/cyber/ - Cyberpunk & Science Fiction

>protonmail

Well, I guess they proved to be incompetent skiddos.

>>50365

>political

Looks like someone hasn't read the Snowden Files.

That bumps you up from cybercrime to "Hactivist" and permits "extrajudicial" action (read: outside the scope of law).

Protip: If you need help, it's either game over for you, or you're a honeypot.

> Development Effort

Start or contribute to a FLOSS project instead. That's sticking it to "the man".

Chummers in op's image don't know shit about OPSEC, don't know what they're up against, just gave adversaries all the ammo they need to take them out.

Here's a White Rabbit, Neo: CELLDAR

>>50366

not op, but what's wrong with protonmail?

>>50381

You not see what they did to Toblerone? The Swiss can't be trusted.

>>50365

Allowing lots of unknown people to start a cracking project through a cripto mail of disputable reputation.

Either they have really fucked up from the start or they are creating a scapegoat to mask the true primary group

>>50365

Those requirements. schway. Anyone with that knowledge is making 100k+ and if they're fighting the system, it's from the inside. Almost no one with that level of expertise is going to join a hackerman group from the chans.

>ethical

stopped reading here

>>50382

>Toblerone

I use protonmail, what happened?

>>50385

Obviously BS requirements. Advanced Mathematics? really? No one says this job requires "Advanced Mathematics" on a list of requirements because "Advanced Mathematics" isn't a thing. It literally could mean anything. To the uninitiated calculus is advanced mathematics, to the college non-math major, Real Analysis might be advanced. To a mathematician all kinds of hyper specific stuff might constitute advanced.

How this is related to malware at all is questionable. Cyber-criminals might be a starting point for looking at how to run an APT organization with political targets. Whale Fishing has been particularly successful for the Chinese, with macros in office documents. Why would anyone roll their own cryptography? Knowledge of how to use rather than implement or even god forbid create crypto is all thats necessary. Why python would be nessasry is also beyond me: Are you creating a scriptable framework for malware ? Developing exploits might be useful, and is probably part of what distinuighes an APT from a cybercriminal.

My list of requirements would be more shorter and much more specific:

To write exploits:

——————

* Microsoft Windows Internals, WIN32 API , Driver Model, Kernel Internals

* Microsoft Office Macros / Office Document Iternals/ PDF Internals / Flash Internals

* C Programming (Included in above obvious)

* PC Assembly with Microsoft Windows Calling Convention

* Reverse Engineering

To Persist / Escalate Access:

—————————–

* Experience USING (not implementing, not designing) cryptos systems via C

* Obfuscation techniques for binaries

* Experience Pen-testing

* Devops for Cybercirminals (hosting etc.)

to use exploits:

—————-

* Experience Whale Fishing

* Serious OPSec / Trade Craft

* Humint collection and recruitment / Social Engineering

You could probably buy exploits/ kits , penetrate low levels of organiztions persist and escalate access from there if your acting on a budget.

A large budget would look like dedicated devops teams securing anonymous hosting (probably by exploiting vulnerable boxen), a modular malware system with pluggable payloads and exploit vectors. You would probably have decidated teams working on exploits, and decicated teams working on payloads (reverse shell, exflitration etc.) You would probably have a dedicate team that handles entry points (whale fishing, humint), and a team that handles escallation. NSA (TAO) leaks are probably a good place to look for what a large budget APT looks like.

"Advanced Mathematics" is probably non-sense. What would you do with it?

>>50473

>>50381

>>50382

if you encrypt your email,

what are you afraid of?

>>50477

This user gets it.

Inventing your own encryption algorithms is not as easy as OP's shazbot brain seems to think.

It involves lots of statistics and requires you to prove the algorithm's security mathematically.

"Nobody has broken it so far, so it must be secure" won't cut it. OP just wants a group of people who do work for him so he can feel like a cool 1337 h4X0r.

Most codemonkeys are closer to a hacker than you are.

>>50487

Not sure if you are Saying I understand or don't but:

You largely do not design cryptography if you want security because cryptography is hard, and pretty much only huge institutions like universities and governments retain sufficient cryptography expertise to design cryptosystems.

Generally, most people use "Nobody has broken it so far" cryptography.

There are not many "perfectly / information-theoretically secure " crypto systems out there, and the most that are out there are inconvenient. (Cf. One time Pad - key distribution problems).

Instead most people use cryptosystems based upon computational infeasability of breaking the system. For instance, RSA is based upon the difficulty of factorizing integers. No one can easily factorize (54= 3^3 * 2) large intergers with few factors (say two large prime factors only). There is an algorithm for it that will run on a quantum computer (Shors Algorthim) that is fast, but qauntum computers at sufficient scale are not widely available if at all available. So, as long as factorizing integers remains hard, it is believed that RSA is useful "No one has broken it yet.. " . It could turn out that a government agency has figured out how to easily factorize integers on a classical or has developed large enough quantum computers to do so.

The Russians have developed their own cryptosystems and retain the expertise to do so. I don't know anything about them, but I would bet they are based upon similiar problems (Discrete-Log, Integer factorization) , etc.

Sometimes we want crypto-primatives like PRNG's to have nice statistical properties, but really modern cryptography is based on "No one has broken it so far,… " security.

Implementing your own crypto is stupid. Post Snowden some jihadist groups tried, and ending up producing trivially broken crypto.

But, Almost certainly, none of that is relevant for any hacker group. Almost certainly no small size group will have the expertise to develop a novel cryptosystem, and the benefits of doing so are trivially small. What could you possibely gain from having "My Hacker Alogrithim 1337" even if well designed, and well implemented. If your adversery is the US government, you almost certianly want to use widely used algorthims, and popular libraries, with a skill implementor who has experience in using the libraries correctly. Designing your own crypto would be foolish. All the Snowden leaks seem to indicate that AES is not broken.

>>50491

Was it not clear that I was opposed to the idea of implementing your own cryptography?

You literally elaborated on what I said. Don't get me wrong, not ungrateful, but I feel you misunderstood my position.

>>50487

>>50491

>>50494

>"Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break. It's not even hard. What is hard is creating an algorithm that no one else can break, even after years of analysis." - Bruce Schneier

https://www.schneier.com/blog/archives/2011/04/schneiers_law.html

https://en.wikipedia.org/wiki/Bruce_Schneier#Cryptography

>all this hate

what? I thought /cyber/ was full of RPers who jerked off to the cyberpnk manifesto, and would be happy to actually participate in something like this. Hell, how can you be so sceptic about this and fall for stuff like Tsuki's scam? At least this has a bit more credibility. Perhaps it's because Tsuki didn't actually demanded that you knew anything and it was all about the aesthetics, and this guy actually wants you to know cryptography, is that it?

And just to clarify I'm not the OP nor do I really think he's all that serious ("it's a trojan RAT rootkit bootkit malware that uses tor, mr Alderson), but it's at least more interesting (and tangible) than "hey guys the system is about to be purged but not really"

>>50558

>there's a handful of people who fell for the Tsuki scam

>this is marginally better than a pure scam

>therefor you mustn't hate it

Were you dropped as a child? This is /b/ level soykaff, get your attention begging elsewhere.

Also, you're very obviously OP.

>>50565

Both are scams alright, and this is pure tsuki-tier shit.

That's why I don't understand why people would fall for one and not for the other.

At least this one makes my script-kiddie nature moist a little.