|
|
|
|
|
|
by flylib
3627 days ago
|
|
|
I think people on HN are underestimating the tabloid market and previous prices paid for photos https://en.wikipedia.org/wiki/List_of_most_expensive_celebri..., TMZ regularly pays out 5k for photos/videos, selling to them is the hard part and not getting caught in some type of undercover sting during the process is why most people will take the bounty |
|
|
Think about the steps required to acquire and monetize stolen photographs from Facebook accounts. Only a few of those steps involve Facebook vulnerabilities, just like only a few of the steps involving building a software company involve actually writing software.
But in order for that business to work at all, it needs a steady supply of Facebook vulnerabilities; all the work setting up a sales channel for photos, in reconnoitering accounts to figure out which ones to raid for photos, in determining what the prices for photos should be, in scouting out new customers for photos, and most of all providing OPSEC for a ridiculously risky criminal venture, all of it is at a standstill until someone (a) sells them a vulnerability and (b) shows them how to pivot that flaw to acquiring photographs.
Nobody is running that business, ready to receive Facebook CSRFs (or even serverside RCEs) so they can get another few weeks of Facebook photo-snarfing in. One way you know that is that when celebrity photos are stolen in phishing attacks, it's a major news story.
Vulnerabilities that command high prices on the black market do so because they slot into already-existing criminal enterprises. If the enterprise does not yet exist, the vulnerability is worth zero.