Yes, the "genpop" indulging in casual crimey activities are shockingly lax about basic opsec.
I did some work consulting for the NCA a few years back (they're a very weird mix of some extremely tech-competent folks, and some parts total luddite) scraping "dark web" forums looking for high-value law enforcement targets -- and it was ludicrously simple to identify "retail" participants who were, for example, trying to buy credit card/bank info dumps,
FWIW unless there was some sort of big metrics-driven or politically motivated push, these retail-type small fry were generally ignored in favour of trying to identify and trace down more organised efforts.
Yes, the "genpop" indulging in casual crimey activities are shockingly lax about basic opsec.
I did some work consulting for the NCA a few years back (they're a very weird mix of some extremely tech-competent folks, and some parts total luddite) scraping "dark web" forums looking for high-value law enforcement targets -- and it was ludicrously simple to identify "retail" participants who were, for example, trying to buy credit card/bank info dumps,
FWIW unless there was some sort of big metrics-driven or politically motivated push, these retail-type small fry were generally ignored in favour of trying to identify and trace down more organised efforts.