[whoknew1122]

It's pretty astounding that they used Gmail to conduct their business. The trail was super easy once they had access to the email account.

The thing about OpSec is that most people don't think about it before they need it. And by that time it's too late. That may not apply here though, because it appears they were loose with OpSec until the very end.

[mhoad]

I don’t know how many people would have reasonably put be arrested and extradited to a foreign country for running a PDF website as a part of their threat model.

[whoknew1122]

They absolutely had to know that they were breaking US copyright law. And you don't mess the bottom lines of US-based companies, or Uncle Sam is coming for you.

As a poor kid who put themselves through college, I definitely sympathize with, and understand that, the price of text books and academic work is insane. I may or may not have even used the website or its analogues once or twice.

But at the end of the day, they had to know what they were doing. If you're doing ransomware/carding/etc. you don't target Russia or its friends. And if you're trying to get around copyright law, you don't operate within reach of the US government. These are things that anyone who has been around security for even a couple of months understands.

Do I think people should be grabbed from foreign countries over copyright? No. But if you're operating in that world, it's colossally stupid to not take OpSec seriously.

[ROTMetro]

Man you're really leaving a lot out to try and make some kind of point aren't you?

[mhoad]

Im saying that this level of attention and resources put on this case is wildly disproportionate and looks nothing like justice to me.

[iudqnolq]

They had a banner inviting people with experience in high risk payments to contact them, which screamed "inexperienced and looking to be honeypotted" to me.