I am pretty shocked to find that they used their birth date as their password for so long and on so many accounts.
I think it's definitely worth considering that this may be a frame job for some poor unwitting person.
However, I agree completely that OPSEC is probably not at the top of most larval stage hackers mind's working out of countries they don't fear extradition in.
The opsec job was so shoddy that I immediately suspected misdirection. I mean, would anyone be so stupid as to use the same username they use for posting _videos_ of themselves for such a purpose? They might as well embed a picture of their ID in the binary.
I know that criminals tend to not be very bright, but this particular field would require at least some basic competence, I would assume.
OK, but the blog also points out that the pattern is typical of cyber criminals in this jurisdiction. It strains credulity that a ten year long trail of red herrings would be created, when it would be just as easy (easier!) to leave no evidence at all.
It's a fake lead which "security reporter" Brian Krebs is using as a legitimate clue. Sometimes clicks are more important than facts. Don't buy into this shoddy reporting job. If this was a legitimate clue, the guy would have been charged months before, but the FBI obviously ignored it for a reason.
Doesn’t seem fake when the person’s accounts go so far back. Also, the FBI has ignored much tips on terror attacks before they happened, so it would be no surprise for them to ignore evidence in a cyber crime committed by someone far beyond their reach.
But couldn't it be the case that one of the person's accounts was compromised, they discovered that other accounts used the same password, and so they just hijacked the credentials to create new accounts to be used on the criminal sites? How many people use the same one or two user names and one or two passwords for multiple accounts? I personally know a few.
Or they know the individual and feel slighted by them somehow and, like unwell people are tend to do, got obsessive and went long-term.
Humans are odd creatures, it's entirely believable to think this person didn't wish them happy birthday x years ago or cut them in line at Starbucks and the person made it their mission to 'exact revenge'.
A former co-worker of mine was angry over another co-worker over something trivial. She had a known peanut allergy and at some point someone coated her keyboard and desk with peanut butter powder (which was blatantly obvious that something was all over her desk). We all knew he did it but no one saw it happen so nothing could be done about it. He would also go on and on about "you don't want to be on my list! I'm going to put you on my list!" but he'd never say it around management so again, they wouldn't do anything about him.
This was an amazing read. I love these types of articles. It's nuts how easy it is to find people nowadays, especially with so many OSINT resources and tools and a little bit of Google'fu.
Krebs is a charlatan like many others. I don’t know why he’s given so much clout in technical circles. At this point he’s nothing more than a journalist.
Journalists are all charlatans since for the most part they know very little of what they’re talking about. “Journalist” is practically an insult at this point.
Maybe the ransomware author used someone else's library instead of implementing textbook RSA from scratch.
It also occurs to me that (unfortunately) the ransomware setting may be one where comparatively few kinds of attacks are feasible. The ransomware will encrypt one short fixed-length random value (chosen by itself, not the user) once and then stop. The public key is presumably fixed and was most likely generated offline using a separate tool like OpenSSL.
The decryption presumably happens only on the ransomware author's infrastructure and is gated by a payment, so it's potentially hard to perform oracle attacks (and perhaps different kinds of decryption failures don't produce meaningfully different observable behavior, especially if a human being is in the loop returning the decryption tokens to the ransomware victims who've paid the random).
krebs is behind the malware himself. after years of deluding people about being on the hunt for these hackers finally he managed to get everyone into a state where he can steal 2 billion and not get suspected :D designing his emporium as a troll on himself to try and avoid being suspected. clever mr krebs! #alexjones2020
I think it's definitely worth considering that this may be a frame job for some poor unwitting person.
However, I agree completely that OPSEC is probably not at the top of most larval stage hackers mind's working out of countries they don't fear extradition in.