CrimeOps: The Operational Art of Cyber Crime (opens in new tab)

(sec.okta.com)

90 pointstjomk5y ago21 comments

21 comments

I don't understand how they can keep people in line. It takes one to talk, and the whole organization is at risk.

Online "reputation management" is easy work, it's a very grey area, and it would take a lot of investigation to reveal that someone has actually been targeted and attacked.

But take medication sellers, the covers are great, but it only takes one customer to brag about it and then it's a matter of time until you're done. Anything said online will come under the review of authorities sooner or later.

If we are do delve deeper, real world hits are even riskier. And they don't pay enough! Sure, I guess the people at the top of these organizations make serious dough, but the ones doing the work are paid peanuts.

I guess it takes a special kind of person to do that, someone with a death wish, nothing to lose, and probably a massive hate boner for something.

I've always been fascinated by the criminal "underworld", even though I would never participate in anything, too much risk for too little reward.

Pokepokalypse5y ago

depends on where they operate, and who they're paying-off.

In the case of Russia; they might be doing informant work for SVR or GRU. In which case, they can pretty much operate with impunity, as long as they don't attack the wrong Oligarch's operations.

bserge5y ago

Being state-sponsored is a whole different league, though.

1 more reply

meowface5y ago

By "reputation management", what do you mean exactly? Black hat SEO / framing competitors for black hat SEO?

bserge5y ago

Negative SEO, planting illegal content and fake evidence, blackmail, smear campaigns, fake reports to the authorities, cutting off income from advertisers by said means, etc.

dylan6045y ago

It's only too much risk if you live in a country that investigates, arrests, and prosecutes the cyber criminal. If you live in a country that does not, there's no risk.

ldayley5y ago

Fascinating take on a different, darker side of tech innovation. Makes complete sense that criminal gangs use the same agile approaches to innovation that a start-up would use. Of course this is thegruqg writing here, so I expected nothing less. It somehow makes criminal activity seem so much more mundane when I imagine guys at desks writing code against support tickets and user stories.

Meta: It's nice to see an opsec company get smart and publish some of the better thinkers/communicators (like thegrugq) over writing product-tailored in-house content. Maybe security is an easier field to do this for, as being scared (justifiably or otherwise) is generally good for business.

EDIT: expanded comment

grugq5y ago

Thank you, I appreciate it.

It is very unlikely that FIN7 are aware of their successful exploitation of the golden triangle. They almost certainly just pursued what worked best for them, creating a lean mean cybercriming machine along the way. (And isn’t that the real treasure?)

Financially motivated crimes are essentially businesses, and so sometimes it can be useful to use business frameworks to understand the criminal enterprise. Fortunately FIN7 happen to be a particularly well documented, making such analysis possible.

I don’t really know what to say re: your meta comment. I wrote some posts for them under contract. I had complete editorial control. I have no idea if it is easier than in other fields. None of the other posts (not posted yet) are about “scary” topics, so I’m not sure if the observation is correct.

dvtrn5y ago

Off-topic nitpick: is the way to get people interested in what your software company is doing about %thing% to slap the suffix -"Ops" to whatever %thing% is? I've noticed it in some curious and interesting uses lately. CrimeOps being the most recent one via this very post.

Maybe not a nitpick, I don't mean to dismiss Okta's endeavors; but it's certainly something that's caused a flutter of the eyebrow and an almost automatic reaching of the hand to ponderously scratch the beard.

meowface5y ago

I think "CrimeOps" is somewhat tongue-in-cheek here and is making fun of the trend you're referring to. But, yes, it's started becoming a meme and marketing term since "DevOps".

grugq5y ago

Author here, and yes, that is correct.

3 more replies

DarkContinent5y ago

Out of curiosity: if FIN7 was using JIRA's cloud version, can Atlassian be held responsible for FIN7's activities (or in general for ensuring compliance on their platform)?

jkaptur5y ago

JIRA! I suppose that's why they call it "organized crime".

goatinaboat5y ago

Hopefully JIRA can be placed on a list of banned software now.

grugq5y ago

I’d call it dual use, but I’m not actually aware of a benign use case for JIRA! ;)

j / k navigate · click thread line to collapse

21 comments

bserge5y ago

I don't understand how they can keep people in line. It takes one to talk, and the whole organization is at risk.

Online "reputation management" is easy work, it's a very grey area, and it would take a lot of investigation to reveal that someone has actually been targeted and attacked.

I guess it takes a special kind of person to do that, someone with a death wish, nothing to lose, and probably a massive hate boner for something.

I've always been fascinated by the criminal "underworld", even though I would never participate in anything, too much risk for too little reward.

Pokepokalypse5y ago

depends on where they operate, and who they're paying-off.

In the case of Russia; they might be doing informant work for SVR or GRU. In which case, they can pretty much operate with impunity, as long as they don't attack the wrong Oligarch's operations.

bserge5y ago

Being state-sponsored is a whole different league, though.

1 more reply

meowface5y ago

By "reputation management", what do you mean exactly? Black hat SEO / framing competitors for black hat SEO?

bserge5y ago

Negative SEO, planting illegal content and fake evidence, blackmail, smear campaigns, fake reports to the authorities, cutting off income from advertisers by said means, etc.

dylan6045y ago

It's only too much risk if you live in a country that investigates, arrests, and prosecutes the cyber criminal. If you live in a country that does not, there's no risk.

ldayley5y ago

EDIT: expanded comment

grugq5y ago

Thank you, I appreciate it.

dvtrn5y ago

meowface5y ago

I think "CrimeOps" is somewhat tongue-in-cheek here and is making fun of the trend you're referring to. But, yes, it's started becoming a meme and marketing term since "DevOps".

grugq5y ago

Author here, and yes, that is correct.

3 more replies

DarkContinent5y ago

Out of curiosity: if FIN7 was using JIRA's cloud version, can Atlassian be held responsible for FIN7's activities (or in general for ensuring compliance on their platform)?

jkaptur5y ago

JIRA! I suppose that's why they call it "organized crime".

goatinaboat5y ago

Hopefully JIRA can be placed on a list of banned software now.

grugq5y ago

I’d call it dual use, but I’m not actually aware of a benign use case for JIRA! ;)

j / k navigate · click thread line to collapse