[Tireings]

Especially how long does it take for them to get a non Russian ip

[ajsnigrutin]

Russian IPs are used, because russia won't help the american authorities with investigations. If I was an american and hacking into <whatever american thing>, I'd use russian IPs too.

[darkerside]

Couldn't you route through a Russian IP for anonymity and then a US IP for access?

[dwattttt]

It's not anonymous if the US IP has a real life connection to you.

[tom1337]

I think what the original commenter meant was a multi-hop setup like this:

You -> Russian IP -> US IP

then you'd get anonymity via the Russian hop but aren't geoblocked due to your final hop being in the US.

[tgsovlerkhgsel]

I'm sure there's at least one VPN service that has US IPs and takes Monero.

[XorNot]

I'm almost certain US law enforcement, at least until recently, would've directly operated such a service.

In the same way that it's relatively easy to find a hitman on the dark web, it's considerably harder for them to actually not be law enforcement.

[tgsovlerkhgsel]

Which is fine for the attacker here. All they need is to hit the login endpoint from an IP that's geolocated to the US. They don't mind if it's possible to trace it to their Russian IP. And that's roughly all that the VPN service sees. I explicitly mentioned Monero because I believe that when used properly, it wouldn't add any extra information.

[mcmcmc]

Mullvad

[dagaci]

Russian IPs were in the pool because it never occurred to them to check where these IPs were geo registered

[sanderjd]

Yep, pretty much impossible to disentangle careless incompetence from malevolence with these goons.

[daveguy]

Yup. That's what they're counting on.