lulzcart & the fedz - part 1

Ohai everybody :)

    As you probably know, we got raided and arrested for our actions against Romanian Government, wich is, in fact, a bunch of tard and gay ppl...and fedz :) I won`t
    start telling you all the story here, again, cuz I`m sure you know it, but instead I'll write here my full experience I got with the fedz and the prosecuttors...so here we go:

    I. LOGS AND HOW THEY GOT US (OR HOW THEY GOT ME AT LEAST)

    1. First of all, I will start telling you that we got caught from 2 reasons: 1 - someone talked, and I won`t give names yet untill they will present us all the
    evidences they have against us. When that will happen, I can see everything, including others declarations they gave in front of the fedz, so I can scan them
    and make them public, including mine, so there won`t be any speculations that I or others (if they want to talk) are lying...and 2 - the fedz somehow managed to
    intercept our conversations from AnonOps IRC Network (public convos we had on private channels, public channels, and worst, our private convos too). Many of you
    may wonder how was possible for them to intercept our private convos...a question I don`t have answer for, yet. And if any of you thinks I`m lying, well the convos
    they got are in the public papers they presented us (somekind of a small summary with few evidences they have against us, papers that are presented before they finish the whole investigation and show you all the evidences, not just a summary), papers that i personally scanned and sent them to nix, and i will rescan again and make
    them public, as an evidence for my words :)

    2. Regarding the logs they have from us, all I can tell is that I was using VPNtunnel.se VPN + TOR + SSL and sometimes only VPN + SSL (without TOR), so I still have
    no clue about how they managed to intercept the convos, and I must mention the fact that they had theese before they got our PC's and stuff, but we will see soon how
    they managed to do it. As a conclusion, AnonOps IRC is not a safe place to talk "sensitive" things on, neither on private chans or PM's, so everyone please avoid
    doing that and keep your secrets in a safe place (your brain, if you got any...rofl :P). Now I don`t want to discredit the AnonOps IRC admins for being, as some of
    you may call, "undercover fedz", "incompetents" and etc, maybe it's not their fault and maybe the ISP had it's own methods to decrypt the IRC traffic, so please don't
    make any scenarios untill we will see exactly how they got the logs decrypted.

    3. Other method of communication I was using was Pidgin + OTR (off-the-record encryption) with jabber account, and it prooved it was safe, as they even had no clue
    about the existence of it even :), so I recommend everyone to use this kind of communication for sensitive things (like sending nude pics with fedz mothers, comments, etc. :D), and of course, don`t forget about VPN. So encrypted VPN + Pidgin (jabber) + OTR encryption should be safe for the moment.

    II. FORENSIC EXPERTISE AND WHAT THEY GOT FROM MY PC, USB STICKS AND HDD's

    From the begining, I will start telling you my configuration, how I encrypted my laptop and the USB drives I was using for playing, and what method I was using to delete the sensitive info's from the laptop HDD :)

    1. PC encryption method was the following: Windows 7 OS (fully encrypted with TrueCrypt) with 2 partitions on it. The second partition inside the fully encrypted OS was also encrypted with TrueCrypt using the "Separated Partition Encryption" method of truecrypt (and if you plan to do the same, first of all encrypt the 2nd partition then do the "Whole HDD Ecryption" option from TrueCrypt, otherwise it won`t work). Then, I was using VirtualBox VM, installed and set up to store all the files on the 2nd ecrypted partition. Inside VM, i installed Windows XP and after that, I encrypted the whole OS again with TrueCrypt, and again I splitted it into 2 partitions, and the second one again encrypted with TrueCrypt (same method used with Windows 7). Inside Windows XP VM, i installed again VirtualBox VM, set it up to store files on the 2nd encrypted partitions, and then I installed my linux os and stored other stuffs there. As a short summary it looked like this:

    * Windows 7 fully encrypted with 2 partitions (2nd partition also encrypted) - VM stored on 2nd partition of Win 7 and with Windows XP on it (again fully encrypted with 2 partitions on it, 2nd partition also encrypted) - inside Windows XP VM another VM set up to store files on the 2nd encrypted partition of Win XP, with linux on it and other stuffs I was using :).

    ** As an observation, all the passwords (4 in total) were having each 64 char, with lower, upper chases and some random symbols like '&)#', and all were different, and the encryption method I used was AES, and before encrypting anything (USB, HDD, etc) I was using US DoD 3-pass wipe method from TrueCrypt.

    2. USB was also encrypted with TrueCrypt, 64 char password, with lower, upper chase and some random symbols, and they weren't able to break it.

    3. I must mention the fact that if you plan to encrypt only a partition or more inside the OS, and not the whole OS itself, and eventually encrypt the partition/s after, you should know that the french fedz managed to break TrueCrypt separated partition encryption, so I assume that now all the fedz can do that, so please be carefully :)

    4. Believe it or not, the night before the fedz came to my door, I somehow had the feeling that something strange will happen...I started to became paranoic and I downloaded the Active KillDisk software to wipe everything (even if it was encrypted) just to be sure...so I got the software, burned it to a DVD, booted from it and then I initially wanted to wipe everything using the Gutman 35-pass wipe method, but when I saw it takes about 3 days I was like wtf I need my PC tomorrow, so I canceled the operation and choosed US DoD 3-pass wipe method, I closed my laptop lid and went to bed...and at 6 A.M fedz came into my room :) and, first thing they did was to open my laptop lid and see what is inside, and all they saw was the verification process of the wipe method (the software finished the whipe and was doing a veryfication), and I was so happy when I saw it, and the fedz faces changed instantly :)

    After first month of jail, they brought us to the police departament (we were still jailed) to make the IT expertise to the lap, USB sticks and everything they got from my house. After some hours, they didn`t managed to recover any info from my laptop HDD and also they weren`t able to break my USB encryption, so they gave back my lap and the USB, but they kept the lap HDD and told me I'll never see it back because I deleted it to hide evidences. Anyway, I had another 40 GB IDE hdd where i had linux on it, but no concrete evidence, and they found there only the directories structure, as some of them were called "lulzcart music", "lulzcart videos" and etc, u know the folder linux makes by default for the current user, but the directries were empty, and they said it`s enough to associate that with my nickname and to proove it was actually me....so as a conclusion, the only evidence they have against me are the IRC logs :)

    Many will wonder why they jailed only me and silus, and the answer is simple: when I wrote my declaration, I took all the shit on me, so others won`t be affected and eventually set free, and that`s what happened. All of them were set free, and silus was jailed with me because of the IRC logs they had with both of us.

    That's all for now. In part 2, I will make public the papers with the convos (i will censore most of them as I don't want to expose anyone), evidences and all the shit they got against me.

Also, I forgot to mention that the software fedz were using at the IT expertise it's called "EnCase Forensics". I don`t know if all the fedz are using it, or only this, but at least the romanian ones were using only this software regarding our case :)

    Signed,
    lulzcart

    :)