Bots flooding GC

[cheerfulgreek]

Quote:

Originally Posted by AGDee

They continue upping the ante. In the last briefing I attended with someone from the NSA, they were talking about how it has changed. Originally, ransomware just encrypted all the data and then they had you pay to get the decryption key. But people started doing better backups and could just restore their systems so they stopped doing it that way.

Then they began extortion scams- so they'd say to pay the ransom to get your data back AND to prevent them from exposing the data they had on the dark web.

It's difficult to get indicted/convicted because most of this is happening from outside the US. And a lot of it is nation state.

NOW they have gone a step further and offering protection services from other scammers if a company will pay them monthly- very much like organized crime rings operate. We'll give you your data back, we'll keep it off the dark web and we'll give you protection.

This is why I have job security...

So, then this happens all the time? Seems like it. That would make me so mad. They seem like they have an easy job and an easy way of stealing money, literally without getting caught. I wonder why they haven’t gone after any banks, unless they have and it just didn’t reach the news.

[AGDee]

Quote:

Originally Posted by cheerfulgreek

So, then this happens all the time? Seems like it. That would make me so mad. They seem like they have an easy job and an easy way of stealing money, literally without getting caught. I wonder why they haven’t gone after any banks, unless they have and it just didn’t reach the news.

They go after the banks in different ways. Distributed Denial of Service attacks were rampant in 2019 and 2020, trying to disrupt online banking. A banking security officer was saying that the chief information security offers from the banks/financial industry have a call every morning to discuss attacks they are seeing. They collaborate really well and warn each other so they can better defend it. It's constant though. Job security for people in cyber security- no shortage of work for us, truly.

[cheerfulgreek]

⬆️ John, this is really crazy. The video is long but still worth watching. I wonder if there’s ever a single hacker. I mean, someone that doesn’t work with a group of hackers. If I was a thief, I’d just do it once and live off of the first millions of dollars, and be done, lol.

But seriously, if I was that computer literate, I would just find a really high paying tech job. I don’t know why they just won’t do that, instead of risking their freedom. Being that intelligent, you could really negotiate what you want.

Have you ever seen the move “The Core”? There was a hacker in the movie who got caught, but then the government forced him to work for them or go to prison. It was kind of a cheesy movie, but some parts were ok.

Quote:

Originally Posted by AGDee

They go after the banks in different ways. Distributed Denial of Service attacks were rampant in 2019 and 2020, trying to disrupt online banking. A banking security officer was saying that the chief information security offers from the banks/financial industry have a call every morning to discuss attacks they are seeing. They collaborate really well and warn each other so they can better defend it. It's constant though. Job security for people in cyber security- no shortage of work for us, truly.

That’s gotta be really stressful, though.

[John]

Quote:

Originally Posted by cheerfulgreek

I wonder if there’s ever a single hacker. I mean, someone that doesn’t work with a group of hackers.

My guess is yes, there are probably many lone wolf type hackers. Mainly because other people being involved probably opens up way too many loose ends. Or, at the very least, when they work with others they still remain anonymous to those they work with. The silk road guy was very close to being a lone wolf, even the people who were working for him didn't know anything about him, as far as I recall.

Quote:

Originally Posted by cheerfulgreek

If I was a thief, I’d just do it once and live off of the first millions of dollars, and be done, lol.

I wouldn't be surprised if there are some who have done it that way. Pull off one big heist, then drop off the radar forever. For some reason this is making me think of the end result of the hack in the movie Office Space.

Quote:

Originally Posted by cheerfulgreek

Have you ever seen the move “The Core”? There was a hacker in the movie who got caught, but then the government forced him to work for them or go to prison. It was kind of a cheesy movie, but some parts were ok.

Yeah, I remember the hacker from The Core. Will never forget that guy after he ate the french toast in Road Trip.

In that YouTube interview the agent talks about catching one of the silk road guy's accomplices. I think they made that hacker work for them for nearly a year or so.

[cheerfulgreek]

Quote:

Originally Posted by John

My guess is yes, there are probably many lone wolf type hackers. Mainly because other people being involved probably opens up way too many loose ends. Or, at the very least, when they work with others they still remain anonymous to those they work with. The silk road guy was very close to being a lone wolf, even the people who were working for him didn't know anything about him, as far as I recall.

And here I was thinking that when they’re working as a group, they all know about each other. Like, they’re in a hidden room together doing this. I’m so naive, lol.

Quote:

Originally Posted by John

Yeah, I remember the hacker from The Core. Will never forget that guy after he ate the french toast in Road Trip.

In that YouTube interview the agent talks about catching one of the silk road guy's accomplices. I think they made that hacker work for them for nearly a year or so.

lol
He was surviving off of hot pockets in the movie “The Core”.

I watched about 45 minutes of that video. I’m going to continue watching it this weekend.

[John]

Quote:

Originally Posted by Cookiez17

I assume it has to be using a program to spam that hard.

There's a mix but vast majority is programmatic. Years ago I read of spam operations that hired people in extremely low wage countries to post spam and other operations that used these low wage employees to solve the CAPTCHA anti-bot puzzles all day and the bots did the rest.

There are MS Windows based programs that people run on their computers even just for spamming forums. Then programs on servers. And bot nets that run through virus infected computers/servers & are controlled remotely. There could even be people here reading this whose computer is part of a bot net and they don't even know it.

Quote:

Originally Posted by carnation

We had one about 10 years ago that was Indian astrologer spam. It was awful.

Dozens and dozens of bot spammers, the astrologer spam was probably the worst of it. We may have even had hundreds of automated spammers, not all posted in such huge amounts. They registered many thousands of accounts for posting spam. Some would register and not post spam for months or a year+ later. There were some bots that attempted to post normal messages, then after some time they would return & edit their messages to add in their spam links. Also spam bots that used to post links that were difficult to notice, semi-hidden. I also know of at least one instance where bots were able to guess an easy password on a GC account, went back and edited nearly a thousand messages just adding in various spam links.

In addition to the Indian astrology spam I recall some major fashion brand spamming GC for a long time as well. There was also a celebrity who must have hired spammers to promote her new show... I emailed them and told them to just sponsor GC to promote their show instead of spamming us.

Then my email... one account was receiving 8000+ emails a day when I decided to shut it down.

The spam on the forums and email was a real nightmare to deal with. May have been impossible to handle all that without the help of many site moderators.

GC also wasn't my only forum site. The other forums I shut down new account registrations on years ago. Was just too overwhelming to continue dealing with all the spam / spambots littering the sites with spam from every different direction.

On GC I made it difficult to easily create/verify new accounts and also use a crowd sourced spam detection service, which is quite imperfect and probably has too many false positives. That service has been used to block something like 10 million + account registrations on GC. I often wonder, though, about their false positive rate. Even 1% would be a huge loss. At some point I'll get around to looking into that more and will post additional details.

Quote:

Originally Posted by cheerfulgreek

And here I was thinking that when they’re working as a group, they all know about each other. Like, they’re in a hidden room together doing this. I’m so naive, lol.

I don't know which is the most common way. There's surely a mix. Some are groups all knowing and working together. Others work together but do not know each other. And still others work alone or mostly alone.