Source: am YouTuber, talk to lots of other YouTubers.
But who would ever do such a nefarious things /sarcasm
This misconception is also shared among many russian folks who use term ‘laundering’ when actually they speak about tax theft or just theft through fake middleware companies who convert it to cash and that’s it.
Yes. Supply/Demand. Price discovery. Visibility. And critical mass. They all can make ridiculous valuations.
But back to money laundering: If you consider tax evasion as money laundering too. Then the legit economy is a subset of the money laundering economy.
Tax evasion is huge. Very huge. In the Trillions. Then you have drugs, arms, illegal stuff, governments, international corporations, etc... This huge flow of money will certainly pump to everywhere money runs (App Stores, Games with virtual cash, Crypto, Digital Goods, etc...)
It seems the $40,000 one was an outlier, but still $4000+ is common. Total market volume is in the billions.
The 10% cut of transactions figure ($21m) is based on how much money they'd make if all the items on csgobackpack.net were sold at market value. But the actual fraction of those items which changed hands would be much smaller.
Valve is rolling in money from its cut of transactions but these numbers are misguided.
I imagine a taxonomy of motivations, like the one Larry Harris has in _Trading & Exchanges_. Presumably some people get entertainment value (because surely there is a kick in seeing a game's world modified beyond its normal rules of state mutation); some speculate on price trends (hence the price graph on opskins.com; what are time series graphs for if not to spark idle dreams of avarice), and others getting some sort of utility (i.e., money laundering).
This feeds into the supply and demand component quite heavily, as you can imagine. All secondary effects follow this initial relationship.
Trade volume, or market cap? This is an important distinction. You can't multiply the number of items for sale by the market rate for those items. What you're saying is that people are spending billions on CS:GO items and I don't think that's correct; I think what you mean is that buying all the items at their current market prices would require billions.
For example, this gun https://opskins.com/?loc=shop_view_item&item=498470571 sold 7 times yesterday for $200/pop. That's one item on one site.
This "no auth" was a default choice for MongoDB through at least 2013 (in this case, it helped to find nefarious actions).
For more background, I wrote a three-part MongoDB. These are the notes on auth behavior from the interview with MongoDB's CTO:
> - Defaults: I feel like it’s playing with fire to set bad defaults in a database - with numerous data breaches due to 10gen’s early decisions on authentication, remote login, and encryption (see for example, https://snyk.io/blog/mongodb-hack-and-secure-defaults/ ). For auth, Eliot argues that developers need to take responsibility for exposing MongoDB on public servers - and that the SLA for a self-hosted instance is different than a managed instance (at minimum, I have issues with users having their data exposed to the world through no fault of their own). He disagreed with 10gen’s decision to turn on auth by default in later self-hosted versions once MongoDB ignored remote connections by default (but thought this was the right choice for the managed Atlas service). (But before 2014, the default behavior was no auth - and accepting all remote connections, see https://snyk.io/blog/mongodb-hack-and-secure-defaults/ ; Eliot notes that this took a while because changing the default would have caused issues for existing customers)
( https://news.ycombinator.com/item?id=14804765 )
That’s like selling a car without preinstalled seat belts and then saying it is the responsibility of the driver if they take it on the road like that. It’s technically true, but it’s sort of missing the point.
> I do have concerns when 10gen explicitly targets junior developers ... What [Eliot, MongoDB CTO] says makes sense say 20 years ago, but with 25% of new software engineers coming from coding bootcamps with non-engineering backgrounds, I worry that defaults matter ever more in dev tools (and even seasoned engineers may mess this up, if they’re coming from a database with different defaults). We discussed analogies like seat belt lights versus the responsibility of passengers to know better. He also argued that waiting to get all this right - not just auth - would impact database innovation, while I think there’s a balance that gets us a lot of the low hanging fruit (like security).
If I have to use a vast number of tools, not only can't I be an expert in all of them, I can't even dedicate 5% of my attention to each one of them. Or really, to any of them. Because if I do, then I have nothing left to fulfill my job description. I'd just be curating a list of third party code all day long.
We either need to back away from the 'npm install' model or we need to really start thinking about our libraries as cattle. Which means they all have to behave in a predictable fashion or we cull them from the herd.
You can't have it both ways. We can't use peer pressure to stop people from writing their own (NIH), and then blame the victim when tools behave in surprising ways. The safeties need to be on by default, and only a few things in our lives can be so dangerous that we require special training to use them without killing ourselves. We only have space for a handful.
We need to develop the humility to accept that our module should be boring to the people using it, rather than a special snowflake. Take pride in the utility, not the notoriety.
This is unnecessarily elitist: I’ve seen no difference in security awareness based on anything other than specializing in security, and even then it can be surprisingly blinkered.
But I agree that no matter the program, security best practices are rarely taught.
"Well just don't shoot yourself or the wrong people silly!"
Dude that is not what happens in the real world!
Sell thing where they say "well don't do that" doesn't make much sense in some cases.
Fun fact: one of the bartenders at my old watering hole was playing with the "bar gun", flipping the cylinder closed by flicking his wrist, and shot a round into the wall. Luckily I wasn't there that night because accidental discharges are a beatable offence.
If someone shot a round into a wall at a bar, it would be more than a beatable offence for me.
The two most popular handgun lines in the US, the Glock and the M&P, don't have what a laymen would consider a safety. The Sig P250, of CounterStrike fame, has no safety of any kind whatsoever.
(You should NEVER put your finger on a gun's trigger unless you intend to fire it. This is taught in all good gun safety courses.)
I doubt the original commenter new the difference, and was most likely referring to manual safeties.
There's internal safeties to stop it from discharging if you drop it, but there's no safety to stop you from pulling the trigger and discharging a round.
To me this sounds like the hardware store selling saws, an uneducated consumer coming in and buying one and then going home and cutting their finger off and complaining that the hardware store should sell safer saws.
It's your responsibility to educate yourself on proper and safe operation of your tools.
Most importantly they keep harping on about how Supercell should be doing more to ban accounts that tranfer illicit gems between accounts, or how each gem should have an individual hash so that it could be tracked to the source, etc. Well, given that gems are not and never have been transferrable between accounts in those games, having it be a bannable offense would have no effect at all. And the chain of ownership is always going to be exactly one step long.
(Yes, any game that makes the premium currency or items transferrable is inviting a lot of abuse. It's not just stolen credit cards, it'll also be account hijacks since they'd be very lucrative. Just drain all the victims items before they can recover the account. Optionally you can also buy more items with the victim's already registered CC at the same time. So if a game does support these kinds of transfers, it's good to be deeply suspicious about the motives of the creators. But afaik it's simply not the case for any of the Supercell games that this article talks about.)
And then that table showing the scale of the problem is pretty bizarre. The stated revenue numbers must be off by around a factor of 5. I thought for a moment it was talking about the scale of the abuse they've deteted. But then that'd mean the scammers are using 100M Google accounts to wash 20k credit cards/month. That's too absurd to be true.
There are some interesting ethical debates to be had around stealing credit cards. At the end of the day, who is the thief really hurting? The consumer is inconvenienced at worst. The card companies are insured. The insurance companies already priced the risk into their actuarial models.
The credit card companies probably trip over themselves to give phenomenal offers to be the processor for them.
In addition, who really cares about a chargeback for an online game? Since there is no physical thing that transacted, simply reversing the transaction is quite straightforward.
A significant amount of the time when you call your provider about a dispute (fraud or non-fraud), they will just pay out of their own pocket rather than raise it with Visa/Mastercard/whomever, it's just not worth the risk of being hit with the fees. (Unless they decide it's your fault, in which case they'll tell you to suck it up.)
(I am a developer on the disputes platform for a major bank)
Are you talking about when a customer calls their bank, or when a merchant calls their payment processor? I thought when a chargeback occurs, only the merchant side gets hit with fees?
I don't understand how the laundering part works. There was a similar link posted to an overpriced book on amazon yesterday on HN, which also alluded to money laundering.
So if I understand correctly, the person(s) who want to launder their ill-gotten cash publish an app with an outrageous price, and then by the same app with their ill-gotten money, thereby turning it legitimate (buy way of the app company)?
If yes, then how much money could you possibly launder this way? Won't purchase of the same app a 100 times (if that's even possible) raise suspicion? And even then you've only managed to launder 50 - 100 x 100 = max of 10,000 USD. This is peanuts for the real money launders who would be dealing with millions of $ monthly.
What's the going rate for money laundering? :P
I didn't think this was true, but your statement checks out. Wow!
> "Pablo was earning so much that each year we would write off 10% of the money because the rats would eat it in storage or it would be damaged by water or lost," Escobar wrote.
To be specific, go2.pl, o2.pl, prokonto.pl and tlen.pl are the exact same mail provider - in fact, those domains are aliases for each other after registering. This means that by registering a single time, they get four usable e-mail addresses. Interestingly, the same provider also provides a functionality to get more aliases if you want, but it doesn't seem like criminals used this functionality (the aliases cannot be in those four domains, rather they can be in another list of 18 domains).
Is that of any use to a given gamer, a whole new AppleID?
Does the US DOJ have a history of halting this sort of fraud yet?