The Hunt For LulzSec's Missing Sixth Member 104
DavidGilbert99 writes "LulzSec's star burnt brightly in the short period it was active, but things quickly turned sour when its core members began getting arrested. Last week three of the six core members were sentenced in the UK, but this only served to highlight the fact that one member of the group, known as Avunit, has been able to remain unidentified despite the FBI having turned the group's leader Sabu into an informant. Who is Avunit? And does he hold the purse strings of the group's Bitcoin wallet which could have up to $180,000 in it?"
As usual, be warned of the horrendous autoplaying video ads surrounding good content at the primary link.
I'm.... (Score:5, Funny)
Spartacus^H^H Avunit
Tough crowd (Score:2, Funny)
How can the first post be redundant?
Moderation is going downhill nowadays...
Re:Tough crowd (Score:5, Funny)
Apparently everyone knows maroberts is Avunit already.
Why link to junk? (Score:5, Informative)
If IBTimes wants to piss people off with autoplay videos, why link to them?
Here's El Reg's version of the same story:
http://www.theregister.co.uk/2013/05/17/lulzsec_analysis/ [theregister.co.uk]
Re: (Score:3)
[...] autoplay videos [...]
Your computer is broken.
Re:Why link to junk? (Score:5, Funny)
Your computer is broken.
It's not my computer, it's a work one, but yeah, you're right, it's running Windows and IE.
Re: (Score:3)
What "autoplay videos" are you talking about? Other than that there is no left margin to the text, the page as a whole was good to read.
Re: (Score:1, Insightful)
Typical American. Oblivious to the social engineering surrounding him at ever living second of his life.
He linked to them, *because that makes him money*! Remember: Slashdot nowadays is an *advertisement* website. There is no such thing as a real actual article. He wrote that, not to warn you, but to make you more accepting towards those ads. Seems like it worked.
Re: (Score:1)
"Here's El Reg's version of the same story:"
Sure, but I was hoping you were going to link to a site that wasn't junk given your post's subject line?
A "bitcoin wallet" (Score:4, Funny)
Captain Pedantic here,
A "bitcoin wallet" has $0 USD in it, by definition.
Excelsior!
Re:A "bitcoin wallet" (Score:4, Interesting)
Another thing about bitcoin: they are trackable. Hard to track, but as I understand it's possible, as every single transaction is logged by the network, and that it is possible to track down the whereabouts of every single bitcoin at every moment in the past since it was mined.
They received some 3,000 bitcoins in donations back in the day, can't those bitcoins be traced to a certain wallet? And - related - can they (or the wallet itself) be anyhow confiscated?
Now I'm the first to admit I still don't really understand the intricacies of bitcoin - my understanding is mostly from reading about it here and on other sites. So I may be totally off, if anyone knows better I'd love to hear.
Re: (Score:3)
You can't confiscate them but you can track them if you know the history of some of the bitcoins in their possession. Problem is that there's nothing stopping someone from passing those bitcoins through a thousand anonymous parties connecting over Tor then trading them with others for other bitcoins before cashing them out or exchanging them for something.
Re: (Score:2)
In this case it's a donation - and I for one would want to make a donation directly to the cause, not via some shady individuals (now in this case the cause itself is shady as well of course). Just to have the feeling that my donation arrives where it's supposed to arrive, and that it's used for what it's supposed to be used.
Now when this avunit guy is going to spend the coins, that's again a different matter. However the suggestion is that little to no of the donations have been spent, and that he's hoardi
Re: (Score:2)
Re:A "bitcoin wallet" (Score:5, Informative)
You've obviously not used Bitcoin a lot.
You can have as many wallets as you like and a wallet can generate as many "addresses" as you want to receive money on. Outsiders have no idea that two distinct Bitcoin destinations aren't in fact the same wallet.
Additionally, only the network as a whole really knows where the transactions are coming from, an individual Bitcoin user doesn't (otherwise it would be pointless!). It's peer-to-peer so somewhere, some peer knows what IP generated that transaction. But without having control of a vast proportion of the whole network, down to the IP level, there's no way to reliably trace anything back to a "real" IP, person, wallet.
Transactions are logged. But with wallet addresses. And you can tell what wallet addresses should have how much money in each. But you can't tell which wallet addresses are the same address, nor where they come from, nor who owns them. A transaction will just appear in the blockchain and come from several thousand peers almost simultaneously who share the information across the network and even the first one on the list isn't necessarily the client who first saw the transaction.
And those clients are private peer-to-peer clients. If my client was the first to see your transaction, you'd have to raid ME to get the IP information from my systems - and what are the chances of a random Bitcoin user having full network traces of all the actions on their network, going back to the transaction you're interested in, by the time you find them?
Transactions are basically sent to random people in the swarm. They talk to more random people and eventually the network all sees the transaction. Finding out which Bitcoin address first saw the transaction is nigh-on impossible even with complete knowledge. Raiding them and finding information on their systems that links back that transaction to an originating IP is incredibly unlikely even if you could do that. And if they used Tor or a proxy to initiate the transaction? You're stuffed.
Even collection of funds? They can publish any number of Bitcoin wallet addresses that secretly correspond to a single wallet and anyone who sends them money will NEVER KNOW where it's going. The transaction goes into the swarm and after a while, all clients agreed that wallet address X has amount Y in it. The total wallet, though, might have several million addresses associated with it and even the last client on the route to informing that wallet of a received transaction won't ever know that it's talking to the wallet holder.
No matter what you think of it as a currency, Bitcoin is a fabulously-designed anonymous transaction protocol. About the only threat is one entity holding 50% of the hashing power, but that just gives them the power to control the block chain, not identify users.
Re: (Score:2)
As a matter of fact I never directly used Bitcoin. I don't exactly trust it as a currency and for various reasons I don't think this is the future; however I find the concept very interesting from a technical pov. As you say it's a very well designed protocol, no doubt about that.
Re:A "bitcoin wallet" (Score:5, Funny)
Because you're not goofy.
Personally, I do all of my transactions in Darknet Credits, which is the new monetary system based on reputation and righteous deeds. I can't actually buy anything, but I'm in on the ground floor.
Wait for the Trackability law (Score:4, Informative)
Well we use to have banking privacy. Banks knew who had the account, but your transactions were secret unless there was evidence of a crime in which case the bank could be forced to hand over the details.
Then as an anti-laundering measure, the data was given to SWIFT, and recorded by them, but that was OK because SWIFT was owned by the banks and would only turn over the data if evidence of a crime existed as they were under Belgian law.
Then the USA grabbed all of SWIFT's data post 9/11 deciding they should see every transaction made in the world.
Then the EU Commission *gave* them the right to receive all EU future data, after SWIFT moved their head quarters and servers from USA to Switzerland. So now the EU obtains the data from SWIFT and sends it to the USA.
Then the USA extracted some data related to tax havens, like British Virgin Islands and handed that to the press and gave all the rest of that data to UK and Australia. At the same time using the press stories to market the 'tax evasion' angle, and override the fact that a lot of privacy laws were broken when they handed private banking data to their allies.
http://www.bbc.co.uk/news/world-europe-22599324#sa-ns_mchannel=rss&ns_source=PublicRSS20-sa
So watch Bitcoin, because they'll declare Bitcoin trackable, and require forced declaration of all transactions to the USA. If you imagine they won't, take a look at SWIFT, if I send money from Belgium to Germany, the record is taken and handed to the USA, and that's despite the privacy law in the EU, and the criminal privacy law in Belgium and the financial privacy law in Germany.
At some point we all became criminals here in Europe, and the EU Commission decided it had the right to waive privacy, and we see 'leaks' of data on 'certain' politicians, but not others, as the USA gets to pick and choose who can be a politician by leaking their banking data to their allies.
Your data too (Score:2, Insightful)
The data leaked to the press was a tiny file of a few gigs, 1%'er stuff about tax havens. The data given to the UK, Australia and USA FBI/IRS, was hundreds/thousands of times bigger and 100%'er stuff.
Your data too.
"I feel here is schadenfreude."
You wish.
Re: (Score:1)
You could accurately say that everyone has obviously not used Bitcoin a lot.
Re: (Score:2)
Given that I'm on a geek website, I was expecting a flurry of corrections, actually. Maybe Slashdot isn't the geek hangout that I thought any more. Maybe we're all just naysayers following everyone else because "Bitcoin is stupid" or whatever.
I've barely looked into Bitcoin myself and don't mine and wouldn't come close to some of the insane setups I've seen documented for mining even if I did.
But:
https://blockchain.info/charts/n-unique-addresses [blockchain.info]
Something like 90,000 unique Bitcoin addresses seen every sin
Re: (Score:2)
Normal people don't stare at Fox News all day and think that everyone outside of the status quo is a raving lunatic either. A very large portion of "normal" people smoke pot in America, as do people who enjoy "deviant" sex. (Not defending child molesters here, but "sexual deviant" is a grossly misused term whose definition only exists inside the speakers mind. To some, anything outside of missionary sex through a hole in a sheet is deviant.)
Some people just like the security and privacy of exchanging mon
Re: (Score:3)
They received some 3,000 bitcoins in donations back in the day, can't those bitcoins be traced to a certain wallet?
You can trace bitcoins to certain wallet easily by inspecting the blockchain (public log of all bitcoin transactions). The problem is, you usually can't find to whom does the wallet belong. If the bitcoins were send trough some kind of mixing/anonymising service which doen't keep track of real-world identities of its users, you are usually out of luck.
And - related - can they (or the wallet itself) be anyhow confiscated?
The wallet can be confiscated (or bitcoins could be transfered out of it) if you know the private keys stored in the wallet. This is very hard unless you have
Re: (Score:2)
Hard? Nah they are easy to "track", the problem is, the tracking pretty much relies on someone being a bit careless.
Thing is, every bitcoin address is a public key, so they are anonymous, anyone can generate a new address. So each new transaction, to a new account, is nearly impossible to "track". You just don't know if the coins changed hands or not, nor do you know which one.
Lets say there are X bitcoins in account A. A new transaction is generated sending Y bitcoins to account B and Z bitcoins to account
Wow (Score:5, Insightful)
Given the general leakyness of the Lulzsec "organisation", this person has done well to remain unidentified.
Re: (Score:2)
Given the general leakyness of the Lulzsec "organisation", this person has done well to remain unidentified.
This's pretty much how Anonymous in total have been characterized from the beginning; < 10 "smart cookies" surrounded by thousands of LOIC armed script kiddies, and everyone including the fibbies gets to have a fun time.
Clever guy (Score:5, Interesting)
Clever guy, he should add this to his resume, should get him far in security firms. He obviously knows very well how the Internet works. Just don't apply to a job at the FBI.
Pity the article is so short on details. How did he do it? Using Tor all the time or so? At least he's using Twitter apparently - and Twitter logs IP addresses. So must be doing something about that.
Re:Clever guy (Score:5, Funny)
Re:Clever guy (Score:5, Insightful)
Yeah and not bragging about his achievements.
Re: (Score:3)
But, but...criminals like to brag! And return to the scene of their crimes! And leave really cryptic riddles that give clues to where they will strike next / who they really are!
Re: (Score:3)
He probably did do some bragging, just securely, by proxy. "Ha! My friend is 31337 u n00b!! Ur gona get pwn3d!!"
Re:Clever guy (Score:5, Funny)
Probably the tried and true method of 7 proxies
The FBI has just cracked 7 proxies. You have to use 8 now.
Re: (Score:2)
Re:Clever guy (Score:5, Insightful)
So must be doing something about that.
Maybe he is fictive? Number three pigs '1', '2', and '4'. And laugh your ass off as the police search pig number 3 for months if not years.
Multiple aliases are better to remain anonymous. When the author is found, there is no way to know if all his aliases are discovered. Undiscovered aliases could be confused as a other person. Even if someone confess there is a sixth person it could be misinformation or plain ignorance.
Re: (Score:2)
Possible. But then, who is still using that Twitter account?
Re: (Score:3)
Someone in it for the Lulz
Re: (Score:2)
Which would imply the account is hacked. I mean, I'm assuming that the individual who set up the account is the AvunitAnon they're looking for - the LulzSec member. It is at least treated as "official" communication channel with that person in the articles. Twitter accounts require a password, in contrast to a typical IRC chatbox where anyone can log in, using any name.
Now with the skills he's shown elsewhere, I'd expect he'd secure his Twitter account as good as technically possible, and I think it being h
Re: (Score:1)
Or he could have given out the details in a chatroom to some random.... misdirection...
Re: (Score:1)
Usernames and passwords can be shared...
Re: (Score:2)
What is a bot?
Re: (Score:2)
If you suggesting it's a bot, then it's a very smart one as it appears to give intelligent reactions.
Re:Clever guy (Score:5, Funny)
Why do you think it appears to give intelligent reactions?
Re: (Score:2)
The story about this in The Register talks about an IRC chat with someone claiming to be AVunitAnon, after which the Twitter user with that name reacted to that, claiming that IRC user was an imposer and not the real one. That's not something a bot can do.
Re: (Score:1)
Re: (Score:2)
I can't imagine those bots have evolved to replying to information on external sites.
Re: (Score:2)
Re: (Score:2)
Nice, that would actually be kind of fun. Always make reference to some member ("Dave") of your group who is the real mastermind behind all of your acts of infamy, then take turns performing various actions in his name. When they come to arrest all of you, offer to turn King's Evidence, and help them catch "Dave," who, after they read through your logs, etc. they will really want. In the final scene, lead them to an apartment filled with weaponry, half-finished pamphlets calling for a revolution against the
Re: (Score:2)
Nice, that would actually be kind of fun.
Yeah, it was a pretty good movie [wikipedia.org].
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
There's any number of ways, it's just a matter of how careful you are.
Control a botnet, use that, make sure the botnet can't be traced back to you.
Use public wifi in random locations at random times. Pretty damn easy to do even if you're broadcasting a static MAC - those sorts of places rarely have proper logs.
Use tor, proxies, intermediaries (shell servers bought with Bitcoin etc. would be hard to trace, etc.). There are any number of ways.
But the important thing is to be careful and watch the trail that
Re: (Score:2)
Re: (Score:3)
If I were to engage in such hacking activity, I'd not use my home/office ISP. Always use some open WiFi, an Internet cafe, Starbucks, whatever.
Maybe even an anonymous prepaid SIM (paid in cash, thethering through a phone bought second hand in cash). And after the SIM is empty/expires, buy a new one and trade in the phone for another one. And again do not use the phone at home, but always on the move, sitting in some random park, etc.
That should take care of the direct-connecting-it-to-a-person part. But in
Re: (Score:1)
He most likely probably already works in some area like that.
I'm sure there was supposedly some dude in Lulzsec who was ex-military.
I'm not sure if he was one of the ones caught or not. But that is all I know sadly.
Mind you, I could be thinking of someone else, I never did pay much attention to their attention-whoring.
To have been able to evade capture this long, he is either very smart, or doesn't exist. Or both.
He could just be a ghost, a codename, something agreed upon that is lost to time used to tric
Re: (Score:2)
... he is either very smart, or doesn't exist. Or both.
What? Doesn't exist and is very smart. Remind me to avoid your code.
Re: (Score:1)
Just don't apply to a job at the FBI.
He's already on the team looking for himself.
I blame Firefox, Chrome, Safari, and (probably) IE (Score:5, Interesting)
Why can't browsers tell me which tab or window (let alone frame etc) is playing sound and also offer a way to disable it? It's cause their customers are doing it. Oh well, I woulda expected better from Firefox.
Re: (Score:3, Informative)
Re: (Score:2)
You can disable sound in Opera.
This is a nerd site, right? (Score:5, Informative)
As usual, be warned of the horrendous autoplaying video ads surrounding good content at the primary link.
Not a problem if you're running adblockers, noscript etc.
I opt IN for ads on the sites I wish to support, and I which I believe to be safe.
Re: (Score:2)
Block all ad's.
What is worse is a lot of this crap is coming with spamware payloads.
Re:This is a nerd site, right? (Score:5, Insightful)
Support, agree.
Safe, not. The site does not bring the ads themselves, some external ad broker does this. And with many well known ad companies compromised, no matter how well you trust the site and it's webmaster, I doubt there is any ad network that can really be trusted.
The 6th member is... (Score:1, Insightful)
an FBI agent provocateur responsible for directing this false flag operation to discredit online "hacktivism" everywhere. Look at the changed opinions on slashdot of "anonymous" before and after Lulzsec.
You mean online hacktivism had any credit? (Score:2, Informative)
To anyone with any level of maturity "hacktivists" come across as nothing more than immature glory hunters trying to get noticed as they attempt to stick it to The Man and who simply make life difficult for the 99.999% of normal internet users who just want go about their fscking business without some teenager going through the standard issue rebellious phase trying to DDOS some corp because in his tiny mind he's making some highly original and deeply profound protest.
Re: (Score:2)
I have no real opinion here but heh, you just supported GP's point. :)
Re: (Score:2)
Not really. I thought anonymous were a bunch of jackasses from the start. Its hard to take seriously a bunch of kids who wear the mask of a character from a comic - sorry , "graphic novel" - in an attempt to seem mysterious and ineffable. The irony was obvious lost on them.
Flashblock (Score:2)
>As usual, be warned of the horrendous autoplaying video ads surrounding good content at the primary link.
As usual, I have added img.ibtimes.co.uk to the blocklist.
What autoplaying video?
If content providers would stop the in-your-face stuff, I wouldn't need things like Flashblock or Adblock Plus. But they won't, and I won't stop using them.
well.bye.jpeg
--
BMO
I know who it is... (Score:2)
But the feds will never believe me.
House speaker Bohner is actually the 6th member. He is always hanging out in hacker bars and dressing like Neo from the Matrix.
He's still on the loose! OMG! (Score:2)
Re: (Score:3)
Maybe he's the mole.
my guess is (Score:2)
he's at John McAffee's place learning survival and evasion (and comparing recipes for 'bath salts')
Re: (Score:2)
I'd say he's Mike (Score:2)
That is, the real-world version of HOLMES IV's Mycroft. And the NSA's playing right into his hands, so to speak, by building that fantastic new processing center with direct access to all communications and data.
Watch out for falling rocks!
Steve Jobs (Score:1)
Maybe Steve was the 6th?