Main Menu

Login



Support Virus.Org

Help support Virus.Org by donating.
Donating allows us to keep this site free and pay the running costs of all our services.
Iranian Blackhats Prove They Should Be Nominated For Darwin Award PDF Print E-mail
Sunday, 09 January 2005 14:00
So if you were a blackhat that was doing obviously illegal things would you firstly record yourself doing them? Secondly show where you were doing it from while you did it? Well if not you are not going to be accepted into the Iranian criminal cracker fold. It was Saturday and at vdot that means slow news day, so while searching Google for 0days using our leet ‘inurl’ hacks we tripped across something that appeared to be home made hacker training videos [link]. It would seem that there are a group of people who records themselves hacking with some very dodgy music in the background while giving commentary. The problem is one of the people doing it doesn’t realize the power of anonymity when breaking the law.

One of the clips ‘Client-hacking.avi’ firstly reveals the sensei’s IP address (217.218.6.141), from the screen shot in the movie we can see that this is a dial-up connection. The IP address according to RIPE belongs to:

	netname:      AGRI-BANK
	descr:        Agricultural Bank of Iran
	country:      IR
So either this guy has broken in to a bank’s RAS or he works there (I am not sure which is more disturbing really). It gets better however, one of the other videos by what appears to be the same person ‘Fake-cc.avi’ shows a website (crouz.com) which to our untrained eye is in Arabic and is a clearing house for trading credit card numbers and guess what? Yep it’s registered in Iran (although hosted in the United States by Hosting Solutions Inc):

	Pirouz, Ali  
 This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 
	Apt#11 - No.7 - 8th St. - Niloofar Ave. - Apadana St.
    	Tehran,  15857
    	IR
    	021 - 8500903    Fax: 021 - 8501329
We then saw our pet criminal go and register some domains (this guy is empowering the evil and the stupid!). We continued to wade through the rest of the home made evidence; we saw them show us how to break in to live eCommerce sites using SQL injection (which we presume will still work as the site appears to not of changed from that shown in the video) and numerous other techniques (although nothing ground breaking).

All in all very amusing and to be honest slightly disturbing, we recommend that the Iranian authorities cut of their hands (not that they won’t anyway).

Also just to note, we really did think the www.whitehat.co.il video contained in the same collection showing how to port-scan for IPSEC and bypass it put to the sound-track from the movie ‘hackers’ was the best one for amusement purposes.

Add this page to your favorite Social Bookmarking websites
Digg! Reddit! Del.icio.us! Google! Live! Facebook! Technorati! StumbleUpon! Yahoo!
Last Updated ( Thursday, 14 September 2006 21:29 )