Two of the five men named in an indictment last week, widely labelled “the largest ever hacking and data breach scheme in the United States“, were caught thanks to some pretty obvious carelessness – they posted their holiday snaps online and let their mobile phones broadcast their location to the cops on their trail.
29-year-old Dmitriy Smilianets, thought to have been in charge of monetizing the credit card data heisted by the rest of the gang, maintained a jaunty presence on social networks and ran a globe-trotting online gaming team, according to Reuters.
When one of his travelling companions was identified as Vladimir Drinkman, a suspected confederate of convicted ringleader Albert Gonzalez, cops put two and two together and closed in.
Drinkman’s phone was transmitting location data, allowing the law to pin the group down to a hotel in the Netherlands, where local police picked the two up as they prepared to board a tour bus.
Smilianets has been extradicted to the US, while Drinkman remains in the Netherlands battling extradiction.
The team’s lack of basic precautions seems to contradict recent speculation that an ‘inverse CSI effect’ may either deter potential cybercrooks, or force them to take ever more extreme care in covering their tracks.
The standard ‘CSI effect’ derives from the long-running TV show, which encouraged juries to expect miracles from crime scene scientists – CCTV images enhanced to show car license plates reflected in raindrops from a hundred yards, accurate facial reconstructions extrapolated from a single nasal hair and so on – and finding real-world science disappointing and unconvincing as a result.
The “inverse” effect, described in a forthcoming scientific paper, suggests that any digital wrongdoers not put off perpetrating crimes by the threat of improbably advanced detection techniques may instead have to increase the value of their heists to cover the growing costs of adequate caution, or take increasingly stringent measures to hide from the law.
While the scale of this crew’s eight-year run of crimes may fit the theory, the clumsy approach to anonymity and secrecy seems to fly in the face of its propositions.
The police may claim to have “got lucky”, but their luck was very much helped along by incompetence, arrogance and hubris.
The remaining three men listed in last week’s indictment remain at large in Russia, with the New Jersey US Attorney’s unusual step of naming uncaptured suspects seen as an open criticism of the ineffective input of Russian law enforcement.
If their approach to keeping a low profile is anything like that of their alleged cohorts, it’s only a matter of time before they’re brought bang to rights.Follow @NakedSecurity