$300 million 'superhackers' are not so super after all

Filed Under: Data loss, Featured, Law & order

Pin in map. Image courtesy of Shutterstock.Two of the five men named in an indictment last week, widely labelled "the largest ever hacking and data breach scheme in the United States", were caught thanks to some pretty obvious carelessness - they posted their holiday snaps online and let their mobile phones broadcast their location to the cops on their trail.

29-year-old Dmitriy Smilianets, thought to have been in charge of monetizing the credit card data heisted by the rest of the gang, maintained a jaunty presence on social networks and ran a globe-trotting online gaming team, according to Reuters.

When one of his travelling companions was identified as Vladimir Drinkman, a suspected confederate of convicted ringleader Albert Gonzalez, cops put two and two together and closed in.

Drinkman's phone was transmitting location data, allowing the law to pin the group down to a hotel in the Netherlands, where local police picked the two up as they prepared to board a tour bus.

Smilianets has been extradicted to the US, while Drinkman remains in the Netherlands battling extradiction.

The team's lack of basic precautions seems to contradict recent speculation that an 'inverse CSI effect' may either deter potential cybercrooks, or force them to take ever more extreme care in covering their tracks.

Forensic scientist. Image courtesy of Shutterstock.The standard 'CSI effect' derives from the long-running TV show, which encouraged juries to expect miracles from crime scene scientists - CCTV images enhanced to show car license plates reflected in raindrops from a hundred yards, accurate facial reconstructions extrapolated from a single nasal hair and so on - and finding real-world science disappointing and unconvincing as a result.

The "inverse" effect, described in a forthcoming scientific paper, suggests that any digital wrongdoers not put off perpetrating crimes by the threat of improbably advanced detection techniques may instead have to increase the value of their heists to cover the growing costs of adequate caution, or take increasingly stringent measures to hide from the law.

While the scale of this crew's eight-year run of crimes may fit the theory, the clumsy approach to anonymity and secrecy seems to fly in the face of its propositions.

The police may claim to have "got lucky", but their luck was very much helped along by incompetence, arrogance and hubris.

The remaining three men listed in last week's indictment remain at large in Russia, with the New Jersey US Attorney's unusual step of naming uncaptured suspects seen as an open criticism of the ineffective input of Russian law enforcement.

If their approach to keeping a low profile is anything like that of their alleged cohorts, it's only a matter of time before they're brought bang to rights.

Images of pin and scientist courtesy of Shutterstock.

, , , , ,

You might like

2 Responses to $300 million 'superhackers' are not so super after all

  1. Burners exist for a reason. Dipwads.

  2. Oh, yes, hackers will get better at covering their tracks. These things take time. To be more precise, the SMARTER hackers, the serious ones, will get better at it. Dummies will continue to go to jail.

    This is no different than the rest of the criminal underworld, except that hackers tend to be a hair smarter than, say, the thug who mugs you on the street.

    Not sure they'll ever be smarter than the banker who takes down your entire national banking system, though.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.