Last week Qilin ransomware group hit a small time car dealership in the United States. They were like, "nah, that's not shitty and fucked up enough" and proceeded to ransom a cancer treatment center in Japan.
🔥25.1K😢100🤯11🤣9🤔3😇3😎3❤2👍2🤝2👏1
It's time we share some knowledge on the legality of malware in the United States.
We can't speak regarding other countries, but we've had a few recently (also, historically) who have questioned the legality of our website and what we do.
Note: we're not lawyers, but we've consulted with lawyers to make sure we don't do any oopsies
Possessing malware is not illegal. The United States CFAA (Computer Fraud and Abuse Act), which was codified to combat "hacking" or "illegal cyber activity", is vague and doesn't quantify modernized malware well.
1. Possessing, writing, researching, collecting, designing, discussing, archiving malware, etc is not a crime. It does not violate the CFAA. The actions described previously align with goals and ideologies of cyber security researchers, threat intelligence vendors, and students.
2. It IS ILLEGAL to intentionally design, develop, release, or "spread" malicious software with intent to harm others (financially, physically, etc). Additionally, it IS ILLEGAL to knowingly and (depending on context) unknowingly aid and/or abet a person or organization with the design, development, release, or "spread" of malicious software.
tl;dr it's an extremely grey area and you have to "walk the line" so you don't do a whoopsie and catch a felony.
Examples:
👍Tony thinks malware is cool. He collects it online. He password protects the malicious files. He encourages others to review them too.
👎Tony has friends who he suspects are committing cybercrime. They ask him to create infrastructure which can be used to house malware payloads. Tony isn't sure on their intent, but he does it anyway.
👍Tony likes malware research. He shares a cool proof-of-concept which he thinks may be challenging for security software to detect. He open sources it online and encourages collaboration from others.
👎Tony likes malware research. He develops a payload he thinks may be challenging for security software to detect. Tony goes online to shady forums and sells the code to people who may abuse it.
👍Tony receives tips and donations from people for his online malware stuff. People think he is doing cool stuff and want to support him.
👎Tony agrees to host potentially malicious software for others for a fee. He actively tries to hide the payment "paper trail" by accepting payments in Monero.
👍Tony goes onto social media to openly discuss on-going security threats. He discusses victims who may be impacted by a large and evolving security threat.
👎Tony is aware of a large and evolving security threat. Tony speaks privately with criminals and gives them hints and clues to help them hide their presence online.
We can't speak regarding other countries, but we've had a few recently (also, historically) who have questioned the legality of our website and what we do.
Note: we're not lawyers, but we've consulted with lawyers to make sure we don't do any oopsies
Possessing malware is not illegal. The United States CFAA (Computer Fraud and Abuse Act), which was codified to combat "hacking" or "illegal cyber activity", is vague and doesn't quantify modernized malware well.
1. Possessing, writing, researching, collecting, designing, discussing, archiving malware, etc is not a crime. It does not violate the CFAA. The actions described previously align with goals and ideologies of cyber security researchers, threat intelligence vendors, and students.
2. It IS ILLEGAL to intentionally design, develop, release, or "spread" malicious software with intent to harm others (financially, physically, etc). Additionally, it IS ILLEGAL to knowingly and (depending on context) unknowingly aid and/or abet a person or organization with the design, development, release, or "spread" of malicious software.
tl;dr it's an extremely grey area and you have to "walk the line" so you don't do a whoopsie and catch a felony.
Examples:
👍Tony thinks malware is cool. He collects it online. He password protects the malicious files. He encourages others to review them too.
👎Tony has friends who he suspects are committing cybercrime. They ask him to create infrastructure which can be used to house malware payloads. Tony isn't sure on their intent, but he does it anyway.
👍Tony likes malware research. He shares a cool proof-of-concept which he thinks may be challenging for security software to detect. He open sources it online and encourages collaboration from others.
👎Tony likes malware research. He develops a payload he thinks may be challenging for security software to detect. Tony goes online to shady forums and sells the code to people who may abuse it.
👍Tony receives tips and donations from people for his online malware stuff. People think he is doing cool stuff and want to support him.
👎Tony agrees to host potentially malicious software for others for a fee. He actively tries to hide the payment "paper trail" by accepting payments in Monero.
👍Tony goes onto social media to openly discuss on-going security threats. He discusses victims who may be impacted by a large and evolving security threat.
👎Tony is aware of a large and evolving security threat. Tony speaks privately with criminals and gives them hints and clues to help them hide their presence online.
❤126🤓29👍18💯11🫡11👏8❤🔥5😁3🤣2🔥1😢1
vx-underground
It's time we share some knowledge on the legality of malware in the United States. We can't speak regarding other countries, but we've had a few recently (also, historically) who have questioned the legality of our website and what we do. Note: we're not…
Malware is illegal and for nerds
🤓110👍70🤣40❤18👏11💯8😱5🤝4🔥3❤🔥2🤔2
hot take: people with super fancy pc setups with super clean desks arent actually working
if your desk isnt covered in cigarette ash (or vape juice), deodorant sticks, broken electronics, old batteries, pill bottles, and energy drinks — wtf are you doing? browsing youtube?
if your desk isnt covered in cigarette ash (or vape juice), deodorant sticks, broken electronics, old batteries, pill bottles, and energy drinks — wtf are you doing? browsing youtube?
❤152💯38🔥18😁15👍12🤣11❤🔥9🤝8👏7😢1🎉1
vx-underground
hot take: people with super fancy pc setups with super clean desks arent actually working if your desk isnt covered in cigarette ash (or vape juice), deodorant sticks, broken electronics, old batteries, pill bottles, and energy drinks — wtf are you doing?…
current desk setup: old spice deodorant stick (gets hot af in office), broken smoke detector, broken xbox controller, a bunch of pill bottles, vitamin pills, vape coils, vape juice, wires (idk where they go), some lego parts, tape measure (idk why), lens cleaner, unopened mail
❤93😎15🤝9👍6❤🔥5🔥5🤔4👏2😁2😢1🎉1
I don't wanna get too political, but honestly we should treat 32bit ASM as historical, like 16bit ASM.
"It's 2025, show the kids r8 and r9", — 2pac, All Eyez On Me
"It's 2025, show the kids r8 and r9", — 2pac, All Eyez On Me
😁82💯17🤓15👍7😎4🔥3😢2🤝2👏1🎉1
This media is not supported in your browser
VIEW IN TELEGRAM
The visual demonstration illustrating cyber security defense against ransomware
🤣137🫡11👍7❤5🎉2🤝2👏1😱1😢1
vx-underground
Chat, we are cooked. The 90s is considered old now.
Unrelated, someone asked if I remember "September 9th". They didn't even know the correct date as September 11th.
Also, yes.
Also, yes.
🤣153❤11😢9😁4🤔3👍2🤯1
Twitter has been down for a really long time. Probably like, 4 or 5 hours, dunno.
Elon Musk probably fuming that he can't post every 15 minutes.
Elon Musk probably fuming that he can't post every 15 minutes.
😁179🔥21❤15👏6🤣6❤🔥5💯5😢4👍3😎2🤔1
vx-underground
Creating a GUI interface using Visual Basic, see if I can track an IP address
🚨BREAKING🚨
THE X USED IN THE MUSK TWEET ISNT THE SAME X ON THE KEYBOARD. WTF IS THAT WEIRD LOOKING X.
THE X USED IN THE MUSK TWEET ISNT THE SAME X ON THE KEYBOARD. WTF IS THAT WEIRD LOOKING X.
🤯148🤣42😁10🤓9❤7🔥5😱5❤🔥2🤔1🤩1😍1
Elon Musk did an interview today stating the IP addresses in the X cyber attack (?) originated from "the Ukraine area" (???).
This has resulted in many people believing the the Ukrainian government is responsible for the DdoS attack on X
This has resulted in many people believing the the Ukrainian government is responsible for the DdoS attack on X
🤣176🤔17🤯10👏6🤓5😁4👍3❤🔥2😢1🤝1
vx-underground
Elon Musk did an interview today stating the IP addresses in the X cyber attack (?) originated from "the Ukraine area" (???). This has resulted in many people believing the the Ukrainian government is responsible for the DdoS attack on X
Rant / opinion
DdoS attacks can be difficult to attribute especially if it's DdoS-as-a-Service. Additionally, accurate attribution of any offensive cyber operation in mere hours in low.
The likelihood of a state sponsored group performing a DdoS attack on an American social media platform is also extremely low. A DdoS attack wouldn't serve any military objective (or an intelligent one rather).
The broad sweeping statement the DdoS attack came from Ukraine (or the Ukraine area(?), at a moment where many Americans are divided on the Ukraine-Russian conflict, is inflammatory at best, is propaganda at worst. Generally speaking, DFIR needs to performed, external organizations will need to be consulted, you cannot (or rather should not) make a statement regarding the situation at hand while having little to no conclusive evidence for accurate attribution. In other words, an organization typically would not make a statement regarding the origins of an offensive cyber operation without concrete evidence.
tldr sigh, non computer nerds will eat up this crap and spread conspiracy theories and misinformation.
DdoS attacks can be difficult to attribute especially if it's DdoS-as-a-Service. Additionally, accurate attribution of any offensive cyber operation in mere hours in low.
The likelihood of a state sponsored group performing a DdoS attack on an American social media platform is also extremely low. A DdoS attack wouldn't serve any military objective (or an intelligent one rather).
The broad sweeping statement the DdoS attack came from Ukraine (or the Ukraine area(?), at a moment where many Americans are divided on the Ukraine-Russian conflict, is inflammatory at best, is propaganda at worst. Generally speaking, DFIR needs to performed, external organizations will need to be consulted, you cannot (or rather should not) make a statement regarding the situation at hand while having little to no conclusive evidence for accurate attribution. In other words, an organization typically would not make a statement regarding the origins of an offensive cyber operation without concrete evidence.
tldr sigh, non computer nerds will eat up this crap and spread conspiracy theories and misinformation.
👍131💯42🤣32🫡11👏6🤓6😢4❤2🤝2❤🔥1🤔1