hey man I'm sorry but crypto makes you look kinda gullible and not actually educated about technology -- it makes it so incredibly difficult to continue respecting your opinions on technology as "informed" so I'm starting to lose my reason to keep checking this channel. I don't think it's possible to simultaneously understand blockchain technology and also have faith that crypto can ever be useful or ethical.
Ulbricht will probably take the corrosive exploding cake on multiple counts for Amazingly ABYSMAL OPSEC for all time to come: ruclips.net/video/eQ2OZKitRwc/видео.html Why (FOR HEAVEN'S SAKE WHY?), when the FBI comes to your doorstep demanding to know why you were sent several forged IDs do you think it a good idea to hawk your illicit goods website?
@@MentalOutlaw this is literally a copy of the top comment on your last video on this a week ago... don't encourage reposters smh This is where the fun begins :)
@@jjjj-x9g He knows he's young and the example has already been made with this stuff, so he won't get much time if any at all, probably probation. But he also knows he will get fame from this and maybe even turn it into a legal revenue source. I don't think it's unlikely he wanted to be caught, but it's 50/50
@@MentalOutlaw someone this young hacking an FBI email server is still impressive. He can hack a Chinese government mail server, OPSEC is something they can provide him with. What I'm trying to say: The three-letter agencies don't hire people based on how well they can run away, but based on how much damage they can do.
No, no: "a friend", that way they will never know it's YOUR friend and therefore cannot link them to you directly. Using "a friend's friend" is usually an overkill, but provides the best Op-Sec on the planet and further. Even MiB could not have found me since '97. Trust me, bro.
@@Criticalmaze He is saying if you connect to a VPN, then log into some l33t hackerman forum, then use the same VPN connection to access personal accounts connected to your true identity then you’re making it stupidly easy to get caught
I thought this wasn’t real when I first saw it… like what the hell was this dude thinking?? I’m sure the first rule of hacking is to remain anonymous. Ouch, big time!
@@Tophatjones358 it literally is! 😂 if criminals actually used their brain they wouldn’t have been caught so easily. Sending your email WITH YOUR FULL NAME is so bad
@@featheroml its not real, the feds found him with some other surveillance they cant / dont want to disclose publicly, but to arrest him they set him up with stealinf his credentials etc.
I always wonder how much of the "bad opsec" we see in court documents is real, versus just what they submit to the court to secure an arrest warrant. If they use a backdoor or an exploit, they can more easily identify perpetrators, but they won't want to have to reveal the exploit in court. So once they've identified the person, they can monitor them until they can find some smaller crime to execute the initial warrant.
I could fathom that happening; though it'd be unnecessary in this case since the FBI didn't really need any exploits to identify the dude - as they'd found his personal email within the RF leaks.
Kind of like how abc agencies would use stingray to gather info illegally, but they know they cant use it, so they use the information they gather illegally to catch them doing something lesser which they in turn use to get "legal" access to the info they rrady obtained illegally. I believe there was a case a while back where the accussed knew that they were 100% secure in their communications and the only way the agency could have the data they had was through illegal interception. So the case was dismissed. But they never stopped doing such illegal activites. Anyone in a position of authority should have constant surveilance and total transparency around their actions. As there is far to much makebolence and corruption in gov agencies and law enforcement. These perpetrators who think they are above the law will not be able to hife their secrets forever. Their minds are sick with power. There are truly good people out there but those in power try and rstionalize their actions by thinking, everyone else would do it too. But thats far from the case. They are afraid of letting anyone with morals into the mix. They make sure they take them to their after parties or private islands and test newcomers depravity. All while filming them to make sure they are implicated if they ever step out of line. Its a big group and we aint in it. I wouldn't ever want to be in it either. They don't see others the same as a normal person. They look at us as cattle. So if you think the gov will help you or feed us in times of desperation than we are hopelessly fooled. Weakened just like China wants us to be. As we were sold out as a resource a long time ago. I look at the debt clock for canada and i sure as hell have never had that much debt. Shit, my reparations of 5$ every other year hasn't had inflation accounted for in its inception. Over 100 years ago that was the price. Canada has defaulted on the payments they owe constantly. Canada was also a 99 year lease. The lease is not only up but was voided when the gov began to take control of our freedoms and try exterminate my peoples cultures by genocide and attacks on our longhouse ceremonies by the RCMP in the 50s and 60s. Then the residential schools and tearing children from their families. This wasn't all that long ago either. Rap1ng and mutilating children for their own sick n twisted desires, those are the supposed "men of god" that so many worship. Many were shipped over seas as tortutre toys for a certain famous family. Im sure we can all guess who. There is much truth to be told. Its up to us good like minded people, those with true love in our hearts to come together as the rainbow nation and prevail against those who oppress others for their own gain. Instead of all working together to lift eachother up. We can lift all of humanity to new heights of advancement where all can prosper and still maintain a 7 generation guarantee. Which means we take care of our mother earth and her resources so that 7 generations down the line mother earth will still be bountiful and all nations able to thrive together. At the rate and state that these "world leaders" have us in now-a-days, we will be lucky to make it 3 more generations before all is poisoned beyond repair. 😢 I have faith that us people with strong morals and love in our hearts and mind can prevail. But we are going to need help from each other. Let us come together and reach our potential!!!
I think some of the Snowden revelations talk about exactly this, with some cases being dropped entirely because they didn't have any evidence that didn't reveal the existence of rogue cell towers.
Those techniques are pretty sophisticated, quite rare or even non-existent. Dude was a kid who ran a forum... That's overkill and nobody's going to risk burning that for nothing.
Mind boggling how poor this kids OpSec was. How long was he running breached for again? I wonder if they even give him a deal to work with the feds considering how many blunders he made. Also, while I'm at it finally commenting on one of your videos, I want to thank you for putting out consistently high quality content for as long as you have. Without your videos, I wouldn't have found my love for Linux, and would still be using Microsoft Winblows
Pompompurin created Breached Forums around a year ago. People flocked to the site because he had been around on Raid Forums for years with a stellar reputation. I have no idea how they didn't catch him sooner. Even among cybercriminals that has to be one of the worst blunders I've ever seen.
@@typicalmountainbiker I'm sure they could have but the feds collect everything they can to ensure cases are essentially bulletproof. It also gives them time to monitor related activities. Imagine the feds realizing, "Oh wow this kid doesn't have a clue what he's doing... should we go get him?" "Nah, let's see what else he'll lead us to.".
Just goes to show when you get involved with online crime you're playing for keeps. Everyone thinks they're the perfect one, infallible, Michael Jordan's of the internet. But everyone is capable of making elementary OPSEC errors, that leave permanent consequences. It just takes one mistake for the glowies to get you. He honestly had one of the shortest affidavits I've read, usually they've collected a lot more information. Probably partly due to a rushed case though. Not surprised, was just a kid after all.
yeah everyone is capable of making a stupid opsec mistake, but signing into raid forums with his personal Gmail genuinely makes me wonder if Pom was lobotomized
not true, the government obviosly doesn't talk about it much but there are many smart criminals that the government can't catch. they just get the low hanging fruit like this idiot
Very unfortunate to hear about the victim's suicide where he crashed his car off the road, then dragged himself 3 miles into the woods and shot himself three times in the back of his head and a bear or Something must have taken the gun and the casings
@@kenosabi well yeah, it's a combination of good opsec and low profile. If this guy had decent obsec they probably wouldnt have bothered, he didnt do anything too subversive
.... i don't even know what he was thinking, how did he type what he typed out and think "hm yes, totally believable, I somehow pulled out an email with a full name and DOB that doesn't appear in the data breach, but I somehow found it, someway, while knowing it was in the breach. Foolproof plan."
I would argue 80% of all 'hackers' aka script kiddies, have mostly bad to no OPSEC. It takes a lot of effort and awareness to continuously live two entirely separate lives. It's also extremely easy to get complacent with these things. Without any warning or obvious signs to get your attention once you've fucked up, you start to feel affirmed that your blunder will just fade off into the ether. "Oh well, data retention sucks for a lot of companies, that shits probably long gone by now...". Proper OPSEC is a livelihood, a lifestyle, a way of life. You don't just practice good OPSEC, you fucking LIVE good OPSEC. You separate your public life from your OPSEC life 100% top to bottom with no compromises. If you slip up, it's time to go scorched earth and deactivate for a long time. It's very draining to switch back and forth. Laziness is OPSEC's worst enemy.
Love how pompom tried to use the strategy of hiding in the light, by using his real email and saying it is someone's email he found. It did fail though.
sometimes when you think you are at the top you begin to assume there is nowhere else to go but down. Thats when you get cocky and start acting a few levels below yourself. Almost wondering if deep down, you SHOULD get caught.
Oh I 100% would. But that’s why I’m not out here becoming a notorious cybercriminal. If you’re going to do that type of thing, maybe you should know that you need to be that type of vigilant beforehand.
That's why you don't create an online persona if you're a cybercriminal, you're basically grouping all the stuff you've done, and when you make a mistake (because you will make a mistake) they will charge you for everything because you've already made the glowies' work for them
The real reason he got caught cause he committed a crime, criminals often get overconfident after getting away, as a result they start making mistakes. This is how most criminals get caught, besides the nowadays undercover agents are a trend, like there's one undercover cop in every city acting like a common civilian.
The key here is that Pompom didn't expect the private message to become non-private in his threat model. The chances are extremely low that the person he was directly talking to would try to ID him based on a hunch that conorfitzpatrick was his actual email. I'd wager that if he knew that other people would have eyes on that message he wouldn't be so lazy. He didn't expect the authorities to hack his forum and read all the records, which is the real mistake.
There is some poetic justice in this. He hacked the FBI / FEDs and they hacked him back. Moments like these make me realize the world really does run on equivalent exchange rules often enough. You get what you give.
@@qunas101 It's definitely a risk, but then again everything has a risk and/or cost. I still think that practically speaking, if we assume the message was never leaked, this would be in the realm of reasonable opsec. All security is a trade-off between security and convenience. He probably thought that the risk wasn't high enough to justify using more time and effort to find another email or ask his question in a different way. After all, he had a reason to talk about the email in the first place; he was trying to evaluate the quality of the data, which probably had significant monetary value to him.
I see what you’re saying, it makes Pom seem a bit less stupid to me. Still, any relevant person on that site should’ve instinctively known in their head “Never ever post my real name or real email on this site under any circumstance”
I really had to fight the urge from saying "he got caught because he wasn't careful" when reading the title. However, as I keep watching the video I kept thinking "I'll take The Most Reckless Hacker for 500, Alex!" JEEZ
Between pirates and hackermen, I can't tell who has worst opsec. I still remember when KAT got taken down because the admin was logging into his account via the same IP he used for Facebook and iTunes.
Are we? I'm sure the strategy they drive with 4chan is just more cost-efficient. Have the place fully diluted with BBC (not the media company) and c(d)uck pron posts. Also 4chan is interesting because it represents a sort of hive mind that has weaponization potential. I'm pretty sure they could have shut it down a long time ago. They don't because it's a hot bed for social engineering and experimentation. They also take some inspiration from it for spreadability of messaging. I have recently seen a lot of advertizement following imageboard meme schematics.
@@Mayhzon Yes, I meant the original statement in pure jest, since a lot of coverage on them has been taking a stance against them that seems more serious than they actually are, 4chan when compared to RAID or Breach are nowhere near as damaging (to someone's privacy, security, etc) but they pretty much consist of radical members of society who aren't necessarily the best hackers, but have been proven to be relentless when they want to.
This guy really did the asking for my friend meme. I'm glad the FBI can actually perform these investigations. This was a really informative video. Learned a lot more about OpSec. Good reminder that using a VPN all the time to have two different identities is a weakness.
@@planetjanet3845 So, I did the following experiment: for i in {0..255} printf \\$(printf '%03o' $i) >>file.txt echo -n FoobarBaz >>file.txt for i in {0..255} printf \\$(printf '%03o' $i) >>file.txt grep -i bar file.txt grep: file.txt: binary file matches So even when the text you're looking for surrounded by all possible ASCII characters, grep still works. I won't claim it does every single time, but I still don't see any reason why it shouldn't.
@@mskiptr I just know from experience, grep won't be able to find text I know to be present in a file unless I run it through strings first. I'm not sure what makes it give up, whether it's a certain quantity of unreadable characters or only certain specific characters.
@Andai "Hello sir. It has come to our attention that you have been a very naughty boy online. We have thus planned your next butt whooping session. Kind Regards Your local law enforcement institution"
Whenever somebody on Breached would scam somebody Pom would often post the scammers IP address, which always made me suspicious of Breached OPSEC. It meant that he kept some kind of log, and turns out to have been true.
It would be interesting to hear your take on how he should have acted in order to minimize the risk of being caught. Of course he shouldn’t have used his own email as an example in the first place but apart from that a walkthrough of each opsec error linked to what he should have done, eg. using different IP’s, Tor etc, would be quite interesting imho. Great video as always! 👍
well for starters he should have gone and bought a buner phone with cash from something like craigslist and then used burner SIM cards to activate ..but the key is to never take the burner phone home nor have it by your personal phone at all.. this will give you 2 seperate identities that would be very hard to link if done right
Poms opsec is probably on par with Ross and most other extremely dumbass mistakes people make in cyber security, it's entirely attributed to ego, especiallly black hats. Infosec and opsec go hand in hand. As someone in cyber security (the blue team) I like baiting pentesters, black hats, asking my friends to hack me lol etc (as counter intuitive as it sounds it really helps people understand computers not just for pentesters but for me analysing vulnrabilities software or hardware, it helps us both improve, but this is extremely hilarious for so many reasons to me. When I saw him trolling "vinny" and beefing with cyber security experts (looool) it was only a matter of time before he got caught, that's not how you act if your doing something illegal, in summary, he was an idiot. Regardless, it's extremely hard to have good opsec in any 14 eyes, if 1. you live there 2. target the people associated within them, even if you didn't and commited enough big of a cyber crime uncle sam will kidnap you out of Iran, they don't care
How so? Ross Ulbricht was only connected to his real name through a single slip up years before Silk Road was popular where he made a forum post “advertising” the site. The FBI found the very first mention of it online, and that lead to his arrest. This is 20x the amount of information leaked in a very short amount of time, with multiple different forms of ID.
@@MarioGoatse Ross legit went on the clearnet promoting the site silkroad (extremely conspicuously even that would be an understatement) which is what got him on the alphabet boys radar to begin with, using his real name on an email, what makes his opsec possibly even worse is that they were able to estabilish a very concrete link to the point even aristotle would've walked out the courtroom.
@@superdanyal2009 He made a single forum post way before a site like Silk Road was even considered possible to be successful. It was a massive shot in the dark, so I can understand a young guy that isn’t a hacker so doesn’t have the best OPSEC yet, making a forum post to ask if anyone knew anything about “this new website”. Compared to this dude who should have already been on extremely high alert due to being a hacker and having been a former user of raidforums that had been taken over by the authorities. There’s a bit of a difference between the two as Ross could not have predicted that Silk Road would have been as popular as it was, whilst Fitzpatrick was actively hacking sites and wasn’t even using a VPN. Ross messed up once early on. Fitzpatrick messed up consistently and continuously. That’s the point I was trying to make.
@@superdanyal2009In ross’ defense, he literally made the first Bitcoin darknet market in history, he had no idea how big it would become or how much attention it would attract from the feds, there was no precedent for him to learn from. in the beginning he probably saw it as an obscure secret drug market for geeks and thought the boomer feds might not even catch onto it. Plus he didn’t advertise Silk Road with his real name email in the post, he used the username altoid which they linked to another post that had his real name email. His opsec was bad but Pom’s was just ridiculously bad, especially with the 100x extra knowledge of opsec you’d expect a cybercriminal to have compared to back then
@@jayl3840 Yep. They would take the chance to brag a little. After all they already have agents on the Joe Rogan podcast doing so. "Look at this amazing power we wield and what we can do with it." They must have been pretty disappointed in how they caught up to this Pompom guy. Easy pickings, didn't even have to start up any of their high profile software tools.
We always have this romanticized idea in our heads that hackers are these brilliant computer geniuses that can never be caught and if they do it's like you said, the FBI must've had to dedicated a mountain of resources and time to finding this super evasive, super smart hacker. But no....more often than not...not at all. It's interesting as well because as you sift through the evidence you see pompom become a little better at what he is doing but his old mistakes are basically a permanent footprint.
It seems that it's inevitable that a hacker would be caught, because when learning or doing "beginner hits", of course his OPSEC wouldn't be perfect, so even if he became very good in due time, he would still leave behind him a trail of mistakes from when he was less experienced? What am I overlooking? I'm a Windows peasant so I don't know anything, so tell me.
@@popcornto6032basically the rule is to never create a trace by always using a throwaway account or preferably never appearing (unless you need to make transactions, which is very risky)
@@halcyonacoustic7366 how does a separate account make it more difficult to screw up? Or do you mean a new seperate account for everything regularly such that old mistakes can't be linked to new ones?
I've never understood why people wouldn't take advantage of the anonymity of email and NOT use personally identifying information RIGHT IN THE USERNAME. These kids have probably never even heard of Kevin Mitnick.
Because the feds monitor them after finding out to stack up evidence. It's not like they raid them a day or even a week after figuring their real info out.
I’m sure the FBI has to build a case, and also a hub for this activity really routes traffic to an east to monitor place for the fbi. I’m sure they let this stay up strategically.
It's a combination of both incompetence (in some cases) and Strategical waiting in other cases, as feds will never pro-actively get (or stop) the offender during a crime (or even a series/multiples of them). They'll wait till a stack of crimes have been committed before they then bust ya.
I know I asked about this on the comments of the last video but please make a video about what isn't bad opsec; is it possible to have a life and still have good opsec? How can you keep your personal and "work" life separate when you don't live alone (i.e. live with relatives or are married)? Who can you trust (if at all, since in an investigation folk can be easily manipulated into saying something that can be useful to the glowies)? You mentioned creating faraday cages with aluminium foil, but what if someone finds out you do that? Are they not a security vulnerability? Please check my comment on your last video, it's a lot more complete in what I am really asking
check out the OpSec Bible for 2022 (or sth like that), it's another video of his that basically covers everything you asked for, and then some. Search on his channel and I think you'll find it. :)
Good opsec would be keeping everything separate and reducing vectors for attack. You have one machine you use for accessing ordinary life. Another machine everything else. This second machine should run a custom linux build tailor-made for your usage by handpicking the things you need. It should not use Intel chipset technology (all three, Intel hardware, Windows and Apple software are compromised by the American Hegemony). Furthermore, everything to your second persona has to use separate e-mail accounts, connect through VPNs from off-continental influence zones and use as little of your personal data as humanly possible. No checking reallife stuff with this second setup or vice versa. Mix-ups straight forbidden. This way you reduce attack vectors. As with everything, 100% security does not exist and never will. This communication technology we all use was granted us by the higher powers and thus they came up with it and know how to control it. So it's a matter of Risk + Effort vs Reward + Priority. If what you do is low value, nobody will bother checking your stuff or bother putting together a court case. If you are of high prolific criminal activity like Pompom, dumb enough to piss off papa government on purpose (hacking their agencies, constantly disparaging their efforts somehow) or are of geopolitical significance, no amount of security will be enough to save your sorry hide from the eventual consequences indefinitely.
11:48 Question. Where the Google and Zoom accounts were both accessed from the same IP address, that was the VPN IP address. Surely, that IP address would be used by many different people, right? Which is the whole point of a VPN. So how could any inference be drawn from that? I assume I am missing something.
Yeah I really don’t know what Mental Outlaw is on about for that point. Plenty of OPSEC mistakes were made by Pom, but I hardly think the incident of a VPN gateway IP being used for two separate accounts at different times constitutes as evidence to link one to the other. They could very well be different users
Bro. I love pompompurin (the Sanrio character) to the point I have a tattoo of him. I also work in cybersecurity. Finding out about Pompompurin is one of the wildest crossovers to me
5:20 no. it's not an "uncommon thing" to try to search for yourself in data breached. what IS fairly uncommon among anyone that has a "little bit of CyBeR SeCuRiTy knowledge" is to use their own *actual* name in any online identities they create.
@@armmelon327 that's one of the things you do once you learn about online security - you completely sever you previous identity from any further activity going further. meaning that any accounts with the older/tracible one is burned.
Damn...laziness I can get, not everyone wants to bother with using five different email addresses, multiple phones, VPN and all that. But come on man, you were the leader of THE biggest hacker forum on the internet...at this point I think the guy had just no self-preservance, given that he admitted everything to the cops as well XD
I am glad i never went to any of these forums. Who would of figured the opsec on a hacker site is less than kindergarten level. Damn i got a separate computer and vpn just for watching movies i don't even do hackerman type activities anymore and haven't in 20+ years
10:50 Of course this isn't good, it allows for additional connections once suspicions are raised. But practically any VPN user can be accused of sharing an IP with a hacker over a single day. Likely there's a couple gmail logins that fit this exact profile. Not saying this is safe, but if this alone would bring him down the US has kinda fucked up laws. They'll jail innocents.
VPN doesn't even keep you safe if you think about it, its gotta be preloaded the moment you open a device up to the Internet or else the download becomes associated with your iP and you permanently end up on some kind of list for just having a vpn on your device.
That’s what I’m saying. The fact that both logins share the same IP doesn’t mean shit if the IP belongs to a VPN server. I mean it’s circumstantial evidence at best
@10:10 Correct me if I’m wrong here, but don’t VPN servers usually have one IP that’s shared across all people using the service? And wouldn’t that mean that Conner Fitzpatrick using the server to access his personal email and “PomPom” using the server to access his hacker account could be by two different users using the same VPN? That doesn’t really seem like enough evidence to identify Conner Fitzpatrick as PomPom to me, unless there’s something else…
@@spIasher my point still stands, if the assignment of each user to a different server is random or based on load balancing traffic then there’s no connection. If it’s based on choice of geographical location there’s still no link between two users using the same server being connected to each other
Well,PomPomPurin is 20-yers old (today is 2023) He reveals his email on forum at 2020 (17 y. old) What are you waiting from a teenager ? of course he did so idiotic mistakes,many of them,because of lack of experience and knowledge on his dangerous way on the dark side of internet that requires paranoiac caution
I recently sent an email full of nsfw subreddit links to a customer support email for a company that sells security cameras (instead of myself). Followed up with "Sorry! Wrong address!" then started rapidly deleting contacts to prevent autofill from screwing me over again.
First I was like "15mins? ain't nobody has time for that" and here I am grinning throughout the whole video not even feeling the time. Great job, thanks for the video!
In all fairness, the database breaches do affect thousands of people as well. Individuals that get scammed often are high profile targets or people who blindly click on links and/or use vulnerable software or fall for the usual scams. I'm more upset with mega corporations still having databases breached and my online passwords showing up in them.
A vpn provider can lease you an ip today and the next day give it to someone else, it's not like they will reserve that ip for you forever. Isn't this enough for plausible deniability ? Am i missing something ?
i thought vpns used the same ip for the server which thousands could be connected to, anyways. So yeah, idk how they can be used as evidence but im not really a tech guy.
I think this would make for a good spin off video on best practices for OPSEC not for hackers but just for Privacy advocates and people sick of Google and Apple and Big Brother spying on you 24/7. I think this would be interesting and make for a cool video!
What kind of backwards logic is that?? It was the cops (Feds) who worked out what this criminal was doing, so maybe you do need the cops if you want to arrest people like him. Your logic would make sense if it wasn’t the police that found out all this information.
When I started using a VPN I at first had a bit of a guilty feeling accessing Google, RUclips, etc from the VPN's IP for having established a theoretical connection between my identity and other things I look at on the internet. But I'm not wanted by the FBI for having ran illegal websites or anything, but damn, to have such a shitty OpSec, all while having so many glowing enemies AND living in the United States? You'd expect more from a hacker this famous. Like at least routing everything through TOR and having a separate device or at least a VM that is only for his anonymous activities.
I got a question. How is this different than MS or google scanning your emails, stealing your password, and then unencrypting your files with it? I never authorized them to steal my passwords or unencrypt my documents with them. Are they selling passwords too? Seems no different than what they were doing on the forums.
The privacy of VPN connection is questionable, that’s how people get caught in China for access internet outside, carriers can identify VPN very easily. Years ago a guy in china developed shadowsocks, which authorities took ages to identify people who are using it. Lastly, most vpn providers are owned by Chinese companies.
I'd generally consider trolling your local security agency as bad idea. If someone could not resist the temptation, he should at least be annoying for security agency from different a continent.
It's somewhat insane to think how many hacker types still hold onto their hacker alias even after having used it on a compromised platform. Both PomPom and Baphomet held onto their previous ID after Raid Forum, just hoping that there was not a trace of their irl identities attached to the platform?
From video, it seems he was trying to find out if his data was leaked. Is that illegal? , did he do anything else illegal? Sorry.. I'm not familiar with the case, or law in this country but interested in what were the charges
@@elite3221 There's nothing wrong with Windows once you tear the spyware out of it. MO and a portion of his fanbase are just hardcore FOSS supremacists and like to shit on proprietary software, as if source code is some kind of holy grail and reverse engineering doesn't exist. Don't get me wrong, FOSS is king on principal, but I'm not gonna put myself into a box for it.
XMR is accepted at based.win/ for those who shop with excellent OPSEC
hey man I'm sorry but crypto makes you look kinda gullible and not actually educated about technology -- it makes it so incredibly difficult to continue respecting your opinions on technology as "informed" so I'm starting to lose my reason to keep checking this channel. I don't think it's possible to simultaneously understand blockchain technology and also have faith that crypto can ever be useful or ethical.
Can you please make it so i can use the website with the LibreJs Extension
@@tuckvison Money isn't ethical. Money is just a tool.
@@tuckvison Teaching people to avoid getting caught by the FBI should be a criminal offense too.
@@johnarnold893 Ok glowie.
This is probably the funniest / dumbest opsec mistake I have ever seen
The Silkroad one is even sillier in my opinion
@@moncef2466 Ross’s situation was funny, but this was just absolutely retarded
Ulbricht will probably take the corrosive exploding cake on multiple counts for Amazingly ABYSMAL OPSEC for all time to come: ruclips.net/video/eQ2OZKitRwc/видео.html Why (FOR HEAVEN'S SAKE WHY?), when the FBI comes to your doorstep demanding to know why you were sent several forged IDs do you think it a good idea to hawk your illicit goods website?
SWIM is competely innocent, here is his email. Again this is totally NOT ME.
Back in... 2015. He was 12/13 lol
Massive skill issue
ikr, firstname_lastname_DOB@gmail.com gonna go register a hackerman account with that LOL
@@MentalOutlaw imagine
Bros just bad
@@MentalOutlaw this is literally a copy of the top comment on your last video on this a week ago... don't encourage reposters smh
This is where the fun begins :)
GG; and not good game lol
This really helps my imposter syndrome. If Pom can hack the fbi but fuck up this hard I can do anything.
He probably wanted to get caught or got too cocky. He's said in the past that the FBI can easily get him if they wanted to.
@@jjjj-x9g He knows he's young and the example has already been made with this stuff, so he won't get much time if any at all, probably probation. But he also knows he will get fame from this and maybe even turn it into a legal revenue source. I don't think it's unlikely he wanted to be caught, but it's 50/50
@@TrevoltIV Best thing the prosecutor could do is as for 10 years at hard labour. No different than robbing a bank.
@@johnarnold893 prosecutor can lower charges and do better. I know because it happened to me. Although his case is federal so it’s a bit harder
@@TrevoltIV lol what did you do mr hackerman
Funny to think that I probably had better OPSEC than Pom as a 12 year old deciding to make an email for Roblox without my personal info in it.
Lol i laughed hard at this
to be fair, pom was ~12 or 13 at the time he DMd his email
@@sa1t938 no he wasnt
@@sa1t938 The breach took place in 2017, so he was like 14-15+
@@martini380 The conversation is from Nov 2020 though
They not even gonna turn him into a informant because his OPSEC is so bad 💀
Lmaooo
this, maybe he can plea his sentence down by snitching, but he ain't getting a job with the feds after
@@MentalOutlaw someone this young hacking an FBI email server is still impressive. He can hack a Chinese government mail server, OPSEC is something they can provide him with. What I'm trying to say: The three-letter agencies don't hire people based on how well they can run away, but based on how much damage they can do.
You honestly think the people that caught him have better opsec?
@@MentalOutlaw you ever seen with your own eye's the opsec of government employees lol he's good.
This is the e-mail equivalent of going to a store, buying something you’re embarrassed about then saying;
“… errr. This is for my… friend.”
10:12 How else are you supposed to avoid this? You get a static ip adress assigned to you by ur isp. What does he mean by same ip adress in the vpn?
No, no: "a friend", that way they will never know it's YOUR friend and therefore cannot link them to you directly. Using "a friend's friend" is usually an overkill, but provides the best Op-Sec on the planet and further. Even MiB could not have found me since '97.
Trust me, bro.
@@Criticalmaze He is saying if you connect to a VPN, then log into some l33t hackerman forum, then use the same VPN connection to access personal accounts connected to your true identity then you’re making it stupidly easy to get caught
Can we at least agree that his hacker nickname was unironically, positively adorable
yeah, like a japanese sh
yeah I mean he was literally named after a Sanrio character xD
3:21 Lmao that’s hilarious, one of the dumbest “asking for a friend” instances out there
Even though I’m not fits Gerald in any way shape or form, here is a email that wasn’t in the database!!
My name is definitely not Fitzpatrick and no way in hell is my first name Conor heheh.
I thought this wasn’t real when I first saw it… like what the hell was this dude thinking?? I’m sure the first rule of hacking is to remain anonymous. Ouch, big time!
@@Tophatjones358 it literally is! 😂 if criminals actually used their brain they wouldn’t have been caught so easily. Sending your email WITH YOUR FULL NAME is so bad
@@featheroml its not real, the feds found him with some other surveillance they cant / dont want to disclose publicly, but to arrest him they set him up with stealinf his credentials etc.
I always wonder how much of the "bad opsec" we see in court documents is real, versus just what they submit to the court to secure an arrest warrant. If they use a backdoor or an exploit, they can more easily identify perpetrators, but they won't want to have to reveal the exploit in court. So once they've identified the person, they can monitor them until they can find some smaller crime to execute the initial warrant.
They do
I could fathom that happening; though it'd be unnecessary in this case since the FBI didn't really need any exploits to identify the dude - as they'd found his personal email within the RF leaks.
Kind of like how abc agencies would use stingray to gather info illegally, but they know they cant use it, so they use the information they gather illegally to catch them doing something lesser which they in turn use to get "legal" access to the info they rrady obtained illegally. I believe there was a case a while back where the accussed knew that they were 100% secure in their communications and the only way the agency could have the data they had was through illegal interception. So the case was dismissed. But they never stopped doing such illegal activites.
Anyone in a position of authority should have constant surveilance and total transparency around their actions. As there is far to much makebolence and corruption in gov agencies and law enforcement. These perpetrators who think they are above the law will not be able to hife their secrets forever. Their minds are sick with power.
There are truly good people out there but those in power try and rstionalize their actions by thinking, everyone else would do it too. But thats far from the case. They are afraid of letting anyone with morals into the mix. They make sure they take them to their after parties or private islands and test newcomers depravity. All while filming them to make sure they are implicated if they ever step out of line.
Its a big group and we aint in it.
I wouldn't ever want to be in it either. They don't see others the same as a normal person. They look at us as cattle. So if you think the gov will help you or feed us in times of desperation than we are hopelessly fooled. Weakened just like China wants us to be. As we were sold out as a resource a long time ago. I look at the debt clock for canada and i sure as hell have never had that much debt. Shit, my reparations of 5$ every other year hasn't had inflation accounted for in its inception. Over 100 years ago that was the price. Canada has defaulted on the payments they owe constantly. Canada was also a 99 year lease. The lease is not only up but was voided when the gov began to take control of our freedoms and try exterminate my peoples cultures by genocide and attacks on our longhouse ceremonies by the RCMP in the 50s and 60s. Then the residential schools and tearing children from their families. This wasn't all that long ago either. Rap1ng and mutilating children for their own sick n twisted desires, those are the supposed "men of god" that so many worship. Many were shipped over seas as tortutre toys for a certain famous family. Im sure we can all guess who.
There is much truth to be told. Its up to us good like minded people, those with true love in our hearts to come together as the rainbow nation and prevail against those who oppress others for their own gain. Instead of all working together to lift eachother up. We can lift all of humanity to new heights of advancement where all can prosper and still maintain a 7 generation guarantee. Which means we take care of our mother earth and her resources so that 7 generations down the line mother earth will still be bountiful and all nations able to thrive together.
At the rate and state that these "world leaders" have us in now-a-days, we will be lucky to make it 3 more generations before all is poisoned beyond repair. 😢
I have faith that us people with strong morals and love in our hearts and mind can prevail. But we are going to need help from each other. Let us come together and reach our potential!!!
I think some of the Snowden revelations talk about exactly this, with some cases being dropped entirely because they didn't have any evidence that didn't reveal the existence of rogue cell towers.
Those techniques are pretty sophisticated, quite rare or even non-existent. Dude was a kid who ran a forum... That's overkill and nobody's going to risk burning that for nothing.
He really tried the "asking for a friend"
The original "in minecraft"
Mind boggling how poor this kids OpSec was. How long was he running breached for again? I wonder if they even give him a deal to work with the feds considering how many blunders he made.
Also, while I'm at it finally commenting on one of your videos, I want to thank you for putting out consistently high quality content for as long as you have. Without your videos, I wouldn't have found my love for Linux, and would still be using Microsoft Winblows
Pompompurin created Breached Forums around a year ago. People flocked to the site because he had been around on Raid Forums for years with a stellar reputation.
I have no idea how they didn't catch him sooner. Even among cybercriminals that has to be one of the worst blunders I've ever seen.
And he sacrificed... HIS FREEDOM!!!
@@UCp6Q6LE7IYCO yw mr FBI agent. We've reverse triangulated your home. 😉
@@typicalmountainbiker I'm sure they could have but the feds collect everything they can to ensure cases are essentially bulletproof. It also gives them time to monitor related activities. Imagine the feds realizing, "Oh wow this kid doesn't have a clue what he's doing... should we go get him?" "Nah, let's see what else he'll lead us to.".
Simp
Just goes to show when you get involved with online crime you're playing for keeps. Everyone thinks they're the perfect one, infallible, Michael Jordan's of the internet. But everyone is capable of making elementary OPSEC errors, that leave permanent consequences. It just takes one mistake for the glowies to get you.
He honestly had one of the shortest affidavits I've read, usually they've collected a lot more information. Probably partly due to a rushed case though. Not surprised, was just a kid after all.
Holy shit? It’s the legend Crumb!
????
yeah everyone is capable of making a stupid opsec mistake, but signing into raid forums with his personal Gmail genuinely makes me wonder if Pom was lobotomized
I dunno, if i was running some forums like that id better turn into edward snowden quick af.
@@fort809 seriously can you even call that a stupid mistake at that point? Beyond regarded
These court documents are really good at showing you how to do better opsec, and also proves (to me at least) that you're basically never gonna win.
Yeah honestly if the gov wants to give it to you they will. If your deemed "important enough" your on borrowed time.
not true, the government obviosly doesn't talk about it much but there are many smart criminals that the government can't catch. they just get the low hanging fruit like this idiot
Very unfortunate to hear about the victim's suicide where he crashed his car off the road, then dragged himself 3 miles into the woods and shot himself three times in the back of his head and a bear or Something must have taken the gun and the casings
@@kenosabi well yeah, it's a combination of good opsec and low profile.
If this guy had decent obsec they probably wouldnt have bothered, he didnt do anything too subversive
The hacker community might have to make a “10 OPSEC commandments” 😂
There are plenty of them on dread 😂
Dual Core - Hack Commandments
yw
@@username---------- 🤝
What are the 10 Hack Commandments?
.... i don't even know what he was thinking, how did he type what he typed out and think "hm yes, totally believable, I somehow pulled out an email with a full name and DOB that doesn't appear in the data breach, but I somehow found it, someway, while knowing it was in the breach. Foolproof plan."
keep in mind he is only 20 years old, he also believed putting "living in tokyo" in his bio tricked people
@@ravindur3825 20 year olds should know way better than that, imo
@@hmngghh yeah, tbh thats true. especially for him... i mean he "hacked" the FBI lmfao
Smoking that PomPom pack 🌬️ I'm glad he was so dumb.
@@ravindur3825 Age is no excuse for making such a bad mistake.
I would argue 80% of all 'hackers' aka script kiddies, have mostly bad to no OPSEC. It takes a lot of effort and awareness to continuously live two entirely separate lives. It's also extremely easy to get complacent with these things. Without any warning or obvious signs to get your attention once you've fucked up, you start to feel affirmed that your blunder will just fade off into the ether. "Oh well, data retention sucks for a lot of companies, that shits probably long gone by now...". Proper OPSEC is a livelihood, a lifestyle, a way of life. You don't just practice good OPSEC, you fucking LIVE good OPSEC. You separate your public life from your OPSEC life 100% top to bottom with no compromises. If you slip up, it's time to go scorched earth and deactivate for a long time.
It's very draining to switch back and forth. Laziness is OPSEC's worst enemy.
I always looked at "have I been pwned" as being something where I can enter my info, and expect it to be pwned shortly after.
_"so my friend has this girl he likes"_
Love how pompom tried to use the strategy of hiding in the light, by using his real email and saying it is someone's email he found. It did fail though.
Would've worked if he just PGP encrypted his messages lmao! Still absurdly retarded though.
sometimes
when you think you are at the top
you begin to assume there is nowhere else to go but down.
Thats when you get cocky and start acting a few levels below yourself.
Almost wondering if deep down, you SHOULD get caught.
corny
this reads like a bad haiku
Very true to real life unfortunately. I've experienced this first hand.
You would all probably do something equally stupid just this once when at your laziest / least attentive. Staying vigilant at all times is not easy.
Oh I 100% would. But that’s why I’m not out here becoming a notorious cybercriminal. If you’re going to do that type of thing, maybe you should know that you need to be that type of vigilant beforehand.
No.
I dont even use my real name/number nor my real address (I use the abandoned house at the end of the street) for grubhub deliveries
That's why you don't create an online persona if you're a cybercriminal, you're basically grouping all the stuff you've done, and when you make a mistake (because you will make a mistake) they will charge you for everything because you've already made the glowies' work for them
The safest thing you can have is a split personality
If only he'd watched a channel called "Mental Outlaw" featuring videos about how to become anonymous on the internet
or "The Hated One" channel.. that guy is also top notch for this kind of content
The real reason he got caught cause he committed a crime, criminals often get overconfident after getting away, as a result they start making mistakes.
This is how most criminals get caught, besides the nowadays undercover agents are a trend, like there's one undercover cop in every city acting like a common civilian.
The key here is that Pompom didn't expect the private message to become non-private in his threat model. The chances are extremely low that the person he was directly talking to would try to ID him based on a hunch that conorfitzpatrick was his actual email. I'd wager that if he knew that other people would have eyes on that message he wouldn't be so lazy. He didn't expect the authorities to hack his forum and read all the records, which is the real mistake.
Yea the other guy aka the owner of RaidForums who was an even bigger moron.
There is some poetic justice in this.
He hacked the FBI / FEDs and they hacked him back.
Moments like these make me realize the world really does run on equivalent exchange rules often enough. You get what you give.
He still linked his hacker identity to a real email account, even if it's private messages, who knows who is sitting on the other end
@@qunas101 It's definitely a risk, but then again everything has a risk and/or cost. I still think that practically speaking, if we assume the message was never leaked, this would be in the realm of reasonable opsec. All security is a trade-off between security and convenience. He probably thought that the risk wasn't high enough to justify using more time and effort to find another email or ask his question in a different way. After all, he had a reason to talk about the email in the first place; he was trying to evaluate the quality of the data, which probably had significant monetary value to him.
I see what you’re saying, it makes Pom seem a bit less stupid to me. Still, any relevant person on that site should’ve instinctively known in their head “Never ever post my real name or real email on this site under any circumstance”
I really had to fight the urge from saying "he got caught because he wasn't careful" when reading the title. However, as I keep watching the video I kept thinking "I'll take The Most Reckless Hacker for 500, Alex!" JEEZ
Penguins need HUGS
Between pirates and hackermen, I can't tell who has worst opsec. I still remember when KAT got taken down because the admin was logging into his account via the same IP he used for Facebook and iTunes.
Proper pirates don't deal with torrents and the opsec is much better.
@@incremental_failure >don't deal with torrents
What? What do they use?
@@afinelad3673 they live in third world countries where they can't worry about piracy
@@afinelad3673 the retail employee who smokes behind the store
@@afinelad3673 chests laden with booty
Apparently, the hacker's password was 'password.' Who knew they were taking security tips from a '123456' kind of person?
"thats the code on my luggage"
How do we know about that?
And yet... we still are unable to capture the elusive hacker known as 4chan !
Are we?
I'm sure the strategy they drive with 4chan is just more cost-efficient.
Have the place fully diluted with BBC (not the media company) and c(d)uck pron posts.
Also 4chan is interesting because it represents a sort of hive mind that has weaponization potential.
I'm pretty sure they could have shut it down a long time ago. They don't because it's a hot bed for social engineering and experimentation.
They also take some inspiration from it for spreadability of messaging. I have recently seen a lot of advertizement following imageboard meme schematics.
@@Mayhzon Yes, I meant the original statement in pure jest, since a lot of coverage on them has been taking a stance against them that seems more serious than they actually are, 4chan when compared to RAID or Breach are nowhere near as damaging (to someone's privacy, security, etc) but they pretty much consist of radical members of society who aren't necessarily the best hackers, but have been proven to be relentless when they want to.
When can we finally sleep in peace again 😔
This guy really did the asking for my friend meme. I'm glad the FBI can actually perform these investigations. This was a really informative video. Learned a lot more about OpSec. Good reminder that using a VPN all the time to have two different identities is a weakness.
The PomPomPurin saga has been my favorite anime in a long time.
If only he had known grep has trouble with unreadable characters. He should have run the file through strings first.
Why would there be some invisible characters within an email address?
@@mskiptr within the text file
@@planetjanet3845 yeah, but if you're grepping for part of an email address, it will be in a continuous chunk of that file, right?
@@planetjanet3845 So, I did the following experiment:
for i in {0..255}
printf \\$(printf '%03o' $i) >>file.txt
echo -n FoobarBaz >>file.txt
for i in {0..255}
printf \\$(printf '%03o' $i) >>file.txt
grep -i bar file.txt
grep: file.txt: binary file matches
So even when the text you're looking for surrounded by all possible ASCII characters, grep still works.
I won't claim it does every single time, but I still don't see any reason why it shouldn't.
@@mskiptr I just know from experience, grep won't be able to find text I know to be present in a file unless I run it through strings first. I'm not sure what makes it give up, whether it's a certain quantity of unreadable characters or only certain specific characters.
Im not even a criminal but have better opsec than pom
"Im not even a criminal" sounds like what a criminal would say
@no-name 1.6 You might've even caught Bahamut himself!
@@aboyaser5608 The FBI are already on that one dw
my opsec is as bad as pom but im not crimal lol
@@no-name1.612 I would never ever commit b&nking fr&ud, wtf yt filtered my comment
Hackers get decision fatigue like everyone else it seems
@Andai "Hello sir.
It has come to our attention that you have been a very naughty boy online. We have thus planned your next butt whooping session.
Kind Regards
Your local law enforcement institution"
These are my favorite kind of videos you make. Great "what not to do" guides
Whenever somebody on Breached would scam somebody Pom would often post the scammers IP address, which always made me suspicious of Breached OPSEC. It meant that he kept some kind of log, and turns out to have been true.
Was wondering how someone seemingly so skilled could get caught by the feds, he might as well just sent them a formal email admitting to his crimes
If I had to guess, bro had an off day.
If you doing shit like this tho, you can’t afford an off day
It would be interesting to hear your take on how he should have acted in order to minimize the risk of being caught. Of course he shouldn’t have used his own email as an example in the first place but apart from that a walkthrough of each opsec error linked to what he should have done, eg. using different IP’s, Tor etc, would be quite interesting imho. Great video as always! 👍
well for starters he should have gone and bought a buner phone with cash from something like craigslist and then used burner SIM cards to activate ..but the key is to never take the burner phone home nor have it by your personal phone at all.. this will give you 2 seperate identities that would be very hard to link if done right
So it's impossible thanks
@@jayl3840 yeah but the phone isnt that important here tho 🤷♂🤷♂
Poms opsec is probably on par with Ross and most other extremely dumbass mistakes people make in cyber security, it's entirely attributed to ego, especiallly black hats. Infosec and opsec go hand in hand. As someone in cyber security (the blue team) I like baiting pentesters, black hats, asking my friends to hack me lol etc (as counter intuitive as it sounds it really helps people understand computers not just for pentesters but for me analysing vulnrabilities software or hardware, it helps us both improve, but this is extremely hilarious for so many reasons to me.
When I saw him trolling "vinny" and beefing with cyber security experts (looool) it was only a matter of time before he got caught, that's not how you act if your doing something illegal, in summary, he was an idiot. Regardless, it's extremely hard to have good opsec in any 14 eyes, if 1. you live there 2. target the people associated within them, even if you didn't and commited enough big of a cyber crime uncle sam will kidnap you out of Iran, they don't care
Vinny from vinesauce?
How so? Ross Ulbricht was only connected to his real name through a single slip up years before Silk Road was popular where he made a forum post “advertising” the site. The FBI found the very first mention of it online, and that lead to his arrest. This is 20x the amount of information leaked in a very short amount of time, with multiple different forms of ID.
@@MarioGoatse Ross legit went on the clearnet promoting the site silkroad (extremely conspicuously even that would be an understatement) which is what got him on the alphabet boys radar to begin with, using his real name on an email, what makes his opsec possibly even worse is that they were able to estabilish a very concrete link to the point even aristotle would've walked out the courtroom.
@@superdanyal2009 He made a single forum post way before a site like Silk Road was even considered possible to be successful. It was a massive shot in the dark, so I can understand a young guy that isn’t a hacker so doesn’t have the best OPSEC yet, making a forum post to ask if anyone knew anything about “this new website”. Compared to this dude who should have already been on extremely high alert due to being a hacker and having been a former user of raidforums that had been taken over by the authorities. There’s a bit of a difference between the two as Ross could not have predicted that Silk Road would have been as popular as it was, whilst Fitzpatrick was actively hacking sites and wasn’t even using a VPN. Ross messed up once early on. Fitzpatrick messed up consistently and continuously. That’s the point I was trying to make.
@@superdanyal2009In ross’ defense, he literally made the first Bitcoin darknet market in history, he had no idea how big it would become or how much attention it would attract from the feds, there was no precedent for him to learn from. in the beginning he probably saw it as an obscure secret drug market for geeks and thought the boomer feds might not even catch onto it. Plus he didn’t advertise Silk Road with his real name email in the post, he used the username altoid which they linked to another post that had his real name email. His opsec was bad but Pom’s was just ridiculously bad, especially with the 100x extra knowledge of opsec you’d expect a cybercriminal to have compared to back then
let's be real, if they had some kind of back door they're not going to just say "we found it from a back door" they would make a fake story like this
nah they would just redadact how they did it or say they used special techniques or something like that .. this was flt out just lazy and bad OPSEC
@@jayl3840
Yep. They would take the chance to brag a little.
After all they already have agents on the Joe Rogan podcast doing so.
"Look at this amazing power we wield and what we can do with it."
They must have been pretty disappointed in how they caught up to this Pompom guy. Easy pickings, didn't even have to start up any of their high profile software tools.
FBI really said: "this you?"
In these trying times, yacht rock provides an escape from all that.
SAIIIIIILIN’ TAKES ME AWAAAAAAY
I love yacht rock on sirusxm
He is a cyber criminal not a hacker, it's not the same
We always have this romanticized idea in our heads that hackers are these brilliant computer geniuses that can never be caught and if they do it's like you said, the FBI must've had to dedicated a mountain of resources and time to finding this super evasive, super smart hacker.
But no....more often than not...not at all.
It's interesting as well because as you sift through the evidence you see pompom become a little better at what he is doing but his old mistakes are basically a permanent footprint.
just like Al Capone, it is always easier to get criminals on the small/dumb stuff than the big stuff.
Most intelligent Windows user right here. Spends a paragraph explaining how he's confident that the grep command indeed works. Good stuff lol
It seems that it's inevitable that a hacker would be caught, because when learning or doing "beginner hits", of course his OPSEC wouldn't be perfect, so even if he became very good in due time, he would still leave behind him a trail of mistakes from when he was less experienced?
What am I overlooking? I'm a Windows peasant so I don't know anything, so tell me.
You're right. That's why it's important to keep making new and separate sandboxed accounts
@@pleonexia4772 what are new sandboxed accounts?
@@popcornto6032basically the rule is to never create a trace by always using a throwaway account or preferably never appearing (unless you need to make transactions, which is very risky)
@popcornto : sandboxed means isolated and separate. It makes it a lot harder to screw up by accident.
@@halcyonacoustic7366 how does a separate account make it more difficult to screw up?
Or do you mean a new seperate account for everything regularly such that old mistakes can't be linked to new ones?
I've never understood why people wouldn't take advantage of the anonymity of email and NOT use personally identifying information RIGHT IN THE USERNAME.
These kids have probably never even heard of Kevin Mitnick.
Please do a video on RESTRICT act. It needs to be known, and everybody just thinks of it as "the bill that bans tiktok"
This did make me laugh, but thinking about the digital footprint I left on the internet as a teenager is pretty concerned... am I permanently screwed?
As an average racercar jonnie, even I was AMAZED that my boy did this. That's a pretty bad mess up.
It makes you think how people like this don't get caught sooner
Because the feds monitor them after finding out to stack up evidence. It's not like they raid them a day or even a week after figuring their real info out.
I’m sure the FBI has to build a case, and also a hub for this activity really routes traffic to an east to monitor place for the fbi. I’m sure they let this stay up strategically.
@@kahok5ownage I just said that
It's a combination of both incompetence (in some cases) and Strategical waiting in other cases, as feds will never pro-actively get (or stop) the offender during a crime (or even a series/multiples of them). They'll wait till a stack of crimes have been committed before they then bust ya.
its all a psyops
I know I asked about this on the comments of the last video but please make a video about what isn't bad opsec; is it possible to have a life and still have good opsec?
How can you keep your personal and "work" life separate when you don't live alone (i.e. live with relatives or are married)?
Who can you trust (if at all, since in an investigation folk can be easily manipulated into saying something that can be useful to the glowies)?
You mentioned creating faraday cages with aluminium foil, but what if someone finds out you do that? Are they not a security vulnerability?
Please check my comment on your last video, it's a lot more complete in what I am really asking
check out the OpSec Bible for 2022 (or sth like that), it's another video of his that basically covers everything you asked for, and then some. Search on his channel and I think you'll find it. :)
If you don't even have your own place, I think you can forget about navigating the "seven seas" 😂
Why don't you watch Darknet OPSEC Bible 20022 Edition........... You might learn something
Good opsec would be keeping everything separate and reducing vectors for attack.
You have one machine you use for accessing ordinary life. Another machine everything else. This second machine should run a custom linux build tailor-made for your usage by handpicking the things you need. It should not use Intel chipset technology (all three, Intel hardware, Windows and Apple software are compromised by the American Hegemony).
Furthermore, everything to your second persona has to use separate e-mail accounts, connect through VPNs from off-continental influence zones and use as little of your personal data as humanly possible.
No checking reallife stuff with this second setup or vice versa. Mix-ups straight forbidden.
This way you reduce attack vectors. As with everything, 100% security does not exist and never will.
This communication technology we all use was granted us by the higher powers and thus they came up with it and know how to control it. So it's a matter of Risk + Effort vs Reward + Priority.
If what you do is low value, nobody will bother checking your stuff or bother putting together a court case.
If you are of high prolific criminal activity like Pompom, dumb enough to piss off papa government on purpose (hacking their agencies, constantly disparaging their efforts somehow) or are of geopolitical significance, no amount of security will be enough to save your sorry hide from the eventual consequences indefinitely.
11:48 Question. Where the Google and Zoom accounts were both accessed from the same IP address, that was the VPN IP address. Surely, that IP address would be used by many different people, right? Which is the whole point of a VPN. So how could any inference be drawn from that? I assume I am missing something.
Yeah I really don’t know what Mental Outlaw is on about for that point. Plenty of OPSEC mistakes were made by Pom, but I hardly think the incident of a VPN gateway IP being used for two separate accounts at different times constitutes as evidence to link one to the other. They could very well be different users
omg he really tried the "asking for a friend" strat.
Bro. I love pompompurin (the Sanrio character) to the point I have a tattoo of him. I also work in cybersecurity. Finding out about Pompompurin is one of the wildest crossovers to me
5:20 no. it's not an "uncommon thing" to try to search for yourself in data breached.
what IS fairly uncommon among anyone that has a "little bit of CyBeR SeCuRiTy knowledge" is to use their own *actual* name in any online identities they create.
Tbh most of us created these emails when we werent knowledgeable on online security.
@@armmelon327 that's one of the things you do once you learn about online security - you completely sever you previous identity from any further activity going further. meaning that any accounts with the older/tracible one is burned.
Damn...laziness I can get, not everyone wants to bother with using five different email addresses, multiple phones, VPN and all that. But come on man, you were the leader of THE biggest hacker forum on the internet...at this point I think the guy had just no self-preservance, given that he admitted everything to the cops as well XD
the worst part is that he was using Apple shit, he was asking to get caught.
@@LucasCunhaRocha Should have used Tails OS...XD
Baph and Pom's opsec seem to be worlds apart, so whatever comes to replace BreachForums will likely be much harder to take down
I am glad i never went to any of these forums. Who would of figured the opsec on a hacker site is less than kindergarten level. Damn i got a separate computer and vpn just for watching movies i don't even do hackerman type activities anymore and haven't in 20+ years
Man do I love the bad OPSEC videos. I'm no expert but they are funny as hell.
10:50
Of course this isn't good, it allows for additional connections once suspicions are raised. But practically any VPN user can be accused of sharing an IP with a hacker over a single day.
Likely there's a couple gmail logins that fit this exact profile.
Not saying this is safe, but if this alone would bring him down the US has kinda fucked up laws. They'll jail innocents.
VPN doesn't even keep you safe if you think about it, its gotta be preloaded the moment you open a device up to the Internet or else the download becomes associated with your iP and you permanently end up on some kind of list for just having a vpn on your device.
That’s what I’m saying. The fact that both logins share the same IP doesn’t mean shit if the IP belongs to a VPN server. I mean it’s circumstantial evidence at best
@10:10 Correct me if I’m wrong here, but don’t VPN servers usually have one IP that’s shared across all people using the service? And wouldn’t that mean that Conner Fitzpatrick using the server to access his personal email and “PomPom” using the server to access his hacker account could be by two different users using the same VPN? That doesn’t really seem like enough evidence to identify Conner Fitzpatrick as PomPom to me, unless there’s something else…
Modern vpn services usually have hundreds to thousands of ip servers
@@spIasher my point still stands, if the assignment of each user to a different server is random or based on load balancing traffic then there’s no connection. If it’s based on choice of geographical location there’s still no link between two users using the same server being connected to each other
This kid is pretty good at customer service. Good on em. Hope he finds a passion in business
When this new law passes, just attempting to have privacy will be punishable with 20 years.
Ahh yes the RESTRICT ACT - that shit is terrifying
Well,PomPomPurin is 20-yers old (today is 2023)
He reveals his email on forum at 2020 (17 y. old)
What are you waiting from a teenager ? of course he did so idiotic mistakes,many of them,because of lack of experience and knowledge on his dangerous way on the dark side of internet that requires paranoiac caution
Reminds me of how most car accidents happen close to home because people let their guard down after getting used to driving the same path everyday.
I have a better separation of daily life and my ph activity than this guy does in his felonious hackerman activities.
I recently sent an email full of nsfw subreddit links to a customer support email for a company that sells security cameras (instead of myself). Followed up with "Sorry! Wrong address!" then started rapidly deleting contacts to prevent autofill from screwing me over again.
@@Tubeytime I accidentally clicked cast one time. Swear to god the worst idea anyone has ever had.
11:50 lmaoo, great summary. Never backdoored CPUs. Always just the low hanging fruit 😂
I have no words. If you're doing illegal shit, don't get lazy.
First I was like "15mins? ain't nobody has time for that" and here I am grinning throughout the whole video not even feeling the time. Great job, thanks for the video!
We need an Intro to Opsec course lol. Teach all the youngsters what they need to do
This has the same feeling as the "I am asking for a friend" sentence 😂
People gets comfortable...
It's same with tools... once you're not scared of getting hurt... you're getting screwed
Don't you just love how if corporate profits are threatened the FBI is all over it but if 1000s of people get scammed they do nothing.
In all fairness, the database breaches do affect thousands of people as well. Individuals that get scammed often are high profile targets or people who blindly click on links and/or use vulnerable software or fall for the usual scams. I'm more upset with mega corporations still having databases breached and my online passwords showing up in them.
A vpn provider can lease you an ip today and the next day give it to someone else, it's not like they will reserve that ip for you forever. Isn't this enough for plausible deniability ? Am i missing something ?
i thought vpns used the same ip for the server which thousands could be connected to, anyways. So yeah, idk how they can be used as evidence but im not really a tech guy.
4:25 Also is that a WSL command prompt?
Bad PomPom, bad, don't use Windows to commit cybercrime.
high iq opsec moment
I don't comprehend how electric signals via wire -> ie internet
I think this would make for a good spin off video on best practices for OPSEC not for hackers but just for Privacy advocates and people sick of Google and Apple and Big Brother spying on you 24/7. I think this would be interesting and make for a cool video!
They say we need cops, and yet we have criminals doing shit like this.
Oh so you think the fbi deserves it's security? B-b-bootlicker 🤡
What kind of backwards logic is that?? It was the cops (Feds) who worked out what this criminal was doing, so maybe you do need the cops if you want to arrest people like him. Your logic would make sense if it wasn’t the police that found out all this information.
Such good content! Very educational ❤
When I started using a VPN I at first had a bit of a guilty feeling accessing Google, RUclips, etc from the VPN's IP for having established a theoretical connection between my identity and other things I look at on the internet. But I'm not wanted by the FBI for having ran illegal websites or anything, but damn, to have such a shitty OpSec, all while having so many glowing enemies AND living in the United States? You'd expect more from a hacker this famous. Like at least routing everything through TOR and having a separate device or at least a VM that is only for his anonymous activities.
So you're saying if I hack something I shouldn't tell the FBI my current gmail address with full name in it? That's such a good tip :D
its funny because the first video i ever saw from you was the one explaining how tor users got deanonymized because of bad opsec
I got a question. How is this different than MS or google scanning your emails, stealing your password, and then unencrypting your files with it? I never authorized them to steal my passwords or unencrypt my documents with them. Are they selling passwords too? Seems no different than what they were doing on the forums.
Pompompurin gave himself what is called a Philadelphia Footlong.
Pompompurin listening to hotel breakfast
Why do they log ip addresses to the database in a hacking forum anyways?
Hackers that don’t even know how to use TOR. Pretty low bar to be a considered a hacker these days
Crazy how much data they were able to get to trace back to him
There are a lot of developed tools by the glowies that we have no idea about
@@deordered. This doesn't even use them lol.
@@EricLopushansky lol
When the feds come for you, they usually have unbreakable proof 😭
New sub, enjoying the content, cheers good sir!
Goes to show that pom pom won't be useful to the FBI at all 🤣
He made more than a mistake, he made a certified oopsie doopsie.
RIP PomPomPurin. never forget all they need is you making one little mistake, and all you need to do is never make a single mistake xD
The privacy of VPN connection is questionable, that’s how people get caught in China for access internet outside, carriers can identify VPN very easily. Years ago a guy in china developed shadowsocks, which authorities took ages to identify people who are using it. Lastly, most vpn providers are owned by Chinese companies.
imagine trolling the fbi and having a terrible opsec, funniest shit rip bozo
I'd generally consider trolling your local security agency as bad idea. If someone could not resist the temptation, he should at least be annoying for security agency from different a continent.
It's somewhat insane to think how many hacker types still hold onto their hacker alias even after having used it on a compromised platform.
Both PomPom and Baphomet held onto their previous ID after Raid Forum, just hoping that there was not a trace of their irl identities attached to the platform?
Rule 1 if you plan on being hackerman
Keep that star rating low
From video, it seems he was trying to find out if his data was leaked. Is that illegal? , did he do anything else illegal? Sorry.. I'm not familiar with the case, or law in this country but interested in what were the charges
1:36 PomPomPurin confirmed as drainer
judging by his lack of confidence with the most basic grep command, i wouldn’t call this guy a ‘hacker’ or even skilled with linux.
Not even basic linux, or cmd line knowledge..
>Wintoddler
>iToddler
He was asking for it
Is debloated windows that bad? I debloated mine so what's wrong with it?
For Iphone it's obvious not going to bother asking
@@elite3221 There's nothing wrong with Windows once you tear the spyware out of it. MO and a portion of his fanbase are just hardcore FOSS supremacists and like to shit on proprietary software, as if source code is some kind of holy grail and reverse engineering doesn't exist. Don't get me wrong, FOSS is king on principal, but I'm not gonna put myself into a box for it.