CrimeOps: The Operational Art of Cyber Crime

I don&#x27;t understand how they can keep people in line. It takes <i>one</i> to talk, and the whole organization is at risk.<p>Online &quot;reputation management&quot; is easy work, it&#x27;s a very grey area, and it would take a lot of investigation to reveal that someone has actually been targeted and attacked.<p>But take medication sellers, the covers are great, but it only takes one customer to brag about it and then it&#x27;s a matter of time until you&#x27;re done. Anything said online will come under the review of authorities sooner or later.<p>If we are do delve deeper, real world hits are even riskier. And they don&#x27;t pay enough! Sure, I guess the people at the top of these organizations make serious dough, but the ones doing the work are paid peanuts.<p>I guess it takes a special kind of person to do that, someone with a death wish, nothing to lose, and probably a massive hate boner for something.<p>I&#x27;ve always been fascinated by the criminal &quot;underworld&quot;, even though I would never participate in anything, too much risk for too little reward.

Fascinating take on a different, darker side of tech innovation. Makes complete sense that criminal gangs use the same agile approaches to innovation that a start-up would use. Of course this is thegruqg writing here, so I expected nothing less. It somehow makes criminal activity seem so much more mundane when I imagine guys at desks writing code against support tickets and user stories.<p>Meta: It&#x27;s nice to see an opsec company get smart and publish some of the better thinkers&#x2F;communicators (like thegrugq) over writing product-tailored in-house content. Maybe security is an easier field to do this for, as being scared (justifiably or otherwise) is generally good for business.<p>EDIT: expanded comment

Off-topic nitpick: is the way to get people interested in what your software company is doing about %thing% to slap the suffix -&quot;Ops&quot; to whatever %thing% is? I&#x27;ve noticed it in some curious and interesting uses lately. CrimeOps being the most recent one via this very post.<p>Maybe not a nitpick, I don&#x27;t mean to dismiss Okta&#x27;s endeavors; but it&#x27;s certainly something that&#x27;s caused a flutter of the eyebrow and an almost automatic reaching of the hand to ponderously scratch the beard.

Out of curiosity: if FIN7 was using JIRA&#x27;s cloud version, can Atlassian be held responsible for FIN7&#x27;s activities (or in general for ensuring compliance on their platform)?

JIRA! I suppose that&#x27;s why they call it &quot;organized crime&quot;.