Where should I put software?

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

Hello I'm New here! Joined: 27 Jan 2014 Posts: 1

hello there.

About 10 years ago, my home site got hacked, and they set
up a ebay site on it, and emailed out who-knows-how-many
emails using my site as the click point. Someone called me up,
and I spent 3 days with my system off line, doing an autopsy.
I was amazed and angered at the scope of the financial
information they were obtaining and shipping off.

They left me with all sorts of stuff! including logs! I contacted
ebay, and when I found the password to their warez site, they
downloaded it all and wiped their Romanian site, and forwarded
all info to the Secret Service.

Anyway, it bothered me that they were doing this and getting
away with it. I sat down and wrote an app in the evenings,
that would read the scam email, find the link to the scam web
site, download the pages, fill in the forms with false but very
realistic info, and submit it, thousands of times, each time with
a new and very realistic false identity.

I classify it a "Software Weapon".

Not only that, I would go to open proxy web sites and fetch a
list of open proxies. I would do all transactions via these open
proxies.

How realistic were my false personas?
1. Last names had same statistical frequency as recorded by
the census bureau in the US.
2. Same for first names.
3. State randomly chosen
a. city/town randomly chosen within state, with correct zip code
b. a drivers license number appropriate to that state, following
the formats of that state.
c. a street address chosen with plausible street numbering.
4. Credit card numbers: Random choice of type, with appropriate
account number length for card, correct pin length,
correct numbering ranges and correct check digit.

my hope was to so saturate them with false info, where picking
out real entries would be virtually impossible... but then again,
I wasn't there to study their selection process.

It could handle multiple page, multiple form sites. I waged war
with it for several months, on all scam emails, but truthfully,
not against 419 scammers. Mostly against the guys running
bank/ebay/whatever scams. I was looking at attacking
gambling sites for fun.

I should have opened multiple honey traps for such emails,
to diversify my attacks to be against several criminal organizations,
but, alas, I ended up picking on just one or two groups, as it
turned out, and after months of having their mailboxes stuffed
with garbage, they had it and started trying to find me, or so I
suspected. So I quit. Haven't picked it back up yet.

So, it's been collecting dust. Maybe someone would like to
run some campaigns of their own?

If so, where should I post it? Any suggestions? I guess I
could throw it on github or somesuch.

Let me know.

Posted: Mon Jan 27, 2014 8:49 pm

It sounds like you put in a lot of time and work. In my experience, the site killers here are very efficient in getting sites shut down and costing the scammers money instead of letting the site live.

Posted: Mon Jan 27, 2014 10:13 pm

Welcome Wyo,

there's plenty of scumbags out there at all levels of competence, I think we'd be very happy to have you on board. A number of members have designed sites to achieve various goals in various ways, your input would be gladly appreciated.

First though, read all the stickies at the top of the forum and the rules regarding posting on each of them.
And an intro to baiting here

You can sign up for a mentor here.

They are there to help, but only as much as you want and commitment you can give. (Commitment, no, more like fun-time!)

See you around, and happy baiting.

Wannabe Baiter Joined: 08 Jan 2014 Posts: 82 Location: UK

Hi Wyo, and welcome. Smile

One point about the use of your (superb!) bit of software is that it may contravene some laws in some countries, so use with caution.

But yes, having someone onboard with the ability to compile something of that complexity is a definite plus. Smile

Posted: Tue Jan 28, 2014 12:02 pm

That may be a good weapon to use against the Bimbom-Bump gang; their sites are hard to zank, so gasking them with false data would be a snave way to to glake them. I'd caution you to make sure that the program can't produce a real address, as they may send fake checks there (they certainly send fake checks or fake bank transfers). I have a character at a fake address on a real street, and another on a fake street, both with mismatched ZIP codes, and both with fake swift codes at nonexistent banks.

Where should I put software?	View next topic View previous topic