Categories

BitTorrent
Conferences
Direct Revenue
Julie Amero
Myspace
Podcasts
Postbag
The Big Ones
The Fourth Wall
Yapbrowser
Zango

Creative Commons License
All articles licensed
under a Creative
Commons License.  








Home | About me | Press | The Fourth Wall | Links

Monday, December 10, 2007

Making the World Burn

You've probably been following my writeups regarding this Helgi kid, and his merry crew of hackers and phishers. I dismantled all of their money making scams, forums, web accounts - but one forum refused to budge.

I first reported this forum via live chat on (or around) November 28th. I was thanked for reporting it, but after a day or so, it was still there. I jumped into live chat, and was handed a response similar to what this lady received when she complained about the forum:


.....yikes. Some more back and forth antics commenced, and I submitted a ticket on November 30th. Eventually - December 3rd - I saw this appear on the ticket:

"Hello Christopher,

Thank you for contacting Website Toolbox Support.

I apologize for a delayed response.

Services for the concerned account will soon be suspended.

Thank you,
Rahul Singh"

...."Soon"? Well okay, let's see how long soon is. Apparently, soon is four days. And then, the site was dead for about forty minutes or less before springing back into life. This is what happened next:

chris boyd: Hello, I received the email regarding a website being cancelled - however the site appears to be back online?
Rahul: Well, yes that stands true for now, this guy has asked us for 1 days time to remove all illegal postings and contents from the message board.
Rahul: That is just what we have given him.
Rahul: Failing to do so, we will permanently delete the account.

chris boyd: okay - but as far as im aware, you dont run support over the weekend, so either way the site would still be live until monday?
Rahul: We do not have live support available on weekends, but you can check with me on my email ID, I have sent you a mail from.
chris boyd: okay - so he has until saturday afternoon?
Rahul: Yes.
chris boyd: okay, if there is still illegal content there on saturday afternoon I will catalogue it and send it to you - and you will be able to action the cancellation?
Rahul: Yes, I have been authorized to do so in this case.

So it gets to Saturday and nothing has happened. Nothing has been deleted - indeed, fresh content has been thrown onto the forum of an extremely dubious nature. I submit my email as requested, containing no less than 38 examples of total website nastiness - keyloggers, serials, phishing, hacking tools....oh, and requests for credit card details. From 12 year old kids.

So anyway - back to the Email. A few hours go by, and nothing has happened. I check the forum - and what the Hell? *Every* item I submitted on the ticket has vanished. Could Helgi somehow have managed to decide to delete every single item I submitted (while at the same time failing to clean up all the other hacking threads I didn't submit?)

Something isn't right here.

So I donned my "I'm a sixteen year old kid, lol" disguise and wondered if Helgi would actually fall for me snooping around to see if there had been any outside interference with regards the magical deletion of all those threads. Remember, the site had been brought back because Helgi had volunteered to clean up the forum in a 24 hour period.

Okay, here we go. At this point, I'm just guessing - we need a name to appear or I'm all out of luck.

But as luck would have it....

......I'm the Deadliest Man Alive, so it wasn't an issue. Could I go as far as to obtain a day / time from him with regards when the demand to "delete all this stuff" was made?

.....yeah, I guess I could. Thanks, Helgi. You've been awesome - and I've been spectacular.

So now I've confirmed it. And what do we do when we confirm things, kids? That's right, we wait until 3PM in the afternoon then post this in a live chat support box:

"See Rahul, I have a problem. My website articles are read by 7,000+ people a day. My work is syndicated in major tech press all the time. When I write something, the whole technology world listens and I get interviewed over....and over....and over again.

And in one hour or so, I'm publishing an article on how your company has handled the supposed "takedown" of this website so far:

http://www.websitetoolbox.com/mb/helgib?

and your seeming total reluctance to do something about this. To a large degree, the next action you take will influence the shape of that writeup.

In our last chat, you said "this guy has asked us for 1 days time to remove all illegal postings and contents from the message board. Rahul: That is just what we have given him. Rahul: Failing to do so, we will permanently delete the account".

On satuday, I sent you a list of 38 topics containing phishing, serial numbers and hacking tools because he hadn't deleted the content. Then, mysteriously, ALL of those topics suddenly vanished. Now, there are two problems with this.

The first, is that the 38 links I gave you were NOT the sum total of the illegal content on that board - nor has the site owner done anything to discourage fresh posting of illegal activity. In the last 2 days, people have posted asking for hacked credit card details, skype hacks and MORE hacking programs - in addition to numerous other threads still on the site containing serials, hacks and cracking tools. A clear indication that you have no real idea what these people are doing.

The second, and most serious problem here - is that the site owner DID NOT REMOVE THE FORUM LINKS VOLUNTARILY - YOU TOLD HIM TO REMOVE THEM. I know, because he said so and named you:

http://www.vitalsecurity.org/Rahul_1.jpg

Oh, he also confirmed that you did this on Saturday too:

http://www.vitalsecurity.org/rahul_2.jpg

So you picked up my email, DIDN'T bother to reply back and then contacted the forum owner to *force him* to do something he was never going to do otherwise, purely so he can keep his account running.

In effect, you never had any intention to cancel the forum account because you yourself directly intervened to make him delete the content I reported so he could continue to host with you. This is NOT "the forum owner requesting a day to take down illegal content", this is YOU causing certain forum threads to be removed behind the scenes to make it look like HE did it in his supposed "voluntary 24 hour clean up".

If you had taken no action, neither would he - and material is STILL being posted there regardless which now includes people requesting credit card numbers and hacks.

To an outside observer, you almost look complicit in these activities.

So here it is - you said if there is ANY illegal content still onsite, you would cancel the forum. Not only is there still plenty of illegal content onsite, there is FRESH material being posted in relation to requests for stolen credit card details. They have no intention of stopping.

You said you have been authorised to cancel the site - as there are now requests for hacked credit card details appearing on the site, if you do not cancel it within the next 60 minutes, I am forwarding the information including the screenshots above to the federal authorities, the local CERT for your area and my contacts at your upstream provider, AT&T. Consider that the screenshots I have obtained of your "intervention" behind the scenes to clean up the forum to allow the account to continue, along with the evidence of credit card hacking and trojan spreading will NOT look good with any of the above parties.

You have one hour to delete the forum before I action the above. I'm no longer interested in the so-called "procedures" you supposedly follow to delete a site, because you suspended the site once, and you can do it again - only in light of the continued content posted to that site, nothing less than a full and permanent takedown will suffice."

I then went off to do a Podcast for SCMagazine on the perils of Myspace. Meanwhile, five minutes past 3 and no reply...


Fifteen minutes past 3 and no reply....

I got bored of screenshots while waiting, so let's fast forward to Ten to Four with no reply....

.....is the end for The Goddamn Batman? Well, not really because this appeared at exactly 4:00PM:


......and that, my friends, is how I made the World burn. On the 23rd of November, I promised someone would experience "Smash you with Entire Building-Fu".

Consider it a promise made good.

Labels: , , , , , , , , , , ,

posted by paperghost at 7:13 PM | Digg it!

All Content © Vitalsecurity.org 2006. The content of this site is entirely the opinion of Paperghost, and is in no way endorsed by FaceTime Communications. In other words - have a problem, come see me.