| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by _0ffh 1319 days ago
	Right, also the source IP of a port scan doesn't say anything about who has initiated that scan. If I were a state actor, I'd do my port scanning from machines in a different jurisdiction for sure.

1 comments

acdha 1319 days ago

Totally - this is like thinking you’ll catch FSB agents by looking for Russian passports.

link

kofejnik 1319 days ago

You probably can

Actual GRU agents have been identified by a receipt for taxi from GRU hq to Sheremetievo airport

link

acdha 1319 days ago

No, you can't. They have a long, well-established history of concealing their undercover agents. The fact that this is not perfect doesn't mean that they don't make the effort, or that you're doing anything other than fooling yourself if you think that all traffic by a national intelligence agency comes from the netblocks assigned to those countries.

link

labster 1318 days ago

You’d think, but everything is worse in Russia. Several agents have been revealed because they were issued sequential passport numbers.

https://mobile.twitter.com/bellingcat/status/151894316662756...

https://www.bellingcat.com/news/2022/08/25/socialite-widow-j...

link