Slashdot Mirror
How the Secret Service Busted ShadowCrew
plover writes "In the story Hacker Hunters, BusinessWeek Online documents how the Secret Service turned a member of the ShadowCrew and was able to arrest dozens of the members of the phishing ring.
From the article: 'Law enforcement officials are often loath to reveal details of their operations, but the Secret Service and Justice Dept. wanted to publicize a still-rare victory. So they agreed to reveal the inner dynamics of their cat-and-mouse chase to BusinessWeek. The case provides a window into the arcane culture of cybercriminals and the methods of their pursuers. ' "
I think this story was on slashdot before...
DUPE DUPE DUPE
How do they come up with such clever names?
dupe
this is just a placeholder till i send back my real sig from the future.
Sure these guys are bad, but let's not give up our privacy rights just to catch them.
Having privacy means the bad guys get away sometimes.
Now that doesn't make the victims happy, but their personal loss is small compared to the greater good.
i'm pretty sure that this exact article was linked a little while ago.
it's a dupe...:)
--
http://unk1911.blogspot.com/
Or hacking and copyright/trademark violations.....which one will get more prison time and a higher fine.
Now I haven't RTFA completely yet, but I have just one question.
Why would somebody in a phishing group give out their information to fellow members? This kind of thing seems to happen so often, you'd think that there would at least be a layer of secrecy between the members, just in the case somebody is going to rat on them.
I'm all for catching these guys, but I wonder about publicizing the details at this time. Is this supposed to make us feel better about the Patriot Act -- "look here! See how we can bust the bad guys with the 'right' tools!" -- or are we just supposed to be happy that something was done about this gang of thieves? I don't expect everything to be about freedom and democracy, but it is too easy anymore to question why authorities give us this information, rather than look at the information for information sake...if that makes any sense.
Law enforcement needs to stop worrying about (and identifying as such) the average script kiddie and focus on the large mob-like operations. I'm guessing they'll get much more bang for their buck that way. I can't see how 150 million dollars is not enough to take down at least a couple of the big rings given that they operate on Jolt and Hot Pockets (or whatever passes for that in Romania).
Some people don't read /. 24/7/365 like you guys. Enough with all the dupe replies....geesh!
I liked this:
The HangUp Team has been operating in Russia with impunity for years. Some members are allegedly based in Archangelsk, an Arctic Circle city of rusting Soviet nuclear submarines and nearly perpetual winter.
The people we put in jail for cracking and phishing are more comfortable than pretty much anyone living (with impunity or otherwise) in Archangelsk. Never the less, this whole concept of phishing/malware 'colonies' sure implies a complicit (or way, way negligent) government.
Don't disappoint your bird dog. Go to the range.
Goodbye karma...had to do it though...heh
Content Management System: A pretentious way of saying "text editor."
If you would like to help the secret service, please send your ebay passwords and usernames.
Scary stuff. Please use fewer junk characters. Please use fewer junk characters. Please use fewer junk characters. Please use fewer junk characters. Please use fewer junk characters. Please use fewer junk characters. Please use fewer junk characters. Please use fewer junk characters.
...but it reminds me too much of this guy.
From TFA:
Agents armed with Sig-Sauer 229 pistols and MP5 semi-automatic machine guns swooped in
"Semi-automatic" means fires only one round when the trigger is pulled. "machine guns" means fires lots of rounds when the trigger is pulled. The sentence is an oxymoron, and implies the reporter is just throwing buzzwords around without knowing what he is talking about. To correct the sentence, this is the Secret Service we are talking about. They are not going to mess around with some semi-auto HK94 type of firearm. The phrase the author was looking for is "fully-automatic".
Hopefully the other aspects of the article are more factual and carefully checked.
Nothing like sensational journalism:
A huge map of the U.S., spread across 12 digital screens, gave them a view of their prey, from Arizona to New Jersey.
Yes, they were "prey" and the Secret Service were eagles flying high in the air to protect freedom. Give me a fucking break. But of course this wasn't just a single sentence to get the readers interested, nope, the entire "article" is full of this crap:
The target: the ShadowCrew, a gang whose members were schooled in identity theft, bank account pillage, and the fencing of ill-gotten wares on the Web, police say.
Yes, they have a hackers college where professors teach their students how to be thieves. Oh wait, no they don't...
At 9 p.m., Nagel, the Secret Service's assistant director for investigations, issued the "go" order. Agents armed with Sig-Sauer 229 pistols and MP5 semi-automatic machine guns swooped in, aided by local cops and international police.
Ahh, the freedom eagle reference again... Swooping down on their "prey".
There's a new breed of crime-fighter prowling cyberspace: the hacker hunters.
Yes more predator/prey relationships. No, sorry.
This was not a movie, it should not be written as if it were, and it should not be written to give any ideas to other people who might want to make it into a movie. It was a typical "wait it out and arrest" type operation. There was nothing that was any more exciting about this than any other operation. Of course the media has to make it out to be more than it is to gain the attention of readers.
Stick to the facts and cut out the crap. Thanks for the dupe.
The HangUp Team has been operating in Russia with impunity for years. Some members are allegedly based in Archangelsk, an Arctic Circle city of rusting Soviet nuclear submarines and nearly perpetual winter.
That's really sad, to think about; rusting Soviet nuclear submarines. Such technology, such virtue. I would absolutely love an ex-Soviet nuclear submarine. It'd make a neat houseboat. Just seems like kindof a massive thing to leave laying around.
Informatus Technologicus
There is a really good book by a guy called Cliff Stoll called Cuckoo's egg about how he chased down a hacker in the early days of the Internet.
It wasn't even really the Internet as we know it today.
It will be nostalgia for old timers and a history lesson for the "noobs" around here.
Anyway, it is very interesting. I recommend it highly.
The Internet is full. Go Away!!!
At 9 p.m., Nagel, the Secret Service's assistant director for investigations, issued the "go" order. Agents armed with Sig-Sauer 229 pistols and MP5 semi-automatic machine guns swooped in
So, what's a "semi-automatic machine gun"? The MP5 is a select fire submachine gun. A semi-auto only civilian version that was briefly available was called the HK-91, and certainly wouldn't be used by the Secret Service.
If you want to bust a phisher, be a phish. Basically give them false information, made up credit cards etc. Flag the credit card as stolen, and retrieve where it was used. I'd guess this stuff would be easy to catch.
God spoke to me.
It used to be the Secret Service wasted their time going after people publishing electronic magazines like Craig Neidorf (Phrack), people making a board game with "Hacker" as the name like Steve Jackson Games, or people looking to just break into computers for fun and understanding.
Now they're going after actual criminals that the above people warned us about. I've got to say that's a real improvement. Of course it took actual electronic criminals to make them realize who the real enemy is.
AccountKiller
I had to look him up on the internet. He has a web page here:
http://www.ocf.berkeley.edu/~stoll/
It is funny, because it is really simple and it is actually invalid. I had to view the page source to find the intended links.
It has the answer to one of the number puzzles that he mentioned in the book (but never gives the answer to if I remember correctly).
The Internet is full. Go Away!!!
wow! just what I was looking for!
Part of the problem is that cops don't have all the weapons they need to fight back. They clearly lack the financial resources to match their adversaries' technical skills and global reach. The FBI will spend just $150 million of a $5 billion fiscal 2005 budget on cybercrime -- not including personnel -- in spite of its being given the third-highest priority. (Terrorism and counterintelligence come first.)
Can someone explain when budgets and financial resources will not be a problem? Everywhere you look, this "boogeyman" is the first thing law enforcement/public good places blame their
problems on.
It seems to me that:
#1. They tax us more.
#2. They spend it on useless things. (more managers, assitants, Harley Davidson Police bikes, Corvette Police cars)
#3. They say they don't have any money.
Rinse, lather, repeat?
Man I'd love to see those logs
[zer0kewl] OK guys.. lets set out this weeks agen..
*door bursts open
[zer0kewl] AFK BEING RAIDED
They're employing some of the same tactics used to crush organized crime in the 1980s.
Um, correct me if I'm wrong, but organized crime is still going strong. Let's hope that they "crush" the phishers a little more thoroughly.
I wonder wether FunWithHeadlines is still holding his breath? :-)
From the dupe story: Re:SCO mydoom
Irene KHAAAAAAN!
Can you idiots see, this article is cleary different. Notice the url.. its from yahoo.businessweek.com. Sheesh, dupes indeed!
I know the instinct around here and among most decent citizens is to mistrust the federal government and its agents. Fine.
But I think it's high time we see some law enforcement activity on the Internet. There is a limit to technical solutions to problems like phishing, pharming, spambotting, spamming, online auction fraud and other acts of theft.
The reason such scams are so prevalent is a lack of will on the part of American law enforcement and politicians to begin to direct resources at these crimes, which are less visible and more widely dispersed. Since so many of the crimes cross jurisdications, the feds are logical ones to act.
Now maybe in cases of copyright infringement many of us here believe the feds have been shall we say overzealous or worse. Again, fine. But ShadowCrew were STEALING -- not hypothetical copyright losses but actual property, along with account information and other readily cashierable assets.
It is high time the government aggressively and publicly pursues these scamsters. For those websites out of US jurisdiction, they should work with ISPs and technical and Internet groups to help block phishing-type sites and pharming phonehomes.
I just hope this is a serious effort rather than an isolated PR stunt.
Big deal. Find gang member, and threaten him with 20 years unless he turns informant. Setup a sting operation and ask said informant to get all of his buddies online at the same time. Execute takedown.
This is no different from any other informant-driven operation. Just because it involves the intarweb doesn't make it some mysterious "Hacker" game of cat and mouse like you've come to expect from crappy cyberpunk movies.
Replace Internet phishing scam with drugs, guns or whatever criminally-organized activity you want. It all comes down to the same basic tactics.
Wait a second, I thought information wanted to be free?
Is it good or bad that these guys were caught?
* smirk *
"Live Free or Die." Don't like it? Then keep out of the USA
I have the huge list of e-mail addresses that were compromised. If you want to know if you're on it, please reply with your e-mail address and password and I'll get back to you if you're on the list!
http://web.archive.org/web/20041030015234/http://s hadowcrew.com/> Defaced website... dating back to october 30 2004... this story is really old... anyways if they got cut they don't even worth talking about them.. they are not 1337 at all..
I received an unusual spam message advertising warez, cardz, etc. and took the time to trace the message back to the shadowcrew website. The forums on this site were amazing. Basically it was a hub for people to advertise very highly illegal services, or sell lists of credit cards, passwords, etc... a hub for Identitity theives, and fraudsters.
I reported this site to the FBI, and received the following response from them (back in October of last year).
"Thank you for your submission to the FBI Internet
Tip Line. Inasmuch as the FBI has recently
received numerous reports concerning the
"www.shadowcrew.com" Web site, there is no need to
forward any such additional emails to us. Our
Cyber Division is aware of this Web site, and is
addressing the matter."
It was only a matter of time until these idiots were caught. You can't be this open about such illegal activity and not expect a response from the feds.
no
From TFA: For months, agents had been watching their every move through a clandestine gateway into their Web site, shadowcrew.com.
I read a much more interesting version of this story somewhere else. I can't find the link right now, but it explained more fully how they really caught them. This sentence above just glosses over it.
Apparently, they did this:
They got to one of the members of shadowcrew and convinced them to work with them. This guy then proceeded to go onto the shadowcrew IRC channel and told everyone that he had setup a new encrypted gateway VPN type channel that would allow them to connect to the shadowcrew servers in a "more secure" fashion. He convinced everyone to go through this proxy. Little did they know, the proxy was actually an FBI server that was monitoring and recording all traffic that passed through it.
This just goes to show, no matter how smart you are, the best hacks are social engineering hacks, not technical.
They should have been smart and used Tor instead, then they probably wouldn't have been caught.
I'm glad they got caught though. These guys were losers of the worst kind.
"When the president does it, that means it's not illegal." - Richard M. Nixon
is that you are a moron as well. You think the secret service is so l33t that they all bust in carrying fully automatic weapons? Firing M60's from the hip like Rambo to bust a bunch of computer dorks? Even in the military only two members of an infantry squad carry fully automatic weapons. The secret service is more likely to do a bust with most of the agents carrying pistols, shotguns and one or two semi-auto mp5's.
I think this article is pure bullshit.
Duties of the SS are as follows.
1. Protect (by executive order) The President of the USA.
2. Protect the nation's money from counterfeiting.
Unless these guys took the President's information, or made a threat anywhere on their site about the president, or were actually counterfeiting/spreading counterfeit bills, the SS should have had not one single reason to be involved in this. This should have been the responsibility of the FBI and the ATF. What's next, the Secret Service arresting us everytime we download pr0n?
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Anyhow, note this - "To ensure the suspects were at home, a gang member-turned-informant had pressed his pals to go online for a group meeting... Twenty-eight members were arrested, most still at their computers."
What to we take from this?
- The hackers did this from home
- The hackers were caught due to a hacked-turned-informant
- 28 people were all in this one group
So you can begin to see a usual pattern. In this day and age of cellular fones and 802.11b, these hackers didn't even leave their homes! Stupid, stupid, stupid. Hell, I had an acoustic coupler which I used to strap up to a payphone a decade ago. Nowadays, this kind of thing is 10x easier. Don't hack from home!Then it says this group was comprised of 28 people. Not a good idea - these people must have never read anything about guerilla warfare. Your trusted group should never be more than 4 people, 3 if you're being conservative. This is how guerilla cells have operated for decades. It's ok to have say 8 cells in one big group, but other cells should not have as much direct contact as people in your cell. So if someone in one of the other eight cells turns informant, you're still safe. There would have been only 2 or 3 people busted, not 28.
Finally, there is back to the hacker-turned-informant. While hacking from home is stupid, most of these things are not done by technical wizardry, but by watching the persons social network. It is not always an informant - sometimes a friend is just careless. On the other hand, swearing off a social network is not something wanted either. That's why rules like don't hack from home are important, and why you need a structure where there would be something like 8 cells in this group, with people only having enough information to rat out their own cell.
No that's the NSA
This is silly. They basically busted a BB/forum where folks were posting about buying and selling identity items. That it was a "gang" is a big time stretch.
--Slashdot Gang Member
Who cares about the semantics of hacker vs cracker? At any rate, they then to think their crimes aren't "real" but more ot teh point they think the Internet makes them invisible and invincible.
Had one like this on campus. He was attempting to get passwords by arp poisoning and pretending to be the router. What's worse, we actually didn't have proper monitoring to catch this sort of thing at the time. However he was stupid and didn't know how to work his software, so we noticed the library disappearing from the network and figured out what he was trying to do. He kept trying and got caught.
He IMMEDIATLY and completely spilled the beans when caught. He was scared shitless because he never thought anyone could track him.
Look out Glock, Sig-Sauer is kicking your ass! You can't pay for publicity like that! Alas, the MP5s get product placement but until we can throw out some unconstitutional laws, they're out of reach for us mere subjects.
...MP5 semi-automatic machine guns...
Aren't mp5's SUBmachine guns?
Here's the wiki:
A submachine gun is a firearm which combines the automatic fire of a machine gun with the ammunition of a pistol, and is usually between the two in weight and size.
... a là Hackers, that's bad ju ju. Anyone reading it will get this picture of Angelina Jolie naked on the kid's bed as the SWATs rammed the door. Many, many, more would be hackers tonight...
Mi domando chi à il mandante di tutte le cazzate che faccio - Altan
Therefore, I whole-heartedly apologize to absolutely everyone who was taken out back and beaten with sticks because I submitted a duplicate story.
Oh, what's that? You say you weren't taken out back and beaten with sticks because I submitted a dupe? Then may I ask why it is a Department of Homeland Security issue that someone posted a dupe? Honestly, I sometimes think that posting "Dupe" is just a different way of saying "FRIST PSOT" without getting immediately modded down as a troll.
John
So they caught them with the help of one of it's members? And they see this as a big accomplishment? Our government will impress me when they do something like this without the help of a nark.
It still doesn't make up for the American SS' behavior in the Hacker Crackdown.
For those of you who don't know about it, check out Bruce Sterling's book. I believe it is still a free download.
I'm not sure what you're talking about here. The punishment for computer crime is significantly harsher than that of its non-technical counterpart.
You could walk into a bank and rob it at gun point, all the while threatening to kill people, and there's a good chance you'd only be jail for about 7 years.
On the other hand, rob the same bank, of the same amount of money, without a gun, and without threatening anyone, but do it with a computer, and you could be looking at 20 years!
In Canada, a simple DOS attack will get you 10 years in prison.
Also, under the Youth Offenders Act, youngsters who commit computer crimes are always punished to the maximum extent (3 years). In comparison, some children convicted of murder have been let go in one year.
Computer crimes carry a harsh penalty.
Despite this, cybercrime is still attractive? Precisely because it's easy, and non-confrontal. I don't think it has as much to do with the risk/reward ratio as you may think... because those who are actually considering committing these crimes are very aware of not only how easy it is to get caught, but how strict the penalities are.
It's not like the good 'ol days when you could hack a Gibson across state lines. Now days if you do something big enough, people will notice, and unless you have a huge crime syndicate protecting you, you're going to get caught.
Having said that... I think I'm going to go walk into a bank with an axe. To me, the risk/reward ratio on that one seems really good! Way better than this computer crime crap. Why waste time learning all those damn c0dez when I can just walk down the street in a crazed fit!
If the navy saw an ex-soviet sub sailing towards the US, I think they would sink it without asking questions.
More than a few of the soviet missiles were liquid fueled: fuming nitric acid and hydrazine. Both chemicals would corrode you and both are quite toxic. Each sub would be a SuperFund site all by itself.
They followed the trail of pizza boxes and pr0n DVD cases.
If a bank taking money from anonymous people and giving it to other anonymous people, I'd like to be the bank please. If I take the money (or perhaps just skim the money) who is to stand up and say that they didn't do the transation (and give up their anonymity)?
Currency is about trust (you trust you can trade in your techically worthless token for something of value), when this trust is broken your rely on identification as a backstop. Without the source identity backstop, you basically have to trust the bank we know banks never do anything bad with your money. You can argue that only honest banks will survive, but if nobody is complaining, how will you know which ones are honest vs the ones that are just being picked on by blackmailers?
Money being just a token is a funny thing in that it only has the value we assign to it...
Nobody gives a fuck about the /. definitions of terms. Hacker has come to have two contexts, good and bad, and the one most people use is bad. I don't care how you choose to define it, you aren't the one that makes the rules. From the American Heritige Dictionary:
1. One who is proficient at using or programming a computer; a computer buff.
2. One who uses programming skills to gain illegal access to a computer network or file.
3. One who enthusiastically pursues a game or sport: a weekend tennis hacker.
From Webster's Dictionary:
1 : one that hacks
2 : a person who is inexperienced or unskilled at a particular activity
3 : an expert at programming and solving problems with a computer
4 : a person who illegally gains access to and sometimes tampers with information in a computer system
Notice it is both defined as you define it, and also as someone who commits illegal activity. So sorry bud, the usage of hacker to indicate a person who does illegal things with a computer is a correct one.
Slashdot is not the authority on these things.
Maybe for a blind person, but anyone who likes natural daylight would be out of luck. No windows on subs. That's why they run into things sometimes.
3 ,00.asp
Slightly more tech-saavy article as well. Baseline is a Ziff-Davis IT Project Management trade mag.without the annoying phrase "hacker hunter", can be found here:
http://www.baselinemag.com/article2/0,1397,177439
Julia
I posted this story and it was rejected. 4 or 5 days later somebody else posted it, and it was published. And now it's been published a SECOND time.
You have tried to support your argument with faulty reasoning! Go directly to jail; do not pass Go, do not collect $200!
Law enforcement - esp. federal LE - is always going on about lacking the money and tools to fight crime - not just computer crime but any kind of crime. And there is a lot of truth in it. They drive around in their old Ford sedans, following criminals driving Audis, BMWs, Ferraris... They can't keep up, and they stand out like sore thumbs. Trying to get into exclusive nightclubs in tacky suits? Wearing flea market sunglasses in Palm Beach? And of course other examples, like having crap computers, too little staff, etc. But the real reason that federal LE has a hard time catching crims is that they are neither very bright, nor very competent, that departments are full of time-serving hacks and corruption and malfeance common. Many, perhaps most, of their big busts and successes come from informants - an area where the departments, esp. DEA, spend a lot of money - and from people busted through bad luck rolling over on everyone and sundry so as to walk away scot-free, often with their ill-gotten loot still safely pocketed. This phishing bust is probably much in that way - more bribery than detective work. If what you seek is more arrests and convictions from federal law enforcement don't look to increasing the budget spent on cybercrime or whatever area you are concerned about - just have them spend more money on informants and venal deals.
Well, even if FBI is the law in the US, that doesn't make them entitled to break the law in any other country, does it? I mean, in most (!) countries not even the domestic police forces are allowed to break the law....
A break in is a break in, no matter who does it....
Well, even if FBI is the law in the US, that doesn't make them entitled to break the law in any other country, does it?
What law would prevent it? Sweden's?
While that was a very nice bedtime story about the bad guys, I think people should really go back and re-read it carefully. To anyone who'se read it a few times - the description of this group is far more like a government hierachy than a criminal one. That should tell you all you need to know right there.
but... you knew that already :)
I browse at +5 Flamebait- moderation for all or moderation for none.
I was a member of shadowcrew for a brief period, not a practising member but I have always been interested in what the bad guys are up to.
It wasn't just a member of the site that they turned, it was CumbaJohnny, the Admin. They gave him Secret Service controlled proxies and VPN's and he gave them out to most of the vendors on the site.
Also, it wasn't a phishing group, it was an online marketplace where just about anything was available ranging from drugs through to online bank account logins/passwords and credit/bank card dumps. There were thousands of members but pretty much only the vendors were arrested.
I'm glad to see it go but word is that replacements have popped up....some people never learn.
Overdramatized pat on the back for Law Enforcement.
e.g. " The HangUp Team has been operating in Russia with impunity for years. Some members are allegedly based in Archangelsk, an Arctic Circle city of rusting Soviet nuclear submarines and nearly perpetual winter."
IANARH (not a russian hacker)
Firstly there is really no point to the stupid above statement. Secondly its most likely 100% untrue, as romantic as the post apocalyptic rusting submarine hulks and perpetual winter may be..
Here's some Pictures of Archangelsk
While law enforcement was busy playing with their high tech toys chasing small fry, the real criminals continue to get away. Does anybody even care about the whereabouts of Kenny Boy?
What good is my identity if I can't safely participate in capital ownership?
Politicus
(actually a family of submachine guns)
It fires in full-auto, 3-round burst or single-round (semi automatic) mode.
The Russian authorities could not care less about white-collar criminals who take money from non-Russians. It is not uncommon for countries to overlook "bloodless" crime that does not harm their own citizens - just look at all these "enlargement pill" pharmacies. The Russians are really good at this. If you want to know why obvious copyright pirates like allofmp3.com operate unmolested, look no further than this article.
FBI relying on the cooperation of arbitrary(?) choosen commertial anti-virus developer and implicitly promoting them doesn't sound right. It's as if FBI subcontracted part of their work to private secutity company to break some crime ring. It should be other way around. FBI should have experts of such quality that anti-virus companies would ask them for advice.
AFK, cop raid
The best weapon of a dictatorship is secrecy, but the best weapon of a democracy should be the weapon of openness.
Will people please stop refering to criminals as HACKERS!
http://en.wikipedia.org/wiki/Hacker
There's nothing hacker-like about a bunch of thugs who fake a website to look like and bank's and send you an email to coax you into logging into the fake page - it's called FRAUD, not hacking.
'professional cyber-criminals have replaced amateur thrill-seeking hackers as the biggest threat on the Web'
When were 'thrill-seeking' hackers ever a *real* threat? The media just makes them out to be that because it's the media's job to stir up panic.
Cyber-criminals were ALLWAYS the the biggest threat on the web - ever since the first site that allowed money to flow via the internet was created.
Coding Monkey.org - Spanging the heavy spade of truth into t
Arcane culture?
please. don't say things like that. people look at me strangely when I laugh at work.
Working as a Senior ITSEC/INFOSEC/IA operations guy for DoD, I deal with this sort of stuff on a daily basis. While our "baddies" are out for a different loot, they operate the same (albeit a bit more sophisiticated than average criminals out to make a buck). I have several thoughts on this article.
1. I have dealt on numerous occasions with FBI, Secret Service and some other DoJ guys on computer crimes/security issues. The level of arrogance is astounding to me. Working in DoD, we interface A LOT with the INFOSEC guys from the military. These guys may be young, but you better damn well believe they're good at what they do. After all they're tasked with protecting to most guarded secrets our country holds. Typically, if there's a situation in which the subjects of the article have to interface with DoD IA or the military guys the DoJ folks want to turn everything into a pissing match. The majority of time is eaten listening to "war stories" of these guys staking out houses, following cars, etc.
2. The DoJ guys are typically highly educated and poorly trained. The former does NOT compensate for the latter. Let's face it, for the most part they don't teach INFOSEC in college (with a few rare exceptions in which the DoD/DHS has the NCAE program for accrediting IA programs at colleges and universities). Despite their lack of knowledge, they are convinced that they are the creme of the crop (mostly because they get to "pack heat") and that the only person that can teach them anything has a PhD. There is almost no "cross polination", as I like to call it, with these guys.
3. DoJ (Secret Service, whoever) are purely reactive on this issue. In fairness, it's kind of their job to be reactive I suppose. We (DoD) are used to focusing on preventative and shifting into reactive when we've failed at our first objective (Protect). We have three purposes...Protect (that is preventative), Defend (that is reactive), Exploit (that is for another thread). DoJ has one...clean-up a mess that's already happened. Again I understand that this is really their comission, so I guess I lay off the point a bit. Forget paragraph 3.
In short, my many experiences with them have all left me (and my peers) with a bad taste in my mouth. I think we're pretty easy going guys/gals, no big egos running around, no pretense, etc. but I'll be damned if we can get along with these guys.
Just my $.02.
Apparently he works for the secret service:
"[Cybergangs] always thought they operated with anonymity," says Nagel, a tall, chiseled G-man. "We rattled them."
But the real reason that federal LE has a hard time catching crims is that they are neither very bright, nor very competent, that departments are full of time-serving hacks and corruption and malfeance common.
Ah...sounds like someone's contract didn't get renewed.
Better luck in the private sector.
Webster is such a great source for definition of computer terms. Main Entry: cracker Pronunciation: 'kra-k&r Function: noun 1 chiefly dialect : a bragging liar : BOASTER 2 : something that makes a cracking or snapping noise: as a : FIRECRACKER b : the snapping end of a whiplash : SNAPPER c : a paper holder for a party favor that pops when the ends are pulled sharply 3 plural : NUTCRACKER 4 : a dry thin crispy baked bread product that may be leavened or unleavened 5 a usually disparaging : a poor usually Southern white b capitalized : a native or resident of Florida or Georgia -- used as a nickname 6 : the equipment in which cracking (as of petroleum) is carried out BTW, since no one will get the joke: I'm a from a small rural southern town.
A large gang of 28 people in an apartment - that draws a lot of attention, and once someone catches on, there's no escape.
Not to mention, having shadowcrew.com as a registered name, well that just isn't what grandma would use.
Know your pads. One time pad: good for cryptography. Two timing pad: where to take your mistress.
... whether hackers are starting to target Linux as a result of its increasing share in the desktop market? My assumption is that criminals like these pretty much operate only in the Windows world. Is that correct?