See the exploit.in thread for example https://temp.sh/XOWUP/STARKILLER_V6.0.1___ULTIMATE_WEAPON__B...
Krebs has access to these forums, he could’ve checked this story out in less than 3 minutes but did not.
Even if Krebs wasn’t a subject matter expert, it’s still inexcusable that he didn’t do the most basic work here. You don’t need to frequent underground runet forums to know that a journalist should be able to verify the stories he puts out.
I think it’s also particularly telling that he didn’t bother to source reasonable quality screenshots for the story, which he would have been able to do had he ever witnessed this phishing kit working.
"Maximum download limit reached" - it's gone. Also, not present in the archive.org :-(
I noticed. While researching I had a feeling of "is this just makeup on a pig?". Anyone can make pretty graphics or make claims. I tried reading a few selling points and I was weary.
One claimed to handle a MFA token handover and then somehow got access to the token and they could proxy it for you? The user types in the MFA token, they get the token. I cant figure out how they would bypass all browser protections to pass on the highly-secured token via a proxy. I've been online for 25 years, I understand on a deep level on the internet works and the web and what is happening in this situation, as I'm sure most here are.
Without a 0day, this just doesn't make sense. But this is pretty technical, and unless you hang out here then the above sounds perfectly reasonable but to us sounds like bullshit.
> he didn’t bother to source reasonable quality screenshots for the story
Also noted. Quickly found better quality versions myself with a quick search.
These forums are mostly private, but Krebs certainly has access to them. There can really be no excuse for how he handled this.
There are multiple posts by people in different places claiming to have bought this phishing kit, and then being delivered totally non-functional vibecoded garbage. The vibecoded garbage is not the advertised product though, as the author never managed to get the AI to finish his project.
I do not doubt this story for a second. Its crazy Kerb's is basically freely advertising this blackhat slop.
https://news.ycombinator.com/item?id=46976825
This, predictably, broke I2P.
How does that work?
It's the only complaint I have of the current state of Tor. Anyone should be able to run directory authority, regardless if you trust the operator or not (same as normal relays).
Why does i2p (per the article) expect state sponsored attacks every February? Where are those forming from, what does the regularity achieve?
How come the operators of giant (I’m assuming illegal) botnets are available to voice their train of thought in discord?
Because The Invisible Internet Project (I2P) allows government dissidents to communicate without the government oversight. Censorship-resistant, peer-to-peer communication
> Where are those forming from, what does the regularity achieve?
At least PR China, Iran, Oman, Qatar, and Kuwait. censor communication between dissidents.
> How come the operators of giant (I’m assuming illegal) botnets are available to voice their train of thought in discord?
How would you identify someone as 'operators of giant botnets' before they identified themselves as 'operators of giant botnets'?
please read https://en.wikipedia.org/wiki/I2P
>they accidentally disrupted I2P while attempting to use the network as backup command-and-control infrastructure
So were they hostile or were they using it normally?
Not wanting to be overly critical, but any net-infrastructure project kind of has to keep bot-attacks in mind and other attack vectors, in the initial design stage already. Any state-actor (and other actors, though I would assume it is often a state financing the bot network behind-the-scene) can become potentially hostile.
Honestly, did the bot implementation have bugs or was it a proper implementation that crashed the network due to sheer numbers?
Also, how does changing the encryption standard affect anything if the bots tried to integrate correctly with the network?
Is the problem "fixed" or is it not? Elsewhere I found large number if botnet devs got pissed off with this botnet operator and 600k nodes went offline. Might this have much more to do with the situation getting better than simply changing encryption?
Also, was there any suggestion a quantum breaking attack was attempted? No. So why put the emphasis on "post quantum" in this article?
Bad. Very bad.
I didn’t really understand the link between Alice and Bob until I saw a green floaty dot go through a pile of spaghetti with the word compromise beneath it.
Once established communication can transparently be processed through a socks proxy, or integration with SAM or similar https://i2p.net/en/docs/api/samv3/
In general I don't think law enforcement wants discord to take these down or ban them. These guys would have no problem to just make some IRC servers or whatever to hang out on instead, which would be much harder to surveil for law enforcement - compared to discord just forwarding them everything said by those accounts and on those servers.
Also, how would you even go about classifying them as botnet operators?
I know several people whose Discord accounts were banned because they participated in a server that later had some talk of illegal activities in one of the channels. There are similar stories all over Reddit.
It’s basically impossible. They have money, IPs, identities, anything you could possibly want to evade.
They aren’t requiring age verification for everyone to join servers and chat. The headlines and panic really got away from the actual story.