Guest post by Taunting tweets, provocative pics, iPad-spam chats — InfoWorld’s JR Raphael sheds light on the stupid slip-ups that led to five recent high-profile hacker arrests. ‘Clever as they often are, hackers can turn boneheaded pretty quickly and slip up in silly ways, leaving authorities a virtual road map pointing right to their doorsteps.’
This thing remind me of the guy who hacked Valve’s servers and put the HL2 source on torrents. After some times he contacted Valve staff telling them that he was the hacker and that he wants to be employed at Valve.
If you hack something, make damn sure you don’t leave any traces pointing to you. Bragging about what you’ve done is stupid. Not hiding ip address is stupid. Leaving traces in logs may be stupid. Anything that has the slightest chance to connect you with the “crime” is stupid. And hacking without a reason is stupid, too.
Most of the guys which are being caught hacking are just skiddies running some tools they found on the net. To be a successful hacker, you need to think a lot about your personal security.
Yea, a sophisticated hacker can get the job done AND point all the evidence to another victim’s machine.
People always assume digital evidence is solid proof, but it’s usually quite easy to forge digital evidence. It really wouldn’t be too difficult to frame a classmate or colleague if one were so inclined.
It’s an excellent reason to fully encrypt your disks whether or not you have anything to hide.
Edited 2011-10-29 03:05 UTC
This is the usual approach.
Erm, excuse me, where do people assume that?
Typical situations in court rooms in Germany: If it’s not on paper, it doesn’t exist. And companies (or individuals) being the tool as well as the victim of hacking activities won’t let their pants down to show their catastrophic IT security situations. Furthermore, ISPs will deny the presence of logs, just in order to convince the public that they don’t store anything (except that they’re storing everything they can get, and nothing will be deleted).
Just a recent event: If a person got mobbed and threatened via “Facebook”, this person cannot act against this. “Facebook” will require a court order to give names and IPs of potential suspects, but the court will require the names of potential suspects in order to provide an order. In the result, the presence of any logs will be denied. “Deal with it” is the typical end of such a story.
While this kind of situation is considered “harmless” (even though it hardly is), spying confidential data, sabotage, espionage illegal storage, selling of address datasets, spamming and so on is something you won’t see very often in a court case, even though it happens every day.
Lesson to be learned: Nobody cares, so why think about hackers? And evidences? Teh Internets with little buttons and things is too unimportant (and complicated) anyways to have an educated look at it. ๐
Weakest part wins. ๐
It’s not about “anything to hide”, it’s about general considerations and common sense in relations to IT. For most persons, the motto is “PC on, brain off”, and that’s the reason why hackers are so successful, even if they are almost as stupid… oh sorry, careless as their victims.