DD - 112 - Cybersader

# In-Game Currency - Ways to maliciously make money: - hack to get free currency, then give it to other people via by watching ads to make even more profit - hack the other currency websites, so everyone goes to yours - g2a - people steal card details, check the balance of the card, then cash out via mind or g2a # User Name Markets - OG USERS - sells social accounts - user name markets - when people buy account names, they have to immediately change those names so that they can create a new account, but everyone on these markets know that and try to steal it knowing you'll try to do an account name swap. They have automated systems for this, but sometimes that's not fast enough # Infighting - Limiting paypals - you can call in and tell them to limit your account because you're younger than 18 - Chargebacks - you can send someone a transaction, then take the money back - buy things with a stolen credit card, then call the company telling them you didn't make the purchase. you get the money and the item - credit card companies usually side with the cardholder - og users website has been breached at least 3 times exposing user data - Pizza bombing, pull SSNs and open a loan, swatting, extortion, doxing, and telling parents about cybercrime. # Roblox - How to get game onto the front page - botnets in games - hire a botnet service - not real players, but it works # OPSEC for Doxxability - Do not screenshare - Don't link accounts to Discord like Spotify, Souncloud, Youtube, etc - Don't get your IP logged, don't click # Documented the Dark Internet - You can sit and watch and document and report - Being online used to feel like being counterculture - The online counterculture today is not the good ol days # SIM Swapping - Tmobile apparently the easiest to hit - 1k to 10k per number - you don't call the phone company - remo-snatching (remote tablet snatching) - run in and take the store manager's tablet, then run out - SIM swapping steps: - the why - get control of usernames, bank logins or zelle transfer, and they need creds - you need an OTP to withdraw, so they can SIM swap. You need real-world knowledge of money laundering - Go after crypto instead since it's easier to hide - How to find someone with big crypto wallet: - use leaked email and passwords lists - run this and find "commons" where people use the same stuff on multiple sites - You can buy stolen accounts cheap online - Pizza plugs, mytsery chpotle burritos and chick fil a - FA vs NFA - full access vs non full access - FA - full email account access too # SIM Swaps with Crypto - Ledger DBs are perfect log (login) targets - email, name addr, phone - emails can be cross joined with other breach dbs to find "commons" - This can crack the wallet - entity resolution is a powerful tool for hacking - most people use OTPs via SMS - SIM swap, then steal millions from wallets - Can you figure out how much is in account? - yes - exploits with email and password combos - Lots of millionaires - Sometimes, they don't have the phone to find SIM swapping - they have the account, so they send an OTP and look at last 2 numbers of the phone numbers - number tracing and ISP doxxing - endpoint says real name and last digits of number - Then, do whitepage search via approximate location - Dehashed the email, IP then geolocate, people search on whitepages or been verified, then boom phone number - To remo-snatch - you need manager tablet password - store recon - call up manager, social engineer to get manager login - they usually try to disable the tablet really fast (within 10 minutes) - Runners have made 200 before. They make the least - Everything is organized in Telegram channel. Sometimes they pay remo guys 10k - Tmobile is about 5k per swap or 7k with fraud victims - Verizon 50k - very secure, but possible with the right equipment..branch mgmr login and social engineering..usually need insider - At&t - 2-4k - OPUS tool not very secure - Phone number and ICCID to move phone numbers - Cashing out - The lick is a successful log (login), you withdrew balance - This person looks like a lick. Succesful lick, etc. - Use residential proxy near target location - Reset their email password - Receive coinbase device auth link. Scream at the holder to be sending codes. The holder has the actual stolen phone. Person with leads doesn't want to get caught - Account can have up to 1 million sometimes - To withdraw, you swap the account to coinbase pro - You withdraw a 2 year exodus or metamask or your electrum wallet. Yet another 2FA check - Maximum daily withdraw limit workarounds - ways to withdraw 1 million with exploits - certain bot on a forum that can spam requests a bunch to allow batches of smaller transactions