Re: Smells Funny: Looking for help against Chinese Hacking Team

[Dotzero <dotzero () gmail com>]

On Sat, Jan 10, 2009 at 1:20 PM, jc <antihacker.jc () gmail com> wrote:
>        While I can't speak for others, by nature I'm paid to be paranoid.
>  It goes with the
> career, that and realizing no one will exclaim, "Thanx for keeping us safe"
> -- rather, more
> like, "Why couldn't you keep us safe...?"  The negatives are expounded long
> before the
> positives....metrics, people, information be dammed (your 'Atta-Boy!'
> mileage may vary)...

Nothing wrong with being paranoid... within bounds. Sometimes they
really are out to get you. I say this after roughly a week on limited
sleep dealing with something.

> ...So when I look back on the thread, with further research on stings,
> setups, and phishing
> scenarios, I get the feeling this was some kind of troll, some kind of
> experiment, some kind of
> juicy target, a lawful honeypot if you will.

Looked back at the thread. Maybe so, maybe no.
> Does anyone else get the same sort of creepy-crawly feeling?   When I look
> at the way it was
> written, and the obvious vulnerabilities/clues given, it smells to good to
> be true.  Or is this level
> of innate incompetence the norm?

I would argue that this level of competence IS the norm, particularly
from people who think they are going to get a $200 solution to their
security emergency.

> Do I need to leave the building and get some fresh air?  Speak Human instead
> of Binary?
> Or does something not smell right about the whole thing a month later?

Whatever works for you. I try to deal with things as dispassionately
as possible. Why does it matter if it is a troll or not? It's a pretty
open list so I assume that there are trolls and that there are
watchers here.

Just a few thoughts.