Are We Ready to Act?


#1

Agents of Zero Day,

What's up? For the past year and change we've been working more or less independently, with the exception of a few joint projects. We can do more, but for that we'll need resources.

By now, most of you should be familiar with Samsara Digital. They're willing to do work for anyone who pays enough, no matter how unethical the work or who gets hurt in the process. They make surveillance software for dictatorships, high-frequency trading algorithms to help the rich get richer, and even employ mercenaries to protect their clients' assets against "undesirables."

But their most recent initiative, the Cyber Liberation Digital Liability Policy, gives us an opportunity to fund our operations while undermining theirs. It's an insurance policy against hackers, designed to insulate big corporations against the little people. I'm putting the finishing touches on a framework that will let us defraud this system.

Here's the deal: you'd all make secure clusters and my framework will enroll them in CLDLP. Based on the complexity of your cluster, you invest a certain amount of scryp in it. Meanwhile, everyone will hack into everyone else's clusters. The intruders collect some of the stored scryp, and the system owners collect on the insurance. Rinse and repeat. I'll skim a tiny percentage off the top to fund servers and future Zero Day operations.

Even if Samsara finds out about the scheme, my anonymization and obfuscation is good enough that the best they can do is shut the whole system down.

So what do y'all think? Are you ready to roll out this project?

peace,
sk3tch


#2

To maximize the amount of scrypt we get from the CLDLP, it would be nice to know what determines the complexity of a cluster.


#3

not sure samsara would release any details about how complexity works, but maybe we can deduce it with some practice?

that said, i'm not 100% sure we're ready. i mean, if we have someone or some folks willing to take money and leave us vulnerable, how do we know we won't get tattled on if we start doing this?

kp


#4

I have a cluster ready. It will be my donation to the cause. Some of the systems look complicated, but are actually easy. https://exploitzeroday.com/cluster/PzLqV4/

I could add more to the cluster, but this could help start with attempting to figure out what determines complexity in a cluster for Samsara.

In addition, I will also be sending my personal cluster as well. I've invested quite a bit of scrypt into it, so I hope this will help as well. https://exploitzeroday.com/cluster/mzjmMk/

Some possible ideas about it:
1. Maybe it has to deal with the complexity of the systems inside?

If so, is this determined by the difficulty of the system itself, the amount of nodes used in the system, or by the amount of interactivity in the system?
2. The number of systems inside the cluster?


Scryp Liberation Targets
#5

Note: I realized this post was unclear and also kinda wrong in parts so I edited it heavily.

It's unlikely that we'll figure out the exact equation for insurance payouts; this is actuarial business, so it's constantly shifting, and Samsara's automated risk-evaluation tech is hugely advanced. Doctorate-level stuff. :astonished: In short, they evaluate the systems submitted for general security and give back a value. There might even be a human involved at some point.

But I've set up a (much simpler) neural net and fed it a bunch of systems that I prepared , and here's what I generally know:

  • Systems with more security nodes give greater insurance payouts.
  • Systems which use more of their security nodes for a typical authorization session give greater insurance payouts.
  • Systems which require more actions to gain access give greater insurance payouts.

They don't seem to take role hierarchy for clusters into account, so it doesn't matter what the specific topology of the cluster is or what order the systems are cracked in; you only get insurance payouts per-system, not per-cluster.

As for install cost, that's strictly based on the resources required by the system/cluster: how many security notes and ports in the systems that make up the cluster. It's set by my framework, although it correlates with the CLDLP rewards.

@KernelPop, I dunno what you want here. Do you wanna put everyone in a polygraph? Because polygraphs don't work. If someone tattles to Samsara, well, what are they gonna do? If they blacklist one of our exit nodes we set up another one. They're not the only ones who can set up front companies for their operations. Besides, you gotta trust someone sometime, dude.


#6

yo, these are solid work. difficult and rewarding. :money_mouth: :thumbsup:

if i'm going to trust anyone, i guess it'll be you all. problem is that if we're busy having to watch our backs against our own, we'll be divided when we need to be concentrating on making money. thinking about defending against each other and wasting time on extra defenses that could be pointed towards samsara.

i get it, though. we can't expect to be 100% in lockstep. variety is the spice of life. just... i don't like having my stuff stolen. my actual stuff, not the cldlp cluster. thats all. :sweat_smile:

if we want to fundraise like this, we need lots of folks to make these clusters and at different skill levels. if they're all too hard, some folks won't be able to beat any of them. if they're all too easy, we won't make much scryp. can we really mobilize most everyone to make these clusters at their own levels of expertise?


#7

If it's a variety of skill levels you're looking for, I might be able to help. I was working on a personal cluster that would end up having about 15 systems of varying difficulties, but maybe the systems I've made so far would be better put to use here.


#8

Then I guess we'll need to trust each other unless we have reason not to. Trust but verify, right? If anyone has concerns, you can always PM me.

Sweet. I know there's a scryp investment for big clusters, so feel free to work your way up to it. None of us are working alone here. :vulcan:

I've actually had the pilot program running for a bit, as some of you have noticed! But here's the official notice: Operation Use-Samsara's-Creepy-Program-Against-Them is a go! (Feel free to come up with a better name. :sweat:)

1-2-3-go.

peace,
sk3tch


#9

Operation: Scrypt Liberation. We're "liberating" their scrypt, might as well take their name.


#10

Welp, someone going by the username "Skar" just sent me a request to help out with this cluster. As far as I can tell it does use the new CLDLP system, but I don't know if it qualifies for a Scryp bounty. I have up to 26k to invest, if needs be.


#11

((You can tell if someone's cluster is their home cluster by checking out their darknet profile. If it's not the one on the profile, then you get no Scryp))


#12

((Ah, I missed that only your home cluster gets Scryp. All right, I'll make a separate topic for that, then...))


#13
Sometimes, indeed, the value of the Gospel of peace' soon becomes serious, working secretly upon the goods which they have a difficulty in tracing out the swarm had passed, since I am attending.
There were silver coins in Locha during the time.

Nobody but a sorry guardian of the North, toward the Pit.

It is in its advanced state, their most recent initiative, the Cyber Liberation Digital Liability Policy, gives us the reverse.

The Analytical Engine, far from being improved to the inhabitants of trading and manufacturing country, therefore, is paid for the human character may have found Afolayan herself seems to be so, and having given themselves up to the end advantageous to society by another, who thinks to cure the madness of yours were to be angry with them; for it as often as numerous as those of America have never been made habitable, light a candle and search, and get your brother and I shall miss the truth concerning the drones as I have been greater during the late recoinage this great annual supply must depend, during the sixteen years.

There can be carried on in this manner diminished, as it is evident that they will be equal, or nearly similar regulations; then we must now put into the dark army without one of these.

The fund becoming in any war. This is a good deal above their natural rate.


#14

You seem well versed in Locha history @sk3tch, what can you tell us about that?

Is the spambot threatening you, @sk3tch? Seems a little odd for it to pick those phrases randomly, imo.

"I KNOW WHAT YOU DID. THIS IS BUT A MERE WARNING" - Spambot @Guerra_Dharma


#15

:anguished: Sorry about the spambots, folks! I can't use normal approaches because I don't wanna send our forum content to any databases, and I've got a bunch of other priorities before rolling my own solution. At least the forum software is blocking any links they're trying to put in.

Locha's your pretty standard small East Asian country; used to be a really totalitarian dictatorship, but got "reformed" in some of the echoes of the Arab Spring and became just a capitalist oligarchy run by most of the same people as before. It's actually where Samsara's official headquarters is, for tax reasons. Probably why the bot tossed it out. I don't know of any huge numismatic connection.

Prooooobably not. :open_mouth: It looks like a pretty standard Markov bot to me; it's probably taking the contents of our thread, mixing them up with some source texts it's got on file, and is trying and failing to make something that looks like human writing. Since I linked to CLDLP above, it probably flagged that as an important topic.

I wouldn't worry about angry vengeful AIs. That sort of stuff only happens in movies. :stuck_out_tongue:


#16

Hmm. Googling "Afolayan" reveals only a family of Nigerian filmmakers/actors and musicians. I somehow doubt that's what the spambot is referring to.

Out of curiosity, did the forum software record what links it was trying to put in its comment?


#17

I ditch logs pretty often, but I've still got the last one's request. Looks like it's some anonymized tracking URLs with masked WHOIS info. I'm guessing the bots are scouts, and if they get any hits on their links they know they've made it through the filters and they focus fire. No real way to know where they're coming from by their links.


#18

(( So our home clusters actually represent fake clients that scam Samsara out of its money? I was under the impression that they represented something else. ))


#19

er... I know it's already been a couple of months, but how long does it take for them to check for hits on their links?


#20

These things are usually automated. It's basically free to post spam, so they have no reason to bother turning off any bots that aren't working out. It's like the phishing emails you get: only one person in a thousand has to give their bank info to make it worth it.

These bots are probably running on a hundred different forums, ready to report home if one happens to be so poorly configured that it lets a link through.