|
Jabor posted:Swapping your dirty bitcoins for someone else's dirty bitcoins doesn't seem like it actually helps unless you're such a small-timer that law enforcement doesn't actually care to investigate. I'm assuming an adversary a little more sophisticated than this, granted: https://twitter.com/puttinyadown/status/1491104089971003393
|
# ? Feb 16, 2022 23:51 |
|
|
# ? May 18, 2024 03:40 |
|
Potato Salad posted:The Bitfinex cash--fiat--was also laundered by stupid people lacking the sense or connections to do it right. I'm suddenly hit with this vision from an alternate universe SNL: "Dobche Tank: The Money Laundering People"
|
# ? Feb 16, 2022 23:56 |
|
it's all stupid, underinformed people thinking they've come up with new ideas, not realizing that there's a whole lot of really good reasons to involve established criminal enterprise had they approached any number of unscrupulous but still obviously free parties domestically, or even just reached out over a goddamn forum to a crypto extortion payment servicer to hammer out a deal to help launder the coins, they might actually have been able to sacrifice a little bit of the Bitcoin wallet in exchange for essentially guaranteed and anonymity on the other end had they established any number of banks that are somehow still allowed to operate domestically that have long histories of doing good jobs laundering fiat with only occasional slip ups when the customer gets way too loving greedy and obvious, they'd have gone unnoticed or unharassed by law enforcement it's just stupid people who are either too loving dumb to realize that there's more to it than what they read on Elon Musk's Twitter wall, or too greedy to involve good criminal experts
|
# ? Feb 16, 2022 23:57 |
|
like, Jesus Christ has anybody ever given two shakes of a brain cell regarding why the entire loving Trump family is still allowed to do business domestically I'm talking about poo poo that happened before 2010 go loving talk to THEIR people if you're some techno-chud who doesn't trust the establishment they weren't even particularly good at what they do, and it worked just fine for them
|
# ? Feb 16, 2022 23:58 |
|
20 year old dumb internet nerds typically don't know how to get in touch with real criminals.
|
# ? Feb 16, 2022 23:59 |
|
KillHour posted:20 year old dumb internet nerds typically don't know how to get in touch with real criminals. I mean, how hard is it if you're intellectually honest with yourself to keep up with current events, ask for a $5,000 plate audience with Eric or whatever the other male kid is named, and say "I need help laundering a hundred million in Bitcoin and I noticed that your man Paul got off pretty easy" that's like, if you were even remotely aware of one of the worst case scenarios too
|
# ? Feb 17, 2022 00:03 |
|
or apparently, if my memory serves correctly to one of the more recent times Wells Fargo was caught laundering cartel money, just place a phone call to a central office "I have nine figures of assets I need tax advice with" you will get a call back in 15 minutes, a helicopter ride by close of business day I just checked and this appears to be the serious infosec thread, so I guess uhhhhhhhh this is all totally in scope because it concerns common practices of the competent criminal enterprises that are Potato Salad fucked around with this message at 00:09 on Feb 17, 2022 |
# ? Feb 17, 2022 00:05 |
|
Potato Salad posted:or apparently, if my memory serves correctly to one of the more recent times Wells Fargo was caught laundering cartel money, just place a phone call to a central office Your vulnerability report is Out of Scope and not eligible for a reward.
|
# ? Feb 17, 2022 00:17 |
|
Potato Salad posted:or apparently, if my memory serves correctly to one of the more recent times Wells Fargo was caught laundering cartel money, just place a phone call to a central office yeah I confused it for the cyberpunk dystopia thread at first too lol
|
# ? Feb 17, 2022 00:20 |
|
BlankSystemDaemon posted:It's also a ZIP file, and a PCAP-NG packet capture. A buddy of mine used to distribute a PDF of their resume that was also an ISO of their hobby operating system that, upon booting, would open a PDF viewer with their resume in it.
|
# ? Feb 17, 2022 01:33 |
|
Kazinsal posted:A buddy of mine used to distribute a PDF of their resume that was also an ISO of their hobby operating system that, upon booting, would open a PDF viewer with their resume in it. I have a little ESP32 with a coin cell that when you press a button, offers you an open Access Point with a simple Website where you can view and download my PDF resume. Was fun making that.
|
# ? Feb 17, 2022 02:49 |
|
Potato Salad posted:it's just stupid people who are either too loving dumb to realize that there's more to it than what they read on Elon Musk's Twitter wall, or too greedy to involve good criminal experts While there's some truth to this, also note that the good 'ol USG was able to not only trace down, but actually recover a good chunk of the crypto ransom paid out in the whole Colonial Pipeline deal: it's becoming more and more apparent that the "anonymity built into the system" of most coins is...not as strong as it's made out to be. I mean, it's clearly not trivial to trace things around, but if you get the FBI pissed at you, they've done it a few times now, and they weren't all just idiot teens / teen-wannabes. And they're just gonna get better at it as time goes on.
|
# ? Feb 17, 2022 04:30 |
|
Nothing can be both truly anonymous and public. Crypto runs off a ledger where every transaction is available, so it's security through obscurity at best. Sure, you can move things around a lot and make it hard to follow the trails, but it's all there if you look hard enough.
|
# ? Feb 17, 2022 04:33 |
|
KillHour posted:Nothing can be both truly anonymous and public. Crypto runs off a ledger where every transaction is available, so it's security through obscurity at best. Sure, you can move things around a lot and make it hard to follow the trails, but it's all there if you look hard enough. And yet scams are absolutely rampant and people lose their shirt every day. Hardly any of them are going to jail. We're talking about a system where people can insert viruses into your wallet and you can't delete them and if you interact with them in any way they empty your account and send all your money to the hacker.
|
# ? Feb 17, 2022 04:47 |
|
Cup Runneth Over posted:And yet scams are absolutely rampant and people lose their shirt every day. Hardly any of them are going to jail. Oh it's a bad system for sure. It just is also not the perfect anonymous hiding place idiots who don't know how to launder money think it is.
|
# ? Feb 17, 2022 04:54 |
|
its security through obscurity in a nutshell and it doesnt hold up if you get three letter agencies looking for you
|
# ? Feb 17, 2022 05:41 |
Kazinsal posted:A buddy of mine used to distribute a PDF of their resume that was also an ISO of their hobby operating system that, upon booting, would open a PDF viewer with their resume in it.
|
|
# ? Feb 17, 2022 11:59 |
|
Cup Runneth Over posted:And yet scams are absolutely rampant and people lose their shirt every day. Hardly any of them are going to jail. Yes, but none of that is because the people doing it are inherently untraceable. It's because no one with any enforcement power gives a gently caress: it's all entirely unregulated, and the joy of not having any legal structure around it (because why would you want laws involved in a decentralized lolbertarian wet dream?) is that when some random dude exit scams you of your money, you don't have anyone to complain to. And then, yeah, also the typical issues of international crime and jurisdiction and yadda yadda even in the event that you could argue that an actual crime had been committed (like hacks of platforms and such).
|
# ? Feb 17, 2022 13:45 |
|
CommieGIR posted:I have a little ESP32 with a coin cell that when you press a button, offers you an open Access Point with a simple Website where you can view and download my PDF resume. Was fun making that.
|
# ? Feb 17, 2022 14:40 |
|
Captive portal, maybe?
|
# ? Feb 17, 2022 14:44 |
|
KozmoNaut posted:Captive portal, maybe? This. If you join the access point it redirects you to the main page: https://iotespresso.com/create-captive-portal-using-esp32/
|
# ? Feb 17, 2022 14:59 |
|
Kazinsal posted:A buddy of mine used to distribute a PDF of their resume that was also an ISO of their hobby operating system that, upon booting, would open a PDF viewer with their resume in it.
|
# ? Feb 17, 2022 15:10 |
|
DrDork posted:While there's some truth to this, also note that the good 'ol USG was able to not only trace down, but actually recover a good chunk of the crypto ransom paid out in the whole Colonial Pipeline deal it has been speculated that was a specific situation where key material was available over the wire
|
# ? Feb 18, 2022 00:34 |
|
quality of the opsec in each crime is going to be widely variable
|
# ? Feb 18, 2022 00:34 |
|
Cup Runneth Over posted:And yet scams are absolutely rampant and people lose their shirt every day. Hardly any of them are going to jail. I'm in Singapore, and I (and the police here) can tell you people are really really stupid when it comes to scams that they have been warned about for a decade day-in, day-out
|
# ? Feb 18, 2022 00:45 |
|
Jabor posted:Swapping your dirty bitcoins for someone else's dirty bitcoins doesn't seem like it actually helps Excuse me but I would appreciate it if you did not kink shame here, thanks
|
# ? Feb 18, 2022 03:21 |
|
I'm currently looking for startups working on solutions in the field of "automated compliance" to assist in a tech report of developments in the last year or two. https://brighter.ai/ is one of my favourites so far. Does anybody else have any suggestions?
|
# ? Feb 20, 2022 23:36 |
That seems pretty cool! I know some folks who work here: https://www.immuta.com/ And that kinda seems like what you’re looking for?
|
|
# ? Feb 21, 2022 15:36 |
|
ephex posted:I'm currently looking for startups working on solutions in the field of "automated compliance" to assist in a tech report of developments in the last year or two. Vanta has some automation around evidence, and Very Good Security has some as well.
|
# ? Feb 21, 2022 15:44 |
|
I know it goes without saying but now it's the time to send mass mails to your employees to warn about weird bullshit, start changing your anti spam filters to drop anything that is not covered by dmarc and so on. Russian state-aligned hackers are going to start hitting targets in nato-aligned countries in a short while IMHO.
|
# ? Feb 22, 2022 18:15 |
|
SlowBloke posted:I know it goes without saying but now it's the time to send mass mails to your employees to warn about weird bullshit, start changing your anti spam filters to drop anything that is not covered by dmarc and so on. Russian state-aligned hackers are going to start hitting targets in nato-aligned countries in a short while IMHO. Going to start?
|
# ? Feb 22, 2022 18:19 |
|
SlowBloke posted:I know it goes without saying but now it's the time to send mass mails to your employees to warn about weird bullshit, start changing your anti spam filters to drop anything that is not covered by dmarc and so on. Russian state-aligned hackers are going to start hitting targets in nato-aligned countries in a short while IMHO. Lmao sorry to burst your bubble dude, but this has been going on for a decade and isn't new whatsoever. Clam down.
|
# ? Feb 22, 2022 18:22 |
|
CLAM DOWN posted:Lmao sorry to burst your bubble dude, but this has been going on for a decade and isn't new whatsoever. Clam down. I just wish it wasn't all so obvious What kind of idiot believes the CEO is emailing them personally for their cell phone number?
|
# ? Feb 22, 2022 18:27 |
|
But if I answer and am helpful then the CEO will love me!
|
# ? Feb 22, 2022 18:28 |
|
RFC2324 posted:I just wish it wasn't all so obvious look i'm just so lonely
|
# ? Feb 22, 2022 18:33 |
|
Sickening posted:Going to start? I mean that they are going to intensify and possibly start hitting fields that were considered "not juicy enough" rather than targets of opportunity as until now. I'm going to start spooling up veeam tomorrow and anticipate our quarterly restore tests, kinda resigned to get cryptoed soon being in public sector
|
# ? Feb 22, 2022 18:33 |
|
RFC2324 posted:I just wish it wasn't all so obvious If the company is small enough it is entirely probable that this has happened.
|
# ? Feb 22, 2022 18:33 |
|
Hey maybe I can use this pending Russian/Ukraine war as an opportunity to get some proper email security software in place like Mimecast! Just kidding, we dont even use demarc! Our customers have to be able to send email as us after all and nothing can ever go wrong with that....
|
# ? Feb 22, 2022 18:45 |
|
RFC2324 posted:I just wish it wasn't all so obvious I see it quite a bit with smaller companies that are run by assholes. If double-checking something is going to get you yelled at you're more likely to just email all the employees tax info to a scammer.
|
# ? Feb 22, 2022 18:58 |
|
|
# ? May 18, 2024 03:40 |
|
SlowBloke posted:I mean that they are going to intensify and possibly start hitting fields that were considered "not juicy enough" rather than targets of opportunity as until now. I'm going to start spooling up veeam tomorrow and anticipate our quarterly restore tests, kinda resigned to get cryptoed soon being in public sector I really, REALLY doubt that. I am sure they consider it all juicy. If this is the kind of narrative to push objectives you should have already completed, I am all for it.
|
# ? Feb 22, 2022 19:40 |