Monday, January 16, 2012

The Face of a Snitch - DestructiveSec

                                               
                                            {  }
                                         { }
                                       { }
                                     # #  ( )
                                  ___#_#___|__
                              _  |____________|  _
                       _=====| | |            | | |==== _
                 =====| |.---------------------------. | |====
   <--------------------'   .  .  .  .  .  .  .  .   '--------------/
     \ DestructiveSec                                              /
      \___________________________________________________________/


(______)              _                       _  (_)            / _____)          
 _     _ _____  ___ _| |_  ____ _   _  ____ _| |_ _ _   _ _____( (____  _____  ____
| |   | | ___ |/___|_   _)/ ___) | | |/ ___|_   _) | | | | ___ |\____ \| ___ |/ ___)
| |__/ /| ____|___ | | |_| |   | |_| ( (___  | |_| |\ V /| ____|_____) ) ____( (___
|_____/ |_____|___/   \__)_|   |____/ \____)  \__)_| \_/ |_____|______/|_____)\____)




Dear Cyber Citizens of The World Wide Web,

TehWongZ involvement with DestructiveSec was limited to him being an amateur spokesman. After he mentioned to us had been raided, and had his computers confiscated, we knew we were endangered. On January 2, 2012, we noticed he was now appearing online 24/7 despite the fact he had no access to the computer. DestructiveSec became paranoid enough to arrive at consensus that perhaps he gave the court his login details for his Skype Account. Fortunately a member lived near TehWongZ, Charlie Floate, who was regularly connecting to his iPhone to access the DestructiveSec twitter account. This member was then able to drive the DestructiveSec warship, equipped with the finest WiFi security cracking code, into Charlie's router a mile away with a wifi-attenna which enabled remote WiFi network intrusion. However, we had an issue, there was a plethora of WiFi routers in the area. Fortunately, we were able to grab an active IP he used from EFNET IRC. We proceeded by utilizing NMAP to grab the router specifications from his active IP. Charlie had left his router with the default router name, isolating it to the only network name which corresponded with the NMAP results. Once identified, we were able to crack his WEP security with ease. After installing a backdoor equipped with a password sniffer we were able to retrieve the password for his DestructiveSec twitter and his Email account. The password was simple, which is predictable with Charlie, it was "Lulzfunny581". He apparently never learned about password security and never saving his password in auto-complete. Once inside his email account, our paranoia was ironically correct. He had been snitching on us, causing us to immediately retaliate and exiling him from DestructiveSec.  Here is what we recovered, all the emails initially were linked with headers but for the sake of reading, we have simply shown the first header paired with the email addresses involved. For the email respondent to Charlie we have hid any personal info so Pastebin will not be forced to delete this archive.

Delivered-To: floatecharlie@gmail.com
Received: by 10.236.199.97 with SMTP id *************;
        Mon, 3 Jan 2012 20:49:30 +0000 (GMT)
Received: by 10.213.29.80 with SMTP id **************;
        Mon, 3 Jan 2012 20:49:29 +0000 (GMT)
Return-Path: <******@solihull.gov.uk>gmail.com
Received: from www.solihull.gov.uk (solihull.gov.uk. [81.171.174.84])
        by mx.google.com with ESMTP id ****************;
        Mon, 3 Jan 2012 20:49:29 +0000 (GMT)
Received-SPF: neutral (google.com: 81.171.174.84 is neither permitted nor denied by best guess record for domain of J******@solihull.gov.uk) client-ip=81.171.174.84;
Authentication-Results: mx.google.com; spf=neutral (google.com: 81.171.174.84 is neither permitted nor denied by best guess record for domain of J******@solihull.gov.uk) smtp.mail=J******@solihull.gov.uk
Received: by www.solihull.gov.uk (Postfix, from userid 33)
id 816BDD530B; Mon, 3 Jan 2012 05:49:27 +0000 (GMT)
To: floatecharlie@gmail.com
Subject: Email for Evidence Response
From: "J**** ******" <*******@solihull.gov.uk>
X-Priority: 3 (Normal)
Importance: Normal
X-Mailer: Microsoft Office Outlook
Errors-To: J******@solihull.gov.uk
Reply-To: J******@solihull.gov.uk
Date: Mon, 3 Jan 2012 23:16:02 +0000 (GMT)
Content-Type: text/plain; charset=utf-8
Message-Id: <***************************@solihull.gov.uk>

From: "J**** ******" <*******@solihull.gov.uk>
To: "Charlie Floate" <floatecharlie@gmail.com>

This is the email to send any of the information you are recovering from the USB device of question. Thank-you for your cooperation.
                                                         
                                                                                                                                                                                         From,
                                                                                                                                                                                                  J**** ******

--------------------------------------------------------------------------------------------------------

From: "Charlie Floate" <floatecharlie@gmail.com>
To: "J**** ******" <*******@solihull.gov.uk>

Hi I have the information about elCthulhu, lulzfunny, Spine, Sabu, and sl1mmer. tehy are one of the biggest hackers in anonymous. Here is Sabus info which I already posted before on the twitter http://pastebin.com/ifDAw*** . Sl1mmers name is ****** **** he lives at ***********************************. I know both are correct for sure. elCthulhu is from ***, ****** and speaks fluently in spanish, english, and decent in portuguese because everyone speaks it there.

--------------------------------------------------------------------------------------------------------


From: "J**** ******" <*******@solihull.gov.uk>
To: "Charlie Floate" <floatecharlie@gmail.com>

Can you please provide specific details on elCthulhu's involvement, sl1mmers, and the information on Lulzfunny? Thank-you for your cooperation.
                                                         
                                                                                                                                                                                          From,
                                                                                                                                                                                                    J**** ******

--------------------------------------------------------------------------------------------------------


From: "Charlie Floate" <floatecharlie@gmail.com>
To: "J**** ******" <*******@solihull.gov.uk>

Yes elCthulhu is the one with a whole bunch of zer0days and does the web application hackings like sqli, xss and other stuff. I do not know his exact adress because he didn't want anything to do with carding and did not want free stuff. Lulzfunny is a carder and a hacker, he is really good and has thousands of credit cards. He also codes stuff. His name is ****** *******. ElCthulhu's first name is ****.

--------------------------------------------------------------------------------------------------------


From: "J**** ******" <*******@solihull.gov.uk>
To: "Charlie Floate" <floatecharlie@gmail.com>

Thank-you so much for your cooperation, if the information can lead to an arrest, I am sure i can levitate your sentence, perhaps expunging it altogether.
                                                         
                                                                                                                                                                                      From,
                                                                                                                                                                                               J**** ******

--------------------------------------------------------------------------------------------------------

From: "Charlie Floate" <floatecharlie@gmail.com>
To: "J**** ******" <*******@solihull.gov.uk>

I am happy to help


--------------------------------------------------------------------------------------------------------

This was the last known transmission whether Charlie knows about our access to his account, computer, and exile from Destructive Security is unknown.

No comments:

Post a Comment

-