undefined | Better HN

0 pointsipython2y ago0 comments

You’re overstating the technical capabilities at scale and understating just basic investigation techniques.

“Buffering” absolutely happens for a variety of reasons.

Tracking down the money or owning the operations infrastructure of the hosting companies along the way can help. Try to expand past bits on the wire- people set this stuff up at the end of the day.

0 comments

rightbyte2y ago

What does scale have to do with it. That is like saying I don't understand, because it is Big Data in the Cloud with Edge Computing. As I see it I just need one computer in Venezuela and the trail is gone.

There is a lot of hand waiving from "security" folks. They are probably about as fraudulent as bullet forensics etc.

ipythonOP2y ago

You’re doing your own hand waving. Why does a computer in Venezuela make the trail go cold? I could have an agent working for me passing me customer lists from Venezuelian colo facilities. Combine that with knowledge of known shell entities who also operate from other points of presence and I can make inferences. If I want I could then use offensive techniques to own the middle box and enhance my confidence level by observing traffic/stored data on that machine.

Look I can’t summarize how threat actor attribution works in a hacker news comment. Does that mean the people who do it are quacks? Nope. I know people who do it, who build tools to help, and they are exceptionally sharp technical minds.

And I see you have casually dismissed an entire industry because you may not understand how someone could draw conclusions from imperfect data?

Hate to say it but this happens all day every day as human existence is filled with imperfect data. Not everything can be summarized in a neat mathematical form.

Does that mean you don’t try? I choose to try my best and continually improve methods. Otherwise what’s the point? Just give up because we can’t model human behavior and geopolitics as a pure functional state machine?

rightbyte2y ago

Sure I am not claiming that you can't figure out who or where the hackers are. I am claiming that you more or less have to arrest them and get their computers to be even remotely sure, and that it is trivial to frame hackers or "frame" the plot of dirt where they are located, for a hack. Especially so, when the victim can shift blame to CYA.

If the methodology is secret because secret, I as a observer just assumes everything is made up. It is way to convenient for Microsoft to shift blame. There is this smell of the Clinton email leak again.

I mean, you I presume, and I, are programmers. How ludacris would it be to claim it is not a miracle the computer it even boots? It is black box upon black box and the "pink elephant behind my back", in the world of computing, is real.

2 more replies

j / k navigate · click thread line to collapse

0 comments

rightbyte2y ago

There is a lot of hand waiving from "security" folks. They are probably about as fraudulent as bullet forensics etc.

ipythonOP2y ago

And I see you have casually dismissed an entire industry because you may not understand how someone could draw conclusions from imperfect data?

Hate to say it but this happens all day every day as human existence is filled with imperfect data. Not everything can be summarized in a neat mathematical form.

rightbyte2y ago

2 more replies

j / k navigate · click thread line to collapse