[HN Gopher] How an Indian startup hacked the world (2023)
___________________________________________________________________
How an Indian startup hacked the world (2023)
Author : xncbxmc
Score : 155 points
Date : 2024-12-18 19:26 UTC (2 days ago)
(HTM) web link (www.reuters.com)
(TXT) w3m dump (www.reuters.com)
| mandevil wrote:
| Good to see this article is available. Would that count as a new
| publication date?
| dr_dshiv wrote:
| definitely
| IG_Semmelweiss wrote:
| this is a well researched article. Shame these are rare vs the
| norm.
|
| Reading thru the narrative about Appin, there's not a lot of
| complicated technical stuff. Their "training" consisted of
| novel approaches to social engineering / phishing that are a
| step up from your standard pretend-errant SMS of "hey I'm in
| town want to meet, (wrong person)?" to trick you into
| eventually clicking a URL.
|
| Not a lot of science at all. Just clever & resourceful people,
| operating at scale.
| gnabgib wrote:
| Related _Reuters has temporarily removed article "How an Indian
| startup hacked the world"_ (17 points, 1 year ago)
| https://news.ycombinator.com/item?id=38548569
| alephnerd wrote:
| Interestingly, Edward Snowden studied at Appin's rival Koenig
| back in Delhi in the 2000s [0]
|
| [0] - https://foreignpolicy.com/2014/01/13/what-was-edward-
| snowden...
| dyauspitr wrote:
| There are a huge number of "mom and pop" hack shops all over
| India where people go to spy on their spouse's/kid's/friend's
| electronics.
| sccomps wrote:
| source?
| dyauspitr wrote:
| An article I read I'm having trouble finding again.
| ilrwbwrkhv wrote:
| Oh gosh. That sounds so terrible and sick. How large are these
| operations in India.
| fuzztester wrote:
| Precedent:
|
| https://en.m.wikipedia.org/:wiki/Private_investigator
|
| https://en.m.wikipedia.org/wiki/Pinkerton_(detective_agency)
| Dah00n wrote:
| What do you think Private Investigators do in the US? They
| are basically professional stalkers and/or hackers.
| boomboomsubban wrote:
| Isn't that basically a private investigator? That sounds like
| what other countries PI's were using Appin for in the article.
| lmz wrote:
| Good for them. Here we hear a lot about Chinese, Israeli, or NK
| hackers but not often Indian ones.
| alephnerd wrote:
| There are plenty of these organizations globally.
|
| I'd say most major non-European countries have a public-private
| partnership model for offensive security operations
|
| There's a reason why most countries didn't join the Budapest
| Treaty for Cybercrime.
| userbinator wrote:
| That's because what you hear depends a lot on the political
| climate, and more specifically what the media want you to
| think.
| boomboomsubban wrote:
| Which makes me wonder who Appin pissed off.
| alephnerd wrote:
| No one. It was organically detected by the threat hunting
| team at a cybersecurity company called SentinelOne.
|
| Most cybersecurity vendors have a dedicated org to threat
| hunting and blue teaming for a mix of marketing and keeping
| parity with exploit developers.
| Dah00n wrote:
| Do they aim their "organic detection" equally against
| every single country, including the US? Or are they
| inherently biased?
| EdwardDiego wrote:
| That's rather bad faith.
| libertine wrote:
| > more specifically what the media want you to think
|
| What media are you referring to, and how are they
| coordinating?
| esperent wrote:
| A recent example: as you might have heard, the CEO of an
| insurance company was shot.
|
| As I'm not from the US, the most interesting thing to me
| about this killing is that a significant amount of the
| population thinks that the killing was justified. I've seen
| numbers like 60% of young people support his actions. If
| you go on reddit, you'll see that he has a huge amount of
| support there.
|
| Now, I don't personally know what to think about all this,.
| although my gut reaction is that violence is rarely a good
| solution.
|
| But one thing I am sure of: the public reaction to this
| killing is _incredibly_ newsworthy. Possibly _will go down
| in history as the starting point of a revolution_ levels of
| newsworthy.
|
| How much reporting on this aspect of the killing have you
| seen in the media? Especially in the first couple of days.
| Barely a whisper.
|
| When people talk about manufacturing consent and
| controlling the narrative, this is the kind of thing they
| mean.
|
| In a healthy press, in a healthy society, there should be a
| ton of discussion happening about this, why so many people
| are so upset and angry with their situation that they're
| willing to support a killing in broad daylight, what can be
| done to fix these issues, how this should be a wake-up call
| that deep changes are needed, and so on.
|
| Do you see that happening anywhere in the established
| media? The coordination doesn't require some shadowy
| network of media moguls making phone calls. Although I'm
| sure that is happening a bit since there are hardly any
| independent newsrooms anymore.
| mewpmewp2 wrote:
| > Do you see that happening anywhere in the established
| media? The coordination doesn't require some shadowy
| network of media moguls making phone calls. Although I'm
| sure that is happening a bit since there are hardly any
| independent newsrooms anymore.
|
| This works naturally in a top down hierarchy where people
| who do what you want get promoted and who do not will
| not. There doesn't have to be a conspiracy. It is the
| little things influencing who exactly has decision power
| and everything can just go unspoken. A powerful and rich
| person who owns part of a business would exert influence
| on the hierarchy by funding only what they like and
| hierarchy promotes only what gets funding.
|
| Nobody has to utter a word, it is a bit like evolutionary
| algorithm of incentives.
| libertine wrote:
| > a significant amount of the population thinks that the
| killing was justified. I've seen numbers like 60% of
| young people support his actions. If you go on reddit,
| you'll see that he has a huge amount of support there.
|
| Can you share where you've seen these numbers?
|
| > In a healthy press, in a healthy society, there should
| be a ton of discussion happening about this, why so many
| people are so upset and angry with their situation that
| they're willing to support a killing in broad daylight,
| what can be done to fix these issues, how this should be
| a wake-up call that deep changes are needed, and so on.
|
| Doesn't this go against the ethics of reporting such
| extreme events, which empower people with mental health
| issues to "copy cat" in order to seek attention and gain
| social status?[0]
|
| I don't see how empowering someone with a mental disorder
| who chose murder as a means to set the public agenda as a
| "healthy press in a healthy society". Isn't this simply
| devaluing those who choose to pursue justice through
| peaceful means? Like using the Justice System,
| Protesting, etc?
|
| > Do you see that happening anywhere in the established
| media?
|
| Yes, I've seen plenty of coverage, I'll even say too much
| coverage on this subject as a whole.
|
| [0]https://pmc.ncbi.nlm.nih.gov/articles/PMC5296697/
| maeil wrote:
| > Doesn't this go against the ethics of reporting such
| extreme events, which empower people with mental health
| issues to "copy cat" in order to seek attention and gain
| social status?[0]
|
| These ethics are completely disregarded by the media when
| reporting on e.g. school shootings. They do not factor in
| whatsoever.
| libertine wrote:
| Well, we don't know to what extent they factor it in. It
| would be interesting to see how it evolved throughout the
| years - but that's beyond the point:
|
| The ethics and the effects of it are there, and to have a
| murderer set the public agenda doesn't make much sense.
| theWreckluse wrote:
| The coordination emerges for second order reasons,
| sometimes as simple as what the people want to hear even.
| libertine wrote:
| So after all there's no coordination, it's about what
| different media outlets perceive as newsworthy and of
| value to people.
|
| Is this what you mean?
|
| Because "coordination" means that there's an effort to
| make different parts of a system work effectively as a
| whole.
| Dah00n wrote:
| Simple. Ask some Americans to write an article about spies
| or hackers. Then ask someone from North Korea. Do you not
| think where they are from and who they work for having an
| influence on what country the spy/hacker is from and who
| they work against?
|
| There's no such thing as unbiased journalists. When the Red
| Scare was on its highest, they would likely write about
| Communist spies. When Muslims were the most evil people
| ever, they would likely write about state sponsored groups
| from Iran. These days, Russia, China, Iran, and North Korea
| are the de facto go-to for Americans writing about these
| kinds of things even though most hacks in the US are done
| by Americans against Americans. There's no need for a
| conspiracy for OPs comment to be correct. People want you
| to believe their world-view.
| libertine wrote:
| > Ask some Americans to write an article about spies or
| hackers.
|
| So The Guardian and Washington Post reporting on Edward
| Snowden leaks literally about USA Hacking and Spying...
| don't count? It's probably the biggest report ever
| published on this matter and happened in the USA. Not to
| mention that others followed through...
|
| That's why this is quite a confusing statement... heavily
| conspiracy-driven and misinformed... was any journalist
| murdered? Because you know, other regimes murder their
| journalists for far less.
|
| Anyway, I don't think this answers the question.
|
| The user generalized, and I'm looking for a concrete case
| of "what the media" wants us to hear where coordination
| took place. This is conspiracy theory by the way, and
| it's now generalized - so I think it's important to go
| into the facts of it.
|
| For example, if he said specifically "X is optimized to
| push MAGA content", it would be a concrete example of a
| multi-billionaire pushing a certain narrative and there's
| data that shows the shift[0]
|
| But stating that "the media" as a whole, is such a broad
| statement and such an extraordinary claim, that it
| requires that we look into it no?
|
| Of course, there are different sets of values and
| controls depending on the country. There's no free press
| in North Korea. This is a very different statement,
| because there's free press in most Western Countries,
| even with individual biases.
|
| > These days, Russia, China, Iran, and North Korea are
| the de facto go-to for Americans writing about these
| kinds of things even though most hacks in the US are done
| by Americans against Americans.
|
| Can you provide more information about these claims? Who
| are these Americans, and to whom are they writing?
|
| > People want you to believe their world-view.
|
| Who are these people you're talking about?
|
| [0]https://cybernews.com/news/x-algorithm-changed-musk-
| boost-ri...
| rightbyte wrote:
| What are you talking about Oceania has always been at war with
| India.
| saagarjha wrote:
| > The article has now been reposted here, with an update in
| paragraph 14 to note that there's no suggestion that bona fide
| students of the training centers were involved in hacking.
|
| Quite unfortunate :/
| Thorrez wrote:
| What is unfortunate? That the article was reposted? That a note
| was added to the article?
| saagarjha wrote:
| The latter.
| shadow28 wrote:
| Could you please elaborate for those of us without context?
| saagarjha wrote:
| Reuters was forced by a lawsuit to take down the post.
| They eventually got it posted again but not without a
| disclaimer on it.
| Thorrez wrote:
| I don't see what's wrong about the note. I don't see
| anything suggesting the note is inaccurate. I don't see
| anything that says the court forced Reuters to add the
| note. It appears Reuters added the note of their own free
| will.
| 1024core wrote:
| How did these people get the tech to do all this?
| aprilthird2021 wrote:
| Did you read the article? Their specialty appears to be email
| phishing, which doesn't require much in the way of bleeding
| edge technology
| alephnerd wrote:
| > which doesn't require much in the way of bleeding edge
| technology
|
| They did runtime level attacks and (then) novel exploits
| which SentinelOne co-published with Reuters, but they took
| the article down due to the same lawsuit Reuters faced.
|
| Here's the web archive of the original article - https://web.
| archive.org/web/20231117061038/https://www.senti...
|
| Also do NOT underestimate spear phishing - the social
| engineering aspect is just a Trojan for the actual payload
| which is almost always malicious. Being able to transmit a
| malicious payload without being flagged by an email provider
| or an EDR takes a lot of technical effort.
| aprilthird2021 wrote:
| Ah interesting. I don't know enough about those to know
| what hardware is required. But the bulk of the cases the
| article talks about are phishing.
|
| Not saying they're not smart. The comment implied they have
| advanced tech or hardware that may have been embargoed, but
| the vector of attack is one which can be done without
| those.
___________________________________________________________________
(page generated 2024-12-20 23:02 UTC)