It's amazing how quickly people will suddenly throw up their hands and apologise when they know they've been busted. These kinds of apologies always tend to grate on me - after all, the only reason you're suddenly so sorry for what you've done is simply because you don't want to take responsibility for your actions. Right? Doesn't matter what you did, just "come clean" in the lamest way possible and everything will be okay.
Well, things don't always pan out like that.
Take the guy above. I'd been following him around for some time, building up a picture of his online activities, had a very specific writeup planned for him....then bam. At the very last minute, through a curious set of coincidences, I find out he's an extremely well known and prolific Myspace troll.
The thing about trolling, is that it doesn't always matter if you're particularly anonymous or not. Though you can argue crapflooding, board overlays and various other antics constitute a denial of service (and so become a potential felony in the eyes of the law), most of the time, the people responsible get away with it because the service providers don't know how to deal with it.
Our "Punisher" here knows this better than most, whether he's overlaying forums with huge images that take you to the spectacularly unpleasant Timecop hijack, planning out which groups to hit next or just generally being an unpleasant jerk (there's an endless set of examples out there of him being an idiot), it's just harmless fun, right?
However, that's not always the case and many trolls / crapflooders very quickly go way past any sort of reasonable "limit". As an example, there was a rape support forum on Myspace a while ago. Of course, the trolls got wind of it and started to post up pictures of rape. It wasn't too long before the board had to go and a valuable resource was destroyed.
A year on, and the forum is still offline. Happens all the time - rape forums, bi-polar forums, you name it, they get hammered with crap. Myspace, of course, are useless at dealing with it. And so we take to the trenches.
Our "Punisher" guy might have thrown up an "apology" of sorts (though it remains to be seen if he keeps to his word), but that doesn't address the whole story, does it?Not by a long shot.
See, The Punisher - let's call him Niebr_90, because that's the nick he usually goes by - wasn't just involved in forum flooding. He also fancied himself as a bit of a leet hacker.
Oh, right. You forgot to mention that part.
Unfortunately, like so many people who think hacking is cool for five minutes in an attempt to impress random collections of strangers, he didn't do a very good job of covering his tracks. His full name, his date of birth, his photographs (where he claims to be "an ultimate badass"), his IM accounts, his schools, his hometown - hell, even his ISP and his IP address were easy to track down after a while - mainly because some of the sites he hacked posted them up for all to see. More on that later.
It's easy to have a change of heart (or, to be more accurate, crap your pants) at the first sign of trouble. It probably also occurred to him that keeping image galleries of all his prized hacks and cracks might not be a good idea if he just wants people to think he did some "harmless" trolling and flooding.However, I'm not entirely certain what good deleting image galleries will do when the evidence itself is still all over the net.
A bunch of World of Warcraft sites, all defaced with the same wonderful message:
Inventive, eh? At that point, our pal probably decides he needs a change of image. Something bigger. Tougher. Smells of win. He thinks, well, I'm the baddest troll on the Myspace block:
...and so decides to assume the mantle of The Punisher.
As you can see, he's not particularly inventive with regards mixing his hacks up:
....but then, maybe that's because he doesn't actually know what the Hell he's doing.
"Hi, Im a noob!" And you "want to learn ethical hacking"? Hate to break this to you, but you went the wrong way about it. Might want to invest in a dictionary or something. Also, about Google telling you no? You should be thankful, or else you might have left an even bigger paper trail all over the net. Shall we take a look at how he hacked all those sites?
Note the missing image - part of his deletion rampage, more on that later. For now, note that he got the name of the site wrong - it's NOT a .com, it's a .nl. Go looking for the site, and you see the following message posted by the site admin (along with his IP address and ISP which I'm not reposting, already confirmed from other sources. Did someone forget to use a proxy when hacking those sites? I think so!):
"Today our DKP server got hacked. He used a exploit in eqdkp 1.3.1 wich allowed him to gain control over the admin part, where he then deleted all members and dkp standings. I have no idea why someone would find pleasure in deleting game related information but evertheless we lost all data.
I have now upgraded to a new version that prevents these exploits from being called, but the damage to our data is pretty shocking.we lost all:- Raid information over the last 2 years- Drops listings and winnings- Statistics and addons* was able to recover all players and their points
hackers IP adress: IP address: *********** IP address country: United States IP address state: Pennsylvania IP address city: Pittsburgh ISP of this IP: *************** Organization: ************** Host of this IP: ****************** Local Time of this IP country: 2008-02-03 08:00 "
Of course, our idiotic pal likely never stopped to think that he screwed up a whole bunch of stuff, because he was too busy circle jerking with a bunch of losers pretending to be awesome at hacking.
Go breaking into people's websites, you can't complain if they start posting your IP address all over the place. Once again, you just failed at the internet. I'd be surprised if people hadn't already filed abuse complaints.
But what about those deleted images? Well, Niebr had a cleanout of his Punisher album that contained screenshots of all his hacking action. However, it's not exactly difficult to tie him to his oh-so-cool webhacks. Observe:
..again with the "Google is telling me no". But let's jump into a Google Cache snap of the site (which has since been fixed), and...
....whoops. Who wants to bet that he probably didn't hide his IP when hacking all those sites either?Let's turn our attention to how he actually does his hacks.
Remember where he said he "didn't use programs"? No, of course you don't use programs. Also,
...here he is using programs to hack Myspace users. Note that he didn't even make the things.
Above, he's pushing a Myspace cracking tool. So, how's that "ethical hacking" thing holding up? Finally, let's see how he nailed all those World of Warcraft sites:
If you happen to visit the URL he mentions, it looks like this:
....well damn, I'm shocked.And so, at the end, we finish where we started, which is with this:
The school let him keep the computer. However, that doesn't mean our Punishing pal can go back to what he (doesn't) do best. If his crapflooding persona comes back to life, the victims will happily be pointed to this post so they can laugh at how hard he just got pwned.
I'll leave the last word to some of his forum buddies. I couldn't have put it any better myself:
Today, we're going to talk about Joshua. Joshua is a prolific Myspace troll, and a pretty nasty one at that. He positively revels in the destruction he leaves in his wake, and is probably responsible for convincing many, many people to simply give up on the Internet altogether. He also recently went on a leet hax rampage, and managed to catch my attention (I think I've seen nuclear powerstations explode and make less noise). Joshua likes to call himself The Punisher and thinks he's at least as badass as Frank Castle.
I have news for Joshua - Batman eats the Punisher for breakfast.
Yes, that is Batman hurling The Punisher head first into a big pile of crap.
Tomorrow, expect more of the same as we see our Punishing pal become the poster boy for NOT being the worlds greatest troll & hacker combo. I leave you with this tasty burger:
....yeah, I think I will have a shake with those fries.
"You think the way you lives okay, You think posing, Will save the day.You think we don't see that you're running - Better call your boys ....'Cause I'm coming" N.E.R.D., Rock Star
Okay, the meatspin app had some comedy value. I guess. However, it's a short, terrifying ride from "mild pest" to "MUST BE EXTERMINATED". And so it came to pass, that I noticed the creator of the Meatspin program was a major douchebag and needed to be given the old "let's throw him off a cliff" treatment. When someone wanders in front of my crosshairs, I do a quick recon and score them on things such as annoyance, arrogance, asshattery and general "needs to be beaten to death with their own face" marks out of ten.
This guy ticked so many boxes I had to turn the sheet over and add in some new ones. A few examples:
....what? "Not even Norton can protect you"? Oooh, scary. What annoys me here is that this is lifted from that stupid t-shirt - but I can't tell if he's being serious or ironic or something else altogether. I'm tempted to think he's being serious, so bam, there's a black mark right off the bat.
Oh, and that tag line? "Making you cry since 2007"?
....wow, the experience just drips off this guy. Chalk another one up for the beatdown stick.
...tons of crappy applications of a "let's screw with your PC" nature. Worse, many are prefaced with that good old "These are for EDUCATIONAL purposes only, I am not responsible for anything you do with them!!!1112"
Sorry, I'm holding you entirely responsible. Don't like it, cry me a river.
....HAHAHA, yes! That's so awesome! Also,
Biff... Bam... Pow. Welcome to the land of "All my shit has gone south for the winter".
Population: you.
I was going to point and laugh at this guy on MSN for your amusement, but apparently he's too crestfallen to login and hasn't been online for a couple of days. I'd hate to think he tried the hotel thing again and got stuffed into a dumbwaiter, but stranger things have happened.
I love the scene in Ghostbusters where they have to choose what the bringer of the end of the world looks like. I can only imagine our source of entertainment for the day had it in mind when they hit that "send" button.
"Send button", I hear you cry? Well, I get a lot of awesome mails. Some offer me midgets, some offer me pumps that inflate things, some even offer inflatable midgets (minus the pump).
However, nothing could possibly top this, the greatest misdirected missive of all time that came my way a few days ago. I don't know if this is supposed to be an olive branch, an offer of a temporary ceasefire or what but here it is in all its surreal glory:
Bad enough that this idiot cut and pasted the above text from another, entirely unrelated hacking sites' mailshot - even worse that he thought it'd be a good idea to send it to me. If I had to sum up the potential for extreme mischief that such a mail could generate, I think this would be a pretty good summary:
At this point, I'd like to think in some alternate Universe, I embarked upon a glorious journey of hacking and cracking. Of learning about the key elements that make up a hackers mindset. Of understanding that hacking and cracking is an eternal expression of our right to free speech, our will to rage against oppressive Governments and the controlling fantasies of The Man.
Unfortunately, I'm an asshole and eat free speech for breakfast. Lookout kids, because here comes a nuclear powered jackboot from outer space:
"The choice is made! The Traveler has come!"
The thing about nuclear explosions is that a lot of innocent people die in the fallout. Thankfully, none of the following are innocent so let's all point and laugh:
Six Myspace Phishies nailed!
A handful of Cracks smacked!
A pile of Keyloggers kicked in the nuts!
Webpages, shops and a bunch of other generic stuff I simply can't be bothered cutting and pasting in because I'm sick of the image upload interface!
And, as a special finale, one pwned ISP account. How so? Well, someone seems to want to sell you his hacking and cracking tools:
Unfortunately for the Jimmy Hackpants in question, he can't be that bright because he happens to be doing it from his ISP-provided webspace. Selling Matrix Online hacking tools too, eh?
Doh. Not anymore, you're not.
Enjoy dialup, idiot boy.
Or, as I like to put it when playing The Matrix Online (via the fine art of kicking people in the head)....
Last week I came across a site I thought had been hacked - in actual fact, it turned out that the clown who owned the page was just really messy and made it look like a tip.
From there, I came across a whole bunch of phish pages and a leet hax forum for wannabe script kiddies. Of course, everything went pear shaped for the site owner the moment I picked up the phone and made a call, as you'll see (though most definitely NOT in the way you'd expect!)
(Warning: Swears galore, because this guy doesn't know the meaning of "eloquent".)
.....yeah, Little Jimmy Hackpants took a big old kick to the trouser department there, didn't he? Thanks to his mother for being awesome enough to actually go through with this - without a doubt, one of the funniest pieces of pwnage I've taken part in.
Time to exit stage left - I did have a nifty song here, but it was borking the page up for people so instead, enjoy the best damn PC desktop ever.
A while ago, I spanked some kiddies and kept on spanking them till they ran home and cried to mummy. Then I started jumping all over their uber-cool leet rivals till they turned into mushy paste and started bleeding all over the place.
Well, while looking through the random crud on their site, something kept calling out to me.
A collection of stolen logins, passwords, IDs, mails, IP addresses....you name it, there was fun for all the family in there. Could we find out who created those pages and attempt to show them the error of their ways?
At that moment, I knew it was time to break out the beatdown stick one more time and see if I could have some fun.
As it turned out, the fun was plentiful. Jumping back a few directories from the stolen logins, I came across this:
"Please support me and motivate me to steal more accounts for you by signing up at this website CLICK HERE!"
.....oh man, I want to hurt you so badly. If you did indeed "CLICK HERE!" you were presented with this:
....blah-blah-blah. I'm still fuming over his "MOTIVATE ME TO STEAL, YAY!" thing, by the way. Anyhoo, Googling this moron turned up a veritable papertrail of information on this guy. So much so, that I was able to work out the location of one of his other websites that neither he - or any of his pals - ever linked to online. More on that later. For now, let's make a new friend and see what's going through his head:
...not a great deal, as it turns out. Why yes, Mr Random Stranger on the Internet who seems to know everything about me! I most certainly DO create Phish pages to order! At this point, I decided "To Hell with it" and just dropped in his password collection in a wonderfully upfront fashion that should have made alarm bells ring-a-ding-ding in his head.
....congratulations on signing the "I'm an idiot" forms. You'd expect more from a 17 year old, but oh well. Actually, it gets worse - turns out I couldn't cure this guy of "obsessive compulsive brag-about-it" disorder.
...yes, "Kewl!" Thanks, man. You've been a great audience. But now I have to scope out you junk. We already know about his password list site, and it's time to check out his (so he thinks) secret dump of garbage:
...mm, that's a tasty meatball! In amongst the drek, there were more stolen passwords, a weird (presumably "secret", because that seems to be all the rage with this guy) gaming clan, a couple of interesting exploits:
A stupid looking fake login page:
...some other random junk, and a page so irritating it made me want to punch the monitor:
...it's those three annoying faces, animated in a really random, blinking-on-and-off fashion over and over again. Gnaaaaah. Shall we make him a little uneasy? Yeah, let's do it.
...."why" indeed. Oh wait, I do believe he's about to realise he never links to that site, ever...
.....obviously when a guy shows up on your MSN calling himself "Batman", the first thing you do is wonder how he keeps finding your wonderful toys.
Sigh.
I got bored when he asked "How did you find my addy anyway", so with a mild sense of "WTF just happened there" sinking into our newfound pals' brain, off I went to whackjob his lame-o sites. Dropping bomb one....
.....and bomb two....
....I won't bother showing you the rest of the sites nailed, because frankly it gets a bit tedious looking at 404 pages after a while, but the biff-bam-pow went on for some time.
Now, I can't stress enough that this guy was so dumb, he was happily posting up all sorts of information on his sites, profiles, social networking accounts - the kind of information that tends to bite you on the butt when you're indulging in a little cracky-chan.
It's time for an ultimatum, beginning with a phone number and ending with his full name, age and hometown. He didn't guess what the phonenumber was, so I had to help him out:
..."Anime lulz", you're probably wondering? Well, he had a rather hilarious picture of himself on one of his websites. I decided to gimp around with his face for the purposes of this writeup and make it more hilarious.
....see, this is why you shouldn't let me near MS Paint. Shall we continue?
....at that point, he logged out and within a day or so, the rest of his websites were pulled. Of course, the threat of his local police station hanging over him probably helped - mind you, I took the precaution of contacting them a good few days before this conversation took place.
Oh dear, I seem to have failed to mention that to our hacking buddy up there. Whoops. Totally slipped my mind, honest.
It'd be nice to think they teargassed his flat and got to work with some good old fashioned care in the community policing, but for now, this guy has ceased all phish creation and password trading.
First, we had the beatdown stick. Then, we had the comical reactions from the guy running the hacking / cracking / serial numbers site.
Naturally enough, the site came back - which meant an extra special visit from Santa.
At this point, you want to see the latest reaction from the leader of this little community of fools, right? Am I right?
Well, here you go:
....yes, you can indeed "have me arrested" for reporting network abuse and then watching those networks kick you off.
Also, hahaha.
I guess this clown thinks I'm using leet hax to take all these stupid websites down, which pretty much speaks volumes for his attitude in general - the thought obviously never even crossed his mind that he might be getting endlessly shut down because what his little merry band does is, you know, completely illegal.
Ah well. The other humorous thing here is that he's only rambling on about the forum - at this point, he doesn't seem to realise that his precious top level domain (that he used to use for redirections galore) is toast too. Just wait till he sets up another useless forum and tries to log into his domain name admin panel and......bahahahahahaha.
I guess I'll be getting more messages of peace and goodwill via MSN....
...and put a new collection of Admins back in place, one of them is the idiot who was only recently asking for credit card hacks - and the site is already filling up with the same old junk that was there previously. Here's a request for serials:
...and only an hour or so ago....
In addition, it's apparent that Helgi himself is still paying for the forum to keep running:
.....once more, I smell shenanigans.
Websitetoolbox refuse to keep this site dead and buried, and one can only wonder what sort of operation allows this to continue. *removes request to contact Websitetoolbox and open tickets up etc because it's no longer needed*
....also, swears galore. Turn away now if you don't like swears.
Some observations:
1) He is an idiot.
2) I'm "trying to virus him"? Is this where I was all "like bleh"?
3) He "doesn't care" about his site, yet he keeps SEVEN BACKUPS?Truly, my Internet idiot-o-meter just went off the scale. Saying this kid does indeed care would be like Captain Obvious saying someone was falling to their de -
I ask because this appeared on t'Internets late last night, and vanished soon after:
...now, "because cops came" could be his idiotic way of saying OMFG SOMEONE TOOK ALL OUR SITES DOWN, except that he made a more detailed post:
"Yes I was like you, Police came - so I was bleh"??
....wow, I wish I could be all "like bleh" if the police came for me.
However, this raises interesting questions. Did cops indeed come crashing through the windows at 4AM for a bunch of these kids? Seems like an odd thing to say if he's just making it up, but who knows.
Also, hahaha at that "I had fun even though you keylogged me" thing.
Bruce Lee understood that there was no problem on this Earth that could not be solved by repeatedly punching someone in the face until they stopped getting up. With that in mind, I bring you an exercise in repeatedly punching people in the face.
Let us begin by looking at a wonderful missive that caught my eye on a supa-leet hax0ring forum this morning:
.....yes, yes you did.
See, Helgis forum had something of a bitter - and Hell, let's throw in twisted - group of rivals.
...I have no idea why their forum says "X Factor" at the top. I can only imagine someone there has the hots for Simon Cowell and B-rate singers.
They don't like Helgi very much.
...wow, Axxo has issues.
So anyway, their forum. What was it? Well, you guessed it - Helgi-lite, with a bunch of hacking, cracking and phish links all over the place. Here's a cracked version of NOD32:
Here's a bunch of cracked programs up for grabs including Photoshop, Dreamweaver etc:
Some Habbo hacking apps:
A "Date of Birth Brute Forcer":
....and, finally, a ton of stolen username / password combinations. Some mention gaming, some of them give no indication what they're used for.
....call it a hunch, but I don't think this is going to end well for these kids.
Did I mention they didn't like Helgi much? From the FAQ:
.....ouch.
Rather hilariously, they were quick to take credit for "hacking" Helgis forum and taking it over.
Luckily for them, I hate everybody so when I sat down this morning and thought, well, what shall I do today before breakfast? The answer was simple.
Now you see it....
.......and now you don't.
.....like I said......Bruce Lee.
Shall we go pay the owner of the forum a little visit? Helgis equal and opposite number? Sure we will. He wasn't online when I logged into MSN, so I took the liberty of leaving him my calling card:
Shall we jump into their chatroom?
........yeah, you knew it was coming. Now, I'm sure these kids probably aren't too happy about me decimating another one of their little happy-crack communities. They'll likely be back on yet another board somewhere soon. Hell, they're probably already rebuilding somewhere right now and then we can go do this all over again. But the important thing to remember here is.....we'll be waiting ;)
Categories
It's amazing how quickly people will suddenly throw up their hands and apologise when they know they've been busted. These kinds of apologies always tend to grate on me - after all, the only reason you're suddenly so sorry for what you've done is simply because you don't want to take responsibility for your actions. Right? Doesn't matter what you did, just "come clean" in the lamest way possible and everything will be okay.
Inventive, eh? At that point, our pal probably decides he needs a change of image. Something bigger. Tougher. Smells of win. He thinks, well, I'm the baddest troll on the Myspace block:
...and so decides to assume the mantle of The Punisher.
....but then, maybe that's because he doesn't actually know what the Hell he's doing.
"Hi, Im a noob!" And you "want to learn ethical hacking"? Hate to break this to you, but you went the wrong way about it. Might want to invest in a dictionary or something. Also, about Google telling you no? You should be thankful, or else you might have left an even bigger paper trail all over the net. Shall we take a look at how he hacked all those sites?
...here he is using programs to hack Myspace users. Note that he didn't even make the things.
Above, he's pushing a Myspace cracking tool. So, how's that "ethical hacking" thing holding up? Finally, let's see how he nailed all those World of Warcraft sites:
If you happen to visit the URL he mentions, it looks like this:
....well damn, I'm shocked. And so, at the end, we finish where we started, which is with this:
