Damn. It does seem that stupid mistakes took him down. Revealing too much about himself on his forum. I mean, if he'd been careful, compromise of that forum would have revealed nothing about him. And for Dog's sake, using the same password on low- and high-security accounts!
Of course, the real story could be hidden through parallel construction. But on it's face, this does support the argument that it's stupid mistakes that take people down. Krebs' blog is full of them.
Edit: And just to be clear, I'm not even suggesting support for that Ukrainian dickhead. It's just that criminal takedowns are well reported, and so provide cautionary lessons for the rest of us.
>Damn. It does seem that stupid mistakes took him down.
One possibility on the "cautionary lessons for the rest of us" front is a classic bit of wisdom about asymmetric adversarial situations: the other party only needs to get lucky once. There is a fundamental challenge of scale and time for any entity or individual that tries to run something dealing with persistent antagonists over long time periods, it just plain becomes hard to keep track of it all without further infrastructure systems in place. And its also hard for any single human to stay in the zone persistently, we're not really wired that way, hence the need for non-human support structures.
And that in turn is the same challenge for any business dealing with significant organic growth, criminal or not, it's the classic "that TOTALLY TEMPORARY one-off excel spreadsheet someone made 15 years ago now runs hundreds of millions of dollars" issue. It's hard to know ahead what will be important and sticky or not, even if experience helps. And it's hard to decide how to allocate limited resources too. Infrastructure you build helps you scale properly in the future, but it doesn't do anything for you right now, you might not even know you could need it. And overbuilding upfront might mean there is no tomorrow to worry about anyway.
It's a tough nut, though fortunately it's one area that is probably worse on the black side of things since there is less room for recovery from mistakes. Maybe it's one of the structural forces that can help encourage law abiding behavior, legit companies can mess up badly but still potentially recover if there is enough meat to them, whereas a total opsec break for criminals can mean the end of the enterprise.
Yes. And I was thinking more of activists in repressive places. Who, notwithstanding what we might think of them, are criminals in the eyes of their governments.
Of course, the real story could be hidden through parallel construction. But on it's face, this does support the argument that it's stupid mistakes that take people down. Krebs' blog is full of them.
Edit: And just to be clear, I'm not even suggesting support for that Ukrainian dickhead. It's just that criminal takedowns are well reported, and so provide cautionary lessons for the rest of us.