[nonrelevant] 2019 military hacking quip article online

Karl gmkarl at gmail.com
Mon Dec 28 10:58:02 PST 2020 

this conversation seems to have some important information in it.  I'm
doing something else right now but added one thing below

On Mon, Dec 28, 2020 at 1:20 PM coderman <coderman at protonmail.com> wrote:
>
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Monday, December 28, 2020 5:41 PM, Karl <gmkarl at gmail.com> wrote:
> ...
> > if a normal cracker thought of this, they would of course compromise
> > somebody else's infrastructure and use that, as a norm. i think
> > crackers think of things like that, if they are able to do them, which
> > they usually are.
>
>
> this happens!  the issue is, that your activity is visible to the original attackers - this is why most of the time, when one group compromises the systems of another, they watch and copy, rather than take over.

i think what coderman is saying here is not that people would refrain
from compromising systems to be unseen, but that people compromise
systems and then don't do anything new with them, in order to be
unseen.  that  is my perception, too.

>
> it is indeed not too uncommon to find yourself on a system, only to discover someone else is already there :P
>
>
>
> > back when i paid attention to things, random crackers were way more
> > knowledgeable than government or corporate employees.
>
> that used to be more true than it is today.
>
> over the past decade plus, there has been a strong push to recruit hacker talent into covert ops.
>
> the FBI does this with a stick : "you've been caught, how about we forget this incident and you work for Uncle Sam?"
>
> the Intelligence Community does it with carrot : "If you hack for us, you can do illegal things with exorbitant resources; we'll pay you well. why not?"
>
> hence today you are likely to find the best hackers working indirectly for government, via defense contractors, under secrecy.
>
> there are exceptions, like Google's Project Zero and whitehat bounty hunters.
>
>
> > when i found the trojans on the activist computers in west virginia
> > around 2013, they were modified forms of a chinese trojan used for
> > credit card theft, that didn't appear to be publically documented.
> > i'd never investigated a trojan much before.
>
> yup, this too clouds the attribution effort - older code more widely disseminated, and thus harder to attribute.
>
> i am reminded of the spy game, a "Wilderness of Mirrors", it applies to digital attacks as well...
>
>
> best regards,
>

More information about the cypherpunks mailing list