[jtakkala]

A long time ago parsing Echelog logs was how I was able to monitor the IRC activity of an attacker at a company I used to work at. I didn't normally sit on these channels myself, but Echelog enabled me to look back and collect data on the various handles that this person operated under.

There were 20-something handles they used over approximately a 6 month period of monitoring. I was always able to find a small piece of information to correlate these handles together. Sometimes it started with a hunch, such as the language (even slang) they would use, but eventually they'd slip up in some way and we'd have a pretty irrefutable link to the person.

This information helped us develop a motive behind the hack and the ongoing public info was then fed to national crime agencies. My employer never went through with prosecution, but as this person was of much interest behind other hacks they were eventually prosecuted and convicted. I always wondered if my occasional Echelog intelligence reports ever had a role in that conviction.

[unixhero]

For the record, careful with doing private investigations. It might look good on Netflix, but can turn sour real fast.

[cutemonster]

What can happen?

[saagarjha]

There's probably a chance of you being retaliated against or going to jail yourself, depending on how you're doing the snooping.

[jtakkala]

Indeed, and in that respect Echelog was a great source of OSINT material for the anecdote I described above. That, along with `whois` data and other public databases can reveal a lot without putting oneself at legal risk.

[gruez]

publish your findings over tor, I guess

[xwdv]

You can be killed, or worse, someone you care about.

[black_puppydog]

woah that escalated quickly... 0_o

[xwdv]

Once you’re dealing with criminals that are stealing in the order of millions of dollars, or sometimes even hundreds of thousands, the probability of being killed off for being a trouble maker dramatically increases. Anything over 10 million you will almost certainly be killed if discovered. By then you are dealing with robust criminal organizations with full time employees on a payroll with families to feed, and they aren’t going to put all that at risk because of one nosey fuck snooping around.

[unixhero]

Not really. The real world gets real fast.

[unixhero]

For one, the evidence might not be admissible in court of the defense has an okay lawyer. This goes for if you're doing it all on your own, and with no approvals and alignments.