Got raided, stay legal guys, its not worth it.

General technological topics without their own forum go here

Got raided, stay legal guys, its not worth it.

Post by Wololo on Sat Aug 08, 2015 9:47 pm
([msg=89269]see Got raided, stay legal guys, its not worth it.[/msg])

Here to share a short story.

I'm not here to ask for pity, illegal hacking is fucked up, and i probably deserve all that is happening right now.

I'm currently employed as a freelance security researcher and i've made good money selling vulnerabilities in major browsers, ranging from sandbox escapes to memory corruption bugs.

But before that...i was project leader of a startup developing games.
I had some bad luck with the start-up, got denied government funding, even though we were one of the more promising startups in our little country.
Ended up being mentally burned out...
I really couldnt care about anything anymore at this point.

I downloaded kali linux, used SQLmap with the google dork scanner to hack a few websites, some having massive databases with tens of thousands of users and private info...
After which i continued to use this info to hack social media accounts, e-mails etc...
One twitter account even got me into national news...(don't mess with accounts of important journalists)...

It all seemed innocent enough at that time, and i mean, anyone can do this, its so insanely easy, i can probably teach a monkey how to do it. Partly because it was so easy it felt more like a game then a crime...

But hacking real people, invading their privacy, their personal space, its a sick thing to do.
After making national news i realized i had gone to far, and i quit and instead focused my energy towards research and doing something that could actual make a positive impact.


But it was to late. The clock of doom was already ticking for me.
More then half a year later my home got raided, everything got taken away.
In co-orporation with the Americans (i suppose the NSA) they found out my IP and identity, even though i used proxychains combined with the TOR network back at that time (or i might just have been sloppy, who knows!).

I guess karma is a bitch, as one of my friends put it.
Its almost 5 am right now, i'm just writing this because i can't sleep again.
Shit like this ruins your life, should i get convicted my career in security research will be over...nobody works with convicted blackhats.

Whatever you do, stay legal, there is nothing cool about being raided...it just ruins your life if you have/had serious ambitions about doing something in the field of security. If you want to get noticed as a hacker there are better ways to prove your skills (sell 0days for example)! Ah well :).
Wololo
New User
New User
 
Posts: 24
Joined: Tue Mar 10, 2015 4:51 am
Blog: View Blog (0)


Re: Got raided, stay legal guys, its not worth it.

Post by pretentious on Sun Aug 09, 2015 1:54 am
([msg=89272]see Re: Got raided, stay legal guys, its not worth it.[/msg])

Your story reminds me of electron https://www.youtube.com/watch?v=0UghlW1TsMA
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
Can you say brainwashing It's a non stop disco
User avatar
pretentious
Addict
Addict
 
Posts: 1203
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: Got raided, stay legal guys, its not worth it.

Post by x509 on Sun Aug 09, 2015 8:34 am
([msg=89277]see Re: Got raided, stay legal guys, its not worth it.[/msg])

Hopefully this will never happen to me :p
User avatar
x509
New User
New User
 
Posts: 16
Joined: Sun Aug 09, 2015 1:47 am
Blog: View Blog (0)


Re: Got raided, stay legal guys, its not worth it.

Post by Wololo on Sun Aug 09, 2015 3:16 pm
([msg=89290]see Re: Got raided, stay legal guys, its not worth it.[/msg])

pretentious wrote:Your story reminds me of electron https://www.youtube.com/watch?v=0UghlW1TsMA


At-least that guy hacked some very high profile targets before going down.
Getting caught for using SQLmap isn't anything to be proud of..although i find it surprising that a small country in europe like mine would contact the Americans to catch a hacker...seems a bit like overkill, especially since i didnt do credit card theft or crazy stuff like that.
But yea, they took 4 computers of mine that i won't be seeing again for a long while..i have to be cross-interrogated soon together with my father (probably to check for holes in my story), go to court etc...

Even if i don't get convicted, its just not worth it...
Its easy to hack websites using an automated tool like sqlmap...but i hope that this will convince people to not do it...trust me, if they want to catch you, they probably will...
Wololo
New User
New User
 
Posts: 24
Joined: Tue Mar 10, 2015 4:51 am
Blog: View Blog (0)


Re: Got raided, stay legal guys, its not worth it.

Post by tremor77 on Sun Aug 09, 2015 9:06 pm
([msg=89294]see Re: Got raided, stay legal guys, its not worth it.[/msg])

You probably just managed to hit the wrong person or company and pissed someone off that was well connected. You don't have to make headlines or hit a high profile target to get busted, you just have to cross the wrong asshole somehwere who's got a brother or a friend in a law agency or politics and who has some money behind him. Some cock-dick like that will go to no end to get his "justice".

As for TOR - honestly for the last 3 years, TOR has been nothing but a honeypot for the NSA. They own most of the nodes.. so it's basically an invitation to get tracked basically.. TOR is a web to attract hacker flies and the NSA is the spider.
User avatar
tremor77
Addict
Addict
 
Posts: 1098
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: Got raided, stay legal guys, its not worth it.

Post by x509 on Mon Aug 10, 2015 4:06 am
([msg=89296]see Re: Got raided, stay legal guys, its not worth it.[/msg])

tremor77 wrote:As for TOR - honestly for the last 3 years, TOR has been nothing but a honeypot for the NSA. They own most of the nodes.. so it's basically an invitation to get tracked basically.. TOR is a web to attract hacker flies and the NSA is the spider.


This, and I also found interesting documentation on advanced fingerprinting of the Tor netork:
Like this one
User avatar
x509
New User
New User
 
Posts: 16
Joined: Sun Aug 09, 2015 1:47 am
Blog: View Blog (0)


Re: Got raided, stay legal guys, its not worth it.

Post by airsav on Tue Aug 11, 2015 7:03 am
([msg=89311]see Re: Got raided, stay legal guys, its not worth it.[/msg])

Wow, sorry to hear that! Must suck considering you stopped and they still found you 6 months later... I hope everything works out for you though.. good luck!

You mentioned at the end of your post about 0days. Do people actually do that for a living (ONLY 0days)? I assume someone doing this would try hacking big websites/software and then contact the companies for money or some sort? It also sounds perfect for someone working alone. A little further info on how someone can get into that i.e. knowledge, budgets etc would be highly appreciated. I said "budget" because I read in a blog a few days ago that finding 0days are expensive. They didn't elaborate further on than that though.

Thanks in advance!

Air
airsav
New User
New User
 
Posts: 2
Joined: Tue Aug 11, 2015 6:44 am
Blog: View Blog (0)


Re: Got raided, stay legal guys, its not worth it.

Post by Wololo on Tue Aug 11, 2015 4:30 pm
([msg=89320]see Re: Got raided, stay legal guys, its not worth it.[/msg])

Yea, most likely the NSA has a way to de-anonymize tor users...wouldn't have believed it a few years back, but with all that has come out lately, it would be easy for them. There have also been papers in 2013 about the NSA trying to crack the TOR network to keep an eye on its users...

I'm pretty sure that it's something like that...they got my identity in less then 24 hours according to the police officer. I don't think that i made a major fuck-up because otherwise the forensics from the computer crime unit wouldn't need NSA help. So yea...don't use TOR i guess!

airsav wrote:Wow, sorry to hear that! Must suck considering you stopped and they still found you 6 months later... I hope everything works out for you though.. good luck!

You mentioned at the end of your post about 0days. Do people actually do that for a living (ONLY 0days)? I assume someone doing this would try hacking big websites/software and then contact the companies for money or some sort? It also sounds perfect for someone working alone. A little further info on how someone can get into that i.e. knowledge, budgets etc would be highly appreciated. I said "budget" because I read in a blog a few days ago that finding 0days are expensive. They didn't elaborate further on than that though.

Thanks in advance!

Air


Hey,

Yes there is a select group of people that earn alot of money with this right now.

A nice docu: https://www.youtube.com/watch?v=4BTTiWkdT8Q

There is a range of brokers, with the zero day initiative being the most popular one, and the one i would also recommend (https://www.zerodayinitiative.com).

You mention pentesting websites, but it is really an entirely different skillset from looking for 0days.
The zero day initiative buys vulnerabilities in major software like web-browsers etc (look at their published advisories if you want to know which software is acceptable).
Researching 0days takes no money at all, just alot of knowledge and hardcore persistence and dedication.

The two types that i'm mainly looking after are sandbox escapes and memory corruption bugs in browsers. (but there are alot of other things you can hunt after!)
For sandbox escapes: https://www.youtube.com/watch?v=q9dnYno_Moc (there is also a part two)

The first time i watched it i didn't understand it at all, but rewatch it several times, try things out, read papers, google info..etc..
There's also a few other guys who have shared their research, you need to look at all of them :).

The second one, memory corruption bugs usually starts by writing a fuzzer to fuzz for example java DOM elements to produce a crash. Then you need to analyze the crash and see if it can lead to code execution.
This does require knowledge of assembly, but you can probably get a long way with just a basic knowledge if your just looking to determine exploitabillity as opposed to actually writing an exploit. (watch for example: https://www.youtube.com/watch?v=LK6_X1ZWMHg)

On fuzzing itself, read everything from this guy, he also has some good sample code (which works with the grinder framework, you can find that one on github), but you will need to modify it, using the same algorithm will only give you the same crashes: https://sites.google.com/site/tentacoloviola/

I've been wanting to write a basic intro to the IE (or even the new MS EDGE) sandbox for a while, demonstrating some of the bugs i found...I'll see when i have time for this..would help if the police didn't take the only copy of my research...

A sandbox escape can easily earn you 5k or more with the zero day initiative..and many times more on shady markets..so yea, its something alot of people want to get into...but it takes alot of time and dedication...and moments of going half insane :P.

If you have questions feel free to ask or PM me.
Wololo
New User
New User
 
Posts: 24
Joined: Tue Mar 10, 2015 4:51 am
Blog: View Blog (0)


Re: Got raided, stay legal guys, its not worth it.

Post by Goatboy on Tue Aug 11, 2015 9:14 pm
([msg=89323]see Re: Got raided, stay legal guys, its not worth it.[/msg])

Been there, can confirm it sucks.

However I don't agree with the "Nobody will hire me" part. You just have to be honest about it, own up to your mistake, and show a real intention to not do that shit again.
Assume that everything I say is or could be a lie.
User avatar
Goatboy
Expert
Expert
 
Posts: 2864
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Got raided, stay legal guys, its not worth it.

Post by airsav on Wed Aug 12, 2015 7:43 am
([msg=89343]see Re: Got raided, stay legal guys, its not worth it.[/msg])

Thanks man for all that info, watched the doc and it was very interesting. I tried PMing you but for some reason I can't. Don't have access or something. Might be because I'm new? Don't know. Let me know if there is another way I can contact you instead.

I guess I can ask some of those questions here though. For example, how does someone manage to discover a 0day if there's so many people using the same methods and doing the same thing? How reliable is this model for a someone wanting to go solo on this? I am aware it could take days, weeks and months to find a single leak, but what are the odds someone won't find it before you do ? Sounds like it might not be a good idea to go solo on this and best to have a team of people working together in order to find things faster.

I am just assuming all this, I really have been interested in 0days and the market for just a couple of days now only and therefore trying to get as much info as possible :)

Air

Wololo wrote:Hey,

Yes there is a select group of people that earn alot of money with this right now.

A nice docu: https://www.youtube.com/watch?v=4BTTiWkdT8Q

There is a range of brokers, with the zero day initiative being the most popular one, and the one i would also recommend (https://www.zerodayinitiative.com).

You mention pentesting websites, but it is really an entirely different skillset from looking for 0days.
The zero day initiative buys vulnerabilities in major software like web-browsers etc (look at their published advisories if you want to know which software is acceptable).
Researching 0days takes no money at all, just alot of knowledge and hardcore persistence and dedication.

The two types that i'm mainly looking after are sandbox escapes and memory corruption bugs in browsers. (but there are alot of other things you can hunt after!)
For sandbox escapes: https://www.youtube.com/watch?v=q9dnYno_Moc (there is also a part two)

The first time i watched it i didn't understand it at all, but rewatch it several times, try things out, read papers, google info..etc..
There's also a few other guys who have shared their research, you need to look at all of them :).

The second one, memory corruption bugs usually starts by writing a fuzzer to fuzz for example java DOM elements to produce a crash. Then you need to analyze the crash and see if it can lead to code execution.
This does require knowledge of assembly, but you can probably get a long way with just a basic knowledge if your just looking to determine exploitabillity as opposed to actually writing an exploit. (watch for example: https://www.youtube.com/watch?v=LK6_X1ZWMHg)

On fuzzing itself, read everything from this guy, he also has some good sample code (which works with the grinder framework, you can find that one on github), but you will need to modify it, using the same algorithm will only give you the same crashes: https://sites.google.com/site/tentacoloviola/

I've been wanting to write a basic intro to the IE (or even the new MS EDGE) sandbox for a while, demonstrating some of the bugs i found...I'll see when i have time for this..would help if the police didn't take the only copy of my research...

A sandbox escape can easily earn you 5k or more with the zero day initiative..and many times more on shady markets..so yea, its something alot of people want to get into...but it takes alot of time and dedication...and moments of going half insane :P.

If you have questions feel free to ask or PM me.
airsav
New User
New User
 
Posts: 2
Joined: Tue Aug 11, 2015 6:44 am
Blog: View Blog (0)


Next

Return to General

Who is online

Users browsing this forum: No registered users and 0 guests