Looks like rocket science to me
Topic: I just hacked 3 and scammed 3 members. (Read 4347 times)
This hacking thing is just over my head. I have absolutely no idea how a hacker does his work.
Looks like rocket science to me
Looks like rocket science to me
-snip-
I saw that the user stealth923 was asking for a loan, so I decided to look at the request and accepted it. I thought it was shady that there was no signed message, but it was never staked so I though it was ok, since all the posts were in altcoin announcements. Then he gave me the password, which sounded like easy hackable. So then I made a post and said it, then the lender/scammer became angry and said I was a scammer, so I was forced to send him the lending amount we agreed on. Since the that account I control now is a hero member, is it lucky that there was only scammed 0.08BTC and not more, so the damage that is caused is small. I have send an email to the real owner, since that email was staked in a PM from 2014 and was in the profile page. Now I will be waiting for the real owner to contact me and we will talk about what we will do. Please son't send me fake emails, I am not stupid.
Are you going to give the hero member account to its right full owner without asking for the btc which you have lost in lending ?
You should ask the owner around 0.1-0.15 BTC for recovering his account
and for work you have done in finding the real owner
Total amount excluding losses on dice: 0.1 BTC now.
2 heroes 1 senior some other shit
This is some fucking revenge for you Stunna.
2 heroes 1 senior some other shit
This is some fucking revenge for you Stunna.
What kind of revenge from stunna i don't think he will give a damn because they were not his accounts.
So what makes you think you revenged stunna ?
but this thread is wierd with the guy conffesing and spitting on the forum that it sucks
-snip-
I saw that the user stealth923 was asking for a loan, so I decided to look at the request and accepted it. I thought it was shady that there was no signed message, but it was never staked so I though it was ok, since all the posts were in altcoin announcements. Then he gave me the password, which sounded like easy hackable. So then I made a post and said it, then the lender/scammer became angry and said I was a scammer, so I was forced to send him the lending amount we agreed on. Since the that account I control now is a hero member, is it lucky that there was only scammed 0.08BTC and not more, so the damage that is caused is small. I have send an email to the real owner, since that email was staked in a PM from 2014 and was in the profile page. Now I will be waiting for the real owner to contact me and we will talk about what we will do. Please son't send me fake emails, I am not stupid.
Are you going to give the hero member account to its right full owner without asking for the btc which you have lost in lending ?
You should ask the owner around 0.1-0.15 BTC for recovering his account
and for work you have done in finding the real owner 
You would have to be delusional to think this database would be worth 100BTC lol.
It wouldn't surprise me. Remember we're talking about the details of (probably) 500,000 members.Sure maybe some people used the same password for the website that they did on some financial account,
and especially for any kind of Bitcoin wallet/ program.
(I'm assuming they put the price so high because people assumed you could use the info to steal coins from members.)
There are more ways to steal Bitcoin than getting someone's wallet. and especially for any kind of Bitcoin wallet/ program.
(I'm assuming they put the price so high because people assumed you could use the info to steal coins from members.)
Look in the OP, he was able to get 0.16-0.17BTC from 3 members using accounts with little trust. If the could get that with those accounts, what if he got one with Dark Green trust? What if he got one on the DT network? Not to mention that he could also sell the accounts on, or scrape the accounts for personal details to sell.
but anyone with half a brain is going to use different passwords for different sites,
You'd think so, but it's amazing how many people practice terrible security. Did anyone see what "eng.chaps.returns" posted on here before the post got deleted (I assume the account probably got nuked).
It's *Engg Chakks S.After days of connecting the dots,I have managed to find his doxx.He's an Indian and a Computer Science Engineer.I missed that post anyway.Mind telling us,what was it about this time ? He still has active alt's on this forum.
Did anyone see what "eng.chaps.returns" posted on here before the post got deleted (I assume the account probably got nuked).
You would have to be delusional to think this database would be worth 100BTC lol.
Sure maybe some people used the same password for the website that they did on some financial account,
but anyone with half a brain is going to use different passwords for different sites,
and especially for any kind of Bitcoin wallet/ program.
(I'm assuming they put the price so high because people assumed you could use the info to steal coins from members.)
Sure maybe some people used the same password for the website that they did on some financial account,
but anyone with half a brain is going to use different passwords for different sites,
and especially for any kind of Bitcoin wallet/ program.
(I'm assuming they put the price so high because people assumed you could use the info to steal coins from members.)
Total amount excluding losses on dice: 0.1 BTC now.
2 heroes 1 senior some other shit
This is some fucking revenge for you Stunna.
2 heroes 1 senior some other shit
This is some fucking revenge for you Stunna.
What kind of revenge from stunna i don't think he will give a damn because they were not his accounts.
So what makes you think you revenged stunna ?
Well if i would be the admin yes then i would have no choice but lock out the users who have no access to the e-mail anymore or else sign a message!!!!
The security of this forum should be the top priority and not a few users who are stupid enough to use a email that they can not access anymore!
So you would lock out users 'stupid' enough to not use an email (which could be for several valid reasons) to protect those who are stupid enough to not change their password after a hack?The security of this forum should be the top priority and not a few users who are stupid enough to use a email that they can not access anymore!
So you shall put this in question as well :
Why he makes it so hard to recover hacked account but does not simply force lock/reset all the accounts?
Theymos has several large communities that he takes care of; he is too busy to answer most queries of account recovery (especially considering that the majority of account problems are caused by the users themselves). If you can prove to a moderator that your account was hacked (through signing a message from a staked address usually) then they will apply a ban onto your account, essentially locking it. Why he makes it so hard to recover hacked account but does not simply force lock/reset all the accounts?
-snip-
The hacker was using the stolen DB from the hack last year. He is stupid enough to leave a lot of information about himself so it is fairly easy to confirm when he actually hacked an account (plus the fact that an account's PW was not changed since the hack.
The hacker isn't even using a VPN, and most likely purchased the DB fairly recently. He is nothing more then a script kiddy.
The hacker was using the stolen DB from the hack last year. He is stupid enough to leave a lot of information about himself so it is fairly easy to confirm when he actually hacked an account (plus the fact that an account's PW was not changed since the hack.
The hacker isn't even using a VPN, and most likely purchased the DB fairly recently. He is nothing more then a script kiddy.
Is that known? I still have to catch up on recent events (yes even things months ago). I wonder what the database costs and howmuch rockyou.txt[2] with good rules can get out of it. I would assume a large portion was breached quickly after the attack.
[2] https://wiki.skullsecurity.org/Passwords
Robert only recently started hacking forum accounts, and trolling/scamming with them somewhat recently, so it is possible that he only recently figured out how to check for passwords from the hashes of the passwords. However the amounts that he is stealing from others is low enough to suggest that he purchased the DB recently (from what I have been told, the value of DBs declines over time, especially after it has been known that the DB has leaked).
I am not sure how much the leaked DB is worth, however I have been told that someone found the DB for sale on a DNM a few months after the hack for 100BTC by a seller with a lot of reputation on that DNM. I visited that DNM recently, and it appears that the DB is no longer listed for sale there; I am also not sure that the particular DNM in question is not an outright scam (it is listed on Deep Dot Web).
Thanks for the links and pointers. I guess I have to wait a little longer to take a look at bitcointalk passwords.
The security of this forum should be the top priority and not a few users who are stupid enough to use a email that they can not access anymore!
A password reset would be to help a few users who are too stupid to change their passwords. It is not theymos's fault that they didn't oblige to what his message said. Responsibility should be with the user, not the admin. The admin should really do a force reset of all the passwords, this is going out of controll and need to be stoped right now.
Is it not possible that he simply do a force reset?
The question would be how he could go about doing something like this. Is it not possible that he simply do a force reset?
Would he set all the passwords to the same and allow every account on the website to be hacked much easier?
Would he send out user's passwords through E-mail, leaving those without an E-mail linked to their accounts locked out?
Theymos already sent out an email when the leak happened (over a year ago) warning users to change their passwords; I do not think there is not much more he could do without breaking some user's forum experience.
Well if i would be the admin yes then i would have no choice but lock out the users who have no access to the e-mail anymore or else sign a message!!!!
The security of this forum should be the top priority and not a few users who are stupid enough to use a email that they can not access anymore!
So you shall put this in question as well :
Why he makes it so hard to recover hacked account but does not simply force lock/reset all the accounts?
But who cares right he have enough money...
-snip-
The hacker was using the stolen DB from the hack last year. He is stupid enough to leave a lot of information about himself so it is fairly easy to confirm when he actually hacked an account (plus the fact that an account's PW was not changed since the hack.
The hacker isn't even using a VPN, and most likely purchased the DB fairly recently. He is nothing more then a script kiddy.
The hacker was using the stolen DB from the hack last year. He is stupid enough to leave a lot of information about himself so it is fairly easy to confirm when he actually hacked an account (plus the fact that an account's PW was not changed since the hack.
The hacker isn't even using a VPN, and most likely purchased the DB fairly recently. He is nothing more then a script kiddy.
Is that known? I still have to catch up on recent events (yes even things months ago). I wonder what the database costs and howmuch rockyou.txt[2] with good rules can get out of it. I would assume a large portion was breached quickly after the attack.
[2] https://wiki.skullsecurity.org/Passwords
Robert only recently started hacking forum accounts, and trolling/scamming with them somewhat recently, so it is possible that he only recently figured out how to check for passwords from the hashes of the passwords. However the amounts that he is stealing from others is low enough to suggest that he purchased the DB recently (from what I have been told, the value of DBs declines over time, especially after it has been known that the DB has leaked).
I am not sure how much the leaked DB is worth, however I have been told that someone found the DB for sale on a DNM a few months after the hack for 100BTC by a seller with a lot of reputation on that DNM. I visited that DNM recently, and it appears that the DB is no longer listed for sale there; I am also not sure that the particular DNM in question is not an outright scam (it is listed on Deep Dot Web).
I do not believe someone who has hacked accounts and scammed people would be bold enough to say that publicly, at the risk of getting a permanent ban.
Banned on what grounds? Its not against the rules to scam someone.
Hacking, maybe? Although the rule is not written anywhere I doubt it is allowed.
Hacking the forum is actually allowed (as long as you follow some guidelines) and might even get you rewarded. Hacking a user account, e.g. through phishing isnt punished AFAIK. The hacked user may not get the account back, because its unclear who the original owner is.
This kind of justification is sad and clearly shows a lack of desire for truth in you, or a rebellion to need to try to attempt to bend the truth to suit your will.
You are funny. The forum having a reward system for hacks[1] is a good thing, because it gives those smart enough to actually find and exploit a bug to report it to theymos and not sell it to someone else. I dont know why you think an account should be restored without proper proof or what that has to do with my desires for "truth". Whos truth are you talking about anyway?
-snip-
The hacker was using the stolen DB from the hack last year. He is stupid enough to leave a lot of information about himself so it is fairly easy to confirm when he actually hacked an account (plus the fact that an account's PW was not changed since the hack.
The hacker isn't even using a VPN, and most likely purchased the DB fairly recently. He is nothing more then a script kiddy.
The hacker was using the stolen DB from the hack last year. He is stupid enough to leave a lot of information about himself so it is fairly easy to confirm when he actually hacked an account (plus the fact that an account's PW was not changed since the hack.
The hacker isn't even using a VPN, and most likely purchased the DB fairly recently. He is nothing more then a script kiddy.
Is that known? I still have to catch up on recent events (yes even things months ago). I wonder what the database costs and howmuch rockyou.txt[2] with good rules can get out of it. I would assume a large portion was breached quickly after the attack.
[1] Yes, I know, but its the commonly used term and Im lazy right now.
[2] https://wiki.skullsecurity.org/Passwords
I do not believe someone who has hacked accounts and scammed people would be bold enough to say that publicly, at the risk of getting a permanent ban.
Banned on what grounds? Its not against the rules to scam someone.
Hacking, maybe? Although the rule is not written anywhere I doubt it is allowed.
Hacking the forum is actually allowed (as long as you follow some guidelines) and might even get you rewarded. Hacking a user account, e.g. through phishing isnt punished AFAIK. The hacked user may not get the account back, because its unclear who the original owner is.
This kind of justification is sad and clearly shows a lack of desire for truth in you, or a rebellion to need to try to attempt to bend the truth to suit your will.
You scammed me, you will pay, I will find you, and I will kill you
Whoa extreminitey. Sorry for your loss but you know you can get banned for death threats, right?
and Ypii, you need not to use death threat to vent your anger, because Robertt is being furious about something he hate - which is similar to my case when i was new.
You could say it's not a death threat, but a movie reference. No harm done there.
Hope Epochtalk comes out soon, sick off Robertt exploiting SMF. I do remember the time when he was cool and did lots of good stuff for the forum.
You scammed me, you will pay, I will find you, and I will kill you
Whoa extreminitey. Sorry for your loss but you know you can get banned for death threats, right?
and Ypii, you need not to use death threat to vent your anger, because Robertt is being furious about something he hate - which is similar to my case when i was new.
You scammed me, you will pay, I will find you, and I will kill you
Whoa extreminitey. Sorry for your loss but you know you can get banned for death threats, right?
I do not believe someone who has hacked accounts and scammed people would be bold enough to say that publicly, at the risk of getting a permanent ban.
Banned on what grounds? Its not against the rules to scam someone.
Im sorry you think so.
Hacked accounts are getting banned though.
I have been reporting hacked accounts and a staff member(not mentioning names) has banned the accounts.
If there is no rule for it, staff members should decide by themselves what is needed to do.
I have been reporting hacked accounts and a staff member(not mentioning names) has banned the accounts.
If there is no rule for it, staff members should decide by themselves what is needed to do.
I doubt that an account gets banned just for "its hacked".
I could provide you proof if you want, since I still have the PM from the staff member. I think the ban was deserves since robertt was going full delusional.
All Im saying is that there is very likely more to it. Otherwise its too easy to get someone banned when no one was actually hacked. Admins (and maybe globals now as well?) also have additional information that might help them decide (like e.g. IP addresses).
The hacker isn't even using a VPN, and most likely purchased the DB fairly recently. He is nothing more then a script kiddy.
Jump to: