There are better ways to hide. From experience (I work in security), the ones I would use are (individually or combined):
- Have the VPN set up in my router using OpenWRT (the R7000 is great for that) and drop all connections when VPN disconnects (with a script).
- Rent a VPS on a botnet friendly host that accepts Bitcoins (i.e Hostsailor).
- Then do all my shady stuff from the VPS or even better, configure Tor and proxychains on the VPS then use proxychains when doing anything on a remote host.
I think the guy was just lazy and preferred convenience.
You're overthinking this and getting lost in technology. The guy surely did that stuff. What likely happened is that the guy pasted an URL into the wrong browser window.
Having a separate browser that jumps through all the well-audited crypto hoops you want doesn't really help you if you have a native Safari window sitting next to it where you read your gmail.
Sure, and then one day you sit with your laptop in a park on your company's campus and you are accidentally connected to the wrong wifi hotspot and you leak some info that way.
Opsec is hard. Technology can only solve so much, the weak link will always be the wet spongy tissue.
If you're running an operation with international political implications, you don't sit with your laptop in the park. There's "opsec is hard", and there's "you're an idiot".
Do you think these large government agencies with hundreds or thousands of employees are some sort of magical super-organizations where everything and everybody is 100% on, all the time? These are all regular people like you and me working there. We're talking about the world's most organized agencies, yet who put or leave an internet-connected webcam with a default password in front of their building; or hire someone who will copy gigabytes of data and run off with it - and fail to notice; or give their most secret and valuable spyware to an ally who then gets impatient and exposes it with some stupid mistake.
This is not about being an 'idiot', this is perfectly normal behavior to happen once in a few years over hundreds or thousands of people.
I think these are all separate cases. Yes, opsec is hard in general. There's a scale of how hard some problems are to prevent - what you listed is in various places on it. The specific case I responded to with laptop in the park while you're trying to mess with foreign governments would be at one extreme of that scale.
they're all separate cases of people doing stupid shit while working doing this kind of stuff. The laptop in the park was an example of how someone could do stupid shit while working on this kind of stuff, it was of course an example plucked from thin air of one kind of stupid shit one could do and get caught out, not necessarily the stupid shit that actually got him caught. The point is that at least most people, even if most of the time highly competent, slip up some times and it seems this guy slipped up one time which really thinking about it starts to make me suspicious because if you slip up once in hundreds of times why not 3-7 times. why only one time. but anyway the point is intelligent most of the time, stupid once is all it takes to get caught and nearly everyone does it.
And now I'm defending a Russian agent doing stuff I think sucks.
If you're writing mission critical software, you don't scribble all over memory by writing through unvalidated pointers. There's "software quality is hard", and there's "you're an idiot".
What you're asking for, fundamentally, is for people not to make mistakes. You probably don't hold that opinion in your professional life (yeah, I'm assuming you're a programmer). Why here?
There's not even remotely the same magnitude of error between those two cases in my mind. One you can miss by accident, the other you're actively doing.
You are absolutely correct.
People make mistakes. Even very well trained professionals make mistakes.
Incredibly experienced skydivers die.
Industrial safety is tough despite well designed processes and constant training.
Tradecraft slipups happen.
etc etc
The weak link is the human being.
You can prevent this by running Little Snitch and only allowing outbound traffic if you are connected to GRUfi. Hell, Little Snitch even has a mode that blocks all but the core services on your Mac. Do that combined with a router-VPN with a kill switch and a hardened browser I don’t see how you would leak your location.
Edit: you could even configure Little Snitch to ask for permission for every app and domain your Mac wants to connect to. That way you would even catch yourself accidentally surfing to the wrong URL or using the wrong browser.
Yes yes yes - you're completely missing the point. The point is that it's easy to come up with some sort of contained scenario in which you can devise a perfect technical solution for a well-defined problem. But it's hard to get groups of hundreds of people to always behave perfectly according to protocol, every time, everywhere, with not a single slip-up over several years.
The problem is that all of a sudden your side-searches for rash treatments or your checks on your gmail account go through that VPN as well, linking your identities temporally.
Even so it's still likely to type the wrong url/login on the wrong device(i.e by reflex). The only safe choice you have is to not have any "personal stuff"(i.e. personal twitter account).
Possible, I know that a couple times a year but I would think a professional in that situation would use a completely different service for personal use. (I.e. Personal Twitter, Professional Reddit)
The solution to that is to use a password manager, and save all your (randomly generated, long and unmemorizable) professional passwords only on the device that cannot connect into the open internet.
It doesn't even need to be a fuck up. Knowing the scrutiny this hack would trigger means he could've easily left a single connection to a russian IP address as false bread crumb trail for investigators.
Much more difficult to spoof an IP than a phone number. Once you’re behind a NAT, all bets are off, but the public IP has to be routable back to you in order to be usable.
Instead of phone number, think port on the phone company’s switch or a specific pair of wires. That’s hard to spoof.
It’s much easier to spoof a MAC address, which can identify specific hardware associated with the IP address, but that doesn’t make the IP any more difficult to identify.
> I won a free certification course as an EC-Council Certified Security Analyst, and it's the biggest joke I've ever seen. It's such a massive fucking joke that I decided to not even renew my certification for free because it would just have been a waste of time.
I've been in the field for a couple of years. I work for a global corporation with 10k+ employees and most of our team members in the security department are judge on their skills and various other factors and we filter potential candidates with a small CTF. Certs have very little importance for us, but we're the exception. Most big compagnies require certifications and oddly they are the ones getting hacked.
In the field, we all know that EC-Council certs are bullshit. They are, at best, the laughing stock in infosec because their "Ethical Hacker" certification is a multiple choice answer and requires little technical knowledge and no hands-on.
However, there are a few certs out there that need a lot of work and technical knowledge to be learn for passing it, such as OSCP. It might be easy to get for someone with 10+ years but for relatively new comers, it's a really good challenge to tackle. I started with their lab, thinking it was going to be a piece of cake for me but it's more difficult than I expected, which is a good thing.
But I see your point and I mostly agree.
Care to explain why you think intrusion detection is bullshit?
>Care to explain why you think intrusion detection is bullshit?
If they're signature based they're not better than antivirus. I have zero faith in signature based systems.
For the stuff that uses machine learning, I have to admit, I have no idea how that stuff performs. But in general I wouldn't trust a machine learning model to not be fooled.
Edit: Add to that HTTPS, I don't buy any claim that they can spot malware traffic from malware that isn't dumb, and I don't think MITMing all traffic is an acceptable solution.
Anomaly detection doesn't do much better than signature systems do. It finds real stuff, but it "finds" so much garbage that the signal is swamped by it.
I don't know about network detection systems but antivirus heuristics used to be terrific.
You can assign 100 students to develop a trojan for a week. At the end of the week, more than 90% of the software are detected as generic trojan by the antivirus.
> You can assign 100 students to develop a trojan for a week. At the end of the week, more than 90% of the software are detected as generic trojan by the antivirus.
Probably because 90 of these 100 students have no idea how AV heuristics work and what the trivial tricks are to completely stomp them.
I've worked with global retail banks, investment banks, nationwide insurance firms, stock exchanges, power grid operators, biglaw firms, payroll and benefits providers, and a giant global pharma. Not one of them demanded that I or anyone I worked with possess a certification of any sort. I'm confident there are firms that want to see a CISSP --- I'm guessing they're mostly mid-range regional firms --- but it's not a bigco thing.
Pretty much. Unless highly technical (like hardware hacking, Windows internal, reverse engineeeing and such), most courses at Blackhat are way overpriced for the content. Moreover, I discussed with a few guys from FireEye at last year’s conference and they mentioned that they were not getting paid for teaching those course. If true (I’m skeptical) I wonder there that money goes.
I said it before and I’ll say it again, block size increase alone is not sustainable. The BCash boyz are stubborn and in denial. Might work for now but in the long term they will need another fork to increase the block size again and so on. They don’t have a Lightning Network either which is already available on Bitcoin Testnet and proved to be extremely fast (almost instant) at very low cost. I hold both but I’m realistic. I only hold BCash because I know the price is being pumped so I’ll make some money with it.
It looks like the actual block size limit that most miners are using on Bitcoin Cash right now is 2MB, which isn't so much of an increase from Bitcoin at all. (The odd ones out are BTC.com with a 4MB limit and ViaBTC which has the full 8.) The new Cash difficulty algorithm also has an unfortunate tendency to oscillate when there's a sudden change in price relative to Bitcoin's price.
Also, Bitcoin Cash supporters have a habit of... well, frankly, outright lying sometimes. They were still pushing the idea it was faster than Bitcoin back when it was running at hours per block most of the time, and the usual response to people who discovered this was to tell them that the block time varied and was as low as a minute per block. This was technically true - in fact, often an equal number of blocks were produced at the minutes per block and hours per block rate, in alternating 144 block chunks of each. Can you perhaps see the problem here?
Then they can just implement Segwit. I'm not really seeing the problem here. One version of Bitcoin works today, the other doesn't. It's not really that complicated.
It was hard enough to get the support required to implement SegWit on Bitcoin proper, even though it had a far more immediate need for it. Bitcoin Cash was literally founded for the purpose of avoiding SegWit and making the Lightning Network impossible. The idea that all its supporters will suddenly see the light of SegWit is implausible.
Most Bitcoin Cash supporters supported Segwit, they just didn’t support Core artificially limiting the block size to force people to use their proprietary solution and then lying about it.
Trading just started and CBOE is not nearly as big and as active as CME.
Also, trading volume for futures in general is pretty low. You're rarely going to see volume above 100k a Sunday night. Coffee futures have around 23k volume right now.
I’m well aware, it was meant as a data point for anyone not aware who could possibly think for a second their public website going down has anything to do with demand :)
I remember seeing somewhere that they mostly rely on Mountain Dew for hydration and even feed it to the baby, so bad that they have early tooth decay issues. Apparently the amount of people living in trailer parks is huge and constantly growing.
Troubling when you think that this is happening in the US. I saw that kind of situation in central america.
From what I remember and what I can find, that was something that was particularly found in Appalachia, not Alabama (see this article[0]). A quick check on Google maps shows that Alabama is about as far from Appalachia (in West Virginia) as London, UK, is from Hamburg, Germany. So I think it's a stretch to say they're in the same geographic area.
a former co-worker of mine from there used to say that when a tornado touches down in Alabama it always hits a trailer park, because it can't not hit a trailer park
