Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Extortion’ Category

Phone Hacks Or Intercepts: Bezos’, Pecker, Sanchez, MBS, A Pragmatic Approach

leave a comment »

This whole thing about the Bezos’ dickpics is running amok in the media with panel after breathless panel dribbling on ad nauseum. Wanking on over whether or not a nation state secret service intercepted those texts and photos or if AMI (The National Inquirer) hacked them with the help of sleazy private investigators and or the brother of the mistress has me apoplectic every time it’s thrust in my face on the news. I finally decided to put this post together with some sense making to counter all the stupid out there. Of course the funniest thing about all of this though is that I have yet to see any of the hacking talking heads that usually show up like Dave Kennedy being dragged out to assess how easy or hard it would be to just hack a phone or an account. Who knew they would not be clambering to get more news cycle attention to pimp their services huh? Anyway, let’s do a little dive into what Bezos likely has as a phone, how easy they are to hack, and how likely that a bad actor like MBS and his secret services, a paid group, or just the brother of the mistress with a grudge were the culprits shall we?

What phone does Bezos likely have and how hack-able is it?

According to the babbling of the news media, claims have been made that Bezos has security and as such his phone is likely harder to hack. Well, let’s put that to the test and see. I did some looking and as of 2017 he was still using a Fire Phone, his own product and that runs on Android. A little more Googling and you can see that it had seven vulns that included DoS and overflow attacks in 2018

FireOS is based on Android 4.2 JellyBean and that had a host of vulnerabilities as well. So unless Bezos was using some super secret hardened version of JellyBean or FireOS then it is likely that even with iterations today he might have, it is still quite hack-able in all reality. So with that information one has to wonder at all this reporting that it HAD TO BE a nation state or that this was some exotic attack on a hard target.

Sorry, no.

INCONCEIVABLE!

Meanwhile, if indeed Bezos had another phone, he was spotted before with ANOTHER  model of phone (Samsung) which also uses Android as it’s base operating system. If you are in the hacking or security community, then you know that Android is a hot mess security wise because Google could really give a fuck, so there you  have it. Unless Bezos decided to get a Black Phone (which still had issues) I am gonna say it would not be hard to hack him with a phish with a bad .apk file and own him.

Sorry media, go home, you’re drunk again.

The facts are that unless Bezos got his hands on an NSA encrypted and hardened phone like the one that Obama had (which was Blackberry) then it is likely trivial to attack his phone and own him. That’s the fact and everyone should take that into account when listening or watching these talking heads on TV. Of course, this is not to say that it wasn’t MBS or minions he hired or AMI that did this because these are TRIVIAL hacks and one could pay easily for someone to do it. It would not take the NSA or that level of nation state access intercepts to get the data Pecker has.

What are the odds that a bad password(s) and an automatic backup to the cloud are responsible here?

Right, so what about bad passwords? I mean hell, Manny’s password to all his secret bad dealings was “bond007” right? So is Bezos using a good password vault with 16 character passwords and rotating them often? Well, I cannot say, but what I can say is this; “security is hard and OPSEC is even harder for regular people” This means that it is entirely possible that Bezos password could have been weak and he may not have changed them as regularly as might be needed for someone who is a higher risk target right? I am sure he has minions and possibly a security detail, but, think about this, would you want your security detail to have your password to your dickpic mistress phone?

This also brings up another question…. Did he have a mistress phone? Something separate from his regular phone and hidden so the wife would not see? You have to ask yourselves this question as well when thinking about this whole “affair” right? Let’s say Bezos bought a burn phone and used that instead of his primary phone to send his dickpics and stupid stupid texts mooning to his side piece? It’s not something you would really want to have laying about for the wife to find and nothing that could be directly tied to you in some ways, I mean sure he sent photos of himself, not just his junk, so yeah, not the greatest OPSEC there either. But would such a phone have less security because it was not hardened by the security detail?

Hmmmm….

Either way, passwords and access to Google (since I think he is still using Android) is problematic and unless he had all the 2FA turned on and alerting, he could have easily been pwned due to his own stupidity with passwords and access security.

What are the chances that physical access to the mistresses phone are to blame?

Ahh this mistress… Well all of the things above could play with her as well. It could have also been physical access to the phone by others as well. Let’s face it, Sanchez could have been using her dogs name as a password to all her accounts for all we know. She is the weakest of weak points as far as I am concerned in the security picture in this story. It seems that a running theme in the story seems to be that the mistresses brother is tied into the Trump camp and its acolytes so there is a chance that he accessed her phone either physically or perhaps he had a password to gather the details and leaked them to AMI.

Think about that though….

You would have to be one cold bastard as a family member to hack into the sister’s phone and dump pics that seem to include some nudity on her part as well to AMI right? I mean that is some serious pathology there. Keep that in mind further down this post ok? *turns over standing presentation board with pics and yarn connections* So yeah, it could be the brother, or it could be anyone who had proximity to the phone and a desire to carry out this attack on her and Bezos.

I am unaware of what phone the mistress is using but I am willing to bet that she is not as security conscious as Bezos might be. It could even be that Bezos and her both had burn phones that were insecure, who knows right? Suffice to say that the mistress and her electronics hygiene may have in fact been the vector of the leak and everyone has to take that into account even if you are thinking that this was carried out by nation state actors like MBS or Russia. It would be a soft target campaign with phishing, physical access, and stupidity that would win the day and would not take that much effort really.

Was it a nation state intercepting Bezos and just handed this over to Pecker and AMI?

Speaking of nation state actors here’s the deal…

It’s quite possible. It would likely be trivial to attack the weak link (mistress) and gather all the intel. In fact, let’s suppose the nation state actors did do this, it would not only be dick pics that AMI might have. It is possible that they also have audio and video captures of phone calls and the like as well. How do we know that Bezos and the mistress didn’t make any videos together as well? Or perhaps little videos for one another?

Ponder that one too.

The fact of the matter is that nation state, hired hackers, or sleazy PI’s could all have done this and all have passed on even more dirt to use against Bezos and his mistress and it all sits somewhere in a safe on an external hard drive right? All I am saying is that there may be more to come in the future if at some other time AMI and or others decide to go nuclear on Bezos. I will sit back and watch the fires burn and sip my whiskey when it all comes down. At the end of the day it cannot be said that it wasn’t a nation state that did this and there are hints and allegations that AMI might have that avenue of interest with MBS and Saudi to have made this happen.

My biggest problem though with that is that it was so fucking hamfisted in it’s being carried out that makes me wonder if it wasn’t just AMI doing what they have been doing since they started their yellow journalism agitprop fuckery. I would hope that a nation state would be smoother than; “It would be a shame if something happened to that marriage you have there” but hey, we are in the Trump era of thuggery and clown cars full of Russians right? So yeah, entirely possible it was MBS in the conservatory with AMI and a phone hack. Time will tell though, but let’s not make this into a James Bond epic huh?

What are the chances that this was a honey-trap?

Ok, breaking out the muder conspiracy board here for the fun of it…

What if, just what if, this was a honeytrap? What if the mistress is like the brother and a Trump supporter? What if this was all a trap to get Bezos to back off by AMI and others using this woman wittingly or unwittingly? I mean, it is possible isn’t it? I am not saying it is likely but I am just gonna put that out there for you all. If I were looking to damage an adversary (perceived) like Bezos I might just hire hookers and get the good on him in a hotel that’s been wired, of course it would have to be a situation that Bezos doesn’t have a TSCM team sweeping rooms before he stays in them and such but yeah, that would be one way. Another might be to leverage someone in the orbit or put someone in the orbit who he can be enticed by and get the goods on him that way…

Ya know… like what we are seeing play out here right? This is exactly the sleazy way that espionage is carried out on the nation state level (blackmail) as it is on the AMI level of play. So this is not an impossibility. Is it likely in this case? Well, what do we know about Sanchez anyway? I guess a deeper look into her and her brother might be in order and is likely being done by the likes of the FBI right about now.

Giggity.

But yeah, with all the hyperventilation going on in the media, this is a possibility and I cannot just wipe this away as a not a thing.

Time will tell.

Forensics or GTFO!

Finally, I would like to once again yell at the media FORENSICS OR GET THE FUCK OUT! I would like to see some evidence that points to nation state hacking or intercepts of Bezos and the mistresses accounts or phones. Will we ever see this data? Well, who the hell knows really but it won’t stop me from yelling this out every time the media breathlessly makes claims that exotic espionage has been carried out on alleged hard targets who use Android phones!

STAAAAAAHHHHP

I eagerly await some evidence in this case but I don’t really expect any. I will keep an eye on it all but at the end of the day I just wanted to put this out there. It is not super secret nation state shit level stuff going on here. It may in fact be leveraged by MBS and his people but it is not something along the lines of them using SS-7 on Bezos and his mistress right?

Right?

Oh right, need forensics for that…

Derp.

K.

Written by Krypt3ia

2019/02/10 at 14:53

Extortion Phishing: So, closer to the point. You surfed the internet with роrn, which I’ve placed with the virus…

with one comment

A series of extortion emails have gone out this last month that caught my eye. The phish are simple straight forward attempts at extorting users by claiming they had been hacked and watched surfing porn. The phishers then demand that the user pay a certain amount of bitcoins to them and all their trouble will go away. Basically it is the equivalent of the old “Say, that’s a nice family you have there, it’d be a shame if something happened to it” routine familiar to anyone who has seen a mafia movie. I had a user get one and so I began the usual looking around to see if more came in and what the deal was with it. Once I began Googling key words and phrases I saw that this had been making the rounds since at least August 14th and that this last round had actually made some money for the extortionists.

I then began the usual OSINT on the domain that the emails came from after collecting as much info as I could from Reddit and other places where people had mentioned the extortion attempts. What I came up with is an arcology of malware and phishing that seem to tie back to one individual in Ukraine who may be the nexus of it all. Before I go down the OSINT rabbit hole though, I just want to take a moment to consider this threat and the psychology of it. One might think that if you got this email you would just laugh it off and then trash it. Some people though had guilty minds or had in fact been surfing “the porn”, as we all do mind you, (come on you all do and you know it!) so they got worried and they actually paid this guy off to make it all go away and this is interesting to me. Do those who paid really think that an extortionist, once successful at getting them to pay them will just walk away after such an easy exploit?

*shakes head*

You fools…

Anywho, it seems that even a non exploit exploit of just threatening a user’s browsing habits with “I am gonna email all your contacts with your pron habits” is can work and potentially give the attacker some pin money at least. So I tracked the emails and the IP’s that these came from to Ukraine. Specifically to a subnet of systems owned by one guy: Roman Shurbarev.

From: return@aukcion.org

Received: from nat5.aukcion.org (nat5.aukcion.org [188.225.27.25])

As you can see there are porn like sites in there…

The domain owner of not only the domain in question that was set up as a mailer for these phish but also a string of other domains that he owns connected to other malware and phish sites and activities that include, wait for it… Wait… Ransomware! Yup, this guy has it all goin on! Now, when I started poking at the system that this all came from I ran an Nmap and the shit is tight, there were no open ports and the firewall as filtering everything so I kinda doubt that this guy has been popped and being used as a relay for these. So I went on to profile all his domains and got the following malware connections:

 

PICK A MALWARE! ANY MALWARE!

So yeah, this guy has many bad connections but not anything directly connected to his domains themselves that I could see, at least in the sense that they were hosting the malware or being used as a C2. Now though I would like to talk about the money. These poor fools who actually paid this scammer have netted him about .28794615 Bitcoins which is about 80516.75 Rubles or $1,375.29 dollars as of yesterday when I looked. The money has been moved around a lot from the series of wallets used in this extortion scheme:

156eSKJU22jHHUEr6zznqMiDyR1L7DFFPY
1FJND3abrT4TjwijUbfYPD8jogCFeSbL
1Pku8VSnjgZePRt8yLF3QWfUYMTAjhA3io
1DGgLh6xeDmasCBHaLEQXwJ7C9gEvpYvWr
12pRJwZfZKi3RZa2eFijVCjmjCbB1YcXXXrA
15YhkTnuTprtPDRsdxiE2y8sMqiSmLPx2g
17qDi9fFG8C7a4mmTBBjsV7QmUN9QUBScZ
1H6DRf3XvHYudc7g6RvCiMbunHHKpbjhD2
1Nu2hju7Bs4vkUw2xyqi4E3ktSgx2VJEJq
13HSMufjTvzGJKoHdSQsLiJbsPcQcVMf4K <— 7 transactions


 

 

 

It ain’t Wannacry money but it would buy some shit in Ukraine I guess. There has been some movement of money around so I am wondering if they are trying to mixmaster or what. I did not go down that rabbit hole so if you all want to go right ahead. As for me I thought that this post should be put out there for others to see the actor, the act, and maybe as a PSA to put a stop to it. So, here are the other variations on the theme. The emails all pretty much say the same thing with some variations on “I see you have been surfing porn because I infected your machine with porn!” and ask for the money;

So there you have it. You don’t have to be anyone special, you don’t have to be 1337 to scam people with an email…

Yay internet!

K.

Written by Krypt3ia

2017/09/01 at 11:51

Posted in Extortion, Phishing