Why would anybody self-proclaim to be associated with any group that could even be remotely linked to illegal activity or political dissension? Especially a group colloquially known as a script kiddie haven.
Every time I hear about people getting caught up in stuff like this, I'm reminded of the book "True Names" by Vernor Vinge. As long as nobody knows your real (government) name, you have a degree of safety in cyberspace. But once your identity is known, you become a much bigger target.
For something referred to as cred. This is a mix of social status, proof of skills, and attitude. Gangs use cred as a way to measure the value of their members. A person who brags about doing illegal things is only doing so to elevate his cred. Having street cred is more valuable than money in many circles. Due to how it allows a person to operate within a limited set of rules inside a community. A gang member with a lot of cred can simply do things other members cannot. Such as having first pick at food, housing, vehicles, and money.
Internet cred applies to pen cred surprisingly. If you go down for hacking and do not become an informant, you will find job offers inside the pen for teaching other criminals comsec so they can run their outside drug operations. If they can read about you then it applies to your standings in the pen hierarchy.
That's why prison is never rehab for hackers. They just network with the street criminals and come out super criminals with full cred like Max Vision or the software developer kid here where I live that did a bid for bank fraud, met some gangsters in prison, paroled as a ranking member in their violent dial a dope crew and police have been unable to break up the gang since he joined and took over the comsec and allegedly money laundering for them. They accused him of being able to leak the whereabouts of rivals to his own gang too by social engineering the media and police, plus hacking their blackberries. Strong security knowledge + violent criminal pact with bikers = not good
Good, entertaining read. I get the impression it was sanitized a great deal, because I was sorely disappointed with the lack of technical meat-n-potatoes.
For instance, the author totally glossed over how they recovered the data from his encrypted storage at the end. Was the PC left on and the screen not locked? Cold boot attack? Brute force? Hell, they didn't even specify exactly which crypto software was used.
He fell asleep while he left his servers on. So they simply siphoned the keys from memory. He used some proprietary Israeli made encryption software and FreeBSD, but it didn't matter because everything including Truecrypt keeps your keys in memory when mounted.
Even if his server was off, they could have broken into his safehouse and sabotaged the unencrypted bootloader. Only defense against this is use OpenBSD 5.3 which allows booting from fully encrypted drives, or keep your unencrypted boot partition on a usb stick you carry around.
I wrote a cpl of twitterbots that basically went full provacateur to test the reaction to them during Arab Spring / OWS and find out who is surveilling what, and how they react. Fascinating results, and it seems no one thought "maybe we're being trolled, lets keep some cards close to our chest". But there's a big difference between looking for exploits by trolling and what this cat did.
Honestly? I learned that when you stir up shit you better be ready to be on a lot of lists. I am now very paranoid, like have an airwall and never ever talk politics online scary.
Every time I hear about people getting caught up in stuff like this, I'm reminded of the book "True Names" by Vernor Vinge. As long as nobody knows your real (government) name, you have a degree of safety in cyberspace. But once your identity is known, you become a much bigger target.