> Kiberphant0m denied being in the U.S. Army or ever being in South Korea, and said all of that was a lengthy ruse designed to create a fictitious persona.
>
> “Epic opsec troll,” they claimed.
If this were really a fictitious persona meant to lead investigators away from their true identity, they'd never admit to such. This sounds like someone trying to deflect upon being found out. I'd wager that this person is going to be caught.
Krebs has an image of a mind-map at the end of the article showing links between the aliases.
It also seems like a bad opsec if he creates multiple aliases for the same theme. Wouldn't you want to have one us soldier, one Russian, one African, etc. if you are trying to create red herrings?
> Kiberphant0m denied being in the U.S. Army or ever being in South Korea, and said all of that was a lengthy ruse designed to create a fictitious persona. “Epic opsec troll,” they claimed.
This is called a "double cover story", a classic deflection when someone is caught or exposed.
Eh; let's wait and see. For any claim for insight there's an equivalent claim for fabrication. any such analysis that relies on this is inherently flimsy.
Any insight based on histogram of the timing of this person's posts, particularly ones responding to a just slightly earlier post? (ie was clearly awake and not an artificially-delayed response).
Krebs knows about this timezone analysis technique, wonder if he didn't check this or it was inconclusive?
Is that effective for people who aren't literally being paid a salary to do this stuff 9-5? A lot of people who spend too much time on computers have totally out of wack sleep schedules that would look like they operating from very different timezones.
> Immediately after Kiberphant0m logged on to the Dstat channel, another user wrote “hi buttholio,” to which Kiberphant0m replied with an affirmative greeting “wsg,” or “what’s good.”
It's kind of unfortunate for him that he didn't do a better job of referencing Beavis and Butthead. If his username was "Cornholio" or even "Bungholio", it could read as someone directly referencing the show and potentially unrelated to the other account, making his deniability a bit more plausible.
In theory, sure, in reality it's almost always much more benign and they have terrible Opsec over time that allows people to piece together their identity. Especially if they reuse usernames across services.
I feel like leaving a bunch of misdirection would also risk potentially just leave real traces behind that in some ways.
At least in my mind leaving some false trails behind, when I run through scenarios, seems like it could leave actual trails / to the point of not being worth the extra risk.
Being a high-stakes criminal is too difficult. One slip-up and you're compromised. There's a million opportunities for slip ups and there's a million opportunities for investigators to get lucky.
Seems like the guy has been fucking around for a while. No wonder none of our allies want to share intelligence or plans with us. The US Military is a liability when it comes to keeping shit secret, they leak like a sieve. They need to get a handle on this shit, who knows what this guy has given to the Russians or Chinese.
Huggingface bought its biggest competitor, Gradio (still used more than Streamlit) for an "undisclosed" amount of money a year or so before hand. I'd wager HF paid on the orders of 1-5 million.
I did toy with the idea of trying do analysis of HN aliases and keywords. It never went anywhere, because I forgot about it, but a longer weekend is coming:D But yeah, language betrays, who we are in references alone.
>
> “Epic opsec troll,” they claimed.
If this were really a fictitious persona meant to lead investigators away from their true identity, they'd never admit to such. This sounds like someone trying to deflect upon being found out. I'd wager that this person is going to be caught.
Krebs has an image of a mind-map at the end of the article showing links between the aliases.
reply