"Only for fun" - this is the motto we often used when attacking any systems. Over a fairly short period of its activity, a large amount of material has accumulated. I was faced with the task of how to organize it. The purpose of this article is not to teach hacking. These are just stories that only superficially describe a social engineering attack. Basically, this is hacking any web systems in which the human factor plays an important role. The very concept that you can hack something without a single line of code makes hacking a system interesting and unique. Social engineering is not just a science. There is no single universal scheme for hacking using this method. In each individual case, the hacker develops his own way to achieve a specific result.
A. Bredinsky
If you don't remember your password, Skype will kindly send you a code to restore it by email. But we don't know the victim's email address. Besides, we don't know much about the victim. On the Skype website, there was a request form for restoring a lost account. To do this, several points were needed:
• Email address associated
with your account • * Approximate date of account creation;
• Date of last login to your account;
• 3 or more of your friends listed in your account;
• As well as — date of birth, country, and a few other not so important items (I'll just omit them).
If you know all this information, you can get access to your account. If you send this request to Skype technical support, you will receive a notification about a positive or negative decision by email within 24 hours. If all the data is correct, the victim's account is linked to your email address, and you can restore the password on the site within a minute. It would seem that nothing complicated.
The date of the last login is not a problem to find out if the victim is in your contact list and we can see her status. Skype doesn't show you when you were last online. But you can send the file to the victim. Wait a few days and if the file is not sent, it means that the user has not yet logged in to the account. In this case, you can specify "more than 2 days ago"in the application. But the account creation date is more complicated, but, as a rule, technical support is not particularly demanding for this item and we can only specify an approximate month and year. Collecting information about the victim helps us here – their activities play an important role in this case.
Breaking through three friends from the victim's list is already harder. As a rule, I didn't use it and just added friends from three different accounts to the victim. It is very important that these are not new accounts registered at the same time.
The last and most interesting step was breaking through the mail linked to the victim's account. Until 2013, there was an interesting "fitch" on facebook, which was still removed due to mass hacking of accounts, or, perhaps, due to the disclosure of confidential information about a person. The idea was simple: facebook allows you to search for friends from various messengers and other social networks. We create a facebook account, go to the "add friends" tab, select via skype, enter your username and password, and facebook imports all the contacts from your Skype account to the site, while we can see their mail next to each contact.
This was necessary so that Facebook could find your friends on the social network using this email. Soon Skype still closed the email transfer. Sometimes, at this step, you could stop and hack the victim's Skype. We'll get back to that later.
After specifying all the data we have collected, you must describe the history of losing access to "your" account. On behalf of the victim, we write something like this:
"Hello there. I've been on vacation for the last month. After returning home, I was unable to log in to my account. I'm not sure if I remember my password exactly, but I suspect that scammers might have obtained my data, because I can't log in to my email account either. Please help me."
After forming and sending the request, you will receive a response to the new email address that you specified in the request within 24 hours. If the support service approves it, the victim's account will be linked to this email address, and you can go to the Skype site and reset your password. In my case, everything was simple. I hacked a certain category of people who were almost always online, always added you to their contact list, and all personal data was open – date of birth and country.
As mentioned earlier, facebook allows you to identify the mail associated with the victim's Skype. After recognizing it, we can see this type of mail "[email protected]" or "[email protected]". In the first case – we will switch to gmail.com and we will try to register a new mail with the name "fjdfdji38h9h9id". If everything works out, then we can simply reset the password for this email. Your account was hacked. In the second case, a site with the name "jhjfhgfohg.com" it doesn't exist at all. We create a host, bind this domain name to it, raise the mail service, and create mail there with the name "fdjhfdh39h". So we have the mail "[email protected]", to which we can also send a Skype password.
A social engineer never gets hung up on hacking with one method. It develops by exploring all possible paths, because in any smallest detail a fatal error can be hidden. And so it was. The Qiwi payment system at that time was not very secure, so it still endured a series of attacks. But how to link Kiwi and Skype, you will think and discard this idea. Not a social engineer.
While researching the Skype password recovery form, you may come across an interesting point. Skype offers the ability to make calls around the world using an internal balance. You can top it up via most payment systems, including a Visa card. If you have ever added funds to your Skype balance, you can enter these details in the application form and the Skype support service will have more than enough of them to identify you as the account owner. Very interesting… Qiwi is convenient because it integrates many services, including Skype. When registering with Qiwi by phone number, you are assigned a virtual card with the number, issue date, and PIN code. And when you make a payment via qiwi, you formally pay with a bank card. The bottom line is that Qiwi allows you to add funds to your Skype account balance, and you just need to know your Skype username.
Eureka!
Enter the victim's login in qiwi and top up her balance with a couple of dollars. We view the payment history in qiwi and select our receipt. We need the transfer number, date, and amount. Enter this information in the request for Skype recovery. Writing a similar text:
"Hello, I forgot my password, and my email was blocked, so there is no way to reset the password. Please link my account to your new email address. I attach data about adding funds to my card balance"
It is important not to indicate in the application that we replenished the balance through Qiwi, but to create a story that we used your personal card. For Skype, this moment was very important for identification, so they simply turned a blind eye to all other points and gave you access.
At the time of the dawn of synthetic drugs, entire forums for the sale and purchase of narcotic drugs were opened. Dealers needed special protection, but their channels weren't that secure. As a rule, communication with clients was conducted through vulnerable instant messengers like skype, jabber and the good old icq. Dealers accepted payments mainly to the most popular EPS*, but mostly to a Qiwi wallet by phone number. There was a huge amount of money on the balance of such wallets. Getting access to the Qiwi wallet meant getting that very money. Drug dealers did not accept any files, did not follow external links, and tried not to come into close contact with the client. All we had was the Qiwi wallet number.
* electronic payment system
The idea was to break through the passport data of a person registered on a SIM card. Then find the person for whom you can issue a general power of attorney. After that, this person will have to come to the mobile phone department and get a SIM card. But to draw up a general power of attorney, you also need a second person who owns the SIM card, so the idea seemed in vain. However, we still decided to test it for ourselves. A friend of mine had a general power of attorney for his relative. We came to the department and were surprised that the operators did not check this power of attorney for its presence in the register, which means that you can specify a completely non-existent notary and draw any seal. Roughly speaking, the document can be completely forged without the participation of the victim.
On hacker forums, there were people actively offering their services for breaking* information about any mobile number. The cost was relatively low, so we took advantage of it. After receiving the number of the drug payment wallet from the dealer, we gave it to probivala**. In fact, these are the same operators in mobile offices. An hour later, we received the passport details of this number. We took as a basis the template of the general power of attorney previously used by my friend. We rewrote the data, changed the seal and full name of the notary. Put a different signature and you're done. Coming to the office to the operator, it was very disturbing, but they acted without giving any sign. After turning the newly printed power of attorney in his hands, the operator issued a SIM card for the new passport data without any questions and handed it to us within 5 minutes. It's too easy. We immediately sent the password recovery code on the qiwi website and restored the password in a minute. We worked like this for a very long time and it brought a lot of money.
Once the operators suspected frequent visits to the office and decided to check the power of attorney. Everything went well and we managed to leave. This scheme can be used if you take special precautions. First, it was necessary to visit different offices with a frequency of about 1-2 times a week. Second, people must constantly change. The reason why we restored SIM cards, the operators did not ask. They didn't care much about the document itself. They didn't even make a scanned copy. All these mistakes were the result of irresponsible attitude of office workers.
* check or find out information about someone, something
** a person providing punching services
Let's start the attack. We find a working service that replaces the sender's sms. We indicate the sender's number of our victim, the recipient's number-the federal Qiwi number, and in the body of the email we write the following command: "transfer 89123456789 1000", where 89123456789 is the number of our Qiwi. We send an SMS and 1000 rubles are withdrawn from the victim's account and transferred to our number-89123456789. The maximum amount you could transfer was 5,000 rubles. Therefore, you had to make several commands at once if you had a large amount of money in your wallet. The feast wasn't long. Qiwi changed the ussd system by adding SMS confirmation. In addition, mobile operators have banned replacing SMS messages through third-party gateways. Some of the services still worked, but it didn't matter.
I had no purpose or desire to engage in black business. I knew what this could lead to, but I was actively hanging out in this environment. I knew that most of these scammers were either scammers or middlemen, and only a small percentage were real sellers. There were thoughts that you can profit from these same scammers. Hack hackers, throw scammers, extort ransomware. What could be better? So let's say, punish bad people, and even get a profit for it.
It's no secret that the most profitable people in the dark side of the Internet were people who laundered and cashed out money, as well as drug dealers who sold drugs. In general, studying the "dark web", the choice fell on drug dealers. Initially, they used our favorite clumsy skype, old icq, as well as jabber and Brosix. The topic of hacking icq will be further disclosed.
I knew how to hack Skype using various methods, so we easily hacked 3-5 stores a day. By logging in to the dealer's account, you could be content with a huge base of junkie customers. Their number depended on the store's reputation. The essence of earning money was to replace the store's wallet with your own, which customers used to pay for money. The minimum cost of a couple of grams of synthetic substances was about 1 thousand rubles. Clients were different and sometimes 1 client paid up to 20 thousand rubles at a time. Earnings reached up to 100 thousand rubles a day. Not bad?
We didn't always use such a crude method. First, customers realized that they were being cheated, so the customer base quickly shrank, and the store quickly died. Hmm ... come to think of it, we're closing down drug stores, destroying dealers ' businesses, and getting paid to do it. Where was the FSB and the Federal Drug Control Service at that time? (joke). Most dealers offered a large ransom for their hacked accounts. Often we agreed and let the dealers continue working, but after a while we visited them again. In less than six months, all dealers completely abandoned Skype.
There are also loopholes here. A specific version of the icq 6. x client allowed you to see the email linked to the account directly in the user's personal data. You just need to add the victim, and she in turn must authorize you. Then you can view her email if the victim did not register ICQ on her phone. And then we go to the mail and hack it. Many emails were nonexistent, which gave a 100% chance of success. We simply created this email and sent the password from the ICQ site to it. It was very simple. We hacked some emails by selecting a password, some through a secret question, and others were completely found in the public databases of hacked sites. In general, there are a lot of ways to hack mail. At that time, I even had active XSS on rambler and a couple of bugs on other services.
The widespread use of Qiwi wallets gave rise to more and more hacking ideas and methods. When the main methods were covered, I noticed one item in the support service. The fact is that we could block any qiwi wallet. The reason was the following. We write a text ostensibly on our own behalf and ask you to block our qiwi wallet, because we lost our phone with a SIM card and are afraid for our funds. The support service kindly blocks all operations on the wallet, as well as the login to the wallet itself. But there is one very important condition! If you do not provide your passport and contract for the wallet number within 15 minutes, the wallet will be unblocked. Formally, we can block any wallet for 15 minutes. I immediately understood how to use it.
I was added to the dealer in icq and wrote that the wallet was blocked until I received a certain amount. This dialog should have taken me no more than 15 minutes to receive the money before the wallet was unlocked. I receive the money, a couple of minutes pass, and the wallet works again. If the amount in your wallet is really large, then the dealer is afraid of it, so he has no choice but to pay the ransom.
I believe that the blocking was done by a robot, so it didn't pay attention to the fact that the wallet was initially frozen. I believe that due to the active use of a certain scheme, one of the bank's employees discovered this error and made adjustments.
Attacking Skype
"A person is the most reliable and at the same time the most vulnerable source of information."A. Bredinsky
Support
At the time of 2013, Skype was one of the most popular instant messengers. At that time, Skype was already part of Microsoft. Bugs and vulnerabilities were found almost every day. At that time, many errors were already covered up, for example, with recovery using a password token, incorrect filtering, etc. But zero-day errors still existed. One of the biggest flaws was in the Skype security service. It may sound strange, but the support service, which was supposed to protect the accounts, itself gave the hacker access to them. It's hard to call it a bug or a bug, but the whole system is determined by its integrity. And if some function of the program does not work correctly, it can lead to a fatal outcome. This example is based on real events and demonstrates the beauty of social engineering.If you don't remember your password, Skype will kindly send you a code to restore it by email. But we don't know the victim's email address. Besides, we don't know much about the victim. On the Skype website, there was a request form for restoring a lost account. To do this, several points were needed:
• Email address associated
with your account • * Approximate date of account creation;
• Date of last login to your account;
• 3 or more of your friends listed in your account;
• As well as — date of birth, country, and a few other not so important items (I'll just omit them).
If you know all this information, you can get access to your account. If you send this request to Skype technical support, you will receive a notification about a positive or negative decision by email within 24 hours. If all the data is correct, the victim's account is linked to your email address, and you can restore the password on the site within a minute. It would seem that nothing complicated.
Step 1. Collecting information
At the first stage, the victim is analyzed and the necessary data is collected. By adding the victim to our contact list, we can see the date of birth and country, if the user did not hide them. But in 90% of cases, they are publicly available. If they are hidden, you can try to "break through" the victim by login using Internet search engines. Find the victim on social networks or other sites where you can find out the date of birth. Many people often leave their contacts on forums or other Internet sites. Such data is easily found in search results. Sometimes you can enable "dorks" to optimize your search. You should always try to get the most out of search engines, not paying attention only to the first links, because they are relevant, but only in the opinion of the search engine. But in general, each "standard" user tries to put their country of residence, doing everything "by default" and not hiding anything.The date of the last login is not a problem to find out if the victim is in your contact list and we can see her status. Skype doesn't show you when you were last online. But you can send the file to the victim. Wait a few days and if the file is not sent, it means that the user has not yet logged in to the account. In this case, you can specify "more than 2 days ago"in the application. But the account creation date is more complicated, but, as a rule, technical support is not particularly demanding for this item and we can only specify an approximate month and year. Collecting information about the victim helps us here – their activities play an important role in this case.
Breaking through three friends from the victim's list is already harder. As a rule, I didn't use it and just added friends from three different accounts to the victim. It is very important that these are not new accounts registered at the same time.
The last and most interesting step was breaking through the mail linked to the victim's account. Until 2013, there was an interesting "fitch" on facebook, which was still removed due to mass hacking of accounts, or, perhaps, due to the disclosure of confidential information about a person. The idea was simple: facebook allows you to search for friends from various messengers and other social networks. We create a facebook account, go to the "add friends" tab, select via skype, enter your username and password, and facebook imports all the contacts from your Skype account to the site, while we can see their mail next to each contact.
This was necessary so that Facebook could find your friends on the social network using this email. Soon Skype still closed the email transfer. Sometimes, at this step, you could stop and hack the victim's Skype. We'll get back to that later.
Step 2. Application form
Before submitting the application, it was very important to clarify one point. If the victim is located in England, and you are trying to apply via IP, say, Italy, then the Skype administration will have very big doubts and in 99% you will be refused. Therefore, it was necessary to set up a proxy server for the victim's country.After specifying all the data we have collected, you must describe the history of losing access to "your" account. On behalf of the victim, we write something like this:
"Hello there. I've been on vacation for the last month. After returning home, I was unable to log in to my account. I'm not sure if I remember my password exactly, but I suspect that scammers might have obtained my data, because I can't log in to my email account either. Please help me."
After forming and sending the request, you will receive a response to the new email address that you specified in the request within 24 hours. If the support service approves it, the victim's account will be linked to this email address, and you can go to the Skype site and reset your password. In my case, everything was simple. I hacked a certain category of people who were almost always online, always added you to their contact list, and all personal data was open – date of birth and country.
Alternative method for hacking Skype
This method is based on a non-existent email linked to the victim's Skype. Sometimes, when registering an account on a site, people often write a set of characters instead of real mail. Because they just don't want to waste time, or they don't remember their email address, or they don't want to confirm their account.As mentioned earlier, facebook allows you to identify the mail associated with the victim's Skype. After recognizing it, we can see this type of mail "[email protected]" or "[email protected]". In the first case – we will switch to gmail.com and we will try to register a new mail with the name "fjdfdji38h9h9id". If everything works out, then we can simply reset the password for this email. Your account was hacked. In the second case, a site with the name "jhjfhgfohg.com" it doesn't exist at all. We create a host, bind this domain name to it, raise the mail service, and create mail there with the name "fdjhfdh39h". So we have the mail "[email protected]", to which we can also send a Skype password.
Hacking Skype with the help of "Fruit"
After many successful hacking attempts, tech support still noticed a huge influx of requests for recovery. They have tightened the requirements and now for a successful hacking, you need to know the victim's data 100%. In addition, the method with breaking through mail on Facebook no longer worked.A social engineer never gets hung up on hacking with one method. It develops by exploring all possible paths, because in any smallest detail a fatal error can be hidden. And so it was. The Qiwi payment system at that time was not very secure, so it still endured a series of attacks. But how to link Kiwi and Skype, you will think and discard this idea. Not a social engineer.
While researching the Skype password recovery form, you may come across an interesting point. Skype offers the ability to make calls around the world using an internal balance. You can top it up via most payment systems, including a Visa card. If you have ever added funds to your Skype balance, you can enter these details in the application form and the Skype support service will have more than enough of them to identify you as the account owner. Very interesting… Qiwi is convenient because it integrates many services, including Skype. When registering with Qiwi by phone number, you are assigned a virtual card with the number, issue date, and PIN code. And when you make a payment via qiwi, you formally pay with a bank card. The bottom line is that Qiwi allows you to add funds to your Skype account balance, and you just need to know your Skype username.
Eureka!
Enter the victim's login in qiwi and top up her balance with a couple of dollars. We view the payment history in qiwi and select our receipt. We need the transfer number, date, and amount. Enter this information in the request for Skype recovery. Writing a similar text:
"Hello, I forgot my password, and my email was blocked, so there is no way to reset the password. Please link my account to your new email address. I attach data about adding funds to my card balance"
It is important not to indicate in the application that we replenished the balance through Qiwi, but to create a story that we used your personal card. For Skype, this moment was very important for identification, so they simply turned a blind eye to all other points and gave you access.
"Unripe QIWI"
There are quite a lot of ways to earn money on the Internet, but all of them are either ineffective or"black". We were never people who were capable of evil deeds and stealing from honest people. However, they were interested in the money. Cleaning out a scammer on the Internet didn't seem like such a black thing.At the time of the dawn of synthetic drugs, entire forums for the sale and purchase of narcotic drugs were opened. Dealers needed special protection, but their channels weren't that secure. As a rule, communication with clients was conducted through vulnerable instant messengers like skype, jabber and the good old icq. Dealers accepted payments mainly to the most popular EPS*, but mostly to a Qiwi wallet by phone number. There was a huge amount of money on the balance of such wallets. Getting access to the Qiwi wallet meant getting that very money. Drug dealers did not accept any files, did not follow external links, and tried not to come into close contact with the client. All we had was the Qiwi wallet number.
* electronic payment system
Attorney
Qiwi technical support was skeptical about restoring access to the wallet. If you have lost access, you can only restore your password if you have a SIM card in your possession. That's when we started thinking about how to get a duplicate SIM card. The first step, we called the mobile operator and tried to somehow redirect SMS messages and calls to our number, which ended in failure. But we found out that on the basis of a general power of attorney, you can still get a duplicate SIM card. However, this method was very dangerous and complicated.The idea was to break through the passport data of a person registered on a SIM card. Then find the person for whom you can issue a general power of attorney. After that, this person will have to come to the mobile phone department and get a SIM card. But to draw up a general power of attorney, you also need a second person who owns the SIM card, so the idea seemed in vain. However, we still decided to test it for ourselves. A friend of mine had a general power of attorney for his relative. We came to the department and were surprised that the operators did not check this power of attorney for its presence in the register, which means that you can specify a completely non-existent notary and draw any seal. Roughly speaking, the document can be completely forged without the participation of the victim.
On hacker forums, there were people actively offering their services for breaking* information about any mobile number. The cost was relatively low, so we took advantage of it. After receiving the number of the drug payment wallet from the dealer, we gave it to probivala**. In fact, these are the same operators in mobile offices. An hour later, we received the passport details of this number. We took as a basis the template of the general power of attorney previously used by my friend. We rewrote the data, changed the seal and full name of the notary. Put a different signature and you're done. Coming to the office to the operator, it was very disturbing, but they acted without giving any sign. After turning the newly printed power of attorney in his hands, the operator issued a SIM card for the new passport data without any questions and handed it to us within 5 minutes. It's too easy. We immediately sent the password recovery code on the qiwi website and restored the password in a minute. We worked like this for a very long time and it brought a lot of money.
Once the operators suspected frequent visits to the office and decided to check the power of attorney. Everything went well and we managed to leave. This scheme can be used if you take special precautions. First, it was necessary to visit different offices with a frequency of about 1-2 times a week. Second, people must constantly change. The reason why we restored SIM cards, the operators did not ask. They didn't care much about the document itself. They didn't even make a scanned copy. All these mistakes were the result of irresponsible attitude of office workers.
* check or find out information about someone, something
** a person providing punching services
Substitution
To be honest, it wasn't so hard to think of that. It was more difficult to implement it. And so, almost all payment systems, as well as mobile operators, provide the ability to use USSD requests. There were also such teams on the qiwi website. I'll explain it in an accessible language. Let's assume that you have a Qiwi wallet that has the USSD feature activated. It is activated in your wallet settings and is usually enabled automatically. If you have a SIM card in your phone, you can make a transfer of funds by simple SMS with the command "transfer 89123456789 1000" to the number 7494. 1,000 rubles will be debited from your account and transferred to the account of another qiwi wallet with the number 89123456789. The idea arises, what if you fake the sender's number and, say, without having the victim's SIM card at hand, send an SMS with the transfer of funds to your wallet. Services for sending SMS with sender substitution existed and actively worked, and many of them are completely free. They were intended more for practical jokes, but we use them for our own purposes. The problem was that it was impossible to fake requests for short numbers! This raises another question, but the short number must be linked to something? And yes, indeed, every short number has a federal number. And I managed to find it. More precisely, there was not even one number, but an entire corporate group. The number was issued to the company LLC "Bifri", the tariff "mobile information" was used, the balance on the number is minus 400 thousand rubles. The main thing is that if you send an SMS to this number, it will automatically be forwarded to the short 7494. Just what you need!Let's start the attack. We find a working service that replaces the sender's sms. We indicate the sender's number of our victim, the recipient's number-the federal Qiwi number, and in the body of the email we write the following command: "transfer 89123456789 1000", where 89123456789 is the number of our Qiwi. We send an SMS and 1000 rubles are withdrawn from the victim's account and transferred to our number-89123456789. The maximum amount you could transfer was 5,000 rubles. Therefore, you had to make several commands at once if you had a large amount of money in your wallet. The feast wasn't long. Qiwi changed the ussd system by adding SMS confirmation. In addition, mobile operators have banned replacing SMS messages through third-party gateways. Some of the services still worked, but it didn't matter.
Earning money online
"Break the huckster"
I don't remember when the Internet was so widely monetized. More and more often people are trying to go to online work in search of various ways to earn money. Forums about earnings offer such schemes as "white" and"black". Of course, you can argue for a long time that all white schemes are useless, since no one would share the ideas of a business that supposedly brings millions, and the price of this idea is a measly 5 thousand rubles. Therefore, the most striking examples of earnings can be observed in the "black" schemes. These include: carding, hacking, fraud, DDOS, extortion, trading in illegal things and drugs, and much more. First of all, it really makes a profit. Secondly, it is illegal. Third, the demand for these services is quite high.I had no purpose or desire to engage in black business. I knew what this could lead to, but I was actively hanging out in this environment. I knew that most of these scammers were either scammers or middlemen, and only a small percentage were real sellers. There were thoughts that you can profit from these same scammers. Hack hackers, throw scammers, extort ransomware. What could be better? So let's say, punish bad people, and even get a profit for it.
It's no secret that the most profitable people in the dark side of the Internet were people who laundered and cashed out money, as well as drug dealers who sold drugs. In general, studying the "dark web", the choice fell on drug dealers. Initially, they used our favorite clumsy skype, old icq, as well as jabber and Brosix. The topic of hacking icq will be further disclosed.
I knew how to hack Skype using various methods, so we easily hacked 3-5 stores a day. By logging in to the dealer's account, you could be content with a huge base of junkie customers. Their number depended on the store's reputation. The essence of earning money was to replace the store's wallet with your own, which customers used to pay for money. The minimum cost of a couple of grams of synthetic substances was about 1 thousand rubles. Clients were different and sometimes 1 client paid up to 20 thousand rubles at a time. Earnings reached up to 100 thousand rubles a day. Not bad?
We didn't always use such a crude method. First, customers realized that they were being cheated, so the customer base quickly shrank, and the store quickly died. Hmm ... come to think of it, we're closing down drug stores, destroying dealers ' businesses, and getting paid to do it. Where was the FSB and the Federal Drug Control Service at that time? (joke). Most dealers offered a large ransom for their hacked accounts. Often we agreed and let the dealers continue working, but after a while we visited them again. In less than six months, all dealers completely abandoned Skype.
Hacking ICQ
Those who used icq were also vulnerable. There were many ways to hack ICQ, but only a few people knew about them. I also used social engineering and the same method through technical support. The ICQ support service required one important point: you need 3-5 friends from your contact list to confirm that this is your account. It's just like with Skype, we add three fakes to the victim, and we keep in touch for a week. Then we send a request to tech support and use these fakes to confirm that the account belongs to us.There are also loopholes here. A specific version of the icq 6. x client allowed you to see the email linked to the account directly in the user's personal data. You just need to add the victim, and she in turn must authorize you. Then you can view her email if the victim did not register ICQ on her phone. And then we go to the mail and hack it. Many emails were nonexistent, which gave a 100% chance of success. We simply created this email and sent the password from the ICQ site to it. It was very simple. We hacked some emails by selecting a password, some through a secret question, and others were completely found in the public databases of hacked sites. In general, there are a lot of ways to hack mail. At that time, I even had active XSS on rambler and a couple of bugs on other services.
Buy-out
This is one of my favorite methods based on extortion, but we will be extorting money from the same substance dealers. The question immediately arises: what are we going to blackmail them with?The widespread use of Qiwi wallets gave rise to more and more hacking ideas and methods. When the main methods were covered, I noticed one item in the support service. The fact is that we could block any qiwi wallet. The reason was the following. We write a text ostensibly on our own behalf and ask you to block our qiwi wallet, because we lost our phone with a SIM card and are afraid for our funds. The support service kindly blocks all operations on the wallet, as well as the login to the wallet itself. But there is one very important condition! If you do not provide your passport and contract for the wallet number within 15 minutes, the wallet will be unblocked. Formally, we can block any wallet for 15 minutes. I immediately understood how to use it.
I was added to the dealer in icq and wrote that the wallet was blocked until I received a certain amount. This dialog should have taken me no more than 15 minutes to receive the money before the wallet was unlocked. I receive the money, a couple of minutes pass, and the wallet works again. If the amount in your wallet is really large, then the dealer is afraid of it, so he has no choice but to pay the ransom.
QIWI Hole
Since the main electronic payment system on the Internet was Qiwi, which still remains today, most wallets were actively blocked. Qiwi understood who was using their system and tightened the rules for using it. First of all, Qiwi introduced limits on funds. To do this, it was necessary to pass a long identification process. Secondly, they blocked their wallets for no particular reason. And it took weeks to unlock your wallet. For this purpose, special services were created that offer services for unblocking wallets. They charged a certain percentage for this work. Blocked wallets also came to me, as I was able to enter data and draw the necessary documents for unblocking. Everything would have been fine, but it was getting harder and harder to unlock. And then I decided to check out one strange thing. I wrote to technical support that I lost my SIM card and asked them to temporarily block my wallet. Strange, but I got a reply that tech support blocked the number. In fact, it blocked an already blocked wallet. I waited. And after 20 minutes, the wallet was unblocked. I was able to log in with my previous username and password and withdraw money. I did this with a couple dozen other wallets, after which Qiwi got suspicious and replied that she couldn't block an already blocked number.I believe that the blocking was done by a robot, so it didn't pay attention to the fact that the wallet was initially frozen. I believe that due to the active use of a certain scheme, one of the bank's employees discovered this error and made adjustments.
