photo by Neubie (source: Flickr).

I was shifting through some blog comments last night, and came across one that was more than a little interesting (no, not death threats again… been there, done that)

I’m not usually a follower of underground sites or forums, and I certainly don’t go digging about to get price lists of interesting info (bank accounts, paypals, etc..) . So it was more than a little surprising that it came to me… and in response to a blog entry I wrote about Ian Iftach Amit’s Cybercrime|war talk from Blackhat of all things.

The comment below was posted from 41.210.30.66, an IP in Ghana (owned by Ghana Telecom ADSL DYNAMIC ADDRESS POOL). Maybe it’ll be an interesting tid-bit for some of you. For others, it’s an interesting reminder that our info isn’t worth hardly anything anymore!

Something I took away from this is the big difference in price between a US CVV $3, and an EU CVV $10. I’m not sure for the 3x increase in price, any thoughts?

The post below is slightly edited to cover some numbers and remove some FULL dumps… to protect the hopelessly 0wn3d!

Author : paypal1 (IP: 41.210.30.66 , 41-210-30-adsl-dyn.4u.com.gh)
E-mail : paypal.bank1@yahoo.com

PRICELIST OF STUFFS
Logins
Halifax 10K TO 85K
Hsbc 10K TO 80K
Wells 10K TO 90K
Rbc 10 TO 90K
10K TO 90K
Boa 10K TO 90K
Barclays 10K TO 90K
Citi 10K TO 80K
ALL TYPES OF LOGIN ASLO AVAILABLE…

PAYPAL(COUNTRY)
PAYPAL 10K TO 50K

LEADS(ALL COUNTRY)
MILLINOS LEAD WITH UNLIMITED SMTP FOR INBOX DELIVERY=100$

1 US CVV=3$
1 UK CVV=5$
1 EU CVV=10$
FULL CC with mmn,ssn,dob,pin=pm me for price
PHP Mailers inbox=15$
Webmailer=10$

1 US Fullz=30$
1 UK Fullz=35$
1 EU FULLZ=50$

Dump Writer and Reader Machine
MSR206 Reader/Writer 400$

US Dumps (101)(201)
US Mix (20Gold/20Plats/20Biz&Corp/40MCstandard&Classic)
bin of my choice 20$
US Classic 40$
US Debit Classic 50$
US MC Standard 60$
US Gold 100$
US Platinum 120$
US Business/Corporate 120$
US Purchasing/Signature 150$
US MC World 120$

Canada Dumps (101)(201)
Canada Classic 60$
Canada MC Standard 70$
Canada Gold 120$
Canada Platinum 150$
Canada MC WorlD 120$

Europe Dumps (101)(201)
EU Classic 120$
EU MC Standard 100$
EU Gold 140$
EU Platinum 150$
EU Business/Corporate 150$
EU Infinite 200$

ASIA DUMPS (101)(201)
Asia Classic 50$
Asia MC Standard 60$
Asia GolD 120$
Asia Platinum/Business/Corporate 150$

ITALY DUMPS (101)(201)
ITALY CLASSIC 50 $
ITALY PLATIUM 150 $
ITALYINFINIT 200 $
ITALY MC STANDAR =60$

GERMANY DUMPS (101)(201)
GERMANY classic=50 $
GERMANY BUSINESS/CORPORATE/PLATIUM=150 $
GERMANY GOLD=120
GERMANY MC STANDARD=60$

SPAIN DUMPS (101)(201)
SPAIN CLASSIC=50$
SPAIN PLATIUM=150$
SPAIN MC STANDARD=60$
SPAIN BUSINESS=150$
SPAIN INFINITY=200$

MEXICO DUMPS(101)(201)
MEXICO CLASSIC=50$
MEXICO BUSINESS/CORPORATE/PLATIUM=150$
MEXICO GOLD=120$
MEXICO MC STANDARD=60$

!!!! I HAVE ALL COUNTRIES DUMPS +PIN+BIN!!!!

Transfers WESTERN UNION(w u t r f) AND BANK TRANSFER
WU Transfer 10% upfront of whatever amount you want me to transfer for you…
BANK Transfer 10% upfront of whatever amount you want me to transfer for you…
eg: if you want $1000 you will have to pay $100 upfront.

SAMPLE DUMPS+PIN!!!!!!!!!!
Track1 : Xx2176531046971xx^AMY/HILTON M^xx0610127352005210000xx ,
Track2 : xx176531046971xx=xx03101383678xx
Pin : 18xx

Track1=xx325560610187xxWYATT/ROBERTSONxx071011714100002710000xx
Track2=xx325560610187xx=xx0710110000424000xx
pin:56xx

CVV ALL COUNTRY SAMPLE

Demo US
<STRIPPED DEMO DUMPS>

Demo UK
<STRIPPED DEMO DUMPS>

Demo CA
<STRIPPED DEMO DUMPS>

Demo au
<STRIPPED DEMO DUMPS>

demo FR
<STRIPPED DEMO DUMPS>

demo japan
<STRIPPED DEMO DUMPS>

demo italy
<STRIPPED DEMO DUMPS>

demo ger
<STRIPPED DEMO DUMPS>

Weeds also Available

SSN SOCIAL SECURITY NUMBER
DOB DATE OF BIRTH
DL DRIVING LINCENSE
MMN MOTHER MAIDEN NAME

CONTACT INFORMATION

CONTACT US IF YOU DONT UNDERSTAND ANYTHING ABOUT THIS STUFFS AND ALSO IF YOU WANT TO BUY MORE YOU CAN CALL THE NUMBER BELOW OR EMAIL ME:

YAHOO:paypal.bank1@xxxxx.com
ICQ:604716xxx

VALID AND FRESH INFO FOR SELLE PM ME
WE MAKE SURE YOU ARE SATISFIED WITH WHATEVER YOU ARE BUYING AND YOU GET IMMIDIATE DELIVERY OF STUFFS AFTER PAYMENT………WE DONT GIVE DEMO NOR SAMPLES NOR TEST ….. EVERY STUFFS 100% FRESH AND LIVE.

* Sorry about the long post… Contact me for the unedited version (if you have good reason obviously!)

Flash forward to a month later and the selections are made for mentors and mentees…. so, drum roll please….. Who did I get partnered with….. None other than Jayson E. Street (incase you don’t know him… here is a picture). How ironic… especially considering my comments on Twitter when I made my application. Still, Jayson is a friend and a great guy. So I’m sure this will work out great.

So, to my first steps as a mentee…. time to change my image. It needed an update, the fat English guy look wasn’t working for me anyway. So here it is. The new mentee look…

The journey has only just begun…. there are many choices still to be made, and I’m sure Jayson will guide me through them. The hard ones however, I’ll have to make myself….

Hopefully I’ll have made the choice before DefCon rolls around!

Links

• Who’s your mentor baby –> http://blog.c22.cc/2010/05/05/whos-your-mentor-baby
• InfoSecMentors –> http://infosecmentors.com
• InfoSecMentors (Twitter) –> @InfoSecMentors
• Jayson E. Street –> http://www.dissectingthehack.com
• Jayson E. Street (Twitter) –> @JaysonStreet

Snazzy title eh… Well I thought it was apt for the story I’m about to tell. Take a seat children, this ones getting get interesting.

Now, some people in the security industry might already be aware of a company called LIGATT, run by the self proclaimed “World’s No.1 Hacker” Gregory D. Evans. If you’re not aware of him, then you’re one of the lucky ones. I’ll let you form your own opinions, because everybody should be able to make up their own minds. Still, to the point.

As part of my duties for the Eurotrash Security Podcast, I try to arrange interviews with people I think are interesting to talk to. Be that for good or bad reasons. In this case, Gregory Evans was on my list (oooh I feel like Santa) solely to address a number of questions about his recent “book” (together with the associated plagiarism claims), and a few other topics that can only be referred to as dodgy dealings, misguiding people and general nastiness. So starts the story.

– — – — – — – — – — – –

On the evening of Wednesday 16th, I called the offices of LIGATT in Atlanta and asked to speak to Gregory Evans to arrange an interview. After giving my name, I was put through to speak to Gregory to arrange the details. What followed was a short conversation where I explained who I represented (Eurotrash Security Podcast) and what we’d like… i.e. an Interview. Greg ran through what he though about the plagiarism accusations and we arrange to talk again the next evening for a full interview once the whole Eurotrash crew was assembled. When booking the final appointment with his secretary I provided her with the URL of my blog (blog.c22.cc) and she gave me Gregory’s the Skype ID (ligattsecurity) to add ready for the interview.

Less than 15 minutes later, the following comment was received on my blog under the Books (as in book reviews) section.

Now I’m usually a calm guy. People usually like me and I try to get on with everybody equally. I think I do an OK job at that personally. However I don’t like to be threatened…. and threatening my friends and family is certainly stepping across the line.

Now, some things need to be made clear. This message doesn’t give a name. However the information contained within it leaves very little to the imagination, and little doubt who the originator of the message is. This is only compounded when you look at the IP information and track back where in the world this comment originated from. Cue the WHOIS music….

So the IP Address (74.228.197.214) belongs to BellSouth in Atlanta, Georgia. Surprise, surprise, this is the same town where Gregory Evans has his head offices. The very same place I was calling not 15 minutes earlier. I’m sure that’s just a co-incidence though, right!

Anyway, lets break down these colourful words and niceties to see what’s being said.

Chris, 20Plus or what every you want to go by

I usually go by Chris… this is my name after all. It makes sense.

You dick head. I wish I had known it was you I was just on the phone with.

You did know it was me… or at least you would have if you’d a) being paying attention to your secretary, b) not been too busy raging about how you’ve been hard done by and people are wrong accusing you of plagiarism.

I see you have books listed above but you did not write any of them.

This is correct…. just like you, I’ve never written a book. I do however have a few books I’ve read and like to recommend should people want some good books to read. The CEH Study Guide isn’t on the list however. Sorry. In other news it’s also 2010!

If you think that you are better than me, then put up the money and challenge me! If not shut the fuck up! I can out hack you any day.

Sorry, I don’t have a million dollars, and to be honest if I had to sell myself to get it, I’d rather stay without. However seeing as you’ve already being taken up on your challenge by Chris Nickerson, I fail to see the issue here… that is unless you plan to dodge that response and pretend you never saw it. Here’s a screenshot incase you missed it the first few times you were told.

I will now go after you family first! You fucked up! You let me find out who you really are! Now you must go! Bitch!

Right… so by “let me find out who you really are” you mean, I told you who I was. Unlike you, I’m not hiding from things. This is my blog, I have my name on it. I also gave you my name and affiliations on the phone. You really need to concentrate more. Hacking is all about attention to detail! Feel free to use that quote on your Twitter feed… no attribution required!

I will have my friend in your home country tracked down everyone you are friends with and your family and see what you are all about!

No need for tracking me down…. here’s my GPS coordinates (48.850385,15.096588). Please let me know when you’re coming past, I’ll cook fairy cakes or something. On a side-note, we arrest people in Austria for threatening behavior. Come to think of it, I think you do that in the US too. Anyway, lets move on. There’s more!

I have more money and power than you will every have!

See how good this “nigga” is now!

I don’t see any power… all I see is the threats of a little man who’s lashing out at everything and anything he finds threatening. I pity you, really I do.

Now you might have noticed I’ve resisted saying things like “you threaten my family and my friends again and I’ll cram those words down your throat using a strangely large kitchen utensil“… not because I can’t say them, or because I’d need to waste my precious time hunting for an oversized spatula at the local flea market, but because I’m more of a man than to resort to your childish tactics and lower myself to your level.

I can accept you feeling threatened by me and others in the InfoSec community. Threatening me might have seemed like your best plan of action. Intimidate me into silence. Seems like a fair enough game to play. Still, as I said, I draw the line when it comes to my friends and my family. I suggest you think about what you’ve done, take a timeout and re-evaluate your life.

If the susbtitles are a little large and don’t fit the screen, please click the video and view it directly on YouTube’s site.

TV-Total

09 November 2009

Stefan Raab (Host/SR): Now we have a young man with us that, How should I say, some people may see him as a criminal, but he’s a hacker. He’s a very very sincere hacker. He was the youngest hacker to speak before Microsoft and CIA experts at the worldwide hacker conference in Las Vegas. please welcome, Mr Peter Kleissner.

<entrance music>

SR: Hello Peter, you’re 18 years old ?

Peter Kleissner (PK): Yes that’s right.

SR: So how criminal are the things you do ?

PK: Half criminal

SR: Not criminal at all ?

PK: Half criminal

SR: Oh, half criminal ! Have you already had problems with the authorities ?

PK: Partially, but nothing really serious

SR: Why what have you done ?

PK: Because I haven’t done anything very criminal such as hacking into bank accounts…

SR: But you could when you wanted ?

PK: Theoretically

SR: Theoretically ?

PK: Yes

SR: Na na na <roughly translates to tsk tsk, naughty>

<crowd laughs>

SR: So how endangered are normal computer users without much awareness ?

PK: Well I’ve also hacked your website. Yesterday.

SR: You’ve hacked our website ? What have you hacked ? what can you do with it ?

PK: Well when you go on my blog, or on twitter, there’s a link to the TV Total website that says that the program is cancelled.

SR: You can do things like that ?

PK: Yep. The people read that

SR: And then ?

PK: Then they think the program’s cancelled.

SR: Oh ok. You can do that of thing. Very interesting. Do you already know how long you have to spend in jail for that ? or …

PK: Ui <surprised>

SR: .. hasn’t it arrived in the post yet ?

PK: It’s on its way

SR: Can you only do that kind of thing on websites, or could you get access to the private… the private email account of… “Angela Merkel”

PK: Yes, with enough equipment and time

SR: Really ?

PK: It happens all the time that famous people have their accounts hacked and their emails made public. It happens a lot.

SR: What do you have to take care of if you’re a normal computer user ?

PK: When you get an email from me, I wouldn’t open the attachment.

SR: So that means you have to open the email ?

PK: Yes thats the vulnerability.

SR: So if you don’t open up the email from unknown senders then nothing can happen ?

PK: Yes

SR: or is it enough when I’m just online ?

PK: It depends. There are various possibilities.

SR: So you sit in a car with an antenna looking for wireless networks to hack into, so that you can see which porn sites the other people are looking at currently ?

PK: Yes

SR: You could do that ?

PK: Yes. But I don’t

SR: <laughs> Do people think that you don’t do it ?

PK: No

SR: This opens up loads of possibilities. How did you get into it ? what did you have to learn to be able to do it ? Was it hard to learn ? you’re only 18 after all. How long have been look into this subject ?

PK: I started about 2 years ago, I worked for an Anti-virus company and I learnt everything about viruses there.

SR: You have recently done a presentation at the world-wide hacker conference in Las Vegas, and spoken there with Microsoft and CIA experts. Can they learn something from you ?

PK: definitely !

<crowd laughs>

SR: So they can learn something from me, I can tell you how I got into your website and how to prevent it.. as long as you give me money. Is that your business model ?

PK: My business model is that I tell software developers how to secure their systems.

SR: That’s what I said.

PK: Yeah well, kinda.

SR: So you first find a potential customer and show them the failures in their software. In cases where it might happen again you can sell them a system/process to prevent it ?

PK: Exactly

SR: Isn’t that blackmail ?

PK: No. Only the way you say it.

SR: So it’s a business model…

PK: Yes

SR: .. you would say

PK: definitely

SR: Is that how you want to earn money in the future ?

PK: Yes, I already do like this. It works well

SR: Putting all this aside, the hacking of a website is already a criminal act !

PK: Yes

<Peter looks for nearest exit / crowd laughs>

PK: That’s right.

SR: What kind of fines would you have to pay if you got caught ?

SR: If you hack a site like TV-Total and write that the programs cancelled for example !

PK: But normally nobody is interested in that

<crowd laughs>

SR: If nobody goes to court, then there’s no crime ! <proverb>

<crowd laughs>

PK: There’s still foreign countries I can escape too

SR: Ok, but then you’re never allowed back !

PK: <laughs>

SR: That’s not so… Ah yes, you have to go back to Austria. Austrians look forward to going home !

SR: So what does the future hold for you ? You’re still in school correct ? You’re doing your A-Levels ?

PK: Yes

SR: And then ?

PK: I want to go to University. To study Computer Science (Informatik)

SR: I thought you already knew everything  ?

PK: Not everything, there’s still something to learn.

SR: Ok

PK: … and to brag !

SR: To brag ?

PK: Yes. I have to spend my time somehow.

SR: Do you need some special equipment for what you’re doing ?

PK: No a normal notebook is enough.

SR: A normal notebook ? and then the right knowledge.

PK: Exactly.

SR: Understood. So I wish you, at the very least with your legal activities, every success… and keep your fingers away from illegal stuff. Promise me that ?

PK: Yes

SR: Peter Kleissner ladies and gentlemen.

<entrance music>

There’s only so much information you can fit into a 4 minute lightening talk, luckily enough Paula had arranged a breakout room for Q&A after the talk, and it was packed. Seems like it’s not just me and Benny (@security4all) interested in this topic.

If you want to find out more information about Paula’s talk, and Polyphasic sleep in general check out the following links .:

• http://twitter.com/p4ula
• http://en.wikipedia.org/wiki/Polyphasic_sleep
• http://barcampcologne.mixxt.de/networks/wiki/index._sleephacking
• http://hackaday.com/2005/10/16/hacking-sleep/
• http://www.explosiveapps.com/ (iPhone app)
• http://easywakeup.net/ (iPhoone app)
• ….

Rough translation – “We’ll see who disses who”

I’ve met Peter a couple of times now, as I’ve seen him present over in Las Vegas, as well as at HAR2009 in the Netherlands. He also did a presentation of the Stoned Bootkit at one of the CERT.AT meetings in Vienna. I didn’t really talk that much with him at these events, but he seemed an ok guy. A little young and idealistic, but that’s not a bad things most of the time.

I didn’t manage to catch the segment live, although a couple of colleagues watched. The reviews they gave were not particularly shining. So after getting back from work today I decided to take a few minutes to search YouTube for a link and see what  was discussed. There’s a lot I could say about the interview, but I wont. Right now there isn’t an English translation, and I’ve not really got the time to make one. I’d much rather leave people to form their own opinions before I give mine.

For those interested here is the YouTube version of the TV Total interview (6:28) in the original German. If anybody out there wants to do a German/English translation, please let me know. It might be a while before I can get round to writing one up.

The caption on the video roughly translates to “When I grow up, I’ll be a hacker”

EDIT: Youtube video fixed.

Posted in Security, Strange Tagged: hacker, peter kleissner, TV Total ]]> http://blog.c22.cc/2009/11/10/peter-kleissner-on-tv-total/feed/ 1 ChrisJohnRiley kleissner http://blog.c22.cc/2009/10/18/number-of-the-beast/ http://blog.c22.cc/2009/10/18/number-of-the-beast/#comments Sun, 18 Oct 2009 00:21:17 +0000 ChrisJohnRiley http://c22blog.wordpress.com/?p=933 Continue reading →]]> Well I’ve finally hit the milestone I’m sure everybody on Twitter aims for at one point or another. I’ve managed to brain-wash 666 people into following my inane ramblings and random comments on Twitter. I’m sure I’d have hit this milestone a lot quicker if I didn’t have a horrible tendency to block anybody who looks remotely like a bot (there are a lot more than you’d think), and of course n3td3v, I blocked him too to stop him retweeting anything (who’d want to be associated with that kind of thing ???). Sorry if you weren’t a bot, thems the breaks

In celebration of this milestone I’ll make sure to bite the head off a bat at the next available opportunity. Next up 1337, at which point I hope to release a stunningly uninteresting XSS  zero-day exploit in an application nobody uses or cares about. Keep an eye out for that one…

3 Months stats – twittercounter.com

Posted in General Life, Strange Tagged: 666, Number of the beat ]]> http://blog.c22.cc/2009/10/18/number-of-the-beast/feed/ 0 ChrisJohnRiley 666followers 2009-10-18-021922 http://blog.c22.cc/2009/10/16/strange-twitterings-from-the-bbc/ http://blog.c22.cc/2009/10/16/strange-twitterings-from-the-bbc/#comments Fri, 16 Oct 2009 12:02:40 +0000 ChrisJohnRiley http://c22blog.wordpress.com/?p=922 Continue reading →]]> Earlier today I was catching up on some tidbits of world news from various sources when I stumbled across something that caught my eye. BBC World News offer a twitter feed of their latest headlines. I sometimes browse the list to see whats going on in the world and to reaffirm my opinion that we’re all doomed. Today however a specific article in the list caught my eye.

“It’s Time To Legalize Cannabis.”

This snippet of news, and the associated link didn’t really fit with the other news. For starters the capitalisation and use of the American spelling of legalize (legalise). There was also the fact that a majority of other news snippets started off with BBC Business News, whereas this didn’t. By using Twitters search function I could also see that the exact same tweet had been sent out on a regular basis for at least 10 days (possibly longer). The last thing that made me think this wasn’t really a tweet from BBC_News_World was the from label under the tweet

Whereas all other tweets come from Twitterfeed, these are the only ones that report to come from twitRobot. Very strange.

By pulling up the link on a test system the bit.ly link took me to a Facebook cause with the same title at the tweets posted through the BBC Twitter feed “It’s Time To Legalize Cannabis”.

By pulling up the bit.ly statistics I could see that this link had been actively used since the end of September and had been clicked over 665 times. It also showed the original creator of the link as a user called therealtwitter. This appears to be the name used when Twitter automatically shortens a URL in a post for the user. So no tracking information there unfortunately.

More detailed information can be found on the bit.ly info page for this link. Including breakdown of clicks by country and clicks by referrer. By looking at the referrer stats it’s evident that this bit.ly link is also being sent out through email and IM.

Although the Facebook cause at the end of the link appears benign at first appearance, it certainly warrants further investigation into why this link is spreading through the BBC Twitter feed (possibly without their knowledge). This cause could be something as simple as a person trying to drum up members for their cause. Then again it could just as easily be a phishing site designed to steal logon credentials, or perform attacks against the users browser. Further work is needed to see exactly whats behind this.

If I receive response regarding this I’ll certainly post a followup. Until then, watch out just incase.

Information and slides for the presentation are available on the HAR2009 Wiki.

PDF’s are available that provide details on the Security Assessment of the Internet Protocol and Transmission Control Protocol that were carried out on behalf of the UK CPNI (United Kingdom’s Centre for the Protection of National Infrastructure).

Fernando Gont unfortunately didn’t turnup to do the talk. At the moment we’re unsure why, and wouldn’t like to speculate (things just happen sometimes). Hopefully he’ll get rescheduled for sometime later tonight/tomorrow.

Press release: on Thursday, August 13, during the lecture The Complex Ethics of Piracy by Peter Eckersley, a HAR2009 visitor jumped to the stage, took the microphone and tried to express his believes to the audience. When HAR2009 people tried to stop him, he became agressive and was escorted off the terrain. During subsequent actions, the police has apprehended the man who is now in custody.

Seems like somebody got a little over excited and will be missing the remainder of HAR (and most probably the next one as well if he’s on the bad boy list). I’m sure there will be some pictures at somepoint… there always is when police are involved

Remember, the speakers are stressed enough. It’s not any easy job at the best of times to stand infront of a jury of your peers and present a new idea, theory, or idea. This kind of thing should never happen.