48 Comments
User's avatar
tawhuac's avatar

Too bad, but I personally wouldn't call a windows user a hacker, ever.

Chad Thundercock's avatar

But but he used Windows XP.

He old school

Vesselin Bontchev's avatar

This stuff (cybersecurity) is my area of expertise, so a few remarks.

1) Don't mess with your GDID. In the wake of this case, you'll probably encounter well-meaning scripts and guides how to change it, etc. Just don't. It is needed for Windows Updates (this was its original purpose) and if you mess with it, you can fuck up your system pretty bad.

2) Don't use ngrok for anonymity. Or VPNs, for that matter. A VPN has only two valid use cases: a) when you don't trust your Internet service provider (ISP) *and* trust the VPN provider more and b) when you want to mask your geographical location, in order to visit a site that does not allow visits from your area. If you want anonymity, use the Tor browser. Not the Tor window of the Brave browser - the actual Tor browser.

3) For really heavy stuff, when your life or liberty depends on it, don't use your operating system. Not Windows, not MacOS, not even one of the popular Linux distros. Use TAILS. It's a Linux distro made for privacy and anonymity, with the Tor browser and other tools installed. Preferably, boot it from a USB stick (or a DVD), although using it from a virtual machine is acceptable. There are valid alternatives, like using the Whonix distro, but they are harder to set up and use.

4) Don't use smart phones. Ever. Not even "burner" phones. Don't ever turn your (not smart) mobile phone anywhere close to the place from which you're going to do something you could be persecuted for.

Of course, what precautions you really need largely depends on your threat model. If your adversary is Mossad (or equivalent), well... Try faking your own death, go live in a submarine, and you'll still be mossaded upon, as the famous saying goes.

Chad Thundercock's avatar

No serious PC user updates Windows after installing it. Quite the contrary, kills every way for it to call home. And always installs it from a physical media, never online.

Kotanraju Via Znanje's avatar

Tails OS

Onion router

Download outside of US and western cuntries.

No1's avatar

I don't know if it's a typo or not, but I like that word "cuntries" 😜

Kotanraju Via Znanje's avatar

The horns on my head hold my halo askew. 😉

Chad Thundercock's avatar

any half-ass hacker knows that a dirty job is done from a compromised server you have root access to. All the VPN, tunneling, spoofing and trail hiding is done from there, then every trace of your remote access to the server cleaned, never to be used again.

The biggest the company owning the server, the better, as in any legal inquiry scenario their first move will be to lawyer up, then dig into the hacking issue internally and most probably deny, deflect and save face, than to ever acknowledge a hack was perpetrated from one of their allegedly compromised servers.

DONT FORGET: Never shit where you eat !!!

Chad Thundercock's avatar

The kid forgot the most important rule:

whenever you do something you're NOT supposed to do, DON'T USE YOUR COMPUTER.

But if you must... CREATE a VIRTUAL MACHINE inside a partition, and from that virtual OS that allows you to tinker with MAC address, IP address, everything down to hardware IDs, you do your job, then format the partition deleting the VM.

Best of luck next time.

No1's avatar

I like the way you're thinking, but you bad bad boy 😁

Chad Thundercock's avatar

Who? meee? 😇

John Bigbootee's avatar

Ha, ha, ha, ha. Oh boy.

It's almost like an episode of "Dateline" where the perp is sitting in the "let's get to know each other better" room and the examiner shows him the hard evidence. That look of bewilderment and shock is a priceless tell.

Since I did work in the software business for decades nationally and internationally in manufacturing, finance, logistics and on and on I think I can help you out a little.

Most of the hackers I have known are good at cheap parlor tricks who eventually get their sensitive parts slammed in the door. The guys or gals that program "down to the metal" have already dialed the eventualities into the product. Microstupid being just one example.

My first contract was with a major manufacturer of a product that results from the mixture of ethylene glycol and terephthalic acid; plastic. Two of us were writing a raw materials flow system for the factory. There was this one troublemaker who kept trying to hack into the system. He was using an actual employee's name that was not his own. And she was entering the incorrect password that he kept guessing. Probably from the guy that was boinking his wife. Idon't know. We knew which workstation, which shift and which user and password combination he was trying to use to gain access. We had already built security levels that delineated which system features were available for each user classification logon.

I wrote a new security screen. When the wrong password and user combination was entered it simply triggered inverse video on the screen and turned it into a five alarm fire with only one sentence that was readable; "you have entered an incorrect username and password. Press "esc" and be more careful in the future."

The screen was returned to normal video and we never had another problem with it. Modern problems require modern solutions ;-).

I could tell you more stories just like these until you screamed "Please Stop!"

I believe if you accept computer based technology as a game you might not go mad. One of my favorite undergraduate school courses was symbolic logic. The professor had stopped me in the hallway before the start of the semester and told me that he knew me and I needed to take his class. It made me stop and think. I was expecting him to say something like I can tell that you are a Gemini.

-\••/-

John Bigbootee's avatar

We had 404 megabyte drives for the platform in 1980. They were $20,000.00 a piece.

My android memory has 128 gigabyte. The math tells me (128gb / 404mb) * $20,000.00 = $6,336,633.67.

ebear's avatar

I always assumed that VPNs were operated by the intelligence agencies. Even if that's not true, using one probably attracts unwanted attention, as does encryption. However, suppressing political dissent to me seems like a game of whack a mole. You suppress one voice and another pops up in its place. Not that getting whacked doesn't hurt of course, but I think the sheer volume of information today overwhelms any attempt to effectively control it. That may change with the introduction of AI - I guess we'll see. Meanwhile, the material conditions that support these attempts to control outcomes continue to deteriorate.

Chad Thundercock's avatar

In this scenario the NGROK website collected info "that it was not supposed to" and snitched. While the VPN companies should adapt to fake/spoof the info passed forward.

Basically NGROK = honey pot.

The kid went to do a shoot-out and while using a mask, a stolen car, leaving his phone at home, he used the gun already registered in his name and having the ballistic profile on file. But he is proud he used gloves when loading bullets into the gun.

ebear's avatar

What's an NGROK? Is that like an Ewok?

Chad Thundercock's avatar

Could be a ni55er one?

ebear's avatar

Now now... you'll get our resident anti-racist Squeeth all stirred up talking like that...lol.

Jan Barendrecht's avatar

A while ago, researching an issue on a .gov site, a message appeared "This information is not available in your country". In most cases, the Tor browser can solve that and even issues VPN won't. But this time a message appeared immediately: "This information is not available in your country". My delayed decision to switch to Linux got priority upgrade: 5 systems "to do".

Amgmt's avatar
2dEdited

Thanks for the post No1.

Always look forward to these landing in the inbox.

This ambitious get rich quick 19 year old, appears to have caught a case of the stupid.

At least he got nabbed early where he potentially can correct his ways.

On the true topic at hand...surveillance device finger printing and internet privacy, anyone here who has not should read or listen to The Age of Surveillance Capitalism by Shoshana Zuboff.

Eye opening and terrifying.

Carrier mobile devices are even more insidious.

For those more interested in privacy they should check out this site.

https://www.privacyguides.org/en/

https://privacytools.io

For the average normie, they have zero interest in putting in the extra effort required to untether from the control grid.

I wish them well in the future...

Jono's avatar

Hmmmm a hacker that uses Windows.... Hmmm. Not so savvy says I , and I am not a super tech savvy person.

Windows has in the past had so many 'backdoors' baked into it's code, that I read about. I have used mainly Apple computers because I like the durability, and keyboard feel, touch pad, etc.. .

But I do think that these days it is just a given that anonymity on the net is almost gone. Therefore, be careful fellow No1-ers.

Recently I saw a short vid on utoob and it seems that routers by themselves can scan and identify distinct individuals, besides seeing through walls. This seems MOAR insidious than windows vs Mac OS... sheeeet.

Why do they need to micromanage our every movement... oh yeah, Palantir has products for that. How helping humanity?

BDH's avatar

Remember when don't be evil was a warning and not a goal?

Pen and paper look better every day.

Ed's avatar

I am not sure who said this but "The more digital, the less freedom".

Perhaps the only solution is to repudiate everything digital and go back to physical interactions and physical means of payment.

Life pre-1990's wasn't so bad, right? You talked to your neighbors, you chatted with the bank teller you knew by name, you asked advice from the florist to buy flowers for your GF, you shopped in local stores and payed with cash, had a nice dinner out at a restaurant you heard about from your friends at a house party. And so on.

Best of all when repudiating your digital life, your (mental) health problems - if you have any - most likely will melt away as ice under the sun.

david farrelly's avatar

I liked the old days when they would do a parallel construction of how they got the bad guy. These days they just don't care.

Ray-SoCa's avatar

Amazing terrifying article - thanks.

It saves me from wasting money for paying for a vpn for real privacy, unless I want to leave the ease of use of the Apple ecosystem.

Amgmt's avatar
2dEdited

For shits and giggles send a request to privacy.apple.com logged in as your apple id.

Wait a week for the bundle and prepare to be mad as fuck.

Grundvilk's avatar

So, when, in terms of the various versions of Windows, was this GDID stuff put into effect? Is this known? If it is a relatively new (i.e., only after Windows 10) development, it sounds much like the big brother type stuff being installed in new cars.

Amgmt's avatar

That's the funny thing about all of this, it gets marketed as we need to stop hackers or child pron or whatever bad thing is out there on the interwebs, then next thing you know were all potential suspects.

No1's avatar

Welcome to the Brave New World!

Ray-SoCa's avatar

"If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."

Eric Schmidt

Google Ceo

DAVID Goldman's avatar

"If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."

Don't ever make any electronic iteration of anything you don't want known. Ever. And yes, the US Post office photographs all mail and all calls are recorded. No secret that.

Amgmt's avatar

You should read the book he coauthored with Kissinger.

Genesis.

The AI roadmap is all in there.

These "idea" people are insufferable.

Grundvilk's avatar

Well, if the GDID system truly was put into effect starting with Windows 10, then that suggests older (now Microsoft-unsupported) Windows versions like Windows XP, 7, or 8, might be free of the GDID encumbrance -- much like older cars are immune to the new nosy, intrusive government-imposed technologies. However, I've not been able to find any other confirmation that Windows 10 represents the start-up point in the GDID system.