All about security

Now, It’s no secret that some people do illegal shit. Coming from a black hat background I’m aware of the urge to do so.

However If you rat without a VPN you’re asking to be busted.
Using your Host/VM to Host it? Not enough security.
Using a Host with a VPN (Express you paid with in XMR and Not BTC)>VM>SSH+Tor>VPS? That’s better.

Now this is not a method on how to rat and hack properly, However it’s to point out that as a former black hat it doesn’t take long to gather info on any scam baiter, In Fact it’s fairly easy to do so.

Now It’s to provide context to anyone who may fuck with scammers for fun or for profit which is Unethical and defeats the purpose of being a “scambaitter”.

This is to merely point out the issues with everyone in this community.

Some rules of thumb:

  1. Scammers are usually too stupid/Lazy to do anything but make empty threats however not all are like this. Take it on a case to case basis and not as a whole.

  2. Using an Unencrypted connection to RAT is stupid. Local starbucks/Anywhere with free wifi and a Decent VPN is better. Also Fuck Nord and HMA two lousy VPNs that sold out/Have shit security.

  3. Even though it’s cool and accepted, YT and sites you don’t own/operate may hand out information to scammers. Dedicate a rig to send stuff to these sites decreasing your footprint on this device, Always use a VPN and VPS to upload to google this forces anything google has on you to become useless.

  4. 2FA is a must. Yep use it or Lose your shit.

  5. Use Firefox. Why? Well it automatically gens 16 character passwords and automatically saves them for you. Just make sure you save the correct username/Email as it may not detect that field. It’s also decent to use. It doesn’t load Advertising scripts and shit in the background.

  6. Use unique passwords, I Know I know it’s repetitive but a data breach may screw you. So Unique passwords.

  7. Unique usernames. Yes this is a thing. Wanna Here how stupid not doing this is? Ross William Ulbrict, Alexander found the hard way. DON’T COMBINE A NAME THAT YOU’RE SOCIALLY, PSYCHICALLY OR RELATIONALLY ATTACHED TO. GOD DAMN IT, IT’S BAD NEWS.

  8. Your social medias. For the love of god, Do not put your social media on Discord or in your YT Videos or anywhere unless they’re Unique and Dedicated to your cause.

  9. Family and Surroundings. Make every Serial Code, Program or whatever that is Unique disappear. Also Make sure when making YT Videos your Family isn’t around, and I Described this to a scammer, CHANGE YOUR TIMESTAMPS. Yes I Know small thing right? Well It’s not It Limits a location that you’re located in. So You’re allowing them to narrow down their dox locations. Yes I’ve used this to Dox scammers. So Yeah it’s a thing.

  10. Your Voice, Word Choice and Accent. Now in America it’s harder to detect a region you are in. However the UK it’s not. Scottish and British Accents are different. Chose them Wisely.

  11. For scammers, If you’re lying about your Location please Have a fucking Idea about your fake location. Same goes from Scam Baiters, Lying about your location shouldn’t be just a small lie. Make it Larger to the point nobody can disprove it. Lulzandfeelz got busted attempting to lie about my homeland. Russia, Yep you can’t lie to a naitve citizen about citizenship if you don’t know basic things, Nor advanced things.

  12. Grammar and Word Choice an other CIA/NSA Tactic. Now when you’re typing I know you’re a Brit or an Aussie if you use Flavour and you’re American if you use Flavor. Everyone should Conform to one if they’re lying about it. Also Attitude. Yes, Another thing lulz forgot about when lying about her russian citizenship. You can’t act cowardly or non-ballsy when you’re russian. Russians are chill, They’re very interesting people who Laugh and don’t really care but when challenged they roll up. She’s In California which was easy as she’s cowardly and acts super American but she supports pedophila so again we know she’s Jessica for multiple reasons.

  13. With all this being said, To Decive others rather ethically or Unethically you shouldn’t be overthinking something and every smallest mistake or oversight is how you’re busted.

Cover all your tracks and shit. A scammer mustn’t have anything that would ID you.
Check everything you’ve made/done. YTer’s Make sure you do not post your/face or Real name anywhere It may be an issue.

Remember not all scammers are stupid and some will go great lengths to do damage to you. You are fucking with their profits and some scammers risk their life trying to flee this horrid job. Also It’s better to contact the FBI/Law Enforcement before doing anything that puts them on the internet. Do it after an Arrest.

3 Likes

Thanks for the info thats a very good post

I Try to publish good content but I’ve doxed 10 “Untouchable” Skids CIA Style.

Basically Grammer, Langauge, Word Choice tone and Ignorance is very easy to tell on and off a voice/Video call I can hear rage even in writing. It’s unusal to hear your openant raging without hearing a voice, However it’s not uncommon for me to visualize or hear something that is still and not moving Like text pictures, and other things. It’s Unusual, Creepy, a Bit Crazy but I’m able to animate someone’s lifestyle from a small discription of the day the photo was taken. I can hear dialog and smell the smells that were presnet in that room, Sure this sounds crazy but It’s not uncommon for me to do so.

Most people are unaware when you’re typing on a social media platform that appears mere seconds after you sent it, I’m able to tell you how you’re feeling. Reading you’re comment I can guess that you’re calm or somewhat tired but not fully tired. If I were to make my best guess.

1 Like

Another tip is when scambaiting as a YT’er, try not to reveal how you got into their computer or what you did to them (like file copying or deleting), as some of them look for this information to better protect themselves.

The less they know about how you can get to them, the better. The best way is to leave them with no clue how you know who they are or what you can do to hurt them. A scammer who has no clue how their files got deleted will more likely be “offline” longer than one who knows what to look for.

1 Like

True this is another issue I’ve noticed with scam baiters.

If you’re stealing stuff, Always FTP it over a tor connection with a secured VPN Connection sure it’s massively slower but It keeps them from doing any advanced looking that they might attempt. They make enough monthly to hire people and pay hush money.

Again don’t commit crimes it’s not worth it. Most people use a RAT within a VM, Never do so either. Always connect to a VPS.

Another Mention is to change your mac address. Never use home wifi when hacking. Your SSID May be pulled and you’re fucked. Use a random location and act normal like you ain’t doing shit.

Another Just more information and Yeah it’s good to see some people posting good replies and content. I Hope this helps anyone who is doing it legally but I know some will use it illegally. It’s Just for safety as some scammers might actually do harm to you.

1 Like

yeah its good i use mullvad vpn which is great for privacy also windscribe on top of that
with mac spoof option on
then tor network in my vm

You shouldn’t be loud at all, Which is a good tactic however the issue with scam baiting is they can exploit the system and Jump the VM. It’s possible, I segerate my laptop from my main network and harden the system. IDS (Intrusion Detection Systems) Do an Amazing Job of keeping scammers out of my PC However Some RDP Clients have logs with IPs, The scam baiter can utilize this just as well as scammers can. It’s wise to attack them using this method. India banned VPNs and anything that disables Wifi Traffic Logging. Proxies may be ok but they’re limited and monitored. So the indian government might get pissed if someone is using a VPN so this gives the scam baiter an advantage.

Remember VMs can be exploited. It’s best to learn how to harden your OS or Scam bait with a dedicated rig. I Never use my work/play laptop for scam baiting. It’s unwise to do so.

1 Like

do you use vps to scambait?
if yes what do you recommend?

No VPS Just Locking down the network, I Have a room for Scam baiting. Keeps network discovery off the record. If my Desktop is exploited the damage is low. They can’t see the security cameras or Printers on the network nor can they see any SSID’s that are outside my network.

This achieved by forcing a room to come “Black” Inside your house but also disallowing the your computer to be seen by anything outside of the network. So no internet routers, Devices or anything is allowed into the room that is powered on. Unless it’s used to scam bait or do what is needed.

However going to the local coffee shop works too but the white noise is too much.

Exploitation is a massive threat and I’d rather not deal with it.

So What happens if they “exploit” My system? Well, They ain’t going very far. In fact the RAT or Malware they used will fail. Glasswire/Open Snich asks me to allow each and Every connection that is Inbound or outbound. Oh You’re trying to do something you shouldn’t? My IDS says nope.

Now this being said, If I’m not at my desk. The Connections are blacklisted no matter what they are. Update being preloaded? Nope sorry. Random Malware? Sorry nope not happening.

Intrusion Detection Systems also help sniff out Traffic from Scammers too. You can also combine Virtual box/VMWare and Wireshark to sniff the traffic. Anydesk doesn’t use proxies and In India Proxies and VPNs aren’t allowed but some things maybe to a certian Extent.

But as for VPS Providers. Blue Angel Host, CrazyRDP, Shinari and what not. I Keep it close to me within 500 Miles or so. So If you’re in detroit. Chicago is closer than New York and this is where a lotta data centers are. So I chose a Chicago VPS. I Keep it close to reduce ping.

1 Like