top | item 40208074

(no title)

chrizel | 1 year ago

> And from Microsoft / GitHub - who would have a lot additional information (logs, ip-adresses, use of two-factor auth etc.)? Have they made a statement?

Based on a HN comment from a couple of weeks ago, by analyzing the attackers IP addresses from IRC chat logins, it seems they used a VPN service. If you think about it, it makes sense to always use VPN when doing an operation like this. So I think the ip addresses won't be of much use.

discuss

heavyset_go|1 year ago

Might be able to tell which VPN service they used and can then subpoena it.

gzer0|1 year ago

Based on the sophistication we've seen, they probably used Mullvad for their VPN. In that case, a subpoena wouldn't turn up anything.