The Penny Finally Drops

So a few days ago, I find the following comment sitting in the moderation pile:


I think I speak for the entire population of the Internet when I say:

Hahaha.

Hack and Scream - Headshot

As long as it takes, I will keep beating that forum into the ground until it is no more. The site is currently down - thanks to all who submitted a ticket, sent an email, jumped into live chat.

Check it out - his account hasn't just been "suspended" this time - he's been deleted altogether according to the screenshot.

Some more info here.

People power, man. It's the greatest.

A Call to Arms

Amazingly - or, should I say, not so amazingly - Helgis old website has come back to life.

Though Helgi claims to have "left forever":

...and put a new collection of Admins back in place, one of them is the idiot who was only recently asking for credit card hacks - and the site is already filling up with the same old junk that was there previously. Here's a request for serials:

...and only an hour or so ago....


In addition, it's apparent that Helgi himself is still paying for the forum to keep running:


.....once more, I smell shenanigans.

Websitetoolbox refuse to keep this site dead and buried, and one can only wonder what sort of operation allows this to continue.

*removes request to contact Websitetoolbox and open tickets up etc because it's no longer needed*

/ UPDATE - Site is down. Nice work ;)

Did the cops bust up some chops?

I ask because this appeared on t'Internets late last night, and vanished soon after:


...now, "because cops came" could be his idiotic way of saying OMFG SOMEONE TOOK ALL OUR SITES DOWN, except that he made a more detailed post:



"Yes I was like you, Police came - so I was bleh"??

....wow, I wish I could be all "like bleh" if the police came for me.

However, this raises interesting questions. Did cops indeed come crashing through the windows at 4AM for a bunch of these kids? Seems like an odd thing to say if he's just making it up, but who knows.

Also, hahaha at that "I had fun even though you keylogged me" thing.

Making the World Burn

You've probably been following my writeups regarding this Helgi kid, and his merry crew of hackers and phishers. I dismantled all of their money making scams, forums, web accounts - but one forum refused to budge.

I first reported this forum via live chat on (or around) November 28th. I was thanked for reporting it, but after a day or so, it was still there. I jumped into live chat, and was handed a response similar to what this lady received when she complained about the forum:


.....yikes. Some more back and forth antics commenced, and I submitted a ticket on November 30th. Eventually - December 3rd - I saw this appear on the ticket:

"Hello Christopher,

Thank you for contacting Website Toolbox Support.

I apologize for a delayed response.

Services for the concerned account will soon be suspended.

Thank you,
Rahul Singh"

...."Soon"? Well okay, let's see how long soon is. Apparently, soon is four days. And then, the site was dead for about forty minutes or less before springing back into life. This is what happened next:

chris boyd: Hello, I received the email regarding a website being cancelled - however the site appears to be back online?
Rahul: Well, yes that stands true for now, this guy has asked us for 1 days time to remove all illegal postings and contents from the message board.
Rahul: That is just what we have given him.
Rahul: Failing to do so, we will permanently delete the account.

chris boyd: okay - but as far as im aware, you dont run support over the weekend, so either way the site would still be live until monday?
Rahul: We do not have live support available on weekends, but you can check with me on my email ID, I have sent you a mail from.
chris boyd: okay - so he has until saturday afternoon?
Rahul: Yes.
chris boyd: okay, if there is still illegal content there on saturday afternoon I will catalogue it and send it to you - and you will be able to action the cancellation?
Rahul: Yes, I have been authorized to do so in this case.

So it gets to Saturday and nothing has happened. Nothing has been deleted - indeed, fresh content has been thrown onto the forum of an extremely dubious nature. I submit my email as requested, containing no less than 38 examples of total website nastiness - keyloggers, serials, phishing, hacking tools....oh, and requests for credit card details. From 12 year old kids.

So anyway - back to the Email. A few hours go by, and nothing has happened. I check the forum - and what the Hell? *Every* item I submitted on the ticket has vanished. Could Helgi somehow have managed to decide to delete every single item I submitted (while at the same time failing to clean up all the other hacking threads I didn't submit?)

Something isn't right here.

So I donned my "I'm a sixteen year old kid, lol" disguise and wondered if Helgi would actually fall for me snooping around to see if there had been any outside interference with regards the magical deletion of all those threads. Remember, the site had been brought back because Helgi had volunteered to clean up the forum in a 24 hour period.

Okay, here we go. At this point, I'm just guessing - we need a name to appear or I'm all out of luck.

But as luck would have it....

......I'm the Deadliest Man Alive, so it wasn't an issue. Could I go as far as to obtain a day / time from him with regards when the demand to "delete all this stuff" was made?

.....yeah, I guess I could. Thanks, Helgi. You've been awesome - and I've been spectacular.

So now I've confirmed it. And what do we do when we confirm things, kids? That's right, we wait until 3PM in the afternoon then post this in a live chat support box:

"See Rahul, I have a problem. My website articles are read by 7,000+ people a day. My work is syndicated in major tech press all the time. When I write something, the whole technology world listens and I get interviewed over....and over....and over again.

And in one hour or so, I'm publishing an article on how your company has handled the supposed "takedown" of this website so far:

http://www.websitetoolbox.com/mb/helgib?

and your seeming total reluctance to do something about this. To a large degree, the next action you take will influence the shape of that writeup.

In our last chat, you said "this guy has asked us for 1 days time to remove all illegal postings and contents from the message board. Rahul: That is just what we have given him. Rahul: Failing to do so, we will permanently delete the account".

On satuday, I sent you a list of 38 topics containing phishing, serial numbers and hacking tools because he hadn't deleted the content. Then, mysteriously, ALL of those topics suddenly vanished. Now, there are two problems with this.

The first, is that the 38 links I gave you were NOT the sum total of the illegal content on that board - nor has the site owner done anything to discourage fresh posting of illegal activity. In the last 2 days, people have posted asking for hacked credit card details, skype hacks and MORE hacking programs - in addition to numerous other threads still on the site containing serials, hacks and cracking tools. A clear indication that you have no real idea what these people are doing.

The second, and most serious problem here - is that the site owner DID NOT REMOVE THE FORUM LINKS VOLUNTARILY - YOU TOLD HIM TO REMOVE THEM. I know, because he said so and named you:

http://www.vitalsecurity.org/Rahul_1.jpg

Oh, he also confirmed that you did this on Saturday too:

http://www.vitalsecurity.org/rahul_2.jpg

So you picked up my email, DIDN'T bother to reply back and then contacted the forum owner to *force him* to do something he was never going to do otherwise, purely so he can keep his account running.

In effect, you never had any intention to cancel the forum account because you yourself directly intervened to make him delete the content I reported so he could continue to host with you. This is NOT "the forum owner requesting a day to take down illegal content", this is YOU causing certain forum threads to be removed behind the scenes to make it look like HE did it in his supposed "voluntary 24 hour clean up".

If you had taken no action, neither would he - and material is STILL being posted there regardless which now includes people requesting credit card numbers and hacks.

To an outside observer, you almost look complicit in these activities.

So here it is - you said if there is ANY illegal content still onsite, you would cancel the forum. Not only is there still plenty of illegal content onsite, there is FRESH material being posted in relation to requests for stolen credit card details. They have no intention of stopping.

You said you have been authorised to cancel the site - as there are now requests for hacked credit card details appearing on the site, if you do not cancel it within the next 60 minutes, I am forwarding the information including the screenshots above to the federal authorities, the local CERT for your area and my contacts at your upstream provider, AT&T. Consider that the screenshots I have obtained of your "intervention" behind the scenes to clean up the forum to allow the account to continue, along with the evidence of credit card hacking and trojan spreading will NOT look good with any of the above parties.

You have one hour to delete the forum before I action the above. I'm no longer interested in the so-called "procedures" you supposedly follow to delete a site, because you suspended the site once, and you can do it again - only in light of the continued content posted to that site, nothing less than a full and permanent takedown will suffice."

I then went off to do a Podcast for SCMagazine on the perils of Myspace. Meanwhile, five minutes past 3 and no reply...


Fifteen minutes past 3 and no reply....

I got bored of screenshots while waiting, so let's fast forward to Ten to Four with no reply....

.....is the end for The Goddamn Batman? Well, not really because this appeared at exactly 4:00PM:


......and that, my friends, is how I made the World burn. On the 23rd of November, I promised someone would experience "Smash you with Entire Building-Fu".

Consider it a promise made good.

What the Hell(gi)?

So, just before I went to bed last night after a job well done - a job that's taken a week or so to get done, after endless emails, live support chats and God knows what else (from myself and a number of other individuals) - I have one final check to make sure Helgis backup forum is dead and buried and....Holy Plot-twist, Batman...the damn thing is back online!

I jumped into a Live Chat with the hosts...again....check this out:

chris boyd: Hello, I received the email regarding http://www.websitetoolbox.com/mb/helgib? being cancelled - however the site appears to be back online?
Rahul: Well, yes that stands true for now, this guy has asked us for 1 days time to remove all illegal postings and contents from the message board.
Rahul: That is just what we have given him.
Rahul: Failing to do so, we will permanently delete the account.

That's great - except, they don't do weekend support. Do they think I'm stupid? I hope not...

chris boyd: okay - but as far as im aware, you dont run support over the weekend, so either way the site would still be live until monday?
Rahul: We do not have live support available on weekends, but you can check with me on my email ID, I have sent you a mail from.
chris boyd: okay - so he has until saturday afternoon?
Rahul: Yes.
chris boyd: okay, if there is still illegal content there on saturday afternoon I will catalogue it and send it to you - and you will be able to action the cancellation?
Rahul: Yes, I have been authorized to do so in this case.

Considering they way these guys have dealt with this so far, I can't say I'm surprised. I did expect to have to go back into battle with them, but not this quickly. Sigh. There'll be more on the way this host has handled the deletion of this account next week, but for now I'll lob in a choice quote from Helgi, courtesy of Sandi:

"Okey everyone. From now on there will be no Pishing (fakelogin) noob crap! Just use google if you want that sh*t, but not here! and no more Hacking Computers! that's gay and you can be caught by the police. I deleted all that sh*t of my PC, and my PC is now faster and better. No more illegal things! Only this sh*t leads to Trojan's and viruses!

Thank You.

BTW: If your wondering why i gave up this message is because i got caught and i had one more chance, and my computer is better now."

....of course, the forum is still swimming in all sorts of nasty things. I wouldn't worry too much, because I was actually kinda hoping the host would do something like this - I've been itching for an excuse to cover the way they apparently handle leet kiddiez sites like this, and now I have one.

Next week will be fun....

Helgi - The Finale

I guess Helgi didn't think I knew about the final backup of the forum I took out a few days ago. There it lurked, chugging along since Monday, spreading garbage, encouraging leetness and mad hax.

......he was wrong.

Say goodbye to 1000+ more punks.

Rise Up With Fists, Strike Down With Vengeance

For the past week or so, I've been following a bunch of supposedly uber-cool hackers getting their kicks from phishing, social engineering and fake hacking programs. They make money from their scummery and make no attempts to hide their identities. Their ages ranged from 11 to 13 years old.

This kinda wound me up.

I asked if you thought they should be slapped about a bit - the overwhelming vote was cast in favour of "Yes please Mr Internet Nasty Man".

Well, it's time to break out the biff-bam-pow so without further ado, let's get on with it. This particular escapade - there'll be more to follow - was about shutting down sources of income and phishery-pokery. More importantly, it was also about hurling a vague sense of panic and WTF into the happy little scumpit of a world these kids had created for themselves. Nothing works better than a little fear and terror, right?

First of all, I thought I'd kick things off by popping into their leet hax chatroom to outline how things were going to be going down for the evening:

....as you might expect, this was met with confused silence. So far, so good. Then I thought I'd better go get the first Phish page of the night shut down:

...but not before I paid the creator a little visit on MSN. I was going to go for subtlety, mystery, something that would make them stop and think in sheer terror and dread of what the rest of the night would hold.

Instead, I went for a big drawing of a fish. Well, it made me laugh. Time to crack the first skull of the night. This site had been used as storage for stolen passwords since at least the start of November:

....and had a big old pile of passwords lurking within.


.....yes, that last one was mine. And so it came to pass, that less than an hour later, the lollercakes were indeed released with spectacular results:


Those 404 Error / your-phish-base-just-got-bombed are a sight to behold, aren't they? I left him a little clue that his stockpile of stolen accounts just went bye-bye:


.....eheheh. At this point, I went off and nobbled a bunch of other phishing pages - most of which related to MMORPGs - and went to their chat room to put my big, blood stained feet up:


......finally, the penny was starting to drop with some of them. However, I knew some couldn't resist the lure of being asspipes on the internet, and sure enough, one of these idiots had replaced their hosed phish with......another phish, rather stupidly with the same host who already whacked them a few hours earlier.


.....yes, amazing. Not as amazing as your phish page about to go up in smoke for the second time, kid. Check it out, with the aid of some awesome mathematics:

PLUS EQUALS
...yes, the replacement Phish page lasted a total of FOUR MINUTES.

And so it went, back and forth, with me launching a sustained, systematic and simultaneous assault on their phish pages, their domain space, web accounts, ISPs, forums, MSN addresses and chat rings all at once. You name it, for 14 glorious hours I was pounding it. In the face. With a brick.

Some more random canceled accounts / phish pages / whatever:

Biff!

Bam! Pow! Shall we check in at the chatroom again?

....oh God, so much fun. However, now it was time to turn my attention to the ringleader - our pal Helgi. It'd be a major shame if all his crappy hacking programs were removed from Payloadz, right? ....whoops. Hey, it'd be an even bigger shame if I just went and had his entire user account deleted too, wouldn't it?

....remember kids, there's heartless, then there's me. This is probably a good time to check back in at the chatroom:

.....these kids just don't learn, do they? But wait, we ain't done yet. There's toppling them like dominoes, and there's driving the dominoes into the ground with a fifty tons of concrete. Do I spy yet another boob selling crap?

....why yes, I do. And what happens when we see boobs selling crap? First, we hit them with cryptic awesomeness via MSN - I'm going for comic book geekery here:


....then we take it all down, preferably to Chinatown:

Damn, this is so much fun. SO much fun. Shall we see if the kidz in the chatroom are enjoying themselves?


Note that they called me Mister Batman, raising this to all new levels of awesome. I'd laugh at them some more, but right now....

.....I have to take out the trash once again. ....are we making with the biff-bam-pow yet? You bet. These kids just don't know when to give up, do they? Imagine how awesome it was to see this post appear on their forum:


....seconds earlier, he'd just thrown up a new page:

...selling all sorts of dubious junk:

Exactly nine minutes after his forum post....


.....both his redirection URL and his webspace are toast. As Vader would say, all too easy. Oh, I haven't finished with Helgi yet either. Here he is, phishing his own forum members:


...sigh. Good job I took the liberty of hosing all your web accounts - here's a few for the family album:


Remember ye olde phishing thread? Well, some loser posted this:


.....no, you won't use these anymore. I hope you enjoyed all the dead fish pictures though.

There's more, but I think you get the general idea. Eventually, I lost count of how many phish pages, websites, stores, accounts on social networking forums and God knows what else I had taken down in my little rampage.

In the beginning, I don't think they were too happy about it, but as we can see, a little pressure goes a long way (eventually):

I've no doubt a lot of these fools will keep trying to hack and phish and whatever else, but I'll be right there waiting for them while I try and come up with a more permanent solution. For now, the important thing to remember is that for 14 hours, a bunch of scummy kids were crying their eyes out on the Internet.

And that is the true meaning of Christmas. Looks like Batman was right...

Next Week: A little preview

....hahaha, no, you probably won't use crappy phishing pages anymore, will you?

Expect more of this next week. For now, get with the biff-bam-pow. Or was it sock-pow-zok?

I asked. You answered.

Always one to enjoy the fun of interactive asskicking, I threw it open to the floor - should this group of punks be subjected to a Paperghost-tastic facebusting on a grand and unrelenting scale?

Our survey said:

...and so it came to pass, that this wonderful bunch of rascals were subjected to 14+ solid hours of non-stop beatdowns.

In fact, I'm just finishing off mopping up the remains.

When I'm done, expect the full lowdown on exactly how much of a mangling these kids received.....

Want to see 13 year old kids going Phishing?

Sure you do.

Remember this nonsense? Well, I was wandering around some of their leet hax forums earlier and, wow, can you say 12 and 13 year old kids passing around fully fleshed out Phishing kits?

I've watched.

I've waited.

.....and now, I've seen enough. The above are the kinds of things you can expect to see lurking in their wonderful collection of Phish pages. In fact, here's one that's already gone live:

.....and so, my good friends, I turn to you with a poll. A poll that will either let a group of young whippersnappers off the hook, or set the scene for an evening of sheer terror.

You decide.

A Portrait of the Artist as a Young Man

Last week I was putting together a writeup about Habbo Hotel scams. Well while looking into it, I kept seeing this program being named over and over again - usually in the form of desperate pleas as to its location.


Well, a bit of digging round later and, finally, I had a copy to play with - thanks to some dude on a forum who claimed "I have made it with Helgi B":

....230 downloads since he stuck that there. Keep this forum guy in mind, because we'll be back for him later. For now, let's fire this thing up...

....well what do you know, it doesn't actually do anything. Of course, if you watch his video the tool doesn't work for him, either - he claims some (unintelligible) excuse, then says he can get you your furniture if you mail him your username and password for Habbo Hotel.

/ eyes roll

Not a lot more we can do with this guy. In fact, he might not even have had anything to do with its creation, as we can see him asking......


.....if anyone has the same program available to download only a month or so earlier. There's Boobtastic, then there's this guy.

But wait.....he did mention someone called "Helgi B". Could we have a lead here? Let's go take a look at that URL mentioned on the interface.

Nuts! Game over, right?

Nah. A quick reload of the page, a quick slap of the "Stop" button on the browser and we avoid the forwarding and see this page instead:

...looks a bit more promising, right? (It basically says "Here you'll find all the info" or something along those lines). Let's check the code:

...."DJ Helgib"? Ah. I guess that'll be the very same "Helgi B" mentioned earlier. Let's go see. Of course, the Tripod page is gone, but that doesn't mean our old pal Google won't come in handy:

Oh dear, seems like Habbo didn't like him much. What else is out there, I wonder?

...it's like YoGangsta50 all over again, isn't it? From the blurb:

"I'm a Computer nerd, Programmer, Musician, And a famous Hacker xD"

Helgi, you have no idea how true those words are going to be. Wouldn't it be crazy if he'd just, you know, set up another profile on Habbo Hotel? Uh....

Well look at that, not only does this guy rock out to Techno (just like on Youtube) but he also writes his Nickname in the exact same way, too - xHelgiBx. THAT AIN'T NO KWINKYDINK!

Shall we check out one of his videos? Yeah, course we will.

This is a video pimping his "Anti Detector" program (gotta luv dem spellingz), which supposedly makes Anti Virus programs weep as your infection file breezes right past thanks to his program. I'd test it, but you have to pay money to obtain it via the link in the video description.

That's right, our guy is selling all sorts of dubious garbage. Check it out:






..that last one is awesome. "Simply hand over 40 dollars in return for absolutely no program whatsoever, and I really will send you 875 Habbo coins. Honest". Has throwing your money away ever been so easy?

Anyway, this guy has left so much information lying around it's almost scary - he clearly just doesn't care who knows about what he does online. In fact...he has so much information on his personal site you can pretty much guess what colour his underpants are.

According to his site, he was born in 1994 which (of course) makes him Thirteen.

Sigh. These kids are openly and wantonly peddling their leet hacking tools across all manner of websites - worse, they don't even bother to do it anonymously anymore. It almost makes YoGangsta look like Moriarty.

Almost.

When did we become so jaded that we didn't just tolerate anonymous punks hacking us, but gave a green light to thirteen year olds screwing us over and doing it in full view? The guy even runs a forum stuffed with dubious garbage that currently has over 1000 registered members.

I mean, don't get me wrong. I'm sure at least some of these "creations" of his are just stolen from other places and sold as his own, or just never worked in the first place.


I'm sure a lot of what he says is just bluster and showing off.


I'm even more sure that a lot of it revolves around the apparent hero worship he has heaped upon him by others.

I'm certain he's pretty talented, too.


But eventually.....it doesn't just become crossing the line....


....it becomes stomping across it with an industrial jackhammer.


Forget Storm Worms, FastFlux, RBN and all the other things we like to wheel out and scare ourselves with - the endless, throbbing mass of (mostly) faceless, nameless kids like this guy are the real worry. Because if we don't do something about them, in five years time (or maybe less) they'll be the new architects of the next wave of Storms and RBNs and shady Adware vendors.

And that stuff will be a lot worse than anything we can currently imagine.

I've seen the above played out so many times before, it's scary - and I'd like to think Helgi won't be staring at the inside of a cell in a few years time (or worse, staring at a gold encrusted 42 inch LCD TV while drinking Krunk Juice out of his pimp goblet made from the skull of Joseph Merrick via all his dubious moneymaking activities).

Hell, part of me wants to be somewhat sympathetic (though I'm not entirely certain why).

However.

The other part of me makes the very good point that, for all I know, my friend's life was possibly destroyed by some young kid, just like Helgi, messing around with hacking and sharing mega leet infection files, without a thought that their online actions might seriously mess someone up offline.