The tech team doesn’t want to give them the ability because it causes too many escalations. The legal team doesn’t want it because what if something goes wrong and someone sues? The customer experience team… wait, customer experience team? We don’t got no stinkin customer experience team. Those suckers only exist to give us money, and it’s been proven beyond a doubt that no matter how much we fuck with them they’ll keep buying the games anyway.
For the past couple weeks or months, twitter has been shuffling the order of sidebar buttons to make room for new features e.g "Premium", "Grok", "Verified Orgs" "Jobs" "Communities"... with no way of disabling this helpful 'feature' or changing the order. "Lists" is now hidden in the same submenu as settings. Way to kill my muscle memory...
A clear distinction should be made, this isn't kids hacking companies for 'fun' or some kind of Kevin Mitnick-esque story where the thrill was having something they shouldn't or bypassing systems. These people wanted money and notoriety and got it by any means necessary, yet it took THREE arrests to finally put an end to it. They weren't just targetting multibillion dollar corporations, either.
Meanwhile in the very same country, the teenage criminal who helped ransom MGM casinos and London's transportation (twice arrested) is also free and likely actively deploying ransomware and sim swapping as we speak. I get that they're legally "children", but it's not like they're 9 year olds being tricked into do other peoples bidding, these are quite literally criminal masterminds working for themselves, and should be charged as one. "I promise I won't go online again" and supervision for a couple months obviously isn't working when you have companies getting hacked from a hotel room.
It's always funny when <american government agency> announces "sanctions" on north korean, chinese, russian state sponsored hacking groups. What are you going to do, block them from using AWS?
There is often a sizeable non public component to some of these things that is firmly more in the gray zone.
For example knowing that there are few legal options to deal with Russian groups who were doing ransomware attacks on hospitals there was recently a public name and shame campaign that lots of people had this exact kind of response to but the actual way they were looking to impose costs on these groups was by making sure that other crime groups in the country were very aware of who these people were, that they didn’t have any meaningful protection but they did have a lot of crypto money that would be very easy to rob from them. The idea was to put them in harms way since as the theory goes it would cause others to think twice.
Tactics differ obviously depending on the target and what options make sense but this was for a non state backed group who didn’t have anything other than a cyber component to them.
Uh, arrest them when they show up in a country with an extradition treaty?
Do you think relatively highly paid individuals don't take foreign vacations?
> [1] That was true for the men released Thursday. Both were arrested on vacation in countries that cooperate with the U.S. Klyushin was arrested in Sion, Switzerland — four people alleged to be co-conspirators remain at large — and Seleznev in Maldives.
Russians get got, but Israelis? I don't see the US government pulling many strings to get them.
Malware companies have openly operated in Israel for decades: https://en.wikipedia.org/wiki/Download_Valley How many extraditions of those guys to America from anywhere have there ever been?
And do you ever hear American politicians make a stink about it? Hell no, they're too busy bragging about how they love Israel much more than their opponent.
I mean really the arrest warrants or sanctions are just feel good PR for the agencies issuing them to let the public they are "doing something". It's the only thing they can do. For example, they aint ever going to pop a North Korean threat actor bc they simply cant travel at will.
They do pop Russians traveling outside of the CIS country region on vacation[1].
>According to Europol, a suspected LockBit ransomware developer was arrested in August 2024 at the request of French authorities while on holiday outside of Russia.
One of my favorite quotes about these hackers in CIS is, "Who cares if you have hundreds of millions of dollars, you are still stuck in Russia or the CIS region for the rest of your life".
> they aint ever going to pop a North Korean threat actor bc they simply cant travel at will.
True, but the USG has a long memory and holds grudges. Even if they never travel, they have to be confident every future government of the country will have their back. What's the odds the North Korean or Russian regime substantially changes in their lifetimes? Probably higher than the chance a future US administration will stop caring about an outstanding warrant.
Did you miss the legislatiin requiring KYC programs for IaaS providers? Basically adds AWS and all othe American clouds to the bucket of companies having to surveil for people on OFAC.
Exactly, it just results in misguided measures like IP-range bans. Yeah, sure, that's going to stop a group dedicated to finding zero days and other technical flaws.
I don't see their inner thoughts detailed in this article I am reading. Are you their pastor or something?
They didn't report it, because (A) they were themselves involved in illegal activity, and they knew it and/or (B) the drug cartel element, even if they were in Canada, may threaten them with imminent violence or great harm. (Although the three-nation cluster** nature of this crime makes that seem unlikely)
If you meet a new gentleman and he steals your purse on the first date, you may contact police. If you hired a prostitute, and wake up without your wallet, you may let that one slide.
Consider the drug buyer who calls the police because his dealer cheated him, or the trafficker who shows up at the impound facility to claim his wares, or the embezzler who reports the stolen income on his taxes... a rare breed indeed!
