unimportant/software_and_ai/low_value_cyberattacks.html

2025-11-20

Low-value cyberattacks are spray-and-pray

Disclaimer

• Quick Note

Most low value cyberattacks are very spray-and-pray. They are not aimed at specific targets.

• I played around with shodan and censys scans.
  • There's like 20k unsecured webcams. It might be possible to have gpt5 search all the feeds for blackmail material and then either extort money or just generally ruin your political opponent's lives. But these 20k cams are random, so it is unlikely your specific target will be included there.
  • There's atleast 10k machines running older versions of redis and sal instances, possibly poorly configured. Many of them have already been compromised by someone else, so l can't do much here. Some of the compromised machines have crypto miners running, I found some shell scripts.
• I have previously looked into torrents of databases of breached passwords.
  • haveibeenpwned blogs about it and collects all the data in an organised format. But you can just go get the torrents directly. This too is a list of random users with passwords.
• Similarly, whenever a new CVE drops, usually there's news articles on which actors were most badly hit.
  • Again this list is usually a random list, not a specific set of targets someone wanted to hit.

If you're a govt actor like US or Israel, you can do attacks aimed at specific targets.

• You can do so much spray-and-pray that it becomes bulk surveillance and everyone ends up in your dragnet. This can then help you do targeted attacks.
• You can obviously get full access to all the data of tech companies, and can tap all the routers, and tap all the fiber optic cables inside your geopolitical territory. The NSA Prism stuff basically.
• You can pair hacking with esionage. For example, in the specific documents Snowden leaked, there are specific exploits that first require a spy to jump an airgap, insert a usb drive and then only the hack begins. Spies must be willing to risk imprisonment to do this. It is much easier to find people willing to risk imprisonment for you if you're a govt actor, as opposed to a private one.

Subscribe

Enter email or phone number to subscribe. You will receive atmost one update per month

Comment

Enter comment