It's possible to do this in a staged way -- basically, give me 100k phone number... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		rdl on July 29, 2014 \| parent \| context \| favorite \| on: Free, Worldwide, Encrypted Phone Calls for iPhone It's possible to do this in a staged way -- basically, give me 100k phone numbers, I'll do automated attacks and catch 25-50k of them (old unpatched OSes for which if I had a $5-10mm budget I'd have 0-days ready, phishing, etc.). Then, use the early victims to catch the rest -- hopefully they're admin assistants, HR people, etc. Targeted attacks on the rest. Black bag jobs on the remainder, using legal or extralegal means, based on value of the target. It's not worth bothering to black bag someone who you only want to get the big boss if the big boss is otherwise exploitable. The key is you don't need to have a single exploit which works on 100% of your targets; you can do multiple things.

foobarqux on July 29, 2014 [–]

The cost increases dramatically compared to unencrypted comms. Moreover you risk wasting valuable 0-days on targets that may not be worth it.

rdl on July 29, 2014 | [–]

Plus, risk of alerting the target (which is why targeting hackers is unwise...)

I wasn't arguing against encryption tools, just that serious attackers are plausible threats.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact