Does anyone find it funny that each criminal group could have been better off relying on a "kid who knows computers" level of expertise and bog standard devices running open source software which at least wouldn't be trivially systematically turned against them all at once quite so easily.
> anyone find it funny that each criminal group could have been better off relying on a "kid who knows computers" level of expertise and bog standard devices running open source software which at least wouldn't be trivially systematically turned against them all at once quite so easily
Tradeoffs. Traditional tradecraft would inhibit such discovery methods. But it's slow and expensive. Your competitors would outmaneuver you in the short term.
To enable the "kid who knows computers," you also need to train your people in opsec and digital sanitation. That might similarly be expensive and growth inhibiting enough to invite more daring competition.
To add, we are just looking at one of a thousand aspects of tradecraft. They aren’t just dealing with this. They are dealing with moving goods, moving goods across borders, in person meetings, transferring money, recruiting new members, avoiding physical police bugs, avoiding police tails, securing good and money against other criminals, and on and on and on. Each one of those things has a learning curve and takes time, energy, and money.
Of course after a bust, you could go back and say “well obviously they should have done this differently and doubled their security here” but they can’t double their security everywhere and they can’t know every single possible way that every single aspect of everything could become compromised.
Nothing wrong with inhibiting growth in return for long term stability. Does it matter if your competition is more daring—if they aren't going to last very long? If anything, they might serve as a useful distraction.
> Nothing wrong with inhibiting growth in return for long term stability
For long-term plans to pay off, they must survive a series of short terms. Criminal gangs and dictators don’t ignore the long term because they’re stupid. They ignore them because they must. A drug gang practicing classical tradecraft would be decimated by one coördinating electronically. The latter will be caught faster. But a series of short-term motivated actors is the equilibrium state of illicit and physical trading systems.
I can't help but imagine that what you're describing are the criminal gangs we know about; the ones which are well documented. If there are criminal gangs which we don't know about, that aren’t well documented, perhaps they're better at maintaining long term stability.
Your thinking like a lifestyle business criminal enterprise when you should be thinking like a hungry startup. If you go slow and steady someone will try and eat your lunch. Big criminal enterprises have all the same scaling issues that regular companies do.
Yes, we are seeing precisely this in action. The short term guided organization has gone down and the long term stable strategy remains uncaught and now has one less competitor.
"Kids who know computers" are still vulnerable to evil maid attacks and badUSB and stuff. The kid's gotta sleep and eat and do whatever else kids do when they're employed by cartels.
There's a reason that classified processing and data storage employs layered physical security too. There's that old saying about what happens when you give someone physical access to the machine.
Still, the damage is purely local and limited and much more likely to be detected. Human intelligence operations are among the most risky and expensive.
I wonder about this too. What sort of people do international criminal organisations hire to manage their info-sec? A criminal that became a computer expert or a computer expert that became a criminal?
Well the criminal organizations can offer a whole range of addictive non-monetary incentives that a computer expert may desire, so I'd guess that's the main path in.
There's more unemployed tech people out there than many here realize though. People that don't present well in interviews, people that didn't stay employ-ably current in tech, hardware guys replaced by the cloud, people in less hot locations for tech, etc. Criminal organizations are much less picky and judgmental than your average tech startup and in some cases may be the only one's willing to give them a chance.
In some countries, getting into tech is impossible if you're not lucky to have the right credentials. In France for example, any even remotely technical job will require years of higher education and experience (yes there's an obvious catch-22 here). You can have perfectly serviceable skills that would put you at a junior/mid developer or sysadmin level and be completely unemployable - at this point crime doesn't sound that bad if you have no other alternative despite otherwise having no propensity/attraction to participate in criminal activities.
For what it's worth, I would still be completely unemployable in France despite having 7 years of successful commercial experience under my belt in some well-known companies. Thankfully I played my cards right and managed to move to a saner country where tech is still more or less a meritocracy.
Those are the worst. There was this one candidate who gave all the interviewers mousepads with his picture and aol email address on it. Who even wants that kind of stuff? The best ones give some candy, like there was someone who gave us gum with a custom printed wrapper “Hope I ‘stick’ in your mind!”
Never mind people who struggle to get a job in IT because of a previous criminal record. Those people may also have been in prison and made connections while inside.
I suspect that people don't fall into such neat categories. You could pose a similar question re: lawyers whose bread and butter is protecting and representing people associated with organised crime (the kind of individuals represented by Maury from The Wire or Neil Mink from The Sopranos). Are they lawyers who developed a slippery version of ethics & morality, or people with loose ethical standards who entered law?
I'd bet good money that the truth is usually quite banal: these individuals make a series of small and highly contingent decisions over time that gradually push them in the direction of criminality or culpability, reinforced over time by social & financial reward for doing so.
What? Representing criminals is not unethical or 'immoral'. Period. Protecting criminals legally is not unethical unless you are knowingly doing something illegal yourself.
I imagine that most layers are just doing their job and getting paid for it. Bringing morality into that equation makes no sense in a legal system that has little to nothing to do with morality.
Representing criminals is fine, but aiding them in committing future crimes isn’t. If you do that, you’re just part of a criminal conspiracy, and being a lawyer doesn’t give you an exception from moral culpability.
I think the GP meant 'aiding them in commiting future crimes' in the literal sense (e.g. helping launder money, abusing attorney privilege etc.) rather than implying that by defending them in court the lawyer would then be culpable.
I haven't seen all of The Wire, but as to the character cited as an example, Wikipedia says, "[Maury] is corrupt and unscrupulous, willing to aid his clients in furtherance of their criminal activity." So he crosses your line, and I think that's what the GP post meant.
You don’t get to declare what is unethical by adding the sentence “Period.” after your claim. Ethics is a matter of opinion; I believe that knowingly aiding violent criminals is wrong; if you feel otherwise, that’s just like, your, opinion, man.
They aren't criminal until the court system declares them criminal. The lawyer is defending them before they are declared criminals.
That is what "presumption of innocence" means.
Everyone has the right to be represented in court, even people that later on will be convicted.
Otherwise we can just go back to use pitchforks and similar (and actually it's happening on social media, and it's not looking good)
It is a thin line, most of these groups are in contact with lawyer teams before they start the operations and the lawyers are in the know.
These groups do risk assessment before going ahead.
Again, ethics are a matter of opinion, laws are a matter of fact. Yes, in the US you have the legal right to an attorney. Whether that attorney is behaving ethically depends on the attorney’s behavior and the person making the judgment on the ethics. You and I don’t have to have the same opinion on what’s ethical. We can each advocate for our own ideas of ethics to be codified into policy.
Lawyers, even in the United States, are bound by rules of conduct, and will stop being lawyers very quickly if the overstep the rules of ethical conduct.
The standards of ethics they are checked against are not yours or mine, they are the rules they agreed to. To pretend like ethics aren't a thing for lawyers is surprisingly uninformed for HN.
Which is good and fair. I think the example was Tony Soprano though and the (imaginary) lawyer in question knew full well the kind of shennanigans he was up to, these lawyers know they're defending murderers and people that ruin lives.
But that’s the point of lawyers. When they defend a guilty party, most of the time they know that the party is indeed guilty. They need to, to prepare a good defence.
Your life as a human being can't have little to do with morality unless you are a sociopath. On the one hand we need someone to provide all accused with adequate representation to ensure we don't wrongly convict innocent men however at the mob boss level we are virtually always talking about trying to protect horrible people everyone knows are guilty from punishment.
A system that didn't need to hold a trial or give the mob boss a lawyer would be irredeemably immoral but one in which they go free is a shittier world. I don't envy anyone trying to remain moral while walking that line. I don't see how anyone who specialized in such clients could live with themselves.
Kids born after that article are nearly finished with high school. I’m pretty sure the dynamic has changed a little since then. Interesting to at least see how it used to be though.
Over my life Ive met people who while they seem competent and can tie their shoe laces appear to make bad decisions because they have trouble with judging likely outcomes. Those are the people getting hired to do this sort of work.
These people are organised in that they make deals with each other in friend networks. But the people involved are not the sharpest knives in the draw. They get their positions via violence and intimidation more than cunning and planning.
There are cleaver crooks, but we do not often hear from them. A lot of them work at Wall Street, which contains the biggest and most profitable criminal gangs
Yep, and for some reason wickr is Imo even more popular than signal in those circles. It's curious since I've basically never heard of wickr here or in any cybersec community & signal seems to be the daily messaging app for tons of people. I guess it's something to do with the phone verification required by Signal... and I'd guess both apps are pretty similar when it comes to security?
I've heard that in Russia and Kazakhstan drug dealers use Telegram. It just might be a local fashion, when few people started using it and spread it around. I don't think that it's difficult to find phone number tied to unrelated person. Just ask some homeless guy to buy one.
Even in countries where you can still buy a SIM card without ID, once you use your bank card to buy more credit for the SIM (and in Sweden you always will, because cash is basically dead there), it is trivial for the authorities to link the phone number to your real identity.
Protip to the cartels - pay top dollar to some world class engineers to setup a dark web market and you'll make buckets.
Most if not all markets until now have been run by geeks with limited knowledge and skills, wading in to the criminal underworld and inevitably making rookie mistakes.
Both Ross and the guy in Bangkok had their personal emails tied to the markets. Some kids running a big market from Germany connected to the server on their mom's wifi. The list goes on.
We don't know how Ross and other dark web folks were caught, despite all the official stories. We know what the FBI _tells_ us was the security issue. However, the Snowden doc's reveal that they are instructed to construct other legitimate stories for how to implicate a criminal after the have compromised him in order to not reveal their tactics. The exact term they used in the docs escapes my memory, but we only know that Ross _was_ captured, but we have no clue how. Perhaps he had perfect op-sec, but the real security issue was a raft of 0-day attacks and then they signed up something in his name, later legally gagging him. We really have no clue.
Ross did post on shroomery and stackoverflow with identifiable information ... In the case of the former it was clearly linked to the site. And those posts are still up.
The guy in Bangkok had his personal email in reply-to headers of the the "welcome" emails being sent out. If that wasn't true, everyone who received the mail could have proven that.
Parallel reconstruction may have been a occurred, it's true we won't know.
Imagine having employer, who has no qualms about killing people and for whom you are a loose end.
You need to be either professional criminal (skill set completely orthogonal to IT, so chance of somebody possessing both at professional level is miniscule), or a moron.
I think there is a material difference between buying a diamond and directly facilitating the activities of the drug cartels. In theory everyone buys things that are made by people in shitty conditions because there isn't much direct visibility on the front end as to what kind of nastiness happened elsewhere in the supply chain.
If you want that to change you have to make it illegal to do business with such folks not hope consumers fix it for you via the magic of the market.
It's unclear to me those shitty conditions (e.g. those of iphone manufacture) are net harmful to the poverty-stricken areas they affect - but I'm not sure that's not true of diamonds.
I think it's also more jarring that diamonds are otherwise useless symbols of status. At least iphones trickle down in some way (e.g. allowing the proliferation of older gen smartphones even in poor countries).
