we catch the dumb ones

I was reading a Branden Williams blog post and came across a line that I agree with. It’s one of those lines that I think needs time to sink in and be pondered, as it applies to not just traditional crime, but cyber crimes as well.

When I was first interested in computer forensics, I took an optional course at a security conference, given by the head of fraud at Lucent. It was a great class, where he walked through real scenarios that he had to deal with. After the session we were talking for a bit and I asked him, “If I did *** and *** and of course ***, how would you have to change your investigation?” He responded by saying, “We’d never find you. You see, we catch the dumb ones.” [author’s italics, my bold emphasis]

It somewhat resonates to understand that law enforcement does not try to prevent all crimes. Can you imagine how ridiculous the controls and cost would be to prevent all crime in a particular type?

Really, just keep things like this in mind.

Oh, and also, definitely be scared of intelligent attackers (one [of many] reason the criminal arena of the digital world is scary). And be scared of those who operate absolutely on their own or in small circles or with the cover of diplomatic immunity of some sort. One of the biggest problems for criminals is the lack of trust in their own circles, which means lone rogues are powerful. And the less they need to rely on anyone else, like someone to sell their stolen goods to, or identity providers, the better off they are.

Thankfully, our underlying societal, governmental, and religious ideals (believe it, you’re influenced by religious morals even if you don’t specifically align with a religion) help keeps the general intelligent public from being too criminal. Unfortunately, it is far easier to cross moral lines when you’re masked by the anonymity of the internet and physical meatspace from your targets/victims/work.

And so on…