GC downtime (August 26) due to flood of Bots

[cheerfulgreek]

Quote:

Originally Posted by John

Around a year ago I watched an interview of a guy who was part of some FBI task force for investigating high profile / most wanted hackers, or something like that. He said that we will never catch them and the only ones who do get caught are usually because they made some sort of tiny mistake. There's a documentary about the silk road hacker who was basically caught this way, made a little mistake.

I’m going to look for that documentary. I’d like to really see that.

Quote:

Originally Posted by John

I read something about this a while back. Seems to be that if the hackers get a reputation for not honoring their ransoms then people / companies / governments will probably stop paying future ransoms.

I meant if they continue to do it the same way they’re doing it now. So, honor their ransoms by fixing what they screwed up, after they get ransom money. What I’m saying is why not keep doing what they’re doing repeatedly, keep honoring the ransom, then do it again. It seems like they just get the ransom and stop. Why not keep doing it since it’s very difficult to get caught.

[AGDee]

Quote:

Originally Posted by cheerfulgreek

I’m going to look for that documentary. I’d like to really see that.

I meant if they continue to do it the same way they’re doing it now. So, honor their ransoms by fixing what they screwed up, after they get ransom money. What I’m saying is why not keep doing what they’re doing repeatedly, keep honoring the ransom, then do it again. It seems like they just get the ransom and stop. Why not keep doing it since it’s very difficult to get caught.

They continue upping the ante. In the last briefing I attended with someone from the NSA, they were talking about how it has changed. Originally, ransomware just encrypted all the data and then they had you pay to get the decryption key. But people started doing better backups and could just restore their systems so they stopped doing it that way.

Then they began extortion scams- so they'd say to pay the ransom to get your data back AND to prevent them from exposing the data they had on the dark web.

It's difficult to get indicted/convicted because most of this is happening from outside the US. And a lot of it is nation state.

NOW they have gone a step further and offering protection services from other scammers if a company will pay them monthly- very much like organized crime rings operate. We'll give you your data back, we'll keep it off the dark web and we'll give you protection.

This is why I have job security...

[cheerfulgreek]

Quote:

Originally Posted by AGDee

They continue upping the ante. In the last briefing I attended with someone from the NSA, they were talking about how it has changed. Originally, ransomware just encrypted all the data and then they had you pay to get the decryption key. But people started doing better backups and could just restore their systems so they stopped doing it that way.

Then they began extortion scams- so they'd say to pay the ransom to get your data back AND to prevent them from exposing the data they had on the dark web.

It's difficult to get indicted/convicted because most of this is happening from outside the US. And a lot of it is nation state.

NOW they have gone a step further and offering protection services from other scammers if a company will pay them monthly- very much like organized crime rings operate. We'll give you your data back, we'll keep it off the dark web and we'll give you protection.

This is why I have job security...

So, then this happens all the time? Seems like it. That would make me so mad. They seem like they have an easy job and an easy way of stealing money, literally without getting caught. I wonder why they haven’t gone after any banks, unless they have and it just didn’t reach the news.

[AGDee]

Quote:

Originally Posted by cheerfulgreek

So, then this happens all the time? Seems like it. That would make me so mad. They seem like they have an easy job and an easy way of stealing money, literally without getting caught. I wonder why they haven’t gone after any banks, unless they have and it just didn’t reach the news.

They go after the banks in different ways. Distributed Denial of Service attacks were rampant in 2019 and 2020, trying to disrupt online banking. A banking security officer was saying that the chief information security offers from the banks/financial industry have a call every morning to discuss attacks they are seeing. They collaborate really well and warn each other so they can better defend it. It's constant though. Job security for people in cyber security- no shortage of work for us, truly.

[John]

Quote:

Originally Posted by cheerfulgreek

I’m going to look for that documentary. I’d like to really see that.

There may be few documentaries about how they caught the silk road guy. I don't recall if it was something I saw on Netflix or YouTube, probably YouTube. When they finally closed in on him it was in a library, he was surrounded by maybe a half a dozen undercover people. There was suspicion that he had setup a way to immediately lockdown his computer with a key combo or something similar, so they couldn't just approach & arrest him as they needed the evidence on his laptop. They ended having 2 agents posing as a couple sitting nearby, the lady slapped the guy and it got the silk road guy's attention long enough for the other agents to step in a secure his computer / prevent him from hitting the key to lock it down.

There's also an interesting interview by one of the agents involved here: https://www.youtube.com/watch?v=4KiO8GRgwDk I haven't watched that entire interview but there are clips floating around. Some parts I did watch included where he talked about only the hackers who make mistakes get caught and/or something about catching the low hanging fruit, but the others have not been caught. Something like that.

There's another hacker story where the guy was caught & in jail, working on his own case. Discovered that the gov used some device to masquerade as a cell phone tower, they drove around something like a 2 square mile area collecting call data from a huge number of people. I think it may have been 100,000+ or so. I may be a little off on these facts as it's been a while since I learned about this stuff. That hacker I believe got off because the gov did that mass data collection, trying to find the hacker, without a warrant or something like that. The hacker or maybe his lawyer just happened to stumble upon the name of the device out of thousands of pages of documents.

Quote:

Originally Posted by cheerfulgreek

I meant if they continue to do it the same way they’re doing it now. So, honor their ransoms by fixing what they screwed up, after they get ransom money. What I’m saying is why not keep doing what they’re doing repeatedly, keep honoring the ransom, then do it again. It seems like they just get the ransom and stop. Why not keep doing it since it’s very difficult to get caught.

Oh, they do keep doing it, just to other people / other companies, etc. I imagine that there may have even been victims who were hacked like that repeatedly, by different hacker groups.

Quote:

Originally Posted by AGDee

They continue upping the ante. In the last briefing I attended with someone from the NSA, they were talking about how it has changed. Originally, ransomware just encrypted all the data and then they had you pay to get the decryption key. But people started doing better backups and could just restore their systems so they stopped doing it that way.

Then they began extortion scams- so they'd say to pay the ransom to get your data back AND to prevent them from exposing the data they had on the dark web.

That's really interesting and makes sense. I often wondered how the ransomware groups would strike back if people/companies/governments ever figured out how to secure their ability to recover when they are hit instead of paying the ransom. So now if they can recover or not they are extorted that way.

Quote:

Originally Posted by cheerfulgreek

So, then this happens all the time? Seems like it. That would make me so mad. They seem like they have an easy job and an easy way of stealing money, literally without getting caught. I wonder why they haven’t gone after any banks, unless they have and it just didn’t reach the news.

I recall learning about some major hacks where the hacker group spent months working on it. No idea how many people may have been involved in each hack or how much total time is put into it, but they do often walk away with millions. My guess is that many of these cases may also involve insiders as well. If a hacker group is going to get millions I imagine they might bribe insiders with huge payments for help gaining some kind of access & pulling off the hacks. Some of those "accidental" clicks on phishing links may not be so accidental.

Quote:

Originally Posted by AGDee

They go after the banks in different ways. Distributed Denial of Service attacks were rampant in 2019 and 2020, trying to disrupt online banking. A banking security officer was saying that the chief information security offers from the banks/financial industry have a call every morning to discuss attacks they are seeing. They collaborate really well and warn each other so they can better defend it. It's constant though. Job security for people in cyber security- no shortage of work for us, truly.

Way back in the day, approx 2005ish, there was a Wired Magazine article about the larger botnets at the time. They were being used I think against online casinos & banks. The victims were just paying up because the ransome was less money than what the online casinos were losing each day while being offline. I couldn't find that specific article but if anyone is interested just Google "site:wired.com ddos botnet" and a bunch of related articles will be in the search results.

[cheerfulgreek]

⬆️ John, this is really crazy. The video is long but still worth watching. I wonder if there’s ever a single hacker. I mean, someone that doesn’t work with a group of hackers. If I was a thief, I’d just do it once and live off of the first millions of dollars, and be done, lol.

But seriously, if I was that computer literate, I would just find a really high paying tech job. I don’t know why they just won’t do that, instead of risking their freedom. Being that intelligent, you could really negotiate what you want.

Have you ever seen the move “The Core”? There was a hacker in the movie who got caught, but then the government forced him to work for them or go to prison. It was kind of a cheesy movie, but some parts were ok.

Quote:

Originally Posted by AGDee

They go after the banks in different ways. Distributed Denial of Service attacks were rampant in 2019 and 2020, trying to disrupt online banking. A banking security officer was saying that the chief information security offers from the banks/financial industry have a call every morning to discuss attacks they are seeing. They collaborate really well and warn each other so they can better defend it. It's constant though. Job security for people in cyber security- no shortage of work for us, truly.

That’s gotta be really stressful, though.

[John]

Quote:

Originally Posted by cheerfulgreek

I wonder if there’s ever a single hacker. I mean, someone that doesn’t work with a group of hackers.

My guess is yes, there are probably many lone wolf type hackers. Mainly because other people being involved probably opens up way too many loose ends. Or, at the very least, when they work with others they still remain anonymous to those they work with. The silk road guy was very close to being a lone wolf, even the people who were working for him didn't know anything about him, as far as I recall.

Quote:

Originally Posted by cheerfulgreek

If I was a thief, I’d just do it once and live off of the first millions of dollars, and be done, lol.

I wouldn't be surprised if there are some who have done it that way. Pull off one big heist, then drop off the radar forever. For some reason this is making me think of the end result of the hack in the movie Office Space.

Quote:

Originally Posted by cheerfulgreek

Have you ever seen the move “The Core”? There was a hacker in the movie who got caught, but then the government forced him to work for them or go to prison. It was kind of a cheesy movie, but some parts were ok.

Yeah, I remember the hacker from The Core. Will never forget that guy after he ate the french toast in Road Trip.

In that YouTube interview the agent talks about catching one of the silk road guy's accomplices. I think they made that hacker work for them for nearly a year or so.

[Cookiez17]

Somewhat related but a massive spam bot actually took over Greek rank, specifically the SMU page. It’s been nuts to see hundreds of pages of the same spam over and over again. I assume it has to be using a program to spam that hard.

[carnation]

We had one about 10 years ago that was Indian astrologer spam. It was awful.

[cheerfulgreek]

Quote:

Originally Posted by John

My guess is yes, there are probably many lone wolf type hackers. Mainly because other people being involved probably opens up way too many loose ends. Or, at the very least, when they work with others they still remain anonymous to those they work with. The silk road guy was very close to being a lone wolf, even the people who were working for him didn't know anything about him, as far as I recall.

And here I was thinking that when they’re working as a group, they all know about each other. Like, they’re in a hidden room together doing this. I’m so naive, lol.

Quote:

Originally Posted by John

Yeah, I remember the hacker from The Core. Will never forget that guy after he ate the french toast in Road Trip.

In that YouTube interview the agent talks about catching one of the silk road guy's accomplices. I think they made that hacker work for them for nearly a year or so.

lol
He was surviving off of hot pockets in the movie “The Core”.

I watched about 45 minutes of that video. I’m going to continue watching it this weekend.

[John]

Quote:

Originally Posted by Cookiez17

I assume it has to be using a program to spam that hard.

There's a mix but vast majority is programmatic. Years ago I read of spam operations that hired people in extremely low wage countries to post spam and other operations that used these low wage employees to solve the CAPTCHA anti-bot puzzles all day and the bots did the rest.

There are MS Windows based programs that people run on their computers even just for spamming forums. Then programs on servers. And bot nets that run through virus infected computers/servers & are controlled remotely. There could even be people here reading this whose computer is part of a bot net and they don't even know it.

Quote:

Originally Posted by carnation

We had one about 10 years ago that was Indian astrologer spam. It was awful.

Dozens and dozens of bot spammers, the astrologer spam was probably the worst of it. We may have even had hundreds of automated spammers, not all posted in such huge amounts. They registered many thousands of accounts for posting spam. Some would register and not post spam for months or a year+ later. There were some bots that attempted to post normal messages, then after some time they would return & edit their messages to add in their spam links. Also spam bots that used to post links that were difficult to notice, semi-hidden. I also know of at least one instance where bots were able to guess an easy password on a GC account, went back and edited nearly a thousand messages just adding in various spam links.

In addition to the Indian astrology spam I recall some major fashion brand spamming GC for a long time as well. There was also a celebrity who must have hired spammers to promote her new show... I emailed them and told them to just sponsor GC to promote their show instead of spamming us.

Then my email... on account was receiving 8000+ emails a day when I decided to shut it down.

The spam on the forums and email was a real nightmare to deal with. May have been impossible to handle all that without the help of many site moderators.

GC also wasn't my only forum site. The other forums I shut down new account registrations on years ago. Was just too overwhelming to continue dealing with all the spam / spambots littering the sites with spam from every different direction.

On GC I made it difficult to easily create/verify new accounts and also use a crowd sourced spam detection service, which is quite imperfect and probably has too many false positives. That service has been used to block something like 10 million + account registrations on GC. I often wonder, though, about their false positive rate. Even 1% would be a huge loss. At some point I'll get around to looking into that more and will post additional details.

Quote:

Originally Posted by cheerfulgreek

And here I was thinking that when they’re working as a group, they all know about each other. Like, they’re in a hidden room together doing this. I’m so naive, lol.

I don't know which is the most common way. There's surely a mix. Some are groups all knowing and working together. Others work together but do not know each other. And still others work alone or mostly alone.

[AGDee]

There are definitely warehouses of people in other countries who are scamming people as their full time jobs. They go to work, catfish people in romance scams, etc. The vast majority of hackers attacking us here are not in this country.

[carnation]

How can scammers live with themselves--cheating people? What would their mothers think if they knew what they're really doing?

[AGDee]

Quote:

Originally Posted by carnation

How can scammers live with themselves--cheating people? What would their mothers think if they knew what they're really doing?

For the types I'm talking about, this is their job. They go to a big warehouse every day filled with computers and phones and go through their scams. It's a legit job in their countries. Sometimes sponsored by the government.