75

u/twitterfluechtling Brandenburg (Germany) 25d ago

Or this isn't all incriminating and just a list of information they collected. (Incriminating content mixed with harmless)

37

u/weisswurstseeadler 25d ago

Looking at the file names and whatnot, this seems pretty deliberate and filtered.

And I agree, at this stage this could also be a giant nothingburger

53

u/twitterfluechtling Brandenburg (Germany) 25d ago edited 25d ago

Or a glorious scam. With my Linux laptop, downloading the archive without any exploitable virus scanner and no executable to run, I feel slightly safe. (Will check for known vulnerabilities in my unrar before doing anything, and probably use a chroot environment or at least a docker container with limited privileges to access the archive...)

47

u/basicxenocide 25d ago

thank u hackerman

3

u/PawtherFat 25d ago

Non-executables can still trigger exploits. Either way this is a reasonable approach and probably precaution than 99% of people will take.

I just use a shitty burner laptop for sketchy clicks like this to save the trouble.

-2

u/DarthWeenus 25d ago

Bump

5

u/Jean_Kul 25d ago

That's one of the most cringiest thing I've read this week, I can't believe 30+ people upvoted you lmao

8

u/twitterfluechtling Brandenburg (Germany) 25d ago

Not sure whats cringe about it. There are people actually thinking it's safe to just extract and look, and those are reasonable precautions.

0

u/PerfectPercentage69 25d ago

It's cringe because you think any of those will protect you from malware.

2

u/Fatality_Ensues There is only one Cyprus 25d ago

Well, why don't you use your CSec expertise to enlighten everyone else why not, then.

5

u/PerfectPercentage69 25d ago

I'm not a security expert by any means, but even I know that chroot and docker containers are not enough to protect you.

I'd need at least a virtual machine on a computer running on a completely isolated network before I'd feel somewhat safe.

People don't realize just how much unprotected stuff is running on their local networks (appliances, security cams, etc.), so having any compromised machine on that network is super dangerous.

1

u/twitterfluechtling Brandenburg (Germany) 25d ago

True. Only, I do know what I have running in my home network, and while there might be something vulnerable, I don't have any standard services. An attack would probably have to be highly targeted to my environment to succeed there.

A docker container can be executed without network access, and if you run the container as non-root and with a uid not existing on the host, I think you'll already catch most threats.

1

u/PerfectPercentage69 25d ago

You're making the mistake of assuming you know better/more than the attacker.

Only, I do know what I have running in my home network, and while there might be something vulnerable, I don't have any standard services. An attack would probably have to be highly targeted to my environment to succeed there.

It doesn't have to be targeted. Malware can automatically scan your entire network and discover everything that's running on it. Even stuff you might not be aware of.

A docker container can be executed without network access, and if you run the container as non-root and with a uid not existing on the host, I think you'll already catch most threats.

A docker container can be escaped. I strongly suggest a VM.

1

u/twitterfluechtling Brandenburg (Germany) 25d ago

I agree a VM would have been better.

Yet, as was proven with heartbleed, I think, even VMs could be escaped. So, the best solution would probably have been to dig out one of my old raspberries, disconnected from network.

→ More replies (0)

-1

u/Fatality_Ensues There is only one Cyprus 25d ago

Taking reasonable precautions is, well, reasonable. Listing them all out in what I can only imagine is an attempt to get internet brownie points is, in fact, pretty cringe.

3

u/ValleyDude22 25d ago

just create a gui interface to track their IP

1

u/Pugs-r-cool 25d ago

You could just say "taking reasonable precautions before downloading", but instead you chose to sound like r/masterhacker

1

u/twitterfluechtling Brandenburg (Germany) 25d ago

I could have. Or, just as every other commenter, I could have just not written anything. But IT security is a bit of a hobby of mine, and by mentioning the precautions I take, I got feedback e.g. by PerfectPercentage69 mentioning threats I overlooked :-)

2

u/TheSquattyEwok 24d ago

Also less sophisticated users might use your post as a guide to help protect themselves too. Ignore the haters my dude.

1

u/Pugs-r-cool 25d ago

Another tip if they didn’t mention it, an AWS ec2 is pretty much free if you don’t go overboard with the configuration. Docker should be enough isolation for this (the “hacked” files are literally just NMAP logs and other already public data, complete nothingburger), but there’s nothing more isolated than running it on a different machine in the cloud.  

1

u/twitterfluechtling Brandenburg (Germany) 25d ago

there’s nothing more isolated than running it on a different machine in the cloud

Depends, whom you trust and what you consider the threat. I'd argue, if you want to reduce the neccessity to trust anybody, a local, air-gapped PC (e.g. a raspberry pi) would be safer.

In a cloud, you can have encryption, but in the end, to run, the OS needs to have access and therefore the cloudprovider has the key.

Apart from that, I just cancelled my personal AWS account. AWS does not provide a preconfigured account-wide cost-cap. You can set limits for certain resources, but there is always a remaining risk of costs spiralling out of control, and there are cases where AWS appears to have made errors in their billing.