Nusky
New Member
About 7 years ago, my duty manager at the time, Jason, had a problem with his laptop. He let me go get my laptop during lunch time and I worked on it in the main office all after lunch.
When I turned my computer on there was an open wireless network. Being the curious grey hat I am, I logged in. There was nothing abnormal at all. I continue working on my duty manager's laptop.
Later as I was finishing up, I realized I forgot about the open network. So, I take a look, just a few home computers. Nothing of interest, some online tax forms, family pictures, school documents etc. I dropped my backdoor and worm on both computers.
About a week later, I noticed two IPs that I haven't added to my bot network personally. I open one, it's just a bunch of security cams for some sort of building. I open the other though, the computer was an old Windows 2008 server. It was behind a few routers or other routing computers. The server had 300 terabytes of hard drive.
It was CHOCK full of first and last names, addresses, credit card details, social insurance numbers, what car(s) they drove, with license plates, what clothes they wore, and sometimes direct GPS locations to I guess their homes. Not all of this information was present for all people though. There was billions of lines in this SQL server!
Just then I noticed on my packet sniffer, there was a large file coming in. It was encrypted coming down, must have came from an unknown file share software. After a few minutes the 175 MB file was downloaded. The title was just random characters. UTFkjbaF.avi.
It was just some weird bull shit. Three people sitting at a table, the camera was directly above. One was smoking a cigarette, one guy was drinking what looked like coffee.
The other one started talking in gibberish or what seemed like code. It was just random nonsense like "banana, horse, charlie, boot". After a while, near the end the guy saying the code starts to cry. with a few minutes left in the 20 minute clip, he says "Please! You don't have to do this! Leave her alone!" This is some movie I haven't seen, I guess. Then the video ends with him crying.
Few days later curiosity got the best of me and I looked back. Little poking around, there was a new file, again 175 MB, 20 minute file, and random AVI name. I download it and view it. The time stamp was from an hour after the first video appeared. In it, it had the one drinking coffee and the one smoking a cigarette in the corners looking into the center of the room.
The one saying the strange code was crying, while having sex with a young lady who had her throat slit, just blood everywhere. Again, I thought it was just some crazy movie I haven't seen. But deep down it didn't look that way. I've seen enough fake stuff, I think I'd know the difference, or would I? I got a terrible feeling in my stomach, an quit the video within 5 minutes. Never went back. Removed all backdoors and just forgot about it.
I keep thinking about the dead girl. She was young, like 16 or 17, must have been his daughter or someone else's daughter. It was just so sickening.
I did however backtraced the two computer's IP, one server was in Detroit, and one was only traceable to Alberta.
When I turned my computer on there was an open wireless network. Being the curious grey hat I am, I logged in. There was nothing abnormal at all. I continue working on my duty manager's laptop.
Later as I was finishing up, I realized I forgot about the open network. So, I take a look, just a few home computers. Nothing of interest, some online tax forms, family pictures, school documents etc. I dropped my backdoor and worm on both computers.
About a week later, I noticed two IPs that I haven't added to my bot network personally. I open one, it's just a bunch of security cams for some sort of building. I open the other though, the computer was an old Windows 2008 server. It was behind a few routers or other routing computers. The server had 300 terabytes of hard drive.
It was CHOCK full of first and last names, addresses, credit card details, social insurance numbers, what car(s) they drove, with license plates, what clothes they wore, and sometimes direct GPS locations to I guess their homes. Not all of this information was present for all people though. There was billions of lines in this SQL server!
Just then I noticed on my packet sniffer, there was a large file coming in. It was encrypted coming down, must have came from an unknown file share software. After a few minutes the 175 MB file was downloaded. The title was just random characters. UTFkjbaF.avi.
It was just some weird bull shit. Three people sitting at a table, the camera was directly above. One was smoking a cigarette, one guy was drinking what looked like coffee.
The other one started talking in gibberish or what seemed like code. It was just random nonsense like "banana, horse, charlie, boot". After a while, near the end the guy saying the code starts to cry. with a few minutes left in the 20 minute clip, he says "Please! You don't have to do this! Leave her alone!" This is some movie I haven't seen, I guess. Then the video ends with him crying.
Few days later curiosity got the best of me and I looked back. Little poking around, there was a new file, again 175 MB, 20 minute file, and random AVI name. I download it and view it. The time stamp was from an hour after the first video appeared. In it, it had the one drinking coffee and the one smoking a cigarette in the corners looking into the center of the room.
The one saying the strange code was crying, while having sex with a young lady who had her throat slit, just blood everywhere. Again, I thought it was just some crazy movie I haven't seen. But deep down it didn't look that way. I've seen enough fake stuff, I think I'd know the difference, or would I? I got a terrible feeling in my stomach, an quit the video within 5 minutes. Never went back. Removed all backdoors and just forgot about it.
I keep thinking about the dead girl. She was young, like 16 or 17, must have been his daughter or someone else's daughter. It was just so sickening.
I did however backtraced the two computer's IP, one server was in Detroit, and one was only traceable to Alberta.
