"the local FBI wanted to mount a dramatic raid on Ross’ house. Tarbell ... was worried about repeating the mistake made during his first big cybercrime case ... a SWAT team charged into Hammond’s apartment throwing flash grenades, immediately alerting Hammond in the back room, who shut the lid of his laptop, encrypting it forever... Still, the assault strategy remained in place."
So take note - the FBI is populated by the kind of people who enjoy roughing up suspects, even when it harms a larger investigation.
In the first part, it talks about how the agent loves breaking down doors at 6am in his Doc Martens. I.e. loves being a literal jackbooted thug.
My only consultation is that hopefully one day prohibition will be fixed, and these agents will reflect and see their careers contributed nothing of value to the world. That they just caused trouble, like a bully. That countless lives, marriages, children got screwed up due to their pointless actions. I know, probably they'll remain delusional, but one can hope.
There were a whole bunch of articles a while ago about the rise of using SWAT teams for all sorts of arrests. Think from the officers' perspectives - they watch all these movies, they go and become FBI officers, and then they barely get to do anything exciting. So they naturally jump at the chance to do an exciting arrest. I guess there should be some kind of check-and-balance in place on the type of arrest, maybe for some arrests they should need to get a special warrant or something.
I thought to come back to this thread and mention this as well because the more I think about it, the more it disturbs me. Why is the high-intensity SWAT raid so embedded in the FBI mindset that it's the first thing they go for, and even well-reasoned internal pressure isn't enough to stop it?
First, I haven't heard of any suspicions that Ross/DPR was in physical possession of any significant quantity of drugs or any weapons at all, or that he had any history of or inclination towards personally committing violence. So what's the point of the 5AM ninja raid? 4 agents in business clothes swinging by at noon would be perfectly adequate to take him into custody without hurting anybody, destroying anything, scaring the crap out of anybody, or scaring anybody into defending themselves with force against what looks an awful lot like criminal action.
Second, the cybercrime team, the guys who actually generated the evidence needed to find him in the first place, told the locals that they were very unlikely to get enough evidence to convict unless they literally snatched his work laptop out of his hands while he was working on Silk Road, without him even having a chance to press a single key. This was based on their experience in previous cybercrime investigations. They were completely ignored, and a SWAT raid was planned anyways, despite this and the first point above.
WTF FBI? Somebody needs to smack some sense into them over there, tell them that they exist to solve crimes and not play wannabe COD mall-ninjas.
I just hope they make it more real documentary style like "The Internet's Own Boy as opposed to stupid and dumbed down like the Steve Jobs movie. No matter where you fall on the legal/ethical spectrum, you have to admit it's an awesome story.
I seriously cannot imagine a work environment where it's ok for you to be reading this article sans images, but it wouldn't be ok to be reading this article with the graphics.
> When did Wired become NSFW?
More like when did caseysoftware decide to work somewhere stupid.
I work at a generic corporate america job. I've got a generic corporate america boss, and you know what? He wouldn't get any more upset with me for reading an article with that image in it than he'd get upset with me for reading some article so completely unrelated to work on the clock.
Women have breasts. If you work somewhere where images of breasts are more of an issue than you know... not working at work, then maybe you should just not work there. It's not Wired that's at fault. It's your ridiculously backwards employer.
I usually don't respond to trolls but this time I will.
I'm less concerned about my employer - after all we have the post-slaughter Charlie Hebdo cover framed on the wall - and thinking more of female coworkers. In case you haven't noticed, there is a huge "women are oppressed!" theme being pushed.
True or not, something like this is likely to set them off and result in negative consequences for you.
Without image: A quick glance and they'll see IT words and won't care.
With image: A quick glance and OMGWTFBBQ FIRED!
At least in the US the standard around nudity/reproduction is extremely immature. I was helping on a health system once and the user having an issue with part of the system recording reproductive health info, they refused to email/attach screenshots of the problem and had to send it physically in a sealed folder like it was some top secret document.
tl;dr: Ross was a colossal idiot who ignored warnings about the shoddy state of his opsec.
I hate to say it, because Ross and I have a few mutual friends, but the guy was an idiot, and it's looking more and more like he deserved what he got for being so utterly stupid.
Calling him stupid seems to kinda miss the point to me. I think it's more that when you're up against the Feds, especially on something so deeply entrenched as being illegal worldwide as distributing drugs on a massive scale, you're going to get caught eventually, because it only takes one mistake. Sure, he was kinda dumb and made a lot more than one mistake, but how much better could anybody here do? Enough to keep the Feds away for how long, exactly? Another year or two maybe?
I kinda sympathize with his position in a way. He was clearly in over his head both on the technological front and on the administration front, despite making piles of money. When that happens in a normal business, you hire some help. But how do you find help to hire for such a massively illegal operation? Finding anyone who could be trusted is a tough problem, much less someone who can be trusted and also has strong technical skills.
Yeah, I don't have that urge. My spending hasn't increased [with the exception of what I spend to help my SO out when she is unemployed] since I started making $40k, let alone what I make now.
Kim Dotcom is "kicking it" about as well as Julian Assange is. It's not like he's hidden somewhere. The authorities know exactly who he is, where he is, how much he owns, and how to get it. They're just sorting out the court procedures to make sure they get all of it.
In any event, Ross was running something somewhat more illicit than Megaupload. His opsec probably should have been commensurately better.
What always gets me is how (in this situation) he would ever operate a laptop that was usable without being plugged in... If he had simply removed the battery and kept the thing plugged then the laptop would have powered off immediately after it was grabbed.
That would have been an improvement, but even basic computer forensic gathering knowledge would get around this without trouble. What he needed to do is keep his sensitive files encrypted separately from his laptop login. Like on a USB drive encrypted with GPG and a nice long passphrase.
Even then, the FBI grabbed him with his laptop logged into the management interface for Silk Road... So he still would have been in some hot water.
Maybe. For stuff like the personal notes you're keeping on a criminal conspiracy, a flash drive might be fine. But I'd be very skeptical of storing, say, the PHP source code to the Silk Road on a flash drive or SSD, because the internal data structures of the SSD could leak information about the sizes of individual files. If the feds can recover the sizes of individual files, rounded up to the next multiple of 4K, and you've got the PHP source code for the Silk Road stored there, it's game over. The same goes for filesystem encryption, like the kind ZFS (I think) has.
(I'm not personally familiar with ZFS, but the ZFS docs, especially https://docs.oracle.com/cd/E26502_01/html/E29007/gkkih.html#... really creep me with regard to this. The last thing you'd want is blocks in your local encrypted copy of PHP source code to be compressed first. And so then you'd think you'd want encryption enabled on a pool, but from reading the docs it seems that feature merely makes the filesystems on that pool inherit that encryption option, instead of doing some sort of filesystem-blind block-level encryption, where there's any variance in the encryption of blocks, or any information that could be derived from locations of blocks. So I think the suggestion to encrypt on a directory-by-directory basis to limit your exposure is not a very good one. I'd recommend that you use a spinning hard drive, whole disk encryption of the sort we have today, take out the battery, and keep your foot by the power outlet.)
If the laptop turned off and the drive was encrypted by what basic method could they extrapolate the same information as if the computer was decrypted and powered on? Are you referring to some kind of memory attack? Wouldn't they need to be prepared to do that kind of forensic work in the extremely near term (or have some equipment on-hand to preserve the memory at least)? I'm pretty uninformed in this area and would appreciate a lesson.
You wouldn't turn off the device, particularly if you thought that turning it off could make you lose access to information.
That can be achieved by (1) transferring the machine to a portable battery unit without interrupting the power feed from the AC wall adapter and/or (2) imaging the machine's memory and mounted drives in-place.
These are things the FBI has in its toolbox, precisely because "yank the power cable" is how many criminals rely on protecting their otherwise encrypted data.
Why would the LEOs unplug the device? They'd use one of those power transfer gadgets to cutover to battery and keep it running. Same as with desktops and servers. They can just grab him, not necessarily the device.
The idea is that typically people expect a laptop to remain powered when the cord is unplugged (due to the battery), and so in a situation where the laptop is grabbed the power is cut immediately (and unexpectedly) and the hard-drive is no longer decrypted. As another commenter pointed out, a forensics team could then probably grab whatever they needed from the system memory (presuming they acted fast enough), but as I understand it the problem becomes significantly more complicated.
Eh. I dunno. When you get in that deep it kinda feels like it's an inevitability, one way or the other. I hate doing it because it's almost cliche at this point, but Avon Barksdale has a pretty good point:
"Comin up the way we did, you know, you kind of expect that. Waitin on it. See, the thing is, you only got to fuck up once. Be a little slow, be a little late, just once. And how you ain't gonna never be slow? Never be late? You can't plan through no shit like this, man. It's life."
Notice that even the two agents caught stealing from Ross thought tor as secure
Also notice that most criminals are dumb and send their drug shipments through regular mail or air mail..very stupid..and also notice that those shipments tipped off LE..
Take-way anonymous is only secure at its weakest link..the weakest link here was the physical drug shipments..that will never be secure..ever
So yes, in retrospect he made some very basic errors. That said, it's pretty easy to call someone stupid after reading a long-form piece informed by a full indictment of their crimes produced by an intergovernmental criminal investigation and subsequent trial.
I have no experience in the matter, but I imagine that being the kingpin of such an organization tends to pull one's head in so many directions that it's easy for smart people to do dumb things unknowingly.
So take note - the FBI is populated by the kind of people who enjoy roughing up suspects, even when it harms a larger investigation.