‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Monday, December 28, 2020 5:41 PM, Karl <gmkarl@gmail.com> wrote: ...
if a normal cracker thought of this, they would of course compromise somebody else's infrastructure and use that, as a norm. i think crackers think of things like that, if they are able to do them, which they usually are.
this happens! the issue is, that your activity is visible to the original attackers - this is why most of the time, when one group compromises the systems of another, they watch and copy, rather than take over. it is indeed not too uncommon to find yourself on a system, only to discover someone else is already there :P
back when i paid attention to things, random crackers were way more knowledgeable than government or corporate employees.
that used to be more true than it is today. over the past decade plus, there has been a strong push to recruit hacker talent into covert ops. the FBI does this with a stick : "you've been caught, how about we forget this incident and you work for Uncle Sam?" the Intelligence Community does it with carrot : "If you hack for us, you can do illegal things with exorbitant resources; we'll pay you well. why not?" hence today you are likely to find the best hackers working indirectly for government, via defense contractors, under secrecy. there are exceptions, like Google's Project Zero and whitehat bounty hunters.
when i found the trojans on the activist computers in west virginia around 2013, they were modified forms of a chinese trojan used for credit card theft, that didn't appear to be publically documented. i'd never investigated a trojan much before.
yup, this too clouds the attribution effort - older code more widely disseminated, and thus harder to attribute. i am reminded of the spy game, a "Wilderness of Mirrors", it applies to digital attacks as well... best regards,