Discussion
A Server Operator's Perspective
joegibbs: I think you’re fine, which hacker is going to go to the police about it?
GuinansEyebrows: you just better be sure they initially exploited the only vulnerability they found the first time.
sjducb: There’s a case for allowing digital privateering against countries that routinely allow fraud. For example fraud is 68% of Laos’s GDP.If Laos wants to be taken off the list of permitted targets then it can crack down on fraud. They have effectively allowed digital privateering against us by failing to crack down on fraud.https://www.theguardian.com/technology/2025/dec/02/scam-stat...
alephnerd: The issue is those jurisdictions that have allowed such rot to take hold truly don't care.Both Cambodia and Laos have governments where leadership is directly tied to organized crime, but the PRC has continued to expand their relationships with both because of their strategic position and because their governments directly cooperate with Chinese law enforcement.Similarly, in the threat hunting space, it's been common to find Russian originated malware that would shut itself off if it identified an indicator or signature that implied that the workload was within the CIS.In the same manner, if I were to conduct illicit cyberoperations in a jurisdiction like the UAE but not target the US, India, China, and a couple other jurisdictions with strong ties with the UAE I could operate with impunity.It's the same reason Neville Singham is in Shanghai and Guo Wengui is in New York.
looperhacks: > Legitimate use cases, including security research, web archiving, and search engine crawling, can be distinguished from credential scanning by scope and target: no valid automated process needs to probe arbitrary third-party servers for .env or .git files.What about security researchers scanning for their research? What about scanners that notify you?
