Viewing a single comment thread. View all comments

nulloperation wrote

Reply to comment by !deleted34314 in by !deleted34314

Your sphere of influence only goes so far.

If you put enough effort into it, you could succeed in creating and spreading ransomware (optionally without the ransom, just purposefully bricking computers). That can influence the IT infrastructure of a whole company. Perhaps that is legitimate to use a device if it is specifically for the purpose of disabling as many other devices as quick as possible?

4

AnarchoDoom wrote

Are there any resources you could share that's opsec enough for this website yet could be starting points for anyone who wants to study this approach? Not sure I could find that over hackernews...

3

nulloperation wrote

Don't know where you're at, but basic programming literacy is a starting point (and perhaps figuring out how to cross-compile statically-linked from your language of choice).

Also, maybe knowing your limits..? You're not Mossad so you're likely not going to discover exploitable zero-day vulns on your own, right. But there's plenty of low-hanging fruit. Throughout the 90s and 00s you could pass any Windows user a storage medium with an autorun.inf on it, and their machine would happily autorun it on insert. Today there are many orgs running Windows versions that don't receive security updates anymore, like Windows 8 and earlier (latest security updates was 4 years ago).

Maybe also watch some CCC videos, like “Yes We Can’t!” - on kleptography and cryptovirology.

Also Moxie's post on the Cellebrite hack has real good details. And Defeating ssl with sslstrip.

In 2019 NHS was still running Win XP when they were hit by ransomware.

But I disagree strongly with @friendly_raddler in "make total destroy". Compare the ransomware attack on Colonial Pipeline's accounting systems with the NHS: IMO stopping oil pipelines is more constructive and creative than stopping public health care. Realistically, you're not going to kill all robots, and you'll have to target them in some order. Therefore, start with oil pipeline company accounting system servers or perhaps self-driving cars fully-automated murderbots or something, not hospitals, pleeeeeeeeeeease, even if you're anti-vax anarchist.

4

moonlune wrote

I'm working my way through SICP atm and it's a really good book :)

4

AnarchoDoom wrote

Thanks for the well-sourced comment. Will send the links to be FBI.

2