Via U.S. Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security:
Allison Nixon, chief research officer at the New York-based cybersecurity firm Unit 221B, helped track down Kiberphant0m’s real life identity. Nixon was among several security researchers who faced harassment and specific threats of violence from Judische and his associates.
“Anonymously extorting the President and VP as a member of the military is a bad idea, but it’s an even worse idea to harass people who specialize in de-anonymizing cybercriminals,” Nixon told KrebsOnSecurity. She said the investigation into Kiberphant0m shows that law enforcement is getting better and faster at going after cybercriminals — especially those who are actually living in the United States.
“Between when we, and an anonymous colleague, found his opsec mistake on November 10th to his last Telegram activity on December 6, law enforcement set the speed record for the fastest turnaround time for an American federal cyber case that I have witnessed in my career,” she said.
Nixon asked to share a message for all the other Kiberphant0ms out there who think they can’t be found and arrested.
“I know that young people involved in cybercrime will read these articles,” Nixon said. “You need to stop doing stupid shit and get a lawyer. Law enforcement wants to put all of you in prison for a long time.”
Nixon used to work for a different company. My employer contracted with her employer. She visited our Seattle area office at least once if not multiple times. I remember sitting across the conference table from her once. I think I may have even made reference here on my blog to some of the things she told us.
I remember being concerned about how open she was with her involvement in putting multiple cyber criminals in jail. Some of them were “selling violence as a service”. I asked her about it. She claimed she was taking appropriate precautions.
I hope she stays safe. She is very bright, a hard worker, and gets results. She has contributed far more than her share of giving bad guys very bad days.
Footnote: You do recognize the reference in her new employer’s name, right?
Elementary, my dear Huffman. Cute name.
Well, it’s not #10 Downing Street. But, pretty close.
Glad to see at least an occasional case where cyberterrorists get caught. But unfortunately this is a rare exception. The legal machinery generally only goes after these people with a vengeance when their victims are high profile important people. People with clout. The VAST majority of times such criminal misconduct is at best a passing criminal report with zero actions. The odds of getting caught aren’t zero for cyber crooks…but pretty damn close. And while AI might make it easier to catch cyber crooks it will concurrently make cyber crime much easier, more successful and harder to investigate.
“The legal machinery generally only goes after these people with a vengeance when their victims are high profile important people.”
This.
Many, if not most, of the people who get Swatted are not anonymous, but often not terribly high profile, or have a local profile rather than a national one. When a Swatter has a high percentage chance – right now it’s only marginally greater than zero – to be identified and prosecuted then we will have arrived.
Part of the problem with swatting is that it’s typically treated as a “prank”, when the correct charge is “attempted murder”.