this post was submitted on 29 Aug 2024
401 points (97.9% liked)

Technology

59534 readers
3168 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] catloaf@lemm.ee 65 points 2 months ago* (last edited 2 months ago) (5 children)

The Ars article seems to suggest that they were able to crack his phones pretty easily, which is a bit scary. I don't see anything about a computer.

Although it doesn't appear he was actually using any encryption apps to store material; rather, he used a fake calculator app as password protection. Obviously not the brightest bulb in the drawer.

[–] SnotFlickerman@lemmy.blahaj.zone 64 points 2 months ago (1 children)

The material was allegedly stored behind password protection on his phone(s) but also on Mega and on Telegram, where Herrera is said to have "created his own public Telegram group to store his CSAM." He also joined "multiple CSAM-related Enigma groups" and frequented dark websites with taglines like "The Only Child Porn Site you need!"

My guess would honestly be Telegram. For starters, they aren't end-to-end encrypted by default, you have to turn it on. The only end-to-end encryption that Telegram offers is their "secret chats" which are only available between two users. Groups are not encrypted.

[–] theterrasque@infosec.pub 19 points 2 months ago (1 children)

So telegram's delusional propaganda did something good for once?

[–] BearOfaTime@lemm.ee 5 points 2 months ago

What propaganda?

That groups aren't encrypted is documented. If you don't know that, it's because you didn't bother to see how it works.

[–] AceSLS@ani.social 31 points 2 months ago

The Ars article seems to suggest that they were able to crack his phones pretty easily

Android uses data at rest encryption, which isn't really useful without a lockscreen PIN/password since data gets decrypted after you unlock your screen the first time after each boot

Although it doesn't appear he was actually using any encryption apps to store material; rather, he used a fake calculator app as password protection. Obviously not the brightest bulb in the drawer.

Agreed, he probably felt safe enough "hiding" the files. Definitely not the sharpest tool in the shed, which is great because fuck this guy

[–] chimera@lemm.ee 18 points 2 months ago (1 children)

I honestly don't think he really had any opsec apart from those few applications, look at what tools he was using, what a joke. Fake calculator app to store files are great to protect from your parents, not the FBI.

He was clearly using Android and I bet he was using the stock rom, kyc sim card, and not even a vpn behind tor.

Don’t get me wrong, I’m very happy and relieved he was caught, but if he had done serious research and did a better opsec, it wouldn’t have been so easy for the authorities to get him

[–] gwen@lemmy.dbzer0.com 8 points 2 months ago (1 children)
[–] chimera@lemm.ee 14 points 2 months ago (1 children)

true but only if you do : tor > vpn

if you do : vpn > tor in this order, it’s way more resistant, because if the onion node is compromised, it’s the vpn’s ip address that is exposed, not yours

[–] gwen@lemmy.dbzer0.com 3 points 2 months ago

oh wow i didn't know that!! thanx for clarifying :]

[–] RVGamer06@sh.itjust.works 6 points 2 months ago* (last edited 2 months ago)

Phones are horseshit for OPSec, always. Every darknet admin and their dog know that.