My FBI Profiler Called Me Sophisticated. What Else Did He Get Wrong?

Tim Pappa | Josh Brody

Cybercriminal reputations aren’t built by cybercriminals. They’re built by the analysts, reporters, and vendors around them – and, sometimes, by the federal government itself. Every stage of that pipeline seems to be rewarded for rounding up. This talk uses one cybercrime case to show that mechanism: a six-year criminal online sports piracy platform that the government preferred to call “sophisticated, calculated, and brazen” while seeking the statutory maximum and alleging Brody’s bug bounty find was Brody compromising a professional sports league streaming network. We present our shared experiences and disagreements about the two weeks in 2021, when an undercover federal agent engaged this platform operator online – Pappa as the FBI profiler who analyzed Brody to design that undercover engagement, and Brody as the sports piracy platform operator. We put the characterization next to the keyboard – showing what “reverse engineering” and “unauthorized access to computer networks” meant in practice, and trace how adjectives compound across CTI reports, court filings, and press releases, with nobody in the loop incentivized to challenge these threat matrices.