Hackers Recruiting Programmers and Developers ??!

[Harkorede]

Firstly the tweet I'll be quoting at the end of this post was sent to me by a friend and I was somewhat surprised at the new trick being used by the hackers and I think it likely would have worked on someone looking for a better pay/upgrade from their current work, and could end up getting into trouble if they become the weak link for a company to fall prey to hackers, and also I believe the tricks and attempts could get more sophisticated in coming years, as I've not read of something like this prior, so I sent the link to my friends in the web and software developing fields, and I said to them that one just can't be careful enough these days.

I literally wouldn't have bothered to bring it here but I saw a response on a thread about an FBI warning on crypto scams as quoted below

So the FBI is warning people concerning cryptocurrency scams. They're only like, what? 5 years late? Thanks Mr. policeman, very cool.

And I felt can there even be enough warnings placed out there that would stop some anyone from eventually falling victim ?, but at the same time If every warning post/news could save at least one person from falling victim, it definitely has served a/it purpose right ?

Hence the twitter thread as quoted below;

the most interesting thing I saw last week was how a group of people that wanted to hack a crypto company put out a job ad, and targeted developers from that company. The developers applied and they took them through a rigorous interview process to make everything look genuine

After the interview, they sent them an offer (with a link) and some of the developers opened it on their work computer and that was how they got access to their system and started the whole hacking process from there.

They did the whole interview charade just to ensure the developers were going to open that link.

Thread Link: https://twitter.com/hemical/status/1549812997052325888?s=20

So, my question here is that in a world where most jobs are rather becoming remote, how many years of experience could have prevented someone from falling victim for these kinds of schemes ? because I also learnt of the possibility of hiring someone who's an experienced Senior Dev to do the Google Meet interview during the interviewing process, while he's literally unaware he's doing a favor for the con artists.

[Yogee]

I learned a new word today "pretexting". I can't help but wonder how they can be creative with their attacks.

You can never be too careful but it's tough to maintain that when you're deperate of something or extremely tired. Intelligent people in the field can also be so lax sometimes and forget about security so yeah you can't give enough warnings.

[Maus0728]

This story is all about the 5 ronin validator nodes of Sky Mavis being hacked, if you find the twitter thread a bit misleading and vague
- https://watcher.guru/news/defi-a-job-interview-paved-the-way-for-ronin-network-hack

But yeah, this hacking event is purely a case of social engineering/phishing, and the fact that even a senior software developer was susceptible to such an attack due to a lack of cyber security training only serves to highlight how weak human factors are.

Also, why is it that the Sky Mavis do not have a protocol to their developers not to open a "work" laptop for personal or unauthorized use?

[cryptoaddictchie]

So, my question here is that in a world where most jobs are rather becoming remote, how many years of experience could have prevented someone from falling victim for these kinds of schemes ? because I also learnt of the possibility of hiring someone who's an experienced Senior Dev to do the Google Meet interview during the interviewing process, while he's literally unaware he's doing a favor for the con artists.

Thats quite possible if especially the developer being hired has a huge offer to set up things they thought are for work but instead used in such criminal activity. But mostly being hired on these kind of scheme are aware that they could be involved in this but of course due to high offer they cant possibly refuse a big cash offer on the table.

[NeuroticFish]

and the fact that even a senior software developer was susceptible to such an attack due to a lack of cyber security training only serves to highlight how weak human factors are.

Also, why is it that the Sky Mavis do not have a protocol to their developers not to open a "work" laptop for personal or unauthorized use?

People are careless. You can train them as you want, in most cases a new scenario will take them off guard again.
I've seen something very smart somewhere, but obviously costly: the people connect to virtual machines and only those are part of the network. The laptops are just machines that can be hacked. The people will most likely open those documents on the laptop, not inside the VM. Problem solved

[Rruchi man]

So, my question here is that in a world where most jobs are rather becoming remote, how many years of experience could have prevented someone from falling victim for these kinds of schemes ?

I don't think is a matter of how long you been in the field that could help you prevent something like this from happening to you, you may have been in the field long enough but have never heard anything or perhaps heard, but don't believe, it doesn't eliminate you from the list of potential targets. Exposure and awareness of this sort of attacks/schemes can help prevent you from being a victim as someone working remotely. if you do not have plenty working experience and exposure it is advisable you link up and gather experience/know the potential risks involved working in your field from people who have been there a while longer than you have.

[Hypnosis00]

So, my question here is that in a world where most jobs are rather becoming remote, how many years of experience could have prevented someone from falling victim for these kinds of schemes ? because I also learnt of the possibility of hiring someone who's an experienced Senior Dev to do the Google Meet interview during the interviewing process, while he's literally unaware he's doing a favor for the con artists.

Perhaps, someone like these people is willing to take a job like this in exchange for a huge amount of money even though they know what it happen to them. In fact, many reports that we have heard about getting caught by the authorities as are also hiring people like them. I would say that some people are hiring them for good reasons just like improving their cyber security while some are for evil intentions. It could be hard to think but honestly, everything we do online we are absolutely prone to things like this and might already be monitored without getting noticed.