FBI Concerned About Bitcoin Usage Among Cybercriminals ...

A few stories about Brian Krebs: The independent cybercrime journalist who exposes criminals on the internet

First, a bit of introduction before we get into the living drama that is Brian Krebs.
Brian Krebs has been a journalist for decades, starting in the late 90s. He got his start at The Washington Post, but what he's most famous for are his exposes on criminal businesses and individuals who perpetuate cyber crime worldwide. In 2001, he got his interest in cybercrime piqued when a computer worm locked him out of his own computer. In 2005, he shifted from working as a staff writer at The Washington Post's tech newswire to writing for their security blog, "Security Wire". During his tenure there, he started by focusing on the victims of cybercrime, but later also started to focus on the perpetrators of it as well. His reporting helped lead to the shutdown of McColo, a hosting provider who provided service to some of the world's biggest spammers and hackers. Reports analyzing the shutdown of McColo estimated that global spam volume dropped by between 40 and 70 percent. Further analysis revealed it also played host to child pornography sites, and the Russian Business Network, a major Russian cybercrime ring.
In 2009, Krebs left to start his own site, KrebsOnSecurity. Since then, he's been credited with being the first to report on major events such as Stuxnet and when Target was breached, resulting in the leakage of 40 million cards. He also regularly investigates and reveals criminals' identities on his site. The latter has made him the bane of the world of cybercrime, as well as basically a meme, where criminals will include references like Made by Brian Krebs in their code, or name their shops full of stolen credit cards after him.
One of his first posts on his new site was a selection of his best work. While not particularly dramatic, they serve as an excellent example of dogged investigative work, and his series reveal the trail of takedowns his work has documented, or even contributed to.
And now, a selection of drama involving Krebs. Note, all posts are sarcastically-tinged retellings of the source material which I will link throughout. I also didn't use the real names in my retellings, but they are in the source material. This took way too long to write, and it still does massively condense the events described in the series. Krebs has been involved with feuds with other figures, but I'd argue these tales are the "main" bits of drama that are most suited for here.

Fly on the Wall

By 2013, Krebs was no stranger to cybercriminals taking the fight to the real world. He was swatted previously to the point where the police actually know to give him a ring and see if there'd actually been a murder, or if it was just those wacky hackers at it again. In addition, his identity was basically common knowledge to cybercriminals, who would open lines of credit in his name, or find ways to send him money using stolen credit cards.
However, one particular campaign against him caught his eye. A hacker known as "Fly" aka "Flycracker" aka "MUXACC1" posted on a Russian-language fraud forum he administered about a "Krebs fund". His plan was simple. Raise Bitcoin to buy Heroin off of a darknet marketplace, address it to Krebs, and alert his local police via a spoofed phone call. Now, because Krebs is an investigative journalist, he develops undercover presences on cybercrime forums, and it just so happened he'd built up a presence on this one already.
Guys, it became known recently that Brian Krebs is a heroin addict and he desperately needs the smack, so we have started the "Helping Brian Fund", and shortly we will create a bitcoin wallet called "Drugs for Krebs" which we will use to buy him the purest heroin on the Silk Road. My friends, his withdrawal is very bad, let’s join forces to help the guy! We will save Brian from the acute heroin withdrawal and the world will get slightly better!
Fly had first caught Krebs' attention by taunting him on Twitter, sending him Tweets including insults and abuse, and totally-legit looking links. Probably either laced with malware, or designed to get Krebs' IP. He also took to posting personal details such as Krebs' credit report, directions to his house, and pictures of his front door on LiveJournal, of all places.
So, after spotting the scheme, he alerted his local police that he'd probably have someone sending him some China White. Sure enough, the ne'er-do-wells managed to raise 2 BTC, which at the time was a cool $200 or so. They created an account on the premiere darknet site at the time, The Silk Road under the foolproof name "briankrebs7". They found one seller who had consistently high reviews, but the deal fell through for unknown reasons. My personal theory is the seller decided to Google where it was going, and realized sending a gram of dope into the waiting arms of local law enforcement probably wasn't the best use of his time. Still, the forum members persevered, and found another seller who was running a buy 10 get 2 free promotion. $165 of Bitcoin later, the drugs were on their way to a new home. The seller apparently informed Fly that the shipment should arrive by Tuesday, a fact which he gleefully shared with the forum.
While our intrepid hero had no doubt that the forum members were determined to help him grab the tail of the dragon, he's not one to assume without confirmation, and enlisted the help of a graduate student at UCSD who was researching Bitcoin and anonymity on The Silk Road, and confirmed the address shared by Fly was used to deposit 2 BTC into an account known to be used for money management on the site.
By Monday, an envelope from Chicago had arrived, containing a copy of Chicago confidential. Taped inside were tiny baggies filled with the purported heroin. Either dedicated to satisfied customers, or mathematically challenged, the seller had included thirteen baggies instead of the twelve advertised. A police officer arrived to take a report and whisked the baggies away.
Now, Fly was upset that Krebs wasn't in handcuffs for drug possession, and decided to follow up his stunt by sending Krebs a floral arrangement shaped like a cross, and an accompanying threatening message addressed to his wife, the dire tone slightly undercut by the fact that it was signed "Velvet Crabs". Krebs' curiosity was already piqued from the shenanigans with the heroin, but with the arrival of the flowers decided to dive deeper into the сука behind things.
He began digging into databases from carding sites that had been hacked, but got his first major breakthrough to his identity from a Russian computer forensics firm. Fly had maintained an account on a now-defunct hacking forum, whose database was breached under "Flycracker". It turns out, the email Flycracker had used was also hacked at some point, and a source told Krebs that the email was full of reports from a keylogger Fly had installed on his wife's computer. Now, because presumably his wife wasn't part of, or perhaps even privy to her husband's illicit dealings, her email account happened to be her full legal name, which Krebs was able to trace to her husband. Now, around this time, the site Fly maintained disappeared from the web, and administrators on another major fraud forum started purging his account. This is a step they typically take when they suspect a member has been apprehended by authorities. Nobody knew for sure, but they didn't want to take any chances.
More research by Krebs revealed that the criminals' intuition had been correct, and Fly was arrested in Italy, carrying documents under an assumed name. He was sitting in an Italian jail, awaiting potential extradition to the United States, as well as potentially facing charges in Italy. This was relayed to Krebs by a law enforcement official who simply said "The Fly has been swatted". (Presumably while slowly removing a pair of aviator sunglasses)
While Fly may have been put away, the story between Krebs and Fly wasn't quite over. He did end up being extradited to the US for prosecution, but while imprisoned in Italy, Fly actually started sending Krebs letters. Understandably distrustful after the whole "heroin" thing, his contacts in federal law enforcement tested the letter, and found it to be clean. Inside, there was a heartfelt and personal letter, apologizing for fucking with Krebs in so many ways. He also forgave Krebs for posting his identity online, leading him to muse that perhaps Fly was working through a twelve-step program. In December, he received another letter, this time a simple postcard with a cheerful message wishing him a Merry Christmas and a Happy New Year. Krebs concluded his post thusly:
Cybercrooks have done some pretty crazy stuff to me in response to my reporting about them. But I don’t normally get this kind of closure. I look forward to meeting with Fly in person one day soon now that he will be just a short train ride away. And he may be here for some time: If convicted on all charges, Fly faces up to 30 years in U.S. federal prison.
Fly ultimately was extradited. He plead guilty and was sentenced to 41 months in jail

vDOS and Mirai Break The Internet

Criminals are none too happy when they find their businesses and identities on the front page of KrebsOnSecurity. It usually means law enforcement isn't far behind. One such business was known as vDOS. A DDOS-for-hire (also known as a "booter" or a "stresser") site that found itself hacked, with all their customer records still in their databases leaked. Analysis of the records found that in a four-month time span, the service had been responsible for about 8.81 years worth of attack time, meaning on average at any given second, there were 26 simultaneous attacks running. Interestingly, the hack of vDOS came about from another DDOS-for-hire site, who as it turns out was simply reselling services provided by vDOS. They were far from the only one. vDOS appeared to provide firepower to a large number of different resellers.
In addition to the attack logs, support messages were also among the data stolen. This contained some complaints from various clients who complained they were unable to launch attacks against Israeli IPs. This is a common tactic by hackers to try and avoid unwanted attention from authorities in their country of residence. This was confirmed when two men from Israel were arrested for their involvement in owning and running vDOS. However, this was just the beginning for this bit of drama.
The two men arrested went by the handles "applej4ck" and "Raziel". They had recently published a paper on DDOS attack methods in an online Israeli security magazine. Interestingly, on the same day the men were arrested, questioned, and released on bail, vDOS went offline. Not because it had been taken down by Israeli authorities, not because they had shut it down themselves, but because a DDOS protection firm, BackConnect Security, had hijacked the IP addresses belonging to the company. To spare a lot of technical detail, it's called a BGP hijack, and it basically works by a company saying "Yeah, those are our addresses." It's kind of amazing how much of the internet is basically just secured by the digital equivalent of pinky swears. You can read some more technical detail on Wikipedia. Anyway, we'll get back to BackConnect.
Following the publication of the story uncovering the inner workings of vDOS, KrebsOnSecurity was hit with a record breaking DDOS attack, that peaked at 620/Gbps, nearly double the most powerful DDOS attack previously on record. To put that in perspective, that's enough bandwidth to download 5 simultaneous copies of Interstellar in 4K resolution every single second, and still have room to spare. The attack was so devastating, Akamai, one of the largest providers of DDOS protection in the world had to drop Krebs as a pro bono client. Luckily, Google was willing to step in and place his site under the protection of Google's Project Shield, a free service designed to protect the news sites and journalists from being knocked offline by DDOS attacks.
This attack was apparently in retaliation for the vDOS story, since some of the data sent in the attack included the string "freeapplej4ck". The attack was executed by a botnet of Internet of Things (or IoT) devices. These are those "smart" devices like camera systems, routers, DVRs. Basically things that connect to the cloud. An astounding amount of those are secured with default passwords that can be easily looked up from various sites or even the manufacturers' websites. This was the start of a discovery of a massive botnet that had been growing for years.
Now time for a couple quick side stories:
Dyn, a company who provides DNS to many major companies including Twitter, Reddit, and others came under attack, leaving many sites (including Twitter and Reddit) faltering in the wake of it. Potentially due to one of their engineers' collaboration with Krebs on another story. It turned out that the same botnet that attacked Krebs' site was at least part of the attack on Dyn
And back to BackConnect, that DDOS protection firm that hijacked the IP addresses from vDOS. Well it turns out BGP Hijacks are old hat for the company. They had done it at least 17 times before. Including at least once (purportedly with permission) for the address 1.3.3.7. Aka, "leet". It turns out one of the co-founders of BackConnect actually posted screenshots of him visiting sites that tell you your public IP address in a DDOS mitigation industry chat, showing it as 1.3.3.7. They also used a BGP Hijack against a hosting company and tried to frame a rival DDOS mitigation provider.
Finally, another provider, Datawagon was interestingly implicated in hosting DDOS-for-hire sites while offering DDOS protection. In a Skype conversation where the founder of Datawagon wanted to talk about that time he registered dominos.pizza and got sued for it, he brings up scanning the internet for vulnerable routers completely unprompted. Following the publication of the story about BackConnect, in which he was included in, he was incensed about his portrayal, and argued with Krebs over Skype before Krebs ultimately ended up blocking him. He was subsequently flooded with fake contact requests from bogus or hacked Skype accounts. Shortly thereafter, the record-breaking DDOS attack rained down upon his site.
Back to the main tale!
So, it turns out the botnet of IoT devices was puppeteered by a malware called Mirai. How did it get its name? Well, that's the name its creator gave it, after an anime called Mirai Nikki. How did this name come to light? The creator posted the source code online. (The name part, not the origin. The origin didn't come 'til later.) The post purported that they'd picked it up from somewhere in their travels as a DDOS industry professional. It turns out this is a semi-common tactic when miscreants fear that law enforcement might come looking for them, and having the only copy of the source code of a malware in existence is a pretty strong indicator that you have something to do with it. So, releasing the source to the world gives a veneer of plausible deniability should that eventuality come to pass. So who was this mysterious benefactor of malware source? They went by the name "Anna-senpai".
As research on the Mirai botnet grew, and more malware authors incorporated parts of Mirai's source code into their own attacks, attention on the botnet increased, and on the people behind it. The attention was presumably the reason why Hackforums, the forum where the source code was posted, later disallowed ostensible "Server Stress Tester" services from being sold on it. By December, "Operation Tarpit" had wrought 34 arrests and over a hundred "knock and talk" interviews questioning people about their involvement.
By January, things started to come crashing down. Krebs published an extensive exposé on Anna-senpai detailing all the evidence linking them to the creation of Mirai. The post was so big, he included a damn glossary. What sparked the largest botnet the internet had ever seen? Minecraft. Minecraft servers are big business. A popular one can earn tens of thousands of dollars per month from people buying powers, building space, or other things. It's also a fiercely competitive business, with hundreds of servers vying for players. It turns out that things may have started, as with another set of companies, two rival DDOS mitigation providers competing for customers. ProTraf was a provider of such mitigation technology, and a company whose owner later worked for ProTraf had on at least one occasion hijacked addresses belonging to another company, ProxyPipe. ProxyPipe had also been hit with DDOS attacks they suspected to be launched by ProTraf.
While looking into the President of ProTraf, Krebs realized he'd seen the relatively uncommon combination of programming languages and skills posted by the President somewhere else. They were shared by Anna-senpai on Hackforums. As Krebs dug deeper and deeper into Anna-senpai's online presence, he uncovered other usernames, including one he traced to some Minecraft forums where a photoshopped picture of a still from Pulp Fiction contained the faces of BackConnect, which was a rival to ProTraf's DDOS mitigation business, and another face. A hacker by the name of Vyp0r, who another employee of ProTraf claimed betrayed his trust and blackmailed him into posting the source of another piece of malware called Bashlite. There was also a third character photoshopped into the image. An anime character named "Yamada" from a movie called B Gata H Hei.
Interestingly, under the same username, Krebs found a "MyAnimeList" profile which, out of 9 titles it had marked as watched, were B Gata H Hei, as well as Mirai Nikki, the show from which Mirai derived its name. It continues on with other evidence, including DDOS attacks against Rutgers University, but in short, there was little doubt in the identity of "Anna-senpai", but the person behind the identity did contact Krebs to comment. He denied any involvement in Mirai or DDOS attacks.
"I don’t think there are enough facts to definitively point the finger at me," [Anna-senpai] said. "Besides this article, I was pretty much a nobody. No history of doing this kind of stuff, nothing that points to any kind of sociopathic behavior. Which is what the author is, a sociopath."
He did, however, correct Krebs on the name of B Gata H Kei.
Epilogue
Needless to say, the Mirai botnet crew was caught, but managed to avoid jailtime thanks to their cooperation with the government. That's not to say they went unpunished. Anna-senpai was sentenced to 6 months confinement, 2500 hours of community service, and they may have to pay up to $8.6 million in restitution for their attacks on Rutgers university.

Other Stories

I don't have the time or energy to write another effortpost, and as is I'm over 20,000 characters, so here's a few other tidbits of Krebs' clashes with miscreants.
submitted by HereComesMyDingDong to internetdrama [link] [comments]

I'm an Undercover FBI Agent on the Deep Web

Part one
My name is Special Agent “Barry Allen” . (Not my real name of course) It's actually my code name. Given to me by my colleagues. You may recognize this name from the comic book character “The Flash”. I was given this name due to my quickness to obtain IP addresses , bypass firewalls and hack into certain deep web sites and shut them down. That is my area of expertise.
However, I've also been assigned to a Joint Task Force before which tracked and arrested drug runners, firearms dealers and human trafficking rings. Believe it or not. The federal government is everywhere. Social media, Reddit, YouTube. You name it. We have our guys on it. We monitor everything. That being said, the FBI only has jurisdiction to operate within the borders of the United States.
In this new digital age we find ourselves living, Cybercrime is much more of a direct threat. Now more than ever…
Yes in the past we feared as a nation, biological and chemical warfare. As an example, right after 9/11 the United States had an Anthrax attack. In the FBI, it was known as “Amerithrax” Letters were mailed containing anthrax spores to several news media offices and to Democratic Senators Tom Daschle and Patrick Leahy, killing 5 people and infecting 17 others. Once the victim opened the letters they would immediately be exposed to the spores. Inhaling them is the most deadly form of the attacks. And it quickly destroys your immune and respiratory system's.Back then there were no known cures and it was difficult to treat as the symptoms often times confused doctors. The death rate once exposed was nearly 95% .No one was ever officially arrested or tried as the primary suspect for this horrific crime. If you ask me though, the scariest part of this investigation is where it led us….To a lab on an Army base. Essentially the US Army was weaponizing Anthrax using independent scientists specializing in microbiological warfare.
Of course though, if you wanted to bring down Western Civilization today , all you'd have to do is manipulate or destroy our satellites and we would be back in the dark ages. Computers, banks , grocery stores and cell phones, power plants, even the water filtration system runs with electronics and the ability to communicate with satellites.
Essentially, our world now depends on this. It's scary to think about. Especially when 14 year olds are hacking into the largest banks in the world from their mother's basement. Somehow they are able to bypass the best security systems we know of. (I personally believe they are using password skimmers) We joke in my department that in order to work for us, you simply only need to be smarter than a teenager.
My background is in IT while in the military. While serving i also obtained several certifications and degrees in my field..
I worked alongside someone i never thought i would. Turns out the federal government often times hires former hackers to “consult” for them. In fact they have an army of internet soldiers at their disposal. I was actually trained by a convicted felon. It's been said he is one of the best hackers in the world. Eventually i was put in contact with men in the FBI. Essentially went through a series of rigorous “tests” to determine my operating field of work. After seeing our skills, they then placed myself and the felon on the Cyber Anti-Terrorism unit (or CAT as we call it) .
Our first assignment was to locate a man on the Deep Web known only as “Captain Death” He runs this anonymous site in which the viewers would donate bitcoin to watch unspeakable acts of torture, mutilation and murder. Often times called “Red Rooms”. After searching for a while, clicking on every single link given to us, we found the exact link which directed us to the host site.We visited the website. For a moment the page was completely black. So we waited a few moments. Suddenly a bright red colored text appears across the top of the screen. “Welcome! To the house of pain, tonight's events will commence in 2 minutes. Enjoy” Looking over at my colleague, Jeff begins penetrating the sites security systems attempting to find the IP address of the hosts location. Viewing the site still with my eyes locked onto the screen. Using my laptop separate from Jeffs. The monitor goes black, Then a video attempts to load. Buffering now for several minutes. “Any luck Jeff”? I ask. “I'm searching for a weakness in the security firewall. Give me a minute” he responds. Frustrated i say, “We may not have a minute” Using access control, Jeff was able to find and manipulate the users login information bringing down the video before the it began. Believe it or not. One of the weakest points to a website can often times be it's login feature. Jeff found a vulnerability in the source codes software and exploited it. Still haven't found the guy. As that process is much more difficult. For now, we can rest a little bit easier knowing his account is compromised.
The best hack is when you can invade a security system and not ever be noticed. This was not one of those instances. “Who are you” appears on Jeff's computer screen. He responds quickly “The Dark Knight” in bold green text as he looks over the offenders account. Attempting to track down banking information. Recent transactions. Even bitcoin exchange.
Searching over the vast amount of data pouring into the site. Seems they have gone through great lengths to keep themselves hidden from the public. The Identity of the perp is still unknown. Patting Jeff on the shoulder i thank him for saving my eyes from witnessing god only knows what. I suppose for now it's a small victory. “Let's take a break Jeff” I urge. Shutting down our laptops we exit the dark cold room we sat in with monitors, computers, servers and many other electronic components all around us. One thing to remember, heat is the enemy of electronics. and for some strange reason, we enjoy freezing our asses off while hacking.
Walking outside Jeff lights up a cigarette and takes a drag. Putting on his sunglasses “Want one?” He asks “No thanks, they really break my concentration, I don't seem to function well with that in my system” i reply… he scoffs and quietly whispers (amateur) while choking and coughing. I smile and look up “Yeah well at least I can breathe” I say laughing. (A smile forming on ny face) We begin walking to a nearby restaurant. My phone lights up and rings loudly. It's my supervisor. “Go for Barry” I speak confidently. My boss is breathing heavily into the phone and says sternly “What's the News on Captain Death”? I begin to inform him on our progress and our struggles. “Keep me posted Barry, good work.” He says. (Not telling him Jeff did most of the work, i feel bad for taking credit for this one)
Reaching the doors of the bar and grill, I notice a man sitting in the corner of the restaurant with his family. Jumping back quickly while peering around the corner. Jeff gives me a strange look as I inform him that man is a fugitive from an earlier investigation. I call in for back up and sit back in our unmarked unit waiting for the Cavalry to arrive as he is armed and extremely dangerous. 15 minutes pass as back up swarms the parking lot. We exit the vehicle and surround the building. Rushing in 12 men strong, guns drawn we make the arrest. Fortunately, he did not resist. No civilians were harmed on the takedown.This man has been on the run for months moving from state to state. I had previously set up a sting operation to illegally buy stolen guns from the man which had been arranged through the deep web. However , this particular sting was an in-person arms deal. He appeared very spooked and got away from us before the transaction was made. After searching his panel van today we found an entire armory of weapons. A few days pass and we now have a search warrant issued by the judge for his last known address. Confiscating all of his computers, hard drives and weapons. My partner and I found a hidden room below the living room floor boards with $1.4 million dollars in it. It also had passports and other documents. He was ready to flee the country for sure. Why he was out in public is beyond me. Though often times, men like him feel they are untouchable and above the law.
It's several weeks later and work has been slow. (Not sure if that is good or bad) Until today that is, I began chatting on forums and meeting interesting characters in chat rooms. On the clear net and deep web. Today I met a dark shadowy figure online. He claims to have worked with a group of hackers who specializes in debit and credit card theft online. (Playing the part ask in a private chat) “How much does this pay?” Moments pass with no answer. I sit and wait for a response. A message appears with a link and a phone number. “Contact him for a trial run, if you do well. He'll set you up with further work” he writes. (Thinking for a moment, finally an adversary worth hunting) Typing quickly I say “Who is he, do you know him personally”? He responds rapidly and the text box closes after he writes “Rule number one, no names!” Fortunately I was able to copy the link and phone number before my computer screen went completely blank.
Reaching for the burner phone i recently acquired i begin dialing the number provided. It rings several times. No answer. So i check out the link i copied. Right before i click on it. My phone lights up and rings beside me forcing me to jump out of my seat. Startled i look at the cell phone. Mildly confused as it reads 'unknown number’. Quickly i answer the phone. A man on the other end speaks. “How did you find this number”? he asks. I inform him i was searching online for a while. Im new and im looking for work. “I was told you're the man to call if i wanted some action, i need the money” i implore. “Competition is next week, meet at this address, winner gets a spot on my team, if you think you're up for the test, be on time” he demands. I thank him and abruptly hang up.
Jeff comes over to my place. He has some info on low level guys in the fraudulent/stolen debit card scheme. Using an unmarked and totally not suspicious surveillance van. We follow a few men on their day to day operations. For the most part, this portion of our job is the worst. Very daunting and boring. Sitting and waiting isn't exactly glamourous as the movies depict it to be.
From what we can tell so far these men are using credit card skimmers. Victims of credit card skimming are completely blindsided by the theft. They notice fraudulent charges on their accounts or money withdrawn from their accounts, but their credit and debit cards never left their possession. How did the theft happen?
You may be wondering, what exactly is this? Credit card skimming is a type of credit card theft where crooks use a small device to steal credit card information in an otherwise legitimate credit or debit card transaction. When a credit or debit card is swiped through a skimmer, the device captures and stores all the details stored in the card's magnetic stripe. The stripe contains the credit card number and expiration date and the credit card holder's full name. Thieves use the stolen data to make fraudulent charges either online or with a counterfeit credit card.
These men have been using these small devices all over the local area and surrounding states as well. Targeting the nicer areas of town. Attaching the devices to the ATMs. Sitting a short distance away in their cars watching each victim approaching. Laughing all the way to the bank...so to speak. After several days of stake-outs. Out team makes the arrests. Finding blank cards, machines and large sums of cash on hand. After hours of interrogations we learn a much bigger scheme is in the works. The men inform us that they were merely a distraction for a much larger crime. My supervisor gives us clearance to make a deal with them. Lessening their charges if they are willing to cooperate. Speaking with the men for 3 more hours we learn what's really going on. The next few days are extremely tense as our offices try to warn all the banks and even get the media involved.
Calling every bank, big and small we alert them of the situation that cybercriminals are poised to carry out an “ATM cash-out,” an operation that gives thieves access to untold sums of money by bypassing security measures on an ATM. If successful, the operation has the potential to be a heist unlike any we’ve ever seen.
The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation‘.
These unlimited operations compromise financial institutions or payment processors by installing malware that allows hackers to exploit network access, allowing admin-level access. Once inside, they can disable fraud protection, raise maximum ATM withdrawal amounts (and transaction limits) and withdraw large sums of money. Millions, potentially.
All they’ll need to carry out the attack are debit and credit card numbers found on the dark web, and dummy cards, also known as “blanks,” to attach the numbers to.
The cyber criminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores. At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards.
It's nearly a week later and im preparing for my tests. I have my laptop ready in its case. Im extremely nervous.The information given to me is that i am to meet at this very strange building on the outskirts of town. I have no idea what to expect. I must come in first place to become a member of the team and ultimately take down the leader of this cybercrime domestic terrorist.
If things go according to his plan.He could potentially put the entire country on its knees and our banking systems would completely collapse.Chaos and madness will spread like wildfires. Millions of people unable to access their money will riot and destroy stores. Stealing food and everything they can get their hands on. The police will be overrun and unable to do anything about it. The military would most certainly be called in an attempt to regain order. Mass hysteria ensues. To the extremes we have never seen before. I must stop him. Before its too late….
Part 2
The day has come and I just received the call I've long avoided. It is time. The competition for top tier hackers are meeting at this building in which i believed to have been abandoned. We are in the surveillance van. Heading towards our destination. Our equipment is all packed up. Wearing a wire on my chest. (Hopefully they don't pat me down upon entry) Jeff is driving recklessly, as he has a bad habit of being late. Testing the audio in the back of the van. Generally this is done days before an operation. However, we are rather short on time. (Not pointing any fingers)
Leaving the city limits, we now enter a heavily wooded area. There is only one way in. The road is turning into rubble. Small rocks are shooting from our tires .Lights are fading behind us as we venture further into the forest. Jeff now using high beams. We notice it's grown quiet. Other than hearing the tires on the gravel road. There seems to be less and less wildlife in the area. I got this feeling like we are being watched.
Checking my cell phone, we have lost all signal. (Is this a trap)? i thought . Our other equipment seems to work just fine. I can begin to see dim lights in the distance. We must be nearing the competition. “You ready for this?” (Jeff asks while blowing smoke out the window) I start to swat the backdraft of the smoke billowing back into my window. “Yeah, I'm ready, you should really consider cutting back on the smokes.” I utter. Just then, a pack of Marlboros are hurled in my direction. “We're here , Barry. Make sure you have everything.” (Jeff commands) “I'm all set.” I reply.
Jeff stops the Van on the gravel. Exiting the vehicle, i grab my backpack while adjusting my clothes. (I found some glasses with regular lens in them, so as to ‘look the part’) Walking towards the building i speak quietly into my chest microphone. “Test, test chest mic, how do you read me” i ask. (Jeffs growly voice comes into my earpiece) “Loud and clear, good luck” he responds.
One odd thing i notice right away as my feet kick up against the rocks on the ground is that there is only one vehicle other than ours. A large bus. Slightly confused, i look in every direction while also investigating the bus. Seems as though it's empty. (Later i would learn everyone else met up at a different location and they all took the bus to get here).
Reaching the suspicious looking building, i reach for the door handle. As the door opens with little force, loud music hits me as well as bright flashing lights. What the hell? Walking around i find what i was looking for in a back room. “You're late , take your seat.” a well dressed man says (Seeing one empty seat left) Grabbing my laptop from the bag. Booting it up and joining the their local area network. Connection established. A strange software automatically downloads on my laptop.
The man who greeted me walks over to examine my screen. “We will wait until this participant is ready” (he tells everyone else) Minutes pass and the program has finished installing. What's on my screen is a D O D login showing the user name and password empty fields. “Ok everyone, your first task will be to crack the code and gain entry into this system. You have ten minutes to access the servers and find the login information. The first 10 people who accomplish this task will advance to the next round, good luck, your time starts now!” he explained.
A voice come over my earpiece once more .“Ok Barry, i'm linked up with your laptop, i can see everything you see. I will now control everything remotely. How do you read”? Jeff says quietly. “I hear you, I'll let you take over from here.” I reply. My colleague begins typing away like mad. It's been said he can type up to 153 words per minute. Looking at my screen, the computer is changing rapidly, each window appearing with different streams of code. (Almost like what you seen in the movie The Matrix) Which i suppose is a foreign language to most people. It can seem overwhelming at times. Normally. I would be doing this.
Jeff is far better and faster than i. It's not worth the risk. This task is far too important. There is much at stake here. As he continues going in through the firewall. More boxes open and close all over the screen. I appear as if im typing away. As there is a man walking around watching each potential hacker perform their duties. Not sure if it's the leader of this anonymous group. He is in a dark suit and all i can see is the flashes of light from each monitor.
Maybe it's just my paranoia but i feel like he keeps shooting me these awfully suspicious looks. Have to stay focused. Come on Barry. You need this. Concentrate! Keep your head in the game. I can't lose myself in the moment. Oh wait a minute, i just now remembered. I'm not even in control of my machine. Jeff, i sure as hell hope you know what you're doing…
“Barry, you DO know i just heard everything you said, right? Now shut the hell up and let me work. We only have 4 minutes left!!” Jeff urges. “Well then hurry up you lung cancer having prick, I'm dying in here. Must be 90 degrees” i whisper. Just then (Access granted) appears on my screen. The login information has been hacked. Instantly i jump up as if I've just won in BINGO. “I'm in!!!” I yell loudly to the man. He nods and another man comes over to confirm the legitimacy of my claim.
After confirmation is given a few moments later. Myself and several others are ushered to another room not first seen when you enter the building. First we are taken down a flight of unkempt stairs creaking and groaning with every step. Feeling as it could give out at any moment. Our group reaches the bottom of the stairs and are now on a platform. A mechanical whirring is heard as we now are being lowered even further underground. “Where the hell are we going”? One man asks in fear. “Silence fool”!! (Says the man in a nice dark suit) Finally the platform stops as i would approximate we are at least 80 feet underground.
A long dark hallway is before us. Lit dimly by low hanging lights. Which never seem to end as far as we can see. Walking for several minutes i no longer hear my associate in my ear piece. So i remove it quickly before anyone notices. There is a musty smell that has disturbed me immediately coming down here. It grows stronger the closer we get to the direction we are headed. Im last in line only in front of what i assess is a hired goon.
Stopping for a moment im pushed forward on my upper back near my shoulders. (I swear if i wasn't trying to save the world right now, I'd just take out my service pistol and blow this cocksucker away. No one would miss him) We reach a large old wooden door with absolutely no handle or markings of any kind. The leader pushes up against the wall near the door and it opens slowly. Everyone pours in single file line. There is a large wooden table with chairs almost like a conference room. “Take your seats please” the leader addresses. “You're all probably wondering what the hell we are doing down here, well you're here for a job. Also i didn't want any interference of any kind. Just in case the government is watching us. There's no way they could possibly hear what's being said this far underground.” He explains.
“Congratulations to each of you that has moved on to the next round. You 10 have been chosen to advance to the next stage in the competition. This following task will include various stages of difficulty. You will be chosen at random by a computer so it's completely fair. Each of you are to hack into some the world's largest banks and bring down their servers. Please come back to this location. Your names have been taken down and we shall contact you if anything changes. I expect to see all of you back with us .Same time next week. 6 days from now. That is all for now, thank you.”
The leader finishes and leaves the room first. Each man muttering and chatting loudly. I can hear only bits and pieces as everyone is talking loudly. Minutes pass and we are escorted out of the building. Everyone begins walking towards the bus. I veer towards my van and am stopped by the same man who pushed me earlier. “Just where the hell do you think you're going”? He asks. “Oh i didn't get the meet up spot, i had to drive here.” I respond while swatting away his hand from my shoulder. The man reaches in his pocket pulling out a card. “Be at this location and be on time or we will find someone else” the man urges. I snatch the card and stuff it into my wallet.
Reaching the van, i hop in and drive away. “What the hell happened in there”? Jeff demands. I begin informing him of everything that took place and explained the situation. He nods and tells me good work. Wait a minute, this doesn't look right. Jeff looks at me puzzled. Something is off. I don't remember any of this. Now there's a fork in the road. Is this the way we came? I thought i remembered it being only a one way in and one way out. “You went off the gravel road, move over,let me drive.” Jeff says. Hey sorry man, I'm a hacker. Not a tracker. Just get us the hell out of here. I'm more lost than Atlantis.
About an hour passes and Jeff somehow gets us out of the woods and back to the main road. We head back towards my house. But suddenly he makes a detour. “Screw this man. After all that i need a damn drink. You down”? Jeff asks. “Well in the words of my father, If you have time to think, you have time to drink” i utter proudly. (Then again dad was a major alcoholic, so perhaps that's bad advice) “Well alright then” jeff says as he floors the gas pedal.
Roughly 20 minutes later we arrive at his favourite bar where he immediately opens up a tab. I'm worried as I've heard he drinks like a fish. Not to mention we are both armed in a bar. (Yes that's illegal but screw you i am F B I. Remember folks, laws are made to be broken, otherwise, I'd be out of a job)
Crap i think i have lost my colleague. I begin walking around the establishment and am stunned to see this gorgeous blonde woman cross my path. We strike up a conversation and i soon forget about Jeff. (Meh oh well he is a grown man, i am sure he will be fine) She asks what i do for work and of course i lie. Never know when you need to run a background check on someone. Besides telling the whole world you're an undercover FBI agent isn't exactly the best idea. Or so the Bureau instructed us.
We continue chatting for a while and eventually part ways as it began to get late into the night we exchange numbers and she leaves gracefully. I walk outside to see the van still parked in the same spot. A bit puzzled i go over to inspect the van thinking maybe he just passed out in the front seat. I arrive at the driver's side door and open it to find all of our equipment gone and jeff is nowhere to be found. Freaking out i run back into the bar searching all over even behind the bar next to the register.
The bathrooms are empty and it's closing time. I have no idea where he went.. Did he leave with some one or was he was abducted possibly, either way i am completely dead if my supervisor finds out about this. I have to find him and the equipment. And who the hell was that girl, could she have something to do with this? I need answers. Oh no. I just realized, my laptop is also missing. If that information gets in the wrong hands. It could have catastrophic consequences…...
submitted by BeardedVeteran to DrCreepensVault [link] [comments]

I'm an Undercover FBI Agent on the Deep Web.

Part one
My name is Special Agent “Barry Allen” . (Not my real name of course) It's actually my code name. Given to me by my colleagues. You may recognize this name from the comic book character “The Flash”. I was given this name due to my quickness to obtain IP addresses , bypass firewalls and hack into certain deep web sites and shut them down. That is my area of expertise.
However, I've also been assigned to a Joint Task Force before which tracked and arrested drug runners, firearms dealers and human trafficking rings. Believe it or not. The federal government is everywhere. Social media, Reddit, YouTube. You name it. We have our guys on it. We monitor everything. That being said, the FBI only has jurisdiction to operate within the borders of the United States.
In this new digital age we find ourselves living, Cybercrime is much more of a direct threat. Now more than ever…
Yes in the past we feared as a nation, biological and chemical warfare. As an example, right after 9/11 the United States had an Anthrax attack. In the FBI, it was known as “Amerithrax” Letters were mailed containing anthrax spores to several news media offices and to Democratic Senators Tom Daschle and Patrick Leahy, killing 5 people and infecting 17 others. Once the victim opened the letters they would immediately be exposed to the spores. Inhaling them is the most deadly form of the attacks. And it quickly destroys your immune and respiratory system's.Back then there were no known cures and it was difficult to treat as the symptoms often times confused doctors. The death rate once exposed was nearly 95% .No one was ever officially arrested or tried as the primary suspect for this horrific crime. If you ask me though, the scariest part of this investigation is where it led us….To a lab on an Army base. Essentially the US Army was weaponizing Anthrax using independent scientists specializing in microbiological warfare.
Of course though, if you wanted to bring down Western Civilization today , all you'd have to do is manipulate or destroy our satellites and we would be back in the dark ages. Computers, banks , grocery stores and cell phones, power plants, even the water filtration system runs with electronics and the ability to communicate with satellites.
Essentially, our world now depends on this. It's scary to think about. Especially when 14 year olds are hacking into the largest banks in the world from their mother's basement. Somehow they are able to bypass the best security systems we know of. (I personally believe they are using password skimmers) We joke in my department that in order to work for us, you simply only need to be smarter than a teenager.
My background is in IT while in the military. While serving i also obtained several certifications and degrees in my field..
I worked alongside someone i never thought i would. Turns out the federal government often times hires former hackers to “consult” for them. In fact they have an army of internet soldiers at their disposal. I was actually trained by a convicted felon. It's been said he is one of the best hackers in the world. Eventually i was put in contact with men in the FBI. Essentially went through a series of rigorous “tests” to determine my operating field of work. After seeing our skills, they then placed myself and the felon on the Cyber Anti-Terrorism unit (or CAT as we call it) .
Our first assignment was to locate a man on the Deep Web known only as “Captain Death” He runs this anonymous site in which the viewers would donate bitcoin to watch unspeakable acts of torture, mutilation and murder. Often times called “Red Rooms”. After searching for a while, clicking on every single link given to us, we found the exact link which directed us to the host site.We visited the website. For a moment the page was completely black. So we waited a few moments. Suddenly a bright red colored text appears across the top of the screen. “Welcome! To the house of pain, tonight's events will commence in 2 minutes. Enjoy” Looking over at my colleague, Jeff begins penetrating the sites security systems attempting to find the IP address of the hosts location. Viewing the site still with my eyes locked onto the screen. Using my laptop separate from Jeffs. The monitor goes black, Then a video attempts to load. Buffering now for several minutes. “Any luck Jeff”? I ask. “I'm searching for a weakness in the security firewall. Give me a minute” he responds. Frustrated i say, “We may not have a minute” Using access control, Jeff was able to find and manipulate the users login information bringing down the video before the it began. Believe it or not. One of the weakest points to a website can often times be it's login feature. Jeff found a vulnerability in the source codes software and exploited it. Still haven't found the guy. As that process is much more difficult. For now, we can rest a little bit easier knowing his account is compromised.
The best hack is when you can invade a security system and not ever be noticed. This was not one of those instances. “Who are you” appears on Jeff's computer screen. He responds quickly “The Dark Knight” in bold green text as he looks over the offenders account. Attempting to track down banking information. Recent transactions. Even bitcoin exchange.
Searching over the vast amount of data pouring into the site. Seems they have gone through great lengths to keep themselves hidden from the public. The Identity of the perp is still unknown. Patting Jeff on the shoulder i thank him for saving my eyes from witnessing god only knows what. I suppose for now it's a small victory. “Let's take a break Jeff” I urge. Shutting down our laptops we exit the dark cold room we sat in with monitors, computers, servers and many other electronic components all around us. One thing to remember, heat is the enemy of electronics. and for some strange reason, we enjoy freezing our asses off while hacking.
Walking outside Jeff lights up a cigarette and takes a drag. Putting on his sunglasses “Want one?” He asks “No thanks, they really break my concentration, I don't seem to function well with that in my system” i reply… he scoffs and quietly whispers (amateur) while choking and coughing. I smile and look up “Yeah well at least I can breathe” I say laughing. (A smile forming on ny face) We begin walking to a nearby restaurant. My phone lights up and rings loudly. It's my supervisor. “Go for Barry” I speak confidently. My boss is breathing heavily into the phone and says sternly “What's the News on Captain Death”? I begin to inform him on our progress and our struggles. “Keep me posted Barry, good work.” He says. (Not telling him Jeff did most of the work, i feel bad for taking credit for this one)
Reaching the doors of the bar and grill, I notice a man sitting in the corner of the restaurant with his family. Jumping back quickly while peering around the corner. Jeff gives me a strange look as I inform him that man is a fugitive from an earlier investigation. I call in for back up and sit back in our unmarked unit waiting for the Cavalry to arrive as he is armed and extremely dangerous. 15 minutes pass as back up swarms the parking lot. We exit the vehicle and surround the building. Rushing in 12 men strong, guns drawn we make the arrest. Fortunately, he did not resist. No civilians were harmed on the takedown.This man has been on the run for months moving from state to state. I had previously set up a sting operation to illegally buy stolen guns from the man which had been arranged through the deep web. However , this particular sting was an in-person arms deal. He appeared very spooked and got away from us before the transaction was made. After searching his panel van today we found an entire armory of weapons. A few days pass and we now have a search warrant issued by the judge for his last known address. Confiscating all of his computers, hard drives and weapons. My partner and I found a hidden room below the living room floor boards with $1.4 million dollars in it. It also had passports and other documents. He was ready to flee the country for sure. Why he was out in public is beyond me. Though often times, men like him feel they are untouchable and above the law.
It's several weeks later and work has been slow. (Not sure if that is good or bad) Until today that is, I began chatting on forums and meeting interesting characters in chat rooms. On the clear net and deep web. Today I met a dark shadowy figure online. He claims to have worked with a group of hackers who specializes in debit and credit card theft online. (Playing the part ask in a private chat) “How much does this pay?” Moments pass with no answer. I sit and wait for a response. A message appears with a link and a phone number. “Contact him for a trial run, if you do well. He'll set you up with further work” he writes. (Thinking for a moment, finally an adversary worth hunting) Typing quickly I say “Who is he, do you know him personally”? He responds rapidly and the text box closes after he writes “Rule number one, no names!” Fortunately I was able to copy the link and phone number before my computer screen went completely blank.
Reaching for the burner phone i recently acquired i begin dialing the number provided. It rings several times. No answer. So i check out the link i copied. Right before i click on it. My phone lights up and rings beside me forcing me to jump out of my seat. Startled i look at the cell phone. Mildly confused as it reads 'unknown number’. Quickly i answer the phone. A man on the other end speaks. “How did you find this number”? he asks. I inform him i was searching online for a while. Im new and im looking for work. “I was told you're the man to call if i wanted some action, i need the money” i implore. “Competition is next week, meet at this address, winner gets a spot on my team, if you think you're up for the test, be on time” he demands. I thank him and abruptly hang up.
Jeff comes over to my place. He has some info on low level guys in the fraudulent/stolen debit card scheme. Using an unmarked and totally not suspicious surveillance van. We follow a few men on their day to day operations. For the most part, this portion of our job is the worst. Very daunting and boring. Sitting and waiting isn't exactly glamourous as the movies depict it to be.
From what we can tell so far these men are using credit card skimmers. Victims of credit card skimming are completely blindsided by the theft. They notice fraudulent charges on their accounts or money withdrawn from their accounts, but their credit and debit cards never left their possession. How did the theft happen?
You may be wondering, what exactly is this? Credit card skimming is a type of credit card theft where crooks use a small device to steal credit card information in an otherwise legitimate credit or debit card transaction. When a credit or debit card is swiped through a skimmer, the device captures and stores all the details stored in the card's magnetic stripe. The stripe contains the credit card number and expiration date and the credit card holder's full name. Thieves use the stolen data to make fraudulent charges either online or with a counterfeit credit card.
These men have been using these small devices all over the local area and surrounding states as well. Targeting the nicer areas of town. Attaching the devices to the ATMs. Sitting a short distance away in their cars watching each victim approaching. Laughing all the way to the bank...so to speak. After several days of stake-outs. Out team makes the arrests. Finding blank cards, machines and large sums of cash on hand. After hours of interrogations we learn a much bigger scheme is in the works. The men inform us that they were merely a distraction for a much larger crime. My supervisor gives us clearance to make a deal with them. Lessening their charges if they are willing to cooperate. Speaking with the men for 3 more hours we learn what's really going on. The next few days are extremely tense as our offices try to warn all the banks and even get the media involved.
Calling every bank, big and small we alert them of the situation that cybercriminals are poised to carry out an “ATM cash-out,” an operation that gives thieves access to untold sums of money by bypassing security measures on an ATM. If successful, the operation has the potential to be a heist unlike any we’ve ever seen.
The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation‘.
These unlimited operations compromise financial institutions or payment processors by installing malware that allows hackers to exploit network access, allowing admin-level access. Once inside, they can disable fraud protection, raise maximum ATM withdrawal amounts (and transaction limits) and withdraw large sums of money. Millions, potentially.
All they’ll need to carry out the attack are debit and credit card numbers found on the dark web, and dummy cards, also known as “blanks,” to attach the numbers to.
The cyber criminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores. At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards.
It's nearly a week later and im preparing for my tests. I have my laptop ready in its case. Im extremely nervous.The information given to me is that i am to meet at this very strange building on the outskirts of town. I have no idea what to expect. I must come in first place to become a member of the team and ultimately take down the leader of this cybercrime domestic terrorist.
If things go according to his plan.He could potentially put the entire country on its knees and our banking systems would completely collapse.Chaos and madness will spread like wildfires. Millions of people unable to access their money will riot and destroy stores. Stealing food and everything they can get their hands on. The police will be overrun and unable to do anything about it. The military would most certainly be called in an attempt to regain order. Mass hysteria ensues. To the extremes we have never seen before. I must stop him. Before its too late….
Part 2
The day has come and I just received the call I've long avoided. It is time. The competition for top tier hackers are meeting at this building in which i believed to have been abandoned. We are in the surveillance van. Heading towards our destination. Our equipment is all packed up. Wearing a wire on my chest. (Hopefully they don't pat me down upon entry) Jeff is driving recklessly, as he has a bad habit of being late. Testing the audio in the back of the van. Generally this is done days before an operation. However, we are rather short on time. (Not pointing any fingers)
Leaving the city limits, we now enter a heavily wooded area. There is only one way in. The road is turning into rubble. Small rocks are shooting from our tires .Lights are fading behind us as we venture further into the forest. Jeff now using high beams. We notice it's grown quiet. Other than hearing the tires on the gravel road. There seems to be less and less wildlife in the area. I got this feeling like we are being watched.
Checking my cell phone, we have lost all signal. (Is this a trap)? i thought . Our other equipment seems to work just fine. I can begin to see dim lights in the distance. We must be nearing the competition. “You ready for this?” (Jeff asks while blowing smoke out the window) I start to swat the backdraft of the smoke billowing back into my window. “Yeah, I'm ready, you should really consider cutting back on the smokes.” I utter. Just then, a pack of Marlboros are hurled in my direction. “We're here , Barry. Make sure you have everything.” (Jeff commands) “I'm all set.” I reply.
Jeff stops the Van on the gravel. Exiting the vehicle, i grab my backpack while adjusting my clothes. (I found some glasses with regular lens in them, so as to ‘look the part’) Walking towards the building i speak quietly into my chest microphone. “Test, test chest mic, how do you read me” i ask. (Jeffs growly voice comes into my earpiece) “Loud and clear, good luck” he responds.
One odd thing i notice right away as my feet kick up against the rocks on the ground is that there is only one vehicle other than ours. A large bus. Slightly confused, i look in every direction while also investigating the bus. Seems as though it's empty. (Later i would learn everyone else met up at a different location and they all took the bus to get here).
Reaching the suspicious looking building, i reach for the door handle. As the door opens with little force, loud music hits me as well as bright flashing lights. What the hell? Walking around i find what i was looking for in a back room. “You're late , take your seat.” a well dressed man says (Seeing one empty seat left) Grabbing my laptop from the bag. Booting it up and joining the their local area network. Connection established. A strange software automatically downloads on my laptop.
The man who greeted me walks over to examine my screen. “We will wait until this participant is ready” (he tells everyone else) Minutes pass and the program has finished installing. What's on my screen is a D O D login showing the user name and password empty fields. “Ok everyone, your first task will be to crack the code and gain entry into this system. You have ten minutes to access the servers and find the login information. The first 10 people who accomplish this task will advance to the next round, good luck, your time starts now!” he explained.
A voice come over my earpiece once more .“Ok Barry, i'm linked up with your laptop, i can see everything you see. I will now control everything remotely. How do you read”? Jeff says quietly. “I hear you, I'll let you take over from here.” I reply. My colleague begins typing away like mad. It's been said he can type up to 153 words per minute. Looking at my screen, the computer is changing rapidly, each window appearing with different streams of code. (Almost like what you seen in the movie The Matrix) Which i suppose is a foreign language to most people. It can seem overwhelming at times. Normally. I would be doing this.
Jeff is far better and faster than i. It's not worth the risk. This task is far too important. There is much at stake here. As he continues going in through the firewall. More boxes open and close all over the screen. I appear as if im typing away. As there is a man walking around watching each potential hacker perform their duties. Not sure if it's the leader of this anonymous group. He is in a dark suit and all i can see is the flashes of light from each monitor.
Maybe it's just my paranoia but i feel like he keeps shooting me these awfully suspicious looks. Have to stay focused. Come on Barry. You need this. Concentrate! Keep your head in the game. I can't lose myself in the moment. Oh wait a minute, i just now remembered. I'm not even in control of my machine. Jeff, i sure as hell hope you know what you're doing…
“Barry, you DO know i just heard everything you said, right? Now shut the hell up and let me work. We only have 4 minutes left!!” Jeff urges. “Well then hurry up you lung cancer having prick, I'm dying in here. Must be 90 degrees” i whisper. Just then (Access granted) appears on my screen. The login information has been hacked. Instantly i jump up as if I've just won in BINGO. “I'm in!!!” I yell loudly to the man. He nods and another man comes over to confirm the legitimacy of my claim.
After confirmation is given a few moments later. Myself and several others are ushered to another room not first seen when you enter the building. First we are taken down a flight of unkempt stairs creaking and groaning with every step. Feeling as it could give out at any moment. Our group reaches the bottom of the stairs and are now on a platform. A mechanical whirring is heard as we now are being lowered even further underground. “Where the hell are we going”? One man asks in fear. “Silence fool”!! (Says the man in a nice dark suit) Finally the platform stops as i would approximate we are at least 80 feet underground.
A long dark hallway is before us. Lit dimly by low hanging lights. Which never seem to end as far as we can see. Walking for several minutes i no longer hear my associate in my ear piece. So i remove it quickly before anyone notices. There is a musty smell that has disturbed me immediately coming down here. It grows stronger the closer we get to the direction we are headed. Im last in line only in front of what i assess is a hired goon.
Stopping for a moment im pushed forward on my upper back near my shoulders. (I swear if i wasn't trying to save the world right now, I'd just take out my service pistol and blow this cocksucker away. No one would miss him) We reach a large old wooden door with absolutely no handle or markings of any kind. The leader pushes up against the wall near the door and it opens slowly. Everyone pours in single file line. There is a large wooden table with chairs almost like a conference room. “Take your seats please” the leader addresses. “You're all probably wondering what the hell we are doing down here, well you're here for a job. Also i didn't want any interference of any kind. Just in case the government is watching us. There's no way they could possibly hear what's being said this far underground.” He explains.
“Congratulations to each of you that has moved on to the next round. You 10 have been chosen to advance to the next stage in the competition. This following task will include various stages of difficulty. You will be chosen at random by a computer so it's completely fair. Each of you are to hack into some the world's largest banks and bring down their servers. Please come back to this location. Your names have been taken down and we shall contact you if anything changes. I expect to see all of you back with us .Same time next week. 6 days from now. That is all for now, thank you.”
The leader finishes and leaves the room first. Each man muttering and chatting loudly. I can hear only bits and pieces as everyone is talking loudly. Minutes pass and we are escorted out of the building. Everyone begins walking towards the bus. I veer towards my van and am stopped by the same man who pushed me earlier. “Just where the hell do you think you're going”? He asks. “Oh i didn't get the meet up spot, i had to drive here.” I respond while swatting away his hand from my shoulder. The man reaches in his pocket pulling out a card. “Be at this location and be on time or we will find someone else” the man urges. I snatch the card and stuff it into my wallet.
Reaching the van, i hop in and drive away. “What the hell happened in there”? Jeff demands. I begin informing him of everything that took place and explained the situation. He nods and tells me good work. Wait a minute, this doesn't look right. Jeff looks at me puzzled. Something is off. I don't remember any of this. Now there's a fork in the road. Is this the way we came? I thought i remembered it being only a one way in and one way out. “You went off the gravel road, move over,let me drive.” Jeff says. Hey sorry man, I'm a hacker. Not a tracker. Just get us the hell out of here. I'm more lost than Atlantis.
About an hour passes and Jeff somehow gets us out of the woods and back to the main road. We head back towards my house. But suddenly he makes a detour. “Screw this man. After all that i need a damn drink. You down”? Jeff asks. “Well in the words of my father, If you have time to think, you have time to drink” i utter proudly. (Then again dad was a major alcoholic, so perhaps that's bad advice) “Well alright then” jeff says as he floors the gas pedal.
Roughly 20 minutes later we arrive at his favourite bar where he immediately opens up a tab. I'm worried as I've heard he drinks like a fish. Not to mention we are both armed in a bar. (Yes that's illegal but screw you i am F B I. Remember folks, laws are made to be broken, otherwise, I'd be out of a job)
Crap i think i have lost my colleague. I begin walking around the establishment and am stunned to see this gorgeous blonde woman cross my path. We strike up a conversation and i soon forget about Jeff. (Meh oh well he is a grown man, i am sure he will be fine) She asks what i do for work and of course i lie. Never know when you need to run a background check on someone. Besides telling the whole world you're an undercover FBI agent isn't exactly the best idea. Or so the Bureau instructed us.
We continue chatting for a while and eventually part ways as it began to get late into the night we exchange numbers and she leaves gracefully. I walk outside to see the van still parked in the same spot. A bit puzzled i go over to inspect the van thinking maybe he just passed out in the front seat. I arrive at the driver's side door and open it to find all of our equipment gone and jeff is nowhere to be found. Freaking out i run back into the bar searching all over even behind the bar next to the register.
The bathrooms are empty and it's closing time. I have no idea where he went.. Did he leave with some one or was he was abducted possibly, either way i am completely dead if my supervisor finds out about this. I have to find him and the equipment. And who the hell was that girl, could she have something to do with this? I need answers. Oh no. I just realized, my laptop is also missing. If that information gets in the wrong hands. It could have catastrophic consequences…...
submitted by BeardedVeteran to mrcreeps [link] [comments]

I'm an UnderCover FBI Agent on The Deep Web. (Part one)

My name is Special Agent “Barry Allen” . It's actually my code name. Given to me by my colleagues. You may recognize this name from the comic book character “The Flash”. I was given this name due to my quickness to obtain IP addresses , bypass firewalls and hack into certain deep web sites and shut them down. That is my area of expertise.
However, I've also been assigned to a Joint Task Force before which tracked and arrested drug runners, firearms dealers and human trafficking rings. Believe it or not. The federal government is everywhere. Social media, Reddit, YouTube. You name it. We have our guys on it. We monitor everything. That being said, the FBI only has jurisdiction to operate within the borders of the United States.
In this new digital age we find ourselves living, Cybercrime is much more of a direct threat. Now more than ever…
Yes in the past we feared as a nation, biological and chemical warfare. As an example, right after 9/11 the United States had an Anthrax attack. In the FBI, it was known as “Amerithrax” Letters were mailed containing anthrax spores to several news media offices and to Democratic Senators Tom Daschle and Patrick Leahy, killing 5 people and infecting 17 others. Once the victim opened the letters they would immediately be exposed to the spores. Inhaling them is the most deadly form of the attacks. And it quickly destroys your immune and respiratory system's.Back then there were no known cures and it was difficult to treat as the symptoms often times confused doctors. The death rate once exposed was nearly 95% .No one was ever officially arrested or tried as the primary suspect for this horrific crime. If you ask me though, the scariest part of this investigation is where it led us….To a lab on an Army base. Essentially the US Army was weaponizing Anthrax using independent scientists specializing in microbiological warfare.
Of course though, if you wanted to bring down Western Civilization today , all you'd have to do is manipulate or destroy our satellites and we would be back in the dark ages. Computers, banks , grocery stores and cell phones, power plants, even the water filtration system runs with electronics and the ability to communicate with satellites.
Essentially, our world now depends on this. It's scary to think about. Especially when 14 year olds are hacking into the largest banks in the world from their mother's basement. Somehow they are able to bypass the best security systems we know of. (I personally believe they are using password skimmers) We joke in my department that in order to work for us, you simply only need to be smarter than a teenager.
My background is in IT while in the military. While serving i also obtained several certifications and degrees in my field..
I worked alongside someone i never thought i would. Turns out the federal government often times hires former hackers to “consult” for them. In fact they have an army of internet soldiers at their disposal. I was actually trained by a convicted felon. It's been said he is one of the best hackers in the world. Eventually i was put in contact with men in the FBI. Essentially went through a series of rigorous “tests” to determine my operating field of work. After seeing our skills, they then placed myself and the felon on the Cyber Anti-Terrorism unit (or CAT as we call it) .
Our first assignment was to locate a man on the Deep Web known only as “Captain Death” He runs this anonymous site in which the viewers would donate bitcoin to watch unspeakable acts of torture, mutilation and murder. Often times called “Red Rooms”. After searching for a while, clicking on every single link given to us, we found the exact link which directed us to the host site.We visited the website. For a moment the page was completely black. So we waited a few moments. Suddenly a bright red colored text appears across the top of the screen. “Welcome! To the house of pain, tonight's events will commence in 2 minutes. Enjoy” Looking over at my colleague, Jeff begins penetrating the sites security systems attempting to find the IP address of the hosts location. Viewing the site still with my eyes locked onto the screen. Using my laptop separate from Jeffs. The monitor goes black, Then a video attempts to load. Buffering now for several minutes. “Any luck Jeff”? I ask. “I'm searching for a weakness in the security firewall. Give me a minute” he responds. Frustrated i say, “We may not have a minute” Using access control, Jeff was able to find and manipulate the users login information bringing down the video before the it began. Believe it or not. One of the weakest points to a website can often times be it's login feature. Jeff found a vulnerability in the source codes software and exploited it. Still haven't found the guy. As that process is much more difficult. For now, we can rest a little bit easier knowing his account is compromised.
The best hack is when you can invade a security system and not ever be noticed. This was not one of those instances. “Who are you” appears on Jeff's computer screen. He responds quickly “The Dark Knight” in bold green text as he looks over the offenders account. Attempting to track down banking information. Recent transactions. Even bitcoin exchange.
Searching over the vast amount of data pouring into the site. Seems they have gone through great lengths to keep themselves hidden from the public. The Identity of the perp is still unknown. Patting Jeff on the shoulder i thank him for saving my eyes from witnessing god only knows what. I suppose for now it's a small victory. “Let's take a break Jeff” I urge. Shutting down our laptops we exit the dark cold room we sat in with monitors, computers, servers and many other electronic components all around us. One thing to remember, heat is the enemy of electronics. and for some strange reason, we enjoy freezing our asses off while hacking.
Walking outside Jeff lights up a cigarette and takes a drag. Putting on his sunglasses “Want one?” He asks “No thanks, they really break my concentration, I don't seem to function well with that in my system” i reply… he scoffs and quietly whispers (amateur) while choking and coughing. I smile and look up “Yeah well at least I can breathe” I say laughing. (A smile forming on ny face) We begin walking to a nearby restaurant. My phone lights up and rings loudly. It's my supervisor. “Go for Barry” I speak confidently. My boss is breathing heavily into the phone and says sternly “What's the News on Captain Death”? I begin to inform him on our progress and our struggles. “Keep me posted Barry, good work.” He says. (Not telling him Jeff did most of the work, i feel bad for taking credit for this one)
Reaching the doors of the bar and grill, I notice a man sitting in the corner of the restaurant with his family. Jumping back quickly while peering around the corner. Jeff gives me a strange look as I inform him that man is a fugitive from an earlier investigation. I call in for back up and sit back in our unmarked unit waiting for the Cavalry to arrive as he is armed and extremely dangerous. 15 minutes pass as back up swarms the parking lot. We exit the vehicle and surround the building. Rushing in 12 men strong, guns drawn we make the arrest. Fortunately, he did not resist. No civilians were harmed on the takedown.This man has been on the run for months moving from state to state. I had previously set up a sting operation to illegally buy stolen guns from the man which had been arranged through the deep web. However , this particular sting was an in-person arms deal. He appeared very spooked and got away from us before the transaction was made. After searching his panel van today we found an entire armory of weapons. A few days pass and we now have a search warrant issued by the judge for his last known address. Confiscating all of his computers, hard drives and weapons. My partner and I found a hidden room below the living room floor boards with $1.4 million dollars in it. It also had passports and other documents. He was ready to flee the country for sure. Why he was out in public is beyond me. Though often times, men like him feel they are untouchable and above the law.
It's several weeks later and work has been slow. (Not sure if that is good or bad) Until today that is, I began chatting on forums and meeting interesting characters in chat rooms. On the clear net and deep web. Today I met a dark shadowy figure online. He claims to have worked with a group of hackers who specializes in debit and credit card theft online. (Playing the part ask in a private chat) “How much does this pay?” Moments pass with no answer. I sit and wait for a response. A message appears with a link and a phone number. “Contact him for a trial run, if you do well. He'll set you up with further work” he writes. (Thinking for a moment, finally an adversary worth hunting) Typing quickly I say “Who is he, do you know him personally”? He responds rapidly and the text box closes after he writes “Rule number one, no names!” Fortunately I was able to copy the link and phone number before my computer screen went completely blank.
Reaching for the burner phone i recently acquired i begin dialing the number provided. It rings several times. No answer. So i check out the link i copied. Right before i click on it. My phone lights up and rings beside me forcing me to jump out of my seat. Startled i look at the cell phone. Mildly confused as it reads 'unknown number’. Quickly i answer the phone. A man on the other end speaks. “How did you find this number”? he asks. I inform him i was searching online for a while. Im new and im looking for work. “I was told you're the man to call if i wanted some action, i need the money” i implore. “Competition is next week, meet at this address, winner gets a spot on my team, if you think you're up for the test, be on time” he demands. I thank him and abruptly hang up.
Jeff comes over to my place. He has some info on low level guys in the fraudulent/stolen debit card scheme. Using an unmarked and totally not suspicious surveillance van. We follow a few men on their day to day operations. For the most part, this portion of our job is the worst. Very daunting and boring. Sitting and waiting isn't exactly glamourous as the movies depict it to be.
From what we can tell so far these men are using credit card skimmers. Victims of credit card skimming are completely blindsided by the theft. They notice fraudulent charges on their accounts or money withdrawn from their accounts, but their credit and debit cards never left their possession. How did the theft happen?
You may be wondering, what exactly is this? Credit card skimming is a type of credit card theft where crooks use a small device to steal credit card information in an otherwise legitimate credit or debit card transaction. When a credit or debit card is swiped through a skimmer, the device captures and stores all the details stored in the card's magnetic stripe. The stripe contains the credit card number and expiration date and the credit card holder's full name. Thieves use the stolen data to make fraudulent charges either online or with a counterfeit credit card.
These men have been using these small devices all over the local area and surrounding states as well. Targeting the nicer areas of town. Attaching the devices to the ATMs. Sitting a short distance away in their cars watching each victim approaching. Laughing all the way to the bank...so to speak. After several days of stake-outs. Out team makes the arrests. Finding blank cards, machines and large sums of cash on hand. After hours of interrogations we learn a much bigger scheme is in the works. The men inform us that they were merely a distraction for a much larger crime. My supervisor gives us clearance to make a deal with them. Lessening their charges if they are willing to cooperate. Speaking with the men for 3 more hours we learn what's really going on. The next few days are extremely tense as our offices try to warn all the banks and even get the media involved.
Calling every bank, big and small we alert them of the situation that cybercriminals are poised to carry out an “ATM cash-out,” an operation that gives thieves access to untold sums of money by bypassing security measures on an ATM. If successful, the operation has the potential to be a heist unlike any we’ve ever seen.
The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation‘.
These unlimited operations compromise financial institutions or payment processors by installing malware that allows hackers to exploit network access, allowing admin-level access. Once inside, they can disable fraud protection, raise maximum ATM withdrawal amounts (and transaction limits) and withdraw large sums of money. Millions, potentially.
All they’ll need to carry out the attack are debit and credit card numbers found on the dark web, and dummy cards, also known as “blanks,” to attach the numbers to.
The cyber criminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores. At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards.
It's nearly a week later and im preparing for my tests. I have my laptop ready in its case. Im extremely nervous.The information given to me is that i am to meet at this very strange building on the outskirts of town. I have no idea what to expect. I must come in first place to become a member of the team and ultimately take down the leader of this cybercrime domestic terrorist.
If things go according to his plan.He could potentially put the entire country on its knees and our banking systems would completely collapse.Chaos and madness will spread like wildfires. Millions of people unable to access their money will riot and destroy stores. Stealing food and everything they can get their hands on. The police will be overrun and unable to do anything about it. The military would most certainly be called in an attempt to regain order. Mass hysteria ensues. To the extremes we have never seen before. I must stop him. Before its too late….
submitted by BeardedVeteran to nosleep [link] [comments]

I'm an Undercover FBI agent on the Deep Web (Part One)

My name is Special Agent “Barry Allen” .(not my real name of course) It's actually my code name. Given to me by my colleagues. You may recognize the name from the comic book character “The Flash”. I was given this name due to my quickness to obtain IP addresses , bypass firewalls and hack into certain deep web sites and shut them down. That is my area of expertise.
However, I've also been assigned to a Joint Task Force before which tracked and arrested drug runners, firearms dealers and human trafficking rings. Believe it or not. The federal government is everywhere. Social media, Reddit, YouTube. You name it. We have our guys on it. We monitor everything. That being said, the FBI only has jurisdiction to operate within the borders of the United States.
In this new digital age we find ourselves living, Cybercrime is much more of a direct threat. Now more than ever…
Yes in the past we feared as a nation, biological and chemical warfare. As an example, right after 9/11 the United States had an Anthrax attack. In the FBI, it was known as “Amerithrax” Letters were mailed containing anthrax spores to several news media offices and to Democratic Senators Tom Daschle and Patrick Leahy, killing 5 people and infecting 17 others. Once the victim opened the letters they would immediately be exposed to the spores. Inhaling them is the most deadly form of the attacks. And it quickly destroys your immune and respiratory system's.Back then there were no known cures and it was difficult to treat as the symptoms often times confused doctors. The death rate once exposed was nearly 95% .No one was ever officially arrested or tried as the primary suspect for this horrific crime. If you ask me though, the scariest part of this investigation is where it led us….To a lab on an Army base. Essentially the US Army was weaponizing Anthrax using independent scientists specializing in microbiological warfare.
Of course though, if you wanted to bring down Western Civilization today , all you'd have to do is manipulate or destroy our satellites and we would be back in the dark ages. Computers, banks , grocery stores and cell phones, power plants, even the water filtration system runs with electronics and the ability to communicate with satellites.
Essentially, our world now depends on this. It's scary to think about. Especially when 14 year olds are hacking into the largest banks in the world from their mother's basement. Somehow they are able to bypass the best security systems we know of. (I personally believe they are using password skimmers) We joke in my department that in order to work for us, you simply only need to be smarter than a teenager.
My background is in IT while in the military. While serving i also obtained several certifications and degrees in my field..
I worked alongside someone i never thought i would. Turns out the federal government often times hires former hackers to “consult” for them. In fact they have an army of internet soldiers at their disposal. I was actually trained by a convicted felon. It's been said he is one of the best hackers in the world. Eventually i was put in contact with men in the FBI. Essentially went through a series of rigorous “tests” to determine my operating field of work. After seeing our skills, they then placed myself and the felon on the Cyber Anti-Terrorism unit (or CAT as we call it) .
Our first assignment was to locate a man on the Deep Web known only as “Captain Death” He runs this anonymous site in which the viewers would donate bitcoin to watch unspeakable acts of torture, mutilation and murder. Often times called “Red Rooms”. After searching for a while, clicking on every single link given to us, we found the exact link which directed us to the host site.We visited the website. For a moment the page was completely black. So we waited a few moments. Suddenly a bright red colored text appears across the top of the screen. “Welcome! To the house of pain, tonight's events will commence in 2 minutes. Enjoy” Looking over at my colleague, Jeff begins penetrating the sites security systems attempting to find the IP address of the hosts location. Viewing the site still with my eyes locked onto the screen. Using my laptop separate from Jeffs. The monitor goes black, Then a video attempts to load. Buffering now for several minutes. “Any luck Jeff”? I ask. “I'm searching for a weakness in the security firewall. Give me a minute” he responds. Frustrated i say, “We may not have a minute” Using access control, Jeff was able to find and manipulate the users login information bringing down the video before the it began. Believe it or not. One of the weakest points to a website can often times be it's login feature. Jeff found a vulnerability in the source codes software and exploited it. Still haven't found the guy. As that process is much more difficult. For now, we can rest a little bit easier knowing his account is compromised.
The best hack is when you can invade a security system and not ever be noticed. This was not one of those instances. “Who are you” appears on Jeff's computer screen. He responds quickly “The Dark Knight” in bold green text as he looks over the offenders account. Attempting to track down banking information. Recent transactions. Even bitcoin exchange.
Searching over the vast amount of data pouring into the site. Seems they have gone through great lengths to keep themselves hidden from the public. The Identity of the perp is still unknown. Patting Jeff on the shoulder i thank him for saving my eyes from witnessing god only knows what. I suppose for now it's a small victory. “Let's take a break Jeff” I urge. Shutting down our laptops we exit the dark cold room we sat in with monitors, computers, servers and many other electronic components all around us. One thing to remember, heat is the enemy of electronics. and for some strange reason, we enjoy freezing our asses off while hacking.
Walking outside Jeff lights up a cigarette and takes a drag. Putting on his sunglasses “Want one?” He asks “No thanks, they really break my concentration, I don't seem to function well with that in my system” i reply… he scoffs and quietly whispers (amateur) while choking and coughing. I smile and look up “Yeah well at least I can breathe” I say laughing. (A smile forming on ny face) We begin walking to a nearby restaurant. My phone lights up and rings loudly. It's my supervisor. “Go for Barry” I speak confidently. My boss is breathing heavily into the phone and says sternly “What's the News on Captain Death”? I begin to inform him on our progress and our struggles. “Keep me posted Barry, good work.” He says. (Not telling him Jeff did most of the work, i feel bad for taking credit for this one)
Reaching the doors of the bar and grill, I notice a man sitting in the corner of the restaurant with his family. Jumping back quickly while peering around the corner. Jeff gives me a strange look as I inform him that man is a fugitive from an earlier investigation. I call in for back up and sit back in our unmarked unit waiting for the Cavalry to arrive as he is armed and extremely dangerous. 15 minutes pass as back up swarms the parking lot. We exit the vehicle and surround the building. Rushing in 12 men strong, guns drawn we make the arrest. Fortunately, he did not resist. No civilians were harmed on the takedown.This man has been on the run for months moving from state to state. I had previously set up a sting operation to illegally buy stolen guns from the man which had been arranged through the deep web. However , this particular sting was an in-person arms deal. He appeared very spooked and got away from us before the transaction was made. After searching his panel van today we found an entire armory of weapons. A few days pass and we now have a search warrant issued by the judge for his last known address. Confiscating all of his computers, hard drives and weapons. My partner and I found a hidden room below the living room floor boards with $1.4 million dollars in it. It also had passports and other documents. He was ready to flee the country for sure. Why he was out in public is beyond me. Though often times, men like him feel they are untouchable and above the law.
It's several weeks later and work has been slow. (Not sure if that is good or bad) Until today that is, I began chatting on forums and meeting interesting characters in chat rooms. On the clear net and deep web. Today I met a dark shadowy figure online. He claims to have worked with a group of hackers who specializes in debit and credit card theft online. (Playing the part ask in a private chat) “How much does this pay?” Moments pass with no answer. I sit and wait for a response. A message appears with a link and a phone number. “Contact him for a trial run, if you do well. He'll set you up with further work” he writes. (Thinking for a moment, finally an adversary worth hunting) Typing quickly I say “Who is he, do you know him personally”? He responds rapidly and the text box closes after he writes “Rule number one, no names!” Fortunately I was able to copy the link and phone number before my computer screen went completely blank.
Reaching for the burner phone i recently acquired i begin dialing the number provided. It rings several times. No answer. So i check out the link i copied. Right before i click on it. My phone lights up and rings beside me forcing me to jump out of my seat. Startled i look at the cell phone. Mildly confused as it reads 'unknown number’. Quickly i answer the phone. A man on the other end speaks. “How did you find this number”? he asks. I inform him i was searching online for a while. Im new and im looking for work. “I was told you're the man to call if i wanted some action, i need the money” i implore. “Competition is next week, meet at this address, winner gets a spot on my team, if you think you're up for the test, be on time” he demands. I thank him and abruptly hang up.
Jeff comes over to my place. He has some info on low level guys in the fraudulent/stolen debit card scheme. Using an unmarked and totally not suspicious surveillance van. We follow a few men on their day to day operations. For the most part, this portion of our job is the worst. Very daunting and boring. Sitting and waiting isn't exactly glamourous as the movies depict it to be.
From what we can tell so far these men are using credit card skimmers. Victims of credit card skimming are completely blindsided by the theft. They notice fraudulent charges on their accounts or money withdrawn from their accounts, but their credit and debit cards never left their possession. How did the theft happen?
You may be wondering, what exactly is this? Credit card skimming is a type of credit card theft where crooks use a small device to steal credit card information in an otherwise legitimate credit or debit card transaction. When a credit or debit card is swiped through a skimmer, the device captures and stores all the details stored in the card's magnetic stripe. The stripe contains the credit card number and expiration date and the credit card holder's full name. Thieves use the stolen data to make fraudulent charges either online or with a counterfeit credit card.
These men have been using these small devices all over the local area and surrounding states as well. Targeting the nicer areas of town. Attaching the devices to the ATMs. Sitting a short distance away in their cars watching each victim approaching. Laughing all the way to the bank...so to speak. After several days of stake-outs. Out team makes the arrests. Finding blank cards, machines and large sums of cash on hand. After hours of interrogations we learn a much bigger scheme is in the works. The men inform us that they were merely a distraction for a much larger crime. My supervisor gives us clearance to make a deal with them. Lessening their charges if they are willing to cooperate. Speaking with the men for 3 more hours we learn what's really going on. The next few days are extremely tense as our offices try to warn all the banks and even get the media involved.
Calling every bank, big and small we alert them of the situation that cybercriminals are poised to carry out an “ATM cash-out,” an operation that gives thieves access to untold sums of money by bypassing security measures on an ATM. If successful, the operation has the potential to be a heist unlike any we’ve ever seen.
The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation‘.
These unlimited operations compromise financial institutions or payment processors by installing malware that allows hackers to exploit network access, allowing admin-level access. Once inside, they can disable fraud protection, raise maximum ATM withdrawal amounts (and transaction limits) and withdraw large sums of money. Millions, potentially.
All they’ll need to carry out the attack are debit and credit card numbers found on the dark web, and dummy cards, also known as “blanks,” to attach the numbers to.
The cyber criminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores. At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards.
It's nearly a week later and im preparing for my tests. I have my laptop ready in its case. Im extremely nervous.The information given to me is that i am to meet at this very strange building on the outskirts of town. I have no idea what to expect. I must come in first place to become a member of the team and ultimately take down the leader of this cybercrime domestic terrorist.
If things go according to his plan.He could potentially put the entire country on its knees and our banking systems would completely collapse.Chaos and madness will spread like wildfires. Millions of people unable to access their money will riot and destroy stores. Stealing food and everything they can get their hands on. The police will be overrun and unable to do anything about it. The military would most certainly be called in an attempt to regain order. Mass hysteria ensues. To the extremes we have never seen before. I must stop him. Before its too late….
submitted by BeardedVeteran to DrCreepensVault [link] [comments]

Irish man to be extraditeded to US - Admin of Silk Road

https://www.rte.ie/news/courts/2018/0627/973575-gary-davis-supreme-court/
The Supreme Court has cleared the way for the extradition to the United States of a Wicklow man, alleged to be an administrator of the Silk Road website, which dealt with illegal drugs and hacking software.
Gary Davis of Johnstown Court, Kilpedder, Co Wicklow, will now face trial in the US on charges including conspiracy to distribute narcotics, conspiracy to commit computer hacking and conspiracy to commit money laundering.
He had opposed his extradition on a number of grounds, including that he has Asperger's syndrome.
If convicted in the US, Mr Davis could receive a life sentence.
This morning, in what was a unanimous decision, the five-judge court comprised of Mr Justice Donal O'Donnell, Mr Justice William McKechnie, Mr Justice John MacMenamin, Ms Justice Elizabeth Dunne and Ms Justice Iseult O'Malley, dismissed his appeal aimed at preventing his extradition to the US.
Giving the court's decision, Mr Justice McKechnie said the court was satisfied that Mr Davis had not established that there was a real risk that his fundamental rights would be infringed if extradited to the US.
All grounds of the appeal were rejected by the court and the judge said Mr Davis had failed to show any error in law made by the High Court in this case.
Mr Davis was present in court for the decision.
The court granted his lawyers a 48-hour stay on his surrender to allow his lawyers advise him on the judgment and to consider a possible referral of the case to the European Court of Human Rights.
Members of his family were visibly upset after the court delivered its judgment.
Mr Davis's extradition was ordered by the High Court 2016 and in March 2017 his appeal against that order was dismissed by the Court of Appeal.
Mr Davis claimed that if he is extradited he will be detained in an inhumane and degrading manner in a US detention centre and in breach of his rights under the Irish Constitution and the European Convention on Human Rights to bodily integrity and his right to life.
Mr Davis, represented by Cormac Ó Dúlacháin SC and John Peart SC, said the case raises issues including whether the State is constitutionally obliged to protect vulnerable persons with a mental illness who are the subject of an extradition request.
It was also claimed there was evidence that Mr Davis's mental condition would deteriorate if held at a US facility where he would have no assurances about what treatment would be available to him.
If detained in the US for a lengthy period Mr Davis, who has a high dependency on his family, would have very limited access to his family members.
Given his condition, this would also have a detrimental effect on Mr Davis's mental health, it was argued.
The Attorney General opposed the appeal and argued there is nothing to prevent Mr Davis's extradition to the US.
The US authorities claim Mr Davis was an administrator of the Silk Road website using the pseudonym 'Libertas' between June 2013 and October 2013.
They also allege Mr Davis had an "explicit knowledge of the items for sale on the website".
The website is said to have facilitated the sale of illicit drugs including cocaine, crack cocaine, crystal meth and hacking software.
Launched in 2011, it was run by American Ross William Ulbricht, under the pseudonym 'Dread Pirate Roberts'.
It offered anonymity to its users and trades were conducted in bitcoins.
Ulbricht was arrested and charged following an investigation by the US authorities and subsequently sentenced to life imprisonment.
Mr Davis's alleged involvement was identified from information extracted from Ulbricht's computers following his arrest by the FBI.
submitted by LovelyBloke to Casefile [link] [comments]

Blue Beelzebub (Part 1)

For years, years, I wondered – ‘why me’ – you know, you know, kiddo – ‘why me’ – but there is no ‘why me’. What? As if there were, you know, ‘chosens’, there’s no ‘chosens’ – there’s no all–seeing, all–knowing powerful nothing. It happened. That’s it. I fell for it. I took its bait – hook, line, sinker. Didn’t I do it to myself? Wasn’t I the sucker? There’s no ‘why me’ – and once I realized that, that there was no, that there was no, no any kind of justice what so ever, until I acted, that gave my existence purpose. And now I’m gonna fulfill that purpose. I don’t want you getting involved. You’re deep enough as it is. Don’t be the sucker!
– Bobby Mortaren; famous last words
I raced from the house to the hotel, at Walsenburg, where I struggled to make sense of everything that transpired. I poured myself over notes and records that I had brought along. Only my laptop’s glow illuminated the room. Every so often lights through I-25 swept across the bed. Every so often breezes stirred trees around the perimeter. Soon midnight passed. The world darkened, relaxing as it were into slumber.
A knock rattled the door - and I could have shrieked if it weren’t for what remained of my nerves. All of a sudden, I felt so icy, so cold, that I stood, frozen, uncertain of how to proceed. Who was it? It couldn’t be good. Not the FBI. Not the Thules. Ache, already?
I balked at chucking my laptop - whoever they were at the door, they’d find it, they’d find it.
It’s the 21st century; evidence doesn’t vanish without a trace.
As my heart pounded my chest, I reached that door and cracked it a notch. I braced for the kick certain to follow. It didn’t come. The hotel’s courtyard / lot spread, deserted except for my rented Wrangler. There wasn’t anyone - anyone who may have been my visitor.
Yet - by my feet - at the edge of the threshold - my visitor had left a box.
I poked at it with my pole and turned it over and over. It wasn’t postmarked. It wasn’t addressed. It had been delivered by hand and, suspecting what it was, I yanked it inside. Leaning onto and drooping against the door, I tore its lid. The box contained two floppies, a CD, and a stack paper. It was Blue Beelzebub - all of it, every part of it. As well as instructions: a How-To-Guide for destroying your future, fetched onto my doorstep, white-glove-style to boot, as promised. It may as well have been a bomb.
###
How did Blue Beelzebub mutate into my obsession?
Worse - did I expect to find its truth remarked into code from 1996? 1996! There wasn’t a lot to the internet way, way back when. But crime was crime no matter its era. Was it crime? And did the game start this way or that way then evolve into crime? Was it crime from its start?
The programmer of Blue Beelzebub, a hacker by the avatar ‘ZuZu’, claimed to be legit. Their MO had been to create games not scams. Or so it appeared until Blue Beelzebub entered the story. If it were a product of malware, why had ZuZu devoted so much of their effort into its creation? Why had they boasted of the game’s nitty gritty details during its gestation? Why all of that trouble, if only a fraction of it would have been appreciated by those who played it? Even LVN, when they weren’t laundering bitcoin, expressed what may be described as passion for that game.
Was it a game?
By 1996 standards, its demos parlayed atrocious graphics and threadbare mechanics. The way it affected the player’s rig ensured nobody would be eager to replay it. The game passed every scan available yet it twisted the OS and hijacked the PC to serve as a node, a link into a yet-unknown and yet-unnamed network for purposes every bit as mysterious as the game itself.
As I contemplated the reality of the situation, I settled onto the notion that that game may have been a gimmick to cover truly malevolent intentions. That had been the crux of LVN’s KickStarter and GoFundMe rackets - they always proposed plausible if lofty projects as if they were real, actual products people buy. However, case after case demonstrated that their pretense unraveled after scrutiny. Could it be, as far back as 1996, the creator(s) of Blue Beelzebub conceived of such a deception? FPS (of the type Blue Beelzebub reported to be) were the rage through the 90s. If so then their MO resembled that of a typical bait-and-switch scheme - bait them with a game, switch them with a virus. Then? What? Profit?
###
In the summer of 2017, Czech authorities in conjunction with the EU, arrested LVN at their apartment south of Plzen. They seized the hacker’s laptop, PC, as well as their twenty thousand CD library. LVN was a hacker-for-fire; evidence presented at their arraignment demonstrated to the court that they had been paid by Russian and other Eastern European actors to pilfer bitcoin wallets. In addition to theft, the court entertained charges connected to a NiceHash heist of 64 million euros earlier that year.
It was the breach of NiceHash’s security that brought my skills to the EU’s attention. For a few weeks, between March and May, I played my part to aid the investigation and the conviction of its mastermind. We discovered that the breach had been directed from inside NiceHash. We split the work: ‘brick and mortar’ detectives ran interviews and stakeouts while my fellow ‘white-hats’ and I toiled at the forensics. To meet our end of the bargain, we created a model of that cyber-attack, in order to construct and deconstruct its operation. As we realized how the crime had been executed, we identified the party responsible for it and built the authorities a solid chain-of-evidence - a chain-of-evidence that identified LVN as the perpetrator.
LVN masterminded not just that NiceHash heist but a dozen scams at sites like KickStarter and GoFundMe. LVN traded exclusively through bitcoin. Their MO was to sow fake projects then to reap real funds submitted by backers - by backers who aimed to launder money via its exchange into bitcoin. Projects were advertised to those who sought the service; they were fraudulent through and through yet they appeared real enough to fool the maintainers of those sites and the public at large who may have been tricked by the scams.
Under the supervision of the investigation at large, I pledged my dollars to a few of LVN’s projects, to see what the response would be. Soon, LVN and I exchanged emails. They wanted to speak face-to-face. In front of the experts, I played to type and gained access to a roster of services from that hacker-for-hire. As a result of the communication, the investigation brought into play anti trafficking & exploiting agencies from around the world and accelerated their goal to convict LVN.
One of the projects LVN advertised didn’t fit into the mold in so far as it felt like a genuine hobby of theirs. LVN sought investors to fund their (re)development of a game, Blue Beelzebub. The project listed at KickStarter - removed but saved to my laptop - included a lightbox of images and demos as well as snippets of code. It discussed such esoterics as: updates to its physics engine and its video & audio renderer; upgrades to its arsenal and its gallery of foes; changing its play - expanding its levels and ditching its linearity.
The details impressed me as they perplexed me. Why? I kept asking. What’s the idea? What’s the racket? Why create a game using twenty year old technology? I understood its esoterics perfectly for I came of age during the 90s. So much of what went into Blue Beelzebub felt familiar as it was familiar. An FPS - first person shooter - propelled by a fork of that fabled, 2.5D DOOM engine. Little wonder that its caps parlayed the look and feel of classic 90s PC games!
Maybe it was yet another scam? Or - maybe - it was a hobby of a gamer / programmer? Could it be that LVN recalled those early DOS games and wanted to re-create the era? But that wasn’t everything. And as I mused & Googled I started to ask myself if there wasn’t more about Blue Beelzebub beyond the haze of my nostalgia. I failed to connect the dots although that did not shake the deja vu - somehow, someway, I recognized that game.
###
Escape published my article about LVN’s conviction. Against the advice of my editor, I stalked its commentary, to see what, if anything, the story drew out of the woodwork. Its aside re: Blue Beelzebub attracted attention. I wasn’t surprised, to be honest, as I had inserted it into the text to draw reaction. And my rouse worked! But I wasn’t the only one who felt deja vu about the game.
A commentator, who asked for anonymity, posted a link to 4CHAN about Blue Beelzebub. LVN had advertized the KickStarter for the game at a group devoted to indie developers. LVN never advertized their work at 4CHAN out of fear of exposure. So that thread where they didn’t ask for money confirmed my sense that it wasn’t, necessarily, a scam.
As I scanned that thread, however, I realized what a rabbit-hole the business would be. After LVN’s post, anonymous replies went to and fro as they typically do. Then the tenor of the thread devolved into a war amongst those who were for vs. those who were against what LVN proposed to do with the game. It was a question about credit. At last - somebody revealed a truth I duly suspected of - that Blue Beelzebub wasn’t the work of LVN - that the game as it existed predated LVN by twenty years or so.
The idea for Blue Beelzebub had floated about USENET c. 1995. The majority of the conversations extracted from the archives suggested that the game was vaporware. Its supporters countered that either a P/C or a DEMO existed and that a play-through had been uploaded to (early) YouTube. Everyone who added their opinion - pro & con - agreed that it was “inspired by Satan”, “took its cues from Crowley’s ‘Thelema’“, and that it included clips “replete with ever more corrupt” gore and snuff. A self-described player, whose rig they claimed had been “totaled” by the game, stated bluntly that it contained a “Chinese Sandwich”.
Undeterred by the confusion, I kept at my search, ramming through the archives, pushing my way further back in time, from 1997 to 1995. USENET had been mirrored prior to its collapse yet its content was not indexed completely; a robust query of its posts required force and patience.... In spite of the odds, my effort worked, my persistence located the roots of Blue Beelzebub.
It was a posted dated June 15, 1995 written by the game’s originator, a hacker by the name of ZuZu. According to their missive, they claimed to have produced “a proof of concept demo” for their “latest and greatest” game, Blue Beelzebub, and that it was “a legit game catering to those who worship and admire Lucifer and everything that stands for”. ZuZu listed, point by point, the substance of their creation. I wasn’t surprised to see, splattered across that post, the verbiage LVN usurped for their own advert.
Except - they weren’t seeking funding. According to their missive, the game had been bankrolled “by entities of a foreign sort, who don’t want to be credited”. Rather, they were seeking “experts” willing to alpha & beta test the product.
Blue Beelzebub and by extension ZuZu went rouge between 1997 and 2005.
Then - October 31, 2005 - ZuZu submitted their last, known public statement. Broadcasted through their usual, over-the-top flamboyance, they wished for their “fans to learn and spread the word” that they “secured an exclusive”. They had convinced a devote of indie horror / FPS games to review Blue Beelzebub. The player they had snagged was famous for their day and their name I recognized as I read it.
Bobby Mortaren - an internet pioneer par excellence. Mixing reviews and play-throughs together, his format had been lauded as visionary and just as imitated. Tweaked a bit by-the-by it continued to find use. His name, though, hadn’t been spoken of for a decade. Games had changed. Tastes had changed. He could have shifted into yet another venture so far as I knew.
Mortaren posted his works to YouTube - to YouTube prior to its merger with Alphabet. As I considered the changes that transpired across the years, I wasn’t surprised to discover that all of my links to his works were dead. Eerily, though, it was impossible to locate his reviews directly via YouTube. So I tried Google and Bing. No result. Ditto with DuckDuckGo. Ditto with Wiki, SlideShare, BoardReader. Out of desperation I surfed into the remnants of Alta Vista - maybe its database saved the information? No. No. Futile - all of it.
YouTube’s size was greater than USENET’s size. My task’s extent was altogether a colossal order of magnitude. If that which I pursued had not been deleted, then, it would be found ad finem omnia. So to dig further I opted for a quick & dirty hack - a bot. A bot scripted to sift and sort all YouTube’s content that matched keywords Mortaren and Blue Beelzebub. I ran it and waited for days then for weeks then for months.
###
My extensive search corroborated the fact that Mortaren left the internet c. 2006. Assuming they may have continued via pseudonym, I enquired into the matter with colleagues who devoted themselves to games and / or to reviews. Only a few recognized their name; nobody was cognizant of their voice.
An editor from ToplessRobot directed my attention to a defunct fansite’s messageboard where somebody asked why Mortaren vanished without a trace. To my shock, the reply was that Mortaren had been arrested by the FBI c. 2006. I could not fathom why. Nevertheless, if the revelation were correct, then, the resolution to the matter was tantalizingly viable. Arrests - and trials - were public.
The LVN / EU case brought my forensic skills to the notice of the DOJ and the Treasury / Secret Service. The FBI, like its European counterparts, wanted to understand everything about bitcoin and how it might (might) be possible to trace transactions to individuals.
As part of my freelance work, I already met and debriefed FBI agents re: the Czech hacker. Eventually ‘large’ talk gave way to ‘small’ talk amongst us. It was at that juncture that I broached the subject of Blue Beelzebub - namely, that LVN hatched a scheme to defraud investors (via bitcoin) ostensibly by promising to develop an update to that game.
“They got exposed by players who recognized the game’s ill-repute,” I stated. “Apparently, the game’s infamy started after its reviewer, a fellow by the name of - er - Robby Mortaren? Bobby Mortaren? Well - they got arrested by the FBI.”
Neither the game nor the reviewer elicited a reply - immediately, anyhow.
A (censored) document, summarizing a DOJ investigation, worked its way into my mailbox. Mortaren had been under FBI surveillance from November 2005 to May 2006. Why wasn’t stated; just that the FBI obtained search warrants for computers & electronics. A federal judge issued an arrest warrant May 30, 2006; however, the DOJ withdrew the charges after Mortaren agreed to an immunity deal. Mortaren turned star witness at a trial that involved organized crime as well as rackets, cults, ritualized human & civil rights abuses and elements that suggested Satanism. The perpetrator(s) that the DOJ wanted to convict fled either to South America OR Eastern Europe / Central Asia. The trial evaporated; neither the charges nor the perpetrator(s) were detailed.
Mortaren’s immunity deal with the DOJ wasn’t negotiable or retractable and included a complete internet ban.
The document listed a PO BOX as Mortaren’s permanent address.
To Mr. B. Mortaren:
Sir, I apologize. Blue Beelzebub. Were it not for the fact that you may be the only person left to recall that game, I would not have stretched my resources so thin to find you. If you are not able to assist my research, is anyone?
I was part of an EU investigation re: bitcoin, theft & fraud, as well as trafficking & exploiting vagrants. Through that investigation I came into contact with a hacker; they claimed to be working on Blue Beelzebub; they sought funds to upgrade it. While disturbing to say the least, that game did not strike me as part of the hacker’s MO. So I pried further into the matter and discovered, to my astonishment, that Blue Beelzebub dated to the mid 90s and that you reviewed & posted the demo at YouTube.
I am curious about that game. I cannot get it out of my head. Who was the programmer? Who was the developer? Where did they get the money? What were their goals? What was the game about, if the game was about anything?
A DOJ document summarizing your immunity from prosecution was brought to my attention. I suspected, as I matched the timeframe of the FBI’s surveillance and arrest, to the demo, that these matters are related. I was not able to find a link, due to the fact that all records, transcripts, etc., were sealed by request of the FBI.
If, for any reason what so ever, we cannot communicate about this matter, would it be possible to contact a surrogate or anybody with the information I seek?
With All Due Respect
JK
###
Due to limits that existed at YouTube’s debut, videos posted from 2005 to 2010 were capped to 10 minutes. Both image and sound playback quality were kept low to spare bandwidth. A lack of (accessible) software and hardware to edit video forced vloggers to improvise. Mortaren had always used a webcam and mic from the 90s to shot their videos ‘live’, i.e., without edits.
YouTube retained the majority of Mortaren’s content; however, after a check of the dates and the poster’s IDs, I determined that Mortaren’s videos had been reposted c. 2006 by another user.
If the titles / numbers were correct then there were seven parts to the demo Mortaren recorded for Blue Beelzebub. Of seven, six remained. Specifically, the 5ifth - which must have been filmed as evidenced by the discontinuity between 4ourth and 6ixth - defied my ability to trace.
The reposter stated that “the 5ifth wasn’t part of the review package”. Yet, as I perused copies of replies they had saved, commentary that referenced material that doesn’t appear anywhere else, I strongly suspected that a 5ifth had been posted for a while and, for whatever reason, Mortaren removed it prior to 2006.
1irst - details facts re: the game: the developer, the programmer, the system requirements, etc.
“If your rig’s able to run DOOM, Blue Beelzebub works,” they state then add: “although, prepare yourselves, kiddos, the game takes a very, very long time to install”.
Passingly, he adds that a fan of his had ditched the game after they experienced “a catastrophic system failure” that they blamed “on either a bug or a virus or both”.
The executable and its auxiliary files pass every virus and malware checker Mortaren throws at it.
2econd & 3hird - demonstrates the game play or what passes for it.
Mortaren prefers to record his reviews live so that his fans experience the game exactly as he does. His videos contain hints / cheats if they are discovered as he plays. He describes Blue Beelzebub as a DOOM-GUY-ESQUE player who moves through an enshadowed monochromatic maze.
“There’s no backwards, I, I, I don’t believe it! Did they forget to give us backwards? There’s forwards and left, right. Kiddos, you gotta do a circle to go backwards.” He continues to berate the game, adding: “Yeah, there’s only forwards. And you know, I gotta say it, the programmer may think they’re the money’s nuts for it.... But it’s so weird that going forwards causes the view to bob up and down or side to side. What’re they trying to do? Are they trying to replicate a player’s gait? Takes me right out of the game. Let me tell y’all why. Like I said, the programmer’s got to be thinking they’re the monkey’s nuts but it’s that bizarro attention to detail that’s so jarring as I consider the lack of detail given to the graphics. Guys. Guys. Guys. You gotta think about what you present.”
Mortaren piles his criticism of the graphics and the sounds, comparing both unfavorably to DOOM. Especially frustrating is the invariance of the black & white textures throughout the maze. He praises the response of the maze to the player as he notes, while attempting to draw the maze, that its passages shift at random. Then more and more criticisms were strewn at the game, including its lack of weaponry, its lack of powerups / extras, its lack of anything.
“A game can’t be about going through the maze, guys, there’s got to be a point - something to do!” Finally, he voices the suspicion that he had been duped by ZuZu.
4ourth - the demo gets interesting.
Mortaren finds an area of the maze where the textures differ. The video’s pixilation - perhaps due to the webcam - perhaps due to the way the reposter preserved it - masks the bulk of the alteration. I detect a change of shade, though, from black & white to blue.
“Well it can’t be for nothing that the wall is blue. Jeez!” As he cracks the joke, to his shock (an explicative slips), the sounds became those of “eerie, drone-like notes fading into reverb” and the monitor displays a still-shot. Mortaren zooms into the image; I recognize it as coming from the shock-site, ROTTEN.
After that alteration, every blue-hued texture Mortaren faces produces other images, increasingly nihilistic and graphic, usually of the dead or the dying, often of celebrities, suicides, accidents, wrecks.
5ifth - ?
6ixth - the segment starts at an awkward jump.
It must have been split from the 5ifth video and while Mortaren does not state why, explicitly, the tone of the voice suggests that something serious transpired.
“Sorry, kiddos, I turned the webcam away - a first - I guess this ZuZu accomplished something.”
When he returns the webcam to the monitor, it is apparent that in addition to tone the substance of the game itself altered.
The player stands at the center of a room Mortaren describes as “a vault with a hole at its floor”. The 2.5D renderer prevents the player from gazing inside the hole. But by directing the player to walk the hole’s circumference it is possible to catch bits of its contents. A sharp, blue light shoots out of the hole; the way it cast light at the ceiling suggests there might have been “water”, as if the hole were a well of sorts.
What shocks Mortaren is that the room fills with children. The renderings of faces make each of the children unique. However: “the ghastliness of the imagery resembles how faces voxilate like with Delta Force games”. Further, he notes, after a pause that echoes my own consternation and trepidation, “I’ve seen these kids. Yeah, I’ve seen these kids from those, those photographs the game stopped everything to show us. Jeez!”
The children stand statue-like as the player walks about them. They serve as obstacles that block movement, otherwise, inert, unresponsive, “not that the player interacts with the kids as there’s no other keys available except A, W, D”.
The video continues, then, Mortaren shrieks.
The playback jostles as if it were about to stop. When everything resettles, he speaks, calmly and evenly, that “there’s a kid that’s different ... animated. You gotta see it, kiddos, I can’t say if it’s awful because it’s awful or if it’s awful because it’s awful....” The webcam zooms into the monitor; the child rendering appears to show it breathing, haphazardly, with their mouth agape. And then, then the child moves and the player like the viewer alike slip an explicative. “I take it back, everything, this is truly and utterly awful.”
7eventh - the coda feels like the set’s longest but is the shortest.
“Right now I’m running. I don’t have a weapon, jeez! I’m running as fast as this keyboard allows but my health is shrinking.” Mortaren stops and rotates the player to face backwards. The animated child is behind and striking the player using a technique that resembles “Hanna-Barbera laziness - or who knows - who knows, kiddos, it could be part of the style”. Just as it is with DOOM, as the player’s health decreases, the view gets redder and the avatar gets bloodier. Mortaren aims into the maze; there is no exit, there is no weapon, no upgrade to assist, all that exists is the floor where the player drops, dead.
The 7eventh adds a post-script recorded after the demo. It shows Mortaren’s PC, open and split to pieces. “The game installed a virus,” he declared then described its symptoms.
“Immediately upon my player’s death, the PC rebooted. After the BIOS, instead of going into DOS, it starts a telnet session and tries to connect via IP. Of course it doesn’t get a reply since my PC uses dial-up. So it freezes, pinging and pinging a server somewhere that it cannot reach.”
Mortaren concludes by theorizing that if Blue Beelzebub were a virus, it must have been designed to target high-end systems with LAN / Ethernet ports.
I jot the IP and attempt to connect to it. Strangely, it will not load yet it will not issue an error of any kind. Chrome, FireFox, Edge, etc., freeze. WHOIS is not able to resolve the owner. Nevertheless, it yields the location of the server, a site approximately 50 miles north east of Trinidad, Colorado.
I reject the result; users of tracers already know that they rely on ISP databases to match IP / location - and how often are those databases updated? - and how often are those updates distributed? The decade that passed between today and the video, and between the video and the creation, assures that there must have been a drift re: the location of the IP.
###
I will not reveal the particulars of when, where, and how I received the call.
“The coordinates.” Into my ear spoke a voice that my investigation made familiar. “Check the coordinates.”
“Coordinates?”
“Blue Beelzebub.”
“Yes,” I replied and Mortaren implied we’d meet.
Mortaren had traced my whereabouts through the blogosphere. He wanted to talk about the game yet feared the government “and or others” eavesdropping. I admitted off-handedly that as I sunk into my work with the DOJ, my paranoia tipped.
“What’s the deal with the game, anyway?”
“What do you want on your Chinese Sandwich?”
My impression settled onto a mixture of intrigue and trepidation. The matter felt so cryptic as to defy credulity. Coordinates? Blue Beelzebub. Chinese Sandwich? Nevertheless, even as we talked (brief as the conversation was) I put together that by coordinates + Blue Beelzebub Mortaren referred to the IP the game telnet’ed.
submitted by 0fruitjack0 to nosleep [link] [comments]

Ether Thief Remains Mystery Year After $55 Million Digital Heist

Ether Thief Remains Mystery Year After $55 Million Digital Heist 2017-06-13 08:00:18.224 GMT
By Matthew Leising (Bloomberg Markets) -- Summer colds are the worst, and Emin Gün Sirer had caught a wicked bug from his 1-year-old son. So it was with watering eyes and a stuffy nose that the associate professor of computer science at Cornell found himself working from his sickbed on Monday, June 13, 2016. Gün—everyone calls him Gün—couldn’t tear himself away from his laptop. He had another type of bug in his sights, a flaw in a line of computer code he feared put $250 million at risk of being stolen. It wasn’t just any code. It was the guts of the newest breakthrough in software design related to blockchain, the novel combination of decentralized computing and cryptography that gave life to the virtual currency bitcoin in 2009. Since then, the promise of blockchain to transform industries from finance to health care has captured imaginations in corporate boardrooms and governments alike. Yet what the Turkish-born professor was exploring that Monday was the next leap forward from bitcoin, what’s known as the ethereum blockchain. Rather than moving bitcoin from one user to another, the ethereum blockchain hosts fully functioning computer programs called smart contracts—essentially agreements that enforce themselves by means of code rather than courts. That means they can automate the life cycle of bond payments, say, or ensure that pharmaceutical companies can authenticate the sources of their drugs. Yet smart contracts are also new and mostly untested. Like all software, they are only as reliable as their coding—and Gün was pretty sure he’d found a big problem. In an email sent to one of his graduate students, Philip Daian, at 7:30 p.m., Gün noted that the smart contract he was looking at might have a problem—on line 666. (They say the devil is in the details.) Gün feared the bug could allow a hacker to make unlimited ATM-like withdrawals from the millions, even if the attacker, who’d have needed to be an investor, had only $10 in his account. This staggering amount of money lived inside a program called a decentralized autonomous organization, or DAO. Dreamed up less than a year earlier and governed by a smart contract, the DAO was intended to democratize how ethereum projects are funded. Thousands of dreamers and schemers and developers who populate the cutting edge of computer science, most of them young, had invested in the DAO. This was real money, a quarter of a billion dollars, their money, meant to build a better version of the world, and every cent was at risk. Gün, who wears his dark hair short and looks a decade younger than his 45 years, had already been tracking and publicizing flaws in the DAO’s design. A few weeks earlier, on May 27, along with two colleagues, he’d urged investors to stop buying into the DAO until security issues could be fixed. It had been too late, however, and the program went live the next day. Smart contracts such as the DAO are built to be entirely reliant on their code once released on the ethereum blockchain. That meant the DAO code couldn’t be fixed. Other blockchain experts—including Peter Vessenes, co-founder of the Bitcoin Foundation—had also pointed out security flaws in the smart contract, but Gün appears to be the first to pinpoint the flaw that put the money in jeopardy. The problem was the code was so new that no one knew what to ­expect—or even if there was actually a problem in the first place. Gün had his doubts, too. This wasn’t even his job. He does this for fun. Daian didn’t think they’d found anything either. Over email, he said, “We might be up the creek ;).” Later, when Gün pointed to the error in line 666, Daian replied, “Don’t think so.” Gün says, “We don’t sound the alarm bell every time we find a bug that seems suspicious.” Instead, he went to bed to try to kill his cold—the one bug he knew to be real. “I was too miserable to sort it out,” he says. Four days later, Christoph Jentzsch lay on the floor of his home office, taking deep breaths, trying not to panic. It was Friday morning, and software developers all over the Western world were waking up to the news that the DAO, which Jentzsch had created, was being attacked. Gün had been right. Jentzsch, who has dark hair and a perpetual five o’clock shadow, lives with his family in the Mittweida region of Germany, a rural spot not far from the Czech border. Mornings in the Jentzsch household are a whirlwind as he and his wife get their five children—age 2 to 9—fed and off to school. Yet today, after his brother Simon woke him with a call that the DAO was being hacked, Jentzsch had to ignore his familial duties. “You’ve got the kids,” he told his wife. “I have an emergency.”
This is the story of one of the largest digital heists in history. And while you may have heard last year that hackers breached Swift, the bank-to-bank messaging system, and stole $81 million from Bangladesh’s central bank, the DAO attack is in a different category altogether. It played out in front of anyone who cared to watch and couldn’t be stopped. Just as the global WannaCry ransomware attack in May laid bare weaknesses in computer operating systems, the DAO hack exposed the early frailties of smart-contract security and left many in the community shaken because they hadn’t found the bug in time. The aftermath would eventually pit good hackers against bad ones—the white hats vs. the black hats—in the strange and futuristic- sounding DAO Wars. The roots of the DAO belong to an idea Jentzsch borrowed from another internet-fueled phenomenon: crowdfunding. The 32- year-old Jentzsch, a theoretical physicist by training, and a few colleagues started Slock.it in 2015. As they considered how to fund the company, Jentzsch approached it as many had—sell a digital currency, effectively a token, to raise cash. But why should each new startup have to program its own initial coin offering? Jentzsch wondered. What if one huge fund ruled them all? He introduced his idea to the world at DevCon 1 in London in November 2015. “What is the blockchain way of creating a company?” Jentzsch asked his audience. “Of course, it has to be a DAO.” It would work like this: Ether, a virtual currency like bitcoin, would be used to fund and develop applications on the ethereum blockchain—things such as making a music app similar to iTunes or a ride-sharing service along the lines of Uber. Investors would buy DAO tokens with their ether; the tokens would allow them to vote to fund projects they liked. If the app they backed made money, the token holder shared in the profit. In the six months he spent creating the DAO, Jentzsch thought it would raise $5 million. From April 30 to May 28, the DAO crowdfunding pulled in $150 million. That’s when ether traded just below $12. As the price of ether rose in the following weeks to $20.75 the day before the attack, so too did the value of the DAO, putting a $250 million target on this thing Jentzsch had unknowingly brought into the world with a fatal, original sin. “Our hope was it would be the center of a decentralized sharing economy,” says Jentzsch, who now regrets not capping the amount raised. “For such a big experiment, it was way too early.” In the weeks after the attack, Jentzsch and the rest of the ethereum community would come to grips with their own crisis that, writ small, echoed the bank bailouts and government rescues of 2008. “It became too big to fail,” he says. But why would anyone invest in the DAO in the first place? It has something to do with the strain of digital libertarianism at the heart of the ethereum community, much like the set of beliefs that led to the birth of bitcoin. Think of bitcoin as the first global currency whose use can’t be stopped by governments or corporations; on top of that, bitcoin is almost impossible to hack. Ethereum, then, is another level beyond. It’s an uncensorable global computer. As amazing and unprecedented as that is, it’s also a bit terrifying. Brought to life, the DAO ended up staggering off the table and turning on the community that wanted it so badly. Accustomed to working into the night to stay in touch with colleagues in North America, Jentzsch blows off steam by jogging or kayaking on the nearby Zschopau River. Yet on that Friday morning, he had the more pressing task of pulling himself up off the floor and dealing with the attack. “I went into emergency mode: Don’t try to save the DAO,” he says. “No, it’s over.”
It was far from over. Several hours later and half a world away from the Jentzsch household in Mittweida, Alex Van de Sande was waking up in his apartment in the Copacabana neighborhood of Rio de Janeiro. The baby-faced ethereum developer had been born in the small fishing village of Santa Cruz Cabrália in the Bahia region of Brazil and moved with his parents to Rio when he was about 3 years old. These days he’s known as “avsa” on Reddit and Twitter. After reaching for his phone to see why it was blowing up with Skype messages, he turned to his wife and said, “Remember when I was telling you about that huge unhackable pile of money?” She nodded. “It’s been hacked,” he told her. His first thought was to get his DAO tokens out. He owned about 100,000 of them, valued at about $15,000 at the time. He’s the lead designer of the Ethereum Wallet app, a program that allows him and anyone else to interact with the blockchain. Van de Sande scrambled to log in to it, but his password didn’t work. It was glitching, and as he worked to fix it, his panic subsided. He realized he shouldn’t be bailing on the DAO but trying to save it. And to do that, he needed Griff. Griff Green, who’s worked variously as a massage therapist in Los Angeles and a community organizer in Seattle, is one of only a handful of people in the world who holds a master’s degree in digital currencies. He got it online, natch, from the University of Nicosia. A self-described “dreamer,” the 32-year- old is the closest thing Ethereumville has to a mayor. Green knows everybody; in fact, he’d been the first to relay word of the attack to Simon, Jentzsch’s brother and a co-founder of Slock.it. Green had been working for Slock.it for about six months by then and woke up that morning in the house belonging to Jentzsch’s mom in Mittweida. Jentzsch is one of nine children, so his mother had a spare bedroom where she could put Green up for a few days. Using his extensive contacts, Green started identifying as many people as he could who were interacting with the DAO—going so far as to ask strangers to send pictures or scans of their IDs—in an attempt to sort friend from foe. And then something strange happened: The attack stopped working. In the six hours since the attack began, the thief had managed to steal 30 percent of the DAO’s 12 million ether—which that day equaled about $55 million. “We don’t even understand why the guy had stopped,” says Van de Sande. Now Green raced to protect the remaining 70 percent of the DAO the attacker hadn’t stolen. Once Van de Sande got in touch with Green in Germany, along with two or three others, the foundation was laid for what would become known as the Robin Hood group—white hat hackers who’d devise a bold good-guy plan to drain the remaining DAO. To save the DAO, they’d have to steal the remaining ether, then give it back to its rightful owners. And yet as they scrambled that Friday, qualms emerged within the group. “What does it even mean to hack something?” Van de Sande asks. No one knew if what they were about to do was legal. Also, wouldn’t their hack look just as bad as the theft they were trying to stop? Then there were the practical issues. “Who pushes the button?” he remembers wondering. Doing so would initiate their counterattack and alert the community. “Someone has to push the button.” The price of ether the night before the attack had hit an all-time high of just above $20. News of the hack sent it tumbling to $15 by the end of Friday, wiping out almost a half- billion dollars in market value. At that price, the DAO still held $125 million, and the Robin Hood group worried the attack would resume. They might be the only line of defense if it did, so Van de Sande agreed to use his DAO tokens to fuel their counterattack, thereby becoming a public face of the group. At this point, it might help to think of the DAO as the spacecraft in Alien after Ripley initiates the self-destruct sequence. To flee, she’s forced to use an escape pod. DAO investors had to initiate a similar sequence to deploy escape pods that would allow them to get their ether out of the DAO. The code that dictated the escape pods’ behavior is where the bug lived, so to steal the remaining DAO funds the Robin Hood group would have to be in a pod to exploit the flaw—and because of the way Jentzsch wrote the DAO, they had only a short window of time and just a few pods to choose from. A few minutes before launching the attack, Van de Sande joked on the group’s Skype chat, “Let’s go rob a bank!” No one laughed. “Not everyone really appreciated the humor,” he says. In his Copacabana apartment, Van de Sande readied to push the button on his laptop. Then, suddenly, he lost his internet connection. His router was down. “I was like, What the f--- is going on here?” he says. He had less than 30 minutes left to execute the Robin Hood hack. He frantically called NET, his Brazilian internet service provider, but couldn’t get past the automated customer ­service experience. He says the robotic voice told him, “We see there’s an internet issue in your neighborhood.” The irony was not lost on him: Here he was trying to steal millions of dollars from a robot but was being waylaid by another robot. “Then we missed,” he says. The window closed. He went from the high of feeling like they were about to come to the rescue of the vulnerable DAO to the crushing low of having their international connection severed by NET’s breakdown. He took his dog, Sapic—named after the one in Pedro Almodóvar’s All About My Mother—for a walk, then crawled into bed, defeated. The next morning was Saturday, and Van de Sande tried to reconvene the Robin Hood group to infiltrate ­another escape pod. But folks were busy and couldn’t get together. “We felt like the worst hackers in history,” Van de Sande says. “We were foiled by bad internet and family commitments.”
Who, exactly, were they at war with? No one really knows, but there are some clues. One address the attacker used is 0xF35e2cC8E6523d683eD44870f5B7c C785051a77D. Got that? Like everything else in a blockchain, a user’s address is an anonymous string of characters. But every address leaves behind a history on the blockchain that’s open for examination. Not that it makes sense to 99.9 percent of humankind, but Green gets it. To pull off his heist, the attacker needed to create a contract that would interact with the DAO. He did so on June 15 and deployed it in the early morning hours two days later, according to Green. Once activated, the attack contract started sending about $4,000 worth of ether through the attacker’s account every three or four minutes to drain the DAO. But where did the original money to fund the attack come from? To interact with the ethereum blockchain, every contract must be funded by an amount of ether. This attack contract was funded by two addresses, but tracing it further back becomes tricky. That’s because the second address used an exchange called ShapeShift to send 52 ether into its account on June 14. ShapeShift doesn’t collect any information on its users and says it turns one virtual currency, such as bitcoin, into another, like ether, in less than 10 seconds. While there are valid reasons for using ShapeShift, it’s also a great way to launder digital assets and ­cover your tracks. After the attack contract stopped working, the thief needed to deploy it again, says Green. He tried but failed, and after a few more transactions, the hack whimpered to an end. (One possible reason the attack stopped, Green says, is that the hacker’s tokens became corrupted, which means he had no way to exploit the bug.) We know this limited amount of one-sided information from the blockchain’s public record. Digital asset exchanges see both sides. An internal investigation by one such exchange concluded that the DAO attacker was likely part of a group, not a lone wolf, based in Switzerland, according to an executive there who wouldn’t speak on the record or allow the company’s name to be used. ­Exchanges are in the unique position of being able to analyze the trading activity of their customers because they know who they are, even if they’re anonymous on the blockchain. The executive says the exchange shared the analysis with the Boston office of the FBI, though there’s been no further contact since October of last year. Cornell’s Gün says he also spoke to the Boston office of the FBI—and to agents in the New York office and to the New York State Attorney General’s Office. “It’s very difficult to coordinate an attack of this kind without leaving breadcrumbs behind,” Gün says. He encouraged the FBI to look at the ethereum testnet, where programmers can run their code in a safe environment to work out kinks. The attacker wouldn’t just launch such a complicated hack without testing it, Gün says he told federal officials, and the feds might be able to get clues to his identity there. Gün says he also pointed them to addresses linked to the attacker, such as the one described above, that were listed by his grad student Daian on his blog. (The FBI declined to comment.) “I’m absolutely amazed. Why has no one traced this back and found out who did it?” asks Stephan Tual, the third co-founder of Slock.it. “It still bugs me to this day, because what that person has done is incredibly unethical.”
On Tuesday, four days after the initial attack, the hacker returned and somehow resumed the heist. The Robin Hood group had feared this moment would come and was ready. Early Sunday morning they’d finally managed to convene online and successfully infiltrate an escape pod, but had held off their counterattack. Now they had no choice. One strike against the group was their distance from one another—one in Rio, others scattered about Europe. (Some of the group’s members didn’t want to be identified for this story.) It was important that they coordinate their activities because, like in Charlie’s Angels, they all had different specialties: Green the community organizer, Van de Sande the public face, others who wrote the Robin Hood group attack contracts. So Van de Sande needed to be walked through the step-by-step hacking process they were about to unleash, because that wasn’t his area of expertise. “I’ll be honest, I was excited,” Green says. “This is the craziest thing that’s ever happened to me. This is the craziest thing that’s almost ever happened to anyone.” Whether it was legal remains an unanswered question. “You literally have cyber ninjas warring on the blockchain,” says Vessenes, the programming expert. “What they’re doing is almost certainly illegal, but they’re claiming it’s for the greater good.” And now it was Van de Sande’s job to let the community know that the Robin Hood group counterattack was benign. He took to Twitter, where he wrote “DAO IS BEING SECURELY DRAINED. DO NOT PANIC.” A nod to the classic Hitchhiker’s Guide to the Galaxy, his plea to not panic was met with all the snark and real-life concern Twitter can handle. “NOTHING SAYS DO NOT PANIC LIKE ALL CAPS,” one user responded. “#RealLife is more exciting than

MrRobot !!” tweeted another. Yet as the Robin Hood group attack

gained steam, they noticed something strange and worrisome—the attacker was with them in every escape pod. “We escaped the mother ship, but now we’re alone in space with the alien we were trying to escape,” says Van de Sande. This was a big problem. Because of how Jentzsch wrote his code, the Robin Hood group would have to wait several weeks before they could secure the ether they recovered. Yet if the attacker was in that escape pod with the group, he could just follow them—what’s known as a stalking attack. If the hacker stalked the Robin Hood group, the ether wasn’t really safe after all. “The game only ends when one of these parties doesn’t show up to fight,” Van de Sande says. This, in essence, is the heart of the DAO Wars, the never-ending battle that would have to be waged to keep the recovered ether safe. If only there were a way to reverse the theft once and for all.
What happened next is one of the strangest and most contentious episodes in blockchain’s early history. The morning of July 20 dawned cool and clear in Ithaca, N.Y., the home of Cornell. A weeklong ethereum boot camp on campus had brought developers and programmers from all over the world to town. The mood was anxious, but not because the workshops were about to begin. This was the day the ethereum community would decide to rewrite the past. The weeks since the DAO hack had been filled with acrimonious debate as developers, coders, investors, and other community members considered their options to undo the theft. As the Robin Hood group battled the attacker mostly in private, a public debate was raging. The white hat hackers weren’t the only ones trying to save the DAO. Jentzsch worked almost around the clock, fielding hundreds of requests from DAO investors on what they should do. Vitalik Buterin, 23, who created the ethereum blockchain before he was 20, became a focal point as he led the community through their options. In short, what they could do was change the ethereum blockchain to fix the DAO, but only if they got a majority of computers running the network to agree to a software update. Pull that off, and it’s as though the attack never happened. This is known as a hard fork. The decision stirred such strong reactions that it remains controversial a year later, both within the ethereum community and with bitcoin users who insist a blockchain’s history is never to be tampered with. In an interview in October, Buterin was unapologetic about pushing for the change. “Some bitcoin users see the hard fork as in some ways violating their most fundamental values,” said Buterin, who didn’t respond to requests to speak specifically about this story. “I personally think these fundamental values, pushed to such extremes, are silly.” Within the ethereum community, at least, Buterin’s views won the day, and computer nodes all over the world accepted the fork. Contained in block 1,920,000, the fix to the DAO was simple and did only one thing—if you had ether invested in it, you could now get it out. But why hadn’t the attacker made off with his money? It had been more than a month. The same code that exposed the DAO to the theft, in the end, enabled the ether to be returned. Everything to do with the DAO is a parameter: rules, if-then statements, and more rules that are all finalized before the program is set loose. One of these parameters stated that anyone wanting to get their ether out of the DAO had to wait a certain amount of time—27 days after the initial request, then another seven days. This fail-safe, written by Jentzsch, applied to the attacker as well. So even though somebody had effectively robbed a bank, he then had to wait 34 days before crossing the street to make his getaway. While he was waiting, the money was stolen back. A month after the original heist, the ether thief now had nothing to show for his caper. Back on the Cornell campus, ethereum boot camp attendees celebrated. The next day, Gün brought Champagne to the session he was teaching. He’d pasted makeshift labels on the Chandon bottles with a picture of the utensil that said, “Congratulations on the successful fork.” Then something else unexpected happened. The original ethereum blockchain, the one with the DAO attack in it, kept growing. Imagine a hard fork is a branch of a tree that sprouts in a different direction at the end of the main limb. The end of that limb is supposed to wither after a hard fork, but here it continued to grow as a small group of users continued to process transactions on that version of the blockchain. Instead of dying, this became a second form of ethereum, quickly dubbed ethereum classic, complete with a digital currency that now had value. Even in the ­science fiction world of blockchain, this was an unprecedented turn of events. It meant the DAO attacker suddenly had about 3.6 million ethereum classic coins in his DAO account, known as the DarkDAO, which were slowly gaining in value. The Robin Hood group held about 8.4 million, because in this parallel universe they still controlled 70 percent of the DAO funds they had recovered. The Robin Hood group couldn’t believe it. “We did everything to avoid this, but now we’re being dragged back into this fight,” Van de Sande says. Now, the bitcoin supporters who viewed the hard fork as a violation of the core values of blockchain could back up their belief by buying ethereum classic. That’s exactly what entrepreneur Barry Silbert, a heavyweight in bitcoin circles, did. “Keep in mind, the original chain is ethereum classic,” he says. “The fork is ethereum.” Putting his money where his mouth is, Silbert’s firm, Grayscale Investments, recently issued an investment thesis outlining the benefits to ethereum classic over ethereum. A section heading sums up the rationale: “The DAO and the Death of Principles.” Alexis Roussel, co-founder of Bity.com, a digital currency broker in Switzerland, still marvels at the aftereffects of the hard fork and the wild world of the blockchain. “This is something that doesn’t happen in traditional finance,” he says. “If something happens with Apple, you don’t suddenly have a clone of Apple.”
It’s been about a year since the DAO attack, enough time to take stock of what went wrong. Van de Sande is eager to move on. “It was really just a blip,” he says. “We are ready to move past it and leave the DAO story behind us.” Green, who’s organizing an ethereum conference at this summer’s Burning Man festival in the Nevada desert, has kept a sense of humor about it. “The Robin Hood group was just a s--- show,” he says with a laugh. “I hope the movie portrays it better than it actually was.” As for the bug itself, apparently many smart people looked at the code before Gün but missed one major flaw. The order of commands in the code allowed DAO token holders to withdraw any profit they’d made from their investments. It reads “withdrawRewardFor(msg.sender)” and adds, almost improbably, a note to anyone reading the code that says, “be nice, and get his rewards.” That’s line 667—let’s call it “The Neighbor of the Beast Bug.” If the withdraw line had come after these lines:
totalSupply -= balances[msg.sender]; balances[msg.sender] = 0; paidOut[msg.sender] = 0; return true;
the attack wouldn’t have been possible, Jentzsch says. But if the code had been in the correct order, the reward parameter wouldn’t have worked. As for the note, this line of code was meant to allow investors to withdraw any profit—“Reward”—their investments had earned. Instead it became one of the biggest backdoors in hacking history. It would have been better to not pay rewards during the split function from the DAO, what we’ve been referring to here as the escape pods, according to Jentzsch. Another decision he made when he had no idea of the bug shows how quirky and unforgiving code can be. “If the capital ‘T’ in line 666 had been a small ‘t,’ that would also have prevented the hack,” he says. Jentzsch has many regrets but insists no one was aware of the specific problems in lines 666-667 (other observers had pointed to flaws in other lines, just not here). Had more people looked, “it would have made no difference at all,” he says. “If you don’t know what to look for in a security audit, you won’t find it.” Even Gün, who had it in his grasp, let it go. “I still missed it,” he says. Green’s emotions are still raw related to Gün. “I actually got really pissed at him about this,” Green says. “He started bragging about how he found the bug.” He adds that it was “very irresponsible of him to not tell anyone of his inkling.” Still, Green “respects the hell out of Gün” and says they’ve since made amends. Asked to recount that night last June as he lay sick in bed, Gün says, “I came away from this thinking there’s potentially an issue.” But he’d consulted Daian, his grad student (“whom I trust”). Daian had said it’s “not exploitable.” Gün says that had he been certain of the danger, “I would have told people.” In a blog post that explained the mechanics of the DAO heist Daian published the night of the attack, he gave a shoutout to his professor in the acknowledgments. “Gün, we were so damn close—sorry it wasn’t quite enough this time :),” Daian wrote. As for the attacker (whoever he or she or they are) and the ethereum classic booty, Gün says, “Great, wonderful, he should cash out.” The hard fork proved it wasn’t just the DAO that needed to be fixed, but the ethereum blockchain itself. He says: “The fault lies somewhere on the system side as well.” But the fear that smart contracts are too clever by half and that by extension so is the ethereum blockchain itself—prevalent in the days following the DAO attack—has dissipated. At least that’s the market’s verdict, judging by the price of ether. After the attack, it traded from $10 to $12 for about nine months. Then in March it took off; it’s valued at $341.19 as of June 12. (That would have valued the DAO at $4.1 billion, but let’s not even go there.) Ethereum classic has risen as well, and it now trades for $18.71. Both versions of ether remain viable, in other words. The thief holds one; the revisionists, the other. Going forward, the choice is really: Whom would you rather believe? Since the hard fork, the attacker ended up making off with his ethereum classic. That means he got away with about $67.4 million, assuming the stash hasn’t been sold. Not too shabby, 0xF35e2cC8E6523d683eD44870f5B7cC785051a77D.
Leising covers market structure at Bloomberg News in New York.
To contact the author of this story: Matthew Leising inNew York at [email protected] To contact the editor responsible for this story: Joel Weber at [email protected]
submitted by Degoony to ethereum [link] [comments]

Bitcoin Q&A: Anonymity and confidential transactions Challenges with Anonymity BIGGEST DATA BREACH EVER (140 Million+) - Uber under FBI Investigation! - Bitcoin Banned in China? Twitter hack: FBI leads search for hackers who hijacked Twitter accounts, scammed bitcoins: RTRS Bitcoin Anonymity Basics

Why the FBI should be worried about Bitcoin. A leaked document from the FBI shows concern that cyber criminals treat Bitcoin as just another payment option alongside established virtual currencies. Despite analyzing Bitcoin transaction records publicly available is possible to retrieve sensible information related to the source and destination of the payments and to the bank account information or shipping addresses, the FBI enumerated several ways to protect user anonymity: Create and use a new Bitcoin address for each incoming payment. The notion that Bitcoin is completely anonymous is a widespread one. It is also incorrect even though transactions involving Bitcoin do not involve the transmission of personal information. It is possible for Bitcoin owners to protect their identity to a certain extent, but not completely. An individual can spend Bitc Uber’s ex-security head paid $100,000 in Bitcoin to cover up hack, says FBI In 2016, two hackers demanded a six-figure ransom for stolen personal data of 57 million Uber users and drivers. By Liam Frost. 3 min read. Aug 21, 2020 Aug 21, 2020. Bitcoin. Uber's ex-CSO allegedly paid the hackers off by funneling the money through a bug bounty program. Image: Shutterstock. In brief. A former ... The limitations of Bitcoin’s anonymity are covered as well, as a 2011 study by researchers from the University College of Dublin, Ireland is referenced that found that by examining transaction ...

[index] [13466] [6675] [41140] [4084] [8590] [35366] [21733] [40017] [28571] [1540]

Bitcoin Q&A: Anonymity and confidential transactions

We’ve discussed some amazing things that can be done with big data especially when an individual’s information is compared to a massive data set. Some of those examples however, can feel like ... Bitcoin Anonymity Basics - Bitcoin and Cryptocurrency Technologies Part 6 - Bitcoin and Anonymity Is Bitcoin anonymous? What does that statement even mean—can we define it rigorously? In other words Bitcoin does provide users with a bit of anonymity, but to claim it's generally "untraceable" in principle is pure paranoia on certain government officials' and journalists' part ... Disastrous Rowhammer bitflips, malicious developer steals Bitcoin with nodeJS module, Germany proposes router security guidelines, Uber fined 148$ Million for data breach cover-up, Microsoft yanks ... Keywords/phrases: Anonymity and confidential transactions. Blockchain.info disabling anonymous transactions. Cryptocurrency mixing as a CoinJoin-like anonymisation method. Serverless peer-to-peer ...

#