this post was submitted on 11 Apr 2024
486 points (96.0% liked)
Programmer Humor
32472 readers
601 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm surprised that nobody suggested that he was a kidnapped dev. This seems like a different implementation of the pig butchering scams that target ordinary people.
I wasn't joking.
A good chunk of scam calls and texts come from people who themselves are victims of kidnapping. Many of those victims (primarily in Asia) got into the position they were in because they were looking for work, went to a different country to start a promised job, and then got trapped and forced to work for scam centers that do social engineering attacks.
These scam centers are sophisticated to the point where they can develop very legitimate-looking crypto trading platforms for targets in the US and other wealthy countries. They then assign one of the kidnapped people to a target. These kidnapped people then social engineer their way for months to get what their captors want - usually money in the aforementioned trading platform. Then, they cut all contact once they have control of the funds.
How does this relate to XZ? Well, if they can kidnap ordinary people looking for jobs, there's not much stopping them from including devs in their pool of targets. Afterward, it's just a rinse and repeat of what they'd done before.
If you want to look more into pig butchering, John Oliver has a great episode on it.
You don’t kidnap extremely highly skilled internet malware developers and force them to code for you, you just pay them appropriately.
Jupp. If you trap someone highly skilled and give that person a weapon, the chances are good that this person will use that against you.
Like how does a less skilled person know that this code will not send location to the police with a message?
A bit late, but the police are often paid by captors, so calling the police just leads to punishment.
The malware, sure, but you're ignoring how they were able to push the malware in the first place.
Any sources there or do you just lie for fun?
Edit: an article on this kind of behavior:https://redsails.org/false-witnesses/
All they did was offer an opinion, chill.
There's a high likelihood it was Russian or Chinese work tbh. That's a pretty reasonable take.