I did the same thing to someone who attacked my gf in high school. They got her with subseven which was extremely easy to remove. Rather than just erase it, I took a copy home with me and analyzed it. Running the strings command uncovered the subseven signatures.. Turns out there was tooling that allowed you to modify the binary and redistribute it. Except the binary had an ICQ address to alert him to my gf’s online presence. He also had his AIM screen name, full name and city in his profile.
So I socially engineered him by posing as a classmate. I told him I was going to come by to get the homework for English. He wasn’t sure but I somehow convinced him and got his address. I don’t know why they always talk to strangers, but just like the article the dude responded. I got my friend and we went to pay him a visit.
Rang his doorbell, “hi is this l33th4x0r?”. He nodded but had no clue who I was. I mentioned my gf’s screen name and you could see the color leave his face. He stuttered and stammered about how he was just playing and didn’t mean to cause any problems. I said some stern words then left him wondering wtf I was and what just happened.
Kinda wish I saved the details (screen name, address, etc) just because of how epic it was at the time
I had fun with people on forums trying to get others to download keyloggers and the like. A lot of these were the stereotypical "script kiddies" who didn't know how much personal data they were giving away or even how the tools they used worked. I distinctly remember a few "C:\Documents and Settings\<uncommon first and last name>\...", from which I could find and sometimes phone them (often their parents would answer), but I drew the line at doing anything physical --- they were all far away anyway.
The most interesting results include apologies; one kid's father registered on the forum to post one for his son. Spamming a keylogger's logs with the physical address of its owner and "I know where you live" tends to cause them to repent in fear pretty quickly.
> I distinctly remember a few "C:\Documents and Settings\<uncommon first and last name>\...", from which I could find and sometimes phone them (often their parents would answer)
so this sounds like a pretty devious attack if you want to get someone, pose as a script kiddie in online forum, put in C:\Documents and Settings\<their first and last name> in stuff, other identifying info maybe and then let others do the work.
I used to just DDOS people’s AIM and messengers if they crossed me, as a phantom curse attached to them and they had no idea the cause.
I would chat with them as normal at the same time, chuckling to myself as they kept falling offline following a barrage of emoticons and requests from my army of chat bots that made their process run out of memory.
Eventually I’d bore of it. Or have one of the chatbots tell them not to cross someone again. In your scenario I probably would have said it was the person he got the exploit from, instead of making a link to someone I care about.
Way way back in the day, my friend wrote a program that would format the user's Commodore 5 1/4" floppy disk (usually the one that also ran their BBS) if they just tried to load it. They didn't even have to run it.
If someone screwed us, we'd create a new identity and upload a file named after a hot new pirated game to their BBS. Then sit back and watch the BBS go offline for a while.
Once in middle school, I wrote a fake format command and added it to autoexec.bat on my moms computer then promptly forgot about it because video games and sugar. Turns out she didn’t turn on her computer until Monday morning while I was at school. Mild mannered me was called to the principals office, expecting the worst. It was my mom on the phone frantically worried that her hard drive had just been nuked. I tell her what I did and she didn’t stop laughing for like 10 minutes. I was still grounded but I was allowed to use the computer or still play video games.
Niiiice, that reminds me of why I dont pirate Windows disk images any more, theyre all compromised! The “slim” builds with a buncha stuff deleted and also preloaded was nice, but now they just steal crypto.
I was going to write it earlier but I was content with the statute of limitations so just bring it up when I run for office, it pretty much has nothing to do with what you believe
I wrote about what happened, its a different reaction than the person I replied to - who actually visited the person instead of calling the police - there was no prowess associated with my response only that it was different and impersonal and also satisfactory, no more no less
Do you realize that if we’re talking about AIM and ICQ we are talking about 20 years ago? Maybe you didn't realize that, now that’s amusing. The sole purpose of this thread was “I can relate, I would approach it differently, here is a thing that happened”
> I am just saying you are regular busybody fucking asshole
I strongly believe this actually is language that goes against the CoC here on HN.
I think it would have had merit to reasonable talk about different points of view on the story, but any credibility goes down the drain in my book once people start not only to ad hominem others, but resort to language like you used.
Sad, as it could have been an interesting discussion to follow.
So I socially engineered him by posing as a classmate. I told him I was going to come by to get the homework for English. He wasn’t sure but I somehow convinced him and got his address. I don’t know why they always talk to strangers, but just like the article the dude responded. I got my friend and we went to pay him a visit.
Rang his doorbell, “hi is this l33th4x0r?”. He nodded but had no clue who I was. I mentioned my gf’s screen name and you could see the color leave his face. He stuttered and stammered about how he was just playing and didn’t mean to cause any problems. I said some stern words then left him wondering wtf I was and what just happened.
Kinda wish I saved the details (screen name, address, etc) just because of how epic it was at the time