Hacker in Snowflake extortions may be a U.S. soldier

Original Article ↗ Hacker News Discussion ↗

Operational security, ego, and “opsec trolls”

  • Many comments argue that major cybercriminals are usually caught by basic opsec failures, often driven by ego and overconfidence.
  • Several people doubt the value of elaborate misdirection: any false “slip-up” still leaks information and creates patterns. Leaving no trace is seen as safer than planting fakes.
  • Others toy with nested “cover story” scenarios but mostly as humor; serious commenters say professionals wouldn’t publicly blow a persona and call it a “troll” if it were truly strategic.
  • There’s skepticism that a genuine high-skill operator would maintain such a loud online persona; verbosity and bravado are seen as red flags.

Attribution, personas, and misdirection about nationality

  • Commenters note that language, nicknames (e.g., Russian transliterations), IP geolocation, and cultural references can all be faked.
  • Some argue that most attackers lack the consistency to maintain a long-term false persona without leaking real clues.
  • Others criticize security-attribution practices that over-trust easy-to-fake indicators (alphabet, time zone, targets), suggesting political and PR incentives to blame foreign state actors.

Evidence from photos, timing, and online traces

  • People discuss using post-time histograms, fast replies, and time-of-day patterns to infer time zones and habits, while noting this can be noisy for night-owl tech users.
  • The posted uniform/legs photo is debated: some think floor tiles, camo pattern placement, and shoe size could help; others note uniforms are mass-produced and surplus gear is easy to buy, so it may be deliberate misdirection.
  • The NSA application date and other cross-linkable details are seen as particularly incriminating, assuming investigators can correlate internal logs.

Tools, platforms, and communications security

  • Telegram is widely criticized as not truly private; Signal is generally viewed as better but some commenters distrust its cloud backup and PIN system, seeing it as inconsistent with its stated data-minimization claims.
  • Several note that poor opsec in group chats (screenshots, leaks by participants) can undo any encryption choice.

Law, military status, and consequences

  • There’s discussion of how military personnel fall under the Uniform Code of Military Justice, with fewer protections than civilians and harsher consequences if caught.
  • Drafted personnel would also be subject to UCMJ, which some find intuitively unjust but historically typical.