- cross-posted to:
- piracy@lemmy.dbzer0.com
- privacy@programming.dev
- cross-posted to:
- piracy@lemmy.dbzer0.com
- privacy@programming.dev
cross-posted from: https://piefed.world/c/tech/p/1246200/pdf-a-hacker-s-arrest-reveals-microsoft-can-track-users-ip-history-even-with-vpn-full-we
You can read about it yourself here on page 12 (or page 8 of affidavit), then page 33 and down (page 29 of affidavit)
First one to notice this: Security researcher, VX-Underground.


Secure communication/networking on windows or macOS is just bad opsec.
They both have hidden certs, and non VPN activity that can be trivially correlated back to you, especially if you have OS services (can see and bypass your VPN) mixed with something like iCloud (goes over VPN).
All iDevices have a unique ID, which is hidden from apps only if you turn on tracking prevention. I don’t know the situation with Windows, I assume it’s just as bad or worse.
If I were a hacker I would be using something like a customized Sway DE and a stripped back distribo.
Also worth nothing: on macOS EVERY binary you run gets fingerprinted and sent to Apple. Again, I don’t know that Windows does this, but I’d assume it’s the same. It’s for security — probably not your security though.
—-
ETA: the Hack the Planet chain included is hilarious lol.
But what script kiddy shit is using ngrok to tunnel on the servers?
I’m surprised that the install of ngrok on the servers didn’t immediately set off alarms before they even got to exfiltrating data. But with PAAS and containers, I’m not shocked.
Maybe I shouldn’t write this comment for fear it’ll be construed as encouraging hackers, that’s not my goal. I am not a hacker, I’ve never hacked anything. I just find this shockingly stupid, but I suppose they are young.
If I were a criminal I would probably also avoid posting diamond crusted jewellery and wads of cash online.
I am surprised how much of your network logs Microsoft keeps around. That’s insane they were able to link the GUID to both ngrok and the hotel.