When I was learning some homelab stuff, and was setting up PfSense, I was able to see the geos of all that scans/attacks on my home internet. I was surprised to see that Netherlands was up there with Russian and China. They all got geo blocked.
We should note these are not even slightly legitimate hosting companies, lest anyone worry too much about their non-KYC offshore servers. These aren't hosting companies that ask little, they are just directly front companies for Russian intelligence, owned by members of Russian intelligence, they don't do anything else, they don't provide hosting service to regular people even if you want it.
Unlike in Germany where I lost several social media accounts because my email service provider (pissmail) went to jail because someone signed up for his service and sent spam.
The company inherited all their customers and equipment from a sanctioned company (according to the Dutch news report). Should be enough for most people.
I’ve been on the defender side of security my whole career.
I know in some markets crime pays more than legitimate work, but it never ceases to amaze me how much thought, effort, planning, and engineering goes into providing infrastructure IT services for cybercriminals. The people involved definitely have the skills to be profitable at legitimate work; it just puzzles me that they choose to support criminals.
I watched the downfall and eventual jailing of someone who had a great job, career, and family after he started getting involved in cybercrime.
As far as I can make sense of it, he enjoyed the thrill of feeling superior to others: Evading the law, exploiting people who viewed as stupid, and enriching himself in the process.
He got caught through a mistake that was really dumb in retrospect. I think he believed his intellectual superiority combined with the stupidity of others so much that eventually he couldn’t imagine anyone catching him.
>As far as I can make sense of it, he enjoyed the thrill of feeling superior to others: Evading the law, exploiting people who viewed as stupid, and enriching himself in the process.
I sadly see this pattern of thinking far more often than I want to in my fellow eastern Europeans.
Let's not generalize, even if you feel like you can say that because you're a member of a group you're generalizing. It's unfair to most of the people in any group being generalized.
Stereotypes exist for a reason. It's exhausting having to address this concern trolling every single time they're mentioned. Nobody thinks everyone in the group conforms to the stereotype. And they certainly don't need your white knighting.
It isn't "concern trolling" or "white knighting" to call out racism or bigotry, and expect some decency in the discussion. If it is "exhausting" for you to be propagating unfair stereotypes, perhaps stop your bad behavior?
Because they cannot be profitable. Job market is not the same on both ends. If you are east European and you try to get a job in an international corporation, the in all cases offer salaries adjusted for regional averages, unless you are willing to reallocate. Only few startups and FAANG like companies, often compensation in line what is received in the western world.
And there is also a thrill of doing it, which other guys already mentioned.
In a previous life I've employed contractors and software engineers to run a criminal website. Motivations for my guys were that it was well paid work that was technically challenging in order to evade enforcement agencies, and was 'fun' in that respect; they were "sticking it to than man (my service was regarded as moral by all my users & others); and there wasn't so much work about that they could pick and choose; lastly, I was a good employer because I had to be!!
Imagine working for an organization where 1) cybersecurity is actually the #1 priority, ahead of "shareholder value" and all the other gobblygook, 2) you get to design systems where you actually have to assume that every other entity is malicious (not the usual carve-outs like "oh yeah we do zero trust.. but our entire management plane is Azure-managed it's unavoidable"), 3) your budget is effectively unlimited, and 4) you get paid several factors more than you would in private industry.
It's not easy to go legit, especially in today's job market, depending on where you live in the world also.
The US is unique with its high salaries for tech work (on the lower end of those of high salaries is pure ops work like this though). If you're in a country where the average sysadmin salary is substantially lower (to pick on Eastern Europe for a minute, you're looking at the equivalent of ~$30-35k USD/year), it's not hard to see why its tempting to go the cybercrime route.
...because on HN, experiences which somehow contradict the perspective when salaries are highly varying across countries, esp. when someone decides to pick an explicit example, which, even if it shows the truth, is against the base-assumption of the reader of a comment.
Some people are just born into it. Mafia families, etc. There were some very smart people in the American mob, running scams that were immensely profitable. Eventually they get caught though, and with the ease and pervasivness of electronic surveillance today, it's pretty much impossible to do it anymre at least if you're anywhere where the authorities care about it (edit to add: and aren't in on it).
Really? Because while I've seen this, rarely, in individuals. In many cases once you start tracing money the amounts involved in many "die for their beliefs" situations is absurd. Terrorism, for example.
What point are you trying to make other than bigotry? Ethic Russians are not the only Eastern Europeans perpetuating cyber crime. Anyways, Nesterenko is a Ukrainian surname - at least get your racism correct.
> those sanctions failed to target Stark’s remaining connection to the Internet — an Internet service provider based in the Netherlands called MIRhosting.
The fuck, i walk past the office of mirhosting every day
The article spells it out clearly: charging them with violating sanctions law by directly or indirectly making economic resources available to EU-sanctioned entities.
Unlike in Germany where I lost several social media accounts because my email service provider (pissmail) went to jail because someone signed up for his service and sent spam.
The article literally has photos of their english-language customer-facing communications.
I know in some markets crime pays more than legitimate work, but it never ceases to amaze me how much thought, effort, planning, and engineering goes into providing infrastructure IT services for cybercriminals. The people involved definitely have the skills to be profitable at legitimate work; it just puzzles me that they choose to support criminals.
As far as I can make sense of it, he enjoyed the thrill of feeling superior to others: Evading the law, exploiting people who viewed as stupid, and enriching himself in the process.
He got caught through a mistake that was really dumb in retrospect. I think he believed his intellectual superiority combined with the stupidity of others so much that eventually he couldn’t imagine anyone catching him.
I sadly see this pattern of thinking far more often than I want to in my fellow eastern Europeans.
And there is also a thrill of doing it, which other guys already mentioned.
I don't think it's that easy to go legit. having a tech job nowadays is already a luxury
The US is unique with its high salaries for tech work (on the lower end of those of high salaries is pure ops work like this though). If you're in a country where the average sysadmin salary is substantially lower (to pick on Eastern Europe for a minute, you're looking at the equivalent of ~$30-35k USD/year), it's not hard to see why its tempting to go the cybercrime route.
To put it somehow dimplomatic :-D
The only upside here is that criminals will (through legislation) eventually force companies to invest more.
Some people are ready to die for their beliefs. Others just to run businesses supporting their causes.
3 of the 4 persons named have russian links (a large number of Moldovan citizens are ethnic russians).
Really? Because while I've seen this, rarely, in individuals. In many cases once you start tracing money the amounts involved in many "die for their beliefs" situations is absurd. Terrorism, for example.
jarvis, whats the status of my dutch servers
[1] https://en.wikipedia.org/wiki/CyberBunker
The fuck, i walk past the office of mirhosting every day
I guess that's why.
Did you read this part?