#doingitrite: Tips on Staying Anonymous

Over the past month, we’ve witnessed a heap of Anons getting v&, most notably sup_g, Kahuna and W0rmer.

The only positive to come out of these arrests is that all Anons should learn not to be so easily socially engineered from now on. sup_g, Kahuna and W0rmer all contributed a lot to the cause and they will not be forgotten – but in spite of their talents, they left glaring clues to their identities all over the web. The feds didn’t catch them by using l33t whitehack skillz – the Anons effectively unmasked themselves.

Anyone who’s serious about remaining anonymous should learn from these indictments to avoid making the same mistakes. It doesn’t matter how good a hacker you are – if you’re DM’ing pictures of yourself to femanons, you might as well just hand yourself in to the feds now.

For future reference, these are the Anons’ fatal mistakes, as highlighted in their indictments:

Kahuna allegedly:

• Used ‘anonJB’ as one of his IRC names – JB are his real-life initials

• Continued to operate as ‘anonJB’ after being correctly doxed in September 2011: http://pastie.org/2477266

• Hacked websites using his work IP

• Had Facebook, Gmail, Twitter and YouTube accounts in his real name. These revealed his Anon sympathies IRL, including a link to an Anonymous educational video: http://www.youtube.com/user/jborell3

• Retweeted Anon accounts from his own real-life Twitter (no crime, but hardly a smart move when you’re also an Anon)

• Mentioned on IRC that his dad was a lawyer (the chat log was later leaked)

• Accessed the @ItsKahuna Twitter account on occasions using his home IP

• Tweeted news of his neighbors installing a new WEP router that he was accessing

• Tweeted as @ItsKahuna to say he was fixing his friend’s computer. The IP address this tweet was posted from matched one of his Facebook friends IRL.

• Fucked up and allowed details concerning his computer host to be revealed on air – he then DM’d KSL TV to ask for this incriminating evidence to be deleted from later broadcasts.

• DM’d pictures of his face to @anoncutie. All of Kahuna’s tweets, DMs and IP logs were later revealed when feds subpoenaed Twitter.

• Admitted in a DM to @missarahnicole the date of his 21st birthday

Full indictment: http://www.scribd.com/doc/89670544/Indictment-and-Complaint-against-Anonymous-hacker

W0rmer allegedly:

• Posted CabinCr3w and W0rmer photos of his girlfriend’s boobs – complete with iPhone geo-data that led to her home address.

• W0rmer’s girlfriend, @MissAnonFatale, revealed in a DM to @ItsKahuna that her and W0rmer would get married once he’d arranged his passport & visa to Oz.

• W0rmer posted a screenshot of a botnet he was running. In the background, his Skype and IRC user names are clearly visible in the applications he is running

• Signed off on a forum post with the words “Higino Ochoa – AkA wOrmer” << facepalm.jpg

• Broke into Texas PD’s website using his neighbor’s wireless – but without trying to mask his IP

• His Facebook account publicly revealed that he was in a relationship with a girl in Australia. This girl could then be linked to him via the EXIF data on the Cabin Cr3w photos and by her own Anonymous Twitter account.

Full indictment: http://cryptome.org/2012/04/usa-v-ochoa-complaint.pdf

sup_g allegedly:

• Used various nicknames on IRC, but allowed himself to be addressed by all these nicknames in chats with Sabu, thereby linking him to all his online personas

• He regularly admitted on IRC which other nicks he used, when quizzed by others

• He gave out personally identifiable info on IRC – such as admitting that he’d had activist mates who’d been arrested at a specific demonstration. sup_g’s twin brother was one of those arrested.

• He also admitted on IRC that he’d been arrested at Republican National Convention in 2004, and confessed to having done time in federal prison

Full indictment: http://www.scribd.com/doc/84134934/Hammond-Jeremy-Complaint

********************

All of these Anons would still be free if they hadn’t given out so much personal information. It wasn’t failed proxy chains or Tor relays that did for them; nor was it deep packet inspection or ‘no log’ VPNs giving up logs – for the most part it was simple social engineering.

At the risk of stating the obvious: if you’re doing illegal shit online, *stay* anonymous. Delete EXIF data, delete old DMs, don’t use Facebook, don’t use Twitter without masking your IP, use an anonymous nickname that can’t be tied to your real-life identity and always assume that chats are being logged and will be published.