Does this go to show that authorities needing backdoors to everything in order to do their jobs is actually kind of nonsense?
The article is exaggerating the guy’s setup way too much. Opsec doesn’t end at the application level… The OS (the most popular being in bed with US), ISP, tor nodes, Honeypot VPNs, so on and so on could leave a trail.
Using telegram public groups and obfuscating a calculator as a password protection layer is hillbilly level of security.
And i’m glad these fuckos don’t have the knowledge to go beyond App developers marketing.
Yeah, it does. Perfect opsec is impossible even with encryption.
Heard about a guy doing insane opsec when selling on the dark web (darknet diaries podcast).
In the end he got busted because a trusted member if his operation got lazy and ignored his rulesEdit: This guy was essentially
Leeching internet via a directional antenna from a neighbour that was significantly away
Not allowing any visitor in with a cell. You had to keep it outside
All drug related actions are done in a cleaned down room.
Tripple sealing dark marketplace orders, wiping everything down with corrosive fluids to destroy any sort of dna material
Not going to the same post office in (I believe 6 months) and only sending of 3-6 shipments at onceI hope I got it correctly. Please go listen to the episode: https://darknetdiaries.com/episode/132/
Reminds me of the lulzsec leader dude who exposed himself by logging into IRC once without tor on.
Then he folded instantly and became an informant for the FBI to stay out of jail lol.
In the end its really about tradeoffs. You can’t be an expert in everything so you need a team if you want to do anything big, but Cyber criminals are still criminals. They don’t trust each other which is what ultimately leads to their downfall even if they do all the implementation and tech part right.
deleted by creator
deleted by creator
Neither Tor nor end-to-end encrypted messengers will cover the endpoints. It’s possible that they caught him using good old fashioned detective work. You don’t need a software back door for that.
Please don’t talk about child predators, and use the term “back door” in the same sentence. It ain’t right…
we’re talking about encryption here, not…that. please get your mind out of the gutter
If you distribute encrypted materials you also need to distribute a means of decryption. I’m willing to bet a honeypot was used to trick him into distributing his csam right to the government hinself.
He didn’t use encrypted everything. He had a public telegram group chat in which he stored a lot of his material. Which, as many people in the comments on the article pointed out, is not encrypted, but is presented by telegram as if it is. That’s likely how they caught him.
To be clear, it’s encrypted*.
* If you enable it
There is no point in encrypting a public group chat since anyone can join and decrypt it anyway.
This whole thing is horrifying, but the last paragraph is especially disturbing:
Since Herrera himself has a young daughter, and since there are “six children living within his fourplex alone” on Joint Base Elmendorf-Richardson, the government has asked a judge not to release Herrera on bail before his trial.
Even more disturbing is it said he was also producing content.
Where is the police brutality when you need it?!
As satisfying as it may seem we can’t do this. No group no matter how heinous should be abused by the police. Don’t give the pigs an inch.
Let him be convicted then see what gen pop has to say about it.
It seems irrelevant whether this person is using encrypted channels if they failed to maintain anonymity. If they distributed material and leaked any identifying info (e.g. IP address), then it would be trivial for investigators or CIs to track them down.
It sounds like he created material, not only AI but actual children then distributed it. The tools to track down the creators of CASM is only getting better.
A single legal image of any of those children posted to social media is going to allow algorithms to make the match and its routine detective work from there.
It only takes one child to talk. No amount of encryption is going to stop that.
i watched some documatnary about hackers, and usually, they catch them because they talk way to mouch about themselves.
This dude wasn’t a hacker by any stretch
i believe thats a given…
When my mother got breast cancer, my Facebook page suddenly filled up with ads for laetrile and quack clinics across the border in Mexico. Even though I know better, I might have grasped at straws had it come to that. Thankfully it didn’t, but I love my mother and Facebook was happy to sell that vulnerability to advertisers.
And the thing is, I had never posted about it. My two sisters had used the chat feature to discuss it, and FB made the connection.
That was the moment that privacy and encryption became important to me. Most encryption services have probably been infiltrated by the feds to some degree, and I can live with that. It’s the corporations I want to hide from.
Removed by mod
its way more likely that your mom searched for cancer related information on google. and you are connected to your mom, so you get ads as well.
I get the feeling this thing, I mean, the ad targeting is far stronger in the USA (maybe also in europe) than in the rest of the world. My “ad targeting” is idiotic. I once was in brazil (argentinian here!). And got ads in portuguese for a year or so. I was a month planning on buying a computer, with all that that involves (google searchs, looking for prices on internet) and i never got an ad until i actually bought everything, then it was 2 months of ads recommending me to buy the exact same components i already bought.
As today, half of my ads are in german. Jokes on them, i use them to learn.
europe has more complicated laws about privacy and data mining
I dont mean to be snide, but the abbreviation for advertisement is ‘ad’, not add.
Also, using uBlock Origin on Firefox (or its various forks) gets you rid of ads pretty much universally. It’s also a security feature in the post-2000’s internet; lots of malware use ads as an attack vector.
You should not need to suffer through ads - no one should.
I dont mean to be snide, but the abbreviation for advertisement is ‘ad’, not add.
Thank you
The Ars article seems to suggest that they were able to crack his phones pretty easily, which is a bit scary. I don’t see anything about a computer.
Although it doesn’t appear he was actually using any encryption apps to store material; rather, he used a fake calculator app as password protection. Obviously not the brightest bulb in the drawer.
I honestly don’t think he really had any opsec apart from those few applications, look at what tools he was using, what a joke. Fake calculator app to store files are great to protect from your parents, not the FBI.
He was clearly using Android and I bet he was using the stock rom, kyc sim card, and not even a vpn behind tor.
Don’t get me wrong, I’m very happy and relieved he was caught, but if he had done serious research and did a better opsec, it wouldn’t have been so easy for the authorities to get him
actually using a vpn with tor is not a good idea: https://support.torproject.org/faq/faq-5/
true but only if you do : tor > vpn
if you do : vpn > tor in this order, it’s way more resistant, because if the onion node is compromised, it’s the vpn’s ip address that is exposed, not yours
It’s all publicly approved backdoors until feds are planting child abuse imagery on your PC because you spoke out against them in the wring venue. No one will believe you when they do. Currently you can’t trust articles like this, maybe the dude was actually hurting kids. Maybe the feds just needed a win. You won’t ever know, and neither will I so long as the same ideology is in control. Now watch them turn every single kid in the pics into a sex offender because the fed believes if you were raped, you WILL rape someone in the future. But by all means keep enjoying their rage bait.
Damn, thats weird. Are you mentally ill or st?
Well, this person (according to their post history) has schizophrenia, but this could kinda be real and probably also happned, if not recently, probably sometime in history. Of course the stereotype about rape victims actually exists.
Lol, I still don’t know why people like CSAM :v
Lol, it’s a mental illness.
A lot of it out there and a lot of it was enabled by limp dick society. Looking at you cathlics… Fucking disgusting that you allowed your clergy to do this and even cover up for it. And when people spoke up you ostricized them. Pathetic social behavior.
Imagine when your clown social group is more important than children being raped.
Catholic church sure… But look at any religion.
Islam was founded by a pedobear and Muslim in straight up denial about what is going with child abuse while rich Arabs are traffic humans for funzies.
But that’s over there. Cathlic church is doing this within the US. All of major urban areas have extensive allegations of child abuse for decades. Nothing has been done.
Limp dick boomers would rather act like it never happens. Prosecutors and police are limp dick and too busy killing taxpayers lol
Happens in the other religions wasn’t ghandi raping 13 year old girls and everybody was like no big deal, big man earned his due with “peace” 🤡
Pathetic daddy worship enables this behavior
Prison is too good for anyone who keeps child sex abuse images.
WHO is downvoting you???
People like me, who are against the death penalty on principle. (or even more “creative” forms of punishment people like to come up with in these cases).
No, prison is where this guy belongs. For as long as necessary.Oh, I was thinking something far worst than death. I was thinking something like a torture rack.
saw a headline the other day about the gov’t tracking people on tor using Google ads
I’m still not entirely convinced that tor is as protected as people think it is.
There’s only something like 6,000 exit nodes. It really wouldn’t be that much money for the government to run thousands of them. If you monitor enough exit nodes and enough relays, you can start to statistically tie connections back together with timing analysis.
I don’t know this to be the case for sure but I can’t imagine the government hasn’t pushed towards breaking the security and identifiability of the tor network
I2P has more protection against this kind of analysis.
It’s not as protected as people think it is. This has popped up on headlines for years. It helps, but if someone really wants to find you on there, they can. It’s just not as easy.
