Might be my best sleuthing scoop this year (ah still 30+ days to go!):
-
@venya Thank you! That's comforting.
-
S. G. Tallentyre (π€¨ β»ββ»)replied to BrianKrebs last edited by [email protected]
Buttholio. That's a name.
-
S. G. Tallentyre (π€¨ β»ββ»)replied to BrianKrebs last edited by [email protected]
Also, you did an outstanding job piecing all of this together, and this just goes to show how it's always OPSEC failures that get come back to bite you if anything's going to. He used the same usernames in multiple places each, and would get on one of his accounts and name at least one of the others. Correct me if I'm wrong, but it looked like he used the same string of apparently random numbers in two places, for some reason. I've sent people links to my account here, from other accounts elsewhere that I don't necessarily want associated with this one, and I really thought about it beforehand like, "I'm sure if someone were smart enough and they had enough time on their hands, they could probably dig this up and associate both accounts years later." I'm sure they could, too, but they're not gonna get anything juicy because of that. This dude was using the same Discord account to talk about Escape from Tarkov, tell people he's in the Army, talk about South Korea, and tell people about his hacks. That's asinine.
-
Andrew π» Brandt πreplied to Magenta π Rocks last edited by
@MagentaRocks @briankrebs maybe they're behind 7 proxies!
-
BrianKrebsreplied to S. G. Tallentyre (π€¨ β»ββ») last edited by
@StephenTallentyre This guy was undone primarily by two things that often trips up people like this: They can't stand it when someone belittles what they do, and often feel the need to prove themselves. Also, they screw someone over -- often over something really insignificant - and they end up getting doxed over it. In this case, Kiberphant0m ripped a member of the Russian forum Exploit over $350, and the admin listed all other accounts associated with the same cookie. That right there was a rosetta stone.
-
BrianKrebsreplied to Andrew π» Brandt π last edited by
@threatresearch @MagentaRocks No, I think this guy's layers go to 11
-
S. G. Tallentyre (π€¨ β»ββ»)replied to BrianKrebs last edited by
Wow.
-
Catherine is disorganizedreplied to BrianKrebs last edited by
@briankrebs I hear the USDB in Leavenworth makes boot camp look like a five star resort.
-
@briankrebs awesome investigative journalism! I note the mind maps - not my thing (itβs pen-and-paper when I need to think) but it made me wonder: are there other tools you use when linking connections in large datasets?
-
@Kynx a large text-only file