I’ve thought of this, but don’t have the wherewithal to actually make a project come to fruition.

I’m also not a lawyer, but I’ve read multiple articles on this, and it doesn’t seem like any legal violation. Corporation got lazy, didn’t confirm where 10m in royalties went and under what circumstance, and got burned.

Finally a corp gets scammed by the common man.

I say good on him.

Social engineering, arguably, is one of the harder things to learn.

It’s a collection of soft skills, and if you’ve been paying attention to rank and file tech jobs, places are looking for people with soft skills because they’re so impractical to train.

This goes down to your basic help desk tech.

Anyone with an interest in computers can sit down and learn how to analyze and exploit weakness in code. In fact, it’s a fun puzzle. Dealing with other people, let alone establishing oneself as another person and fucking SELLING that character enough to get what you need?

People write off social engineering far too quickly. It’s quick, it’s effective, and if done well, the person you exploited doesn’t even realize they’ve been tricked.

Not just ISPs, it can be blocked at the enterprise level in a few clicks.

I was temping at a place during the pandemic when my hospitality based IT job shuttered. With their set up, I could just block a country in a couple clicks.

I didn’t do the clicking, but we were getting hit with a DDoS from a nation we had no business in, and it was just blocked in a matter of minutes once the meetings and BS were attended to. Those took hours over days.