When I was a teen these types hung out on IRC and even AOL in chatrooms like "progs" to trade credit card numbers. Young people and operational security doesn't exist.
>Young people and operational security doesn't exist.
If I had PII in the systems they have access to I would be concerned. How long until someone gets spear phished or malware is installed on their presumably non-compliant systems? There's a reason why big corps spend significantly on security training for new grads.
It is all fun and games until you think about not only the victims but the possible harm done. Even a loss of a small amount of money can be life changing.
Swatting is just something the morally impaired can relate to better.
Of course, though I got swatted for defacing another group's page and not stealing credit cards.
And honestly I never even used my card stash anyway and I had thousands and thousands-- not because I'm a good person or whatever but because I was paranoid after that. The rush of building a duplicate of LOVE@AOL and then trawling my way through chatrooms and building my email list "Someone liked you, sign into your premium love@AOL account to see who" was too exhilirating to give up for 13-year-old me even if I was essentially tag-and-release phishing.
