to do at every possibility - even if doing so doesn't
| advance community safety in a demonstrable way.
|
| Journalists, however, have a duty to honor their extra 1A
| protections by holding the powerful to account. I believe a
| default position of including identities in a story helps
| insure that the powerful are known when they behave badly.
|
| It's an imperfect default but I think it's better than every
| alternative.
| blueflow wrote:
| How many days have passed since he last doxxed the wrong person
| by accident?
| smrtinsert wrote:
| "I know that young people involved in cybercrime will read these
| articles," Nixon said. "You need to stop doing stupid shit and
| get a lawyer. Law enforcement wants to put all of you in prison
| for a long time."
|
| I think law enforcement types are just built differently.
| Fearless even when threats are being made against them.
| boogieknite wrote:
| "Allison Nixon has three passions, tracking down bad guys,
| growing tomatoes, and making puns." -
| https://www.unit221b.com/leadership
|
| i think i could have guessed 2 and 3 at a glace. if Allison
| speaks like this all the time she needs her own tv show
| spooky777 wrote:
| The recent arrest of a U.S. Army soldier accused of extorting
| AT&T and Verizon highlights a troubling misallocation of
| resources by law enforcement, especially when juxtaposed against
| critical nation-state cyber threats. While prosecuting such
| crimes is necessary, it diverts attention from larger systemic
| vulnerabilities, such as the recent breach of the U.S. Treasury
| Department and nine major American telecommunications companies
| by Chinese state actors. These breaches granted access to
| sensitive communications and revealed the glaring weaknesses in
| American cybersecurity infrastructure. Corporations like AT&T and
| Verizon, entrusted with protecting sensitive data, have often
| failed to implement robust defenses, leaving systems exposed to
| exploitation and forcing law enforcement into a reactive cleanup
| role.
|
| This misdirected focus is particularly concerning given the
| escalating geopolitical tensions and the strategic importance of
| cybersecurity in national defense. Nation-state actors like China
| are leveraging advanced capabilities to outpace U.S. defenses,
| eroding trust in American institutions and diminishing global
| standing. With the potential for conflict over Taiwan and other
| critical flashpoints, resources spent on low-value cybercrime
| cases should instead fortify critical infrastructure and counter
| nation-state threats. A proactive approach is essential to
| prevent breaches, hold corporations accountable, and ensure the
| U.S. remains resilient in an increasingly volatile cyber
| landscape.
___________________________________________________________________
(page generated 2024-12-31 23:01 UTC)