Monday, September 26, 2011

LulzSec member's 'protective measures' turned into his undoing

Late last week, authorities arrested a LulzSec member who was using a proxy server service to hide his Internet identity. He didn't realize that service, hidemyass.com, would be his undoing.

Cody Andrew Kretsinger, 23, of Phoenix, Arizona is a LulzSec member who is believed to go by the handle "recursion." A proxy server, such as hidemyass.com's, essentially hides a user's actual IP address.

Kretsinger and his co-conspirators allegedly used the proxy server as they probed for vulnerabilities on Sony Pictures Entertainment's computer systems in May of this year. They were eventually able to exploit the site using a SQL injection attack, between May 27 and June 2. They then accessed confidential Sony data, and released the information from Sony on a public Web site and on Twitter.

This has raised some red flags around the Web. After all, the service has been used by dissidents attempting to hide from oppressive regime such as Egypt, Iran, etc. If the company is going to give up your ID when asked, what good is it?

The devil is in the details. The terms of service and privacy policy of hidemyass.com, despite what its name might imply to some, specifically states that its service is not to be used for illegal activity, and "as a legitimate company we will cooperate with law enforcement if we receive a court order."

Glassesusa 10% off couponTo be clear, hidemyass.com is "a UK based LTD company and only comply with UK law." If an out-of-country request is sent, it must go through appropriate channels and a U.K. judge must issue a court order.

In summary, the blog post adds, "we follow UK law, there isn’t a law that prohibits the use of Egyptians gaining access to blocked websites such as Twitter, even if there is one in Egypt … though there are certainly laws regarding the hacking of government and corporate systems."

In other words, don't expect any such service run in a country such as America, anywhere in Western Europe, etc. etc. to protect you if you try to use it for illegal activity, and we don't mean just accessing blocked websites in Egypt.



No comments: