Gotta love the shade thrown at KZfaq for hiding the dislikes, and making it easier to post scam/malware videos.

Died a hero volunteering at a children hospital and marked as one of the worse offenders by researchers is something.

The research is good but this is seriously a great way to make an innocent person look guilty if you get ahold of their credentials

fake infostealer log sounds like an great way to frame people

Pedo malware ... OVO team should be shook

It would be trivial to modify the Infostealer data to frame someone as a CSAM consumer, mixed with actual CSAM consumers. An accusation along with the phony evidence can end a person's career and reputation.

I can see only see these types of "research" going down very bad paths. So many ways to maliciously frame someone or taint the infostealer data. The information should be considered worse than worthless to a court, potentially malicious

"Linux is so hard, you have to use the terminal for everything!" Meanwhile, Windows:

Bro brought a Wi-Fi 🍍 on a flight. Bruh

6:20 I've been wondering about that update for ages I was updating a bunch of laptops at work and they just wouldn't do that one update, I had them for hours doing all the others but consistently they'd fail at that one, good to finally know why.

For those wifi access points asking for your e-mail, you can usually just enter garbage data, and it will still happily connect you

That MS update was a bloody pain. I was having to deal loads of windows servers this was failing on and MS expecting an average user to figure this out is stupid!

Ah yes I remember resizing my recovery partition for this update and thinking it was absolutely ridiculous to think the average Jo could manage it.

Had to the partition resizing shenanigans recently. Funny thing is, I had just reinstalled Windows so the partition being small is just the default. Microsoft could do the update entirely automated if they wanted to. Also why on earth the only mechanism an update can communicate what went wrong to the user is a single 32-bit integer. M$ is really throwing windows under the bus

“won’t someone please think of the children?”

I'm positive that these guys are either known to law enforcement or actively working with them. Let's not forget the FBI, Mossad and others have a track record of using CSAM as a means to blackmail politicians

I would say no, that data shouldn't be used, regardless of who it's against or how it was originally acquired. The government should be held to a higher standard than you or I because they have pretty much all of the power. If the government is to use any data, they should absolutely be required to obtain a warrant first. The reasoning is because they will always use everything they can to justify whatever they do even if it means harming innocent citizenry. And in case anyone wants to point out what the targets were doing, having login credentials for a website isn't the same as being guilty especially since you don't know how many were security researchers or detectives trying to stop people from harming children, and on top of all of that, tomorrow's targets may only be guilty of being on a different aisle of the political spectrum.

It does feel like if this sort of information sifting method _was_ done on a regular, ongoing basis, authorities _might_ become disincentivised to go after malware authors.

Here's a reason government should not use the information. All they would need to do would be to set up their own data mining sites or whatever surreptitiously. Then they could scoop up whatever you want to with clean hands. But not really clean. Just like seizing some website and operating it themselves. Personally I think government should never have access to any data like this without a clear warrant.

The power that company has in their hands… in all their logs

It might sound harsh, but I think any "good guy" who chooses to work with kids either for money or as a volunteer should be *heavily scrutinized* to ensure they're not a sex creep.

Dark web info stealers: maybe I don't want to be the bad guy anymore?

The only reason why the pedo thing would be bad is if someone was using someone else's account. Other than that it is fair game as the info is already public in my opinion

Cybercrime is cybercrime even if you don't like the victims.

It's against the law to knowingly buy stolen goods and if brought to court the case will be thrown out.

I’m extremely conflicted On one hand.. I don’t like the fact that the privacy of people have been breached (and I don’t trust any government for that matter).. on the other hand.. it was already breached by hackers and it was utilised for a good cause…

What a power pack this is! Police being clueless about nuance is not unheard of, but there is a real risk of a local journalist who doesn’t ask the right expert and amplify misinformation. I don’t know what to think of the Windows mess, chicken and egg and all, but sharing broad information from a wide scoop with authorities certainly warrants grave concern. Having a registered user on a dark web site is not in itself a crime. Maybe I am wrong about this?

the main problem i can see is that we dont know if the data has been tempered with

That guy volunteering at a children’s hospital fuck… I hope there is a full investigation

Why don't they go after the gangstalkers harassing people into mass murder?

I doubt anyone would object to leaked data being used in this way. But can/should it be used on other crimes (eg fraud)? What about things that aren't crimes (eg adultery)?

Ran into the microsoft update error and saw I had to resize partitions to fix it. I'm not even that technically illiterate but that seemed like way too much just to get a microsoft update to install. Pretty big fail on microsoft's part.

If i’m honest, I wish they didn’t publish the ways they were finding these people. Now they can adapt & we’ll have to find new ways to uncover their crimes.

how can infotstealer know that it wasnt by mistake? Sounds like a malware trying to act nice

Hi Seytonic--quick question. How on earth do these guys' computers not have an antivirus? Wouldn't any basic antivirus catch Vidar?

5:40 yeah no surprise youd be disapointed in AFP's response. over here in australia, we have no clue whats going on when it comes to cyber security (just look at how many databreaches we have had within past 5 years)

Actually Australia's police is spot on, they're not wrong. You just didn't read between the lines. We really shouldn't have provide any email or social media accounts (but unfortunately greedy data-gobbling access point providers try to force us to provide them anyway). That said, I actually never once did a sign up via social, and would never do so unless I can also create a fake throwaway account at the same time. Most of the time (in the UK) they just ask you for data, to which I enter false information, or for a SMS, in which case I disconnect.

Meanwhile google letting bots openly advertise csam content on this platform running rampant

the best way to avoid getting fished is to have a trow away email account. Some thing that has no real info that u care about & that u can just delete when u think it is best to stop using it. Accounts are free to make so why use your main account in situations where all u need it a fast connection to any internet? That would be my suggestion.

if you can catch csam offenders this way, why is/was there a desire to break e2e encryption with clientside scanning microsucks recall or the latest version upload moderation which is the same technique with a different name

Just another reason KZfaq removing dislikes was a bad idea. What a mess. Microsoft smh I'm having to get ready to install a modded version of Windows 11 luckily open sourced, since in 2025 they will stop supporting Windows 10. shameful corporations all around.

You really should provide links to the original source materials/sites you use in your videos!!

Pedobear. That brings back 4chan memories.

I dont skip your ads bro, very informative stuff good work.

So you're saying Indians at Microsoft are helping out indians at call centres? 😂

5:45 I wouldn't call this false because they clarified "such as logging in through an email or social media account." Also I would argue when the portal does ask you to enter an email address, you can enter a fake one. You don't "have" to enter any personal details. If the portal requests any more details than that, it starts to get suspicious.

Brilliant work !!!!

This was a WILD roundup! I didn't consider the ethical ramifications of what Recorded Future did until you asked for our thoughts. Given that the data is already out there, they didn't republish the data, and reported the serious crime, I think it's generally ethical. I am going to read the full writeup, but it would be helpful to put these links in the description so others don't have to search for it.

I think the research is good and interesting. But also would certainly be useful to certain governments looking to unmask political dissidents. Which I'm sure they're already doing.

Awesome security news. Would love more technical stuff like new CVEs. Looking for a channel that replaces the new threat wire cause when snubs left it went from tech news to drama. -_-

Not all heroes wear capes.

2:33 they got doctor disrespect

And… yeah, that’s about what I expected from Microsoft.

Here in Australia free wifi typically doesn't ask you to log into anything but most have a password However they're all rubbish and incredibly slow

3300 is quite a bit but it’s the ones who produce it that’s the main source of the problem.

even the powershell script is useless, if you have for example an older HP Laptop with MBE Partitions, as you can only have 4 of those... So you have your regular partition, an HP Recovery Partition, and annd HP Backup Partition and maybe one more. In that case, you have to manually deleate one of the partitions with privileged rights and let's be real ... if they havn*t given up beforehand, they do now, because "those partition surly are important"

If police can make arrests based on hacked data like that, that means they can just pay a third party to hack someone and release the data.

KZfaq needs to bring back the dislikes. Youre right if people could see the dislikes on that video they could have known that something was up.

Do one of the hackers look like Bubble Bass

supreme as usual bro 👍

Luckily here guest networks aren't that common but free wifi is and I am glad

Would be great if the individuals would take it to an entity thats not consisting of the individuals participating in these acts. Try looking up Matrix.

Says “without hacking them”… okay so how it works, is you get unauthorized access to their computer…

I am not a fan of handing over data like this to law enforcement even if it is done with good intentions. With the amount of records they seem to hold it is just a form of mass surveillance one where the source of the data is shady. Criminals should be caught but this has every potential to hurt innocent people

Since when could you save passwords to tor, shouldn't that be disabled, especially on 'safe' settings? Though, I am surprised at the suggestion of this being a recent thing, law enforcement must have in all likelihood been employing the technique to trace those engaged in 'illegal activities', to both a general and specific case. It is both simple and effecient. But seriously, a built-in password manager for Tor, when was that ever a thing?

Was the wifi hacking setup bought from seytronic? :D Didn't you sell those a while ago?

Microsoft trying to out do sun Microsystems for the longest way to type something extremely basic: invents powershell

WAT?? Free Wifi in the UK wants your email address everytime?? Brexit really did you guys dirty in every way

if you're gonna do illegal stuff on tor, at least don't reuse your facebook email 😂

3:30 lets gooooo

If you want to know the prime of the AFP, they will just tell you to leave a bad place or get over it instead of doing anything.

In germany i have never needed to enter an e-mail to login into a free wifi network

Love from Kashmir

6:05 did it ask you for the password too as in the airplane evil twin?

Well my windows update always failing ool

Since Windows was a concept, computers have been made easier and simpler and more accessible to the average user who knows nothing more than "my password is yw9r73ht and clicking this button while the arrow is over the red and green circle opens google". For the average user to open the command prompt (for dism and sfc) is often too much to handle. What the fuck were they thinking...?

The police agent is correct, I have once seen a wifi hotspot that asked for my e-mail address, but that was not a public one. Real public ones, no...

yeah the info is already out there so you may as well use it.

Apple: User is too baby to have freedom with device. Microsoft: Average can handle most deep computer fixes easy and if they can't, they suck. Linux: $ sudo apt-get install vlc Return :: print=""Wow you suck...""

The levels of brainlessness of that guy on the plane have me scratching my head, you can just set up an evil twin with the internal wifi card on your laptop and it is strong enough to reach the entire plane, so why would you use a portable router or any kind of obviously suspicious device like an external wifi adapter? Bro just set up 2 virtual interfaces and use one to scan, another to deauth the the plane ap and your physical card to set up the evil twin or make as many interfaces as needed for whatever you want

With the security update, I wasn't able to get it to work even after resizing the partition according to Microsoft's instructions... it's a Dell XPS, and seems that dell have done there own thing as far as recovery partitions (plural), so my only easy solution is a fresh install.

I'm unaware of any malware that is good, is right in the name after all, mal, malicious.

You'll never guess what silly thing Microsoft does next. I don't understand how this couldn't just be part of the update process.

All of this information was immediately available to Windows and Google.

I think that problematic Windows Update was just pulled, probably due to this. I reinstalled a laptop and I have not received that problematic update, no matter how many times I click check for updates. It just says I am up to date. Did MS confirm this?!

Bro has p-bear in the thumbnail kek xD

The VPN could have prevented this particular issue as with the VPN the attacker could no longer have the control over how the DNS is resolved by the victims

i say get em bois

Can you link that Microsoft update fix page? I’m not finding it on Google

3300 pdf file info , one of them must have been from 🦉 team. AFP pretty dum. 😂

I don't remember ever entering any personal data to connect to a free Wi-FI , strange. it's just the "i agree to the terms of use" page, maybe it depends on the country you live in.

Couldn’t they just add some kind of pop-up to the updates tab to say “Hey, this update is broken! Please run this script.” and include the script or at least a link to it? And, well, test their updates before rolling them out ig lol irrc the guide they provided is not completely precise on which partitions to modify, mostly due to confusion between terms like OS, System, etc. which differ between the actual partition names and what the guide calls them, so even if someone is tech savvy enough to google it up and figure out they need to manually fix it but not enough to know wtf they are doing in diskpart, they could unintentionally break their pc.

I feel like Its a very good thing its happening but them being the ones doing it is a very bad thing. Im not sure we need even more private companies collecting information about everyone.

Lol. If i see a captive portal I immediately disconnect. Had to connect to only one in my entire lifetime and i’d rather use my phone data to access the internet.

There's a difference between supplying your email address and supplying your actual credentials via some faked log-in page. Pretty sure that's what they meant.

Isn't spreading malware illegal, even if it's for a good cause?

I thought they had patched the Wi-Fi deauth flaw a long time ago.

If they are already illegally hacked is ok to use the data is like saying the cp they use is already filmed so is fine.

You should mention in next video leak of bot tokken's which used PySilion.

I think malware creators/operators should do this themselves.