Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Here's the original post, in case the 4chan thread gets deleted:

A few months ago I posted here looking for help with a SD card I found while renovating a school. It was hidden in a wall outlet, and had several files with names on them, and obviously was a bunch of encrypted containers.

Well, I managed to brute force one of them and inside was more containers, but a month ago I managed to open another and this time there was videos and pictures, stuff that made me go to the cops right away.

So I turned over everything to them and told them all I knew, and that's when the bullshit began. Right from the start the police thought I had something to do with it. They took every device in my home that could store data, my phone, my laptops and computers, my PS3, even all my USB drives and camera. They questioned my family and went to my job and harassed everyone that I had any contact with,

Right now I still haven't gotten any of my property back, and my friends and family think I am a creep. I am writing this to give a warning to everyone that works with IT if they end up in a situation like me. Don't go to the authorities, don't try and do the right thing, don't say a fucking thing just destroy what you found and move on. Trying to be a good person is just going to fuck your life over



Doesn't sound real to me.

He brute forced two encrypted containers? Who does that for an SD card you find?

And hidden in a wall outlet? Really? Someone just walks around carrying a screwdriver for opening wall outlets, and hopes not to get shocked? There are far easier places to hide things.

And cops questioning family and job contacts for this?

Sorry, but I don't believe a word of it.


A hidden SD card containing encrypted archives could be lots of things. It's like a puzzle. I'm sure it made him curious. Why would you assume the contents are illegal? I wouldn't.

To me the op is no different from people who participate in ARGs. Only in this case, the prize at the end of the game was a ruined life.

If the police behavior sounds implausible, you haven't read any stories about similar cases.


> To me the op is no different from people who participate in ARGs.

Except, you know, the game part of ar_G_. Real life is not a video game. If you live as if it is, something bad is probably going to happen to you eventually. Brute forcing something that doesn't belong to you is not just bad form, it's stupid, and depending on what it happens to be, possibly illegal.

Does that make the police harassing him OK? Perhaps not. Is any part of this story even true? Also perhaps not.


Many ARGs intentionally attempt to seem as real as possible, which is part of the appeal. There have been examples in the past where this has caused problems for people (the ill-fated game Majestic being one example). Contrived cryptography/hacking puzzles also show up as hiring screens, etc.

My point is that his mindset is essentially the same: He ran across an intriguing puzzle and tried to solve it.


OK. He should solve the meta-puzzle first. "What is this likely to be, and in what proportion of possible worlds is the outcome of knowing the answer to that question good for me."


I agree. A lot of problems that afflict innocent people in our society can be chalked up to not doing that kind of higher-level thinking - what would be a person's possible motives for setting up this scenario? What are the potential consequences? Am I risking my finances, health, or livelihood by getting involved?


Christianity is a massively-multiplayer alternate reality game, is it not?


He was renovating a school, thus he was carrying around a screwdriver (and probably lots of other tools) and possibly popping off outlet plates left and right (in preparation for, say, painting the walls).

If I found an sd card with encrypted files I'd be curious as hell.

Maybe the guy who hid it got the idea from Breaking Bad.


With bitcoin recently hitting 1200. I'm trying to bruteforce every encrypted storage device I come across. ;)

Well, assuming that I have some sort of reasonably good setup where I'm not having to spend all my time doing it.


You really think someone would do that? Just go on the internet and lie?

As for the "hidden in a wall outlet", I don't know why that sounds outlandish to you. I've worked in construction, and had to remove wall outlets all the time...never once got shocked. Plus, Walter White did it so it's got to be a logical and prudent thing to do. Right?


>> He brute forced two encrypted containers? Who does that for an SD card you find?

I would _totally_ do that for any encrypted files that came into my possession via an apparently discarded device. My curiosity would be through the roof. Of course, if I found illegal stuff... I'd burn the medium, throw the medium into the ocean, throw the ocean into the sun, and throw the sun into the moon.


It sounds like the type of story you'd tell to try to stop people from doing the right thing in situations like this.


My reaction too: it's just baiting the rabble.

Though if you do ever happen to come across an SD card filled with encrypted child pornography, personally decrypting it and turning it in to the police is probably not the brightest course of action.


Who is rabble? I suspect you're not part of it? And how would you know it's CP before you decrypted it?

> not the brightest course of action.

Sounds like victim blaming to me.


Since I read the story and posted a comment about it... yeah, I suppose I am part of the baited rabble =)

It would be victim blaming if I thought he were actually a real person, but the latter part was entirely a well-intentioned tip to any person who actually finds himself in a similar situation. At least talk to a lawyer before traipsing into someplace dangerous like the police office.


So you don't think this really happened, but agree that it could plausibly happen, and give advice similar to the OP.. doesn't that make the question wether this actually happened a bit moot?

IMHO it's not stupid to go to the cops with evidence of wrongdoing, at worst it's being naive and trusting... at best it's simply doing the correct thing without delay. How would anyone know otherwise, without such "rabble rousing" anecdotes, or first-hand experience?

What really is stupid are such reactions of police. We shouldn't seek to teach people to mistrust the police, that is just a crappy short-term workaround; we should teach the police to be worthy of trust. Don't ask me how, it's just when I'm roused I get these big ideas :)


Curiosity would lead to someone doing that. The encryption would either magnify the curiosity or push them on that detective slant.


The story seems suspect to me. He brute-forced encrypted containers?


Unlikely that it was something decent like Truecrypt volumes and more likely nested encrypted zips/RARs.

Since the vast majority of these are encrypted with a simple text passcode, dictionary attacks are pretty routine against them.

http://home.schmorp.de/marc/fcrackzip.html

http://rarcrack.sourceforge.net

(as two examples)


Exactly. No one nests truecrypt but people do nest zips because the filenames are still visible with the older zip "encryption" format.


Are Truecrypt volumes with similarly bad passwords any harder to crack?


No. Good passwords are paramount.


Yes, most likely the password used a common word or something else similar susceptible to being brute-forced.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: