|
|
|
|
|
|
by mschuster91
1777 days ago
|
|
|
Money laundering, especially when hundreds of millions of dollars in value are on the line (meaning it's not your sleepy local police office dealing with it, but the best the federal government can offer), is hard in itself - and cashing out in actual physical dollars is even harder. The potential for messing up on the way is simply enormous. Remember Silk Road? Guy got v& because of a stackoverflow post. |
|
|
Ulbricht messed up in a lot of different ways. That was just one of the many. It wasn't just one little slip-up; he had truly awful OPSEC. (And pretty poor technical skills in general, it seems, based on his SO question [1] and various other things.) Even if the SO question potentially may have been found through parallel construction (no way to ever know), there were so many different parallel paths investigators could've taken that his downfall was almost certainly inevitable.
But your overall point is definitely correct. The oft-quoted attacker's advantage in information (and other) security is that the defenders need to "win" every time and the attackers only need to "win" once. Try 100 different exploit attempts; if the defenders prevent 99 of them, they lose.
This gets flipped when it comes to OPSEC. The attacker needs to "win" every OPSEC battle and the investigators often only need to "win" once. If they find a single mistake, they may be able to tug on a thread that leads to the attacker's likely affiliation and identity. And the more sophisticated and complex the attack, the more surface area there is for mistakes, just like how more complex systems/organizations have larger surface areas for attackers to target.
[1] https://stackoverflow.com/questions/15445285/how-can-i-conne...