For 1, right now it is still fairly easy to buy "identities" from black market to use with Chinese Internet services. With the so-called "4-piece set" (national ID card, SIM card, debit card linked to a bank account, U-shield (hardware 2FA key for online banking)), one can set up WeChat/Alipay to collect payments without revealing their true identity.
And those "4-piece sets" are not faked ones. People purchase those from slumdogs who woud like some extra cash and don't know or don't care what happens if their identities are used in criminal activities.
But with 2-5... It's possible that those dumb crooks were too dumb to consider that much and just used an WeChat account registered under their own name.
You can buy identities alright, the real challenge is how to cash out the money. The account will likely be locked upon investigation, if not, the moment whoever cash it over the ATM or counter will be arrested on site.
Scammers often hire innocent agent cash out these accounts. But still with very low success rate.
Well, too late to know for that guy, he's already been arrested[0]. Guys on Solidot[1] digged out many interesting things, including one issue he posted on one of he's own GitHub repo saying "Help! How can I delete this repo, I have to run!".
LOL
BUT, I almost feel pity for him. Take look the picture of him on the news[0], look the environment he's living in and how thin he is, pretty rough life I'd say.
I hope hes doing well in prison and become a better man after this. If he can write a virus capable of doing all that, then I think he will also doing well in most companies that does web related works.
For someone who works in this space this would be a simple framing attempt. I give that like one dimension, maybe one and a half. In reality it's probably just a dumb crook or someone doing it for the lulz.
Someone has a bot that scrapes Github for Discord bot tokens and deletes all content in servers it has permissions in and replaces it with info saying X person did it and to "come to his house."
Stuff like that is pretty common I feel for people to use against their enemies. Especially if it was designed to be small and got out of hand.
It could just be a person with some computer knowledge but not really smart enough to do an encrypted attack and if fake ID is as easy as some posters suggest, and they could very quickly and easily with the limited knowledge they had come out with a few thousand dollars then I don't think they were dumb or stupid. It may look stupid given how complex attacks can be these days but so too does the Nigerian Prince email look stupid. But he to this day is still looking for someone to help him with his money.
Also it's entirely possible they purposefully left the files recoverable via XOR instead of DES [1] because all they really care about is getting $16 from you, not punishing you if you don't.
[1] a distinction the author was clearly aware of as it claimed DES was used in the ransom note
Chabuduo - "near enough is good enough". Said when defending a half-assed solution that barely hangs together. Now that I think about it, I see this in codebases all the time.
1. Sends money to a centralized service that can track his account, must share info with Chinese government
2. Forgot to register domain privately
3. Instead of using DES or RSA, he just XOR’d the file with a key he hard coded in the file
4. He apparently left his name a and phone number in the code?
5. When they looked at what servers it was pinging, they were able to gain access because it had not been properly secured
Am I missing anything else?