fafo
November 30, 2024 2:57 PM Subscribe
Prolific hacker arrested after threatening woman online. The guy allegedly behind the massive Ticketmaster and AT&T data breaches this year was unmasked after picking a fight with Allison Nixon, the chief research officer at a cybersecurity firm.
He repeatedly threatened her and her company on Telegram, which were not even working on the Snowflake hack at the time.
“Why would he target a company that is not working on his case and specializes in identifying cybercriminals?” said Nixon. “It is just the stupidest thing ever.”
He repeatedly threatened her and her company on Telegram, which were not even working on the Snowflake hack at the time.
“Why would he target a company that is not working on his case and specializes in identifying cybercriminals?” said Nixon. “It is just the stupidest thing ever.”
He was thinking with his dick and his ego. I think that's the real mistake. Also, the usual rage at a woman.
posted by jenfullmoon at 3:20 PM on November 30, 2024 [30 favorites]
posted by jenfullmoon at 3:20 PM on November 30, 2024 [30 favorites]
Badass!
Fuck around, get sloppy, get tracked, and find out...
posted by Windopaene at 3:26 PM on November 30, 2024
Fuck around, get sloppy, get tracked, and find out...
posted by Windopaene at 3:26 PM on November 30, 2024
Fuck around, get sloppy, get tracked, and find out...
Very probably, but it’s worth remembering that perfect operational security is basically impossible – especially if you have a highly motivated and knowledgeable adversary gunning for you, as here.
posted by reedbird_hill at 3:28 PM on November 30, 2024 [5 favorites]
Very probably, but it’s worth remembering that perfect operational security is basically impossible – especially if you have a highly motivated and knowledgeable adversary gunning for you, as here.
posted by reedbird_hill at 3:28 PM on November 30, 2024 [5 favorites]
From this paywalled article from 404 Media:
In his typical blackmail attempts, Judische would contact the victim company, sometimes with the help of an intermediary, and offer to produce a video proving he deleted the stolen data in exchange for a hefty payment. If the company didn’t comply, Judische or others would dump the data online, making it publicly accessible.
But Judische often made terrible mistakes in those videos. In at least one case, the video showed his system’s hostname, which is basically how the computer identifies itself on a network. Armed with that information, Austin Larsen, a senior threat analyst with cybersecurity company Mandiant, identified where the server hosting some of Judische’s data was. Larsen provided information to relevant parties, they took down the server, which delayed Judische from publishing a victim’s stolen data, Larsen said.
posted by spork at 3:38 PM on November 30, 2024 [22 favorites]
In his typical blackmail attempts, Judische would contact the victim company, sometimes with the help of an intermediary, and offer to produce a video proving he deleted the stolen data in exchange for a hefty payment. If the company didn’t comply, Judische or others would dump the data online, making it publicly accessible.
But Judische often made terrible mistakes in those videos. In at least one case, the video showed his system’s hostname, which is basically how the computer identifies itself on a network. Armed with that information, Austin Larsen, a senior threat analyst with cybersecurity company Mandiant, identified where the server hosting some of Judische’s data was. Larsen provided information to relevant parties, they took down the server, which delayed Judische from publishing a victim’s stolen data, Larsen said.
posted by spork at 3:38 PM on November 30, 2024 [22 favorites]
lmao
posted by They sucked his brains out! at 3:55 PM on November 30, 2024 [4 favorites]
posted by They sucked his brains out! at 3:55 PM on November 30, 2024 [4 favorites]
He repeatedly threatened her and her company on Telegram, which were not even working on the Snowflake hack at the time.
“Why would he target a company that is not working on his case and specializes in identifying cybercriminals?” said Nixon. “It is just the stupidest thing ever.”
He went after her company because she is a woman executive in cybersecurity, and for guys like him hacking is like sexual assault
posted by jamjam at 4:04 PM on November 30, 2024 [33 favorites]
“Why would he target a company that is not working on his case and specializes in identifying cybercriminals?” said Nixon. “It is just the stupidest thing ever.”
He went after her company because she is a woman executive in cybersecurity, and for guys like him hacking is like sexual assault
Rapists and cybercriminals have enough in common that companies should borrow a page from rape prevention to protect themselves against cyberattack, said Terry Gudaitis, a former behavioral profiler for the Central Intelligence Agency, in an interview with Risk & Compliance Journal last week at the TechnoSecurity and Mobile Forensics conference in Myrtle Beach, S.C..And true to form, he left his DNA all over the place.
posted by jamjam at 4:04 PM on November 30, 2024 [33 favorites]
God gave man a penis and a brain but unfortunately God gave man only enough blood to run one at a time
posted by robbyrobs at 4:06 PM on November 30, 2024 [7 favorites]
posted by robbyrobs at 4:06 PM on November 30, 2024 [7 favorites]
I do not understand why this article needs to be illustrated with a photo of the woman targeted. Obviously it's not a private photo or anything, but why publish a photo at all? It's entirely irrelevant to the story.
posted by oneirodynia at 4:26 PM on November 30, 2024 [14 favorites]
posted by oneirodynia at 4:26 PM on November 30, 2024 [14 favorites]
Most media photos are, strictly speaking, entirely irrelevant to the story they are attached to.
I would say that, in this case, they are publishing the photo of a woman who is co-owner and CRO of a cyber-company that just had a big success, so the logic of publishing isn't one of showing a picture of a victim, but of a victor.
posted by mark k at 4:56 PM on November 30, 2024 [25 favorites]
I would say that, in this case, they are publishing the photo of a woman who is co-owner and CRO of a cyber-company that just had a big success, so the logic of publishing isn't one of showing a picture of a victim, but of a victor.
posted by mark k at 4:56 PM on November 30, 2024 [25 favorites]
Looking forward for her return to Darknet Diaries podcast with this story.
posted by drowsy at 5:52 PM on November 30, 2024 [9 favorites]
posted by drowsy at 5:52 PM on November 30, 2024 [9 favorites]
OTOH...
"Isn't it awfully nice to have a penis?
Isn't it frightfully good to have a dong?
It's swell to have a stiffy,
It's divine to own a dick.
From the tiniest little tadger
To the world's biggest prick!"
posted by Windopaene at 6:06 PM on November 30, 2024 [4 favorites]
"Isn't it awfully nice to have a penis?
Isn't it frightfully good to have a dong?
It's swell to have a stiffy,
It's divine to own a dick.
From the tiniest little tadger
To the world's biggest prick!"
posted by Windopaene at 6:06 PM on November 30, 2024 [4 favorites]
Nelson Muntz (pointing) : *ha ha*
posted by symbioid at 6:10 PM on November 30, 2024 [4 favorites]
posted by symbioid at 6:10 PM on November 30, 2024 [4 favorites]
I do not understand why this article needs to be illustrated with a photo of the woman targeted.
Including her picture would make more sense if they also included a picture of the accused.
posted by TedW at 7:34 PM on November 30, 2024 [2 favorites]
Including her picture would make more sense if they also included a picture of the accused.
posted by TedW at 7:34 PM on November 30, 2024 [2 favorites]
Including her picture would make more sense if they also included a picture of the accused.
Presumably the accused targeted 221B with the goal of cyberattacking it, and bragging about it afterwards. Denying him free publicity seems appropriate.
posted by otherchaz at 8:02 PM on November 30, 2024 [9 favorites]
Presumably the accused targeted 221B with the goal of cyberattacking it, and bragging about it afterwards. Denying him free publicity seems appropriate.
posted by otherchaz at 8:02 PM on November 30, 2024 [9 favorites]
A lot of news sources don't publish pictures of criminals because they don't want them to get more attention or notoriety. In this case though, I agree that Nixon and her company were the heroes and this will give her company a ridiculous amount of good press, so it made sense to share her photo as the CEO.
Separately, I don't think it is possible to commit crimes anymore, with so much tracking and DNA etc. It's just a matter of investigation/prosecution which leaves much to be desired. Nixon even said that if this fellow had not targeted her, it would not have been a high priority. He may not have been caught simply because no one skilled would have looked. And she said that if he can access his crypto, it will be a long journey to prosecution. Which I believe.
posted by Toddles at 9:00 PM on November 30, 2024 [4 favorites]
Separately, I don't think it is possible to commit crimes anymore, with so much tracking and DNA etc. It's just a matter of investigation/prosecution which leaves much to be desired. Nixon even said that if this fellow had not targeted her, it would not have been a high priority. He may not have been caught simply because no one skilled would have looked. And she said that if he can access his crypto, it will be a long journey to prosecution. Which I believe.
posted by Toddles at 9:00 PM on November 30, 2024 [4 favorites]
Separately, I don't think it is possible to commit crimes anymore, with so much tracking and DNA etc. It's just a matter of investigation/prosecution which leaves much to be desired... And she said that if he can access his crypto, it will be a long journey to prosecution. Which I believe.
And around and around we go. Where we stop, nobody knows.
posted by Smedly, Butlerian jihadi at 9:48 PM on November 30, 2024
And around and around we go. Where we stop, nobody knows.
posted by Smedly, Butlerian jihadi at 9:48 PM on November 30, 2024
Mod note: One removed. Many flags on the gamers' dicks (falling off) comment. It's true that this isn't about gamers, so presumably also not about their dicks.
posted by taz (staff) at 12:02 AM on December 1, 2024 [7 favorites]
posted by taz (staff) at 12:02 AM on December 1, 2024 [7 favorites]
Isn't the gamers dicks the Arcane thread? This is, for some bizarre reason, poems about how great it is to have a dick.
posted by Iteki at 12:57 AM on December 1, 2024 [2 favorites]
posted by Iteki at 12:57 AM on December 1, 2024 [2 favorites]
Yeah, the company name is explained in the article.
posted by soelo at 7:34 AM on December 1, 2024 [2 favorites]
posted by soelo at 7:34 AM on December 1, 2024 [2 favorites]
I have no objection to Nixon' picture being shown, I just wish there would have been a cool cutline: Brilliant woman cybersecurity officer owns cretinous hacker baby with a picture of the git in a clown suit.
She must not have had an issue with it either--it does say she provided the photo.
posted by BlueHorse at 9:10 AM on December 1, 2024 [2 favorites]
She must not have had an issue with it either--it does say she provided the photo.
posted by BlueHorse at 9:10 AM on December 1, 2024 [2 favorites]
Separately, I don't think it is possible to commit crimes anymore, with so much tracking and DNA etc.
Oh you can commit them, your odds of getting nabbed is higher is all. Back years ago the videos were black and white and the APPLE ][+ had better resolution so the local news 'police are looking for this person' videos back then were not helpful. Today? Retailers have facial recognition and some chains will track people from store to store looking to roll the the person up as a felony with the stuff they are stealing by combining stores. This is covered in older youtube (2012-2016) videos by the stores bragging on capabilities. The better video alone has spawned the phrase 'caught in 4k' to describe getting caught 'dead to rights'.
The US of A has so many things that are 'crimes' on the books the LOC and 3 separate bodies can't actually count them all.
At least one state has a 'this is a list of our misdemeanors' and that is almost 50 pages. But at least it is a list.
Ross of the silk road fame and Alan Fillion of torswats fame all made a mistake and those mistakes lead to them getting nabbed. Even that GRU tied hacker made a small mistake that got him fingered.
I wonder how many hours were wasted by Ms. Nixon and co chasing down dead ends/fake trails. (VS finding the 1st match on some criteria and rolling with it as happened in the torswats case. At least the BS of naming the wrong person got called out by sheriff/FBI in the torswats filings)
posted by rough ashlar at 11:03 AM on December 1, 2024
Oh you can commit them, your odds of getting nabbed is higher is all. Back years ago the videos were black and white and the APPLE ][+ had better resolution so the local news 'police are looking for this person' videos back then were not helpful. Today? Retailers have facial recognition and some chains will track people from store to store looking to roll the the person up as a felony with the stuff they are stealing by combining stores. This is covered in older youtube (2012-2016) videos by the stores bragging on capabilities. The better video alone has spawned the phrase 'caught in 4k' to describe getting caught 'dead to rights'.
The US of A has so many things that are 'crimes' on the books the LOC and 3 separate bodies can't actually count them all.
At least one state has a 'this is a list of our misdemeanors' and that is almost 50 pages. But at least it is a list.
Ross of the silk road fame and Alan Fillion of torswats fame all made a mistake and those mistakes lead to them getting nabbed. Even that GRU tied hacker made a small mistake that got him fingered.
I wonder how many hours were wasted by Ms. Nixon and co chasing down dead ends/fake trails. (VS finding the 1st match on some criteria and rolling with it as happened in the torswats case. At least the BS of naming the wrong person got called out by sheriff/FBI in the torswats filings)
posted by rough ashlar at 11:03 AM on December 1, 2024
Separately, I don't think it is possible to commit crimes anymore
1) let me introduce you to environmental law.
2) have you met the new presidential cabinet?
posted by eustatic at 11:47 AM on December 1, 2024 [6 favorites]
1) let me introduce you to environmental law.
2) have you met the new presidential cabinet?
posted by eustatic at 11:47 AM on December 1, 2024 [6 favorites]
Oh you can commit them, your odds of getting nabbed is higher is all.
I think, again, look at environmental law. I asked ChatGPT which companies have poor environmental compliance under clean air act. This is public information kept online in a couple of different public databases.
ChatGPT said that it could not return an answer, because, even though the answers were public domain, those public data had not been added to its database.
Interesting then, that Microsoft et al, will steal copywritten creations to feed their AI content mill, but when presented with millions of pages of environmental compliance information, all of a sudden the beast loses its appetite
posted by eustatic at 12:09 PM on December 1, 2024 [6 favorites]
I think, again, look at environmental law. I asked ChatGPT which companies have poor environmental compliance under clean air act. This is public information kept online in a couple of different public databases.
ChatGPT said that it could not return an answer, because, even though the answers were public domain, those public data had not been added to its database.
Interesting then, that Microsoft et al, will steal copywritten creations to feed their AI content mill, but when presented with millions of pages of environmental compliance information, all of a sudden the beast loses its appetite
posted by eustatic at 12:09 PM on December 1, 2024 [6 favorites]
I asked ChatGPT the same thing and got a list of companies, with Tesla right at the top. Maybe the version of ChatGPT you're using doesn't have the ability to websearch? Here
posted by The otter lady at 4:16 PM on December 1, 2024 [2 favorites]
posted by The otter lady at 4:16 PM on December 1, 2024 [2 favorites]
As always, ChatGPT can’t be trusted, even with regards to what it “knows”. In general if a comment starts with “I asked ChatGPT …” I assume the following information is not true, or at least not to be trusted.
posted by wemayfreeze at 10:45 AM on December 2, 2024 [6 favorites]
posted by wemayfreeze at 10:45 AM on December 2, 2024 [6 favorites]
« Older Thunderstruck on a Street Organ (SLYT) | Read Palestine Week 2024 Newer »
This thread has been archived and is closed to new comments
He repeatedly threatened her and her company on Telegram, which were not even working on the Snowflake hack at the time.
Terry Pender, the writer, needs work on his misplaced modifiers. I literally did not understand the first sentence at first—a member of Nixon's team made a critical mistake? What? I had to stop and think about it.
The second one wasn't so bad. It's still pretty bad. Telegram were not even working on the Snowflake hack?
That said, this is an interesting story. I understand their reasons for not publicizing the mistake Waifu made, but I want to know what it was. I really want to know what it was. I love stories about security failures, social engineering, and the like. I would love to know what foolish mistake brought down this hacker. I welcome speculations, or the stories of the type of thing a person might do in this situation that would allow them to be identified.
posted by Well I never at 3:17 PM on November 30, 2024 [32 favorites]