TFW criminals are getting rich as pic related while we shit post from our riced anime pedophile desktops

>Why doesn't everyone do it then?

>Why isn't everyone a parasitic criminal

I wonder

>The days of this are coming to an end since the USA is getting with the times and finally starting to use chip readers/cards.

You can use US cards in countries without chip requirements.

Or you can just use them online, in fact the countries where 201 become standard saw a sharp increase in online fraud instead. It doesn't really stop it much.

>wouldn't it be more profitable to USE malware?
I never said I didn't, but I never said or will say that I do. Writing it isn't illegal, but admiting you use it is actionable evidence.

>Why isn't everyone a parasitic criminal
You're right, I just apply for neetbux instead and do it legally :^)

but why do people write it at all?

Isn't it far more profitable to utilize it? Even like Carberp... seems kinda retarded to sell it for $40 000 when people made many millions from it. Why do people do this?

>but why do people write it at all?
the people who write it but don't use it can be sure they won't be put in prison. Its a risk vs reward tradeoff.

The top botnets and APTs all have inhouse development though.

Is there any sense getting into this "field"? Do the little guys make much money or is it mostly reserved for the big dogs living in Russia

Seems like the real people making money are dump vendors and such rather than lowly niggers buying iphones

Are you the same fag who posts on hear about making ransom ware and other illegal shit to make money?

That's probably someone else. I'm the one who kept making threads about botnets

You have no idea how much untapped potential there is. If you're smart and can think creatively then the entire planet is like a literal goldmine. Security flaws are everywhere in every device. If you can use a fuzzer then you WILL find exploits in all kinds of shit.

The more effort you put into your malware the more lucrative it will be. If you do shit work like the type of trash you find in "hacking" forums, then you will make shit money.

>I'm the one who kept making threads about botnets

Can we just officially make a botnet general?

I get tired of seeing six threads at the same time about botnets.

>If you can use a fuzzer then you WILL find exploits in all kinds of shit.

So can everyone else though?

>The more effort you put into your malware the more lucrative it will be. If you do shit work like the type of trash you find in "hacking" forums, then you will make shit money.

I think the question could be better phrased as Is it better than working a traditional job, and at which point is it so?

That would be cool actually

>>Why doesn't everyone do it then?
>>Why isn't everyone a parasitic criminal
>I wonder
So do I, it makes no sense. I'd definitely be a criminal if it were suitably profitable and possible, and I expect that's the case for most people. Therefore it must not be a reasonable proposition.

ive ratted people before to get warcraft accounts (nostalrius accounts). I never turned any profit and got spooked when i watched someone get my IP

>So can everyone else though?
Trust me, the exploits aren't drying up. Most developers continually add new features and complexity to their software which is continually opening up new holes to attack.
The entire ecosystem is like a leaky dam with a few security guys trying to patch holes at the bottom while an order of magnitude more pajeets are building new leaky dam on top, and the water pressure just keeps on building as internet traffic increases yearly.

Doesn't matter if theres more people fuzzing, I doubt saturation will ever be hit in our lifetimes.

>I think the question could be better phrased as Is it better than working a traditional job, and at which point is it so?
Do you have a good systems engineering background? Can you into obfuscation and basic crypto? Do you know how to reverse engineer? Are you familiar with low level details of how computers work? Do you know how exploits work?

The more of these you answer yes to the easier it will be for you to get into the field.

>ive ratted people before to get warcraft accounts (nostalrius accounts).

fuck you nigger

There's just a line you don't cross and you crossed it.

So much of Sup Forums could just be summed up in generals

Apple general (which we have but still get crazy amounts of shilling or hate threads)

Google general

Windows general

botnet generals

AMD general
Intel general
Or just put both of those into a CPU general

But no, we get several threads a day covering the same shit, over and over, and we even get threads about shit that should be in other generals that already exist. Simply because people want to bait with titles instead of just shitposting halfway down an already existent thread.

And don't even mention the amount of false flagging and same-fagging. If I had things my way, Sup Forums would use thread dependent IDs.

>The more of these you answer yes to the easier it will be for you to get into the field.

i-i don't really know any of them...

i never actually stole anything and the rat was attached to a cheat anyway

oh ok then

Are you going to play new Nost on January 7th?

probably not

I honestly don't know how hard it would be to learn these days. Back when I was a noob I got had to reinvent the wheel on how the other guys did it because nobody shares their techniques or the AV guys/malware analysts will catch on.

I reverse engineered other people's botnets and trojans, and read reports about high level details of malware campaigns released on the AV blogs to understand how to do it myself. Its definitely not something that is spoonfed

Would it just be easier to start a legal business instead of being a thieving criminal nigger?

It doesn't seem to end well for most niggers outside of Russia or something. And when I read about multi millionaires and billionaires none of them seemed to make money by scamming people

>Would it just be easier to start a legal business instead of being a thieving criminal nigger?
Depends on what your good at. I enjoy writing malware because its a pretty decent technical challenge.

>It doesn't seem to end well for most niggers outside of Russia or something.
I know some Americans and Europeans doing quite well for themselves.

>And when I read about multi millionaires and billionaires none of them seemed to make money by scamming people
You're not going to make Billions from malware unless you've already got a huge criminal network to launder the money and legal protrection. The Russians and Chinese are definitely making billions with malware, but not from botnets specifically. Most of the big money is in industrial espionage.

If you do something which is going to get you billions and you haven't prepared properly you're going to be caught and spend a long prison sentence with your ass sore from jamal.

Would you recommend me learning more about this stuff?

I took a look at like the lena tutorials on RE and some of the malware forums but it seems kind of difficult to understand, guess I need to start much more basic to get the fundamentals down.

the problem is that to be a successful criminal you have to be smart, and that's something Sup Forums lacks

>1. they don't know how
This. How do you do it?

t. not tyrone

>As long as you're not fucktard
they're posting here so..

>get stolen cc number
>order a bunch of shit online
>get it sent to a po box registered to a fake id

>Would you recommend me learning more about this stuff?
If you are interested just for the money and have no real interest in the technical side of it I doubt you will get far before being burnt out. You have to have the right sort of autism to look at an IDA pro assembly graph for 2 weeks trying to figure out how to turn a crash into a usable code execution exploit.

>I took a look at like the lena tutorials on RE and some of the malware forums but it seems kind of difficult to understand
lena tutorials are pretty damn old. I don't remember much about them, but they probably are still relevant to some degree x86 hasn't changed much.
public malware forums are cancer, if you patient enough to sift through all the shit there are a few diamonds though.

If I were starting out today here's what I would tell myself with the knowledge I have:
1. Don't get bogged down reading books, the best way to learn is to just write the code
2. If you are totally lost then read a book
3. Before you get into exploit development just play around writing a basic bot that assumes its already on the system and has admin/root access.
4. If you get into exploit dev then start by learning how to fuzz
5. writing your own fuzzer tailored to what your working on is the best way to learn how to attack it
6. Learn how to use IDA Pro or radare2. Either works, and knowing one is indispensable.

>public malware forums are cancer, if you patient enough to sift through all the shit there are a few diamonds though.

opensc, ic0de and hackhound seems pretty good

All the other malware forums are literally all russian though... not sure how well that'd work out to join them

>get stolen CC number
>order a bunch of compromising goods such as dragon dildos
>mail them to cunts you know like your neighbors framing them out of spite
always a good time

opensc was good when I visited it, I don't visit forums much anymore becuase I can learn what I need from API documentation and reverse engineering for undocumented functions/arguments.

Some of the stuff you find on those forums will be very outdated and will red flag any decent AV. Knowing obfuscation techniques is critical.

Maybe i'll publically release my obfuscating C compiler based on clang frontend plugins and llvm backend plugins when I finally decide to go whitehat and work for some security firm after I make the money from being a blackhat.

can you ballpark how much you make

what kind of security do you have to use to protect yourself.. as far as proxies, vpns, virtual machines, etc?

It fluctuates, and is not steady (mostly related to my motivation). On average its better than "Senior Software Engineer" in the valley and worse than the President's salary.

that was always good for a laugh too, but i usually went for lengthy porn mag subscriptions

basically you find an exploit and then sell it. do you have a website you sell on?

Anonymity-wise it would be dangerous for me to say. I know it sounds fantastic but I doubt the even NSA would know it was me unless they put some serious resources into it.

I run a pretty hardened version linux for my main machines, but I can't go into very much detail.

finding exploits is a lot harder than it seems.

is it redhat?

Depends on what the exploit is in. There's plenty of low hanging fruit. I'll give you a lead because its now only just becoming well known the COM/RPC/WMI subsystem on Windows is ripe for exploitation.

I've always wondered how you guys even go about selling exploits/malware. Is it on the darknet? Is there any negotiation involved? Escrow? Do you ever know what kinds of people purchase them?

b-but i have norton and malwarebytes

Not him but governments and important companies buy exploits.

You'd probably make far more selling it to exploitkit maintainers though. But it might just be easier (and legal-er) to sell it to a legitimate organization.

just tooling around on hackforums i made contact with a guy selling exploits for excel and word right on the clearnet. he gave me a link to the site but i dont have skype on this comp

he was definitely russian

Who needs word/excel exploits when most normies don't know about macros, just program one that opens powershell and downloads a payload.

Its not always on the darknet. Sometimes its an IRC, sometimes you sell to a company. Back when I didn't into opsec I worked with russian niggers on skype.

This is not something new.

Of course not, but its severly underlooked and very undocumented. It also happens that plenty of COM servers are written as listeners in system privilege services.
Plenty are even remotely accessible (usually on LAN, but still good for lateral movement)

Do you make more than $100k/yr?

is it really worth it?

It would be worth it to me even if it was 20K a year. Hell, I would do it for free because I find it fun.

what happens if the authorities get your IP address? i assume they contact your ISP and from there can find everything youve done on that IP?

You could move to Jew-ruselum and make money in their multi-billion dollar adware industry.

also dont most people usually get caught when they start boasting about their accomplishments? are you worried about getting tied back to this thread?

There's no proof I do anything illegal. It's not illegal to sell the exploits, its only illegal to use them. If in the hypothetical situation I was using them, whatever IP they found wouldn't be "mine"

>from there can find everything youve done on that IP?
Most ISPs don't keep logs for more than a month, and I know for a fact the one I use doesn't keep them more than a week.

I haven't admitted to any crimes in this thread. The authorities in my country need reasonable cause to get a warrent to find my IP. And who says i'm not using a VPN right now?

you are truly anonymoose then

>It's not illegal to sell the exploits, its only illegal to use them.

this is pretty much the level any "smart" criminal would aim to profit from

...

>wew guise look at how nigger rich i am
... 10 months later ...
>wah wah /r9k/ why won't anyone employ a federal felon, that's so unfair!

And the time goes by.

Like any finacial venture, every indivdual has their own unique risk/reward metric they find tolerable.

It's a gamble plenty of malware developers won't take. Many of them do however, and I guesstimate only about 5% get caught and they typically run nigger-tier campaigns without any anonymization and no laundering.

If you're not running a huge operation it seems pointless.

Might as well work a legit job and sleep easy at night not worrying about getting your door kicked in for operating a banking botnet or worrying about laundering money.

Your right about banking botnets being a bad idea for little guys. You can pretty much only pull that off if you are already part of a crime network. But that's far from the only way people are making money off of other people's computers these days.

I'll just point out that in countries like China being a malware developer is a legit job, you even go to an office and everything. Pic related is where PLA Unit 61398 works from.

all the zeus and everything guys didn't seem to be criminal masterminds tho

zeus devs only sold the software to end users. The end users were either in slavic countries where you can get away with ripping off other people's bank accounts without trouble from law enforcement, and/or they were mafias.
Even in those countries in the decade since zeus popped up it has become much harder to pull off a banking hack due to better enforcement of the law.

>zeus devs only sold the software to end users

Slavik used it though...

Are there any blackhat social engineers or corporate spies? How much of a demand is there in it? schneier.com/blog/archives/2007/03/social_engineer_3.html

interesting I didn't know that. I assumed it was only sold. I assume he got away with it as much as he did because of his country though. Russia still doesn't enforce those types of laws very well.

>using the smiley with a carat nose

This is nigger tier thinking.

Instead of going to school they try to "make it big" with crime.

Pro tip: they all end up in jail.

corporate espionage is big bussiness. You aren't going to find job listing for it though. Its a definitely a "who you know" type of bussiness.

>Even in those countries in the decade since zeus popped up it has become much harder to pull off a banking hack due to better enforcement of the law.

I don't really think that's true.

There's been many banking trojans wreaking havoc, even in Russia/surrounding countries.

Hell i was reading about a banking trojan targeting Russia with the sole purpose of bank fraud (nothing else, designed to be as minimal and stealthy as possible) that's been around for years and is still seen.

Give it back, Jim-bob

you'll get arrested and sent to federal "pound me in the ass" prison

Russia might still be good, I don't know too much about the politics there. But other eastern European states such as Estonia have become much more strict.

Don't get me wrong, banking fraud is still big. Its just not as easy as it used to be.

How does it work though?

Do people get their money back? Seems pretty devastating to wake up and find out you lost $300,000 from your small business bank account.

have fun waiting years, and getting the grand sum of $735 a month. and you cant have more than $2k saved in the bank or investments, or your check gets reduced.

it really depends on the bank. For example in America banks are insured with FDIC which is $250,000. Most people don't keep that much in their bank account unless they are either very rich or very stupid. The very wealthy keep their money in things like Roth IRAs, investments owned by LLCs/LLPs which they own.

At most in a bank fraud you can expect up to $10K which is insured in most countries.

meant to reply to

Why would you advertise to the world that you want to partake in a crime?

This is exactly the kind of evidence the police would use to hang you when they finally catch your dumb ass.

Because there are people like me who take great pleasure in hunting chumps like you down and nailing them to the fucking wall so you can get sodomized for 20+ years in federal prison.

Other than that, no reason.

>Most people don't keep that much in their bank account unless they are either very rich or very stupid. The very wealthy keep their money in things like Roth IRAs, investments owned by LLCs/LLPs which they own.

Yeah I know that.

But I was actually quite curious how that works... Brokerage accounts don't seem to have all that much security, and THAT is where the millionaires would have their money. And the federal government doesn't really have any regulation in place to reimburse victims from such fraud - it seems more up to the individual brokerages (Which i'm guessing WILL refund you because they don't want bad press - it'll basically result in a brokerage to shutdown if even a handful of clients lost millions and didn't get their money back - can't say i've even heard of anywhere in the Western world not reimbursing their clients).

Plus the banking fraud from bank accounts thing seems more applicable to small businesses - those would have the biggest transaction limits (It's not uncommon for a business to wire $x00,000 to another account), but the problem is it's not insured like personal accounts are.

Seems kinda fucked. Not even sure how to really protect against this.

As far as I know you are right. Although I haven't heard of any small bussinesses being hit hard via banking fraud, i'm sure its been done but I think most of these guys are focusing on more under the radar small hits on individuals. It might be the case that brokerage account transactions of large sums may need human verification. Also they generally don't like all of a clients money being withdrawn and will usually try to do what they can to keep a customer, so that alone will prevent fraud in some cases.

>It might be the case that brokerage account transactions of large sums may need human verification

Well it'd need to be cashed out to the bank account linked to the brokerage account (Which is a whole other dilemma and would then involve that bank which im not sure what insurance that would fall under).

But that's not to say they can't do damage without necessarily withdrawing all your money. There's been quite a few cases of brokerage account hacks in the US used for pump and dumping or committing "illogical" and unprofitable trades in order to benefit the attacker's account (Probably under a fake id or something).

I'm guessing it's tremendously rare and you'd almost certainly get reimbursed, though.