***Official Political Discussion Thread***

Side note to your point I find this stuff really interesting I took a few law and tech classes and it’s always surprising how behind on digital and technology crimes a lot of Congress is though law enforcement sure has caught up. Can you recommend and books or websites on the subject?
I've never really read up much on cybercrime but Krebs on Security is a good source. He covers a lot of cybercrime, including more niche cases like some of the people I've had personal interactions or business relationships with. Even for a lot of people in IT, the social media market and the amount of cybercrime stemming from it is pretty obscure and often not something they're aware of.
https://krebsonsecurity.com/

There's a large market for "OG" (original) social media usernames for example, which even today is still somewhat obscure but KrebsOnSecurity is one of the few who covers cases related to that community.
Krebs' site is also how I found out some former associates ended up going to jail.

Selling OG usernames can be very lucrative but it's very dependent on how far you're willing to go. Rule #1 is that every username of value is already taken. So the obvious question is: how are these usernames obtained then?
There's various methods depending on the platform. Instagram for example has a policy where they "reset" usernames after an unknown period of inactivity. This appears to be a random process so a common method that I used was running a "checker" 24/7. This was essentially a program that continually scanned my custom wordlist for availability on IG. I'd simply leave it running day in day out and if it came across an available username, the program immediately registered it.
This used to be a fairly lucrative and low cost method but over time, technological advances have made it impossible for average people to compete. The checker program I used for years used to be around $250 but nowadays these programs will run you thousands of dollars and you need to know the right people to even be granted access to one.

That was/is the legal method, and the principle is basically the same for any platform that has a username reset policy.

A grey area method that no longer works was to figure out the email to an inactive account and recreate the email address. It was often the case that the email addresses linked to inactive valuable usernames were deleted due to inactivity. This allowed you to register the exact same email address and then just do a password reset. I'm not sure about the legality of that but that exploit was eventually patched. I imagine it would still fall under the Computer Fraud and Abuse Act because you're doing it to access a social media account that does not belong to you.

Now we're getting in the explicitly illegal territory.
I have an informal non-prosecution agreement with Twitch and the behavior stems from a decade ago so here's the methods I used back in the day.
I was poor back then and a friend of mine I met through Halo taught me how to use Burpsuite (a pen-testing program) to run a bruteforcing script 24/7.
Basically you intercept the code for a login attempt and then just replace the username and password with custom lists of usernames and passwords.
This worked for several years on Twitch and was my primary source of income for a long time back when I was poor and hadn't gotten a diagnosis yet for my various medical conditions.
I used the API to only target accounts with at least 5 years of inactivity but either way every stolen account still counts as an individual violation of the US Computer Fraud and Abuse Act. They later fixed this method.

Later I also figured out a 0day exploit that allowed me to log in to almost any account without requiring their email or password. I abused it for a while to obtain extremely valuable usernames but decided to approach Twitch with an offer. I offered to show them how the exploit work so they could fix it and in exchange I received an informal non-prosecution agreement.
This was right in the middle of the Amazon acquisition of Twitch so I was also allowed back on the site on an account of my choice and all data relating to my alias and numerous bans for account theft were wiped from their records. As long as I committed to stop further account theft and to not disclose the exploit to anyone during the Amazon acquisition, their head of Customer Support and Cybersecurity ensured me that I would never be banned again.

Since then I've only used what I've learned for a positive purpose. The same Burpsuite bruteforcing method also worked on NT for example, which I privately alerted Meth to a bunch of years ago so it could be fixed.
Hence why I decided to get a career in software testing after I was unable to continue nursing school due to medical issues. I actually list the Twitch exploit on my resume and detailed how the exploit worked on LinkedIn. Minus the gratuitous account theft of course. :lol:
Twitch was formerly known as JustinTV (JTV), and these were 2 separate domains during the Amazon acquisition but you could log in on Twitch through JTV.
JTV however had a very outdated email verification system. When you create an account, you received an email verification link that automatically logged you in.
By figuring out the decryption used to make those verification links, it allowed me to make my own verification links for already existing accounts and this would then automatically log me in without having to know their email or password. The only info required was the username and user ID, which was available in the public API.
I'm not sure why it didn't work on every single account but the shorter the username, the higher the success rate. It also worked on several system administrators' accounts, so if someone else with bad intentions were to figure out the exploit, they could've used system admin powers to cause immense damage in the middle of a billion dollar acquisition by Amazon.


Of course I still continued selling usernames obtained with legal methods such as the previously mentioned "checker" programs, but a lot of my associates and regular customers in that community were or have been involved in various kinds of cybercrime.
With the increasing value of social media usernames, especially ones that were easy to monetize, various illegal methods became more prominent.

SIM-swapping for example remains the most prominent method of account theft. Technically it doesn't involve 'hacking' but you do need some level of technical knowledge to mask your identity and location. Other than that, all you need is to be skilled at manipulation. If you have enough personal information on someone, all it takes is calling the target's mobile provider and manipulating a support employee into transfering the target's SIM card to your burner phone.
There were people as young as 13 who gained notoriety for SIM-swapping high value targets.

Over time SIM-swapping didn't just target social media accounts. Due to the nature of the business, cryptocurrency was the default payment method. With the rise of crypto, many of these people who were already experienced in SIM-swapping started targeting rich crypto bros in order to bypass 2-Factor Authentication and instantly steal hundreds of thousands of dollars from their crypto wallets before the target could regain access.

There's a lot of very talented people in the social media market, though unfortunately many of them end up in jail. Most of the worst people I had some level of interaction with were still teenagers when they started their crimespree. Developing a huge ego and publicly bragging was always what led to them getting caught and charged as adults.
Generally it would be some variation of the Computer Fraud and Abuse Act, wire fraud, money laundering, tax fraud, ...
There have also been cases of extortion and/or bribery. For example back when Twitter verification checks were still exclusive, some bribed a Twitter employee to sell blue checks for at least $3k per badge. Putting a verified badge on an already high value username then further skyrocketed the value of that account.
 
Last edited:
"I hang out with the highest ranking members of the Taliban. The women in Afghanistan wont ever be **** because of them, but honestly they are great"

What an actual joke.
 
nobody actually thinks foreigners shouldn't comment on foreign politics. it's obviously a fake talking point :lol:

when brexit was a big deal and the brexit thread was poppin nobody was like whoa whoa whoa hold on guys were all american, we can't talk about this.

or Israeli-gaza thread or the russian invasion of ukraine.


ect ect.

Your complete and utter lack of self awareness is astonishing.

You're the only one thats getting that complaint and from multiple people including Meth. Instead of taking a second to think about why that's happening to you and only you, your response is to label everyone else a troll or braindead.

So I'll spell it out for you.

The problem here is that you are so confident in your own intelligence and ideas that you genuinely think that you understand America and the American experience better than we understand it ourselves. The nuance, intricacies, history, and experience of growing up and living here day in and day out and you legitimately think you have a better understanding of how we think and act than we do. And how do you convey your supposed better understanding of America than actual Americans? You belittle, talk down to, and label people braindead when our actual lives and experience don't match your twitter posts or bar charts. It's insanity.

Honestly, if one person makes a complaint. Whatever, maybe they're really a troll or having a bad day. When multiple people are making the same complaint independently, maybe it's time to take a look at yourself.
 
The problem here is that you are so confident in your own intelligence and ideas that you genuinely think that you understand America and the American experience better than we understand it ourselves. The nuance, intricacies, history, and experience of growing up and living here day in and day out and you legitimately think you have a better understanding of how we think and act than we do. And how do you convey your supposed better understanding of America than actual Americans? You belittle, talk down to, and label people braindead when our actual lives and experience don't match your twitter posts or bar charts. It's insanity.

yes i don't trust random anecdotal evidence over hard data. sorry, i never will.

if an american tells me the sky is green 24/7 in america.
i'm not going to believe them simply because they are american.
 
Another days of lies and ad-hominems from midwits who don't appreciate the vision of higher police presence in our neighborhoods and teaching our children the benefits of slavery :smh: Don't tell me the sky is chartreuse if it's not :angry:
 
Your complete and utter lack of self awareness is astonishing.

You're the only one thats getting that complaint and from multiple people including Meth. Instead of taking a second to think about why that's happening to you and only you, your response is to label everyone else a troll or braindead.

So I'll spell it out for you.

The problem here is that you are so confident in your own intelligence and ideas that you genuinely think that you understand America and the American experience better than we understand it ourselves. The nuance, intricacies, history, and experience of growing up and living here day in and day out and you legitimately think you have a better understanding of how we think and act than we do. And how do you convey your supposed better understanding of America than actual Americans? You belittle, talk down to, and label people braindead when our actual lives and experience don't match your twitter posts or bar charts. It's insanity.

Honestly, if one person makes a complaint. Whatever, maybe they're really a troll or having a bad day. When multiple people are making the same complaint independently, maybe it's time to take a look at yourself.

Me and Belgium Belgium :

homer-simpson-awkward.gif
 
All these Trump picks just emphasizes that America has a White Mediocrity problem. To many White Mediocre people want positions of power they are not qualified for. The chant “you will not replace us” is as much about their race as their inability to compete with competent people of any color.
At bottom, it’s an entitlement problem. You see this with immigration and DEI, the notion that “others” are taking “our jobs.”

Nepotism hires who roll into work at 10:30 and oversee people performing actual labor love to talk about “hard work” and “competition” when they’ve never meaningfully engaged in either.

“Born on third base, think they hit a triple.”


I think this recent insight from rexanglorum rexanglorum is also worth resurfacing in the context of these latest nominees:

a lot of high profile conservatives are failed professional actors, writers, and producers.

Their first choice was to be a Hollywood Sicko. But they couldn’t hack it so they start claiming that everyone in Hollywood is a pervert because they know that if they had made it and became a big time producer, they’d make Harvey Weinstein look like a Boy Scout. So they figure that’s the case for everyone.

But due to the fact that they washed out of Hollywood, they usually become a ****** comedian, and in many cases, they get a job in right wing media.
The Steven Bannon reactionary pathway is all too common.
Donald Trump himself was always been a wannabe a-lister.

There’s a lot of “failed screenplay energy” driving resentment against cultural progressivism.

the dark knight joker GIF


It’s as predictable as it is pathetic.

i swear to god every canadian is a weirdo
just like clockwork they expose themselves

love to bash america yet the best thing they contributed to society is maple syrup


Don’t match the energy of miserable people, unless you want to become miserable yourself.

NikeTalk wouldn’t exist without its Canadian founder. This thread benefits from the regular participation of people who live in Europe and the Caribbean.

American politics have global effects, and that’s especially true for the US’ neighbors. Pierre Trudeau famously described Canada’s situation as “sleeping with an elephant.” It’s great if people want to become more informed and share perspectives. It’s worthwhile to form common cause across boundaries. I appreciate people who want to know how they can be better allies. International pressure has contributed greatly to many liberation struggles.

The problem is when you have people utterly devoid of self-awareness who stare into a kaleidoscope and fancy themselves microbiologists.

If you walk into a room full of people who are grieving the loss of loved ones in a foreign conflict, or people who’ve been receiving racist hate messages after an election, maybe don’t try to talk down to them, force yourself into the center of attention, and pretend that a few hours of social media “research” has granted you the wisdom to easily solve the problems that plague them.

If you want to take issue with that type of narcissism, fine.
Insularity and xenophobia are not helpful or merited.
 
I've never really read up much on cybercrime but Krebs on Security is a good source. He covers a lot of cybercrime, including more niche cases like some of the people I've had personal interactions or business relationships with. Even for a lot of people in IT, the social media market and the amount of cybercrime stemming from it is pretty obscure and often not something they're aware of.
https://krebsonsecurity.com/

There's a large market for "OG" (original) social media usernames for example, which even today is still somewhat obscure but KrebsOnSecurity is one of the few who covers cases related to that community.
Krebs' site is also how I found out some former associates ended up going to jail.

Selling OG usernames can be very lucrative but it's very dependent on how far you're willing to go. Rule #1 is that every username of value is already taken. So the obvious question is: how are these usernames obtained then?
There's various methods depending on the platform. Instagram for example has a policy where they "reset" usernames after an unknown period of inactivity. This appears to be a random process so a common method that I used was running a "checker" 24/7. This was essentially a program that continually scanned my custom wordlist for availability on IG. I'd simply leave it running day in day out and if it came across an available username, the program immediately registered it.
This used to be a fairly lucrative and low cost method but over time, technological advances have made it impossible for average people to compete. The checker program I used for years used to be around $250 but nowadays these programs will run you thousands of dollars and you need to know the right people to even be granted access to one.

That was/is the legal method, and the principle is basically the same for any platform that has a username reset policy.

A grey area method that no longer works was to figure out the email to an inactive account and recreate the email address. It was often the case that the email addresses linked to inactive valuable usernames were deleted due to inactivity. This allowed you to register the exact same email address and then just do a password reset. I'm not sure about the legality of that but that exploit was eventually patched. I imagine it would still fall under the Computer Fraud and Abuse Act because you're doing it to access a social media account that does not belong to you.

Now we're getting in the explicitly illegal territory.
I have an informal non-prosecution agreement with Twitch and the behavior stems from a decade ago so here's the methods I used back in the day.
I was poor back then and a friend of mine I met through Halo taught me how to use Burpsuite (a pen-testing program) to run a bruteforcing script 24/7.
Basically you intercept the code for a login attempt and then just replace the username and password with custom lists of usernames and passwords.
This worked for several years on Twitch and was my primary source of income for a long time back when I was poor and hadn't gotten a diagnosis yet for my various medical conditions.
I used the API to only target accounts with at least 5 years of inactivity but either way every stolen account still counts as an individual violation of the US Computer Fraud and Abuse Act. They later fixed this method.

Later I also figured out a 0day exploit that allowed me to log in to almost any account without requiring their email or password. I abused it for a while to obtain extremely valuable usernames but decided to approach Twitch with an offer. I offered to show them how the exploit work so they could fix it and in exchange I received an informal non-prosecution agreement.
This was right in the middle of the Amazon acquisition of Twitch so I was also allowed back on the site on an account of my choice and all data relating to my alias and numerous bans for account theft were wiped from their records. As long as I committed to stop further account theft and to not disclose the exploit to anyone during the Amazon acquisition, their head of Customer Support and Cybersecurity ensured me that I would never be banned again.

Since then I've only used what I've learned for a positive purpose. The same Burpsuite bruteforcing method also worked on NT for example, which I privately alerted Meth to a bunch of years ago so it could be fixed.
Hence why I decided to get a career in software testing after I was unable to continue nursing school due to medical issues. I actually list the Twitch exploit on my resume and detailed how the exploit worked on LinkedIn. Minus the gratuitous account theft of course. :lol:
Twitch was formerly known as JustinTV (JTV), and these were 2 separate domains during the Amazon acquisition but you could log in on Twitch through JTV.
JTV however had a very outdated email verification system. When you create an account, you received an email verification link that automatically logged you in.
By figuring out the decryption used to make those verification links, it allowed me to make my own verification links for already existing accounts and this would then automatically log me in without having to know their email or password. The only info required was the username and user ID, which was available in the public API.
I'm not sure why it didn't work on every single account but the shorter the username, the higher the success rate. It also worked on several system administrators' accounts, so if someone else with bad intentions were to figure out the exploit, they could've used system admin powers to cause immense damage in the middle of a billion dollar acquisition by Amazon.


Of course I still continued selling usernames obtained with legal methods such as the previously mentioned "checker" programs, but a lot of my associates and regular customers in that community were or have been involved in various kinds of cybercrime.
With the increasing value of social media usernames, especially ones that were easy to monetize, various illegal methods became more prominent.

SIM-swapping for example remains the most prominent method of account theft. Technically it doesn't involve 'hacking' but you do need some level of technical knowledge to mask your identity and location. Other than that, all you need is to be skilled at manipulation. If you have enough personal information on someone, all it takes is calling the target's mobile provider and manipulating a support employee into transfering the target's SIM card to your burner phone.
There were people as young as 13 who gained notoriety for SIM-swapping high value targets.

Over time SIM-swapping didn't just target social media accounts. Due to the nature of the business, cryptocurrency was the default payment method. With the rise of crypto, many of these people who were already experienced in SIM-swapping started targeting rich crypto bros in order to bypass 2-Factor Authentication and instantly steal hundreds of thousands of dollars from their crypto wallets before the target could regain access.

There's a lot of very talented people in the social media market, though unfortunately many of them end up in jail. Most of the worst people I had some level of interaction with were still teenagers when they started their crimespree. Developing a huge ego and publicly bragging was always what led to them getting caught and charged as adults.
Generally it would be some variation of the Computer Fraud and Abuse Act, wire fraud, money laundering, tax fraud, ...
There have also been cases of extortion and/or bribery. For example back when Twitter verification checks were still exclusive, some bribed a Twitter employee to sell blue checks for at least $3k per badge. Putting a verified badge on an already high value username then further skyrocketed the value of that account.
This is really interesting stuff! Thanks for sharing.
 


go straight to horny jail, do not pass go.

He is cooked.

NY times timing is brilliant. Immediately after Congress said they weren't releasing the findings boom. This drops.

Win win for Dems, either he is disqualified and eventually kicked out of Congress. Or Republicans continue their moral decline and worsen their standing post Trump.
 
Horny jail? When you’re trafficking and paying minors, go straight to hell
i forgot about that. go to jail for that also.

He is cooked.

NY times timing is brilliant. Immediately after Congress said they weren't releasing the findings boom. This drops.

Win win for Dems, either he is disqualified and eventually kicked out of Congress. Or Republicans continue their moral decline and worsen their standing post Trump.

so much for the tolerant left.
 
Back
Top Bottom