Author |
Message |
Wyo
Hello I'm New here!
Joined: 27 Jan 2014
Posts: 1
|
Posted:
Mon Jan 27, 2014 8:45 pm |
|
hello there.
About 10 years ago, my home site got hacked, and they set
up a ebay site on it, and emailed out who-knows-how-many
emails using my site as the click point. Someone called me up,
and I spent 3 days with my system off line, doing an autopsy.
I was amazed and angered at the scope of the financial
information they were obtaining and shipping off.
They left me with all sorts of stuff! including logs! I contacted
ebay, and when I found the password to their warez site, they
downloaded it all and wiped their Romanian site, and forwarded
all info to the Secret Service.
Anyway, it bothered me that they were doing this and getting
away with it. I sat down and wrote an app in the evenings,
that would read the scam email, find the link to the scam web
site, download the pages, fill in the forms with false but very
realistic info, and submit it, thousands of times, each time with
a new and very realistic false identity.
I classify it a "Software Weapon".
Not only that, I would go to open proxy web sites and fetch a
list of open proxies. I would do all transactions via these open
proxies.
How realistic were my false personas?
1. Last names had same statistical frequency as recorded by
the census bureau in the US.
2. Same for first names.
3. State randomly chosen
a. city/town randomly chosen within state, with correct zip code
b. a drivers license number appropriate to that state, following
the formats of that state.
c. a street address chosen with plausible street numbering.
4. Credit card numbers: Random choice of type, with appropriate
account number length for card, correct pin length,
correct numbering ranges and correct check digit.
my hope was to so saturate them with false info, where picking
out real entries would be virtually impossible... but then again,
I wasn't there to study their selection process.
It could handle multiple page, multiple form sites. I waged war
with it for several months, on all scam emails, but truthfully,
not against 419 scammers. Mostly against the guys running
bank/ebay/whatever scams. I was looking at attacking
gambling sites for fun.
I should have opened multiple honey traps for such emails,
to diversify my attacks to be against several criminal organizations,
but, alas, I ended up picking on just one or two groups, as it
turned out, and after months of having their mailboxes stuffed
with garbage, they had it and started trying to find me, or so I
suspected. So I quit. Haven't picked it back up yet.
So, it's been collecting dust. Maybe someone would like to
run some campaigns of their own?
If so, where should I post it? Any suggestions? I guess I
could throw it on github or somesuch.
Let me know. |
|
|
|
|
bware419ers
419Eater Admin
Joined: 25 Jun 2012
Posts: 21302
Location: Searching for the Platinum Piggie
|
Posted:
Mon Jan 27, 2014 8:49 pm |
|
It sounds like you put in a lot of time and work. In my experience, the site killers here are very efficient in getting sites shut down and costing the scammers money instead of letting the site live. |
_________________ | SCAMWARNERS | PREMIUM | REQUIRED READING | REPORT BANK ACCOUNTS | FOLLOW 419EATER ON TWITTER
X 7035
X 17
"FFS." - Capone
- Toomuchfun
- Irishemigrant
"I started to read it but got bored after the first couple of sentences." - SOOI
"Remind me not to get on your bad side." - jose_cuervo |
|
|
|
piecrust
Elite Baiter
Joined: 29 Dec 2010
Posts: 1620
Location: Having chow with an old friend.
|
Posted:
Mon Jan 27, 2014 10:13 pm |
|
Welcome Wyo,
there's plenty of scumbags out there at all levels of competence, I think we'd be very happy to have you on board. A number of members have designed sites to achieve various goals in various ways, your input would be gladly appreciated.
First though, read all the stickies at the top of the forum and the rules regarding posting on each of them.
And an intro to baiting here
You can sign up for a mentor here.
They are there to help, but only as much as you want and commitment you can give. (Commitment, no, more like fun-time!)
See you around, and happy baiting. |
_________________ *207 *193
* 47
You would look good in Gold
Never use windows auto-fill again, use something much more secure like lastpass for free.
"I am a man of hing reputation." - Loan lad Billy Hord.
"don't even think of given me that crap that you are Deaf and dump or my line is cut off , i don't have a phone please don't.." - Loan lad Billy Hord. (Having been baited to hell) |
|
|
|
Shnagel
Wannabe Baiter
Joined: 08 Jan 2014
Posts: 82
Location: UK
|
Posted:
Tue Jan 28, 2014 8:37 am |
|
Hi Wyo, and welcome.
One point about the use of your (superb!) bit of software is that it may contravene some laws in some countries, so use with caution.
But yes, having someone onboard with the ability to compile something of that complexity is a definite plus. |
_________________ "I put sperm on your frontage and your mother is a duck." - Abd3l |
|
|
|
vonpaso xlura
Baiting Guru
Joined: 10 Apr 2011
Posts: 13781
Location: Bertcad, Lojbanistan
|
Posted:
Tue Jan 28, 2014 12:02 pm |
|
That may be a good weapon to use against the Bimbom-Bump gang; their sites are hard to zank, so gasking them with false data would be a snave way to to glake them. I'd caution you to make sure that the program can't produce a real address, as they may send fake checks there (they certainly send fake checks or fake bank transfers). I have a character at a fake address on a real street, and another on a fake street, both with mismatched ZIP codes, and both with fake swift codes at nonexistent banks. |
_________________ ×12 ×3 ×3
unwashed
×163
×186
Accra - SH Cotonou
you are a fake people so do not ever write to me again.
Am mad at you right now ... Am tired of your questions ... Am sick and tire you and your bank
Nigerian pig . go swallow a grenade idiot. Boko Haram will solve your problem idiot .
you are big fool by send a fake payment information and never you contact me again asshole .
your passgae bearing your ATM CATD ... Ant Terrorist Certificate ... legal verterbrate ... expartiate your meaning ... gets to your dwaignted address ... successful ofghw transfer |
|
|
|
|
|
View next topic
View previous topic
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|