To avoid my comment being entirely a terminology nitpick I will say this is very cool work that I would be too afraid of CFAA to ever attempt. Especially funny to see four parasites on one government domain. Do skiddies not excise other skiddies' backdoors when pwning systems so they can have them all to themselves?
> We then hooked that up to the AWS Route53 API, and just bought them en-masse. Honestly, it’s $20, and we’ve done worse with more.
> We’re incredibly grateful for the support of The Shadowserver Foundation, who have agreed yet again to save us from our own adventures and to take ownership of the domains implicated in this research and sinkhole them.
I wish we could collectively stop using the terms “buy” and “own” with regard to domains. Try “leased” or “rented”. If they could be bought then they wouldn't have been available again for this exercise.
What would buying even mean in this sense? Even countries don't "own" their ccTLDs, but ICANN has made considerable efforts to outline policies that go "we really need to treat ccTLDs like the countries own them to avoid tensions over internet namespaces". That's why most gTLD rules don't apply to ccTLDs.
Countries "own" their ccTLD in the sense that they (or most) have the military prowess to defend their usage of their ccTLD if ICANN, or the servers at root-servers.net, were to stop resolving TLDs appropriately.
All property, physical and digital, is rented if you squint just right.
I'm curious if this is a socialist lament about landlords or a libertarian complaint about governments.
I loved this write up. Light-hearted. Conscious of the impact of any disclosure. Everything substantiated, but not taking themselves too seriously. Enjoying read, and at the same time talking about a serious issue.
Thank you for putting it in words. I felt the same way, both about this and the writeup for their previous .mobi thing. Well explained with plenty of context, no buzzwords, light hearted and cool (while not trying too hard to make themselves sound cool), and plenty of substance with no fluff. A lot of blog posts or security write-ups violate some of these; this is a breath of fresh air.
I also loved the appearance of WordArt, shame they did not do the rainbow one.
Blast from the past seeing h0no mentioned.. Brings me back to days of darpanet/m00/#darknet/dikline
I wonder what would happen if they exploited these webshells' backdoors to delete the webshells...
If you're the FBI (and maybe also have a court order), you can do this [1]. If you're a grey hat hacker in Russia, you can maybe do this [2]. If you're a random person in the US, you're likely exposing yourself to a lot of (CFAA) risk.
As the authors of this post note, they were careful to only receive + log traffic and not otherwise send interesting responses/engage with the webshells.
[1] https://www.malwarebytes.com/blog/news/2024/02/fbi-removes-m...
[2] https://www.zdnet.com/article/a-mysterious-grey-hat-is-patch...
Slightly off topic but what's going on with the font for the "y" character in this article? It sticks out like a sore thumb.
I find this sort of thing bothers me often enough that I've disabled downloadable_fonts. I think of the web as a place where I read things, so custom fonts that hurt readability are undesirable. I get why designers want a unique style, but I rarely want that as an end user.
I think some fonts do this so that they have a distinguishing feature. Fonts seem to be a very saturated market, so this might help being noticed in a crowd of sameness and copycats, and many people don't look at a font otherwise either, even people who use them in designs.
I think the sticking out part is supposed to irritate somewhat, but it still needs to make some sense, like a hot take. I noticed some online personalities use the same strategy with pronunciation, consciously and consistently mispronouncing specific words, play up their accent. Media analysts also recognize verbal tics as a trope, for similar effect.
Back to fonts, another site that I remember using a similar thing is the Genius lyrics site. For a long time, while establishing their presence, they used the square character forms from the Programme font, which you can see on my link. They still use Programme, but use the normal forms for some time now though, presumably, because it was indeed irritating, and it hurt legibility.
It's the font design: https://abcdinamo.com/typefaces/favorit
Wow what is going on with that website.
Looks like the font provides an "alternative y" which looks normal. But the default one has that ugly broken look.
Technically this is a dupe as this has been submitted twice before in the last week
It only counts as a dupe if it received discussion/upvotes last time.
The first link is also watchtwr, but a different post