Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"I dared two expert hackers to destroy my life. Here’s what happened."


  • Please log in to reply
21 replies to this topic

#1 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:10:39 PM

Posted 25 February 2016 - 12:00 PM

I dared two expert hackers to destroy my life. Here’s what happened.

 

Pretty fascinating article I found while browsing the security section of reddit. Just goes to show if someone wants to make your life a living hell, and has the skills to do it, they can. Fortunately, most of us are to boring for anyone to really care about, but we should still be using good security practices to keep our private life, private.


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


BC AdBot (Login to Remove)

 


#2 TheJokerz

TheJokerz

  • Members
  • 287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:10:39 PM

Posted 25 February 2016 - 12:17 PM

Good read!


pa9d6f-4.png


#3 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:10:39 PM

Posted 25 February 2016 - 12:18 PM

Great summary... good lord though. Reminds me of a time that some college students were discussing some hacker who made a generator explode by applying and removing load 100s of times a second


Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#4 DeimosChaos

DeimosChaos
  • Topic Starter

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:10:39 PM

Posted 25 February 2016 - 12:25 PM

Great summary... good lord though. Reminds me of a time that some college students were discussing some hacker who made a generator explode by applying and removing load 100s of times a second

Oh man! That is a scary thing indeed.


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#5 DeimosChaos

DeimosChaos
  • Topic Starter

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:10:39 PM

Posted 25 February 2016 - 12:30 PM

Oh my god... if you didn't watch the video do so. The part where Jessica (the social engineer person) called the guys cell phone company is absolutely incredible.


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#6 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:10:39 PM

Posted 25 February 2016 - 12:33 PM

No kidding. As I remember the tale: "He used an automated circut to add and remove load very quickly. This caused the generator to speed up and slow down rapidly (similar to what Stuxnet did to the centrifuges). The generator was litterally bouncing off the ground before it exploded (and it was an industrial model too!)"

 

I haven't yet but I will soon :)


Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#7 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:39 PM

Posted 25 February 2016 - 12:36 PM

Great summary... good lord though. Reminds me of a time that some college students were discussing some hacker who made a generator explode by applying and removing load 100s of times a second

 

That's some Watch_Dogs stuff there.

 

It's ridiculous how empathy can falter big company support so easily, that phishing part of the video was ridiculous. I've told most of my providers to explicitly not allow my wife or anyone to be allowed into the account, even as an add-on in the future. She's permitted to pay the bills, and that's it. :)

 

That's kind of funny that the guy fell for an easy phishing email, just double-checking that link would prevent that one so easily. Awareness is definitely key.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#8 DeimosChaos

DeimosChaos
  • Topic Starter

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:10:39 PM

Posted 25 February 2016 - 12:39 PM

 

That's kind of funny that the guy fell for an easy phishing email, just double-checking that link would prevent that one so easily. Awareness is definitely key.

 

I was absolutely surprised he clicked that link, even when he knew that he was currently being hacked.


Edited by DeimosChaos, 25 February 2016 - 12:39 PM.

OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,889 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:39 PM

Posted 25 February 2016 - 12:50 PM

Moral of the story....be careful what you ask for, you may get it a thousandfold.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:10:39 PM

Posted 25 February 2016 - 12:51 PM

 

 

That's kind of funny that the guy fell for an easy phishing email, just double-checking that link would prevent that one so easily. Awareness is definitely key.

 

I was absolutely surprised he clicked that link, even when he knew that he was currently being hacked.

 

remember, the domain was only one letter off. That being said, I am surprised myself too.


Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#11 DeimosChaos

DeimosChaos
  • Topic Starter

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:10:39 PM

Posted 25 February 2016 - 01:36 PM

Moral of the story....be careful what you ask for, you may get it a thousandfold.

Absolutely. Good thing these guys were white hack type guys. Still though... I would be paranoid as all get out after the fact.

 

 

 

 

That's kind of funny that the guy fell for an easy phishing email, just double-checking that link would prevent that one so easily. Awareness is definitely key.

 

I was absolutely surprised he clicked that link, even when he knew that he was currently being hacked.

 

remember, the domain was only one letter off. That being said, I am surprised myself too.

 

True, and it was a really really good looking phishing scam. It looked legit, you would still think he would be way more cautious though since he had asked them to do it.


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#12 DouglasL

DouglasL

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 25 February 2016 - 01:52 PM

 

 

 

That's kind of funny that the guy fell for an easy phishing email, just double-checking that link would prevent that one so easily. Awareness is definitely key.

 

I was absolutely surprised he clicked that link, even when he knew that he was currently being hacked.

 

remember, the domain was only one letter off. That being said, I am surprised myself too.

 

That is why, even with an email that I know is legit, I hover over links and read the real link in the pop up. If they don't match I don't click. I also advise, and practice, that if you get an email from a bank, utility company, hosting company, etc. especially those talking about security changes, don't click on the links in the email. Instead, use a browser and type in the known, correct address to their homepage or do a search for them and go that way. If the email was legit it is usually easy to find a link on their homepages to do what the email advises.



#13 rp88

rp88

  • Members
  • 3,067 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:39 AM

Posted 25 February 2016 - 03:08 PM

Post #1: I am guessing, however, that whatever their skills the one thing that the hackers couldn't get at were offline backups kept on USBs/cds/dvds.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,889 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:39 PM

Posted 25 February 2016 - 03:15 PM

...began by compiling a dossier on me, using publicly available information like my email address, my employer, and my social media accounts....took a survey of my social media activities. In total, their dossier on me added up to 13 pages.

This is the first place I go when investigating someone one of the reasons I do not use any social media.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 DeimosChaos

DeimosChaos
  • Topic Starter

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:10:39 PM

Posted 25 February 2016 - 03:21 PM

 

...began by compiling a dossier on me, using publicly available information like my email address, my employer, and my social media accounts....took a survey of my social media activities. In total, their dossier on me added up to 13 pages.

This is the first place I go when investigating someone one of the reasons I do not use any social media.

 

Spot on quiteman. It was definitely a lot easier for these hackers because of him being a journalist and having high profile social media accounts. I personally have a facebook and an instragram. But the e-mail linked to those you won't see showing up on any of my important stuff that is for sure (bank account, etc etc). That is the key as well, if you are going to have those type of social media accounts, use throw away e-mails, and don't post any PII type of stuff.


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users