Social engineering as an attack method
“ Only for fun ” - this is the motto we often used when attacking any systems. For a rather short period of its activity a large amount of material has accumulated. I was faced with the task of how to organize it. The purpose of this article is not to learn hacking. These are just stories in which the attack is described only superficially by social engineering. Basically, it is hacking of any web systems in which the human factor plays an important role. The very concept that you can hack something without a single line of code makes hacking the system interesting and unique. Social engineering is not just a science. There is no single universal hacking scheme in this way. In each case, the hacker develops his own way to achieve a specific result.
“Man is the most reliable and at the same time the most vulnerable source of information.”
A. Bredinsky
At the time of 2013, Skype was one of the most popular instant messengers. At that time, Skype was already part of Microsoft. Bugs and vulnerabilities found almost every day. Then many errors were covered, for example, with recovery using a password token, improper filtering, etc. But zero day mistakes still existed. One of the most powerful flaws was in the Skype security service. It’s not strange, but the support service, which was supposed to protect the accounts, also gave the hacker access to them. It is difficult to call it a bug or an error, but the operation of the system is determined by its whole integrity. And if some function of the program is working incorrectly, it can be fatal. This example is based on real events and demonstrates the beauty of social engineering.
If you do not remember your password, Skype will kindly send the code to restore it to your email. But we do not know the mail of the victim. And in general, we know almost nothing about the victim. On the Skype site was a form to apply for the restoration of a lost account. For this, several points were needed:
')
• Mail associated with the account;
• The approximate date of creation of the account;
• Last login date;
• 3 or more of your friends in your account list;
• And also - the date of birth, the country and a few not so important points (I’ll just omit them).
Knowing all this data, you can access your account. By sending this application in those. Skype support, within 24 hours you will receive a notification about a positive or negative decision. If all the data is correct, then the victim's account is tied to your mail, and you can recover the password on the site within a minute. It would seem nothing complicated.
At the first stage, the victim is analyzed and the necessary data is collected. By adding the victim to our contact list, we can see the date of birth and the country, if the user did not hide them. But in 90% of cases they are publicly available. If they are hidden, then you can try to "pierce" the victim by login through Internet search engines. Find a victim in social networks or other sites where you can find the date of birth. Many people often leave their contacts on forums or other Internet sites. Such data is easy to beat in the search. Sometimes you can connect the "Dork", with which to optimize the search. You should always try to squeeze out the search engines to the maximum, not paying attention only to the first links, because they are relevant, but only in the opinion of the search engine. But in general, each "standard" user tries to put his country of residence, doing everything "by default" and not hiding anything.
The last entry date is not a problem to find out if the victim is on your contact list and we see her status. Skype does not show when you were last online. But you can send a file to the victim. Wait a few days and if the file is not sent, it means that the user has not yet logged in to the account. In this case, you can specify in the application - "more than 2 days ago." But with the date of creation of the account more difficult, but, as a rule, those. support is not particularly demanding on this item and we can only indicate the approximate month and year. Here we are helped by collecting information about the victim - her activity plays an important role in this matter.
Punching three friends from the victim list is more difficult. As a rule, I did not use this and just added from three different accounts to the victim as a friend. It is very important that these are not new accounts registered at the same time.
The last and most interesting step was breaking through the mail linked to the victim’s account. Until 2013, there was an interesting “fitch” on facebook, which was nevertheless removed due to the massive hacking of accounts, and maybe because of the disclosure of confidential information about a person. The meaning was simple: facebook allows you to search for friends from various instant messengers and other social networks. We create an account on facebook, go to the tab “add friends”, select via skype, enter your login and password, and facebook imports all contacts from your skype account to the site, while in front of each contact we can see its mail.
This was necessary so that Facebook could find your friends on the social network via this mail. Soon, Skype still closed the transfer of email. Sometimes, at this step it was already possible to stop and hack Skype victims. We will return to this later.
Before applying, it was very important to clarify one point. If the victim is in England, and you are trying to submit an application via IP, say Italy, then the Skype administration will have very serious doubts and will be refused 99%. Therefore, it was necessary to configure the proxy server on the country of the victim.
After specifying all the data we have collected, it is necessary to describe the history of loss of access to "your" account. On behalf of the victim, we write about the following:
"Hello. I was on vacation last month. After returning home, I could not log in to my account. I am not sure that I remember my password exactly, but I suspect that fraudsters could get my data, because I cannot enter the mail either. Please help me. ”
After forming and sending an application, within a day you will receive a response to a new mail, which you indicated in the application. If the support service approves it, then the victim's account will be linked to this very mail, and you can go to the Skype site and reset the password. In my case, everything was simple. I hacked a certain category of people who almost always were online, always added you to their contact list and all personal data was open - date of birth and country.
This method is based on non-existent mail tied to the victim's Skype. Sometimes, registering an account on any site, people often write a set of characters instead of real mail. Since they simply don’t want to waste time, they either don’t remember their email or don’t want to confirm their account.
As mentioned earlier, facebook allows you to identify mail tied to the victim’s Skype. Recognizing it, we may see the mail of this type "fjdfdji38h9h9id@gmail.com" or "fdjhfdh39h@jhjfhgfohg.com". In the first case, we will go to gmail.com and try to register a new mail with the name “fjdfdji38h9h9id”. If everything works out, then we can just reset the password to this email. Account hacked. In the second case, the site with the name "jhjfhgfohg.com" does not exist at all. We create a host, bind this domain name to it, raise the mail service and create mail there with the name “fdjhfdh39h”. Thus, we have mail “fdjhfdh39h@jhjfhgfohg.com”, to which we can also send the password from Skype.
After many successful hacking attempts, those. support nevertheless noticed a huge influx of applications for restoration. They tightened the requirements and now for successful hacking you need to know the data of the victim by 100%. In addition, the method of breaking mail on Facebook was no longer working.
A social engineer never loses one way to hacking. It develops, exploring all possible paths, because in every smallest detail a fatal error can be hidden. So it was. The Qiwi payment system was not very secure at that time, so it endured a series of attacks. But how to connect Kiwi and Skype, you will think and drop this idea. Just not a social engineer.
Exploring the Skype password recovery form, you can stumble upon an interesting item. Skype offers the ability to make calls around the world using internal balance. It can be replenished through most payment systems, including the Visa card. If you have ever replenished your Skype balance, you can specify this data in the application and skype support will be more than enough to identify you as the account holder. Very interesting ... Kiwi is convenient because it integrates many services, including Skype. By registering in Qiwi by phone number, you are assigned a virtual card with a number, date of issue and a pin code. And making payment through kiwi, you formally pay with a card. The bottom line is that Qiwi allows you to replenish your Skype account balance, and you just need to know Skype login.
Eureka!
Enter the victim's login in kiwi and replenish the balance for a couple of dollars. We look at the payment history in kiwi and choose our check. We need the transfer number, date and amount. Specify these data in the application for the restoration of Skype. We write the similar text:
“Hello, I forgot the password, but my mail was blocked, so there is no way to reset the password. Please bind my account to a new mail. I attach the data on the replenishment of my card balance »
It is important not to indicate in the application that we filled up the balance through Kiwi, but to create a story that used their personal card. For Skype, this moment was very important for identification, so they simply closed their eyes to all other points and gave you access.
There are quite a few ways to make money on the Internet, but they are all either ineffective or “black”. We were never people capable of atrocities and theft from honest people. However, they were interested in money. To clean the swindler on the Internet seemed not such a black matter.
During the dawn of synthetic drugs, entire forums for the sale and purchase of narcotic drugs opened. Dealers needed special protection, but their channels were not so secure. As a rule, communication with clients was carried out through vulnerable messengers such as skype, jabber and good old icq. The dealers accepted payment mainly on the most popular EPS *, but mainly on Kiwi Wallet by phone number. On the balance of these wallets were a lot of money. Getting access to the Qiwi wallet means getting this money. Drug dealers did not accept any files, did not follow external links, tried not to enter into close contact with the client. All we had was the Qiwi wallet number.
* electronic payment system
Technical support Qiwi was skeptical about restoring access to the wallet. If you lose access, you can recover your password only if you have a SIM card in your hand. Then we began to think how to get a duplicate SIM card. The first step, we called the mobile operator and tried in any way to forward SMS messages and calls to your number, which ended in failure. But we found out that, on the basis of a general power of attorney, you can still get a duplicate SIM card. However, this method was very dangerous and difficult.
The bottom line was to break through the passport details of a person registered on the SIM card. Then find a person for whom it will be possible to issue a general power of attorney. After that, this person will have to come to the cellular office and get a SIM card. But to compile a general power of attorney, you also need a second person who owns a SIM card, so the idea seemed to be in vain. However, we still decided to check for yourself. My friend had a general power of attorney for his relative. We came to the department and were amazed that the operators did not check this power of attorney for the presence in the registry, which means that you can specify a completely non-existent notary and draw any seal. Roughly speaking, the document can be completely forged without the participation of the victim.
At hacker forums there were people actively offering their services to break through * information about any mobile number. The cost was relatively low, so we took advantage of it. Having received the wallet number for the payment of narcotic drugs from the dealer, we handed him a punched **. In fact, these are the same operators in mobile offices. An hour later, received passport details of this number. They took as a basis the pattern of general power of attorney, previously used by my friends. Rewrote the data, rewrote the seal and name of the notary. Put another signature and everything is ready. Having come to the office to the operator, it was very alarming, but they acted without giving a look. Having twisted the fresh printed power of attorney in the hands, the operator issued a SIM card to the new passport data without any questions and gave us a hand within 5 minutes. Too easy. We immediately sent a password recovery code on the Kiwi website and recovered the password in a minute. We worked so very long and it brought a lot of money.
Once the operators suspected frequent visits to the office and decided to check the power of attorney. Everything worked out and we managed to leave. According to this scheme, you can work if you follow special precautions. Firstly, it was necessary to visit different offices at intervals of about 1-2 times a week. Secondly, people must constantly change. The reason for which we restored the SIM card, the operators did not ask. They were little worried about the document itself. They did not even make a scanned copy. All of these mistakes were the result of the irresponsible attitude of the office workers.
* check or find out information about someone, something
** person providing breakdown services
Frankly, this was not so difficult to guess. It was harder to implement. And so, almost all means of payment, as well as mobile operators, provide the ability to use USSD requests. There were such teams on the Kiwi site too. I will explain in accessible language. Suppose you have a Qiwi wallet on which the USSD function is activated. It is activated in the settings of the wallet and, as a rule, is turned on automatically. If you have a SIM card in your phone, then you can make a simple sms transfer with the command “transfer 89123456789 1000” to number 7494. 1000 rubles will be debited from your account and transferred to the account of another kiwi wallet with number 89123456789. , if you fake the sender's number and, say, not having a victim's SIM card at hand, send an SMS with the transfer of funds to your wallet. Services for sending SMS with the substitution of the sender existed and actively worked, and many of them are completely free. They were intended for practical jokes, but we use them for our purposes. The problem was that it was impossible to fake requests for short numbers! Then another question arises, should a short number have to be attached to something? And yes, indeed, every short number has a federal one. And I managed to find it. More precisely, there was not even one number, but a whole corporate group. The number was issued to the LLC Bifri company, the “mobile information” tariff was used, the balance on the number minus 400 thousand rubles. The main thing is that if you send an SMS to this number, it will automatically be redirected to a short 7494. What you need!
We start the attack. We find a working service with SMS substitution of the sender. We indicate as the sender the number of our victim, the recipient's number is the federal Qiwi number, and in the body of the letter we write the following command: “transfer 89123456789 1000”, where 89123456789 is our Kiwi number. We send SMS and 1000 rubles are withdrawn from the victim’s account and transferred to our number - 89123456789. The maximum amount that could be transferred was 5000 rubles each. Therefore, several teams had to be executed at once if there was a large amount on the wallet. The feast was not long. Kiwi changed the ussd system, adding confirmation by SMS. In addition, mobile operators have forbidden to replace SMS via third-party gateways. Some services still worked, but it didn't matter anymore.
I do not remember when the Internet was monetized so widely. Increasingly, people are trying to go online to find different ways to make money. Earnings forums offer such schemes as “white” and “black”. Of course, one can argue for a long time that all white schemes are useless, since no one would share the ideas of a business that supposedly brings millions, and the price of this idea is a measly 5,000 wooden ones. Therefore, the most striking examples of earnings can be seen precisely in the "black" schemes. These include: carding, hacking, fraud, ddos, extortion, trafficking in illegal items and drugs, and much more. Firstly, it really makes a profit. Secondly, it is illegal. Thirdly, the demand for these services is quite high.
I did not have a goal and a desire to engage in black business. I knew what this might lead to, but I actively hung out in this environment. I knew that most of these scammers are either scammers or middlemen and only a small percentage are real sellers. There were thoughts that you can cash in on these very scammers. Hacking hackers, throwing throw, extort extortionists. What could be better? So let's say, punish bad people, and even make a profit for it.
It is no secret that the most profitable in the dark side of the Internet were people involved in money laundering and cashing, as well as drug dealers who sell drugs. In general, studying the "dark web", the choice fell on drug dealers. Initially, they used our favorite clumsy skype, old icq, as well as jabber and Brosix. The icq burglary topic will be further disclosed.
I knew how to crack skype using various methods, so we easily cracked 3-5 stores a day. By accessing the dealer account, one could be content with a huge base of customer-sticks. Their number depended on the reputation of the store. The essence of the earnings was to replace the store wallet with your own, for which the clients paid money. The minimum cost of a couple of grams of synthetic substances was about 1 thousand rubles. Clients were different and sometimes 1 client paid up to 20 thousand rubles at a time. Earnings reached 100 thousand rubles a day. Not bad?
We have not always used such a rough method. First, customers understood that they had been thrown, so the customer base was quickly shrinking, and the store was quickly dying. Hmm ... If you think so, then we close the shops of substances, we ruin the business of dealers and we also get money for it. Where in this time was the FSB and Federal Drug Control Service? (joke). Most dealers offered a large ransom for their hacked accounts. Often we agreed and let the dealers work further, but after a while they came back to them. In less than six months, all dealers completely abandoned Skype.
Those who used icq were also vulnerable. There were many ways to hack ICQ, but only a few knew about them. I used social engineering and all the same way through technical support. ICQ support required one important point: it is necessary that 3-5 friends from your contact list confirm that this is your account. It's all as with Skype, we add from three fakes to the victim, we support communication during the week. Then leave a request in those. support and confirm with these fakes that the account belongs to us.
Here, too, have their loopholes. The specific version of the client icq 6.x allowed to see the email associated with the account directly in the user's personal data. It is only necessary to add a victim, and she, in turn, must authorize you. Then you can view her mail if the victim has registered ICQ not on the phone. And then we go to the mail and break it. Many mails were non-existent, which gave a 100% chance of success. We simply created this mail and sent it a password from the ICQ site. It was very simple. We hacked some emails by picking a password, some by a secret question, others were found in hacked websites in public databases. In general, the ways of hacking mail to the heap. At that time I even had an active XSS on the rambler and a couple of bugs on other services.
This is one of my favorite methods, based on extortion, but we will extort money from all the same traffickers. The question immediately arises: what are we going to blackmail them with?
The widespread use of Qiwi wallets spawned more and more ideas and ways of hacking. When the main methods were covered, I noticed one point in the support service. The fact is that we could block any kiwi wallet. The reason was the following. We write the text allegedly from ourselves and ask to block our kiwi wallet, because we have lost the phone with a SIM card and are afraid for our money. The support service kindly blocks all operations on the wallet, as well as the entrance to the wallet itself. But there is one very important condition! If you do not provide a passport and an agreement for the wallet number within 15 minutes, the wallet will be unblocked. Formally, we can block any wallet for 15 minutes. How to use it - I immediately understood.
I added to the dealer in icq and wrote that the wallet was blocked until I received a certain amount. I should have spent no more than 15 minutes on this dialogue, so that I could get the money before the wallet is unlocked. I get money, it takes a couple of minutes and the wallet works again. If the amount on the wallet is really large, then the dealer is afraid for it, so he has no choice but to pay the ransom.
Since the main electronic payment system on the Internet was Kiwi, which remains today, most of the wallets have become actively blocked. Kiwi understood who used their system and tightened the rules of use. First, Kiwi imposed limits on cash. For this it was necessary to pass a long-term identification. Second, they blocked wallets for no particular reason. And it took weeks to unlock the wallet. For this purpose, special services were created that offer services for unlocking wallets. They took a certain percentage for this job. Locked wallets fell to me, too, since I could punch through data and draw the necessary documents for unlocking. All anything, but unlocking it became harder and harder. And then I decided to check out one strange thing. I wrote to technical support that I lost my SIM card and ask you to temporarily block your wallet. Strange, but the answer came to me that those. support has blocked the number. In fact, she blocked the already blocked wallet. I waited. And after 20 minutes, the wallet was unblocked. I was able to log in with the same username and password and withdraw money. I did this with a couple of dozen wallets, after which Kiwi suspected something and told me that she could not block an already blocked number.
I believe that the robot was blocking, so he did not pay attention to the fact that the wallet was initially frozen. I suppose that due to active circulation according to a certain scheme, one of the bank employees discovered this error and made corrections.
This article is for informational purposes only. We remind you that intentional hacking of systems is fraught with legal consequences.
Skype attack
“Man is the most reliable and at the same time the most vulnerable source of information.”
A. Bredinsky
Support
At the time of 2013, Skype was one of the most popular instant messengers. At that time, Skype was already part of Microsoft. Bugs and vulnerabilities found almost every day. Then many errors were covered, for example, with recovery using a password token, improper filtering, etc. But zero day mistakes still existed. One of the most powerful flaws was in the Skype security service. It’s not strange, but the support service, which was supposed to protect the accounts, also gave the hacker access to them. It is difficult to call it a bug or an error, but the operation of the system is determined by its whole integrity. And if some function of the program is working incorrectly, it can be fatal. This example is based on real events and demonstrates the beauty of social engineering.
If you do not remember your password, Skype will kindly send the code to restore it to your email. But we do not know the mail of the victim. And in general, we know almost nothing about the victim. On the Skype site was a form to apply for the restoration of a lost account. For this, several points were needed:
')
• Mail associated with the account;
• The approximate date of creation of the account;
• Last login date;
• 3 or more of your friends in your account list;
• And also - the date of birth, the country and a few not so important points (I’ll just omit them).
Knowing all this data, you can access your account. By sending this application in those. Skype support, within 24 hours you will receive a notification about a positive or negative decision. If all the data is correct, then the victim's account is tied to your mail, and you can recover the password on the site within a minute. It would seem nothing complicated.
Step 1. Collect information
At the first stage, the victim is analyzed and the necessary data is collected. By adding the victim to our contact list, we can see the date of birth and the country, if the user did not hide them. But in 90% of cases they are publicly available. If they are hidden, then you can try to "pierce" the victim by login through Internet search engines. Find a victim in social networks or other sites where you can find the date of birth. Many people often leave their contacts on forums or other Internet sites. Such data is easy to beat in the search. Sometimes you can connect the "Dork", with which to optimize the search. You should always try to squeeze out the search engines to the maximum, not paying attention only to the first links, because they are relevant, but only in the opinion of the search engine. But in general, each "standard" user tries to put his country of residence, doing everything "by default" and not hiding anything.
The last entry date is not a problem to find out if the victim is on your contact list and we see her status. Skype does not show when you were last online. But you can send a file to the victim. Wait a few days and if the file is not sent, it means that the user has not yet logged in to the account. In this case, you can specify in the application - "more than 2 days ago." But with the date of creation of the account more difficult, but, as a rule, those. support is not particularly demanding on this item and we can only indicate the approximate month and year. Here we are helped by collecting information about the victim - her activity plays an important role in this matter.
Punching three friends from the victim list is more difficult. As a rule, I did not use this and just added from three different accounts to the victim as a friend. It is very important that these are not new accounts registered at the same time.
The last and most interesting step was breaking through the mail linked to the victim’s account. Until 2013, there was an interesting “fitch” on facebook, which was nevertheless removed due to the massive hacking of accounts, and maybe because of the disclosure of confidential information about a person. The meaning was simple: facebook allows you to search for friends from various instant messengers and other social networks. We create an account on facebook, go to the tab “add friends”, select via skype, enter your login and password, and facebook imports all contacts from your skype account to the site, while in front of each contact we can see its mail.
This was necessary so that Facebook could find your friends on the social network via this mail. Soon, Skype still closed the transfer of email. Sometimes, at this step it was already possible to stop and hack Skype victims. We will return to this later.
Step 2. Application
Before applying, it was very important to clarify one point. If the victim is in England, and you are trying to submit an application via IP, say Italy, then the Skype administration will have very serious doubts and will be refused 99%. Therefore, it was necessary to configure the proxy server on the country of the victim.
After specifying all the data we have collected, it is necessary to describe the history of loss of access to "your" account. On behalf of the victim, we write about the following:
"Hello. I was on vacation last month. After returning home, I could not log in to my account. I am not sure that I remember my password exactly, but I suspect that fraudsters could get my data, because I cannot enter the mail either. Please help me. ”
After forming and sending an application, within a day you will receive a response to a new mail, which you indicated in the application. If the support service approves it, then the victim's account will be linked to this very mail, and you can go to the Skype site and reset the password. In my case, everything was simple. I hacked a certain category of people who almost always were online, always added you to their contact list and all personal data was open - date of birth and country.
Alternative way to crack Skype
This method is based on non-existent mail tied to the victim's Skype. Sometimes, registering an account on any site, people often write a set of characters instead of real mail. Since they simply don’t want to waste time, they either don’t remember their email or don’t want to confirm their account.
As mentioned earlier, facebook allows you to identify mail tied to the victim’s Skype. Recognizing it, we may see the mail of this type "fjdfdji38h9h9id@gmail.com" or "fdjhfdh39h@jhjfhgfohg.com". In the first case, we will go to gmail.com and try to register a new mail with the name “fjdfdji38h9h9id”. If everything works out, then we can just reset the password to this email. Account hacked. In the second case, the site with the name "jhjfhgfohg.com" does not exist at all. We create a host, bind this domain name to it, raise the mail service and create mail there with the name “fdjhfdh39h”. Thus, we have mail “fdjhfdh39h@jhjfhgfohg.com”, to which we can also send the password from Skype.
Hacking Skype using "Fruit"
After many successful hacking attempts, those. support nevertheless noticed a huge influx of applications for restoration. They tightened the requirements and now for successful hacking you need to know the data of the victim by 100%. In addition, the method of breaking mail on Facebook was no longer working.
A social engineer never loses one way to hacking. It develops, exploring all possible paths, because in every smallest detail a fatal error can be hidden. So it was. The Qiwi payment system was not very secure at that time, so it endured a series of attacks. But how to connect Kiwi and Skype, you will think and drop this idea. Just not a social engineer.
Exploring the Skype password recovery form, you can stumble upon an interesting item. Skype offers the ability to make calls around the world using internal balance. It can be replenished through most payment systems, including the Visa card. If you have ever replenished your Skype balance, you can specify this data in the application and skype support will be more than enough to identify you as the account holder. Very interesting ... Kiwi is convenient because it integrates many services, including Skype. By registering in Qiwi by phone number, you are assigned a virtual card with a number, date of issue and a pin code. And making payment through kiwi, you formally pay with a card. The bottom line is that Qiwi allows you to replenish your Skype account balance, and you just need to know Skype login.
Eureka!
Enter the victim's login in kiwi and replenish the balance for a couple of dollars. We look at the payment history in kiwi and choose our check. We need the transfer number, date and amount. Specify these data in the application for the restoration of Skype. We write the similar text:
“Hello, I forgot the password, but my mail was blocked, so there is no way to reset the password. Please bind my account to a new mail. I attach the data on the replenishment of my card balance »
It is important not to indicate in the application that we filled up the balance through Kiwi, but to create a story that used their personal card. For Skype, this moment was very important for identification, so they simply closed their eyes to all other points and gave you access.
"Unripe QIWI"
There are quite a few ways to make money on the Internet, but they are all either ineffective or “black”. We were never people capable of atrocities and theft from honest people. However, they were interested in money. To clean the swindler on the Internet seemed not such a black matter.
During the dawn of synthetic drugs, entire forums for the sale and purchase of narcotic drugs opened. Dealers needed special protection, but their channels were not so secure. As a rule, communication with clients was carried out through vulnerable messengers such as skype, jabber and good old icq. The dealers accepted payment mainly on the most popular EPS *, but mainly on Kiwi Wallet by phone number. On the balance of these wallets were a lot of money. Getting access to the Qiwi wallet means getting this money. Drug dealers did not accept any files, did not follow external links, tried not to enter into close contact with the client. All we had was the Qiwi wallet number.
* electronic payment system
Power of attorney
Technical support Qiwi was skeptical about restoring access to the wallet. If you lose access, you can recover your password only if you have a SIM card in your hand. Then we began to think how to get a duplicate SIM card. The first step, we called the mobile operator and tried in any way to forward SMS messages and calls to your number, which ended in failure. But we found out that, on the basis of a general power of attorney, you can still get a duplicate SIM card. However, this method was very dangerous and difficult.
The bottom line was to break through the passport details of a person registered on the SIM card. Then find a person for whom it will be possible to issue a general power of attorney. After that, this person will have to come to the cellular office and get a SIM card. But to compile a general power of attorney, you also need a second person who owns a SIM card, so the idea seemed to be in vain. However, we still decided to check for yourself. My friend had a general power of attorney for his relative. We came to the department and were amazed that the operators did not check this power of attorney for the presence in the registry, which means that you can specify a completely non-existent notary and draw any seal. Roughly speaking, the document can be completely forged without the participation of the victim.
At hacker forums there were people actively offering their services to break through * information about any mobile number. The cost was relatively low, so we took advantage of it. Having received the wallet number for the payment of narcotic drugs from the dealer, we handed him a punched **. In fact, these are the same operators in mobile offices. An hour later, received passport details of this number. They took as a basis the pattern of general power of attorney, previously used by my friends. Rewrote the data, rewrote the seal and name of the notary. Put another signature and everything is ready. Having come to the office to the operator, it was very alarming, but they acted without giving a look. Having twisted the fresh printed power of attorney in the hands, the operator issued a SIM card to the new passport data without any questions and gave us a hand within 5 minutes. Too easy. We immediately sent a password recovery code on the Kiwi website and recovered the password in a minute. We worked so very long and it brought a lot of money.
Once the operators suspected frequent visits to the office and decided to check the power of attorney. Everything worked out and we managed to leave. According to this scheme, you can work if you follow special precautions. Firstly, it was necessary to visit different offices at intervals of about 1-2 times a week. Secondly, people must constantly change. The reason for which we restored the SIM card, the operators did not ask. They were little worried about the document itself. They did not even make a scanned copy. All of these mistakes were the result of the irresponsible attitude of the office workers.
* check or find out information about someone, something
** person providing breakdown services
Substitution
Frankly, this was not so difficult to guess. It was harder to implement. And so, almost all means of payment, as well as mobile operators, provide the ability to use USSD requests. There were such teams on the Kiwi site too. I will explain in accessible language. Suppose you have a Qiwi wallet on which the USSD function is activated. It is activated in the settings of the wallet and, as a rule, is turned on automatically. If you have a SIM card in your phone, then you can make a simple sms transfer with the command “transfer 89123456789 1000” to number 7494. 1000 rubles will be debited from your account and transferred to the account of another kiwi wallet with number 89123456789. , if you fake the sender's number and, say, not having a victim's SIM card at hand, send an SMS with the transfer of funds to your wallet. Services for sending SMS with the substitution of the sender existed and actively worked, and many of them are completely free. They were intended for practical jokes, but we use them for our purposes. The problem was that it was impossible to fake requests for short numbers! Then another question arises, should a short number have to be attached to something? And yes, indeed, every short number has a federal one. And I managed to find it. More precisely, there was not even one number, but a whole corporate group. The number was issued to the LLC Bifri company, the “mobile information” tariff was used, the balance on the number minus 400 thousand rubles. The main thing is that if you send an SMS to this number, it will automatically be redirected to a short 7494. What you need!
We start the attack. We find a working service with SMS substitution of the sender. We indicate as the sender the number of our victim, the recipient's number is the federal Qiwi number, and in the body of the letter we write the following command: “transfer 89123456789 1000”, where 89123456789 is our Kiwi number. We send SMS and 1000 rubles are withdrawn from the victim’s account and transferred to our number - 89123456789. The maximum amount that could be transferred was 5000 rubles each. Therefore, several teams had to be executed at once if there was a large amount on the wallet. The feast was not long. Kiwi changed the ussd system, adding confirmation by SMS. In addition, mobile operators have forbidden to replace SMS via third-party gateways. Some services still worked, but it didn't matter anymore.
Earnings on the Internet
"Break the huckster"
I do not remember when the Internet was monetized so widely. Increasingly, people are trying to go online to find different ways to make money. Earnings forums offer such schemes as “white” and “black”. Of course, one can argue for a long time that all white schemes are useless, since no one would share the ideas of a business that supposedly brings millions, and the price of this idea is a measly 5,000 wooden ones. Therefore, the most striking examples of earnings can be seen precisely in the "black" schemes. These include: carding, hacking, fraud, ddos, extortion, trafficking in illegal items and drugs, and much more. Firstly, it really makes a profit. Secondly, it is illegal. Thirdly, the demand for these services is quite high.
I did not have a goal and a desire to engage in black business. I knew what this might lead to, but I actively hung out in this environment. I knew that most of these scammers are either scammers or middlemen and only a small percentage are real sellers. There were thoughts that you can cash in on these very scammers. Hacking hackers, throwing throw, extort extortionists. What could be better? So let's say, punish bad people, and even make a profit for it.
It is no secret that the most profitable in the dark side of the Internet were people involved in money laundering and cashing, as well as drug dealers who sell drugs. In general, studying the "dark web", the choice fell on drug dealers. Initially, they used our favorite clumsy skype, old icq, as well as jabber and Brosix. The icq burglary topic will be further disclosed.
I knew how to crack skype using various methods, so we easily cracked 3-5 stores a day. By accessing the dealer account, one could be content with a huge base of customer-sticks. Their number depended on the reputation of the store. The essence of the earnings was to replace the store wallet with your own, for which the clients paid money. The minimum cost of a couple of grams of synthetic substances was about 1 thousand rubles. Clients were different and sometimes 1 client paid up to 20 thousand rubles at a time. Earnings reached 100 thousand rubles a day. Not bad?
We have not always used such a rough method. First, customers understood that they had been thrown, so the customer base was quickly shrinking, and the store was quickly dying. Hmm ... If you think so, then we close the shops of substances, we ruin the business of dealers and we also get money for it. Where in this time was the FSB and Federal Drug Control Service? (joke). Most dealers offered a large ransom for their hacked accounts. Often we agreed and let the dealers work further, but after a while they came back to them. In less than six months, all dealers completely abandoned Skype.
Hacking ICQ
Those who used icq were also vulnerable. There were many ways to hack ICQ, but only a few knew about them. I used social engineering and all the same way through technical support. ICQ support required one important point: it is necessary that 3-5 friends from your contact list confirm that this is your account. It's all as with Skype, we add from three fakes to the victim, we support communication during the week. Then leave a request in those. support and confirm with these fakes that the account belongs to us.
Here, too, have their loopholes. The specific version of the client icq 6.x allowed to see the email associated with the account directly in the user's personal data. It is only necessary to add a victim, and she, in turn, must authorize you. Then you can view her mail if the victim has registered ICQ not on the phone. And then we go to the mail and break it. Many mails were non-existent, which gave a 100% chance of success. We simply created this mail and sent it a password from the ICQ site. It was very simple. We hacked some emails by picking a password, some by a secret question, others were found in hacked websites in public databases. In general, the ways of hacking mail to the heap. At that time I even had an active XSS on the rambler and a couple of bugs on other services.
Buyout
This is one of my favorite methods, based on extortion, but we will extort money from all the same traffickers. The question immediately arises: what are we going to blackmail them with?
The widespread use of Qiwi wallets spawned more and more ideas and ways of hacking. When the main methods were covered, I noticed one point in the support service. The fact is that we could block any kiwi wallet. The reason was the following. We write the text allegedly from ourselves and ask to block our kiwi wallet, because we have lost the phone with a SIM card and are afraid for our money. The support service kindly blocks all operations on the wallet, as well as the entrance to the wallet itself. But there is one very important condition! If you do not provide a passport and an agreement for the wallet number within 15 minutes, the wallet will be unblocked. Formally, we can block any wallet for 15 minutes. How to use it - I immediately understood.
I added to the dealer in icq and wrote that the wallet was blocked until I received a certain amount. I should have spent no more than 15 minutes on this dialogue, so that I could get the money before the wallet is unlocked. I get money, it takes a couple of minutes and the wallet works again. If the amount on the wallet is really large, then the dealer is afraid for it, so he has no choice but to pay the ransom.
Hole in QIWI
Since the main electronic payment system on the Internet was Kiwi, which remains today, most of the wallets have become actively blocked. Kiwi understood who used their system and tightened the rules of use. First, Kiwi imposed limits on cash. For this it was necessary to pass a long-term identification. Second, they blocked wallets for no particular reason. And it took weeks to unlock the wallet. For this purpose, special services were created that offer services for unlocking wallets. They took a certain percentage for this job. Locked wallets fell to me, too, since I could punch through data and draw the necessary documents for unlocking. All anything, but unlocking it became harder and harder. And then I decided to check out one strange thing. I wrote to technical support that I lost my SIM card and ask you to temporarily block your wallet. Strange, but the answer came to me that those. support has blocked the number. In fact, she blocked the already blocked wallet. I waited. And after 20 minutes, the wallet was unblocked. I was able to log in with the same username and password and withdraw money. I did this with a couple of dozen wallets, after which Kiwi suspected something and told me that she could not block an already blocked number.
I believe that the robot was blocking, so he did not pay attention to the fact that the wallet was initially frozen. I suppose that due to active circulation according to a certain scheme, one of the bank employees discovered this error and made corrections.
Source: https://habr.com/ru/post/348496/
All Articles