In this entry Chema Alonso continues exposing the weird, perverted, maleficent, and simply naive people whose personal data got retrieved under the research.Of course, we discovered psychotics. This is what the control panel looks like (see image), and as you can see, this guy was searching xnxx.com for “Mother”, “Rape sister”, “Violent rape”, “Violence”. We were about to send this IP address to the police, because this guy is not normal.
Also, a lot of people are trying to be anonymous, and the first thing they were doing was just test if they were anonymous. The problem is that if you are using a proxy server, you are anonymous to the end page, but not to the proxy server, so the proxy server can track you anytime, it’s quite simple. So, okay, you are ‘anonymous’: we know what country you are from, and we know your real IP address – so, it’s quite simple. There are lots of cases when people are doing the same, trying to be anonymous.This is the worst case we discovered (see image). It’s a guy trying to make money by reading blog posts. It’s supposed to be a business: you read a blog post of anyone around the world and you will be paid for it. And after one month he was able to earn 24 bucks, so I’m not sure it’s such a good business right now.
In this case, this is a guy from Mexico, he wanted to browse for some porn on the Internet, and then he disconnected from the proxy server, but he was infected. And, as you can see, this is an internal server; we weren’t able to connect to it, but there is an ARP application with data and, of course, a lot of information on the user, such as the password and so on. But we couldn’t connect to that intranet because it’s not published on the Internet.And, of course, porn, a lot of porn; people searching for porn. Porn is the business, believe me. Not hacking – porn, porn, porn. We discovered this (see left-hand image), this is a very nice story, where in a Catholic church they discovered this painting from monks, about 7 centuries old – they were painting penises. It’s true.
So, you only need to select the target – whatever: a bank, a social network, intranet – analyze the files that are going to be loaded by this website, and force this file to load when the guy, the victim, is connected to the proxy server. It’s pretty simple.