Raw LLM Responses

Well, a few things-- Depending on the version the time that the software was live was longer. There may also be a reversible algorithm that could let an attacker narrow down the attack vector a bit. But we can deduce a few things -- 1. From what we've seen connections have been coming in through TV in a "legitimate" fashion (remote control sessions, many victims have said they see the popup when they wake up / etc.) 2. Many victims are saying "3 months ago" "6 months ago" "a year ago" etc. This attack vector doesn't seem to be new, but there may be a new kind of software that evades previous detection / blocking patterns in order to brute force at a much faster rate, and thus discover vulnerable machines faster. It's also possible that this coincides with a larger hacking. The un/pw's were released from the linkedin hacking from years ago, and apparently just started to circulate (HaveIBeenPwned alerted me to it a few weeks ago). Thus password reuse could actually be the root cause here, despite my earlier claim. Email / Password combos could be automated and sent as well. 3. I doubt that the 4 - 10 digit codes are stored server side, but are instead sent a code from the server + that 4 digit code to make some kind of a hash, when the hash matches the 4 digit code + server code, you're in.