Pages:
Author

Topic: I just hacked 3 and scammed 3 members. (Read 4393 times)

Das
sr. member
Activity: 308
Merit: 250
July 28, 2016, 04:09:06 AM
#74
This hacking thing is just over my head. I have absolutely no idea how a hacker does his work.

Looks like rocket science to me Undecided Undecided
legendary
Activity: 1232
Merit: 1017
July 28, 2016, 03:03:38 AM
#73
Okay, so this is what happend:

I saw that the user stealth923 was asking for a loan, so I decided to look at the request and accepted it. I thought it was shady that there was no signed message, but it was never staked so I though it was ok, since all the posts were in altcoin announcements. Then he gave me the password, which sounded like easy hackable. So then I made a post and said it, then the lender/scammer became angry and said I was a scammer, so I was forced to send him the lending amount we agreed on. Since the that account I control now is a hero member, is it lucky that there was only scammed 0.08BTC and not more, so the damage that is caused is small. I have send an email to the real owner, since that email was staked in a PM from 2014 and was in the profile page. Now I will be waiting for the real owner to contact me and we will talk about what we will do. Please son't send me fake emails, I am not stupid.

Are you going to give the hero member account to its right full owner without asking for the btc which you have lost in lending ?
You should ask the owner around 0.1-0.15 BTC for recovering his account  Grin and for work you have done in finding the real owner
I didn't have a chance to, since theymos had to come in and reset the password of the account I held as collateral. Of course I was upset about it, since I worked hard for that bitcoin. The real owner didn't even bother to reply when he got his account back(most probable).
legendary
Activity: 3794
Merit: 1030
The Best Tipster on the Forum!!
July 27, 2016, 05:27:06 PM
#72
Total amount excluding losses on dice: 0.1 BTC now.

2 heroes 1 senior some other shit


This is some fucking revenge for you Stunna.

What kind of revenge from stunna i don't think he will give a damn because they were not his accounts.

So what makes you think you revenged stunna ?
hmm i guess we wont know because the OP isnt responding anymore
but this thread is wierd with the guy conffesing and spitting on the forum that it sucks
hero member
Activity: 882
Merit: 528
July 26, 2016, 11:05:22 PM
#71
Okay, so this is what happend:

I saw that the user stealth923 was asking for a loan, so I decided to look at the request and accepted it. I thought it was shady that there was no signed message, but it was never staked so I though it was ok, since all the posts were in altcoin announcements. Then he gave me the password, which sounded like easy hackable. So then I made a post and said it, then the lender/scammer became angry and said I was a scammer, so I was forced to send him the lending amount we agreed on. Since the that account I control now is a hero member, is it lucky that there was only scammed 0.08BTC and not more, so the damage that is caused is small. I have send an email to the real owner, since that email was staked in a PM from 2014 and was in the profile page. Now I will be waiting for the real owner to contact me and we will talk about what we will do. Please son't send me fake emails, I am not stupid.

Are you going to give the hero member account to its right full owner without asking for the btc which you have lost in lending ?
You should ask the owner around 0.1-0.15 BTC for recovering his account  Grin and for work you have done in finding the real owner
legendary
Activity: 2352
Merit: 1268
In Memory of Zepher
July 26, 2016, 06:34:01 PM
#70
You would have to be delusional to think this database would be worth 100BTC lol.
It wouldn't surprise me. Remember we're talking about the details of (probably) 500,000 members.

Sure maybe some people used the same password for the website that they did on some financial account,
and especially for any kind of Bitcoin wallet/ program.
(I'm assuming they put the price so high because people assumed you could use the info to steal coins from members.)
There are more ways to steal Bitcoin than getting someone's wallet.
Look in the OP, he was able to get 0.16-0.17BTC from 3 members using accounts with little trust. If the could get that with those accounts, what if he got one with Dark Green trust? What if he got one on the DT network? Not to mention that he could also sell the accounts on, or scrape the accounts for personal details to sell.

but anyone with half a brain is going to use different passwords for different sites,
You'd think so, but it's amazing how many people practice terrible security.
legendary
Activity: 1988
Merit: 1317
Get your game girl
July 26, 2016, 01:09:07 PM
#69
Did anyone see what "eng.chaps.returns" posted on here before the post got deleted (I assume the account probably got nuked).
It's *Engg Chakks S.After days of connecting the dots,I have managed to find his doxx.He's an Indian and a Computer Science Engineer.I missed that post anyway.Mind telling us,what was it about this time ? He still has active alt's on this forum.
copper member
Activity: 2996
Merit: 2374
July 26, 2016, 12:43:30 PM
#68
Did anyone see what "eng.chaps.returns" posted on here before the post got deleted (I assume the account probably got nuked).
sr. member
Activity: 434
Merit: 250
July 26, 2016, 07:39:33 AM
#67
You would have to be delusional to think this database would be worth 100BTC lol.

Sure maybe some people used the same password for the website that they did on some financial account,
but anyone with half a brain is going to use different passwords for different sites,
and especially for any kind of Bitcoin wallet/ program.
(I'm assuming they put the price so high because people assumed you could use the info to steal coins from members.)
hero member
Activity: 882
Merit: 528
July 26, 2016, 06:49:07 AM
#66
Total amount excluding losses on dice: 0.1 BTC now.

2 heroes 1 senior some other shit


This is some fucking revenge for you Stunna.

What kind of revenge from stunna i don't think he will give a damn because they were not his accounts.

So what makes you think you revenged stunna ?
legendary
Activity: 2352
Merit: 1268
In Memory of Zepher
July 25, 2016, 06:45:41 AM
#65
Well if i would be the admin yes then i would have no choice but lock out the users who have no access to the e-mail anymore or else sign a message!!!!
The security of this forum should be the top priority and not a few users who are stupid enough to use a email that they can not access anymore!
So you would lock out users 'stupid' enough to not use an email (which could be for several valid reasons) to protect those who are stupid enough to not change their password after a hack?

So you shall put this in question as well :
Why he makes it so hard to recover hacked account but does not simply force lock/reset all the accounts?
Theymos has several large communities that he takes care of; he is too busy to answer most queries of account recovery (especially considering that the majority of account problems are caused by the users themselves). If you can prove to a moderator that your account was hacked (through signing a message from a staked address usually) then they will apply a ban onto your account, essentially locking it.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
July 25, 2016, 01:06:57 AM
#64
-snip-
The hacker was using the stolen DB from the hack last year. He is stupid enough to leave a lot of information about himself so it is fairly easy to confirm when he actually hacked an account (plus the fact that an account's PW was not changed since the hack.

The hacker isn't even using a VPN, and most likely purchased the DB fairly recently. He is nothing more then a script kiddy.

Is that known? I still have to catch up on recent events (yes even things months ago). I wonder what the database costs and howmuch rockyou.txt[2] with good rules can get out of it. I would assume a large portion was breached quickly after the attack.


[2] https://wiki.skullsecurity.org/Passwords
Yes theymos confirmed that the hacker (robertt) was using the leaked password hashes here.

Robert only recently started hacking forum accounts, and trolling/scamming with them somewhat recently, so it is possible that he only recently figured out how to check for passwords from the hashes of the passwords. However the amounts that he is stealing from others is low enough to suggest that he purchased the DB recently (from what I have been told, the value of DBs declines over time, especially after it has been known that the DB has leaked).

I am not sure how much the leaked DB is worth, however I have been told that someone found the DB for sale on a DNM a few months after the hack for 100BTC by a seller with a lot of reputation on that DNM. I visited that DNM recently, and it appears that the DB is no longer listed for sale there; I am also not sure that the particular DNM in question is not an outright scam (it is listed on Deep Dot Web).

Thanks for the links and pointers. I guess I have to wait a little longer to take a look at bitcointalk passwords.
legendary
Activity: 3318
Merit: 1247
Bitcoin Casino Est. 2013
July 24, 2016, 06:23:03 PM
#63
The security of this forum should be the top priority and not a few users who are stupid enough to use a email that they can not access anymore!
A password reset would be to help a few users who are too stupid to change their passwords. It is not theymos's fault that they didn't oblige to what his message said. Responsibility should be with the user, not the admin.
full member
Activity: 220
Merit: 100
July 23, 2016, 02:33:06 PM
#62
The admin should really do a force reset of all the passwords, this is going out of controll and need to be stoped right now.
Is it not possible that he simply do a force reset?
The question would be how he could go about doing something like this.
Would he set all the passwords to the same and allow every account on the website to be hacked much easier?
Would he send out user's passwords through E-mail, leaving those without an E-mail linked to their accounts locked out?

Theymos already sent out an email when the leak happened (over a year ago) warning users to change their passwords; I do not think there is not much more he could do without breaking some user's forum experience.

Well if i would be the admin yes then i would have no choice but lock out the users who have no access to the e-mail anymore or else sign a message!!!!

The security of this forum should be the top priority and not a few users who are stupid enough to use a email that they can not access anymore!

So you shall put this in question as well :

Why he makes it so hard to recover hacked account but does not simply force lock/reset all the accounts?

But who cares right he have enough money...
copper member
Activity: 2996
Merit: 2374
July 23, 2016, 01:49:15 PM
#61
-snip-
The hacker was using the stolen DB from the hack last year. He is stupid enough to leave a lot of information about himself so it is fairly easy to confirm when he actually hacked an account (plus the fact that an account's PW was not changed since the hack.

The hacker isn't even using a VPN, and most likely purchased the DB fairly recently. He is nothing more then a script kiddy.

Is that known? I still have to catch up on recent events (yes even things months ago). I wonder what the database costs and howmuch rockyou.txt[2] with good rules can get out of it. I would assume a large portion was breached quickly after the attack.


[2] https://wiki.skullsecurity.org/Passwords
Yes theymos confirmed that the hacker (robertt) was using the leaked password hashes here.

Robert only recently started hacking forum accounts, and trolling/scamming with them somewhat recently, so it is possible that he only recently figured out how to check for passwords from the hashes of the passwords. However the amounts that he is stealing from others is low enough to suggest that he purchased the DB recently (from what I have been told, the value of DBs declines over time, especially after it has been known that the DB has leaked).

I am not sure how much the leaked DB is worth, however I have been told that someone found the DB for sale on a DNM a few months after the hack for 100BTC by a seller with a lot of reputation on that DNM. I visited that DNM recently, and it appears that the DB is no longer listed for sale there; I am also not sure that the particular DNM in question is not an outright scam (it is listed on Deep Dot Web).
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
July 23, 2016, 02:18:13 AM
#60
I do not believe someone who has hacked accounts and scammed people would be bold enough to say that publicly, at the risk of getting a permanent ban.

Banned on what grounds? Its not against the rules to scam someone.

Hacking, maybe?  Although the rule is not written anywhere I doubt it is allowed.

Hacking the forum is actually allowed (as long as you follow some guidelines) and might even get you rewarded. Hacking a user account, e.g. through phishing isnt punished AFAIK. The hacked user may not get the account back, because its unclear who the original owner is.

This kind of justification is sad and clearly shows a lack of desire for truth in you, or a rebellion to need to try to attempt to bend the truth to suit your will.

You are funny. The forum having a reward system for hacks[1] is a good thing, because it gives those smart enough to actually find and exploit a bug to report it to theymos and not sell it to someone else. I dont know why you think an account should be restored without proper proof or what that has to do with my desires for "truth". Whos truth are you talking about anyway?



-snip-
The hacker was using the stolen DB from the hack last year. He is stupid enough to leave a lot of information about himself so it is fairly easy to confirm when he actually hacked an account (plus the fact that an account's PW was not changed since the hack.

The hacker isn't even using a VPN, and most likely purchased the DB fairly recently. He is nothing more then a script kiddy.

Is that known? I still have to catch up on recent events (yes even things months ago). I wonder what the database costs and howmuch rockyou.txt[2] with good rules can get out of it. I would assume a large portion was breached quickly after the attack.


[1] Yes, I know, but its the commonly used term and Im lazy right now.
[2] https://wiki.skullsecurity.org/Passwords
X7
legendary
Activity: 1162
Merit: 1009
Let he who is without sin cast the first stone
July 22, 2016, 09:01:45 PM
#59
I do not believe someone who has hacked accounts and scammed people would be bold enough to say that publicly, at the risk of getting a permanent ban.

Banned on what grounds? Its not against the rules to scam someone.

Hacking, maybe?  Although the rule is not written anywhere I doubt it is allowed.

Hacking the forum is actually allowed (as long as you follow some guidelines) and might even get you rewarded. Hacking a user account, e.g. through phishing isnt punished AFAIK. The hacked user may not get the account back, because its unclear who the original owner is.

This kind of justification is sad and clearly shows a lack of desire for truth in you, or a rebellion to need to try to attempt to bend the truth to suit your will.
legendary
Activity: 1232
Merit: 1030
give me your cryptos
July 22, 2016, 08:43:26 PM
#58
You scammed me, you will pay, I will find you, and I will kill you

Whoa extreminitey.  Sorry for your loss but you know you can get banned for death threats, right?
explicitly, if death threats for trolling, and completely unreasonable.
and Ypii, you need not to use death threat to vent your anger, because Robertt is being furious about something he hate - which is similar to my case when i was new.

You could say it's not a death threat, but a movie reference. No harm done there.

Hope Epochtalk comes out soon, sick off Robertt exploiting SMF. I do remember the time when he was cool and did lots of good stuff for the forum.
legendary
Activity: 1582
Merit: 1006
beware of your keys.
July 22, 2016, 08:19:01 PM
#57
You scammed me, you will pay, I will find you, and I will kill you

Whoa extreminitey.  Sorry for your loss but you know you can get banned for death threats, right?
explicitly, if death threats for trolling, and completely unreasonable.
and Ypii, you need not to use death threat to vent your anger, because Robertt is being furious about something he hate - which is similar to my case when i was new.
hero member
Activity: 798
Merit: 506
Thank satoshi
July 22, 2016, 07:20:50 PM
#56
You scammed me, you will pay, I will find you, and I will kill you

Whoa extreminitey.  Sorry for your loss but you know you can get banned for death threats, right?
copper member
Activity: 2996
Merit: 2374
July 22, 2016, 05:44:14 PM
#55
I do not believe someone who has hacked accounts and scammed people would be bold enough to say that publicly, at the risk of getting a permanent ban.

Banned on what grounds? Its not against the rules to scam someone.
You make it sounds as if scamming is a good thing to do.

Im sorry you think so.

Hacked accounts are getting banned though.
I have been reporting hacked accounts and a staff member(not mentioning names) has banned the accounts.
If there is no rule for it, staff members should decide by themselves what is needed to do.

I doubt that an account gets banned just for "its hacked".
Three  accounts that were hacked by robertt were banned, I don't know if they still are banned.
I could provide you proof if you want, since I still have the PM from the staff member. I think the ban was deserves since robertt was going full delusional.

All Im saying is that there is very likely more to it. Otherwise its too easy to get someone banned when no one was actually hacked. Admins (and maybe globals now as well?) also have additional information that might help them decide (like e.g. IP addresses).
The hacker was using the stolen DB from the hack last year. He is stupid enough to leave a lot of information about himself so it is fairly easy to confirm when he actually hacked an account (plus the fact that an account's PW was not changed since the hack.

The hacker isn't even using a VPN, and most likely purchased the DB fairly recently. He is nothing more then a script kiddy.
Pages:
Jump to: