Quantcast

Spy-jacking the Booters 2: Swatting as a Retaliation

Delving further into the subject, Brian Krebs depicts a situation from his personal experience telling what bad things can happen if you screw with hacktivists.

Admin panel for absoBoot

Admin panel for absoBoot

So, how did I get interested in the ‘noob persistent threat’, these DDoS services? Well, it started with a story that I wrote last fall about one booter service called absoBoot (see left-hand image). absoBoot, like all of these booter services, is advertised and chiefly marketed in a ‘noobtacular’ forum called Hack Forums. The story that I wrote about absoBoot noted that the guy who was running it is also running a similar service called TWBooter. It was created by a guy on Hack Forums named Orgy, a very big time seller there.

Meet Robert Danielson aka Orgy

Meet Robert Danielson aka Orgy

The story noted that Orgy hadn’t been super-careful with safeguarding the privacy of his Whois information (see right-hand image). He really hadn’t even tried that hard to obfuscate who he was. It was all run by a 23-year-old kid from North Carolina named Robert Danielson. He’d been busted a few times for different things, as you can see here. I think the latest one was robbing a local policeman’s house of his firearms – again, noobtacular… But anytime you write about these guys on Hack Forums, they get their dander up, they get a little pissed off because they are very proud of the forum, they’ve got a lot tied up into it, a lot of investing. And they start, you know, lashing out at you a little bit.

A pretty typical swatting scene

A pretty typical swatting scene

So, right after I wrote about this I started getting some anonymous threats, people sending me emails going: “Hey Krebs, watch your back – somebody is gonna swat your ass!” You guys know what swatting is? It’s when somebody calls in to your local police and pretends to be you and says there’s a hostage situation going on in your house and asks to send police right away. And usually, if you don’t answer the door they kick in your door, and all kinds of bad things can ensue after that. Well, I really didn’t want this to happen to me, so I reached out to my local police and I said: “Can you please send an officer out here, I want to file a police report?” And a guy came by, he was really nice; he had never heard of swatting before. But I said: “Look, if you get a call from somebody pretending to be me telling you about a hostage situation in my house – here’s my cell phone. Just freakin’ call me, okay? Don’t kick in my door.” They don’t reimburse you for that, by the way.

Exposed.su looked like this

Exposed.su looked like this

I didn’t get swatted, at least not then. Fast forward to March of this year, I wrote a story about a service in the underground that was being used to pull credit reports on celebrities and public figures. The guy that did this – this is his site (see right-hand image) called Exposed.su – basically, he started posting the name, address, Social Security Number, mother’s maiden name, previous addresses, all this stuff – pretty much anything you can find in a credit report. He started posting it all on the site. He did this for Arnold Schwarzenegger, Kanye West, and a whole bunch of other guys. When he got bored with that, he started doing public figures like the First Lady of the United States, the Director of the FBI, the Director of the CIA. And a lot of people were like: “Holy crap! If they can get this information on the Director of the FBI, they can get it on anybody.”

Information lookup on ssndob.ru

Information lookup on ssndob.ru

The story that I wrote said that now we’re talking about the right question here, because for every single one of you who lives in the United States, that information is for sale: for 5 or 10 bucks you can get it all. And I said: “This is one of the sites where you can get this information.” It was a site called ssndob.ru (see left-hand image). It’s no longer there, it’s at a different place. This is actually the account of the guy that set up Exposed.su. You can see he’s looking up Sarah Palin, Britney Spears and Tom Cruise; he actually looked up my information as well.

Rogue email sent to hosting provider

Rogue email sent to hosting provider

So I wrote about this and I said: “Look, this is out there. This is probably how he’s doing it.” I didn’t know at the time that it was. And the next day I get an interesting email from my hosting provider (see right-hand image), and they’re like: “Hey Krebs, FYI, we got a letter, looks like it came from the FBI but it’s kind of not really all that official-looking. But they said you’re hosting illegal content on your site, so we had to take down your site.” I also got the same email forwarded to me from Prolexic, which is a DDoS mitigation service that actually protects my site from attacks which are happening more often than not; my site has been under attack most of the day today.

I open up the door and, sure enough, there’s this entire SWAT team out in front of my house.

Swatting in action

Swatting in action

So, they sent me this notice and said: “Just FYI.” I thought this was kind of interesting. And they said: “Oh, by the way, your site is under attack again, it’s down. We’re gonna fix that, no problem.” About an hour later, I’m vacuuming the foyer because I’m expecting my mom and my aunt to come over for dinner. It was about 5 o’clock. And I notice there’s a whole bunch of tape on the wall, on the door, around the door. I’d put some Christmas lights up and I decided – it’s March, I’m going to take this stuff down. So I’m taking the tape up and I notice it goes on the outside. So I open up the door and, sure enough, there’s this entire SWAT team out in front of my house.

Another pic from the scene

Another pic from the scene

They were pointing at me pistols, shotguns, and they’re like: “Put your hands up! Walk backwards!” So I had this tape ball in my hand, and he’s like: “What’s in your hand?! Drop it! Drop it!” I’m trying to get this freakin’ tape ball off my hand and I’m like: “Holy crap! Don’t shoot me!” Well, the first thing I said was: “You guys are being tricked; I told you this was gonna happen.” They put me in handcuffs, they brought me on the street, and eventually this guy who looks like he’s in charge shows up and he goes: “Are you the guy that filed a police report about swatting?” I go: “Yeah, that’s me, jackass!” He goes: “We did call you. We called your cell phone.” And they did, I checked it later – they called it. The phone was upstairs as I was vacuuming.
 

Read previous: Spy-jacking the Booters

Read next: Spy-jacking the Booters 3: Owner Profiles

Like This Article? Let Others Know!
Related Articles:

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: