I dissuade people from harassing other people. Not only is it morally repugnant to me but it’s also a waste of time that could be spent doing something beneficial. But some people have a deep-seated need to be complete assholes. This has lead to endless headaches for website administrators. Fortunately most of these assholes aren’t the sharpest tools in the shed and vastly overestimate their ability and underestimate their targets’ inability to retaliate. One of these assholes had instigated multiple swatting incidents and thought he couldn’t be caught because he was a “hacker.” Kids, what you’re going to read here is an example of how not to opsec:
In April 2015, after months of harassing Marshall Public Schools officials and pulling off swatting attacks in the area, Morgenstern called a public resources officer assigned to Marshall High School and left a voicemail saying that it was “not possible” for him to be caught. Why? Well, he was a “hacker,” and as everyone knows, “you can’t catch a hacker.”
He continued his eloquent rant: “You’re a fat fucking lesbian. I want to kill your family, I want to kill your family, I want to make you watch me kill your family. I am going to call a bomb threat into your house every day, just to piss you off. And then, I am going to jerk off to it. How does that make you feel? How does it make you feel to know that I am a hacker??”
So how did federal authorities ultimately bring down Morgenstern?
Well, among several of the handles and e-mail addresses that the 19-year-old used was anonymously.lulzsec@gmail.com and the Twitter handle @RIURichHomie. The FBI simply filed a subpoena to Google for the records associated with that account and another to Twitter. They both showed that they had been accessed by the same IP address from a Comcast account served to a home in Cypress, Texas.
Authorities also found through a simple Google search that Morgenstern had previously controlled the Twitter account @ZackL337H4X0R.
I’m sure the website administrators were all but too happy to hand over those records. Even with my hatred of the state I think I’d have enjoyed turning those records over.
Many of the tools I advocate on this blog would provide pretty good protection for people such as this. That’s certainly the downside of the double-edged sword that is computer security. However, the good greatly outweighs the bad, especially when you realize that most people like this aren’t smart enough to properly use anonymizing tools. And even the assholes who are smart enough to use such tools are usually too dumb to use them properly but have an ego that’s large enough to convince them they’re smarter than they really are.