On Tue, Oct 24, 2023 at 03:11:06AM +0100, Richard Clayton via mailop wrote: > In message <[email protected]>, Matt Palmer > via mailop <[email protected]> writes > > >The relative "noisiness" of the attack, in fact, is a fairly strong signal > >that it *isn't* lawful intercept; western law enforcement agencies are > >typically very hesitant to do anything that could "tip off" the target of > >their investigation. > > In my, perhaps jaundiced, view the revelation of the attack (an expired > cert) suggests that it was indeed LI ... it's the sort of thing that > goes wrong with ad hoc arrangements.
I would contend that p(noisy hackers) >> p(noisy lawful intercept). It's not that the cops don't screw up now and then, but rather that their failures tend to have greater adverse consequences (media, politicians, blown investigations, abrupt career termination, etc), so they're more motivated to not make this sort of mistake. Meanwhile, hackers (and I include most of the non-western nation states here) don't have to worry about PR problems, so forgetting to clean up after themselves is less of a concern. The exception of course is opsec failures that lead to lengthy terms of incarceration, but forgetting to renew a cert isn't *that* kind of mistake. - Matt _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
