lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 29 Sep 2011 14:56:21 +0100
From: Benji <me@...ji.com>
To: Louis McCoy <louie@...landlighthouse.com>
Cc: secn3t@...il.com, full-disclosure@...ts.grok.org.uk
Subject: Re: VPN provider helped track down alleged
	LulzSec member

If you use a British/American server for example, it is irrelevant of where
the 'rentee' of that server is. Crime committed on UK/US soil.

If you dispute this line of thought, look at Rustock and Microsoft's
proceedings.

On Thu, Sep 29, 2011 at 2:54 PM, Louis McCoy <louie@...landlighthouse.com>wrote:

>  User location determines Judicial Jurisdiction - how is that irrelevant?
>
>
>
> On 9/29/2011 9:27 AM, Benji wrote:
>
> No, you are wrong.
>
>  Either; the vpn provider complied with court order, or they face the
> legal ramifications of not doing so. User location is irrelevant.
>
> On Thu, Sep 29, 2011 at 2:04 PM, xD 0x41 <secn3t@...il.com> wrote:
>
>> indeed :)
>> but, it is how a proper anon person would operate, well, tht is how i once
>> did...
>> anyhow, it is to broad, and, yes, i qwould never believe in bulletproof,
>> unless i have used it maybe, for 10yrs, thru 10 botnets ;P wich, is very
>> rare but funnily, possible.
>> webhosters, are even more corrupt and better at hiding data.. face it, if
>> the vpn provider had not shat themself, then it would be a non story.
>>
>>
>>
>>
>> On 29 September 2011 23:00, Benji <me@...ji.com> wrote:
>>
>>> 'Abuse' emails and court orders are very different.
>>>
>>> On Thu, Sep 29, 2011 at 1:59 PM, xD 0x41 <secn3t@...il.com> wrote:
>>>
>>>> err, you are limited in those countries dude... id really checkup on
>>>> that ... maybe some but, yea i agree, i dont think any hosting is anon, but,
>>>> i sure know i have kept an anon dedis in past, and was VERY easy to avoid
>>>> handing anything over. Unless they had personally seized from my company, i
>>>> was allowed to basically get away with, and if i want to, again, could do
>>>> the same  'anonymously' and, indeed keep those details, away.
>>>> it is not frigin hard dude, where did Yyou get the idea, that is not
>>>> hard to move a user around boxes :P
>>>>  and rename them, etc etc etc, always change ipv6 tunnels... there is
>>>> somany ways, you obv have not ran a dedicated server in a company
>>>> environment coz boi, they hide nets on legit hostin now, legit apparently*
>>>> companies...and they do it using those simple means, and, even show logs of
>>>> them 'removing and deleting' files of the apprent 'bad user' , this is, a
>>>> whole different level than even needing to deal with cops.. so, you are
>>>> scared too much by laws  wich can be smokescreened.
>>>> Run a dedis, or simply ask a admin, howmany abuse they get, and howmany
>>>> users they actually rm ;)
>>>> you would want this service, on your vps ?
>>>> i surely wouldnt,. i know, with me, if i offer anon, you stay damn anon,
>>>> if you bring cops to MY HOUSE, then i may have to try and, simply keep my
>>>> darn data secure ey ?
>>>> how about that ?
>>>> simple methods, defeat simple plans benji.
>>>> xd
>>>>
>>>>
>>>>
>>>> On 29 September 2011 22:53, Benji <me@...ji.com> wrote:
>>>>
>>>>> Yes they do. If you buy a server in America for example, even if you
>>>>> are located in Russia, they are required by federal law to hand over your
>>>>> details wherever you may reside. I dont know where you've obtained this idea
>>>>> that they can't.
>>>>>
>>>>>  Just because something is advertised as 'anonymous' doesnt mean it's
>>>>> 'so anonymous you can break the law' and anyone using a EU/US-related
>>>>> country to do this is either stupid or naive.
>>>>>
>>>>> On Thu, Sep 29, 2011 at 1:50 PM, xD 0x41 <secn3t@...il.com> wrote:
>>>>>
>>>>>> They advertised as anonymous VPN to 'everyone'.
>>>>>> Then, that would mean, especially NOT locally, thats something wich is
>>>>>> also, subject to federal laws though so, in its own country, the provider
>>>>>> may have to, nomatter whats advertised, BUT outside of country customers,
>>>>>> should not be handed over.
>>>>>> isp's here dont do it, and havent, for like 20 yrs, they also do not
>>>>>> take down people,issue nor execute other peoples 'takedown orders', there is
>>>>>> many reasons for this but basically, they loose money from it.
>>>>>> Anyhow, in UK, you maybe right, but outside of there, then, they
>>>>>> should have maybe not advertised as anononymous vpn services for everyone
>>>>>> and anyone. thats obvious crap we know now.
>>>>>> anyhow, cheers,
>>>>>> xd
>>>>>>
>>>>>>
>>>>>>
>>>>>>  On 29 September 2011 22:45, Benji <me@...ji.com> wrote:
>>>>>>
>>>>>>> Im sorry, why is it 'worrying' that a vpn provider that was a UK
>>>>>>> business and was located in the UK, is subject to UK law?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Sep 29, 2011 at 9:51 AM, Darren Martyn <
>>>>>>> d.martyn.fulldisclosure@...il.com> wrote:
>>>>>>>
>>>>>>>> Again, I hope this does not fail to send.
>>>>>>>> The reasoning behind the "Pure Elite" recruitment channel was A: to
>>>>>>>> recruit some talented people (and, by all accounts, there were some talented
>>>>>>>> programmers there) and B: development and idle talk. Now more interesting
>>>>>>>> was the reasoning behind the name - by putting the developers and coders and
>>>>>>>> potential recruits in a channel named "Pure Elite", it was essentially an
>>>>>>>> ego boost for the new guys, made them feel valued, etc, when in fact most
>>>>>>>> were but pawns to be used (IMHO).
>>>>>>>>
>>>>>>>> This co-operation between VPN providers and LEO, while being nothing
>>>>>>>> new - remember how hushmail caved in - is indeed worrying for those of us
>>>>>>>> who are privacy advocates as well as security researchers.
>>>>>>>>
>>>>>>>> On a more direct note, Laurelei, do not presume that you know all
>>>>>>>> there is to know about them. Doing so would be foolish. (Now don't go
>>>>>>>> assuming that I hate you, I bear you bugger all ill-will, etc).
>>>>>>>> Good day.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Sep 28, 2011 at 5:44 AM, Laurelai Storm <
>>>>>>>> laurelai@...echan.org> wrote:
>>>>>>>>
>>>>>>>>> Its all good dude. What really concerns me is that vpn providers
>>>>>>>>> might give over logs to oppressive regemes. TOR is starting to look better
>>>>>>>>> and better.
>>>>>>>>>  On Sep 27, 2011 11:40 PM, "GloW - XD" <doomxd@...il.com> wrote:
>>>>>>>>> > never did... was only for one buttcheek kid that i was alittle
>>>>>>>>> pissed and
>>>>>>>>> > thinking things wich, prolly were wrong at the time...
>>>>>>>>> > I am adult enough to apologise for what happened back then, and
>>>>>>>>> hopefully it
>>>>>>>>> > is just, cool.
>>>>>>>>> > :)
>>>>>>>>> > cheers, your loved by many, you just have many trollers to :sp
>>>>>>>>> > take care ,
>>>>>>>>> > xd
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> > On 28 September 2011 14:32, Laurelai Storm <
>>>>>>>>> laurelai@...echan.org> wrote:
>>>>>>>>> >
>>>>>>>>> >> Im suprised, someone on the internet who *doesn't * hate me :p
>>>>>>>>> >> On Sep 27, 2011 11:29 PM, "GloW - XD" <doomxd@...il.com> wrote:
>>>>>>>>> >> > Hello Laurelai ,
>>>>>>>>> >> > Oh i agree it is still a terrible precedent to be set.. I dont
>>>>>>>>> even know
>>>>>>>>> >> > where, legally, i stand anymore...
>>>>>>>>> >> > It is rather disturbing, nomatter WHO it was laurela.
>>>>>>>>> >> > I am all for the hatred against the VPN provs, and this is not
>>>>>>>>> just
>>>>>>>>> >> > happening here, and i made a BIG statement about this, and
>>>>>>>>> privacy, in my
>>>>>>>>> >> > channel on efnet, first as i saw it.
>>>>>>>>> >> >
>>>>>>>>> >> > Then saw a torrentfreak feed,of someone who was an owner of a
>>>>>>>>> huge
>>>>>>>>> >> torrent
>>>>>>>>> >> > site, was handed to authorities, not by the hoster, no... but
>>>>>>>>> by the
>>>>>>>>> >> > frigging payment handler, ie paypal or alertpay most likely.
>>>>>>>>> >> >
>>>>>>>>> >> > This is not good, it makes a grey could now over what is
>>>>>>>>> 'anon' and what
>>>>>>>>> >> > isnt. and thats a bad thing for us all.
>>>>>>>>> >> > To much fraud is causing this, thats plain and simple.Abusing
>>>>>>>>> places like
>>>>>>>>> >> > Sony, and, major banks, only make the authorities turn to
>>>>>>>>> politics, whom
>>>>>>>>> >> in
>>>>>>>>> >> > turn can bully with federal and state laws of ANY country, i
>>>>>>>>> think this
>>>>>>>>> >> is
>>>>>>>>> >> > the dangerous part wich is affecting lulzsec members or
>>>>>>>>> whoever was apart
>>>>>>>>> >> of
>>>>>>>>> >> > it, and, i mean efnet is no recruiting grounds for decent
>>>>>>>>> hkrs.
>>>>>>>>> >> > Simple as that, you know it, maybe thru word of mouth ok, but
>>>>>>>>> not alone
>>>>>>>>> >> by
>>>>>>>>> >> > being in channels but that network, is one federal hideout
>>>>>>>>> now..and, that
>>>>>>>>> >> is
>>>>>>>>> >> > every channel, if it is not being spied (yea they have a
>>>>>>>>> module
>>>>>>>>> >> > m_spychannel.c or similar, wich, they actually had without
>>>>>>>>> realising,
>>>>>>>>> >> asked
>>>>>>>>> >> > a friend, to code for them.
>>>>>>>>> >> > This was rejected by me/her,but i believe they have the module
>>>>>>>>> running
>>>>>>>>> >> now.
>>>>>>>>> >> > So, what was to stop them adding theyre own hidden spy mode to
>>>>>>>>> it :s look
>>>>>>>>> >> at
>>>>>>>>> >> > what they did to my old channel #haqnet, they introduced
>>>>>>>>> drinemon and a
>>>>>>>>> >> > bunch of other things, when it could have been simply worked
>>>>>>>>> out with
>>>>>>>>> >> > words.. but anyhow, i will not brood on the past, i hope this
>>>>>>>>> is mutual
>>>>>>>>> >> > Laurelai, I have nothing bad to say about you, and in turn,
>>>>>>>>> expect the
>>>>>>>>> >> same.
>>>>>>>>> >> > Respect for respect dear.
>>>>>>>>> >> > I do agree with you about the situation and, as you can see,
>>>>>>>>> am not
>>>>>>>>> >> holding
>>>>>>>>> >> > 9undisclosed) crappy things wich happened along time ago, over
>>>>>>>>> one
>>>>>>>>> >> idiotic
>>>>>>>>> >> > kid, on efnet, whom now i know you do not associate with. So,
>>>>>>>>> i want
>>>>>>>>> >> that,
>>>>>>>>> >> > to be laid rest now.. please.
>>>>>>>>> >> > And, we can only hope that the greater common sense will
>>>>>>>>> prevail and
>>>>>>>>> >> > hopefully, places will be forced to proove anonymity in some
>>>>>>>>> way, wether
>>>>>>>>> >> > that be by showing people email interaction with requester's
>>>>>>>>> of peoples
>>>>>>>>> >> > info, or anything simple even, wich would be then a standard
>>>>>>>>> for VPN, I
>>>>>>>>> >> do
>>>>>>>>> >> > not use them but, if i bought anonymous vpn, id expect exactly
>>>>>>>>> >> that,without
>>>>>>>>> >> > political interaction and grey areas about who and what is now
>>>>>>>>> legal and
>>>>>>>>> >> not
>>>>>>>>> >> > legal on the internet, on chatrooms, and on even websites.
>>>>>>>>> >> > ok, thats plenty, cheers!
>>>>>>>>> >> > xd
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >> > On 28 September 2011 13:41, Laurelai <laurelai@...echan.org>
>>>>>>>>> wrote:
>>>>>>>>> >> >
>>>>>>>>> >> >> On 9/27/2011 10:10 PM, sandeep k wrote:
>>>>>>>>> >> >>
>>>>>>>>> >> >> Lolz members was really insane ,i m not why to use that crapy
>>>>>>>>> hma.
>>>>>>>>> >> >> On Sep 27, 2011 8:36 PM, "Ferenc Kovacs" <tyra3l@...il.com>
>>>>>>>>> wrote:
>>>>>>>>> >> >> > yeah, and usually the same goes for calling others "kids"
>>>>>>>>> ;)
>>>>>>>>> >> >> >
>>>>>>>>> >> >> > On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD <
>>>>>>>>> doomxd@...il.com> wrote:
>>>>>>>>> >> >> >> #pure-elite , rofl... yes indeed :P
>>>>>>>>> >> >> >> hehe... nice story tho...funny about the elite channel
>>>>>>>>> thing... why
>>>>>>>>> >> do
>>>>>>>>> >> >> ppl
>>>>>>>>> >> >> >> tag themselves as elite? usually when they are not...
>>>>>>>>> >> >> >> ohwell, thats efnut :s (irc sucks)
>>>>>>>>> >> >> >> xd
>>>>>>>>> >> >> >>
>>>>>>>>> >> >> >>
>>>>>>>>> >> >> >> On 27 September 2011 19:03, Darren Martyn
>>>>>>>>> >> >> >> <d.martyn.fulldisclosure@...il.com> wrote:
>>>>>>>>> >> >> >>>
>>>>>>>>> >> >> >>> Hope this sends correctly, new email client and all...
>>>>>>>>> But seeing as
>>>>>>>>> >> it
>>>>>>>>> >> >> is
>>>>>>>>> >> >> >>> an international investigation many people have been
>>>>>>>>> bending over
>>>>>>>>> >> >> backwards
>>>>>>>>> >> >> >>> to assist LEO on this. HMA and perfect privacy were the
>>>>>>>>> VPN's of
>>>>>>>>> >> choice
>>>>>>>>> >> >> for
>>>>>>>>> >> >> >>> them it would appear, oh, and he was part of the
>>>>>>>>> #pure-elite channel
>>>>>>>>> >> on
>>>>>>>>> >> >> that
>>>>>>>>> >> >> >>> IRC server, and hence, considered by LEO and others as
>>>>>>>>> "Part of
>>>>>>>>> >> >> LulzSec".
>>>>>>>>> >> >> >>>
>>>>>>>>> >> >> >>> TL;DR, this is nothing new.
>>>>>>>>> >> >> >>>
>>>>>>>>> >> >> >>> On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm <
>>>>>>>>> >> laurelai@...echan.org
>>>>>>>>> >> >> >
>>>>>>>>> >> >> >>> wrote:
>>>>>>>>> >> >> >>>>
>>>>>>>>> >> >> >>>> And the guy wasnt even a part of lulzsec
>>>>>>>>> >> >> >>>>
>>>>>>>>> >> >> >>>> On Sep 26, 2011 10:37 PM, "Jeffrey Walton" <
>>>>>>>>> noloader@...il.com>
>>>>>>>>> >> >> wrote:
>>>>>>>>> >> >> >>>> > On Mon, Sep 26, 2011 at 8:47 PM, Ivan . <
>>>>>>>>> ivanhec@...il.com>
>>>>>>>>> >> wrote:
>>>>>>>>> >> >> >>>> >>
>>>>>>>>> >> >> >>>> >>
>>>>>>>>> >> >>
>>>>>>>>> >>
>>>>>>>>> http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html
>>>>>>>>> >> >> >>>> > Though HMA claims they complied with a court order, it
>>>>>>>>> looks as
>>>>>>>>> >> if
>>>>>>>>> >> >> >>>> > they facilitated a law enforcement request. The US and
>>>>>>>>> the FBI
>>>>>>>>> >> have
>>>>>>>>> >> >> no
>>>>>>>>> >> >> >>>> > jurisdiction in the UK.
>>>>>>>>> >> >> >>>> >
>>>>>>>>> >> >> >>>> > Jeff
>>>>>>>>> >> >> >>>> >
>>>>>>>>> >> >> >>>> > _______________________________________________
>>>>>>>>> >> >> >>>> > Full-Disclosure - We believe in it.
>>>>>>>>> >> >> >>>> > Charter:
>>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>>> >> >> >>>> > Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>>> >> >> >>>>
>>>>>>>>> >> >> >>>> _______________________________________________
>>>>>>>>> >> >> >>>> Full-Disclosure - We believe in it.
>>>>>>>>> >> >> >>>> Charter:
>>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>>> >> >> >>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>>> >> >> >>>
>>>>>>>>> >> >> >>>
>>>>>>>>> >> >> >>> _______________________________________________
>>>>>>>>> >> >> >>> Full-Disclosure - We believe in it.
>>>>>>>>> >> >> >>> Charter:
>>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>>> >> >> >>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>>> >> >> >>
>>>>>>>>> >> >> >>
>>>>>>>>> >> >> >> _______________________________________________
>>>>>>>>> >> >> >> Full-Disclosure - We believe in it.
>>>>>>>>> >> >> >> Charter:
>>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>>> >> >> >> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>>> >> >> >>
>>>>>>>>> >> >> >
>>>>>>>>> >> >> >
>>>>>>>>> >> >> >
>>>>>>>>> >> >> > --
>>>>>>>>> >> >> > Ferenc Kovács
>>>>>>>>> >> >> > @Tyr43l - http://tyrael.hu
>>>>>>>>> >> >> >
>>>>>>>>> >> >> > _______________________________________________
>>>>>>>>> >> >> > Full-Disclosure - We believe in it.
>>>>>>>>> >> >> > Charter:
>>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>>> >> >> > Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>>> >> >>
>>>>>>>>> >> >>
>>>>>>>>> >> >> _______________________________________________
>>>>>>>>> >> >> Full-Disclosure - We believe in it.
>>>>>>>>> >> >> Charter:
>>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>>> >> >> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>>> >> >>
>>>>>>>>> >> >> >From my understanding they used the channel as a possible
>>>>>>>>> recruitment
>>>>>>>>> >> >> ground, though only 6 people were officially a part of
>>>>>>>>> lulzsec , i find
>>>>>>>>> >> it
>>>>>>>>> >> >> disturbing that law enforcement considers being in an irc
>>>>>>>>> channel
>>>>>>>>> >> tantamount
>>>>>>>>> >> >> to being a part of lulzsec.
>>>>>>>>> >> >>
>>>>>>>>> >> >> _______________________________________________
>>>>>>>>> >> >> Full-Disclosure - We believe in it.
>>>>>>>>> >> >> Charter:
>>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>>> >> >> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>>> >> >>
>>>>>>>>> >>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Full-Disclosure - We believe in it.
>>>>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Full-Disclosure - We believe in it.
>>>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Full-Disclosure - We believe in it.
>>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ