zlacker

[parent] [thread] 15 comments
1. GekkeP+(OP)[view] [source] 2022-02-08 22:04:15
Wow. Such hacking prowess. Such bad opsec. Weird.

Ps not condoning the theft but I just find it strange that people with the skills to steal this much get caught using bog standard cloud storage. You'd think they could afford something better ;) Something along the lines of "you don't take notes on a criminal f** conspiracy" :)

replies(7): >>SirYan+I >>digian+q4 >>Dyslex+i8 >>wolver+fc >>pizzal+2q >>paulpa+aG >>ccallo+0v1
2. SirYan+I[view] [source] 2022-02-08 22:07:37
>>GekkeP+(OP)
The article mentioned they were not thought to have conducted the hack itself.
replies(2): >>GekkeP+u1 >>EVa5I7+PN1
◧◩
3. GekkeP+u1[view] [source] [discussion] 2022-02-08 22:12:22
>>SirYan+I
Ah ok sorry I checked the comments only. Should have read TFA sorry :)
4. digian+q4[view] [source] 2022-02-08 22:27:31
>>GekkeP+(OP)
Honestly don’t know why people don’t AES/GPG encrypt the keys and send a message to alt.anonymous.messages.

That’s 30+ years of storage for free.

replies(2): >>vmchal+fs >>raducu+Ok1
5. Dyslex+i8[view] [source] 2022-02-08 22:50:24
>>GekkeP+(OP)
> I just find it strange that people with the skills

people in Tech will yak-shave choosing the "correct" cypher. Then get pwned by an implementation detail like a bug in enigmail.

1) Hacking, 2) opsec and 3) tradecraft are totally different skills. The most dangerous people (to themselves) are the ones who cover only one of 3. The more advanced among them _know_ they lack in the other areas, but think they can compensate going even deeper on whatever they already know.

6. wolver+fc[view] [source] 2022-02-08 23:13:37
>>GekkeP+(OP)
People are sometimes too busy to deal with the many details of 'perfect' opsec. In other circumstances, they hire a professional to handle it for them, but that is more difficult for criminals.
7. pizzal+2q[view] [source] 2022-02-09 00:48:14
>>GekkeP+(OP)
Anakata (guy who founded the pirate bay) hacked a bank and he is definitely some kind of genius. His idea for getting money out of the bank was to enlist a teenage thug to go to the ATM and withdraw money, which he had sent to the guy's account. Smart people do stupid shit all the time.
◧◩
8. vmchal+fs[view] [source] [discussion] 2022-02-09 01:01:29
>>digian+q4
maybe he backed up to icloud by accident
replies(2): >>bandra+lZ >>radica+pd1
9. paulpa+aG[view] [source] 2022-02-09 02:46:00
>>GekkeP+(OP)
But the report does not state that they actually did it, only laundered it. it may have been someone else
◧◩◪
10. bandra+lZ[view] [source] [discussion] 2022-02-09 05:35:56
>>vmchal+fs
This. It's harder than you may think to leave zero cloud trail of your activity and storage.
◧◩◪
11. radica+pd1[view] [source] [discussion] 2022-02-09 08:01:03
>>vmchal+fs
I bet he just got opted into iCloud Drive documents and desktop folders.
◧◩
12. raducu+Ok1[view] [source] [discussion] 2022-02-09 09:11:03
>>digian+q4
Why couldn't they just use a brain wallet on an offline device with no internal storage. Keep a hand written copy of the generated passphrase laminated in some plastic in some fake plaster rock under a tree in a wood or something.
replies(2): >>herodo+8q1 >>digian+Ku4
◧◩◪
13. herodo+8q1[view] [source] [discussion] 2022-02-09 10:04:16
>>raducu+Ok1
Take it easy Andy Dufrense
14. ccallo+0v1[view] [source] 2022-02-09 10:51:02
>>GekkeP+(OP)
We only know about the ones that get caught.
◧◩
15. EVa5I7+PN1[view] [source] [discussion] 2022-02-09 13:32:38
>>SirYan+I
That's just author's speculation. Most probably he did conduct the hack himself, because he had private keys to all the original withdrawal addresses.
◧◩◪
16. digian+Ku4[view] [source] [discussion] 2022-02-10 05:26:53
>>raducu+Ok1
The idea is this would survive a search and potential jail term.
[go to top]