New GoldBrute Botnet is Trying to Hack 1.5 Million RDP Servers
Pirated ‘Watch Dogs’ Game Made A Bitcoin Mining Botnet ...
Hack Forums - Lost Account Password
AMA: Ask Mike Anything
Hello again. It's been a while. People have been emailing me about once a week or so for the last year to ask if I'm coming back to Bitcoin now that Bitcoin Cash exists. And a couple of weeks ago I was summoned on a thread called "Ask Mike Hearn Anything", but that was nothing to do with me and I was on holiday in Japan at the time. So I figured I should just answer all the different questions and answers in one place rather than keep doing it individually over email. Firstly, thanks for the kind words on this sub. I don't take part anymore but I still visit occasionally to see what people are talking about, and the people posting nice messages is a pleasant change from three years ago. Secondly, who am I? Some new Bitcoiners might not know. I am Satoshi. Just kidding. I'm not Satoshi. I was a Bitcoin developer for about five years, from 2010-2015. I was also one of the first Bitcoin users, sending my first coins in April 2009 (to SN), about 4 months after the genesis block. I worked on various things:
My main effort was an implementation of a Java library called bitcoinj. This was the engine used in the first p2p mobile wallet ("Bitcoin Wallet for Android"), and the first p2p desktop wallet that was faster to run than Bitcoin [Core] itself (MultiBit). These together were responsible for around 2.5 million user installs at a time when downloading the full block chain was becoming too slow for normal users to tolerate and the only alternative was a "bitbank" or cloud-hosted wallet. It was used in the first trustless gambling site (SatoshiDice), over 100 products and projects, and many academic research papers.
With Gavin Andresen and others I designed some upgrades to the Bitcoin protocol like Bloom filtering and BIP70.
With Matt Corrallo I implemented and demonstrated the first version of (micro)payment channels. I put together a demo of a file server that charged micropayments using a GUI called Payfile (mentioned in New Scientist here). I used to have a video of this but unfortunately it no longer seems to be on YouTube. Payment channels went on to be used in the design of the Lightning Network.
You can see a trend here - I was always interested in developing peer to peer decentralised applications that used Bitcoin. But what I'm best known for is my role in the block size debate/civil war, documented by Nathaniel Popper in the New York Times. I spent most of 2015 writing extensively about why various proposals from the small-block/Blockstream faction weren't going to work (e.g. on replace by fee, lightning network, what would occur if no hard fork happened, soft forks, scaling conferences etc). After Blockstream successfully took over Bitcoin Core and expelled anyone who opposed them, Gavin and I forked Bitcoin Core to create Bitcoin XT, the first alternative node implementation to gain any serious usage. The creation of XT led to the imposition of censorship across all Bitcoin discussion forums and news outlets, resulted in the creation of this sub, and Core supporters paid a botnet operator to force XT nodes offline with DDoS attacks. They also convinced the miners and wider community to do nothing for years, resulting in the eventual overload of the main network. I left the project at the start of 2016, documenting my reasons and what I expected to happen in my final essay on Bitcoin in which I said I considered it a failed experiment. Along with the article in the New York Times this pierced the censorship, made the wider world aware of what was going on, and thus my last gift to the community was a 20% drop in price (it soon recovered).
The last two years
Left Bitcoin ... but not decentralisation. After all that went down I started a new project called Corda. You can think of Corda as Bitcoin++, but modified for industrial use cases where a decentralised p2p database is more immediately useful than a new coin. Corda incorporates many ideas I had back when I was working on Bitcoin but couldn't implement due to lack of time, resources, because of ideological wars or because they were too technically radical for the community. So even though it's doesn't provide a new cryptocurrency out of the box, it might be interesting for the Bitcoin Cash community to study anyway. By resigning myself to Bitcoin's fate and joining R3 I could go back to the drawing board and design with a lot more freedom, creating something inspired by Bitcoin's protocol but incorporating all the experience we gained writing Bitcoin apps over the years. The most common question I'm asked is whether I'd come back and work on Bitcoin again. The obvious followup question is - come back and work on what? If you want to see some of the ideas I'd have been exploring if things had worked out differently, go read the Corda tech white paper. Here's a few of the things it might be worth asking about:
Corda's data model is a UTXO ledger, like Bitcoin. Outputs in Corda (called "states") can be arbitrary data structures instead of just coin amounts, so you don't need hacks like coloured coins anymore. You can track arbitrary fungible assets, but you can also model things like the state of a loan, deal, purchase order, crate of cargo etc.
Transactions are structured as Merkle trees.
Corda has a compound key format that can represent more flexible conditions than CHECKMULTISIG can.
Smart contracts are stateless predicates like in Bitcoin, but you can loop like in Ethereum. Unlike Bitcoin and Ethereum we do not invent our own VM or languages.
Transactions can have files attached to them. Smart contracts in Corda are stored in attachments and referenced by hash, so large programs aren't duplicated inside every transaction.
The P2P network is encrypted.
Back in 2014 I wrote that Bitcoin needed a store and forward network, to make app dev easier, and to improve privacy. Corda doesn't have a store and forward network - Corda is a store and forward network.
It has a "flow framework" that makes structured back-and-forth conversations very easy to program. This makes protocols like payment channelss a lot quicker and easier to implement, and would have made Lighthouse much more straightforward. A big part of my goal with Corda was to simplify the act of building complicated decentralised applications, based on those Bitcoin experiences. Lighthouse took about 8 months of full time work to build, but it's pretty spartan anyway. That's because Bitcoin offers almost nothing to developers who want to build P2P apps that go beyond simple payments. Corda does.
The flow framework lets you do hard things quickly. For example, we took part in a competition called Project Ubin, the goal of which was to develop something vaguely analogous in complexity to the Lightning Network or original Ripple (decentralised net-out of debts). But we had about six weeks and one developer. We successfully did that in the time allowed. Compare that to dev time for the Lightning Network.
Corda scales a lot better than Bitcoin, even though Bitcoin could have scaled to the levels needed for large payment networks with enough work and time. It has something similar to what Ethereum calls "sharding". This is possible partly because Corda doesn't use proof of work.
It has a mechanism for signalling the equivalent of hard forks.
It provides much better privacy. Whilst it supports techniques like address randomisation, it also doesn't use global broadcast and we are working on encrypting the entire ledger using Intel SGX, such that no human has access to the raw unencrypted data and such that it's transparent to application developers (i.e. no need to design custom zero knowledge proofs)
A few stories about Brian Krebs: The independent cybercrime journalist who exposes criminals on the internet
First, a bit of introduction before we get into the living drama that is Brian Krebs. Brian Krebs has been a journalist for decades, starting in the late 90s. He got his start at The Washington Post, but what he's most famous for are his exposes on criminal businesses and individuals who perpetuate cyber crime worldwide. In 2001, he got his interest in cybercrime piqued when a computer worm locked him out of his own computer. In 2005, he shifted from working as a staff writer at The Washington Post's tech newswire to writing for their security blog, "Security Wire". During his tenure there, he started by focusing on the victims of cybercrime, but later also started to focus on the perpetrators of it as well. His reporting helped lead to the shutdown of McColo, a hosting provider who provided service to some of the world's biggest spammers and hackers. Reports analyzing the shutdown of McColo estimated that global spam volume dropped by between 40 and 70 percent. Further analysis revealed it also played host to child pornography sites, and the Russian Business Network, a major Russian cybercrime ring. In 2009, Krebs left to start his own site, KrebsOnSecurity. Since then, he's been credited with being the first to report on major events such as Stuxnet and when Target was breached, resulting in the leakage of 40 million cards. He also regularly investigates and reveals criminals' identities on his site. The latter has made him the bane of the world of cybercrime, as well as basically a meme, where criminals will include references like Made by Brian Krebs in their code, or name their shops full of stolen credit cards after him. One of his first posts on his new site was a selection of his best work. While not particularly dramatic, they serve as an excellent example of dogged investigative work, and his series reveal the trail of takedowns his work has documented, or even contributed to. And now, a selection of drama involving Krebs. Note, all posts are sarcastically-tinged retellings of the source material which I will link throughout. I also didn't use the real names in my retellings, but they are in the source material. This took way too long to write, and it still does massively condense the events described in the series. Krebs has been involved with feuds with other figures, but I'd argue these tales are the "main" bits of drama that are most suited for here.
Fly on the Wall
By 2013, Krebs was no stranger to cybercriminals taking the fight to the real world. He was swatted previously to the point where the police actually know to give him a ring and see if there'd actually been a murder, or if it was just those wacky hackers at it again. In addition, his identity was basically common knowledge to cybercriminals, who would open lines of credit in his name, or find ways to send him money using stolen credit cards. However, one particular campaign against him caught his eye. A hacker known as "Fly" aka "Flycracker" aka "MUXACC1" posted on a Russian-language fraud forum he administered about a "Krebs fund". His plan was simple. Raise Bitcoin to buy Heroin off of a darknet marketplace, address it to Krebs, and alert his local police via a spoofed phone call. Now, because Krebs is an investigative journalist, he develops undercover presences on cybercrime forums, and it just so happened he'd built up a presence on this one already.
Guys, it became known recently that Brian Krebs is a heroin addict and he desperately needs the smack, so we have started the "Helping Brian Fund", and shortly we will create a bitcoin wallet called "Drugs for Krebs" which we will use to buy him the purest heroin on the Silk Road. My friends, his withdrawal is very bad, let’s join forces to help the guy! We will save Brian from the acute heroin withdrawal and the world will get slightly better!
Fly had first caught Krebs' attention by taunting him on Twitter, sending him Tweets including insults and abuse, and totally-legit looking links. Probably either laced with malware, or designed to get Krebs' IP. He also took to posting personal details such as Krebs' credit report, directions to his house, and pictures of his front door on LiveJournal, of all places. So, after spotting the scheme, he alerted his local police that he'd probably have someone sending him some China White. Sure enough, the ne'er-do-wells managed to raise 2 BTC, which at the time was a cool $200 or so. They created an account on the premiere darknet site at the time, The Silk Road under the foolproof name "briankrebs7". They found one seller who had consistently high reviews, but the deal fell through for unknown reasons. My personal theory is the seller decided to Google where it was going, and realized sending a gram of dope into the waiting arms of local law enforcement probably wasn't the best use of his time. Still, the forum members persevered, and found another seller who was running a buy 10 get 2 free promotion. $165 of Bitcoin later, the drugs were on their way to a new home. The seller apparently informed Fly that the shipment should arrive by Tuesday, a fact which he gleefully shared with the forum. While our intrepid hero had no doubt that the forum members were determined to help him grab the tail of the dragon, he's not one to assume without confirmation, and enlisted the help of a graduate student at UCSD who was researching Bitcoin and anonymity on The Silk Road, and confirmed the address shared by Fly was used to deposit 2 BTC into an account known to be used for money management on the site. By Monday, an envelope from Chicago had arrived, containing a copy of Chicago confidential. Taped inside were tiny baggies filled with the purported heroin. Either dedicated to satisfied customers, or mathematically challenged, the seller had included thirteen baggies instead of the twelve advertised. A police officer arrived to take a report and whisked the baggies away. Now, Fly was upset that Krebs wasn't in handcuffs for drug possession, and decided to follow up his stunt by sending Krebs a floral arrangement shaped like a cross, and an accompanying threatening message addressed to his wife, the dire tone slightly undercut by the fact that it was signed "Velvet Crabs". Krebs' curiosity was already piqued from the shenanigans with the heroin, but with the arrival of the flowers decided to dive deeper into the сука behind things. He began digging into databases from carding sites that had been hacked, but got his first major breakthrough to his identity from a Russian computer forensics firm. Fly had maintained an account on a now-defunct hacking forum, whose database was breached under "Flycracker". It turns out, the email Flycracker had used was also hacked at some point, and a source told Krebs that the email was full of reports from a keylogger Fly had installed on his wife's computer. Now, because presumably his wife wasn't part of, or perhaps even privy to her husband's illicit dealings, her email account happened to be her full legal name, which Krebs was able to trace to her husband. Now, around this time, the site Fly maintained disappeared from the web, and administrators on another major fraud forum started purging his account. This is a step they typically take when they suspect a member has been apprehended by authorities. Nobody knew for sure, but they didn't want to take any chances. More research by Krebs revealed that the criminals' intuition had been correct, and Fly was arrested in Italy, carrying documents under an assumed name. He was sitting in an Italian jail, awaiting potential extradition to the United States, as well as potentially facing charges in Italy. This was relayed to Krebs by a law enforcement official who simply said "The Fly has been swatted". (Presumably while slowly removing a pair of aviator sunglasses) While Fly may have been put away, the story between Krebs and Fly wasn't quite over. He did end up being extradited to the US for prosecution, but while imprisoned in Italy, Fly actually started sending Krebs letters. Understandably distrustful after the whole "heroin" thing, his contacts in federal law enforcement tested the letter, and found it to be clean. Inside, there was a heartfelt and personal letter, apologizing for fucking with Krebs in so many ways. He also forgave Krebs for posting his identity online, leading him to muse that perhaps Fly was working through a twelve-step program. In December, he received another letter, this time a simple postcard with a cheerful message wishing him a Merry Christmas and a Happy New Year. Krebs concluded his post thusly:
Cybercrooks have done some pretty crazy stuff to me in response to my reporting about them. But I don’t normally get this kind of closure. I look forward to meeting with Fly in person one day soon now that he will be just a short train ride away. And he may be here for some time: If convicted on all charges, Fly faces up to 30 years in U.S. federal prison.
Criminals are none too happy when they find their businesses and identities on the front page of KrebsOnSecurity. It usually means law enforcement isn't far behind. One such business was known as vDOS. A DDOS-for-hire (also known as a "booter" or a "stresser") site that found itself hacked, with all their customer records still in their databases leaked. Analysis of the records found that in a four-month time span, the service had been responsible for about 8.81 years worth of attack time, meaning on average at any given second, there were 26 simultaneous attacks running. Interestingly, the hack of vDOS came about from another DDOS-for-hire site, who as it turns out was simply reselling services provided by vDOS. They were far from the only one. vDOS appeared to provide firepower to a large number of different resellers. In addition to the attack logs, support messages were also among the data stolen. This contained some complaints from various clients who complained they were unable to launch attacks against Israeli IPs. This is a common tactic by hackers to try and avoid unwanted attention from authorities in their country of residence. This was confirmed when two men from Israel were arrested for their involvement in owning and running vDOS. However, this was just the beginning for this bit of drama. The two men arrested went by the handles "applej4ck" and "Raziel". They had recently published a paper on DDOS attack methods in an online Israeli security magazine. Interestingly, on the same day the men were arrested, questioned, and released on bail, vDOS went offline. Not because it had been taken down by Israeli authorities, not because they had shut it down themselves, but because a DDOS protection firm, BackConnect Security, had hijacked the IP addresses belonging to the company. To spare a lot of technical detail, it's called a BGP hijack, and it basically works by a company saying "Yeah, those are our addresses." It's kind of amazing how much of the internet is basically just secured by the digital equivalent of pinky swears. You can read some more technical detail on Wikipedia. Anyway, we'll get back to BackConnect. Following the publication of the story uncovering the inner workings of vDOS, KrebsOnSecurity was hit with a record breaking DDOS attack, that peaked at 620/Gbps, nearly double the most powerful DDOS attack previously on record. To put that in perspective, that's enough bandwidth to download 5 simultaneous copies of Interstellar in 4K resolution every single second, and still have room to spare. The attack was so devastating, Akamai, one of the largest providers of DDOS protection in the world had to drop Krebs as a pro bono client. Luckily, Google was willing to step in and place his site under the protection of Google's Project Shield, a free service designed to protect the news sites and journalists from being knocked offline by DDOS attacks. This attack was apparently in retaliation for the vDOS story, since some of the data sent in the attack included the string "freeapplej4ck". The attack was executed by a botnet of Internet of Things (or IoT) devices. These are those "smart" devices like camera systems, routers, DVRs. Basically things that connect to the cloud. An astounding amount of those are secured with default passwords that can be easily looked up from various sites or even the manufacturers' websites. This was the start of a discovery of a massive botnet that had been growing for years. Now time for a couple quick side stories: Dyn, a company who provides DNS to many major companies including Twitter, Reddit, and others came under attack, leaving many sites (including Twitter and Reddit) faltering in the wake of it. Potentially due to one of their engineers' collaboration with Krebs on another story. It turned out that the same botnet that attacked Krebs' site was at least part of the attack on Dyn And back to BackConnect, that DDOS protection firm that hijacked the IP addresses from vDOS. Well it turns out BGP Hijacks are old hat for the company. They had done it at least 17 times before. Including at least once (purportedly with permission) for the address 188.8.131.52. Aka, "leet". It turns out one of the co-founders of BackConnect actually posted screenshots of him visiting sites that tell you your public IP address in a DDOS mitigation industry chat, showing it as 184.108.40.206. They also used a BGP Hijack against a hosting company and tried to frame a rival DDOS mitigation provider. Finally, another provider, Datawagon was interestingly implicated in hosting DDOS-for-hire sites while offering DDOS protection. In a Skype conversation where the founder of Datawagon wanted to talk about that time he registered dominos.pizza and got sued for it, he brings up scanning the internet for vulnerable routers completely unprompted. Following the publication of the story about BackConnect, in which he was included in, he was incensed about his portrayal, and argued with Krebs over Skype before Krebs ultimately ended up blocking him. He was subsequently flooded with fake contact requests from bogus or hacked Skype accounts. Shortly thereafter, the record-breaking DDOS attack rained down upon his site. Back to the main tale! So, it turns out the botnet of IoT devices was puppeteered by a malware called Mirai. How did it get its name? Well, that's the name its creator gave it, after an anime called Mirai Nikki. How did this name come to light? The creator posted the source code online. (The name part, not the origin. The origin didn't come 'til later.) The post purported that they'd picked it up from somewhere in their travels as a DDOS industry professional. It turns out this is a semi-common tactic when miscreants fear that law enforcement might come looking for them, and having the only copy of the source code of a malware in existence is a pretty strong indicator that you have something to do with it. So, releasing the source to the world gives a veneer of plausible deniability should that eventuality come to pass. So who was this mysterious benefactor of malware source? They went by the name "Anna-senpai". As research on the Mirai botnet grew, and more malware authors incorporated parts of Mirai's source code into their own attacks, attention on the botnet increased, and on the people behind it. The attention was presumably the reason why Hackforums, the forum where the source code was posted, later disallowed ostensible "Server Stress Tester" services from being sold on it. By December, "Operation Tarpit" had wrought 34 arrests and over a hundred "knock and talk" interviews questioning people about their involvement. By January, things started to come crashing down. Krebs published an extensive exposé on Anna-senpai detailing all the evidence linking them to the creation of Mirai. The post was so big, he included a damn glossary. What sparked the largest botnet the internet had ever seen? Minecraft. Minecraft servers are big business. A popular one can earn tens of thousands of dollars per month from people buying powers, building space, or other things. It's also a fiercely competitive business, with hundreds of servers vying for players. It turns out that things may have started, as with another set of companies, two rival DDOS mitigation providers competing for customers. ProTraf was a provider of such mitigation technology, and a company whose owner later worked for ProTraf had on at least one occasion hijacked addresses belonging to another company, ProxyPipe. ProxyPipe had also been hit with DDOS attacks they suspected to be launched by ProTraf. While looking into the President of ProTraf, Krebs realized he'd seen the relatively uncommon combination of programming languages and skills posted by the President somewhere else. They were shared by Anna-senpai on Hackforums. As Krebs dug deeper and deeper into Anna-senpai's online presence, he uncovered other usernames, including one he traced to some Minecraft forums where a photoshopped picture of a still from Pulp Fiction contained the faces of BackConnect, which was a rival to ProTraf's DDOS mitigation business, and another face. A hacker by the name of Vyp0r, who another employee of ProTraf claimed betrayed his trust and blackmailed him into posting the source of another piece of malware called Bashlite. There was also a third character photoshopped into the image. An anime character named "Yamada" from a movie called B Gata H Hei. Interestingly, under the same username, Krebs found a "MyAnimeList" profile which, out of 9 titles it had marked as watched, were B Gata H Hei, as well as Mirai Nikki, the show from which Mirai derived its name. It continues on with other evidence, including DDOS attacks against Rutgers University, but in short, there was little doubt in the identity of "Anna-senpai", but the person behind the identity did contact Krebs to comment. He denied any involvement in Mirai or DDOS attacks.
"I don’t think there are enough facts to definitively point the finger at me," [Anna-senpai] said. "Besides this article, I was pretty much a nobody. No history of doing this kind of stuff, nothing that points to any kind of sociopathic behavior. Which is what the author is, a sociopath."
I don't have the time or energy to write another effortpost, and as is I'm over 20,000 characters, so here's a few other tidbits of Krebs' clashes with miscreants.
A source and security researcher he was talking to started blabbing about him working with Krebs, and also was selling data to hackers on the side. His example data in his sales post was fucking Brian Krebs'.
OLD STUFF I rewrote the post after my discovery of how the network traffic works. The answer in short, unfortunately, is NO. But R* can detect it. I will assure you. From several tests, there are NO distinguishable traffic from the UDP protocol, in a public lobby that allows you to identify a modder, if you are being harassed by one. However, I tested two mod menus on my decoy account (I have two Steam accounts, and two Rockstar Social Club Accounts). The one thing that is significant is that there is a suspicious communication to the Rockstar servers. Mod menus generate DTLSv1.0 packets. Sent to Rockstar's servers at "220.127.116.11 prod.ros.rockstargames.com". Playing the game legitimately, no DTLSv1.0 packets are sent. But if you load a mod menu, Rockstar knows. The problem is, it is traffic going to the dedicated Game Service Servers. You, as a random person in a public lobby, will not be able to see it. TLDR... Let Rockstar catch and ban modders. You will never find them They are doing a pretty decent job. According to MPGH chatter, since four days ago a lot of the mod developers are pulling out of implementing money hacks into the game. As they cannot find a way to get past R* Anticheat yet. http://www.mpgh.net/forum/forumdisplay.php?f=414 I tested the one with the "Safe Money Drop". My decoy account got banned for 30 days. But you could be a real creepster. And tell people with unprotected (no VPN no proxy) internet connections, what city and state they live in. That still works. How to do that? I tested it on 5 different people already, all my friends. In-game, you have to be following the player around. The closer you are with the player, the more bytes are generated and sent between your IP and theirs. That helps you distinguish their IP from anyone else's. Now
Start Wireshark capture Statistics Endpoints Bytes Tab (Sort by highest) Your highest NON-LOCAL IP on ports 6672 (UDP, most players have traffic through this) is the player's IP
Using that IP, you can choose to either click the Name Resolution Checkbox on the bottom left of the Endpoints window. Or, you can just Google it. The potential of this vulnerability? DO NOT DO THIS Lets say you wanted to be a douchelord or something, and you don't like another player. Keep GTA V running in Windowed Mode, fire up wireshark, start capture. Locate the player IN-GAME and follow him around for at least one or two minutes. After you positively identified the player's IP (using the bytes-captured method on port 6672), you can attack it with a subscription DDoS/DoS Botnet provider. Also known as a "stresser" or "booter" for obvious reasons. (Note: they only accept either BitCoin or PayPal, I hate both of them). A few examples... (1) Defiance Protocol (2) Thunder Stresser (3) PolyStress (4) Stress3d.me (5) DataBooter (6) ExoStresser What does it do if you choose to do this? Well, first of all, even though they are known as booters or stressers, they initiate a Denial of Service attack on the victim machine. That means even if you left the session (you better), you can initiate the attack. It will shutdown their entire home network for a X amount of ms, just enough to kick someone, including the host of the lobby, out of the session. All you need to know to launch the attack is... (a)The IP address of victim machine (b)The Port you want to attack (port 6672) (c)The method of attack (chose one that is relevant to the protocol), like TCPStorm, DOMINATE, SYNFLOOD, etc. Seriously, don't do it. All I figured out is how to stalk my friends on GTA V. I have yet to even learn how to decrypt the captured GVSP data. If you want to catch modders on your own, you need to crack that hash. Seems like there is a new key generated a session. Hopefully R* in GTA VI will patch this vulnerability. GOOD LUCK, DON'T DoS people, and GO sign up for a VPN or Proxy, RIGHT NOW. Stuff Online on DTLSv1.0 Traffic https://wiki.wireshark.org/DTLS DTLS is a SSL Protocol that is compatible through UDP. It can be used to create SSH Tunnels back to R* Servers. Since the last thing a mod developer wants to do is give R* all of your info willingly, I am assuming that this DTLS traffic is part of the anticheat mechanism implemented by R*. DTLS traffic, as of yet, cannot be filtered by capture alone. However, you simply just look at the packet, and then filter the UDP traffic and port to display the majority of DTLS traffic. Example Packet Summary: Modder Machine To RockstaTake Two Interactive, New York, New York Upon Use of a Mod
Frame 204: 151 bytes on wire (1208 bits), 151 bytes captured (1208 bits) on interface 0 Interface id: 0 Censored TO Avoid MAC Ban Encapsulation type: Ethernet (1) Arrival Time: Jan 19, 2017 18:23:39.836486000 Pacific Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1484879019.836486000 seconds [Time delta from previous captured frame: 0.002543000 seconds] [Time delta from previous displayed frame: 0.002543000 seconds] [Time since reference or first frame: 1.598633000 seconds] Frame Number: 204 Frame Length: 151 bytes (1208 bits) Capture Length: 151 bytes (1208 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:dtls] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Censored TO Avoid MAC Ban Internet Protocol Version 4, Src: 10.0.1.113 (10.0.1.113), Dst: prod.ros.rockstargames.com (18.104.22.168) User Datagram Protocol, Src Port: 58016 (58016), Dst Port: 61457 (61457) Datagram Transport Layer Security
Modder Machine To Victim Machine Upon Giving Him All Weapons from Mod Menu. Victim is from Miami, Florida
Frame 210: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on interface 0 Interface id: 0 Censored TO Avoid MAC Ban Encapsulation type: Ethernet (1) Arrival Time: Jan 19, 2017 18:23:39.887777000 Pacific Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1484879019.887777000 seconds [Time delta from previous captured frame: 0.000169000 seconds] [Time delta from previous displayed frame: 0.000169000 seconds] [Time since reference or first frame: 1.649924000 seconds] Frame Number: 210 Frame Length: 101 bytes (808 bits) Capture Length: 101 bytes (808 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:gvsp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Censored TO Avoid MAC Ban Internet Protocol Version 4, Src: 10.0.1.113 (10.0.1.113), Dst: c-75-74-37-8.hsd1.fl.comcast.net (22.214.171.124) User Datagram Protocol, Src Port: vision_server (6672), Dst Port: vision_server (6672) Source Port: vision_server (6672) Destination Port: vision_server (6672)
These are the settings you must have on Windows Firewall, on Windows 10. Make one rule for INBOUND and one for OUTBOUND. You can do this while playing the game. Set them to enabled and change session. You should be on a new lobby with MUCH LESS PLAYERS. Keep Lobby-Surfing until you end up alone or the other people leave. My Wireshark capture tells me that the only other player in the game is connected to me via UDP 35464. He eventually left. Leaving me in a session by myself. It won't guarantee you a solo lobby anymore, but it makes it much rarer for packed lobbies with modders and jet griefers. If you are feeling lonely, then disable those firewall rules and switch session again. I still have a UDP connection via 6672 despite the rules. My wireshark picks up no traffic at all though. Hmm interesting. If you block your traffic it now generates DTLSv1.0 traffic (like modder traffic) to Rockstar at 126.96.36.199. There is also a lot more TCP traffic through Port 80 (but its still obfuscated). And it is going through my blocked UDP ports in the new firewall rules. It basically SSH tunneled through UDP directly to R*. So it's just me and their gameserver. No one else. Well the admins know I am not cheating. They prolly think I have a lousy internet connection or a jerk of a admin (they think) who doesn't want me to use UDP gaming ports. I am not worried at all. If you wanna sell all of your shit without being picked on. Then do this,
enable the firewall rules both inbound and outbound, sell your shit, and then disable them and switch sessions again so you won't be lonely anymore.
Here are the packet captures that I am WILLING to share. Basically it shows two things. R* Will open a SSH tunnel secret in at least TWO conditions (1) If you are modding. There will be a SSH Tunnel created using the DTLSv1.0 protocol on your UDP ports. Telling R* what you are doing if your game traffic looks suspicious (2) If you are using the firewall glitch, the game will get around your Windows Software Firewall and start connecting to R* with the SSH tunnel.
For #2 if you check on my packet capture links, even though I told Windows Firewall to block that UDP port, packets were sent through anyways as DTLS traffic. I have yet to be banned for this. This ensures that R* can still save my data. And you get to have less populated and/or totally alone sessions so you can play the damn game! And here is a example of normal traffic. Me and three of my friends in a 4-player Survival Game
Edit: Uploaded a 38 minute video, soloing biker deliveries without interference from other players. Works as long as I end up being the only player in the session, no new players can join because I blocked my ports
Other Possible Ramifications (Very Bad If It's True!) Not to freak everyone out. But it MAY be possible, for someone with actual hacking talent (not me), to drop a Staged Meterpreter Shell into your computer, assuming that he or she knows your IP address through the discovery on Wireshark. They can then... (1) Have the payload on execution rewrite a critical system file in your computer (2) Download the remaining stages of the payload (3) Slowly compromise other system processes on your computer (4) Gain root-access (Administrator in Windows) (5) Start executing commands as Root/Admin (6) Do creepy shit like use your webcam to take a picture of your face. Or steal your saved payment information in your browser cookies for Amazon, etc. I typically would picture our typical home networks like this in a typical game lobby on GTA Online Me
Laptop running GTA V My Router and Firewalls My Public IP (UDP Port 6672) My ISP
ISP routing path Your ISP Your Public IP (UDP Port 6672 and/or other) Your Home Router and Firewalls Your Computer
The problem with the UDP protocol, is that it has very little verification and checksumming. It just keeps spamming packets, making it viable for low latency applications (gaming). If I can make a virus or reverse shell look like typical game data, then it SHOULD get through your firewall, and automatically get forwarded by your router to your computer. As long as I am connected to you, all the validation is authentic. As long as I am connected to you, either in a game mode, or through the public lobby! If those conditions are met. Then it's going to look like regular traffic to your network. I have yet to even try this. I did managed to reencode a standard reverse shell payload (msfvenom) and infected myself with it (successfully SSH tunneling through my own router from the WWW against my Linux installation). However, my Windows variant failed to execute due to Windows User Account Controls. Windows Defender was futilely, furiously searching for this "virus", and eating up all my hard drive usage (100% while playing GTA) until I finally removed it after running a scan with HitmanPro (a heuristics second-opinion scanner that hunts for files that exhibit virus/malware like activity). PSA: DO NOT USE WIRESHARK TO MONITOR GTA V TRAFFIC, R* EULA HAS RECENTLY BEEN CHANGED, DEPENDING ON SEVERITY IT MAY BE A INSTANT PERMANENT BAN At 4:30 AM PST, January 22nd, my account received a permanent ban as I was with my friends on their yacht looking through the scope of a sniper rifle in the middle of a Piracy Prevention Match. As it turns. Sniffing network traffic via Wireshark may or may not be a ground for a ban. Regardless of whether or not I am doing it right now. I even double checked the vague Rockstar Games EULA to make sure. https://www.rockstargames.com/eula
You agree not to: reverse engineer, decompile, disassemble, display, perform, prepare derivative works based on, or otherwise modify the Software, in whole or in part;
Well I attempted to! And I violated a good half of those.
cheat or utilize any unauthorized robot, spider, or other program in connection with any online features of the Software;
"Spider" (I am guessing they are referring to internet crawlers), but "other program"? Yeah Wireshark fits the bill.
TECHNICAL PROTECTIONS: The Software may include measures to control access to the Software, control access to certain features or content, prevent unauthorized copies, or otherwise attempt to prevent anyone from exceeding the limited rights and licenses granted under this Agreement. Such measures may include incorporating license management, product activation, and other security technology in the Software and monitoring usage, including, but not limited to, time, date, access, or other controls, counters, serial numbers, and/or other security devices designed to prevent the unauthorized access, use, and copying of the Software, or any portions or components thereof, including any violations of this Agreement. Licensor reserves the right to monitor use of the Software at any time. You may not interfere with such access control measures or attempt to disable or circumvent such security features, and if you do, the Software may not function properly. If the Software permits access to Special Features, only one copy of the Software may access those Special Features at one time. Additional terms and registration may be required to access online services and to download Software updates and patches. Only Software subject to a valid license can be used to access online services, including downloading updates and patches. Except as otherwise prohibited by applicable law, Licensor may limit, suspend, or terminate the license granted hereunder and access to the Software, including, but not limited to, any related services and products, at any time without notice for any reason whatsoever.
The Secret UDP SSH Tunnel (DTLSv1.0), got it. R* Anticheat. Check. Don't fuck with it? Naw mang, sorry, totally lost it. Well... if I straight up spilled the beans on how your anticheat works, including what it could possibly do and can't do, and how it might work, I'd guess you'd be pretty mad at me too. Especially since posting on Reddit is the equivalent of me following you around IRL with a megaphone, screaming in public in earshot "Don't trust him! He is reading your shit! He's looking through your gameplay traffic right now. And he knows everything!!!!"
Remember what I said about DDoSing people that are discovered on Wireshark? If you do this, and the victim knows the right people to call, I wouldn't be surprised if G-Men in suits knock on your door. At first, I thought, that was it. Then I decided to go Google "GTA V Banwave" and set the time to one week ago. What I saw was a real trip. A huge spike in fake bans and urgent warnings, "PSA's" all over YouTube It's something related to the latest iteration of Mod Menus that have been popping up. I have not seen so much panic run through the forums of UnknownCheats and MPGH in my life. New versions, updates, and customized variants of Mod Menus have been popping up on a daily basis. And with a detection period from launch, of at most, a week long. That is, the day that the new mod menu gets uploaded, to the point that users start to report they are getting banned for it, can be up from a week from now. R* anticheat went into overdrive. Developers have been scaling back on implementing the money drop feature for fear of triggering instant bans for their users (hence the lack of money drops recently). Then I noticed something... The prevailing issue of "Persistent Mods" and possible "Memory Corruption" implicating innocent players I am talking about mod menus that permanently break a lobby's features like free roam missions, like CEO or Bikers, but this time, it can carry over betweens lobby sessions. I saw my first variant earlier this week and shrugged it off. Then I saw my second one today. Some modder was caging me and my friends and trying to flatten us with Bugattis. Normally I would just join another session and any wacky attachment would fall off. But now the damage, errors, and bugs caused by mod menus can "carry-over" with me. I realized that I couldn't change my Outfits via the "Style Menu" for the second session in a row, I could not eat snacks to regenerate health, nor could I equip body armor. In some cases, I couldn't register as a CEO and start my missions, even though I already SWITCHED to a new lobby. After fully restarting the game from Steam, the "mod persistence" ceased. I had full control of my character again. Because we are talking about starting over again with fresh untainted memory. First instance of discussion of innocent bans recentlyhttps://www.youtube.com/watch?v=rKYnCDolKSc This video claims that you should be avoiding public lobbies on the PC like the plague or apocalypse. IDK if you have to be THAT extreme. Just don't interact too much with modders. Or try glitching yourself into a solo public lobby via the firewall glitch. This is really sad though. This guy is a victim of a modder, and he gets a ban for it, probably from memory corruption caused by the modders that Rockstar's Anticheat picked uphttps://www.youtube.com/watch?v=_1IEs-Bf7Is I am certain that if you react quickly enough, you will NOT get flagged by the modder's actions. You just need to do a full restart of the game. Not your PC. Just the game on Steam. So don't enjoy a modder's company for too long, no matter how pleasant they may appear. Holy fuck dude. The game still costs $60 on Steam. After all these years. I'll just wait until my decoy account gets unbanned. I'll see you guys in 30 days. Fortunately, it is NOT a MAC Ban. I logged into my decoy account. Decoy account still has a one month suspension.
When your business model is threatened a lot of companies tried to preserve it as long as possible. they pay millions and billions of dollars for political lobbying instead of fostering innovative ideas. business models like itunes or netflix show that it is possible to make money as a content delivery network, but many other companies tried to scare users away from filesharing and introduce DRM like steam or origin in order to retain their sales. that may have helped in short terms but we dont think those companies have a future.
As far as studies tell us, there is no harm or damage caused by filesharing.
Today’s copyright legislation is out of balance, and out of tune with the times. It has turned an entire generation of young people into criminals in the eyes of the law, in a futile attempt at stopping technological development. Yet file sharing has continued to grow exponentially. Neither propaganda, fear tactics, nor ever harsher laws have been able to stop the development.
It is impossible to enforce the ban against non-commercial file sharing without infringing on fundamental human rights. As long as there are ways for citizens to communicate in private, they will be used to share copyrighted materials. The only way to even try to limit file sharing is to remove the right to private communication. In the last decade, this is the direction that copyright enforcement legislation has moved in, under pressure from big business lobbyists who see their monopolies under threat. We need to reverse this trend to safeguard fundamental rights.
It happened last friday. We were notified by torrentfreak (see this post) and indeed there was much more DNS traffic than usual on our servers (especially since they gave negative responses that did not get cached). Oh, and various cops also called us and our providers, but this time, they at least didn't take our servers again.
Since there was a massive press shitstorm (probably fired up by the content mafia PR departments) going on against the site, we laid low for a short while, then finally deployed the site today.
First, we are NOT a single issue party, despite constantly being portrayed as such. We have a comprehensive manifesto covering most areas of politics. We don't just fight for civil rights and an agenda for openness in governments. We also have a lot of positions in regard to e.g. social/welfare policy etc. These are not as mutually exclusive as US politics may make people think - while a welfare state does limit "freedom" in the sense of making you pay taxes and preventing the rich from preying on the poor, it doesn't have anything to do with how much surveillance you have, if you have a free and uncensored internet, etc. We want to protect citizen's rights, both against corporate and government attacks, and make sure every citizen can have a decent, humane life - even if that means "limiting freedom" by making people pay taxes. We certainly have a few members who are more on the extremist end of the spectrum, in all directions. The majority agrees with what was described here, and the problems are limited since the extremists are a pretty small minority that usually quickly lose interest once they notice they cannot take us over to push their agenda. Not that they wouldn't try, but they don't have a lot of effect. We do not tolerate right-wing extremists at all, and if someone tries to spread hate in the name of the Pirate Party, they get thrown out pretty quickly.
In general, our politics can be described as "linksliberal", which literally translates to "left-liberal" but these words have different meanings in different countries. It would be the bottom-left quadrant of the political compass. It means we do support a welfare state ("socialist", as US republicans would certainly call us ;)), but we also strongly support personal liberties.
> The German Pirate Party (Piratenpartei) does not want to abolish copyright, but we do want to give it a massive overhaul. Private (file)sharing must be legal and must not be hindered by lawsuits or DRM. Protected works must not be withheld from the public domain for 70 years after the death of the author anymore.
> We also want to improve the situation for authors by strengthening their position against the RIAA/MPAA-style organizations (like the GEMA, which is responsible for blocking a significant part of Youtube videos for German viewers).
> Note that while most Pirate Parties worldwide want copyright reform, the exact policy may vary. Find your local Pirate Party on Pirate Parties International - nearly every country has one.
> The common aims of the international Pirate Parties are copyright reform, privacy, transparency, and public participation. Find your local Pirate Party on Pirate Parties International - nearly every country has one - and inform yourself about their aims!
> Although the German Piratenpartei sticks up for the rights of Internet users, we are not just an "Internet party". We fight for privacy and civil liberties, both online and offline, be it a privacy for your e-mails or a strong right to assemble and protest. We fight for an unconditional basic income and a general minimum wage. For free access to education without open or hidden fees. For real equality. For a healthcare system for everyone. A drug policy that gives addicts the help they need instead of threathening weed smokers with prison.
> This is just a small excerpt from our comprehensive Manifesto (English translation here) and the even more detailed Election Program for the federal election. (Sadly, many people appear to be unable to read even the table of contents, since there are still people claiming we don't have any ideas what to do or are "just an internet party". Think freely and inform yourself!)
You could support your local pirate party, despite the two-party system they can certainly raise awareness. Also, spread the word, fight crappy laws and treaties like ACTA, which we all killed together. Work with us and discuss our topics and positions.
Currently we try to push the US and Europe to suppport the Treaty for the Blind of the World Intellectual Property Organization which will be voted upon this month. We push for this treaty that would allow blind or visually impaired people to ensure full enjoyment of their basic human rights, the right to knowledge, the right to reading, the right to information. The treaty would promote accessibility instead of copyright restrictions (think of e-readers).
In Germany (which is where movie2k was most popular), torrenting non-CC movies/music will get you cease-and-desist letters from lawyers that log IPs (often not very accurately), use some of the new anti-privacy-laws to get your address, and then make millions by sending form letters demanding you pay around 1000 EUR for their "work" and compensation for "unlimited distribution of the protected work" (aka uploading).
We don't need to mention that we think these lawyers should be sitting in prison for fraud instead of sending these letters, do we?
We do support decentralized file sharing and want to legalize it. We just can't recommend it to people who will get themselves hurt. You can use some VPNs, but that requires a level of technical skill that unfortunately many people do not possess. As a sidenote, do not use TOR for downloading stuff, it isn't made for so much traffic and you will make it slow for people who really need it (e.g. in China, Turkey, ...)
Of course we recommend voting for the Piratenpartei, if we wouldn't fully support its aims we wouldn't be spending quite a few nights keeping the IT running. If we get into the parliament, we get a lot of useful tools even if we aren't part of the government coalition. For example, we may ask questions formally which the government has to answer ("Kleine Anfrage"), making it possible to uncover corruption and stop bad laws by public shaming. Next time the government tries to get a new anti-privacy law approved with like 5% of the members of parliament present at 2 o'clock in the morning, we can show full attendance and actually reject the law - or at least request a check for Beschlussfähigkeit (a certain number of members of parliament must be present in order to pass laws), stopping the law and drawing public attention.
If you are afraid of a CDU-led coalition (e.g. the "big" black-red or a black-green coalition), take into account we are the only party to strongly oppose a coalition with the CDU (due to their anti-freedom politics) besides the Left party (Linkspartei). However, the SPD said they won't do a "big" coalition source
We're a bit surprised, too, I guess the former operators and owners of the site would get a lot more attention. While hosting a 200 MBit/s site and being a Pirate Party is interesting, it apparently isn't that interesting.
Unfortunately, we don't know anything about the owners of movie2k or movie4k (we don't even know if they are the same person or group, though it seems probable), but there is this twitter account that seems to belong to movie4k so you may be able to reach someone there. Regarding your first question, Torrentfreak has already been told, but if you think your local Pirate Party may be interested (perhaps to get a press release out) or it may be considered a juicy story by your local press, that could be a good idea.
After the takedown of "kino.to", one of the largest German streaming portals, some newspapers announced an income between 700,000 and 1.6 million € per year, only from the advertisements. Also, video-hosters like shockshare earn money, because users want an ad-free and fast video stream. So, there is already a working conecpt. A company could provide a platform where users could watch SD movies for free (ad-supported). For higer quality like HD and 3D you have to pay. But if the companies demand outrageous prices that are as high or even higher as the price of a physical copy of the movie, it will not work. Also, selling music as a download only really took of once two things happened: DRM was abolished so you could simply download a MP3 file, and prices were reasonable. Imagine a platform where you can buy your favorite TV series for 1 dollar per episode or 10 dollars per season in 480p or for 1,50 /15 dollars in HD or 3-5 dollars per movie, with a good choice and an easy interface. Once you buy it, you can either stream it (as in "whenever you want, forever", because you "own" a virtual copy of it) or download a DRM-free file of it. Sure people could pirate the DRM-free files. So what? People are already pirating DRM-free files, putting locks on your legitimate customer's copies isn't going to do anything except annoying your customers. Today, the only platforms that come close to such a service have names like "The Pirate Bay" or "PublicHD" various usenet providers and they don't earn the producers any money.
I think it is quite possible to get 5% or significantly more in the Bundestagswahl, because months before the Berlin election we were expecting not to get the 5% and in the end, we ended up at 9%. The weeks before the election, when the campagin is fully running and we start getting back into the public mind, really make a lot of a difference.
Non-members have full access to our forums and mailing lists and we have exactly zero moderation on many of them. The federal level one ("Aktive") became so unbearable most active members simply abandoned it, so mostly only trolls are left over. The same happened to some of the state-level lists. Our real life meetings, especially the ones below federal level, are pretty good. I don't think other parties have less of these fights, we just refuse to hide them and actually make them very public. The transparency we practice and demand from each other and the quite low tolerance for anything perceived as "bad" is also what makes it less probable that we become a corrupt bag of corporate shills like some other parties.
We are just hosting the info page available there now, not the movie catalogue that was available there and is still available on sites like movie4k, so we have nothing to do with the ads.
Personally, such ads are one of the reasons I use Adblock. If you do, please use it responsibly and add exceptions for sites you like. You may not think you will click the ads anyways, but often at least some of them will be interesting to you and you will click them, especially on reddit.
Besides that, shouldn't ads that say "download" on a site where you go to stream movies (AFAIK, downloading is almost always a premium option if it is available at all) be pretty non-confusing, since there is no reason to click such a button? (But yes, I saw "play" ads on some streaming sites too, not sure if it was the original movie2k.)
We hope that's what we're doing with the info page. It should educate people about the situation, and it's certainly getting a lot of hits. Some certainly from bots, but just the traffic from two ressources we originally embedded into the info page from the main site took the main site down temporarily. We'll check next week with the international Pirate Parties if the membership application rates went up.
Did you know there are Pirate Parties in about 70 countries? PPI (Pirate Parties International\) has a list. If you are using reddit, there is a good chance your country is one of them. Many of these desperately need your help!
I (can't speak for everyone) agree that it is a shame we got all those egomaniacs, but I don't think the Pirate Party is "destroyed". We simply attracted a lot of cranks, trolls and idiots who we are dealing with now. Participative democracy is sometimes a massive pain in the ass, but we are not giving it up.
Also note that what is happening on the forums and mailing lists doesn't necessarily reflect the majority of the members and what is actually happening. Since many of us refuse any kind of moderation, trolls destroyed quite a few of them, so the productive members left and mostly idiots and trolls remain.
While we decided against using Liquid Democracy (which includes delegations) for official decisions, we did decide to introduce direct online and offline participation of members (without delegations). The decision against Liquid Democracy was a decision against delegations, not against online participation.
On the other hand we continue to operate our liquid democracy tool called 'liquid feedback' as an inofficial tool.
As stated above, we are not the ones who ran the original site, we are just hosting the replacement after the original owners redirected it to us. We do not know the original operators. Thus, we don't know if the site will be ever back up to original.
However, we have heared that there is a site called "Movie4k" that is quite similar.
I'm certain you aren't getting them from the one we are hosting now, but I can't speak for the streaming site it once was.
Still, if a web site is giving you viruses, you are doing it wrong. You should realize that you are visiting an "underground" web site, which will link you to a lot of different video hosts, some of which are quite shady (the non-shady ones tend not to have that many current movies). Thus, you should expect that at least some of these sites will show you ads from shady sources because they want to make money and don't have a reputation to lose, or get hacked and their sites infected.
I assume you are intelligent enough not to download any software like "flash updates", "codec packs", "players" etc. from these sites. You need to keep your software up to date by installing all updates from reliable sources. Disable Java completely in your browser, keep your browser updated, keep your PDF plugin updated (or disable it and use the built-in one), and most importantly, keep your friggin' flash plugin updated.
This is good advice and you should do it anyways, but if you decide to be careless and drive around in a car with no safety belt and spikes all over the dashboard, at least don't join a ralley with it (i.e. if you are too lazy to keep your system safe, don't go to shady sites).
This doesn't mean the web site has any right to put viruses up, and I find it really shitty they sometimes do, but it is reality, protect yourself.
Like with weed, legalizing filesharing will remove most of these unwanted side effects. Actually, given the damage botnets can cause, that's a good reason to legalize it ;-)
Botnets, IRC Bots, and Zombies. Thread / Author: Replies: Views: Last Post : HTTP Botnet and Bitcoin Mining Tens of thousands of pirate gamers have been enslaved in a Bitcoin botnet after downloading a cracked copy of popular game Watch Dogs. A torrent of the infected title, which supposedly has had its copy-protection removed, had almost 40,000 active users (seeders and leachers) and was downloaded a further 18,440 times on 23 May on one site alone. Pirates reported on internet forums that the ... Hack Forums is the ultimate security technology and social media forum. A botnet is currently scanning the internet in search of poorly protected Windows machines with Remote Desktop Protocol (RDP) connection enabled. BlackNET v1.0.0 Advanced MultiOS BotNET + Secure PHP Panel + Tutorial BlackNET Advanced MultiOS with a Secure PHP Interface Botnet with VB.NET and Python based Stub and VB.NET Builder About BlackNET B