I’ve been on the defender side of security my whole career.
I know in some markets crime pays more than legitimate work, but it never ceases to amaze me how much thought, effort, planning, and engineering goes into providing infrastructure IT services for cybercriminals. The people involved definitely have the skills to be profitable at legitimate work; it just puzzles me that they choose to support criminals.
I watched the downfall and eventual jailing of someone who had a great job, career, and family after he started getting involved in cybercrime.
As far as I can make sense of it, he enjoyed the thrill of feeling superior to others: Evading the law, exploiting people who viewed as stupid, and enriching himself in the process.
He got caught through a mistake that was really dumb in retrospect. I think he believed his intellectual superiority combined with the stupidity of others so much that eventually he couldn’t imagine anyone catching him.
>As far as I can make sense of it, he enjoyed the thrill of feeling superior to others: Evading the law, exploiting people who viewed as stupid, and enriching himself in the process.
I sadly see this pattern of thinking far more often than I want to in my fellow eastern Europeans.
Imagine working for an organization where 1) cybersecurity is actually the #1 priority, ahead of "shareholder value" and all the other gobblygook, 2) you get to design systems where you actually have to assume that every other entity is malicious (not the usual carve-outs like "oh yeah we do zero trust.. but our entire management plane is Azure-managed it's unavoidable"), 3) your budget is effectively unlimited, and 4) you get paid several factors more than you would in private industry.
Some people are just born into it. Mafia families, etc. There were some very smart people in the American mob, running scams that were immensely profitable. Eventually they get caught though, and with the ease and pervasivness of electronic surveillance today, it's pretty much impossible to do it anymre at least if you're anywhere where the authorities care about it.
It's not easy to go legit, especially in today's job market, depending on where you live in the world also.
The US is unique with its high salaries for tech work (on the lower end of those of high salaries is pure ops work like this though). If you're in a country where the average sysadmin salary is substantially lower (to pick on Eastern Europe for a minute, you're looking at the equivalent of ~$30-35k USD/year), it's not hard to see why its tempting to go the cybercrime route.
> those sanctions failed to target Stark’s remaining connection to the Internet — an Internet service provider based in the Netherlands called MIRhosting.
The fuck, i walk past the office of mirhosting every day
The article spells it out clearly: charging them with violating sanctions law by directly or indirectly making economic resources available to EU-sanctioned entities.
Maybe it's because I haven't had my coffee yet, but I swear my brain read: "Neanderthals Seize 800 Servers"
I’ve been on the defender side of security my whole career.
I know in some markets crime pays more than legitimate work, but it never ceases to amaze me how much thought, effort, planning, and engineering goes into providing infrastructure IT services for cybercriminals. The people involved definitely have the skills to be profitable at legitimate work; it just puzzles me that they choose to support criminals.
I watched the downfall and eventual jailing of someone who had a great job, career, and family after he started getting involved in cybercrime.
As far as I can make sense of it, he enjoyed the thrill of feeling superior to others: Evading the law, exploiting people who viewed as stupid, and enriching himself in the process.
He got caught through a mistake that was really dumb in retrospect. I think he believed his intellectual superiority combined with the stupidity of others so much that eventually he couldn’t imagine anyone catching him.
>As far as I can make sense of it, he enjoyed the thrill of feeling superior to others: Evading the law, exploiting people who viewed as stupid, and enriching himself in the process.
I sadly see this pattern of thinking far more often than I want to in my fellow eastern Europeans.
Imagine working for an organization where 1) cybersecurity is actually the #1 priority, ahead of "shareholder value" and all the other gobblygook, 2) you get to design systems where you actually have to assume that every other entity is malicious (not the usual carve-outs like "oh yeah we do zero trust.. but our entire management plane is Azure-managed it's unavoidable"), 3) your budget is effectively unlimited, and 4) you get paid several factors more than you would in private industry.
Some people are just born into it. Mafia families, etc. There were some very smart people in the American mob, running scams that were immensely profitable. Eventually they get caught though, and with the ease and pervasivness of electronic surveillance today, it's pretty much impossible to do it anymre at least if you're anywhere where the authorities care about it.
> The people involved definitely have the skills to be profitable at legitimate work; it just puzzles me that they choose to support criminals.
I don't think it's that easy to go legit. having a tech job nowadays is already a luxury
Cybersecurity is always last on the budget list. It is not easy to make money working in cybersecurity.
The only upside here is that criminals will (through legislation) eventually force companies to invest more.
You fail to take into account the ideological angle.
Some people are ready to die for their beliefs. Others just to run businesses supporting their causes.
3 of the 4 persons named have russian links (a large number of Moldovan citizens are ethnic russians).
It's not easy to go legit, especially in today's job market, depending on where you live in the world also.
The US is unique with its high salaries for tech work (on the lower end of those of high salaries is pure ops work like this though). If you're in a country where the average sysadmin salary is substantially lower (to pick on Eastern Europe for a minute, you're looking at the equivalent of ~$30-35k USD/year), it's not hard to see why its tempting to go the cybercrime route.
> Stark Industries Solutions
jarvis, whats the status of my dutch servers
> those sanctions failed to target Stark’s remaining connection to the Internet — an Internet service provider based in the Netherlands called MIRhosting.
The fuck, i walk past the office of mirhosting every day
It would be nice if they named/prosecuted the people who paid them to perform the attacks.
The FSB? What are you going to do about that. Russia shot down an airliner full of Netherlands citizens and there were no repercussions.
Law enforcement doesn't typically talk about ongoing investigations.
After reading the article I am not sure what crime did they commit in the Netherlands.
The article spells it out clearly: charging them with violating sanctions law by directly or indirectly making economic resources available to EU-sanctioned entities.
I feel like you’re only asking this because you disagree with their charges, not because you genuinely have no clue why they’re arrested.
> …charging them with violating sanctions law by directly or indirectly making economic resources available to EU-sanctioned entities…
I guess that's why.
> charging them with violating sanctions law by directly or indirectly making economic resources available to EU-sanctioned entities.
Did you read this part?