Anatomy of a Failed (Nation-State?) Attack
41 points by Manishearth
41 points by Manishearth
I'm confused by the title's guess that this might be a nation-state attacker. Nothing seems to require that level of preparation, complexity, etc. in here. I can imagine it being one, but about as likely as any other scenario.
I think it's because sophisticated scams like this are pretty rare because they require a lot of resources. It's easy to notice a sophisticated scam and feel that it might be nation state.
I agree it's almost certainly not a nation state attacker. This type of attack isn't very hard to do anymore.
I swear, the similarity of this attack to the hypothetical I describe in my blog post from a week ago is entirely a coincidence. I picked that attack out of a couple attacks I thought could plausibly dupe a tech-savvy professional as an illustrative example.
While I have noticed an uptick of various sophisticated scams targeted at humans, I was not aware of any ongoing trend of "interview scams".
So it was a bit spooky to learn about this attack.
I got that exact come-on for an interview from a D____ S_____ at Lua Ventures last week. I ignored it like I do almost all recruiter spam. Glad I did!
Are you a Rust person? Major figures in the Rust community have been targeted by Lua, and I'm curious if we know if it's more than just Rust.
I thought we had a submission like this a few days or weeks ago.
Perhaps it was this one https://blog.daviddodda.com/how-i-almost-got-hacked-by-a-job-interview?
I feel there have been several.
It looked like a real email
That's crazy to me. It's so obviously LLM-generated that I'd be suspicious from the second sentence.
That wasn't obvious to me. It just smelled like LinkedIn-speak to me. Which often sounds LLM-generated, but the smells are so similar that I'm not sure I have any capacity to distinguish the two.