Terrible Tales of Opsec Oversights: How Cybercrooks Get Themselves Caught
The phrase "success breeds complacency" is an old adage, but it's especially relevant when it comes to cybercrime. Cybercriminals often take shortcuts when it comes to opsec (operations security), and these oversights can be their downfall. In this article, we'll explore some terrible tales of opsec failures that led to the capture of highly skilled cybercrooks.
One recent example is Kai West, a 25-year-old Brit who was arrested in connection with the "IntelBroker" case. According to the FBI's indictment, West caused around $25 million worth of damage to companies between 2023 and 2025. He allegedly used various tactics, including phishing and malware, to steal sensitive data.
The US authorities claim that West's failure to cover his tracks was a key factor in his capture. According to the indictment, investigators purchased stolen data from one of IntelBroker's victims and tracked it down to a Bitcoin wallet controlled by West. They also found a Coinbase account linked to West, which had his provisional driver's license attached to it.
West is accused of seeking to collect at least $2 million from sales of company data during the same period. A small chunk of that sum belonged to federal investigators, who used it to track him down. The investigation highlights the importance of opsec in cybercrime.
Another recent example is Nicholas Kloster, who pleaded guilty to charges last year. Kloster's methodology was a real head-scratcher, as he allegedly disregarded basic opsec principles. Within a month of being hired by a new company, he used the company credit card to make personal purchases, including a thumb drive advertised as a hacking tool.
Kloster also broke into a health club after working hours, caused around $5,000 worth of damage to its security camera system, and used that to secure employment as a security professional. He presumably did this to flaunt his expertise as a means to convince the health club that he knew his stuff.
Kloster's actions are a stark contrast to those of Hector Monsegur, aka Sabu, aka leader of the LulzSec crime ring responsible for attacks on Sony Pictures, Fox, PBS, Bethesda, and more. While Monsegur was usually water-tight when it comes to opsec, he crucially failed to use Tor to log into a chatroom used by LulzSec less than a week after one of the group's most high-profile attacks.
Monsegur received a lenient sentence in exchange for his quick agreement to become an FBI informant. The information he supplied led to the arrests of four additional members of LulzSec.
A former member of Anonymous, Monsegur is a cautionary tale about the dangers of complacency when it comes to opsec. His story serves as a reminder that even highly skilled cybercrooks can make mistakes that lead to their downfall.
Another example is Zachary Shames, who made in excess of $100,000 from his award-winning high school programming project – Limitless Logger. Researchers at Trend Micro tipped off the FBI to Shames' exploits, and they were able to track him down using small nuggets of information he provided while using his Mephobia alias.
Shames pleaded guilty to aiding and abetting computer intrusions in 2017. His case highlights the importance of opsec in preventing cybercrime.
A final example is Ross Ulbricht, who was arrested in 2015 for running Silk Road, the first major drug marketplace of its kind. While his opsec failings were more basic than his peers, they led to his capture. One of the funnier examples of terrible opsec in the court documents was a question he asked on Stack Overflow about a PHP problem he was encountering, including details that led the technical community to link it to Ulbricht and Silk Road.
Ulbricht's story serves as a reminder that even the most skilled cybercrooks can make mistakes that lead to their capture. Opsec is essential in preventing cybercrime, and these terrible tales highlight the importance of staying vigilant and taking steps to protect yourself from cyber threats.