hngopher.com

       [HN Gopher] CrimeOps: The Operational Art of Cyber Crime
       ___________________________________________________________________
        
       CrimeOps: The Operational Art of Cyber Crime
        
       Author : tjomk
       Score  : 47 points
       Date   : 2020-10-13 08:02 UTC (14 hours ago)
        
 (HTM) web link (sec.okta.com)
 (TXT) w3m dump (sec.okta.com)
        
       | DarkContinent wrote:
       | Out of curiosity: if FIN7 was using JIRA's cloud version, can
       | Atlassian be held responsible for FIN7's activities (or in
       | general for ensuring compliance on their platform)?
        
       | jkaptur wrote:
       | JIRA! I suppose that's why they call it "organized crime".
        
         | goatinaboat wrote:
         | Hopefully JIRA can be placed on a list of banned software now.
        
       | bserge wrote:
       | I don't understand how they can keep people in line. It takes
       | _one_ to talk, and the whole organization is at risk.
       | 
       | Online "reputation management" is easy work, it's a very grey
       | area, and it would take a lot of investigation to reveal that
       | someone has actually been targeted and attacked.
       | 
       | But take medication sellers, the covers are great, but it only
       | takes one customer to brag about it and then it's a matter of
       | time until you're done. Anything said online will come under the
       | review of authorities sooner or later.
       | 
       | If we are do delve deeper, real world hits are even riskier. And
       | they don't pay enough! Sure, I guess the people at the top of
       | these organizations make serious dough, but the ones doing the
       | work are paid peanuts.
       | 
       | I guess it takes a special kind of person to do that, someone
       | with a death wish, nothing to lose, and probably a massive hate
       | boner for something.
       | 
       | I've always been fascinated by the criminal "underworld", even
       | though I would never participate in anything, too much risk for
       | too little reward.
        
         | dylan604 wrote:
         | It's only too much risk if you live in a country that
         | investigates, arrests, and prosecutes the cyber criminal. If
         | you live in a country that does not, there's no risk.
        
       | ldayley wrote:
       | Fascinating take on a different, darker side of tech innovation.
       | Makes complete sense that criminal gangs use the same agile
       | approaches to innovation that a start-up would use. Of course
       | this is thegruqg writing here, so I expected nothing less. It
       | somehow makes criminal activity seem so much more mundane when I
       | imagine guys at desks writing code against support tickets and
       | user stories.
       | 
       | Meta: It's nice to see an opsec company get smart and publish
       | some of the better thinkers/communicators (like thegrugq) over
       | writing product-tailored in-house content. Maybe security is an
       | easier field to do this for, as being scared (justifiably or
       | otherwise) is generally good for business.
       | 
       | EDIT: expanded comment
        
       ___________________________________________________________________
       (page generated 2020-10-13 23:00 UTC)