← Back to context

Comment by gnabgib

9 hours ago

This seems to lack the full story, despite the headline.. Krebs' coverage is more in-depth (39 points) https://news.ycombinator.com/item?id=46976825

11 comments

gnabgib

Reply
walletdrainer  3 hours ago

[flagged]

  • notpushkin  3 hours ago

    Could you elaborate a bit? It’s hard to take such a claim seriously without any evidence presented.

    • walletdrainer  2 hours ago

      Every single person who has bought the phishing kit claims the seller is a scammer. Krebs’s article is based entirely on the sellers description of the (imaginary) product, rather than actual observation of the phishing kit in the wild.

      See the exploit.in thread for example https://temp.sh/XOWUP/STARKILLER_V6.0.1___ULTIMATE_WEAPON__B...

      Krebs has access to these forums, he could’ve checked this story out in less than 3 minutes but did not.

      Even if Krebs wasn’t a subject matter expert, it’s still inexcusable that he didn’t do the most basic work here. You don’t need to frequent underground runet forums to know that a journalist should be able to verify the stories he puts out.

      I think it’s also particularly telling that he didn’t bother to source reasonable quality screenshots for the story, which he would have been able to do had he ever witnessed this phishing kit working.

      3 replies →

  • pests  3 hours ago

    This is so odd. I tried to verify your claim and I give up. It might be but I really hate how information is becoming like this. There is other reporting out there on "Starkiller" (the phishing kit in kerbs most recent post) and I can find other articles on it, but sources seem to be circular. The source mentions Jinkusu forums, which do seem to be real, but any links I find aren't loading for me and still no conclusive findings of Starkiller.

    • walletdrainer  2 hours ago

      https://temp.sh/XOWUP/STARKILLER_V6.0.1___ULTIMATE_WEAPON__B...

      These forums are mostly private, but Krebs certainly has access to them. There can really be no excuse for how he handled this.

      There are multiple posts by people in different places claiming to have bought this phishing kit, and then being delivered totally non-functional vibecoded garbage. The vibecoded garbage is not the advertised product though, as the author never managed to get the AI to finish his project.

      1 reply →

    • flipped  1 hour ago

      Krebs lack any sort of real credibility. He's pushing out slop with a govern-mentalist propaganda. Tech journalists are the worst form to gather any actual information.