1. Sends money to a centralized service that can track his account, must share info with Chinese government
2. Forgot to register domain privately
3. Instead of using DES or RSA, he just XOR’d the file with a key he hard coded in the file
4. He apparently left his name a and phone number in the code?
5. When they looked at what servers it was pinging, they were able to gain access because it had not been properly secured
Am I missing anything else?
And those "4-piece sets" are not faked ones. People purchase those from slumdogs who woud like some extra cash and don't know or don't care what happens if their identities are used in criminal activities.
But with 2-5... It's possible that those dumb crooks were too dumb to consider that much and just used an WeChat account registered under their own name.
Scammers often hire innocent agent cash out these accounts. But still with very low success rate.
The WeChat account already been banned. http://www.xinhuanet.com/fortune/2018-12/05/c_1123807970.htm
Now it's time for the police to dig out the real criminal.
A proxy/jumper account might work until (as you said) somebody starting to cash the money out.
Seems a very dumb thief, but again, how do somebody steal money online without been caught now days?
BUT, I almost feel pity for him. Take look the picture of him on the news, look the environment he's living in and how thin he is, pretty rough life I'd say.
I hope hes doing well in prison and become a better man after this. If he can write a virus capable of doing all that, then I think he will also doing well in most companies that does web related works.
Plus, I have read a news article on Wired, I don't think Monero is private enough to against state/police launched attacks?
Consider there are many ways to make money legally, doing something at that level of risk maybe just not worth the trouble.
Just put @omarforgotpwd's name/number/server/doxx into the code and release it really clumsily.
I normally come to the same conclusion when I'm thinking about politics.
For someone who works in this space this would be a simple framing attempt. I give that like one dimension, maybe one and a half. In reality it's probably just a dumb crook or someone doing it for the lulz.
Stuff like that is pretty common I feel for people to use against their enemies. Especially if it was designed to be small and got out of hand.
 a distinction the author was clearly aware of as it claimed DES was used in the ransom note
I'm guessing "close enough" as in "sloppy work"?
here's more context: https://aeon.co/essays/what-chinese-corner-cutting-reveals-a...
Not saying it's what's actually happening here, but it's something that has crossed my mind before about malware - that it would be comparatively easy to lead one or more false trails to shift blame for whatever reason, and I wonder how many pieces of malware have actually managed to pull this off, and pinned the blame on an obvious target, e.g. Chinese government, "russian hackers", etc.
You're overthinking it.
Reads to me like someone writing viruses that doesn't know a thing about writing viruses
someone who infected 100,000 machines knows at least 'a thing' about writing viruses
To use the analogy of an art thief, this is as if he had simply smashed some glass and made a run for it, without dealing with security systems and whatnot. He might make it out the door, but now the museum has him on video, they have his fingerprints, and they're probably going to get the stolen art back.
The world has no shortage of desperate people who will jump at the chance to earn a few bucks "working from home," where they help "hardworking businessmen between banks" move money. Perhaps the excuse is different and culture-specific, but peoples' inclination to look the other way when they think it benefits them is universal.
If that's true then it's kind of like the robin hood of malware.
This would create an interesting spread incentive for the attack: once you are infected and you pay, you can still be reimbursed if you manage to infect someone else. You could even make this into a pyramid where several person's payment go to a parent carrier, and people will even want to be infected quickly to be closer to the top of the pyramid.
Or just use a random previous victim id. Now it becomes a viral non-consensual lottery and you benefit from spreading it.
This criminal mind is going to get me in trouble some day...
Part of the difficulty is fighting greed, as the people that get caught are the ones that push their luck way too far. They're often wildly successful at first with more cautious approaches, but as they get more brazen they end up getting busted.
Although it's a little tricky here, but once you acquired necessary Chinese IDs with debit cards (more than easy), it's not too hard, old people in villages are more than willing to sell theirs for sevral hundred RMB.
As for authorities, oh they are more busy maintaining social stability, if your case(assuming they allow you to register your case since it's obviously a dead end that effects their stats vital for promotion) are lucky enough to be included in an operation couple months later then maybe they can find out which countries these hustlers are at and cases closed.
Never embarrass the powers that be though, 100K PCs and growing daily it's not a small incident.
They are probably receiving the money in different, probably years old, honest accounts. Which the real owner is compromised (e.g. hacked. or being coerced to send the payment out as soon as it is received under threats, etc)
Not seeing this is why developers should not assume they can wear the threat modeler hat.
Also, when you are a B2C like ransonware folks are, it is very hard to make the victim get bitcoins even if their life depends on the data you are holding hostage. Using weechat in china gets them zero attrition.