zlacker

>>Strang+(OP)
It’s notable that there were ShinyHunters members arrested by the FBI a few years ago. I was in prison with Sebastian Raoult, one of them. We talked quite a bit.

The level of persistence these guys went through to phish at scale is astounding—which is how they gained most of their access. They’d otherwise look up API endpoints on GitHub and see if there were any leaked keys (he wasn’t fond of GitHub's automated scanner).

https://www.justice.gov/usao-wdwa/pr/member-notorious-intern...

>>joshmn+6t
Generally speaking, humans are more often than not the weakest link the chain when it comes to cyber security, so the fact that most of their access comes from social engineering isn't the least bit surprising.

They themselves are likely to some extent the victims of social engineering as well. After all who benefits from creating exploits for online games and getting children to become script kiddies? Its easier (and probably safer) to make money off of cyber crime if your role isn't committing the crimes yourself. It isn't illegal to create premium software that could in theory be use for crime if you don't market it that way.

>>rkozik+GI
>It isn't illegal to create premium software that could in theory be use for crime if you don't market it that way.

Who is making money off of selling premium software, that's not marketed as for cybercrime, to non-governmental attackers? Wouldn't the attackers just pirate it?

>>Thorre+hZ
This type of software is being sold on many forums, both on the clearnet and darknet.

> Wouldn't the attackers just pirate it?

Sometimes the software is SaaS (yes, even crimeware is SaaS now). In other cases, it has heavy DRM. Besides that, attackers often want regular updates to avoid things like antivirus detections.

>>ronsor+JK1
I assume the forums you're talking about are cybercrime forums. So I think that counts as "marketed for cybercrime". I'm asking if there's anything not marketed for cybercrime.