• Codeby web-security - Курс "Тестирование Веб-Приложений на проникновение с нуля" от команды codeby. Общая теория, подготовка рабочего окружения, пассивный фазинг и фингерпринт, Активный фаззинг, Уязвимости, Пост-эксплуатация, Инструментальные средства, Social Engeneering и многое другое. Подробнее ...

  • Мобильный клиент нашего форума для Android гаджетов доступен в Google Play Market по этой ссылке. Клиент можно скачать с нашего форума по этой ссылке. Последняя версия МК в нашем телеграм канале вот здесь

What shall we start with? The power of thought

AnnaDavydova

Перевожу для codeby
06.08.2016
88
484
#1
Part 9​

About cheerful money​


all the parts Common Topics
the previous part What shall we start with? The value of breaking eggs


Everybody who read all my articles and those who had tears while hearing modem dialing up, know that Internet was very expensive, wishful and rather necessary at that time.



Below you can see Internet tariffs that used to be.

1521916241763.png



Here I hid the article which in details describes that time and Net. I recommend it greatly.
Для просмотра контента необходимо: Войти или зарегистрироваться


Tariffs are for Moscow residents, for other regions you should double them and for remote regions you should multiply by 3 or 4. Very slow internet for very large money cannot be affordable for everyone, especially for students or young specialists. So it was generated a new greedy idea of taking money from people. The scheme was very simple. In every city there were html chats, a little later, when appeared cable Internet, there were mIRC channels, so called city chat – it was main stream. For example, as in Volgodonsk.


1521916272438.png


Pay attention to the line about IE

1521916300700.png


The main people in the chat were admin, couple of his yes-men (this is the exact word). These were people who were given the right to kick and ban, and they were very pleased with such an opportunity. As a rule, the owner of those chats was the large Internet provider of the city. The admin could operate the chat from work not paying for home dial up or from home having access to the pool at work – so, real freebee. Sometimes admin shared this freebee with yes-men. And those were very happy. The main part of them were students, schoolboys and a few adult men. The oldest people were 35 years old, because if you are older you are like UFO. Internet was bought for students and schoolboys by their parents to study (search for essays, courses, MOM, I’LL STUDY ENGLISH) – at that time all reports, essays and DIPLOMA papers were written per one night. There was even a kind business:

I write diploma papers, essays, a bit later - I write diploma papers, essays NOT FROM INTERNET (more elite service). When entering chat you intrude into conversation about any stuff and when attention was captured, a holy war began, then joined admin, his yes-men and the most interesting started…


After the phrase – admin I fuck*d you, the following utility was launched (I wrote about it before) flooder, mail spammer, with an ability to start DDoS attacks.
Denyo Launch (Antiturk)


1521916326239.png


1521916342013.png


In 90% of cases chat died, attack could be made with ordinary dial up.

Ha-ha-ha


There were 2 features:
1) Internet was not so fast, and if you additionally used proxy then the speed awfully decreased.

2) Proxy’s IP address could be blocked and then you had to spend two or even more hours to find a new quick and good one. The list was published by different sites on IS subject (web hack, antichat, maza, even xakep.ru)

It was dangerous to attack without proxy, but the way out was found. It was in 2004-2006. At the Universities there appeared cable Internet – you can easily enter the University as there were no security cameras (anybody who studied at that time can prove my words). But sometimes there were some difficulties in the form of guard’s requirement to show any certificate (student’s card). For this sake you can buy a certificate at the market and go in and out without any problems. There was one more problem – everybody needed Internet. To meet all the students’ needs it was made a journal where registered name, year of education and time of surfing the internet for 1 hour. The problem was easily settled – in 90% this kind of “bot” was a student who undertook such functions for giving an ability of surfing internet free. Social engineering really worked so sometimes it was necessary to add beer and chocolates.

After all these procedures the list was checked, 2-3 people were chosen, entered chat, DDoS performing then new entering….

Oh, something has broken. Ha-ha-ha. Everybody shouted – WHAT HAPPENED? Admin kept silence and tried to solve the problem (admins at that time were not very smart – if you can install windows, you are great!!!) After 10 minutes using a special phrase you started DDoS attack only for 10 minutes. When returning it was expected that you would be banned by an admin; but that wasn’t a problem at all because the ban could be evaded just using another nickname (at that time your nickname wasn’t linked even to your e-mail).


The purpose of these actions was to show that you were cool.

The task – to draw attention to yourself of those who was interested in hack subject.
DDoS was not clear to most of people, just few understood that only one click is necessary to start it. In this way you may become famous in ordinary users’ eyes.

In the chat (under other nick or your own if it was not banned) also via proxy you could have clever conversations on security subject from your place with a cup of tea and a cake.

After the attack everybody started to complain, but you should look clever, saying that internet is not safe enough using specific terminology; and in this way show that you are in the subject. But once in my private account there were written some messages which started like this – ARE YOU A HACKER?

No, I’m just learning. We were collecting so called army of fans according to the principle – if you were a schoolboy or girl then bye-bye; and if you were a male student of elder years then you were welcome. It took about 2 weeks to make up a group of 15-17 people.

Then there was a show of hacking pages on narod.ru – these pages were prepared beforehand and hack was simply imported with the promise – I’ll teach you later. At this very point it was very important to show your competence and readiness to – I CREATED THE PAGE ON NAROD.RU WITH THE MAIL. CAN YOU HACK IT? That’s why at the very beginning Trojan was sent. At that time there were rather popular LD, rats, Pinch, Xinch (I hid a link to the most often used)

Для просмотра контента необходимо: Войти или зарегистрироваться


1521916368565.png




There were also some self-made private ones that could be bought for $5 or it was possible to make it by your own just reading hacker magazine and using necessary source codes.


There was Trojan (which sent IP address with port number after loading the system and connecting to Internet. Depending on the configurations some other information also might be sent) in an archive together with different things: nukes SMBdie, WinNuke, screenshots, exploits written on C, port scanner and other “necessary” tools. So when one of smart asses asked you: “HACK ME IF YOU CAN”, this Trojan helped to solve a lot of points.
There was also a selection according to the financial situation of a group, namely parents’ places of job and whether some relatives work in state institution.

One very important point, it was necessary to keep all the groups separately. For instance, if a person brought his friend it would be one separate group and if he brought no one, then you had to communicate privately.

And here magic started.

The group was divided into two parts: the first one included those who had a little money and the second one - who had a lot of money (or who had any possession that could be sold).

For the first part Internet was proposed really cheaply. It was possible to get login and password of a large company with unlimited traffic only for $10.

So wherefrom were these login and password?

They were taken from a real contract on the Internet signed in an office.
So one month contract cost $50. An agreement could be made on any person without indicating any address (you could connect to the Internet from anywhere). Sometimes it was found a person who signed this contract.

Thus 10 people out of 15 were included in the first part of a group; 7 out of 10 agreed to buy credentials for $10; the rest got login and password either for free or
Для просмотра контента необходимо: Войти или зарегистрироваться
credit (the calculation is approximate).

$7 * $10 = $70

Taking into account that all of us were hackers the transmission of credentials looked as follows: login and password were sent via SMS (using proxy and Internet) and money was hidden in a secret place inside an envelope.
Then one question was asked: “WHAT TELEPHONE NUMBER WILL YOU USE TO CONNECT TO INTERNET?” It was a very important question as dial-up Internet connection was unpredictable. You could have a very good connection from one number and very bad one from the others. So when you got a number of a subscriber, you could check it in 09 handbook (it was free on those days).


1521916426100.png


And at last you have an address, first and last names of a subscriber + mobile phone number. A person who gave all these data during our conversation didn’t suspect anything.
After 5 or 7 days this person received a call from a private number:

  • Hello, Mr. Ivanov
  • Hello, who is it?
  • Now listen to me very attentively. You have hacked our servers and now you use our Internet from your place which is registered to a following address Kosmosa str. 16, fl. 12. We studied your file and we knew that you were really a good fellow. So let’s have an appointment and decide what to do. Otherwise we’ll have to hand over your file to K department.
  • (Panic is arising)
  • We’ll wait for you today at 6 p.m. on the following address …… If you are late we’ll hand your file over the department tomorrow morning.


And that was all!

1521916452046.png


1521916464370.png


At the meeting a person was waited by people with a special car (as usual it was a car of a native production with tinted windows – at that time such kind of cars inspired so much terror).

From company’s side there were two men of forty who looked very respectable. They proposed the victim to take back seat in a car and started to describe him the situation:

  • Do you aware of whose server you have hacked?
  • I didn’t hack anything!
  • Listen to me, you hacked custom’s server, namely a server of a department which deals with cargo from Germany. And then you used their credentials to connect and surf the Internet. Have you ever heard about a protection from multy-enterance?
  • Sorry, I know nothing about this; I was given these credentials…
  • While you were using Internet the custom simply couldn’t connect to it! You damaged a lot! Do you understand severity of the situation? Here is an application form.

Then the victim was given a paper with custom’s (bank’s; company’s) blank that contained a lot of terrible words, phrases, articles; also there were personal data and address of the victim. When he was frightened enough two men continued the conversation:

  • You will be in prison for 7 years, but if it is you first time then maybe 3 or 4. Do you understand this?
  • I don’t know…..
  • Well. If you manage to find $300 in 7 days then we won’t hand it over to police, because actually we don’t want our authorities to know about it as we will have a lot of problems. State institution, you know. We will contact you in 7 days. Bye!

Then in two or three days all other people from the first part of the group were contacted in the same way.

What about the second part, you may ask?

They were proposed to hack a website of some large company. It was fictitious one, of course. This site was made on a foreign server as if it was bank or company on oil selling. But it was very important to mark that it cooperated with RF.
An attack began with the following words: “So, my friend, you became very clever! Let’s hack a really serious server, leave a line with a word “F*CK OFF” steal some secret files, credit cards’ dumps and access to the bank accounts!”


Before this moment it was necessary to have good relations with this person. You should teach him a lot of different tricks and methods. The simplest way to do it was telling him where he could get Linux distribution (as all hackers worked only via it), put rootkit with a backdoor in this distro and then you had full access to his system (there were a lot of articles about this topic). It was really easy to do it because the person trusted you and didn’t know anything.

And at an appointed time the company’s server attack started. I want to remind you that the server belonged to those who were making a fraud; thus the server was hacked in an hour but only with a help of the victim. He was fully involved in a process so he felt like a real hacker. By the way, deface was a part of victim’s job as well as downloading the server’s data. As a bonus he can explore the server via phpshell.



1521916627902.png


Only two weeks ago he was no one…..


But now….

1521916669709.png


Here came the culmination. Having an access to the victim’s system, he was redirected to another address where he could see the following information: his real IP, a lot of terrible words and phrases and a special service logo.
Victim began to write something to private chat in panic. Fear and horror. Then he was told to keep silence and not to tell anyone about it.
What came next?



1) The person was proposed to meet with a lawyer, who had really good ties in necessary field. And while request was coming from abroad the lawyer would have time to build a good defense. This lawyer took all the information about the victim of course. The catchphrase of a lawyer was: “I DON’T KNOW WHO GAVE YOU MY TELEPHONE NUMBER BUT IF HE HAD IT THEN HE SHOULD BE A VERY IMPORTANT PERSON”. At the meeting the lawyer spoke a lot about criminal articles, extradition, possible penalties etc. Lawyer’s services cost $1000 with a discount, of course.


2) In a few days after a meeting, the victim was contacted by representatives of a state institution. They were making an appointment. Try to guess what person the victim contacted first? Right you are! It was a lawyer. He told the victim: “DON’T GO ANYWHERE, WE’LL SOLVE THE PROBLEM“. After some time a lawyer called the victim back and invited him to an appointment that took place on a neutral ground under his guard. It was necessary to come to that place because otherwise a riot squad could visit your place.



3) The meeting. The same men that were described in a previous case plus lawyer. First a short conversation took place with presenting some documents and arrest warrant. Then the victim was involved in these “negotiations” for a very short time after which a private talk of a lawyer and “representatives” occurred in a car. So here came a verdict - $500 to these gentlemen and they would forget about the case, while the lawyer would be preparing all necessary documents to make this case fell apart. The victim even had not to do anything. And the total price was $1500.
1521916691000.png


And people really managed to find necessary sum of money. First they sold their computers, took all their savings, asked parents and grandparents for money. There was a cover story to avoid any suspect. The hacker continued to help the victim and advised him to tell everybody that he was buying a foreign-made car, namely Opel, BMW or an old Mercedes, to restore it. And he really bought it. It was real rubbish but it cost only $100-$150; while everyone was told a required sum of money ($1500).

I can’t say that it was a purely hacker’s method but all of us wanted easy money to buy a new hardware. Thus we resorted to various tricks, including fraud.


Taken from С чего начать свой путь? Сила мысли
 
Вверх Снизу