Tweet
So, last night sucked big time for me.
Bit of Obligatory Background:
Last month, Big Script Company (BSC) that I work with a lot, went through a minor scandal because some guy posted on Facebook that he'd gotten a rather large payment from them. According to him, he was a grey hat hacker (We'll call him GHH), and found and exposed several large vulnerabilities in BSC, and was paid handsomely for it. BSC made no comment on the matter, but dang, people freaked out.
I didn't really think twice on it, until last night.
Around 9:30 pm I got a weird email through one of my nonprofit websites. It was stating that he found some vulnerabilities in my sites, and that I needed to pay him so he'd tell me what they were. Wait, what? I figured maybe it was a prank, and went about my business.
A few minutes later he emails me again, saying he is waiting for my reply, and I'd better "move quickly, and pay quick". Or else...something might happen to my websites.
Wait now, that's extortion. WTF.
I looked up the email address and surpriiiiise...it's GHH. Who is now moving nicely into black hat territory, apparently. GHH is now emailing me like crazy, and stating that I'm taking "much too long to pay".
Quite upset, I start backing up everything and backing up my databases as quickly as possible. While I'm doing so, I made a quick post summarizing what was going on, to a social network. One of my clients sees this, and take note this guy is practically made of money, and messages me.
"I'm sorry...I kinda paid him for this exact thing last month. Guess he saw your connection with me and... well... Looks like you're his new victim."
That's right. One of my super rich clients paid this guy for it, because, well, a couple thousand isn't all that much to him. So, since it's known that this guy is my client, GHH assumed that I must also be super rich, and is now targeting me.
All of a sudden, things get worse. I got an auto-email from my hosting company, notifying me that one of my databases is going haywire, and will be shut down shortly because of the massive load it's causing. Yep, GHH lost patience with me.
Thankfully, it's for a forum that I ran, that nobody'd used in months, so meh, I flat out disabled it. Big woop.
Super rich client then tells me that after he paid GHH, he went and bought a super expensive piece of software that scans websites for vulns and spits out a report that tells you every single darned hole that you have, no matter how small. It also lets you know if someone is currently attempting a hack, and where it is. Problem is, it does this by attacking your website. Hard.
Well, I have nothing else for it, and told him if he could, to go for it. I needed to know where he was.
So, the friendly fire began.
GHH contacts me, saying that since I'm not paying, he'll "show me just how vulnerable my sites are", and begins SQL injections. ugh. Thankfully, Rich messages me with the first hole, and spots the injection within minutes. Closed the hole, removed the injection...and continued to wait out the storm. GHH proceeds to double his attack as well, setting up more and more injections, and ALSO beginning an attack on my other databases.
Since there's not much I can do but 'huddle under a rock' at this point, I begin tracking down GHH. I promptly find his Twitter, his Facebook, where he goes to university, and his address. He's in India, so I'm kinda screwed there with going to the police. He also is a member of a white hat forum, that is supposed to quietly help people out with vulnerabilities on their sites. Um, yeah dude, you're NOT white hat. Far from it.
Eventually, Rich's attack slows, and he gives me the first report. Not too bad, but it found two holes that GHH was currently forcing his way through. Closed them up, and GHH's attack slowed noticeably. He even sent me an email, reminding me that I should totally pay him, and soon. Heh.
It takes hours, but Rich's software finally finishes, and he tosses me the reports. Its about the same for my sites, just a hole or two on each, but it's enough for GHH. I thank Rich, who heads to bed, and I proceed to go and do my best to try and close up each hole. I succeeded...at least enough to deflect GHH. His attacks came to a halt, and he sent me a couple more emails trying to get me to pay up, no longer saying that he would exploit vulnerabilities, though.
Finally got things wrapped up around 2 am, just....did not want that to be how I spent my night, you know? Going to have to try and have someone who is more versed in this stuff look over everything later, because I hope I did stuff right.
And seriously, I am concocting one of my evil revenge plans for GHH. He has no idea who he tangled with, and I'm SO going to make sure he gets payback for this. First stop's going to be the FBI, going to file a report/complaint with them today/tomorrow, and see what they say. I know he's in India, but I'm fairly sure we have a treaty of sorts, and with all the Lulzsec stuff...they're taking things like this more seriously. After that, I'm getting his forum account banned at the white hat place, and then...generally wreaking as much havoc on him as I can without drawing too much ire. I am seriously upset that he ruined my entire night, and gave me way more stress than I need right now.
Bit of Obligatory Background:
Last month, Big Script Company (BSC) that I work with a lot, went through a minor scandal because some guy posted on Facebook that he'd gotten a rather large payment from them. According to him, he was a grey hat hacker (We'll call him GHH), and found and exposed several large vulnerabilities in BSC, and was paid handsomely for it. BSC made no comment on the matter, but dang, people freaked out.
I didn't really think twice on it, until last night.
Around 9:30 pm I got a weird email through one of my nonprofit websites. It was stating that he found some vulnerabilities in my sites, and that I needed to pay him so he'd tell me what they were. Wait, what? I figured maybe it was a prank, and went about my business.
A few minutes later he emails me again, saying he is waiting for my reply, and I'd better "move quickly, and pay quick". Or else...something might happen to my websites.
Wait now, that's extortion. WTF.
I looked up the email address and surpriiiiise...it's GHH. Who is now moving nicely into black hat territory, apparently. GHH is now emailing me like crazy, and stating that I'm taking "much too long to pay".
Quite upset, I start backing up everything and backing up my databases as quickly as possible. While I'm doing so, I made a quick post summarizing what was going on, to a social network. One of my clients sees this, and take note this guy is practically made of money, and messages me.
"I'm sorry...I kinda paid him for this exact thing last month. Guess he saw your connection with me and... well... Looks like you're his new victim."
That's right. One of my super rich clients paid this guy for it, because, well, a couple thousand isn't all that much to him. So, since it's known that this guy is my client, GHH assumed that I must also be super rich, and is now targeting me.
All of a sudden, things get worse. I got an auto-email from my hosting company, notifying me that one of my databases is going haywire, and will be shut down shortly because of the massive load it's causing. Yep, GHH lost patience with me.
Thankfully, it's for a forum that I ran, that nobody'd used in months, so meh, I flat out disabled it. Big woop.
Super rich client then tells me that after he paid GHH, he went and bought a super expensive piece of software that scans websites for vulns and spits out a report that tells you every single darned hole that you have, no matter how small. It also lets you know if someone is currently attempting a hack, and where it is. Problem is, it does this by attacking your website. Hard.
Well, I have nothing else for it, and told him if he could, to go for it. I needed to know where he was.
So, the friendly fire began.
GHH contacts me, saying that since I'm not paying, he'll "show me just how vulnerable my sites are", and begins SQL injections. ugh. Thankfully, Rich messages me with the first hole, and spots the injection within minutes. Closed the hole, removed the injection...and continued to wait out the storm. GHH proceeds to double his attack as well, setting up more and more injections, and ALSO beginning an attack on my other databases.
Since there's not much I can do but 'huddle under a rock' at this point, I begin tracking down GHH. I promptly find his Twitter, his Facebook, where he goes to university, and his address. He's in India, so I'm kinda screwed there with going to the police. He also is a member of a white hat forum, that is supposed to quietly help people out with vulnerabilities on their sites. Um, yeah dude, you're NOT white hat. Far from it.
Eventually, Rich's attack slows, and he gives me the first report. Not too bad, but it found two holes that GHH was currently forcing his way through. Closed them up, and GHH's attack slowed noticeably. He even sent me an email, reminding me that I should totally pay him, and soon. Heh.
It takes hours, but Rich's software finally finishes, and he tosses me the reports. Its about the same for my sites, just a hole or two on each, but it's enough for GHH. I thank Rich, who heads to bed, and I proceed to go and do my best to try and close up each hole. I succeeded...at least enough to deflect GHH. His attacks came to a halt, and he sent me a couple more emails trying to get me to pay up, no longer saying that he would exploit vulnerabilities, though.
Finally got things wrapped up around 2 am, just....did not want that to be how I spent my night, you know? Going to have to try and have someone who is more versed in this stuff look over everything later, because I hope I did stuff right.
And seriously, I am concocting one of my evil revenge plans for GHH. He has no idea who he tangled with, and I'm SO going to make sure he gets payback for this. First stop's going to be the FBI, going to file a report/complaint with them today/tomorrow, and see what they say. I know he's in India, but I'm fairly sure we have a treaty of sorts, and with all the Lulzsec stuff...they're taking things like this more seriously. After that, I'm getting his forum account banned at the white hat place, and then...generally wreaking as much havoc on him as I can without drawing too much ire. I am seriously upset that he ruined my entire night, and gave me way more stress than I need right now.
I hope the FBI gets his ass, I hope your stuff is all right.
)
Comment