I don't understand how they can keep people in line. It takes <i>one</i> to talk, and the whole organization is at risk.<p>Online "reputation management" is easy work, it's a very grey area, and it would take a lot of investigation to reveal that someone has actually been targeted and attacked.<p>But take medication sellers, the covers are great, but it only takes one customer to brag about it and then it's a matter of time until you're done. Anything said online will come under the review of authorities sooner or later.<p>If we are do delve deeper, real world hits are even riskier. And they don't pay enough! Sure, I guess the people at the top of these organizations make serious dough, but the ones doing the work are paid peanuts.<p>I guess it takes a special kind of person to do that, someone with a death wish, nothing to lose, and probably a massive hate boner for something.<p>I've always been fascinated by the criminal "underworld", even though I would never participate in anything, too much risk for too little reward.
Fascinating take on a different, darker side of tech innovation. Makes complete sense that criminal gangs use the same agile approaches to innovation that a start-up would use. Of course this is thegruqg writing here, so I expected nothing less. It somehow makes criminal activity seem so much more mundane when I imagine guys at desks writing code against support tickets and user stories.<p>Meta: It's nice to see an opsec company get smart and publish some of the better thinkers/communicators (like thegrugq) over writing product-tailored in-house content. Maybe security is an easier field to do this for, as being scared (justifiably or otherwise) is generally good for business.<p>EDIT: expanded comment
Off-topic nitpick: is the way to get people interested in what your software company is doing about %thing% to slap the suffix -"Ops" to whatever %thing% is? I've noticed it in some curious and interesting uses lately. CrimeOps being the most recent one via this very post.<p>Maybe not a nitpick, I don't mean to dismiss Okta's endeavors; but it's certainly something that's caused a flutter of the eyebrow and an almost automatic reaching of the hand to ponderously scratch the beard.
Out of curiosity: if FIN7 was using JIRA's cloud version, can Atlassian be held responsible for FIN7's activities (or in general for ensuring compliance on their platform)?