"during a meeting with FBI and FSB, a Russian official came to a member of the Dutch police team, pointed at someone from the FBI and said "he is copying your data". An investigator went looking and saw that indeed the American had a thumb drive in a police laptop and was copying Dutch information"
Funny, but slightly depressing too. I wonder how it's like for security professionals working internationally when you always have to consider that your international partners are likely looking to stab you in the back. Would probably be too frustrating for me.
The background article [1] in Dutch somewhat vaguely states that: (emphasis mine)
It's hard to do anything against this type of crime: the [ZeuS] virus is particularly effective and the owners are hiding behind anonymous internet browsers. And often they use the servers of the Dutch provider Leaseweb. In 2008, 27 percent of European data traffic went via the servers of this company from Haarlemmermeer. The police have an explanation for this. 'This is likely due to the combination of high-speed internet access, a relatively inexpensive product offering and a high degree of freedom and anonymity when setting up the leased facilities,' says an internal note.
Maybe the criminals were running a VPN server on the leaseweb servers, so incoming ICQ was encrypted but outgoing (to the ICQ servers) was unencrypted?
Perhaps ICQ comms servers or proxies are located at Leaseweb? The AMS-IX is I think the largest connection between Europe and the US, it makes sense as a central location for a messaging service, or as pass through for messages between Russia and the U.S. (not sure what the lines are like the other way around the world).
> AMS-IX is the largest connection between Europe and the US
An IX (Internet eXchange) is not a connection, but is more like a giant switch, where internet access providers send local traffic, so they don't have to send it through their bandwidth providers, to cut bandwidth costs.
The AMS-IX is more or less the largest internet exchange in the world.
Running a messaging client on a server, like centericq or irssi, was not uncommon, especially for someone from Russia, since all of their internet communications are openly surveilled.
Funny, but slightly depressing too. I wonder how it's like for security professionals working internationally when you always have to consider that your international partners are likely looking to stab you in the back. Would probably be too frustrating for me.