Rise Up With Fists, Strike Down With Vengeance

For the past week or so, I've been following a bunch of supposedly uber-cool hackers getting their kicks from phishing, social engineering and fake hacking programs. They make money from their scummery and make no attempts to hide their identities. Their ages ranged from 11 to 13 years old.

This kinda wound me up.

I asked if you thought they should be slapped about a bit - the overwhelming vote was cast in favour of "Yes please Mr Internet Nasty Man".

Well, it's time to break out the biff-bam-pow so without further ado, let's get on with it. This particular escapade - there'll be more to follow - was about shutting down sources of income and phishery-pokery. More importantly, it was also about hurling a vague sense of panic and WTF into the happy little scumpit of a world these kids had created for themselves. Nothing works better than a little fear and terror, right?

First of all, I thought I'd kick things off by popping into their leet hax chatroom to outline how things were going to be going down for the evening:

....as you might expect, this was met with confused silence. So far, so good. Then I thought I'd better go get the first Phish page of the night shut down:

...but not before I paid the creator a little visit on MSN. I was going to go for subtlety, mystery, something that would make them stop and think in sheer terror and dread of what the rest of the night would hold.

Instead, I went for a big drawing of a fish. Well, it made me laugh. Time to crack the first skull of the night. This site had been used as storage for stolen passwords since at least the start of November:

....and had a big old pile of passwords lurking within.


.....yes, that last one was mine. And so it came to pass, that less than an hour later, the lollercakes were indeed released with spectacular results:


Those 404 Error / your-phish-base-just-got-bombed are a sight to behold, aren't they? I left him a little clue that his stockpile of stolen accounts just went bye-bye:


.....eheheh. At this point, I went off and nobbled a bunch of other phishing pages - most of which related to MMORPGs - and went to their chat room to put my big, blood stained feet up:


......finally, the penny was starting to drop with some of them. However, I knew some couldn't resist the lure of being asspipes on the internet, and sure enough, one of these idiots had replaced their hosed phish with......another phish, rather stupidly with the same host who already whacked them a few hours earlier.


.....yes, amazing. Not as amazing as your phish page about to go up in smoke for the second time, kid. Check it out, with the aid of some awesome mathematics:

PLUS EQUALS
...yes, the replacement Phish page lasted a total of FOUR MINUTES.

And so it went, back and forth, with me launching a sustained, systematic and simultaneous assault on their phish pages, their domain space, web accounts, ISPs, forums, MSN addresses and chat rings all at once. You name it, for 14 glorious hours I was pounding it. In the face. With a brick.

Some more random canceled accounts / phish pages / whatever:

Biff!

Bam! Pow! Shall we check in at the chatroom again?

....oh God, so much fun. However, now it was time to turn my attention to the ringleader - our pal Helgi. It'd be a major shame if all his crappy hacking programs were removed from Payloadz, right? ....whoops. Hey, it'd be an even bigger shame if I just went and had his entire user account deleted too, wouldn't it?

....remember kids, there's heartless, then there's me. This is probably a good time to check back in at the chatroom:

.....these kids just don't learn, do they? But wait, we ain't done yet. There's toppling them like dominoes, and there's driving the dominoes into the ground with a fifty tons of concrete. Do I spy yet another boob selling crap?

....why yes, I do. And what happens when we see boobs selling crap? First, we hit them with cryptic awesomeness via MSN - I'm going for comic book geekery here:


....then we take it all down, preferably to Chinatown:

Damn, this is so much fun. SO much fun. Shall we see if the kidz in the chatroom are enjoying themselves?


Note that they called me Mister Batman, raising this to all new levels of awesome. I'd laugh at them some more, but right now....

.....I have to take out the trash once again. ....are we making with the biff-bam-pow yet? You bet. These kids just don't know when to give up, do they? Imagine how awesome it was to see this post appear on their forum:


....seconds earlier, he'd just thrown up a new page:

...selling all sorts of dubious junk:

Exactly nine minutes after his forum post....


.....both his redirection URL and his webspace are toast. As Vader would say, all too easy. Oh, I haven't finished with Helgi yet either. Here he is, phishing his own forum members:


...sigh. Good job I took the liberty of hosing all your web accounts - here's a few for the family album:


Remember ye olde phishing thread? Well, some loser posted this:


.....no, you won't use these anymore. I hope you enjoyed all the dead fish pictures though.

There's more, but I think you get the general idea. Eventually, I lost count of how many phish pages, websites, stores, accounts on social networking forums and God knows what else I had taken down in my little rampage.

In the beginning, I don't think they were too happy about it, but as we can see, a little pressure goes a long way (eventually):

I've no doubt a lot of these fools will keep trying to hack and phish and whatever else, but I'll be right there waiting for them while I try and come up with a more permanent solution. For now, the important thing to remember is that for 14 hours, a bunch of scummy kids were crying their eyes out on the Internet.

And that is the true meaning of Christmas. Looks like Batman was right...