Tag: hacker

Programming, Security, Tech

Ransom, Malwares & Joseph

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

someone writing in a notebook
Pen pals were the old school catfishing back in the day.
Photo by lil artsy, please support by following @pexel.com

Hey, do you remember the time when you could check the email that you had gotten from a random stranger and have nothing to worry about? Like the thought of you and them becoming pen pals was a possibility.

No, of course, no one would think that way since we’re all trained, due to our parents from a young age to stay away from strangers. However, let’s say that you did, and you were curious as to how this random chance of friendship would play out.

You email each other back and forth and things are going swell, right up until you get a notification saying, “You have twenty-two hours to hand over $65,356.34 if you want any chance of getting your computer back to normal and your dirty little secrets from being exposed.” This scenario isn’t exactly how the attack plays out, but you get the idea, your pseudo-friend has dirt on you and wants you to pay up or else.

two men sat across from each other.
Jake: I’m going to make you an offer you can’t refuse.
Steve: I refuse.
Jake: Okay, I didn’t see that coming so quickly. Oh gosh, you didn’t even think about it.
Photo by cottonbro studio, please support by following @pexel.com

You got Blockbuster

So back in 1989, hot movies were being released like Road House, Batman, and Indiana Jones and the Last Crusade, and the internet was booming. There was the raise of AOL or what’s better known as America Online, the movie The Godfather had been out for some years before then and people were drawing inspiration from the famous line that most jobs and now what seems like the current stance of every landlord, utility service provider, or insurance company are saying, “I’m going to make you an offer you can’t refuse.” Someone who may have taken inspiration from this movie was Joseph L. Popp.

A Harvard-trained evolutionary biologist who was the first person ever to create a ransomware virus. For those who don’t know, ransomware is a type of malware that acquires the victim’s information and denies access until the demands are met. These demands could be sending money, demanding the “truth” if it’s an activist act, or sending nudes. That last one was silly but I’m sure there’s some hacker out there using ransomware on Only Fans accounts for nudes.

Along with the creation of ransomware came interesting names such as “AIDS Trojan” and “PC Cyborg”. Popp made like capitalism and capitalized on the AIDS epidemic by sending out 20,000 infected diskettes labeled “AIDS Information” to people of the World Health Organization or widely known as W.H.O.

a photo of a diskette
Most if not all people of today have no clue what this is. Let me introduce you to the diskette.
Photo by Pixabay, please support by following @pexel.com

The diskettes housed malicious code able to hide file directories, lock file names, and demand victims send $189 to a PO Box in Panama to get their information back. This was the first generation of ransomware, and things have become more advanced since then.

man looking evil with a glass of scotch.
I drink, code viruses, and know things…for the right price.
Photo by cottonbro studio, please support by following @pexel.com

Father of Ransoms

After Joseph was deemed “The Father of Ransomware”, what category of people came to follow in his footsteps, not only to use but later improve this malware? They are called hackers and just a side note; anyone can use malware making them cyber-attackers, but I’m going to use hackers since their main objective is to exploit for profit.

Hackers tend to use ransomware via various methods such as phishing emails with malicious files attached, and drive-by downloading – a method where a file is downloaded without your interaction. And finally spoofing – is another method where a hacker is posing as a trusted entity.

Hackers can often obtain Ransomware-as-a-Service (RaaS) or malware-for-hire which has easier use and is cost-efficient for performing ransomware attacks. This is insane because this means hackers actually have a budget created to perform cyber-attacks. There are several ransomware variants, some of which could have you buck-naked out in the cold (or heat, depending on when and where you’re at in the world).

Popular ones are Ryuk – delivered through spear-phishing emails or gaining access to a desktop remotely, this variant can encrypt certain files avoiding the crucial ones for the computer’s operation and presenting the demand for ransom.

Ryuk can account for an average of $1 million. Maze can combine file encryption and data theft, this is done with the intent that if the victim decides not to pay the ransom their information could be exposed, sold online, or both.

REvil also known as Sodinokibi is a variant that has large organizations on the menu. This variant has been responsible for a number of large data breaches, a couple being “Kaseya” and “JBS” and has been known to have demanded a ransom of $800,000.

Lockbit, operating since September 2019, this variant rapidly encrypts data to prevent detection by security appliances and SOC (System and Organization Control) teams. There are a couple of other variants but at this junction, you pretty much get the point, they get access to your information, lock you out, and hold it for ransom.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

man sat holding his face.
What makes you think I can pay this ransom when I can’t even pay my rent?
Photo by Wallace Chuck, please support by following @pexel.com

Payments Not Made

Being hit with a ransomware attack is insanely dangerous and many vital organizations such as hospitals and public services have experienced significant losses from it as not paying the ransom can halt access to critical care.

Paying the ransom can lead to a chain reaction of events, a few being loss of the money used in ransom payment, productivity time lost, and the need to hire IT for disaster and recovery. And choosing not to pay the ransom could lead to whatever consequences the hacker has set in place.

So, how do you stop your information from being held against you? Well, there are a number of ways, most of which are pretty basic and get overlooked every day since we’re all creatures of habit.

Avoid clicking on links sent via email or other messaging means, staying away from compromised websites, ones where you may get a warning from your browser which displays “This site is not secure and may be unsafe, turning back is recommended.” Heed this warning as it may save you and your computer from being hit with a drive-by download.

And the most likely out of the bunch, if you suffer from being attracted to shiny things as I do, are ads that may pop up on your screen. A malicious link could be hidden within the ad to redirect you to an un-secure site for some non-consent time for your computer.

person sat with a mask in a hoodie holding a bank card.
Subscribe today so you or someone you know doesn’t have to experience ransomware or I will gain access to all your secrets.
Photo by Tima Miroshnichenko, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you think there’s something I missed on ransomware and want to add? Script a comment below.

Cloud Talk, Security, Tech

Icebergs and the Darknet

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

couple laying down on boat deck.
Sarah: Tom, did you read the latest script on Scriptingthewhy?
Tom: No, I don’t find any of them funny.
Sarah: Oh really…it’s over.
Photo by KoolShooters, please support by following @pexel.com

You are on the bow of the titanic with your version of Jack and you’re feeling like you’re the queen, king, it, them, they, infinite letters and symbols of the world. For those who have seen the titanic, you know the ending, despite there being enough room on the floating door Jack chooses the “Irish exit” over dealing with possible child support cases.

Since the movie The Titanic’s release which seems like it has been forever, this isn’t much of a spoiler; people get on a boat, party hard, the captain sucks at captaining, and the boat finds that icebergs have a deeper meaning to them.

The symbolism in all of this, what is it? Well, after figuring out what gender you land your spinning wheel on, the breakdown is as follows; clearly, your character is Rose, Jack is your virtual private network the titanic is your computer, and finally, the iceberg is the internet.

Why is it that the iceberg is considered to be the symbol of the internet and not the ocean? It may be attributed to depth and not width, but I didn’t coin the idea so don’t ask me.

photo of an iceberg
The captain of the titanic saw this and kept sailing forward.
Photo by Jean-Christophe Andre, please support by following @pexel.com

Web in Layers

I’m just going to make the assumption that everyone in the world has some point or another in their life spent some time on the internet. Rather it is shopping online, checking emails, looking for that special someone, or…filtering through their list of pronouns.

We have all spent time on this portion of the internet which is called the “surface web” due to it being readily available to the public. Making this portion of the internet or the iceberg to be considered “just the tip”. What are the other portions I can hear you ask? They are deep and dark web.

What’s the difference between the two? The deep web is the middle of the iceberg that includes everything that search engines cannot identify because they are protected with a password or stored behind internet services, so for example, you may have been spending a good portion of your time perusing on the deep web if you have an Amazon or Netflix account.

And for our main event at the bottom of the iceberg which is every emo kid’s wet dream, the dark web, is the hidden collective of internet sites only accessible via a specialized web browser (Tor) used to keep internet activity anonymous and private.

A brief history of the dark web according to the International Monetary Fund, the dark web or also known as “darknet” was created back in the late 90s by two organizations in the US Department of Defense to create an environment of anonymized and encrypted networks that would protect the sensitive communications of US spies.

people at a nightclub
Bob: Did anyone bring the E?
Eric: I got you bro, there’s some ecstasy in my bag.
Bob: I was talking about the Ethernet cord.
Photo by Edoardo Tommasini, please support by following @pexel.com

Darknet Clubbing

Aside from protecting America’s greatest spies and turning into a nightclub for hackers, what can be done on the dark web you may be asking? Well, pretty much anything you can think of.

The list is as follows but is not limited to; conducting black markets for stolen identity, selling of weapons, prostitution, sex trafficking, and the last thing you thought the internet would be used for since we still have corners on the block, the slinging of dope.

Do you want to perform a DDoS (Distributed Denial of Service)? Purchasing botnets on the dark web will help you perform this form of cyber-attack. You can also download files from the dark web however, they are more likely to come with a nasty array of surprises in the form of a virus, malware, spyware, ransomware, trojans, and many other devious files that could harm either your computer, bank account or just your life in general.

Now while being on the dark web sounds like a normal day in Camden New Jersey, just know, being present there is legal however, the activity you take part in begs the question if you’re joining the dark side or not.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

young man surfing.
Sailing would be so much easier if I had a boat.
Photo by Vladimir Kudinov, please support by following @pexel.com

Freedom not Allowed

So, having access to the dark web, why is this part of the iceberg so important? Well, as mentioned before, joining the dark side because they have candy, will grant you anonymity making you and your activities harder to trace.

This helps you avoid government censorship if you live in a country where freedom is a no-no and provides you with some privacy. An example of this would be if you wanted to watch a movie or show that you don’t have access to within your country, you could simply “sail the seas to find your booty”.

Translation: you would have a VPN to change your location to the region where you would have access to said viewing. Finding out all this information may have you terrified and asking if your information is being sold on the dark web and Buddha only knows what people are looking to do with it. If that is the case, then you can venture to the “Have I been Pwned”(HIBP)website to see if your information is doing the cupid shuffle.

young man in a hoodie grayscale
Not every hacker wears a hoodie…it’s only the serious ones.
Photo by mohamed faramawy, please support by following @pexel.com

Hacking Above to Depth Below

Now, if all this being on the dark web has you in Mr. Robot mode and you want to catch the bad guys or even play one part-time, there are careers in cyber security that can land you in the dark web.

Getting a degree helps but is not required since you have to display the ability to handle given situations versus sitting in a lecture hall letting valuable hacking time pass you by. Obtaining Security+ and acquiring certificates via online courses or boot camps will get you to depth faster.

Other certifications later acquired like the Certified Information Systems Security Professional (CISSP) could see you higher up career-wise and in-depth iceberg-wise.

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like I may have missed something about the dark-web? Script a comment below.

Cloud Talk, Programming, Security, Tech

Bombing with Midget Logic

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

First day on the job. I think it’s time I read the latest script. What could go wrong?
Photo by Andrea Piacquadio, please support by following @pexel.com

It’s your first day on the job as the new System Admin and you can’t wait to take on the day. Congratulations. After meeting with a few of your co-workers and the other people you are going to be helping throughout the building, you grab a cup of that fresh poisonous morning brew and head back to your office.

Quick rant, I swear toilet manufacturers and coffee companies have a secret contract together because there is no logical reason why you should down a cup and have to rush to the bathroom to exercise your sphincter moments later. They are in cahoots, and you can’t tell me otherwise.

Back on track, you’re back at your office sitting at your computer clearing out emails, and responding to tickets, and you notice a file named “Click here, there’s nothing to worry about.” You pause and think, “Maybe there is something to worry about”, you look back only for it to then say “No, really, there’s nothing to worry about. Promise.”

You wrestle with the thought and after a short time of debating you figure just checking the file out couldn’t be any harm, surely nothing could go wrong, you then receive an alert for a countdown. Let me script for you how things are about to blow up.

This is not good, Z-Daddy is ain’t good at all mate. One file is about to have me lose me job, fam.
Photo by Ketut Subiyanto, please support by following @pexel.com

First Day Ticking

There’s a countdown, meaning you’re on a time clock and it’s a race to solve this problem. Relax, this is no cause for panic, you’re just having some first-day bad luck. The event you just triggered with your curiosity is called a “Logic bomb”.

Logic bombs go by other names such as “Slag code” or “Slug code” but the result is still the same. A flavor of bad things happens at the end of the countdown which leads to the involuntary clapping of your cheeks via boss or client.

Logic bombs are malicious code inserted into an application and are designed to go off when the right event has taken place. This isn’t to be confused with “time bombs” as time bombs are a subset of logic bombs.

Time bombs are coded to go off at a specific time. This is like how a typical bomb operates but the only upside is you get to keep all your limbs instead of being either wheelchair or casket bound for the rest of your existence.

Puppy, you stay as cute as you are and I’ll be your John Wick. I have the strange feeling I should looking out for something…oh well, I’ll just read another script.
Photo by Pixaby, please support by following @pexel.com

Coded Bombs Outsourced

What kind of person would leave you with such a treat for your first day on the job? Well, if you could recall how your now boss felt about the previous Sys Admin, you might have thought that it could’ve been him. But before any confirmation of them being the culprit here’s a brief history on logic bombs.

The history of Logic Bombs dates to the Cold War, you know, that good ole USA vs USSR. The CIA (Central Intelligence Agency) had launched a trojan horse- that was in code, they didn’t actually launch a trojan horse, on the Soviet Union back in 1982. This was widely considered to be the original use of the logic bomb.

In the event of a logic Bomb being launched, a trucking company had some dealings with a software contractor, leading to a disagreement. Following that disagreement was the threat of using a logic bomb unless the client paid the invoices.

This had gone to court and the client won. Finally, this great-at-outsourcing country, the USA was on the receiving end of a logic bomb. Our army found that significant amounts of data were deleted which led to reservists being delayed for deployment and in payment. The Army was able to restore the data after coughing up $2.5 million for an investigation and repairing systems.  

How does any of this relate to your situation? Well, the previous Sys Admin might have been unhappy, and this is the kill from beyond the grave. You just happened to be the tool to set things in motion. Also, the individual that launched the logic bomb received jail time and had to pay $1.5 million in restitution. United States of America baby, we love our bills.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Don’t worry kid, logic bombs aren’t the only thing we sell here. How about you turn around? You could get a trick and a treat.
Photo by Nadin Sh, please support by following @pexel.com

High Level and Too Close

How could the previous Sys Admin be the culprit you might be wondering. The design of a logic bomb depends on the one creating it and what their goals are. They’re usually created by someone with high-level access, granting them the ability to have many options as to where the bomb or bombs could be placed.

Being able to dress them as viruses, malware, or worms furthers an already growing attack vector list and can make it even harder to trace the origin. As mentioned before, a few conditions could be required for detonation, one being something simple like opening a file. The other could be natural as the payload goes off when a time criterion is met.

The developers’ goals could range from releasing a worm to infect the network, releasing ransomware to extort money from the company, or deletion of files and worse the hard drive. And once the dust settles, the culprit, if clever, is long gone as this could have been left months or even a year behind.

Pay my employees? How? My company makes money hand over fit.
Photo by Lukas, please support by following @pexel.com

Build-A-Bomb Prevention Plan

At this junction, you’re probably wondering how you would be able to catch something like this from going off in your company or simply just avoiding this whole event together. One way to prevent this and I know the majority of companies are going to say, “THAT’S AN OUTRAGE!” Ensuring that the people who are closest to sensitive items and information are paid could help and seeing them paid well could be a huge benefit.

Money doesn’t solve everything but being able to pay your bills on time does help. Other forms of prevention are used up to date antivirus software as the logic bomb might have been injected into a virus or malware, scanning all files from time to time – this includes all compressed files, avoiding clicking on suspicious email attachments like “Nude Cowgirl Midgets” from known and unknown sources, keeping your OS (Operating System) up to date, and training staff not to click on anything promising them a good time. Logic bombs are tricky by design but with a watchful eye, you might be able to spot one in time and stop yourself from…well, exploding.

Like, share, and subscribe…in Scriptingthewhy we trust. America baby!
Photo by Pixabay, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Have your company or someone you know experienced a logic bomb event? Feel like there’s something I may have missed? Script a comment below.