Comment by fn-mote
2 months ago
This ignores tptacek's points in the top-level post.
> [...] a bug that Google can kill instantaneously, that has effectively no half-life once discovered, and whose exploitation will generate reliable telemetry from the target.
You can't set up unmask-as-a-service because it's going to take you longer to get clients than it will take Google to shut down your exploit.
Yes, but:
1. It can still take a while before Google finds out
2. You can log every mapping you got in the meanwhile, then keep selling the ones you already have
Edit: although probably most of your business will be over when word gets out that your data isn’t exactly legal (which your clients have understood from the start, of course; they could just plead ignorance)
People keep talking about this as if there's a 0% chance of being caught if you do this?.
So let's suppose that you did set up the service like this. Can you even make 10 K? What are your odds of getting caught? How much do you value not being in prison and/or having to hire a lawyer to get you out of there?
I'd take the 10k every time.
I’d take the 10k, too, but I think it’s possible to pull this off without getting caught.
It’s a lot more work, of course, but you can scrape some top youtubers first as it seems relatively easy. If you can pull this off you can then try and figure out how to legitimize your offering – I won’t go into details here, for obvious reasons, but now that you have something valuable on your hands it makes sense to spend some time/money on selling that.
You’re talking about this as if there aren’t other countries who actively infiltrate power infrastructure and for whom this is the most low risk mild attack (if you can call it that)
I’m not speaking theoretically, which I suspect most on this thread are.
1 reply →