NetWire Remote Access Trojan Maker Arrested
From Brian Krebs:
A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI). While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and location of its owner for the past 11 years.
The article details the mistakes that led to the person’s address.
Clive Robinson • March 14, 2023 11:07 AM
@ ALL,
I guess the question many will ask is,
“11 Years, Why so long?”
As for the “mistakes” the use of a password “123456xx” is not exactly an uncommon password as indicated,
However it should tell cyber-crooks they have two choices,
1, Use a totally random password for one account only.
2, Use passwords from the top of the password cracker lists.
But at the end of the day the usual ways crooks are caught,
1, They flap their gums.
2, They leave a money trail.
3, They get “grassed-up” by an accomplase.
4, They do the same thing over and over.
When the identity of the actual person detained becomes confirmed we can see if there are other mistakes they may have made.
It’s not impossible to be a cyber-crook, and earn a living at it, you just have to know a lot about how you can trip up.
It was not that long ago that people thought they could not be traced via crypto-coins. Even an FBI officer who stole some thought that… Mostly we know better.
But the point is that what ever system you think secure today will not be on a few months or years, then at some point an early tap on the door with a breaching-ram tells you that you’ve made a mistake.
Thus I would expect that some slightly smarter crooks will work out how to set-up one or two patsies / scapegoats to act as “fire-breaks” or “canaries”. So when the authorities go for the patsies the actual crooks get a warning and can fade.