Kickass Torrents Seized by the FBI

[mehāniskākaravīrs935 24]

So, it would seem the worlds largest filesharing site has been siezed by the US Government. I would love to hear the community's thoughts regarding this.

 

https://torrentfreak.com/feds-seize-kickasstorrents-domains-charge-owner-160720/

 

Should users be concerned their accounts with KAT are going to be traced in a worldwide manhunt?

[zhang888 1066]

The history shows that the downloaders are rarely the target in these cases.

They mostly go after operators and make them a public figure, to discourage others

from doing the same.

[go558a83nk 362]

I don't have a KAT account but it does bother me that my birth nation polices the world so eagerly and thoroughly.  I don't believe they have the right but what do I know.

[LZ1 672]

Hello !

I guess their asses got kicked then. So according to this list that means it's Extratorrent next? Haha. Or is this super well-timed for kim dotcoms comeback with TPB. It's really sad that this copyright malaise is spreading.

 

 

@zhang888

Good to see you again!

[Guest]

If you read through the posts on torrentfreak several things indicate that he wasn't all that good at staying hidden and ended up caught because of it, including security did not seem a priority for him they were able to get access to all the data on the site because they used default webhosting instead of dedicated server and he used the same IP to access KAT facebook and apple account making him traceable.

[LZ1 672]

If you read through the posts on torrentfreak several things indicate that he wasn't all that good at staying hidden and ended up caught because of it, including security did not seem a priority for him they were able to get access to all the data on the site because they used default webhosting instead of dedicated server and he used the same IP to access KAT facebook and apple account making him traceable.

Indeed. It's quite epic how negligent he has been on the security front. Do you think he'll get extradited from Poland? I don't know if Poland tends to do so, but I'm inclined to think he'll get extradited.

[Kepler_452b 77]

The greedy bastards that run Big Media exercise a lot of influence over the US Government via the Democratic Party. That will continue and grow under a deeply co-opted Hillary Presidency. They are a major pillar in US global power by their ability to influence global public opion and world-view with media of their devising (film, music, news). The vast majority of media shown in Europe and world-wide is made in USA. It seems like much of the European Union establishment is willing to submit to US media dominance rather than encourage native-made content.

[NaDre 157]

I could not help wondering how much would it have helped if he had been using a VPN for all of this?

I think not much. If at all. The IP correlations might have tossed up a handful more folks to look at (because of the shared IP address), but I think that is all.

 

Only information kept by services he used was required to find him. Nothing from his IP address provider.

 

What identified him was an iTunes purchase he made using the same IP address as he used on the Facebook fan page, where his real identity was front and center.

 

And he used the same IP address to access his Apple-provided E-mail.

 

Mixing (over the same IP, VPN or not) perfectly legitimate activity with activity that may be more of a concern to law enforcement or would-be civil law suit filers may be unwise? Using the VPN for everything may be a great act of civil disobedience (or something), but perhaps knowing how to split traffic might be a good idea?

[Guest]

I could not help wondering how much would it have helped if he had been using a VPN for all of this?

 

I think not much. If at all. The IP correlations might have tossed up a handful more folks to look at (because of the shared IP address), but I think that is all.

 

Only information kept by services he used was required to find him. Nothing from his IP address provider.

 

What identified him was an iTunes purchase he made using the same IP address as he used on the Facebook fan page, where his real identity was front and center.

 

And he used the same IP address to access his Apple-provided E-mail.

 

Mixing (over the same IP, VPN or not) perfectly legitimate activity with activity that may be more of a concern to law enforcement or would-be civil law suit filers may be unwise? Using the VPN for everything may be a great act of civil disobedience (or something), but perhaps knowing how to split traffic might be a good idea?

 

If he had used VPN for everything KAT related they would not be able to link him to Apple as easily, ofc another mistake was using same alias a lot of places, I believe they call it social reverse engineerig or something like that? Generally the common denominator with all the people that gets caught is they fuck up/slip up or simply neglect on staying hidden

[go558a83nk 362]

I'm not seeing it.  So what if authorities see the same IP connect to KAT, facebook, and apple.  Assuming it's all encrypted (https), how would they know what accounts are being accessed on those sites?  What am I missing?

[Kepler_452b 77]

HTTPS is easy to break.

[zhang888 1066]

I'm not seeing it.  So what if authorities see the same IP connect to KAT, facebook, and apple.  Assuming it's all encrypted (https), how would they know what accounts are being accessed on those sites?  What am I missing?

 

The fact that he used his home ISP in Poland to login to Apple, Facebook, and the site administration page.

This can triangular to a perfect match, since you have a common point of interest where one is a human evidence

(Facebook profile) and second is electronic (Unique IP address). Then it is usually easy to send requests to all other

U.S. based services with a request for more info.

After that you load all the data of points of interests to a device like Palantir:

https://www.palantir.com/wp-assets/wp-content/uploads/2013/11/Palantir-Solution-Overview-Cyber-long.pdf

 

We need to wait for the final indictment to know more details, just like with the SR case. Right now it's only

small drafts. This is usually released after the first prosecution takes place.

[Kepler_452b 77]

For someone who would be a target like him, you need to follow a lot of security best practices. A really high level of anonymity needs constant vigilance....easy to make mistakes.

[go558a83nk 362]

 

I'm not seeing it.  So what if authorities see the same IP connect to KAT, facebook, and apple.  Assuming it's all encrypted (https), how would they know what accounts are being accessed on those sites?  What am I missing?

 

The fact that he used his home ISP in Poland to login to Apple, Facebook, and the site administration page.

This can triangular to a perfect match, since you have a common point of interest where one is a human evidence

(Facebook profile) and second is electronic (Unique IP address). Then it is usually easy to send requests to all other

U.S. based services with a request for more info.

After that you load all the data of points of interests to a device like Palantir:

https://www.palantir.com/wp-assets/wp-content/uploads/2013/11/Palantir-Solution-Overview-Cyber-long.pdf

 

We need to wait for the final indictment to know more details, just like with the SR case. Right now it's only

small drafts. This is usually released after the first prosecution takes place.

 

It only makes sense to me if they hacked KAT and got cooperation from apple and facebook on the timing of the connections to their services by that IP.  If apple and facebook don't cooperate I don't see how they'd make the connection.  Anyway, shame on apple and facebook for cooperating. 

[zhang888 1066]

They must to, according to the law in the country they are from. Snowden confirmed that it can happen even without an official court procedure.

[NaDre 157]

...

It only makes sense to me if they hacked KAT and got cooperation from apple and facebook on the timing of the connections to their services by that IP.  If apple and facebook don't cooperate I don't see how they'd make the connection.  Anyway, shame on apple and facebook for cooperating.

 

They must to, according to the law in the country they are from. Snowden confirmed that it can happen even without an official court procedure.

 

You can add Coinbase to the list companies that provided information when faced with a court order. See paragraph 60 of the "Criminal Complaint" document that you can find here:

 

https://www.justice.gov/opa/file/877691/download

 

The simple reality is that no service provider any of us here use would be likely to refuse to comply with a proper court order, including ANY VPN provider.

 

If you don't want to read the complaint, this is a good overview:

 

https://gizmodo.com/the-colossal-screwups-that-got-the-kickass-torrents-own-1784033848

 

If you really need privacy for something you are doing, idealism and outrage at people not behaving as you think they should will not help you. It will impair your thinking and assessment of risk.

[LZ1 672]

@NaDre

That last line was brilliant. Idealism and outrage lol. Genius.

But it's funny the gizmodo link is like "cybercriminals can't hide" and it's like you want to tell them.... But he wasn't even trying to hide lol.

[Kepler_452b 77]

That's why trustworthy VPNs don't log anything right? So that when they comply they turn over everything they have, i.e. nothing.

 

Anybody have any thoughts on LE installing intercepts on both sides of a VPN server without the server owner knowing?

[OmniNegro 155]

That's why trustworthy VPNs don't log anything right? So that when they comply they turn over everything they have, i.e. nothing.

 

Anybody have any thoughts on LE installing intercepts on both sides of a VPN server without the server owner knowing?

That would either be a MitM (Man in the Middle) attack, or entirely useless since all data sent or received is encrypted.

 

*Edit* On second thought, even a MitM attack would be pointless unless you have the ability to do what is mathematically impossible. (Not impossible, but brute forcing a single key would likely take longer than the entire Galaxy will exist, and that is if every computing device ever made, and ever made in the future were tasked with that alone, and not just used to watch videos of cats falling off tables on Youtube...)

 

Want proof that encryption is safe? Check this site out. Read the comments below the article. There is not enough energy for the switching power used to do that much mathematics.

http://www.eetimes.com/document.asp?doc_id=1279619

[LZ1 672]

That would either be a MitM (Man in the Middle) attack, or entirely useless since all data sent or received is encrypted.

That's why trustworthy VPNs don't log anything right? So that when they comply they turn over everything they have, i.e. nothing.

 

Anybody have any thoughts on LE installing intercepts on both sides of a VPN server without the server owner knowing?

 

*Edit* On second thought, even a MitM attack would be pointless unless you have the ability to do what is mathematically impossible. (Not impossible, but brute forcing a single key would likely take longer than the entire Galaxy will exist, and that is if every computing device ever made, and ever made in the future were tasked with that alone, and not just used to watch videos of cats falling off tables on Youtube...)

 

Want proof that encryption is safe? Check this site out. Read the comments below the article. There is not enough energy for the switching power used to do that much mathematics.

http://www.eetimes.com/document.asp?doc_id=1279619

 

Although it should also be said that how encryption is implemented and what sort of standards are followed, are equally vital; as they've been the weak points used to undermine encryption . Sort of like it's no use having the worlds best door if the window is open or the keys are hanging from the door knob, etc. etc. Also, the phrase you're looking for is "the heat death of the Universe", not Galaxy. I only care to point this out to you, because I know you're geeky enough to care about such details lmao <3.

[zhang888 1066]

When that person didn't buy a separate laptop, a prepaid SIM card, and a VPN to manage his website - and -only- his website,

no encryption in the world could help.

That is a common compartmentalization mistake of people who think they are fine without it.

 

The details and the time-stamps, are already everywhere. I expected some twist but it was quite a simple and boring read.

[NaDre 157]

There was no need to break encryption in order to find the operator of KAT. And now that they believe they have determined his identity, I think they feel that conventional evidence will be sufficient.

 

The "Criminal Complaint" is quite interesting, and provides some useful insight into what really is needed to pursue legal actions, as well as how they may go about determine the identity of a suspect.

 

I doubt that any encryption done by Snowden was ever broken. So he doesn't have to worry then?

 

Things can be proven to the satisfaction of court without having to break encryption.

 

When the person at one end the encrypted channel reveals the content of the communication, it is irrelevant that encryption was used. It is about determining who was at the other end.

 

,,,

 

Anybody have any thoughts on LE installing intercepts on both sides of a VPN server without the server owner knowing?

 

I believe that the NSA has been collecting all internet metadata (what addresses connect to what other addresses) for some time now. What information would such intercepts add?

 

If information on specific IP addresses can be demanded from private enterprises with a court order, would another government agency not be expected to comply?

[Kepler_452b 77]

Actually with an intercept on the clear text side of the server and another intercept on the encrypted side of a server, you could see what the clear text is and do a timing correlation to understand where the encrypted side was going/coming. I was really wondering if anybody knows how easy or difficult it is to do that without the server owner knowing. Maybe nobody but TLOs really know this.

[NaDre 157]

Actually with an intercept on the clear text side of the server and another intercept on the encrypted side of a server, you could see what the clear text is and do a timing correlation to understand where the encrypted side was going/coming. I was really wondering if anybody knows how easy or difficult it is to do that without the server owner knowing. Maybe nobody but TLOs really know this.

 

I would be astonished if the metadata collected did not have the times of the connections, so that timing correlations can be done, long after the fact.

 

I think in many cases the "clear text" would still be SSL or SSH encrypted.

 

I think that one should assume that a hosting provider will comply with a court order.

 

But they could I think just decide to drop the target as a customer. Without explanation if they were also gagged.

 

Since this sort of demand could cause them expense, they would not have to be motivated by some sort of idealism to see this as their best alternative. If you read the terms of service that you agree to when you get a VPS, they make it clear that if they have to spend any significant time dealing with and forwarding copyright complaints, you should expect to be dropped.

 

But I am not an expert on the legalities.

[Guest]

I'm not seeing it.  So what if authorities see the same IP connect to KAT, facebook, and apple.  Assuming it's all encrypted (https), how would they know what accounts are being accessed on those sites?  What am I missing?

 

 

 

I'm not seeing it.  So what if authorities see the same IP connect to KAT, facebook, and apple.  Assuming it's all encrypted (https), how would they know what accounts are being accessed on those sites?  What am I missing?

 

The fact that he used his home ISP in Poland to login to Apple, Facebook, and the site administration page.

This can triangular to a perfect match, since you have a common point of interest where one is a human evidence

(Facebook profile) and second is electronic (Unique IP address). Then it is usually easy to send requests to all other

U.S. based services with a request for more info.

After that you load all the data of points of interests to a device like Palantir:

https://www.palantir.com/wp-assets/wp-content/uploads/2013/11/Palantir-Solution-Overview-Cyber-long.pdf

 

We need to wait for the final indictment to know more details, just like with the SR case. Right now it's only

small drafts. This is usually released after the first prosecution takes place.

 

It only makes sense to me if they hacked KAT and got cooperation from apple and facebook on the timing of the connections to their services by that IP.  If apple and facebook don't cooperate I don't see how they'd make the connection.  Anyway, shame on apple and facebook for cooperating. 

 

I was asleep when you wrote this but I still wanted to add my 5cents as they say, If the authorities see the same IP address connect to the KAT facebook account and also see that same IP address that same day connect to Itunes and make a purchase they see his address name, credit card even that is enough evidence to say it is with 99% chance him so they either look for more evidence or have him arrested, not to mention infact the hosting provider did also hand over their servers to the government(why they should've gone with dedicated server)