Well, I Finally did something large.... (Feedback is wanted)

(Feedback is lovely, Some support is lovely too).

So, Today… After 4 to 5 posts about “Carding” And Fraud rings… I’m like “Damn, I Got a brand new Idea”. I’m a Social Engineer and Former black hat, Why not Bullshit my way into a Forum and Speedrun my way into being an Admin/Mod of the website…

Now, Picture this:
Me… A Russian who’s Knows more shit about “Carding” Then most “Professionals” Do. Who Wouldn’t Hire me… I Wouldn’t but these Morons sure love to hire me…

So The question is: WHAT AM I DOING OR AND IS IT ILLEGAL? The Answer to this remains a Mystery to me… Now Let me explain what the Hell I’m doing so we can make sure that this won’t be a problem.

Here’s a list of what the hell I’m trying to do in order…

  1. Infiltrate the Carding Forum via knowledge of the subject and Social Engineering AKA Lying my way to victory.

  2. After I Gain perms, Work my way up (If Needed to, But it’s possible I can speed run right to the Admin/Super fucking Trusted Roles).

  3. Steal the Entire Database upload to a server via FTP Over Tor, Download to my Virtual Box, Load on to a USB, Send to the FBI or Provide them With the login to my account so they can access the back end directly.

  4. Dox the Entire forum or do what I can.

I’ll Be working closely with some Hackers to make some Scripts to ping computers of the people accessing the site, Follow them with Cross site cookies, Info Gather things like PC Name, MAC Address, ISP Information, Location, Access time and more.

Once I get what I Want, the Data will be turned over to Police, I’ll remove the admin from the site or gain presistant Access to the server even if the Owners/Admins ban my account for stealing the DB, I’ll maintain server access so I’ll remain within the server so I can keep an eye on operations.

IDK What does everyone think? I Personally think this is no different than anything that police do globally… They’ll send someone who’s knowledgeable rather it’s a cop, A Criminal who they’re using to track other criminals or whatever… It’s Undercover work.

I Figure this will aide the scam baiting communities reputation as we’ll be fighting telemarketer and other fraud in large scale operations.

1 Like

Sounds like a noble plan, but one thing I know for certain is, if you do this before contacting the police and getting them to acknowledge it, then you will be seen as a criminal vigilante. What you are proposing is illegal, since it is essentially stealing someone’s database. Police might not take it as you doing them a favor, since they will need to reveal to Prosecutors how the data was obtained. Obtaining data illegally makes it inadmissible on most Courts.
I would approach someone on some Law enforcement blog that is open to the public and casually ask there, see what type of responses you get.


I’ll do this, however my nation’s laws are a bit different then most… I’ll contact the police but I Might drop my login to the site as a better means…

Stealing the DB might be illegal in most nations but here it’s not so much a crime, Either way I’ll be copying the stuff then working with law enforcement to get rid of these forums.

Your idea sounds great. I love that you want to fight fraud on a larger scale and so do I. I suggest using who.is and Grabify. They’re good sources if you want to find the ISP, PC, operating system, IP address, physical address, and maybe even the scammer’s name too, but the possibility of finding the scammer’s name is rare but if you ever come across the name of the scammer then you’ll have an important piece of evidence because all that ISP, PC, operating, system, IP address, etc is under that name and with all that you can get law enforcement involved. Maybe even a government agency too. But I am worried about a few things. Out of curiosity, could you name some of the forums you are talking about when you say you will get rid of these forums? Also, when you talk about hackers, please be careful about that because chances are you might be talking with a hacker who hacks illegally and for that you could get into trouble. Also, removing the admin from a forum site makes me a bit worried… It sounds like manipulation… I know the laws work differently where you live, but that admin could be somewhere else all the way in Canada, for example. Each country’s laws are not the same. Yes, we should fight fraud on a larger scale and make a largely beneficial impact for the common good, but at the same time we need to be careful. Not that I hate your idea, this whole post is my opinion on your idea.

Alright, I’m greatly aware of where most of the fraudsters are which happens to be in places like Russia, Ukraine, Moldova, Romania, China and Even the people’s republic of korea. I Tend to only see “Buyers” In western nation but on occasion… I do see an American/Western Vendor every so often. These are extremely rare to find however, I Have found out that “Torand0CC” a Well known Dark Web Vendor (Who’s been around for 5+ Years now), Is an American. This comes down to the way he speaks, Brags about his “$200,000 United States Dollar” Haul from sales… Yeah Let’s indirectly show where I reside. Most scammers will not change their denomination of currency. I tend to see them boast Euros, GBT or USD Typically but this is usually buyers/people who cash out the stolen assets.

Judging that “Russians and Asians” rarely boast their earnings, It’s safe to assume that a Majority of cyber criminals who flash their “earnings” aren’t any part of the eastern world. We know that flashing cash isn’t a great thing unless you know your shit is secured to the maximum or is insured. Mine is Insured and is in American accounts for the reason that it’s federally insured (None of my accounts exceed $250,000 USD).

But to answer the question about forums… Sadly since my work is being carried out currently I Wouldn’t want to pull a “Malware Hunters” and drop the ball like they did with Conti Ransomware. Professional stupidity at it’s finest. Let Law Enforcement take control of the servers and don’t expose them via twitter. I Posted to twitter after the servers went down and even contacted them and told them to cease operations or else. Thankfully I’ve managed to log some information from their telegrams. Since the site is offline… They’re selling via Telegram, I’ve made multiple alts to extract BTC and Other crypto addresses.

99% of the “Hackers” aren’t worth my time nor will hacking me worth while. They’d go through painstaking problems just to get $20. I’m not interested in most things and I typically keep pressure on them if they attack me.

Most Hackers/Fraudsters/Scammers aren’t very bright, I Piss them off so they run their mouth even more. Typically I can to find out how smart they are, Their age/Education level, Dialects and Insults and even timezone. This helps narrow it down to where they are and who they are. Tornado is around US-CST/US-PST Time so He’d be western US or Central Given his name is “Tornado” I’ll assume Central US. Nobody else in the world calls Tornadoes… Tornadoes. They’re called twisters among other things elsewhere but Again he flexes a USD BTC Balance. Like come on.

However, My problem is I’m not going to remove the admin in such a way that it would kill the site, I’d keep him locked out of the site so I could gather as much information and keep it under control until law enforcement can seize the control of the site and take the database + anything in escrow. However, I’d also do a Hansa Marketplace here too, Sabotage that prevents more people from being found.

However if you want bigger “Fraud Sites”

https://briankrebs.cm / https://briansclub.cm / https://briansclub.at

are a few to name.


However, My problem is I’m not going to remove the admin in such a way that it would kill the site, I’d keep him locked out of the site so I could gather as much information and keep it under control until law enforcement can seize the control of the site and take the database + anything in escrow.

I love the idea. Maybe once you gain admin permissions to all these sites you sent me, you can send us the IP addresses of these sites. I can do a lookup on those IP’s. I tend to get a good bit of Intel on scammers.

Sounds Great Rn, I’m typically waiting around and setting up the fun. I’m Sabotaging the site’s “Security” Settings that protect the users. I’m pulling the Dutch Police right now. What they did to Hansa gave me an idea. I’ll begin screwing the site up approximately 1.5 to 3 months out.

1 Like

Sounds like a plan! Also could you explain to me about reaching out to the Dutch authorities? Are one of the dark web sites located in the Netherlands?

Intel on the first dark web site link:

The Dutch Police shut down a Majority of the dark web markets… They’re notable for some of the most interesting methods which are typically clean and very well done. See Hansa Marketplace (Shutdown) as an example of the type of work I set out to do, Nothing that includes malware or anything but just a somewhat “Let’s get as much info as possible”.

I’d Export Passwords but still hash them but have a dual action code to hash and print in plain text then forward the plain text to me, then delete the file. I’d Be logging Metadata, IPs, Connections, Emails, Passwords, DMs/PMs, useragents and other things.

It’s good you got the Dutch authorities’ attention. What does hashing mean? I’ve never heard of that before.

I Don’t have their attention just using their methods.
As for “Hashing” It’s a Term that means passwords are encrypted and distorted to a point unless the plaintext password is unknown.

Plain text Would look like this: 123456790
Hashes Look a bit different:
MD5: e807f1fcf82d132f9bb018ca6738a19f
SHA1: 01b307acba4f54f55aafc33bb06bbbf6ca803e9a
SHA256: c775e7b757ede630cd0aa1113bd102661ab38829ca52a6422ab782862f268646
SHA512: c775e7b757ede630cd0aa1113bd102661ab38829ca52a6422ab782862f268646

These are hashes of the password: 1234567890 Meaning their known to most rainbow tables as they’ve been breached in plain text or guessed then checked.

As Stated, I’m unable to find the password correlating with most passwords, So having them made in plain text would make it easier.

1 Like

Now you just made all skidforums admins paranoid. GG. Anyways, gl hf, please give them a hell as long as the site you are planning to drop isn’t scammer.info :slight_smile:

Skidforums isn’t the worst problem more or less they do log IPs and co-op with Law Enforcement if needed. Now Other forums like RaidForums isn’t the worst either if you’re scammed while using their site they dump the Email and IP Sinsterly has even helped me out with a User spreading malware… Posted about the Crypto cliper somewhere on here Don’t remember my post’s name but yeah.

Typically I’m not too concerned with Skidforums, xss.is and exploit.in are two priority targets these house more illegal topics and sales which are generally forbidden on Western Hacking forums. Omni Lives in North Las Vegas so yeah it’s not a problem.

so you are trying to preform a “Doxxing” attack on scammer.info?

No… If That was the case I’d of already pulled it off, What I’m doing is attacking large scale fraud rings via Infiltration and non-B&E Methods of attack. 2 Sites have went offline, I’m Just working on about 15 sites currently. Doxing attacks on scammer.info would be quite difficult unless I’m targeting the admins/mods or a specific user of the forum. However that’s not the case.

I Find this question to be lacking basic common sense to be honest as why would I Post about doxing the site? I’m a little confused where you got this idea from… But let me know so I can clear it up at least.

you ask that yet one of your other posts was got any scammers anydesks ids, you probably shouldn’t be accessing scammers pcs.

I Typically don’t gain Unauthorized access to anything… Typically I look for ways to infiltrate via a Legal method. Rather it’s Misconfigs or social engineering via knowledge of the topics.

As this is a reply to another user I’m yet to understand where the “doxing” people came from.

Then What does HashTable mean?

You mean rainbow tables? Basically they’re lists of hashes or passwords that are known.
As I stated before the passwords are listed in a hashing algorithm such as Bcrypt, SHA-512, MD5 and so on. But some are plaintext, so when a hashed password matches a plaintext password then the password is considered “Dehashed” the table is just a format that allows you to quickly brute a target based on a hash or password.

I Maybe mistaken by the term of rainbow tables but they’re used to brute force passwords I don’t exact remember if they’re hashes or passwords or both.