Stealing Xbox Codes
Detailed story of Volodymyr Kvashuk, a Microsoft insider who noticed a bug in the company’s internal systems that allowed him to create unlimited Xbox gift cards, and stole $10.1 million before he was caught.
Comments
Etienne • July 5, 2021 7:43 AM
Greed is the enemy of the perfect crime. If he would have just stole a million, he would never have been caught.
Fed.up • July 5, 2021 10:15 AM
There’s more information here. https://www.justice.gov/usao-wdwa/pr/former-microsoft-software-engineer-convicted-18-federal-felonies-stealing-more-10
Microsoft apparently doesn’t have any Anti Money Laundering surveillance system their gift card system as is required by law. I won’t divulge the specific violations identified in this article, but there are many. I hope Treasury / FinCEN noticed.
Given the compromised credentials involved, I cannot help but wonder if people he worked for also didn’t notice/benefit and that’s why he got hired.
Why didn’t Microsoft’s Insider Threat system pick this up? Surely they use Microsoft Dynamics on their employees too which also should have flagged his home address and personal spending as requiring investigation.
Meanwhile Microsoft sells these tools that claim they can identify and prevent insider threat, so their customers allow them to scrape the heck out of their employee’s personal data. But all that does is increase the employer’s vulnerabilities, such as compromised logins and passwords.
Do as I say, not as I do – doesn’t work in real life.
Impossibly Stupid • July 5, 2021 10:48 AM
Given all the red flags the story brings up regarding Kvashuk, the real takeaway here is that Microsoft’s HR department is massively incompetent, and that there are probably hundreds or thousands of other people as bad as this guy working for the company that are in the process of doing similar things, for which they may or may not eventually be busted.
And I’m not even trying to single out Microsoft in that regard. The whole tech industry has been pushing to “fail fast” with a “minimum viable product”. Quality and security are out the door in favor of cost savings in all areas of the supply chain. It’s just been getting worse and worse for at least the last 20 years.
This kind of fraud should not surprise anyone who has been paying attention. Nor should the recent rash of ransomware attacks. I shudder to think where all this goes after the pandemic, given all the stories I’m seeing with companies complaining how hard it is to fill job openings. The paradoxical-but-correct thing to do in this situation is to raise the bar, but I’ve only seen them lowering it, and that just means things will go from bad to worse.
Fed.up • July 5, 2021 11:13 AM
There’s a reason that Bloomberg is publishing this story 3 years after his arrest and 1.5 years after conviction. This story has been covered elsewhere years ago.
Perhaps Bloomberg wants renewed interest on this. They mention this video. Watch carefully for the placard that appears between them. It is in Chinese.
https://m.youtube.com/watch?v=ieQmVRFNmhI
The DOJ conviction posted previously shows compromised credentials were used. Is this another example of an internal Golden SAML attack?
Microsoft supposedly doesn’t rely on passwords internally.
Cybersecurity experts, if they get attribution wrong it can turn into another Iraq. Albeit against a superpower who can hurt us. Don’t accept the media’s nonsense. Dig for truth.
Which countries want to weaken the west? Look for motive. It might not just be one country. Data traveling to India makes land in quite a few “hostile” nations. Follow this maps cables in any direction. Whenever data makes landfall is a point of compromise especially in Asia where encryption is outlawed. https://www.submarinecablemap.com/
Cybersecurity experts aren’t supposed to accept anything at face value.
ADFGVX • July 5, 2021 12:42 PM
@ Fed.up
Cybersecurity experts aren’t supposed to accept anything at face value.
Are you telling me people have jobs, homes, assets, families, they’ve suggested D.O.J./Bloomberg publishes anything but the absolute truth?
Just don’t question the truth of anything put out by that cop shop if you want to stay alive. Is your family still okay?
lurker • July 5, 2021 1:19 PM
D for Risk Management. Say no more.
Clive Robinson • July 5, 2021 1:43 PM
@ ImpossiblyStupid,
It’s just been getting worse and worse for at least the last 20 years.
More like double that 1978 was the year I realised just where things with Micro$haft thus the industry were going… It started with Bill’s “Open Letter” accusing people of stealing from him personally (not true). Then it started to came out that Gate’S and Allan had been in effect stealing the equivalent these days of $900,000 of computer time not just from another company but the US Government, likewise hardware development systems…
But it was what we now call the EULA, that was a guarenteed race to the bottom as always happens in an “unregulated” industry.
When we look back “Cars gave us lemons” through the 50’s&60’s. When the number of deaths and injuries of shoddy engineering done on the cheap could nolonger be ignored, regulation was applied. It acted as the tide that lifted all boats in the industry, the more regulation the better the engineering, the less the deaths and the faster people could go safely, and more efficiently.
Until unfortunatly the crooks decided that using “computers to cheat” was the way to go… Not bright but then short term thinking managment almost always do the dumbest of things, it’s an incompetence they keep pushing one way or another… I guess that’s why neo-con mantra is so popular with them…
But contrary to what many claim, there is no evidence strong regulation is bad for a real market (faux markets like finance… Is another thing altogether). In fact so far on balance strong regulation brings not just better peoducts, it increases the all important stability that users desperately crave, but are not getting (Oh look Win 11 is rushed and apparently not doing well… anyone realy surprised?).
There are reasons why people are still using Win XP and decade and a half old hardware and applications… “They work” and with appropriate care will continue to do so for a decade or so more. In fact if some Open Source efforts have there way the software side will march on for several decades yet.
As I’ve mentioned in the past I still use a 1988 Amstrad PPC640 running MS-DOS 3.3 and “Mirror II” for using the built-in modem. It actually contains a nice little “WordStar Short Cut” compatible text ediror. It fair zips on later 486 hardware, and I also have both GW-Basic and BBC Model B compatible Basic along with various “Turbo-XXX” languages from Borland (WordStar compatible IDE) and WordStar 4.
Recent tests on a new high end laptop running a well known Open Source OS and Emulator / VM runs it all quite nicely…
Yes it’s “old fashioned” but then I’m still supporting software that’s near a third of a century old and chugging along quite nicely running several million dollars of plant equipment… (oh and there is Apple ][ with UCSD P system code that’s even older as well… but lets not talk about that).
It’s got to the point every time I meet up with the owner of the plant I remind him I’ve got “bad health, and what’s he going to do if I croak?” His reply “Your Son’s a fine lad you should be teaching him…”.
Fake • July 5, 2021 1:57 PM
to: Clive,
cc: all,
bcc: impossibly,
I might have it confused, but either someone was talking about a cast iron riveted boiler the other day or I found an old thread here referencing one.
attn: DANGER, VESSEL UNDER EXTREME PRESSURE
Clive Robinson • July 5, 2021 2:19 PM
@ Fake, ALL,
Yes I’ve been known to mention what was the birth of “engineering” from the “artisanal” Victorian boiler makers…
I kind of have a life long interest in industrial archaeology and the surounding anthropology.
What it sadly teaches me is the wheel goes around generation after generation and all that realy changes is who’s body parts get sruck in the treads untill someone says loud enough “Enough is Enough” and legislators sheepishly que up to agree.
Clive Robinson • July 6, 2021 12:19 AM
@ metaschima, Etienne, ALL,
I agree. I don’t understand his plan.
Err that’s probably because he did not have something even aproaching a sensible one, or one at all…
Most criminals do not “plan post robbery” that is often the second reason why they get caught (excess money/life style). The first is they “big it up and flap their gums” and thus tell others (ego) who “turn them in”.
The article does not say so specifically but I suspect “the girl” was very much to blaim for a lot of his behaviour. In that she wanted a certain “life style” not love or even affection. Thus in his mind certainly he had to be a “provider” of a “life style” there was no way he could have the girl without. So he kind of put a spotlight on himself with the car his work colleagues spotted, and investigators could not have missed with even a cursory look at him. Thus he put his head in the noose of his own demise.
But as he’s been mentioned Ed Snowden did think a little ahead, in that he purposefully laid false trails on the data that went in his trove so that investigators would have lots of suspects to investigate / blaim. Thus investigators would have too many to sensibly blaim as being a “conspiracy” thus have too actually go through a more vigorous investigative process, which would have given obvious “tells” by which Ed could know to “cut-n-run”[1].
The suspect in this case sort of tried to do this but did it very badly… But more importantly failed to realise there is a big difference between “taking value” and “cashing value out”.
The value Ed Snowden aquired, he had no intention of “cashing out” for a better life style. Thus he was not as the likes of Aldrich Ames who had a girl with a taste for high living (María del “Rosario” Casas Dupuy). It was Miss Dupuy and finally his life style changes that gave him away. Or
Then there was Robert Hanssen, who was a lot more security concious but realy only between him and the Soviets/Russian’s. He made obvious mistakes that should have got him caught earlier, but the Ames case gave him inadvertant cover. He too had a complicated sex life and as far as we know atleast one woman on the side (a stripper) probably more. Again although quite circumspect in many ways his life style exceeded his means in certain ways that would have been plain to see if he had been investigated.
So whilst a significant unearned income may come your way… How do you “account” for it when you try to live at that higher status?
There are ways but they require rather more care and planning than required to acquire the income by illicit or unlawful activities. They also generally require hard work, which does not often attract the sort of mind that fixates on “easy income”.
As my father told me long ago, it you have the brains to be a successful criminal, you have the brains to earn more money honestly.
Oh and remember “MICE” the old acronym for “Money, Ideology, Compromise, Ego” where by people are “turned” or “turn” into espionage assets. Whilst there are other better names these days they still give the essentials you should look out for. To stick with the past but update for “tribal/religion” issues in asymetric environments it’s sometimes called MICE/RC with the RC standing for “Revenge and Coercion”.
Like all acronyms, it’s been stretched out of shape over the years but a search on the “words” geberally brings up several “opinions” you can mull over such as,
https://www.discernum.com/library/why-do-people-spy
However treat them all with caution, because whilst a “blood feud” (Revenge) might work easily in one part of the world it’s easy to get it wrong in another. That is a disgruntled employee is more likely to be (Ego) driven towards visable status (Money) to rub it in someones face than, slitting that persons throat around the back of the car park (though that is happening more with ethnic criminal gangs).
But the big thing to watch out for are “behaviours” aside from the “Dark Triad” (narcissistic, psychopathic, sadistic) types who appear to just “flip” most people exude warning signs fairly overtly to start off with[2] then become covert before acting for revenge.
True revenge however comes not from attacking, but going around, then looking back and laughing, and talking about them in the past tense. As ammusingly mythically almost apocryphal “Pointy Hair Boss” types, but with authentic and credible warnings to others to learn by[3].
[1] The purpose of “auditing” cuts both ways, it gives investigators venn diagrams of information to work with. But the mear act of pulling audit data provides a signal to those in a position to see it that an investigation has started or is in progress. Similarly with other “resources” investigators need like ICT access, secure office space etc. They are all “tells” to those who know what to keep an eye out for.
[2] It is this “authorised reporting” channel you get heard talked about when those in authority say someone is “not a whistleblower because… they did not go through authorised channels”. The simple fact is the only thing that using those channels will get you is the end of your career, unless you are in effect “ratting out” somebody “on a low ladder rung” for “behaviours”. Again doing so will get your career changed probably negatively in the long run. Oh and if you ever get promoted into “one of those roles” start pushing your C.V. out, it’s not a promotion, it’s either a punishment, or others don’t think you play well, either way you are toast.
[3] Because it shows you’ve learned, grown and moved on, whilst the “pointy hair” type is still the same venal pen pusher / twit, limited by their own cupidity failings, desperate for any tiny status indicator etc… There are actually some quite simple “tests” you can run against people to check their potential “pointy hair” status.
JohnnyS • July 6, 2021 8:33 AM
@ ImpossiblyStupid,
@ Clive Robinson,
Agreed: The “wild west free for all” that has been the tech industry is just begging for regulation. For too long the industry has been peddling insecure garbage for massive profits with no responsibility for the consequences. Now with IoT, ransomware and nation-state hacking threats, we have reached a point where all the insecure garbage that has been peddled is threatening our health, privacy and our very lives.
But there are instances where there has been no regulation at all, and the product has been continually exceptional for many years: One is the Linux kernel, and another is the GNU ecosystem. It’s arguable that most imaginable regulations that would have affected Linux & GNU over their development could only have caused harm or delayed progress. We know why this is: For the Linux kernel there is the “benevolent dictator” Linus Torvalds who took on a leadership role without expecting to make obscene profits and for the GNU tools there is the FSF who took on the stewardship of that system, for ideological reasons instead of profit.
So how do we write a regulation that lets Linus & the FSF be free to innovate and build a terrific product like the Linux/GNU system, but still hold the purveyors of crap (Larry, Bill and Jeff come to mind) to the level of responsibility they should face?. I’m not against capitalism, (far from it!), but this is a case where the problem is caused by pure greed, so how do we penalize that greed while not impeding the brilliant and generous contributions of the FOSS leadership?
I honestly don’t know.
Keith Douglas • July 6, 2021 8:42 AM
Clive’s remark about the market for “lemon” cars in the 1950s makes me wonder: do the computing industries need the equivalent of a Ralph Nader?
Andy • July 6, 2021 9:20 AM
@JohnnyS
How do you both preserve FSF and improve quality? Latest update version is liable for up to 5% of all license sales/recurring revenue for that product. FSF makes it clear that theirs is zero. That’s why they’re giving you the source code.
There should be a big difference though between a small software vendor selling a $50 license for a small product and Microsoft selling hundreds of millions of such EULAs for $50 each. This will incentivise more work into finding and fixing zero-day vulnerabilities.
Fake • July 6, 2021 9:29 AM
Well, better tools may be the best target. Probably regulation the sourcing side. But if we regulate better code (safer) without verifiable sourcing of better (safer) code we may strangle our within-border software companies due to the race condition we’re facing with output times and costs.
Early on, not just anyone could build a car.
Machining is not something one can readily start practicing without a hefty or lucky investment, even then it takes years upon years to learn enough about subtractive processes and it would only cover modifying metallurgy and not even really cover metallurgy or casting as an example.
Software is practically all of that with unfortunately almost none of the entry costs* learning curves** or whatever else the post victorian industrial age Henry Ford advents brought us.
*Entry costs for safer code excluding rust and go and maybe some others would be proofs verifiable coffee auditing and safe[r] compilers and languages, not to mention re-writing large chunks of the existing coffee bar… CODE BASE … our institutions currently rest upon.
**Learning curves, safer languages safer habits safer goals. First to the market is good for your pocket but sometimes it’s bad for your product. While you may have the better product if you’re late to the game your market share will be considerably less, especially if serious bugs don’t pop-up in the first week. See cyberpunk2020 or the new redcoat forum for high visibility problems early on.
These are just my opinions, they are expressions of doubt vs the current state of the state we’re in.
What might be a good comparison,
How fast does an Alfa Romero go?
Would you still get behind the wheel if it was an
Alpha Romero?
What about a Beta Romero?
Impossibly Stupid • July 6, 2021 12:34 PM
@JohnnyS
I’m not against capitalism, (far from it!), but this is a case where the problem is caused by pure greed, so how do we penalize that greed while not impeding the brilliant and generous contributions of the FOSS leadership?
I think a large part of the problem is the push to make things “fire and forget” when the reality is that most things function like an iterated challenge-response conversation. The temptation is to create some law or regulation or rule that will forever solve the problem in question, but there is no “happily ever after” in the real world. To my mind, a system is inherently broken if it merely seeks to punish wrongdoing rather than focussing on fixing the flaw that allowed that bad behavior to occur in the first place.
So I don’t see the greedy for-profit companies as necessarily bad, but I would argue that they should be intrinsically liable when they fail to deliver whatever value-added feature they promised. Same goes for all sorts of processes that should be scientific, but are not. Here we have a story of Microsoft hiring a guy who was not only bad at his job, but was sufficiently mismanaged to the point where he could defraud them out of millions over the span of years. That’s what I call a massively failed hypothesis on the part of their HR department!
Clive is correct when he says it’s been a problem for more than 20 years, too. The problem of power corrupting is ancient. It’s just sad to see large chunks of civilization sliding back to pre-scientific thinking at a time when technology is in control of so much of our world. And as much as I’d like to blame the monopolists at the top who are breaking capitalism, most of the blame rests squarely on the masses that give them the power to do so.
John Tillotson • July 6, 2021 11:21 PM
@ Andy
The problem is that any decent accountant can make sure that the revenue from a particular product is zero or negative, bypassing any fines or penalties based on revenue. See: https://en.wikipedia.org/wiki/Hollywood_accounting
@ Impossibly Stupid
Agreed, too true. Too many nations have let their oligarchs corrupt their democracy. Whether it’s Aldous Huxley or George Orwell, the future looks bleak.
JonKnowsNothing • July 7, 2021 12:30 AM
@ John Tillotson , Andy, All
re: Creative Accounting
The problem is that any decent accountant can make sure that the revenue from a particular product is zero or negative, bypassing any fines or penalties based on revenue.
There are several aspects of “accounting or bookkeeping” that get jumbled.
In the USA only certified persons can be called “CPA Certified Public Accountant”. Other countries have different rules and names.
Anyone doing “accounting” without a CPA, like a MBA (Master of Business Administration) may do the same sort of work but they lack the legal authority for financial reporting aspects.
In the USA, this primarily this lands on the Accounting Standards Statements that accompany financial reports both internally and to required agencies like the SEC (Security Exchange Commission) and the IRS (Internal Revenue Service). Again the rules and titles vary by country.
Each country sets it’s own accounting rules. There are some rules that pretty much everyone agrees with and that’s the Debit and Credit Columns should tally.
- If you put $10 in the pot, you have to show that the money came from “somewhere” like a bank or sale of product or a different pot.
What gets complex is when Laws both Federal, State, Regional and Local alter what goes in which pot. Tax rules are not accounting rules, they are Reporting rules. So for Tax Purposes the $10 pot may be different than the SEC reported pot.
When you are dealing with a lot of zeros, people are willing to pay for moving the shell-pea to a different pot. Countries, regions, zones, cities all vie for the shell-pea game of moving resources from one pot to another.
If the moves are allowed by the legal systems, then Bob’s Your Uncle and you can move the shell-pea around. Such as the off-shoring of money by billionaires. There is no particular patriotic reason why a billionaire should let any government remove funds from their wallet, when those same governments give the billionaires laws just so the billionaires can avoid the government grabbing some their private loots.
In the case of complex business relationships these are more like minesweeper games with landmines marking legal liabilities. The penalty for stepping on a landmine is generally financial although there is some level of magnitude where it crosses into criminal activity. Under the normal course of accounting, there is no method to convert criminal profit into clean profit (money laundering). Any such actions is like standing on a landmine hoping the detonator is faulty.
The number of failed accountants, CPAs and businesses are legion. Once they cross into illegal territory, there is no recovery. The primary issue for the average person is How To Tell. Everyone wants a Free Lunch. Everyone wants a Free car or plane or condo or mansion. Nearly everyone can be enticed by the lure of Free at some point. It’s not Free.
Governments do not run “check book accounting”. This sort of motto is used to imply a certain In and Out method of accounting that individuals use: The Which Check Book as a Balance Today method, followed by Which Credit Card Is Below The Credit Limit method.
Governments set their own rules and laws as to how their government accounting works. It’s a separate specialty in the USA. It’s not intuitive and it’s subject to a great deal of misuse and misdirection and misunderstanding. Historically you can find lots of interesting problems with Funding Wars which is one the primary reasons governments collect money. It’s a prominent pastime of historical monarchs and still retains it’s entertainment value globally. It’s in these same government’s interest to increase the money in their own pot, but they do let a good amount fly off in the warm breeze.
Clive Robinson • July 7, 2021 3:21 AM
@ JonKnowsNothing,
Under the normal course of accounting, there is no method to convert criminal profit into clean profit (money laundering).
Oh if only that were true…
The trick is in “perceived value added”.
Take,
1, Canvas ($10)
2, A set of cheap paints ($10)
3, Take your clothes off
4, Squirt 2 on yourself
5, Roll around on 1
6, Hang 1 in galary
7, Sell for $20,000-100,000
Yes I’ve picked a ludicrous example but this “tart it up and tosh it out” is what real-estate and similar are all about. Basically criminals get in on it, it’s why so many “criminals” in the UK and other parts of Europe have “building firms”.
But any “creative bubble” can be exploited as a way to initially launder some money into the pocket but the rest into rentable assets. That when used with other tax laws enable considerable sums to get laundered tax free.
There is a joke in the EU about which nation state has the greatest econony and GDP etc… It’s that “extra state” of the “black economy” run by criminal enterprise that on more than one occasion has kept financial disaster away from the doors of shall we say the “official states”…
JonKnowsNothing • July 7, 2021 11:24 AM
@ Clive Robinson
re: Money Laundering Schemes
Paint is just one of many.
There are the Real Estate Go-Rounds each topping up the value of a property, it caught one of our former Presidents who managed to escape that scandal only to slide on another.
There is the Extra 10,000 houses for those blue days when 9,999 house do not appeal. Many of the ultra-rich, pay cash for these items because if you pay in cash, there is no bank, no review, no documentation for the paper trail.
Paying in cash is required for some development transactions because they do not fall into the “approved” loan guidelines used in US Banking. If you want to buy a lot, you have to pay in cash or have seller financing because bare land is of little or no value under US Banking Regulations. Buildings, homes, garages, barns those you may be able to get financing on. Development of the infrastructure (well, electricity, driveway, sewer) has to be done with cash because while necessary items for a house or farm, they are not fundable in normal banking. There are specialty lenders that may fund this type of project. These all leave a paper trail.
There are faux companies galore. They have cash from “investors” and if the paper is run around to different countries it can all be legit but it can also be used to clean the toilet. It can trap people who have no idea that the corporation is bogus at the top. Whether you want to include companies that initially were standard fare and later subverted into doing the odd activity depends on who is holding the brief case full of money.
- iirc(badly) The story goes that when the NSA went to visit a particular high profile tech company they brought with them cases full of greenbacks. They set them on the table and before the meeting ended, the cases moved across the table and history was made. It can be certain that the exchange was made legally but perhaps not ethically.
CPA signed Certifications on Financial Statements omit fraud and other illegal activities from their statement of correctness. They do not even look for it or check for it. Whatever is presented is what is signed. Sanity checks on presented data (audit) maybe done if funded by the company itself. In overall scheme the statements mean very little as far as Cash Washing goes.
“Forensic Accounting”, only works when there is some bigger dog involved than that one you are walking. There are lots of big dogs but most are just not interested. Too many fleas.
===
ht tps://en.wikipedia.org/wiki/Forensic_accounting
- Forensic accounting, forensic accountancy or financial forensics is the specialty practice area of accounting that investigates whether firms engage in financial reporting misconduct.
(url fractured to prevent autorun)
JonKnowsNothing • July 7, 2021 7:15 PM
@Clive Robinson, All
When it comes to convoluted enterprises this one, eventually found to be fraudulent was big news in the day. Part of the wiki write up details the extent of SeeNoEvil that was involved before the doors close, again and again and again.
Everyone loves a Garage Startup…
===
ht tps://en.wikipedia.org/wiki/Barry_Minkow
- ZZZZ Best (pronouned ‘Zee Best’) started in his parents’ garage with three employees and four phones.
ht tps://en.wikipedia.org/wiki/Three_wise_monkeys
- Mizaru, who sees no evil, covering his eyes
- Kikazaru, who hears no evil, covering his ears and
- Iwazaru, who speaks no evil, covering his mouth.
ht tps://upload.wikimedia.org/wikipedia/commons/7/74/Oak_Ridge_Wise_Monkeys.jpg
- The Manhattan Project variation
(url fractured to prevent autorun)
Tatütata • July 8, 2021 1:24 AM
When the time came to sell our late mother’s house, we initially went without that sleazy breed called “real estate agents”.
We were having lunch as two unannounced visitors rang the doorbell. The man stayed in the car, a woman came in. They weren’t really that deeply interested in what we had to show, yet were ready to immediately meet the asking price, and then some, but under the condition that the transaction be completed in cash. They spoke with a cliché thick eastern European accent.
We politely declined, and were quite a bit shocked.
Clive Robinson • July 8, 2021 2:51 AM
@ JonKnowsNothing,
When it comes to convoluted enterprises this one, eventually found to be fraudulent was big news in the day.
A case of “Knock three times and the termites crawl out of the woodwork”.
@ Tatütata,
We politely declined, and were quite a bit shocked.
Just be thankful, it was a “buyers market” and they had other opportunities…
Some plans involve aquiring more than 50% of the properties in a given street so they can do both spiral rental increases and spiral value increases. Obviously the more properties they have in that street the more desirable each property they do not own becomes… Some are not patient enough to wait.
Tatütata • July 8, 2021 7:52 AM
Oooooh, I just realized after all these years the point of the game of “Monopoly”. Why would owning three properties of a given colour result in higher rents?
Silly me, it’s all in the name.
The single family home was in a peculiar but advantageous location in neighbourhood which eventually attracted the well-to-do. It wouldn’t have been something about buying the street, more like sitting on the property a couple of years and flip it. But the initial owners had lived in it 40 years, and my parents 45.
I can’t really imagine how the transaction before the notary would have gone through, with the suitcase full of notes, or how the buyers would have met the various transaction taxes and fees.
JonKnowsNothing • July 8, 2021 10:18 AM
@Tatütata
re: Buying property for cash in USA
There are lots of properties sold for cash in the USA. It’s pretty straight forward transaction. Generally a Title Company will handle the setup of the deed transfers and verify that the seller has proper ownership of the house/land/ranch/lot (you would be surprised how many do not).
When the paperwork is ready, the seller brings the money or check to the Title Company Escrow Officer (the one in charged that all conditions have been met) and they have to fill out a form stating the source of the money. They do not have to prove the source but if they dissemble and the funds are illegal they are up for criminal charges. Money can come from friends, gifts, family, savings, etc.
The Escrow Officer will deposit the funds in an Escrow Bank until the funds clear the bank and all the requirements are completed. It takes @5 days to confirm.
Then you meet, sign and the deed ownership is recorded and you get confirmation, and then you get a property tax bill for pro rata taxes.
Start to finish less than 30 days.
Duration of ownership 45+40 years
What that means is the building is of little value unless it’s historical or in historical setting. What it does mean that tearing it down or converting it to a modern dwelling can yield much higher profit margins. This is the basis of House Flipping (USA). You buy an old derelict house in a “so called good neighborhood”. One that’s been consistently lived in but not upgraded. If the structure is still solid, all they do is cosmetic changes. They may face structural changes which pinches their margins a bit. Common flip costs are $50K-80K in cosmetic upgrades: carpet, kitchen, paint.
A great many home owners cannot qualify for a loan to do these sorts of fixer-upper changes, but if you asked them they would have certainly preferred to stay in their house with the new carpet, new paint, new appliances rather than being houseless or worse homeless.
Age, income, pension, property valuation, banking limitations all designed to force older people out of their homes, churning the real estate market, for the profit of someone else.
- If a property falls below a certain valuation, you cannot get any bank loan on it. You may not even get a RE Sales Person to help you sell it because there isn’t enough profit for them. It maybe one reason that vast swaths of US real estate is left derelict and subject to a variety of “legal neglect” and the owners have no recourse to alter this, not yesterday, not today and not likely in the future.
JonKnowsNothing • July 8, 2021 10:43 AM
@Clive
re: Some plans involve acquiring more than 50% of the properties in a given street so they can do both spiral rental increases and spiral value increases.
A not uncommon tactic in the USA is to use government taxation to force a sale. This is usually part of some “Big Deal” with RE or Golf Course or Casino promising to Build N-Houses, Employ-N-Persons, Generate N-City Revenues.
The target area is almost always a low income location because the cost of buying out the properties by legal means is much less than trying to buy out the same space in Beverly Hills.
Developers want large areas to build on. They use a set of 4-6 building plans with alternating orientations (left right flip). Once the crew starts, it’s a cookie cutter build out. Fast. They make a cosmetic change to the front and the buyer can order extra interior changes (carpet color).
The key is cheap purchase, free by city donation is better, and a fast build out, with cash turnover, paying off the suppliers and pocketing the rest.
iirc(badly)
One large developer moved into a rural area with golf course, hotel, housing. They bought up all the farms in the area, except one refused to sell. They had a great location, right on the lake shore and had lived there many years. The house and buildings were in poor state of maintenance because they had little or no income.
Even though the builder offered $K for their property they refused to sell. The builder built the golf course, hotel and houses around them.
They were a tiny pocket of poor in the midst of plenty.
As the area had improved in valuation, the tax assessor (property tax) increased the tax burden on the family. They taxed the old run down farm as if it was an estate. They were forced to sell to pay the tax demand.
After the assessor’s tax was paid, they had very little or nothing left.
It gets worse if the government wants your property for a military base, highway, or leaky pipelines. You can go to jail for refusing to sell.
Anon Accounting • July 9, 2021 12:11 AM
Just as business pro. I’m saying that you guys don’t believe how badly gift vouchers are tracked in most of businesses. It’s almost like they don’t understand that it’s money after all. I’ve seen it over and over again with countless businesses.
The Flower of Marxism • August 4, 2021 11:35 AM
“i’m going to read the article but there is a question: how microsoft failed to notice a 10 MILLION HOLE!!???!”
MSFT made $46bn in revenue this year so … presumably in the margin of error.
Subscribe to comments on this entry
Leave a comment
← Friday Squid Blogging: Best Squid-Related Headline Vulnerability in the Kaspersky Password Manager →
Sidebar photo of Bruce Schneier by Joe MacInnis.
me • July 5, 2021 7:08 AM
i’m going to read the article but there is a question: how microsoft failed to notice a 10 MILLION HOLE!!???!
other example: i played call of duty in the past and they always sell it at 40€-60€ on steam if you want the old version it doesn’t cost less because it’s old, all of the call of duty games are sold at 40-60€ on steam.
i saw some website selling keys at 3€ or something like that, and i always wondered: how is this even possible??!?!?!
i understand that it’s “artificial rarity” because software can be duplicated at no cost so key price is arbitrary but it looked a too big difference…
some time later someone reported a bug in the steam system that allowed people to get keys/games for free, he got payed and the bug has been fixed, i guess that someone was already exploiting this.