> the DOGE teen is a former denizen of ‘The Com,’ an archipelago of Discord and Telegram chat channels that function as a kind of distributed cybercriminal social network for facilitating instant collaboration
To be honest, this is my first time hearing about The Com. Does anyone have any more reading on this? You'd think they'd use something more secure than Discord (which has 0 encryption) and Telegram which doesn't have encryption by default and whose gov't backdoor is basically an open secret[0]
> Violent online groups are targeting and manipulating vulnerable children and young people across widely accessible online platforms. There are multiple groups, associations and evolving subgroups that make up the online network known as The Com – short for community. The Com is a virtual community of groups and individuals who conduct illicit activities that glorify serious violence, cruelty, and gore.
> Elements of The Com network are known to have extreme ideological views and victimise children, coercing them to commit violent acts. Predators groom their victims through different methods – one approach is establishing friendships based on trust or romantic relationships. Another technique involves the use of power or coercive tactics with one goal – taking control over the victims, while getting them to engage in serious violence, self-harm, or other gruesome. It’s a vicious cycle - the predators in this network influence children or young people into conducting acts that increasingly shame, incriminate, or isolate them, this in turn makes them more vulnerable to further exploitation.
> The child sextortion group 764 and the global collective of loosely associated groups known as “The Com” are using tools and techniques normally used for financially motivated cybercrime tactics — such as SIM swapping, IP grabbing and social engineering — to commit violent crimes, according to exclusive law enforcement and intelligence reports reviewed by CyberScoop.
> The reports offer insight into the underbelly of the global network, showing how they are using traditional cybercriminal tools to identify, target, groom, extort, and cause physical and psychological harm to victims as young as 10. They were shared with police nationwide and in some cases, with foreign-allied governments.
The Com is just a general term for crime communities on the Internet. Its not a specific group. The Com includes groups that commit crimes stretching from cybercrime to literally the worst crimes you can think of and the vast majority of this is done on Discord and Telegram.
You can go down a really dark rabbit hole if you really dig deep into some of these groups within The Com.
This is where the worst of the worst spend all their time.
So is "The Com" an actual distinct concept that exists outside of security blogs, or is it more or less the same as "the scene" is used in other communities—just a generic term for all the unaffiliated people who happen to participate in a particular (in this case nefarious) hobby?
The way Krebs uses this first makes it sound like The Com is the name of a specific gang, but when I dig into the details the definition gets really fuzzy and starts to read like it literally just means "English speaking cybercriminals".
If it's the latter, I'm not sure why we need a name for it.
It's distinct in that these groups aren't isolated from each other, there's member overlap and subgroups splintering from each other due to trying to avoid authorities.
It's also distinct in the type of crimes. Sextortion involving young kids/creation and sharing of CSAM merging with extreme political beliefs and encouraging those beliefs, with a specific focus to target young kids particularly those vulnerable enough to not have parents immediately notice. The criminals are often also on the younger side, like 19 year olds leading sex cults[1].
"The Com" goes by other names due to these groups being in a lot of different regions under different monikers and subgroups. 764 network, cvlt network, harm nation, etc. All the same general type of crime and target groups.
What point of “there is a lot of overlap” is difficult to understand? These people are often in many of the same channels because of how easy it is to stay involved through the likes of discord. Krebs didn’t have to go through much effort and neither did the links I posted.
764 also splintered from a nazi group 09V. Don’t downplay them.
Side note, you might want to reassess some of your views that have you pushing the same sort of propaganda that these groups do.
> What point of “there is a lot of overlap” is difficult to understand?
The part where it would matter.
The "race realist" i.e. racist right likes to point out that there is a lot of overlap between certain racial groups and the criminal underclass. Statistically this is sort of true. Trying to use it to reason about any individual is logically known as the fallacy of division or ecological fallacy and colloquially known as "Nazi stuff". You may want to reassess your views that have you employing the same sort of guilt by association tactics that these groups do.
I am not a DOGE fan particularly and I am certainly very interested in whether this guy was a sextortionist or carder, but I'm not very interested in whether he was in a general scene with them.
"The Com" isn't a specific group of people despite what people say.
It's just what people who investigate call these crime communities because it easier to just have a general name for all of them then to name each and every one of them because their are literally hundreds of them and members move between them so a single member of "The Com" can be part of many communities within "Com"
To what degree is this common knowledge? After 20 years of being highly online I'm surprised to be so blindsided. Not that I work in security or anything.
Me to. I suspect its a combination of demographics and sub culture thing (I'm old, and out of the loop on a lot of pop culture and sub-variants). I have noticed a very high degree of nihilism and a sort of "morals are just a role you play in a game" kinda mentality with the younger crowd that looks and acts _very_ different to past generations though..
Plato allegedly said it better than you thoudands of years ago... and if you are "old", maybe he was talking about you? ;)
> What is happening to our young
people? They disrespect their elders, they disobey their parents. They ignore the law. They riot in the streets inflamed with wild notions. Their morals are decaying. What is to become of them?
All of this to say that generations judging each other are rarely objective and very prone to both confirmation bias and broad generalization.
But if are going to generalize, how about this, transgression is part of a healthy growth for most young people (we all test limits by crossing lines one time or an other, some more than others), and most old people (conveniently) forget that they were doing exactly the same with the tools they had at the time.
Let's take a step back and appreciate that societies around the world tend to become less violent and less criminal... when these trends might reverse we can start talking again about the decadence of young people and it's consequences.
So, in the context of the US, yes, those trends are reversing, so it is apropos to examine it (see article content). I am fully aware of the tendency of grumpy old people decrying the amoral youth, my point is that the degree of nihilsim seems qualitatively different than 70's burn-out, 80's goth, or 90's grunge, or what have you. It appears more like a kind of defeatism than rebellion (the more normal youth passtime). Who knows, maybe during the great depression the younger generation was in a similar place, don't know, not THAT old ;-) But it seems less a case of "those old peoples values aren't MY values" and more of a "there are no values" differnce than previous generatonal divides.
Surprised that generation who named themselves slackers gave birth to kids that also don’t have any vision and take pride in not caring about anything?
Also the group is so varied you can’t generalize of what the age group is about. If I think of young person I think of mrbeast or the kids who sit on the road to block the traffic cause they care immensly. I always thought the youth of today just hustle and influence and try to build it themselves and totally lack the ability to chill out. Happy to know there lurks some nihilists somewhere.
Even if it wasn't made up it, it would not be all that relevant IMO because it would not have to mean that "adults have always complained about youth but they always turn out fine", it could also mean "the quality of a society goes up and down over the centuries, in cycles, and both we and Plato/Socrates are/were on a downturn when things started going worse".
That’s an interesting step back, but stepping back further we can recognize that there is no single metrics to let us evaluate if some society is going up or down.
And also that "ceteris paribus sic stantibus" might be indispensable for growing scientific approaches, but irreconcilable gaps in world perception between generations is better taken as an anthropological constant across time than a minor insignificant detail.
I feel that stepping as far back as you do here will kill any meaningful discussion.
"There is no single metric" translates pretty much into "there is no objective meaning of life that can be proven".
In most discussions certain things are implied about shared values. E.g., fascism is bad and democracy good (plenty of people seem to disagree with this these days, but much written discussion, e.g. on HN, assume shared values anyway).
I heard a story yesterday from someone who's job involves dynamite. He had a vocational student tag along for a couple of weeks that would constantly stare at his phone and not pay any attention, causing some dangerous or at least inconvenient situations.
If you step enough back, who can say it is "bad" to get yourself blown up to pieces because you are too TikTok addicted to look around you? In everyday language we assume enough shared values to say this is "bad" though.
>"There is no single metric" translates pretty much into "there is no objective meaning of life that can be proven".
That seems a rather robust baseline, if "objective" means something like "absolute certainty on which we can practically leverage on to reach absolute understanding of everything we might have to deal with". That is, it’s one thing to admit there are some universal truths, it’s an other very different faith step to believe any human can ever be able to construct anything close to the latter.
>fascism is bad and democracy good (plenty of people seem to disagree with this these days, but much written discussion, e.g. on HN, assume shared values anyway).
I’m afraid that I observe the very same tendency in values evolution (I live in France for some context). Though contrary to what this threads focus on, I’m far more concerned with the extreme views that the oldest people in my acquaintances are moving to. No Tiktok on that side, but TV rolling news channel are not that much better. Probably my own HN addiction could be pointed at me just as well.
>In everyday language we assume enough shared values to say this is "bad" though.
Sure we agree here, but just because we assume something, it doesn’t make us correct and accurate.
It's resally common knowledge if you work as a Cyber crime responder or visit some of those forums (e.g. breachforums). Krebs of course has to have a few good contacts in those circles.
From Europol:
> Violent online groups are targeting and manipulating vulnerable children and young people across widely accessible online platforms. There are multiple groups, associations and evolving subgroups that make up the online network known as The Com – short for community. The Com is a virtual community of groups and individuals who conduct illicit activities that glorify serious violence, cruelty, and gore.
> Elements of The Com network are known to have extreme ideological views and victimise children, coercing them to commit violent acts. Predators groom their victims through different methods – one approach is establishing friendships based on trust or romantic relationships. Another technique involves the use of power or coercive tactics with one goal – taking control over the victims, while getting them to engage in serious violence, self-harm, or other gruesome. It’s a vicious cycle - the predators in this network influence children or young people into conducting acts that increasingly shame, incriminate, or isolate them, this in turn makes them more vulnerable to further exploitation.
The seedier parts of the internet (“dark web”) are surprisingly easy to access. It’s just about equivalent to knowing about torrents. (Not safe for life warning)
I suspect it's because it's a label put onto the workhorse of modern crime syndicates, not a vanity title like a gangs have. It's a web of disparate barely connected mercenary dots, so I imagine most people in "The Com" don't actually realise it's a phenomenon that has been named, and that they are a part of it.
I think I am wrong about this. I am seeing mixed opinions about how much and what kind of crime "The Com" covers, I'm probably too out of the loop to comment further to be honest.
I feel like back in 2016 when a reporter asked Donald Trump if he would disavow the Proud Boys and most peoples response was “the what boys?” If you aren’t immersed in the culture you don’t know who the movers and shakers are.
> “They’re going to lay the groundwork and detail plans for exactly what our movement will do,” Trump said during an April 2022 (talking of The Heritage Foundation's Project 2025)
> “I have nothing to do with Project 2025,” Trump said in the opening moments of his September debate against Vice President Kamala Harris. “That’s out there. I haven’t read it. I don’t want to read it, purposely. I’m not going to read it.”
no it isn't. What a blind take. As someone who has ventured down these forums when I was younger. Its a mix of gamers/programmers/online hustlers. Some of it is grey area, some if it is renting out RDP's/VPNS for malicious users acting as middlemen for the criminals.
The mob mentality of rule following software engineers on here who are throwing out the accusation that these are all hardened criminals that want to burn down society here are a testament to the fact that hackernews is a cesspool of careerists. If you haven't ventured down these, I would even argue that you've no idea how the internet actually functions outside of your usual entertainment holes.
That's literally my point—someone submitted that definition, 150+ people agreed with it, and no one submitted an alternate of any sort.
I would tend to expect that if OP is right that there's more nuance to Coms and it's not primarily about crime, there would be at least one alternate definition, because, as you note, anyone can make a definition there, and it's emphatically not a site dominated by the HN bubble.
That there is no alternate says that the crime-centric understanding of Coms is the primary one on at least one other site that doesn't match OP's stereotype.
If the word is just a made up newthing, why would there be an alternate definition? You can find 150 people to agree with anything on the internet. It's the most trivial thing in the world to achieve.
What kind of a take is this? UD has the cess but it is also archival and useful. I use it several times a year to do topical writeups for friends about words.
You mean outside of the sites where the vast majority of the online traffic and economic activity happen?
Do you really think that anything would meaningfully change in the world if these little niche communities disappeared tomorrow? They’re a rounding error on the internet.
You say this as if it’s a good thing, that the internet has been cornered into a few very small but wildly popular corners. You arent wrong. I’m not sure what this has to do with my original point. I did some extremely interesting stuff in these groups.
I’m not praising the status quo, I’m taking issue with your “how the internet actually functions outside the big sites” thing. Of course hardly anyone knows how these tiny weird communities operate: they don’t matter.
You say that like "hustling" isn't a crime, like gamergate didn't happen, like "programmers" don't write code to do all sorts of things, legal and illegal.
Some of us are old enough to know that none of this is new.
No one is saying these are "hardened" criminals, but none of them care about the consequences of what they are participating in and that is just as disqualifying for public service.
Forum schmorum, you know what I’m talking about. Telegram, WhatsApp. Forum : “place, meeting, or medium where ideas and views on a particular issue can be exchanged.”
but the question is why operate on such insecure, backdoored, government friendly platforms? if they're smart enough to commit cybercrimes, why make such a basic opsec blunder? or are the skiddie tiers of these networks all that's visible/accessible to reporters?
> if they're smart enough to commit cybercrimes, why make such a basic opsec blunder?
Why do you assume that they have to be smart to commit cyber crimes? As a general rule, most criminals are as dumb if not dumber than most regular people. Cyber crime is no different. Consider that cyber crime is not (just) hacking, it includes things like calling someone's grandma to convince her she needs to wire you $40k now or someone might go to prison for a car accident. Or at least texting this over WhatsApp.
Maybe by binding the idea of smartness with the ability to think beyond the given and possibly not blindly obey exogenous rules. Of course smartness is a relatively independent parameter from ethics. If the law requires contributing to some genocides, blindly obey is not the same ethical dilemma as if it forbids to practice torture and murder.
When I was a teen these types hung out on IRC and even AOL in chatrooms like "progs" to trade credit card numbers. Young people and operational security doesn't exist.
>Young people and operational security doesn't exist.
If I had PII in the systems they have access to I would be concerned. How long until someone gets spear phished or malware is installed on their presumably non-compliant systems? There's a reason why big corps spend significantly on security training for new grads.
It is all fun and games until you think about not only the victims but the possible harm done. Even a loss of a small amount of money can be life changing.
Swatting is just something the morally impaired can relate to better.
Of course, though I got swatted for defacing another group's page and not stealing credit cards.
And honestly I never even used my card stash anyway and I had thousands and thousands-- not because I'm a good person or whatever but because I was paranoid after that. The rush of building a duplicate of LOVE@AOL and then trawling my way through chatrooms and building my email list "Someone liked you, sign into your premium love@AOL account to see who" was too exhilirating to give up for 13-year-old me even if I was essentially tag-and-release phishing.
Most journalists don't have a background in X when they are reporting upon X. This is normal. That said, he is very open that he does not have a cybersecurity background (trained engineer), but he does rely heavily upon a network of experts. Again, a reporter working on a story about geopolitics is unlikely to have past experience as a high ranking gov't official in state dept/foreign ministry, but will rely heavily upon a network of experts. Do you have any specific concerns about this?
Well to be fair, a lot of people who fancy themselves as a part of the Com don't have any either. A lot of them are skiddies posers. Quite the cringe crowd tbh, or maybe I just found a particularly young group.
[L]earned Russian: Woah, is this really true? Russian is a very difficult language to learn if you are not from former USSR, nor a Slavic language speaker. (I was told that the grammar is very complex.) I tried to Google about it, but I could not find anything. Can you share some sources? I am curious to learn more!
>Krebs, who tells in first person his inquiries about this rivalry, even learned Russian and traveled to the Russian Federation to interview them in person and, along the way, gives us a portrait of how the mafias that use the Internet for their purposes act and organize themselves.
Discord is very popular with skiddies and real criminal organizations alike. It's got pretty basic KYC controls in place, meaning essentially anyone with just an email can sign up. It can be accessed from behind VPNs without any issues, so effectively it doesn't matter that it's not e2e encrypted.
I feel that discord the company probably let's it slide because:
1. Moderation at scale is incredibly difficult.
2. They work with law enforcement agencies to execute warrants and subpoenas.
I've been mistakenly banned from Discord before and I know from experience that pretty much any low level mod has a complete and readibly accessible history of all of my posts across all servers complete with timestamps and IP addresses
I'm also pretty sure phone number are required for sign up
I think your second point is the more likely explanation. Any other platform that would've hosted this many communities dedicated to drugs, cybercrime, etc would definitely have faced serious legal challenges. It seems much more likely that feds find it a useful platform to keep around
A mobile phone number is required for certain Discord servers (a setting available to the admins) but not for sign-up (maybe if you are using an IP in a suspicious/VPN range they force it now?). Otherwise they only require a valid email.
For Telegram though there isn't really a way around it, a phone is required. There is/was a way to buy some TON crypto token instead to avoid this verification but it became prohibitively too expensive.
I still don't get how Discord can be secure - I suspect it can't. Just the fact that the forums are persistent, and controlled by a third party, and the client is closed source means people on there can be compromised at any point incredibly easily, VPN or not.
Just something as simple as using a cookie or local storage can leave permanent traces behind so all the access can be easily correllated.
I'm not even sure if serious infosec measures exist to stop this, and if they do, someone is bound to slip up and they need to do it just once, and expose the whole chatroom.
I'm not a hacker but this sounds like failing Opsec 101, and people getting by just with sheer luck.
> It can be accessed from behind VPNs without any issues, so effectively it doesn't matter that it's not e2e encrypted.
How do these two things correlate? I thought the benefit of E2E encryption is the fact that no one can decrypt your messages except for the participants in the conversation. There’s no keys anywhere on a server that an admin could use to decrypt the conversation. How would being behind a VPN negate that? The VPN still has to go through Discord servers where a key is presumably stored if the information is encrypted at all.
This info seems very outdated. Creating a discord account from even a residential IP without SMS KYC is from my experience basically impossible, they even block most (all?) sms VOIP services.
I recommend Marc-André Argentino's research on the Com; he's a conspiracy researcher who got his PhD on QAnon. He leans left, if that's a factor for you.
That piece doesn't get specific at all about Com activities but be aware that some of the manifestos and other material he discusses is quite disturbing.
He cites same journalist Krebs that has no cybersecurity background. Even Marc-André Argentino himself is a master of arts in theology and not a real cybersecurity specialist.
Nah, he has a PhD from Concordia’s individualized program, supervised by professors from both Theological Studies and Information System Engineering. But it’s true that he’s not coming at this from a cybersecurity perspective, he’s an extremism researcher.
I wouldn’t rely on him to evaluate how good someone is at exploits and so on. I do respect his research skills and his ability to evaluate weird cult manifestos.
This coming from Gyudin, who cites no credentials and is not a real journalism specialist. See? Real easy to discredit someone by credentialism. Instead, you can read his article and take apart his points, since you're unsatisfied by his interpretation
To be honest, this is my first time hearing about The Com. Does anyone have any more reading on this? You'd think they'd use something more secure than Discord (which has 0 encryption) and Telegram which doesn't have encryption by default and whose gov't backdoor is basically an open secret[0]
[0] https://words.filippo.io/dispatches/telegram-ecdh/