IP online ordering/investigation

[Lift Chief]

This thread has made me realize i don't know jack shit about internet security

 

[Lift Chief]

I downloaded a multiproxy and an ssh accession thing for free from some websites i got on that steroidology post. Will these things actually do something?

 

[Zyglamail]

Re: Re: IP online ordering/investigation

My Evocash account became "under investigation" as soon as I used the email I use for Evocash to accept an IP pricelist. I have never executed any transactions on Evocash before. Perhaps a coincidence, perhaps not.

Just curious, how did you find out your account was "under investigation"? Did you lose access to the account or were you simply warned by evocash? Also I though evocash was off shore and therefor not really accessible by the US gov. Any info appreciated.

 

[BayRidgeNY]

Yes when the server is located within the united states and you have a warrant and federal subpeona it is quite easy - assuming the system keeps logs in the first place. As far as extracting logs from a router or switch, forget it - there is imply too much info generated too quickly so these are frequently discarded. The biggest point alot of you guys seem to misunderstand is that there is a tremendous (nearly impossible) burden in handing a subpeona over to an operator of a proxy/isp in nation which is not bound by extradition treaty to the united states. Basically, there is absolutely no incentive whatsoever for the admin to comply, it is just a waste of his time. This is why computer crackers typically hop around the globe through remote computers - the more jurisdictions their packets transverse, the more impossible it becomes to ever trace them back.

BayRidgeNY: You make some good points, but nearly every potential problem you mention can be addressed adequately by someone with only mediocre computer skills. First and foremost, employ an encyrpted proxy to hide the content of your packets from your isp. If the man is listening, most likely the carnivore box is at your isp. Secondly employ an encrypted webmail account from either hushmail or cyber-rights and never, never, never open any attachment sent to you by anybody.

If you are truly intrested in good computer hygiene, then ditch windows. Every lame attempt by the feds to implant key-logging worms on your computer is based on the assumption that the target is running some flavor of windows. Since PGP and similar clones have become so widespread, the feds are really desparate, since they cannot crack your public key, they have to attempt to recover your pass phrase by attempting to place a key logging trojan on your computer. Again if you simply ignore all email attachments you'd normally be safe. It seems now however, the feds now may legally break into your house and attempt to place software of your machine without you knowing (and with very little oversight from the judcial branch). If they see your computer is running a securely configured linux or bsd distribution, they're fucked.

If you use AOL (even if you don't use their email) a key logger can be installed without you downloading anything, and its not just a logger it grabs screenshots and can easily forward files etc. Same goes with other ISP's that have you download apps. There are other ways they can have it on your machine without entering your home, just to many to list.

The same people who fall for these secret email programs fall for those programs that claim they will erase all your data off your hard-drive and fall for the $199 debugging machine.

The good old way of face to face and dealing with people you know and have a track record is best, and even then chances are there is a wire somewhere laying around.

 

[icelandic]

[Q]I downloaded a multiproxy and an ssh accession thing for free from some websites i got on that steroidology post. Will these things actually do something?[Q/]

If you mean www.anonymizer.com, no they are not nearly as anonymous as they claim to be - they keep logs for several months and are affilated with a major defense sub-contractor, I'm very wary of their 'services'. Secondly, don't place too much trust in any free anonymity service, remember bandwidth costs money.

Multiproxy works by 'bouncing' your packets through a series of open http proxies (ports 1080 or 8080). This can help to mask your ip address, but as mentioned numerous times, the real threat is located at your isp - the feds have computers which filter packets lookig for keyword or even certain email addresses. As long as your outgoing packet streams are transmitted in the clear, they can read everything you send and see everywhere you visit. This is why encryption is so vital in today's post 9/11 suveillance state.

Just in case anyone mentions freedom.net, up until october of 2001, this company ran the most airtight and state-of-the-art anonymity network in the public world. They killed this service shortly after the 9/11 tragedy citing 'lack of profitabilty'. The orignal service was constructed in such a way so that even they could not decrypt and trace packets back to their point of origin. The service they offer today is not anonymous!!! If you read the fine print, it clearly says that they keep logs and will make those logs available to law enforcement when deemed nessecary.

 

[plornive]

Re: Re: Re: IP online ordering/investigation

Just curious, how did you find out your account was "under investigation"? Did you lose access to the account or were you simply warned by evocash? Also I though evocash was off shore and therefor not really accessible by the US gov. Any info appreciated.

I suddenly couldn't log in.

When one enters an incorrect password, I think red letters appear somewhere in the refreshed login screen. In this case, the letters say something like "Account is currently UNDER INVESTIGATION" (*they* put it in caps). I emailed them and they said the investigation might take a while and mentioned a few other evocash account numbers (neither of which are of any sources I know of).

The only two reasons I can think of are my IP and sent/received emails. I don't think my IP would tell them anything useful, so I assume they sniffed some emails between me and a source. Before I emailed IP, my Evocash account was fine. Within two weeks of emailing IP and not any other sources, my Evocash account was under investigation. Kind of makes me nervous, even though I am not under jurisdiction of US laws.

 

[SeanC1123]

your account was probably under investigation because you entered the wrong password multiple times--

when you do this the server might think you are trying to hack someones account and disable it temporarily--

stop worrying.

 

[Bill2k]

What bullshit

This has got to be the biggest bullshit thread ever.

My gym buddy told me...

How the fuck would your gym buddy know ?

Does he work for the fbi ?

Wake the fuck up idiots.

 

[Juice Authority]

Re: What bullshit

This has got to be the biggest bullshit thread ever.
My gym buddy told me...
How the fuck would your gym buddy know ?
Does he work for the fbi ?
Wake the fuck up idiots.

I couldn't agree with you more!!! The guy who started this thread, CNI, is a complete MORON! He's been preaching this FBI/DEA bullshit on a lot of other threads too. It gets old after awhile.