If you’re sitting in an interrogation room with the FBI, Secret Service, or some other law enforcement agency, there is a high probability you are going to spend the night in jail.
After all, if they arrest you, that’s because they had an arrest warrant. That means that you’re supposed to be detained, and a judge has authorized it. Therefore, you are definitely going to jail until a judge says otherwise.
At this point, what you’re going to experience is purely a psychological operation. After all, it all boils down to a confession. With a confession, there’s no point in fighting the case they are building against you. It’s a win-win scenario for the courts and makes things easier for everyone involved except you.
Regardless of what promises agents offer you in exchange for information, you are going to jail, and that information will be used against you, even in ways you least expect. Therefore, know that you are going to jail when you politely inform the agents that you are pleading with the 5th Amendment and would like to speak to an attorney.
The 5th Amendment of the United States Constitution establishes specific guarantees that are beneficial in criminal and civil legal cases, but the most important thing at a time like this guarantees the right to be silent and not incriminate yourself.
Therefore, agents will do the utmost to compel you to talk in a variety of ways. In my case, the FBI agents praised my writing abilities and encouraged me to write a confession for the judge to see, and that by doing so, perhaps the judge will be lenient on me. That is not even remotely a guarantee, and by incriminating yourself, all the agents have to do now is prove the points of their investigation and close the case, at your expense.
An attorney will advise you to keep your mouth shut, and not to offer a single iota of information to help their investigation. The less they have, the less they will be able to tell the judge how much of a danger to society you are.
Agents may try to coerce you to confess or to inform others in your hacker circle. They might tell you that so-and-so has already been brought in and is telling them all kinds of things about your activities.
This could be a ploy to scare you into confessing - none of it could be true at all. If others are arrested and ultimately joined to your criminal investigation, it will constitute a conspiracy charge which carries a mandatory minimum ranging anywhere from 5 to 20 years in prison. I said minimum as in a starting point of years to be served in prison.
Agents can also claim to know everything you did. They may also offer bits of information about your online activities that shed knowledge on things you may have done. Just because they seem to know about something you were involved in doesn’t mean they actually know about it. The tactic is designed to entice you to admit or clarify the events, which solidifies facts that will be used against you in court.
Don’t even think about snitching on one of your friends, enemies, or accomplices. Law enforcement isn’t going to care about how awful your enemies are, or why you justified breaking the law in an effort to make them leave you alone.
The person you snitch on could reveal to law enforcement all their knowledge about your activities, and expose everyone you’re connected to. This in turn will affect the lives of countless individuals, their families, and all of their dependents. Furthermore, snitches are treated worse than sex offenders in prison.
The internet never forgets. Not only will you become the most hated person on the memory of the internet, but the investigation will also become indeterminately longer as new avenues for law enforcement to pursue will unfold.
If you’re guilty, fighting the case is likely not going to be in your best interest, unless you can weasel your way out of it. If you can do that, more power to you. If your digital fingerprints are all over the crime scene, chances are they’re not going to believe some elaborate story about how you were set up.
However, if you want to limit what law enforcement can build on top of the case that justified snatching you up and warehousing you in jail, it could be beneficial to find a way to wrap the case up as fast as possible. In the United States, you will have a right to a Speedy Trial as defined under the 6th Amendment. Ideally, that could be somewhere around 8 months or more. However, this is a delicate element that needs to be discussed with your legal counsel.
Shut your mouth.
Your Ego is Your Biggest Adversary
The worst enemy of hackers ostensibly is themselves, namely the ego. Ego doesn’t always boast of one's exploits but also exists in the form of blind justifications for one's actions. There may come a time when law enforcement or the prosecutor will summons you to an off-the-record private meeting to “get to know you better.”
They’ll probably offer you food and drinks, praise you for your computer knowledge, and exhibit a genuine sense of admiration for what you’re able to do.
This is a psychological operation, designed to appeal to your ego and entice you through charm to reveal things they couldn't find during their investigation.
This won’t help you at all, but it will further their investigation. If your attorney wasn’t notified of this little meet-and-greet, it’s highly unethical. Whether your attorney is present or not, you politely assert that you do not consent to this meeting and request to be sent back to your holding cell.
All Eyes On You: STFU and Smuggle
Assuming you’re in jail on a hacking charge, then know that the jail system is engineered to spy on you. If you think your jail phone calls aren’t being monitored, just shake that feeling aside, because no matter how busy you think they are, you are being recorded, and an officer will be listening.
In other words, this isn’t the way to communicate to your family, friends, or loved ones about anything related to your case.
The most effective way to communicate to family or friends about sensitive information about your case is to do so during an in-person visit. That way, you can avoid microphones, recording mechanisms, and communications mediums that are patently under the control of the system.
Hacking cases usually make the news. If you end up on the 5 oclock news, newspapers, and every cybersecurity news site, don’t be surprised. They’re going to either do a whole lotta copypasta, or creative paraphrases of the initial Department of Justice Press Release, which will usually only state the initial so-called facts of your case.
You may not like it. It may contain inaccuracies. At any rate, the accuracies of the press releases really don’t matter. The only thing that matters is what happens in the courtroom. I was falsely accused of hacking into computer systems belonging to NASA and computers belonging to the Dallas Police Department’s Helicopter Unit at Lovefield Airport.
While I wasn’t indicted for these things, the false accusations helped bolster the government's hold on me, and create an image of me that was not rooted in facts.
Fundamentally, it's not always about the facts. It's about what can be proven.
Now that you’re famous, its even more important to not let it go to your head. Keep your head down, mouth shut, and don’t confide in anybody. The person you’re talking to in your jail pod could very well be a government informant. People don’t wear “informant” on their foreheads like a rubber stamp.
It could be the very person you least expect. Just remember, your case IS your life. So, treat it like your life depends on it. Because it does.
The way around monitoring and censorship is simply to send your mail out through someone else's mail. You can either accomplish this with or without their consent, addressing the envelope with their information. Or ask them for permission, so your contact can write you back, through their name and contact information, as long as it’s not addressed to you.
Don't even think about using your or someone else's inmate emailing service. If you use your own, you can never use it to talk about your case or contact people the government might be watching or hope to identify as an accomplice.
Another way is to write a short message on a tiny square of rice paper that can be hidden behind a mailing stamp. Once the stamp is removed, the tiny paper can be unfolded, revealing the message within.
Still, another method I employed was to simply take a 5x7 photograph, split it in half by peeling off the back, then slipping a message inside. Using a razor blade, you can lick the adhesive of a mailing envelope, scrape off the adhesive with the blaze and transfer it to seal the back of the photograph containing the hidden message.
How Hackers Are Caught
I spent years researching hacking cases on Lexis Nexis while I was incarcerated. All the cases I examined had one or more of three common denominators. Let’s take a look at how hackers get end up on the radar and raided by law enforcement.
Failure to Maintain OPSEC: Exposed IP Address
The first is if there is a hole in your OPSEC exposing your IP address. This can occur through carelessness, or by oversight when your Virtual Private Network (VPN) disconnects momentarily, exposing your IP address. Assuming you're not a complete idiot and take your OPSEC seriously if you’re using a VPN, it’s imperative to use a VPN service that features a kill switch.
In the event that your VPN server disconnects from your client, the kill switch blocks all web traffic, which in turn, protects your IP address from being momentarily exposed. Needless to say, anyone who says they don’t care about OPSEC or about using a VPN is the weakest link and an idiot. Stay away from them.
If you don't trust VPN services, but use some other form of IP anonymity, in conjunction with a subscription to a Virtual Private Server (VPS) and your IP protection, drops for some reason, this could create a window of exposure, and a log-on the server of whatever you're connected to.
Exposed Mac Address From a Traceable Location
The second way is exposing your wireless device’s assigned MAC address. Here’s a scenario. Imagine a hacker using a public wireless network at Starbucks, or even a neighbor's WiFI. They think they’re protected by using someone else’s network. But the truth is, they’re really not. Here’s why:
Back in 2008 ETA member Punizzle did just that, he hacked into his school and corrupted the servers from the WiFi access point of a neighbor, in close proximity to his home. After the FBI pulled the logs from the crashed server, they traced the IP address back to the neighbor’s house.
After examining the Event logs, router logs, and ARP cache, the FBI understood that the device used to commit the attack wasn’t a device normally associated with that person’s network. The router and ARP cache recorded the offending IP address and its associated MAC address.
Since IP addresses are typically dynamic, especially if a device is used to connect to various wireless access points, the MAC address is fundamentally static - it’s assigned by the device’s manufacturer. Router logs can be erased. But without remote or physical access to a device on the target network, modifying or erasing logs can require a little extra skill. This is where MAC address spoofing is essential.
If you’re using the WiFI from a public venue you’ve used before, or are in eye-shot of surveillance cameras, well, that’s game over.
Punizzle did neither. Thus, after scanning the wireless airwaves for devices and their corresponding MAC addresses, he was promptly exposed and arrested.
The Unforgivable Act of Betrayal: Snitches
The third way to find yourself on the receiving end of a criminal investigation is to lower your guard and confide in one or more people in your trusted circle of confidantes about who you really are. De-anonymizing yourself or being de-anonymized by others via doxing.
This could include outright exposing yourself to others, sharing personal information about where you work, what kind of work you do, photos or videos that contain Geo-location data, or other artifacts that can be used to ascertain where live, work, and who you know.
After all, all that big talk about how bad you are, and had mad your skills are pretty futile when faced with agents pointing guns at you. That’s when all that big talk about how solid you are will be truly put to the test.
On occasion, agents are known to use leverage in some cases, in an effort to coerce criminal defendants into revealing information about others. It’s highly illegal, but that doesn’t stop them from trying. Whether or not you can prove you were coerced is an entirely different matter, and I wouldn’t bet you could prove that to a judge.
After the path I’ve had to walk, I’m no longer impressed much by exploits or by the ideologies of hackers. Nothing convinces me how strong you are until you’ve survived the dog-and-pony show of the US justice system, faced years served in a glorified battlezone, and came out without snitching to ease your suffering.
Soldier up and STFU.