1330
IAMA ex hacker that came out of retirement to decommission a scammers website tonight. I am Paddyhack. AMAA
I've been asked to do this. Not sure how I can help. I may never return to Reddit under this handle again.... AMAA, you can understand why I can't tell you all.
This is the original post http://www.reddit.com/r/RBI/comments/xmntj/justice_is_ever_so_slightly_closer_xpost_from/
I'm very tired, so kind people of Reddit, fill in the blanks to anyone that doesn't know.
You're welcome to follow me on Twitter @paddyhack
Okay, to answer some reoccuring questions:
- If you want to learn to hack, there are a plethora of resources online. Google is your friend. Have a look for "hackthissite"
- No I will not hack a site for you. Fuck off.
- I don't plan to do anything else in the near future.
The OP of the previous thread got in touch, he's fine, and he's not fired, if a little paranoid for his actions. He asked me to let you all know.
Thank you for coming. I hope that I could share some light on the subject. I am finished for now, but I will remain answering select threads of conversation before I go back to bed. It's been fun. I may never reappear in this guise. ;)
Take care, and be good to each other... I may have to come back.
Paddyhack
paddyhack464 karma
I find this scenario highly unrealistic. I mean come on, a blow job from a hot blonde? Srsly? Everything else in that story seems legit. P.s. loved Swordfish.
bastardman327 karma
Did you create a GUI interface in Visual Basic to help track IP addresses?
paddyhack586 karma
Nah man, I'm to leet for that. I used COBOL. ;)
EDIT:Downvotes?? This was a joke. I actually hate the phrase 'leet'.
SketchyThaClown67 karma
I could never pick a language to devote myself to. And now I've found LOLCODE.
melodyne53108 karma
I've always been interested in what possesses a hacker to hack, i have a few questions:
1) Why did you hack? 2) did you make a living off of it? 3) Where you given contracts to breach government security or big corporations?
paddyhack198 karma
1, I needed a hobby 2. No, but if I was an asshole I'd be rich 3. Nope.
Jiminpuna101 karma
A white hat for you sir. Well maybe with some black stripes but still, well done.
paddyhack148 karma
Over a year or so. I made the decision to quit as I was getting too paranoid. Were there people after me, etc.
CowzGoesMoo58 karma
Was it the government? Did you find any cool secrets that you want to share? :D
paddyhack112 karma
I'm in talks with a sponsorship company at the minute to live my dream of making my fapping career go fulltime.
24oi92 karma
Are you a reverse engineer by nature? Have you always been the type to take things apart and figure out what makes said thing tick?
paddyhack183 karma
Yes! You get it. Well that's part of it. The other part of it, which was a major learning point was the human side of it. "There is no patch for human stupidity" is a great quote.
I remember dumping a few thoussand email usernames and passwords (cleartext) off a site and writing a script to make them log in to their email addresses. Had about a 75% hitrate. Basically, if you use your email password anywhere else but your email account.... you're gonna have a bad time
24oi15 karma
So true. And funny how 98% of people do exactly that! I've always had the itch but never the right environment to learn I suppose. Love the fact that people such as yourself can have a complete understanding of things from the most basic components on up.
paddyhack30 karma
That's the key. You sometimes need to know the ins and outs of stuff to see gaps in the fence.
HankHillWearingACape85 karma
Have you ever thought of taking down child porn sites? Or even terrorist websites?
paddyhack36 karma
I have thought about it, but that's a whole new level of dedication. From what I remember, those sites are only found on .onion. I've used that before, but always got pissed off with the latency issues, and ragequitted. If the opportunity presented itself, sure thing.
rpg78 karma
How come you post your twitter on here and on the defacement page telling people to follow you? Are you just another wannabe hacker seeking reputation on the internet like the majority of "hackers" on Twitter who revolve themselves around each other?
It's cool that you took down a group of scammers but I'm curious about the other stuff.
paddyhack137 karma
Nah dude. Internet rep is as important as Reddit karma. It's worthless. It was a calling card if anyone wanted to send me a message, that's all. Ironically, I hate those bastards with a passion,and this was my first deface per se. The reason I did the deface was to prove that I took down their entire system piece by piece irreversibly. I do understand where you're coming from.
That was another reason I decided to quit. Too many bitches just wanting to deface random sites 'for the lulz' and the knock some poor assholes site offline with a front page deface, they demand respect. Hope I made myself a little clearer. Excellent question. Possibly the best one I got tonight. :)
paddyhack49 karma
Oh I remember jester. Don't remember what he got up to. There were plenty of others that pissed me off though
UltimateHemorrhoid66 karma
If you were to hack someone's facebook account, how fast could you do it?
paddyhack230 karma
I am not a God. It depends on a ton of variables. Having access to their laptop to begin with is an excellent start. The question I ask you is, why the fuck would you want to hack someone's Facebook?
thatgamerguy491 karma
why the fuck would you want to hack someone's Facebook?
Probably to post a status about how his friend is gay.
UltimateHemorrhoid41 karma
It was a dumb question, I apologize. Let me ask a new question. How many major sites and/or systems have you taken down in your career as a hacker?
paddyhack94 karma
I generally don't take down anything. The majority of my breaches are probably still undiscovered. I don't want to give a number,
UltimateHemorrhoid39 karma
I respect you for keeping the number unrevealed. Good night Paddyhack
antonbe32 karma
Facebook is pretty simple to hack if they're using Wifi, especially if you have access to that network already, like in a coffee shop.
paddyhack61 karma
Yes. There are other methods out there but this requires NO experience to run. Spooky.
fluffyponyza51 karma
Yep. I'm a big fan of ARP poisoning, and then using MITMproxy. You'll be surprised at how many people install the root CA cert when prompted (I normally route them to the cert when they access Google). Hotel wifis almost never have AP isolation on, so it's perfect for this sort of thing.
Always uncovering, never malicious.
paddyhack47 karma
This.... This is a field that I have the most interest in. I've been studying Networking the last year, so seeing how ARP poisoning works is fascinating. MITM. Lots of fun with that!
securitytheatre27 karma
Working in network security and vulnerability management/pen-testing, I can tell you that expert understanding of networking is the most key part of pretty much every area of it-sec.
paddyhack41 karma
Exactly. When you see how traffic flows up and down the OSI model (and the protocols inbetween), you gain a massive insight. I think that Wireshark was the best tool for me when I was understanding what happens on the network.
paddyhack136 karma
If you read the previous posting, you'll see what happened. Whenever I hear of shit like this, I almost instinctively do a reconnaisance on their site, look for obvious holes, etc. I spotted one almost immediately, and posted to Reddit saying that I found something nice. I have no time for assholes like that.
24oi87 karma
And we all thank you for your swift and effective action! I can't stand assholes such as them either but don't have the know how to take action like you did.
paddyhack130 karma
I suppose for me it's the danger element. Being somewhere that I'm not supposed to, and getting one up on a person. Also, the education of learning it was the biggest thrill for me. If you've ever learned to pick a lock, you know what I mean.
Boneclinks61 karma
Are you afraid of getting caught for this or any and all other escapades you have been involved in?
paddyhack87 karma
Not any more. I was very paranoid for a while. I've taken precautions to make sure that I don't leave any trail, and any trail that may be found, doesn't lead back to me.
ICantThinkOfAnythin53 karma
I'm a scrub when it comes to "covering your tracks." Is it even possible to go "7 proxies deep"? I know the whole 7 proxies thing is a joke, but I was wondering if there was any truth to that at all.
paddyhack102 karma
It's technically possible, but the latency (delay) of your connect would suck balls. Even tunnelling 2-3 servers has shitty lag. I may have always been using sucky tunnels though!
the-sheep20 karma
Did you study in Ireland? I'm in DIT at the moment, Curious to know what college you may have gone to.... and thanks for the AMA... Really interesting
paddyhack36 karma
Thanks. No I don't study in college at the minute but I see that DIT have a digital forensics course that I'd love to do.
rwat12855 karma
How good are Chinese and/or Russian hackers really? Does China or Russia really have an advantage over the US in terms of cyber warfare?
paddyhack101 karma
I'm only speculating, but I believe so, yes. One main advantage would be the "no fucks given" attitude as it is believed that the chances of getting caught are slim to none. Where the USA would find and prosecute 'cyberterrorists', it is feasible, that theses people could be drafted in as their country's internet army. Again, pure speculation.
[deleted]6 karma
internet army
now here's a term that's quite a bit different than the context I usually read it in.
Do you think country's will/are doing this? An "army" of computer/tech related people to fight "cyber wars" (as the movies would call them)
paddyhack13 karma
With counties relying more and more on a network infrastructure, it would be foolish to assume otherwise. Stuxnet is an example of this that seems to be a Govt funded mission.
paddyhack128 karma
The question I ask is.... When will hacking in the movies be the same as in real life?
You see glimpses of nmap running in The Bourne Ultimatum, then they try to penetrate The Guardian Newspapers server to gain access to the guy's email account. A plausible tool to use there.
Hack the Gibson? When the fuck did a security system look like a NES?
movzx28 karma
Have you seen Person of Interest (TV show)? I'm actually impressed with the lingo they use. It's not totally batshit. They still suffer from MovieOS, but I get a kick out of calling my girlfriend in to the room and saying "That thing he said is correct! Those are real words!"
paddyhack39 karma
"I have worked around the algorithmic bypass module by redirecting the UDP headers and rehashing the proxy ports, spoofing the scanner sockets with a 256bit AES encryption". All the words seems to make sense, but together, are complete bullshit.
24 and NCIS are classic offenders of this.
paddyhack37 karma
Request: Can someone please email this person http://adamsteinbaugh.com/2012/08/03/searching-for-info-on-thelocaldirectoryassistance-com/ and point him to the previous page? He was looking into seeing if TheLocalDirectoryAssistance.com was fraudulent, and also if it was linked to a “Yellow Pages” scam. Yes it was.
EDIT: Wrong link
Thank you so much
goodreverend36 karma
Ha. That's me. Don't worry, I've been following along here and on Twitter. I just wanted to build some evidence and describe how the scam operates, and share with people how to track down scammers, similar to the series Popehat did. I was using some purposefully vague language about it maybe being a scam to avoid the risk of defamation liability.
shallowpersonality37 karma
I read the thread about 12 hours ago and saw the youtube vid of the guy giggling and having fun trying to hinder the bottom feeder. Now I'm reading about your progression the case and developments.
Can you do an "explain it like I'm a 5 year old", on what it takes to ruin a bottom feeders payday. If it's too complicated, fugetaboutit.
paddyhack60 karma
Since you posted a favourite of mine, I'll bite.
Apart from ruining his business, if you're able to put a name or a face to the perp, you have done a lot. This method is called doxing, and requires no hacking skills per se, but good knowledge of search engines. Say I give you a name and a city along with a few details. You google them and maybe you come up with a phone number, a website, an email address, Facebook page etc. A lot of scammers hide behind a persona, and once they are revealed, that can do a lot of psychological damage to them. As dox gets posted around the web, their name gets associated with their past. You can let the 4channers and script kiddies do the rest. That's one answer. I hope that suffices.
shallowpersonality23 karma
I asked my question before reading about cleartext and passwords (no clue, just sounds ominous). I got scared.
Your description sounds like the bottom feeder will become exposed. From there they will have to do 2 things: 1. Create a new identity to continue making money and 2. Try to avoid any heat brought upon by the exposure. Hopefully the cops will become interested. From the original thread I remember $100,000 being a # for official interest. $500/scam x 200 scams = $100,000.
to dissuade any hacks pointed at me. "I just wanna ride, man." Thanks
paddyhack33 karma
Personally, I have no time or desire to ruin anyone's life that's a decent person. I even feel a little bad for ruining this shmuck's business. In other words, you're fine for now. ;)
paddyhack91 karma
The real anonymous are fantastic in my opinion. Hactivism at its finest. It's the wannabe anons that hang out in Hackforums.net that are the cancer. I have never personally performed anything under the anon banner nor would I want to. Some of those guys are on a completely different level of skill, and most of their targets are legitimate. I haven't been following up on them recently.
SketchyThaClown29 karma
Oh God, Hack Forums is equal parts hilarious and depressing to read over. 1337h4x and Skiddies at their finest. I dunno, while they make themselves an incredibly easy target, they did color my view of person security. If some jackoff preteen with a prohaxxor mentality and too much caffeine can root a system downloading (virus infested) kits off a forum, God forbid anyone ever encounter a real hacker. At least, those with darker shades of hat, anyway. Security, be it physical or cyber, is fallible. TOOOL and Defcon have pretty much confirmed that for me. If I know that a chain lock can be opened with a rubber band, and a hotel door with a tool that can be recreated with some wire and fishing line? Not to mention about five other ways? Then the saving grace is really that, at the end of the day, most of us just aren't worth the effort. I've got a lot of respect for hacktivism, because it's apparent that the people that got hit? Made themselves a big, bright target, and didn't bother to take the measures to protect themselves when they did. Is it legally accepted? No. Is it morally alright? Sometimes. But intention means a lot. And I'd like to believe that, short of the black hats and the script kiddies out there, there's a lot of self-challenge and moral judgement behind, at the very least hacktivism, if not most grey/whitehatting as a whole.
Wigglez127 karma
What are your thoughts on DDOSing? A lot of professional gamers are having major problems with being DDOSed during tournaments (resulting in them being forced to Forfeit)
paddyhack76 karma
Fuck ddossing. It can have its benefits taking down large websites if done properly but other than that it serves no purpose only for a skiddie to claim that they 'hacked' a site.
paddyhack23 karma
Incredibly dangerous if you believe that they are backed by a Government.
paddyhack55 karma
A. I'm not amazing. Far from it. I just figured out a bad system, and ran with it, B. I'm a techie. I love all things tech. I live and breath it,
Under_Doggy_Dogg18 karma
Do you find it ironic that the guy(s) seeking revenge here are probably going to be in waaaay more trouble than the scammers? I can see how they could easily explain away what they were doing, close up shop and move, or even refund a little money to the loudest complainers and go forward. The voicemail hacker laid out all the evidence the prosecutor would need in posts and Youtube videos.
paddyhack64 karma
I see your point about the video. I admit to what I did, and realise that it's legally wrong, but morally, I feel fine. If I get caught, I'll deal with the consequences. This was my choice. It wasn't for fame or honour, it was because it was the right thing to do.
Dajego17 karma
Can you name any internet/book sources to get ino hacking/cracking? For example which coding language would be a good start, etc.?
paddyhack53 karma
First up, change to Linux for your everyday system. Secondly, learn the command line languages (Bash, and Python). Have an understanding for web languages, especially PHP alongside MySQL. That's a good foundation. A passion for IT is mandatory.
Learn about the technologies associated with what your target is. I am still learning everyday, so pick a topic that seems feasible, and go from there.
A site I haven't been to in a while is securitytube which will show you some stuff.
Take a basic look at what's possible, pick one, and stick at it. It's almost impossible to be excellent in all fields.
yourtehdiction13 karma
How much would it cost to hypothetically teach someone everything you know?
paddyhack21 karma
Someone with a decent understanding of tech would get to me in a year if dedicated. The majority of it is learning the tech behind the hack.
paddyhack37 karma
All self taught, If you have a passion for something, then learning it is fun!
24oi29 karma
And thank Linus for the open source community and the endless knowledge it provides!
Holycity10 karma
What system do you use? Linux? Also are macs hard to hack or is it just they're not wide spread enough to be worth the time?
paddyhack37 karma
Macs and Linux are cousins underneath it all. When you're looking to infect as many PC's as possible, you'll look at the stats, realise that 9/10 home computers are windows, and dedicate time scripting an exploit for that platform. If Macs were in the majority, there'd be an increase of exploit research and therefore more virii. There are other reasons to, but that's a major one.
paddyhack5 karma
For my main machine, I use Mint for it's lack of headaches. I put Arch on my netbook deliberately so I was forced into learning about more of the Linux backend. Best decision I made.
paddyhack16 karma
I was going to bed 6 hours ago... Oh well. Coffee and nicotine are keeping me in check for now. I'll probably have to call it a night for a few hours, and answer any questions when I wake. I'm good for now though
Theaznlazo9 karma
Do you have any suggtions in terms of password strength? I know different passwords for other accounts is a great idea, but are their any other ways to protect myself? I feel as if the need is high, any account can be cracked.
paddyhack21 karma
There's a thread in adviceanimals about passwords. The biggest lesson I've leaned was to have numerous passwords. If I crack a site, chances are I'll have your email address and password that you use to log into the site. Chances are high that this is also your email password.
paddyhack13 karma
Yeah basically, the love of the possibility of breaking into systems. Not to do damage, but to peek inside
paddyhack29 karma
As I posted before, you don't learn to hack, you hack to learn.
Get an old wifi router and turn on wep encryption on it. See if you can break into it. I'm giving you no clues. There's your challenge.
Don't just download software and run it. Find out WHY you can crack it, and why this doesn't work for wpa for example.
razzmatazza341 karma
OP have you tried hacking into the Department of Defense while getting a blowjob from a hot blonde and at the same time having a gun pointed to your head?
View HistoryShare Link