Phishing sites targeting scammers and thieves(krebsonsecurity.com)
krebsonsecurity.com
Phishing sites targeting scammers and thieves
https://krebsonsecurity.com/2021/08/phishing-sites-targeting-scammers-and-thieves/
18 comments
This reminds me of my friends that used to take over botnets and turn them on the C&C servers of other botnets. One guy tried to pay in bitcoin to get his botnet back. That would have been a couple million dollars worth these days... :-/
sounds fascinating, and fraught with peril. I'd be worried that either I'd make myself a target for these hackers/scammers, or law enforcement. Granted most of the hackers/scammers probably aren't very skilled, but if you crossed one that really knew what they were doing... yikes!
I'd also be worried the FBI would eventually come knocking. I'm not so sure the FBI would distinguish between someone "liberating" a botnet and turning it against the original hacker, and the hackers/scammers themselves.
It's not that risky. Most people over-estimate both the criminals and law enforcement.
In general, the FBI aren't looking for you. Somebody has to lose a lot of money and report you, or rat you out, or make up some bullshit about terrorism (like SWATing for black hats). It's also not hard to hide your connections from them. The people who get caught are ratted out by their friends and are very predictable.
In terms of "crossing someone"... these are script kiddies who paid for some malware on a forum, or paid for someone to build them a botnet. Most takeovers happen via social engineering... these people aren't very smart. Even if a criminal gang wanted to track someone down, it would be pretty hard if you did the least amount of covering yourself and didn't tell anyone. But hackers can be lazy and have big mouths, so...
In general, the FBI aren't looking for you. Somebody has to lose a lot of money and report you, or rat you out, or make up some bullshit about terrorism (like SWATing for black hats). It's also not hard to hide your connections from them. The people who get caught are ratted out by their friends and are very predictable.
In terms of "crossing someone"... these are script kiddies who paid for some malware on a forum, or paid for someone to build them a botnet. Most takeovers happen via social engineering... these people aren't very smart. Even if a criminal gang wanted to track someone down, it would be pretty hard if you did the least amount of covering yourself and didn't tell anyone. But hackers can be lazy and have big mouths, so...
And unfortunately “hacking back” is still hacking according to the laws of the U.S. currently. Which might explain why cyber crime is way up. No downside for threat actors.
I think there have been a few exceptions where US authorities have authorized "technical action" against botnets and such.
Unauthorized computer access in still unauthorized doesn't matter if you hack back and take over a botnet from cyber-criminals.
Yea there are exceptions where US authorities together with Microsoft sinkhole, takeover and shut down botnets. Why Microsoft? Because majority of botnets are botnets of compromised Windows computers.
Yea there are exceptions where US authorities together with Microsoft sinkhole, takeover and shut down botnets. Why Microsoft? Because majority of botnets are botnets of compromised Windows computers.
These are called honeypots.
Good! If people are too stupid to realize a scam like this or pay for something illegal then they deserve to get bilked for a few hundred bucks.
I just want to contest the "too stupid to realize a scam" bit, in part because of the idea that stupid people are deserving of mistreatment (they aren't), but mostly because stupidity has very little to do with it. Vulnerability has a lot to do with. Most of the time, most people aren't vulnerable to scams. Thats the trick though, a successful scam is about finding people who are temporarily vulnerable. And everyone is at some point in their lives.
I'd agree, but the victims in this case seem to be buying stolen credit cards. They fully deserve to get ripped off in this case, it's instant karma.
Also the perfect victims - what are they going to do, complain to the police that their stolen credit card vendor ripped them off?
Also the perfect victims - what are they going to do, complain to the police that their stolen credit card vendor ripped them off?
Most scam victims are elderly with cognitive problems. Eventually you too will probably be "too stupid to realize a scam like this".
Assuming you live long enough of course.
Assuming you live long enough of course.
This is a scam against people who are actively seeking out stolen credit card details. Which doesn't seem like something an elderly person would start doing as as a result of cognitive decline.
unless its an older credit card scammer trying to offset their social security fixed income with something they used to do back in the day
Reminded me of the recent AskHN thread on the profitability of domain squatting: https://news.ycombinator.com/item?id=28106113
I wonder if we'll see more of such criminal-scamming operations after the government sting operation that leveraged a compromised app: https://www.washingtonpost.com/world/2021/06/08/fbi-app-arre...