Comment by twistedpair

3 days ago

That one stumped me. Why not just encrypt with a hardcoded public key, then only the attacker can get the creds.

The simple B64 encoding didn't hide these creds from anyone, so every vendor out there's security team can collect them (e.g. thinking big clouds, GitHub, etc) and disable them.

If you did a simple encryption pass, no one but you would know what was stolen, or could abuse/sell it. My best guess is that calling node encryption libs might trigger code scanners, or EDRs, or maybe they just didn't care.

1 comment

twistedpair

Reply
jwpapi  3 days ago

Or they just wanted to prove a point.

They surely seemed to be smart enough to choose encryption over encoding.

Hard to believe encryption would be the one thing that would trigger code scanners.

Also it’s not just every vendor, also every bad actor could’ve scraped the keys. I wonder if they’ve set up the infrastructure to handle all these thousands of keys…

Like what do you even do with most of it on scale?

Can you turn Cloud, AWS , AI api keys to money on a black market?