Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Crime Security

Krebs Publishes 'Interview With the Guy Who Tried To Frame Me For Heroin Possession' (krebsonsecurity.com) 52

"In April 2013, I received via U.S. mail more than a gram of pure heroin as part of a scheme to get me arrested for drug possession," writes security reserch Brian Krebs. "But the plan failed and the Ukrainian mastermind behind it soon after was imprisoned for unrelated cybercrime offenses.

"That individual recently gave his first interview since finishing his jail time here in the states, and he's shared some select (if often abrasive and coarse) details on how he got into cybercrime and why... Vovnenko claims he never sent anything and that it was all done by members of his forum... "They sent all sorts of crazy shit. Forty or so guys would send. When I was already doing time, one of the dudes sent it...." In an interview published on the Russian-language security blog Krober.biz, Vovnenko said he began stealing early in life, and by 13 was already getting picked up for petty robberies and thefts... "After watching movies and reading books about hackers, I really wanted to become a sort of virtual bandit who robs banks without leaving home," Vovnenko recalled...

Around the same time Fly was taking bitcoin donations for a fund to purchase heroin on my behalf, he was also engaged to be married to a nice young woman. But Fly apparently did not fully trust his bride-to-be, so he had malware installed on her system that forwarded him copies of all email that she sent and received. But Fly would make at least two big operational security mistakes in this spying effort: First, he had his fiancée's messages forwarded to an email account he'd used for plenty of cybercriminal stuff related to his various "Fly" identities. Mistake number two was the password for his email account was the same as one of his cybercrime forum admin accounts. And unbeknownst to him at the time, that forum was hacked, with all email addresses and hashed passwords exposed.

Soon enough, investigators were reading Fly's email, including the messages forwarded from his wife's account that had details about their upcoming nuptials, such as shipping addresses for their wedding-related items and the full name of Fly's fiancée. It didn't take long to zero in on Fly's location in Naples. While it may sound unlikely that a guy so immeshed in the cybercrime space could make such rookie security mistakes, I have found that a great many cybercriminals actually have worse operational security than the average Internet user. I suspect this may be because the nature of their activities requires them to create vast numbers of single- or brief-use accounts, and in general they tend to re-use credentials across multiple sites, or else pick very poor passwords -- even for critical resources...

Towards the end, Fly says he's considering going back to school, and that he may even take up information security as a study. I wish him luck in that whatever that endeavor is as long as he can also avoid stealing from people.

This discussion has been archived. No new comments can be posted.

Krebs Publishes 'Interview With the Guy Who Tried To Frame Me For Heroin Possession'

Comments Filter:
  • ... even for a white guy.

  • by Confused ( 34234 ) on Monday September 30, 2019 @03:21AM (#59251876) Homepage

    This proves again, that following a successful career as a criminal (or as a terrorist) is a lot harder than it appears.

    While the law-enforcement can bumble across many tries to catch her (female pronoun for social justice), all the small mistakes add up in her disfavour. Also, as with everything, practice makes perfect.

    So either she practices and gets it perfect sooner or later, making many mistakes on the way
    - or she tries one single big coup, which has a higher chance of failing because of lack of practice.

    This is what really protects society from crime and gives the police a fair chance.

    • As I said below:

      The vast majority are never caught. Or even reported.
      Law enforcement has a biased view because most criminals it is on to, are caught.
      But for most crime, a suspect (or even a crime) is never identified, if you look at the statistics of crimes committed VS criminals caught.

      But of course, every law enforcer with half a brain spreads the story, that most criminals are caught. In the hope that that already deters crime. It is an age-old demoralization tactic.

      Statistics tell us something else tho

      • I think you are taking "the majority of crimes go unsolved" and then using it to assume that "the majority of criminals are not arrested", which is possible but unlikely. What you don't seem to be taking into account is that most criminals do more than one crime, and even when caught are unlikely to be punished, or even connected, to other crimes they have committed. Do some career criminals avoid arrest entirely? Undoubtedly, but the pattern you are more likely to see is one of fairly frequent interaction

    • Sorry, wtf are you smoking exactly? The individual in this story is a man and the majority of crimes are committed by men so give the pathetic virtue signalling a rest.

      • by stdarg ( 456557 ) on Monday September 30, 2019 @07:52AM (#59252190)

        Excuse me, "her" could very well refer to a man whose preferred pronouns includes "her." Check yourself.

        • by Viol8 ( 599362 )

          He can prefer what he likes, he can pretend he's a poodle for all I care. But if he has a dick and balls he is a HE.

          • by Anonymous Coward
            Found the nazi
          • by MrKaos ( 858439 )

            But if he has a dick and balls he is a HE.

            But HE identifies as a 15 year old Thai girl. It's a perfectly normal sane thing for a man to do. What's wrong with you?

      • by cascadingstylesheet ( 140919 ) on Monday September 30, 2019 @09:20AM (#59252408) Journal

        Sorry, wtf are you smoking exactly? The individual in this story is a man and the majority of crimes are committed by men so give the pathetic virtue signalling a rest.

        He's making the humorous point that nobody insists on calling a hypothetical techie "she" when it's a criminal.

      • Sorry, wtf are you smoking exactly? The individual in this story is a man and the majority of crimes are committed by men so give the pathetic virtue signalling a rest.

        He's making the humorous point that nobody insists on using the superfluous "she" when the hypothetical techie is a criminal.

      • by MrKaos ( 858439 )

        the majority of crimes are committed by men

        Women are perfectly capable of producing crime and mayhem as men are, they're just not given the same opportunities as men to do so. Also women are under-represented in jails because sexist pig *men* reduce their jail terms unfairly so that just don't appear to be as criminal as men.

        Women want to steal, rape and murder however it is a lot more difficult for them to do so because, as usual, men get in the way of them achieving anything in their criminal careers, for which they get far less loot than men

    • This proves again, that following a successful career as a criminal (or as a terrorist) is a lot harder than it appears.

      While the law-enforcement can bumble across many tries to catch her (female pronoun for social justice), all the small mistakes add up in her disfavour. Also, as with everything, practice makes perfect.

      So either she practices and gets it perfect sooner or later, making many mistakes on the way - or she tries one single big coup, which has a higher chance of failing because of lack of practice.

      This is what really protects society from crime and gives the police a fair chance.

      To clarify, being a stupid criminal is hard work, much like being a stupid human is.

      And this doesn't "prove" jack shit. For all you know, this moron who got caught represents less than 1% of cybercriminals out there. The other 99% could be robbing the world blind and getting away with it, all because of the sheer amount of noise. Even "petty" crimes that law enforcement now ignores aren't so petty anymore due to lack of legal resources, so what makes you think we're going to know or even give a shit abou

      • I expect it is a lot of hard work, more work then doing an honest job. However for most people in crime, they are barriers to entry to legit work, that they seem to not be able to get past.
        Such as not having the correct schooling.
        As schools will often have a 0 tolerance policy which is applied only to the non-rich and non-sport stars. So a child who is constantly getting kicked out of class, due to bad attitude (which originally seems to stem from the student trying to get grasp of information being taught

    • by MrKaos ( 858439 )

      So either she practices and gets it perfect sooner or later, making many mistakes on the way

      Would you send me a link to the specific cat video you're referring to?

  • by BAReFO0t ( 6240524 ) on Monday September 30, 2019 @03:46AM (#59251898)

    "How come so many criminals make rookie mistakes?"

    Because those are the ones you catch!

    "Most criminals are caught."

    No, you only mostly see criminals because you are on to them!

    If you look at just the crimes reported, the vast majority are never solved.
    And that is ignoring the majority that are not reported, because the victim already knows that nothing will come of it.

    • by Viol8 ( 599362 ) on Monday September 30, 2019 @05:03AM (#59251956) Homepage

      Thats why they get caught. Yes some are smart but not many because most smart people manage to get successful proper jobs. A dumb psychopath might commit armed robbery or murder, a smart one becomes a CEO.

      • A dumb psychopath might commit armed robbery or murder, a smart one becomes a CEO.

        And then he commits lawyer-armed robbery or murder?

        • by Falos ( 2905315 )

          "Fatal consequences arising from Mr. Smith's involvement with the concerned party" if you please.

      • Thats why they get caught. Yes some are smart but not many because most smart people manage to get successful proper jobs. A dumb psychopath might commit armed robbery or murder, a smart one becomes a CEO.

        True, but that doesn't mean the CEO doesn't commit crimes. "This contract is better for the company because the partner is able to deliver but that contract seems better because it has a better price and they are giving me use of a ski-chalet (true story) so I'll go for that one". "They are better qualified but I'll go for her instead because she's my friends' daughter". "She is a better contractor but I don't want to deal with women". "This chemical will cause the world to overheat but the alternative

        • True, but that doesn't mean the CEO doesn't commit crimes. "This contract is better for the company because the partner is able to deliver but that contract seems better because it has a better price and they are giving me use of a ski-chalet (true story) so I'll go for that one". "They are better qualified but I'll go for her instead because she's my friends' daughter". "She is a better contractor but I don't want to deal with women". "This chemical will cause the world to overheat but the alternatives will cost us more, so I'll go for this chemical".

          In each of these cases there's an actual crime but it can be seen only in the CEO's head. A simple denial with a made up explanation ("we didn't know", "HR said she had better inter-personal skills", "I thought we would need C++ skills soon", "the evidence was unclear and we the other scientists were more credible") and there isn't even a crime to report let alone prosecute.

          Can you tell me the statutes involved? I can see the first one possibly being a bribe.

          The others are not crimes, and the CEO isn't likely to be making those decisions anyhow.

          But we had auditable guidelines, such as we were required to have a certain percentage of contracts awarded to businesses owned by humans that possessed female genitals. It's been a few years, so I do not know how they comply with gender as a social construct. I might be able to tell them I identify as female and join that group. And

      • What's smart about running the rat race? The way a third of your income goes to career criminals who will spend half of it bombing brown people for oil?

        "A dumb psychopath might commit armed robbery or murder, a smart one becomes a CEO."

        Yeah, because a CEO's crimes can kill more people than any murder, even a mass shooting.

      • by MrKaos ( 858439 )

        Thats why they get caught.

        That's why *he* got caught, don't mis-gender him by using "they", just apologize and move on.

      • Why do you just keep repeating your TV-show-based beliefs?

        That is another popular misconception.

        If you are doing well, and your life is alright, then unless you got a mental illness, you don't think about doing crime. Why would you?

        It is nearly always the people whose life is in the toilet.
        And while that is often due to not getting the right upbringing or education, it does not follow that they are stupid per se.
        Which correlates with most not being caught.

        One of those mental illnesses is psychopathy/sociopa

        • by Viol8 ( 599362 )

          "beyond my control "

          No my friend - one or 2 of those things you mentioned might have been beyond your control but no one has that much bad luck happen to them unless they attract it in some way or they're complete idiots. Which one are you?

    • If you look at just the crimes reported, the vast majority are never solved.
      And that is ignoring the majority that are not reported, because the victim already knows that nothing will come of it.

      While I think you are correct to raise this argument, it is not quite so clear that there is a significant portion of the career criminals out there who are just so smart that they are never caught. If you ask a police officer or DA, they will tell you that of the ones that are caught, most of them surely were involved in many many crimes that they will go unpunished for, because the high evidence bar for a conviction makes the costs of going to old crimes the suspect probably was involved in too high. Ba

  • Personally, I find it hilarious that what fell him was the two cardinal sins why people become victim of cybercrime in the first place: Using your mail for too many things to make ID theft possible and reusing your password.

  • by Rosco P. Coltrane ( 209368 ) on Monday September 30, 2019 @07:08AM (#59252102)

    It's always other people who get nice stuff sent to them for free in the mail. Me, I never get nothing...

  • mine is a algorithm for each site im not going to write one for you, but its . (salt) + whatever{shortened_12}.com)
  • Most criminals aren't really genius masterminds. Generally, they're more like evil clowns.

    Especially this guy. /shudder. That young lady is very fortunate to have dodged a marriage to this guy.
  • Sooo... how was the heroin?
  • by FilmedInNoir ( 1392323 ) on Monday September 30, 2019 @09:22AM (#59252420)
    Are security companies staffed by former hackers successful?
    If I want someone to babysit my kids I don't look for a former pedophile.
    • by Nidi62 ( 1525137 )

      Are security companies staffed by former hackers successful?

      If I want someone to babysit my kids I don't look for a former pedophile.

      It's the same idea as using someone who went to prison for B and E to consult for home security, or the government employing former forgers to work on anti-counterfeiting task forces.

    • Sometimes. Usually if the former criminal was a genius who established techniques in common use. It helps if they were playing around because they loved testing systems or because they liked the challenge of the cat and mouse game. Especially if they were fairly young when caught. I'm thinking Kevin Mitnick or Frank Abagnale (the real guy from "Catch Me If You Can".) But even then, it's usually designing countermeasures/giving speeches/consulting, not the grunt work. And both those examples worked wi

    • It's more analogous to hiring said person as a consultant on the way those people behave, how to identify them, how they do what it is they do, etc. You wouldn't hire the former criminal to hold onto your passwords, you'd hire them to tell you how they'd get your passwords so you can close that hole.
  • That's more excitement than I want in my life ...
  • to legalize all drugs. Treat the hard stuff as a medical condition.
  • Use a password manager and make sure you have multi-factor authentication enabled on your accounts.

To stay youthful, stay useful.

Working...