Edit: nevermind, this is what I get for pointing analytics to 0.0.0.0. Mondays…
Oops. I forgot that I /etc/hosts’ed analytics.google.com to 0.0.0.0 months ago. Good job, past me.
@dcoderlt I got some people v& by MitMing Google Analytics. (they were doing crimes)
@ryanc
Amazing
@ryanc
“Is you running analytics on a criminal fucking conspiracy?”
@dcoderlt they had a jira for their criminal conspiracy, in fact
@ryanc
I’d enjoy hearing more of this story
@dcoderlt https://www.justice.gov/usao-edny/pr/russian-cybercriminal-sentenced-10-years-prison-digital-advertising-fraud-scheme
I deliberately infected a laptop with the malware proxy they were using, then injected a bespoke piece of code that got the bots' IP addresses via flash using RTSP.
Sent that to the feds and they worked with interpol to get a warrant.
@ryanc
Very cool!
They still had Flash in those days?