Extortion made Easy

renso

Пользователь
Регистрация
07.06.18
Сообщения
24
Реакции
8
Баллы
3
This COULD be quick and simple if we target the right websites with DDOS attacks.

The strategy is as follows.

Find a darknet website offering various services including:

DDOS
RANSOMWARE
STOLEN FINANCIAL DATA (Fullz, CC, BankLogs)
PASSPORTS AND ID
DROPS
PEOPLE LOOKING FOR DARK WORK.

What I suggest is this.

Setting up your infrastructure.

Your infrastructure is FUNDAMENTALLY IMPORTANT in regards to keeping your activities un noticed and to stay hidden from police and other groups who want to force your hands. You should use a dedicated phone with NO simcard only WIFI. This will keep police from tracing your phone as all they need is your phone number (NEVER GIVE IT OUT) or an IMEI from your handset. SIGNAL and TELEGRAM are reliant on a simcard to setup so I suggest XMPP (JABBER) which is free to download and supports proxy function which allows you to bounce your connection via TOR.

Locating a suitable target to extort.

The possibilities are endless here, however look for a company that is reliant on the use of their website or network.

Any company can be a target depending on what time you attack their network/website, the key is TIMING. You should examine the company to find out estimated traffic levels at certain times of the day. You should also look at what they actually do as well, if say for example they are a B2B (Business 2 Business) based company then I would look at targetting them between opening and closing times (9-5) however I suggest (10-4). If timing is right, you could pull off 2-3 attacks per day on different companies.

If the company is reliant on VOIP (internet phones) or EMAIL for their MAIN communications to conduct business then it is better to look the company up on http://www.ripe.net to see if they are listing their IP block. You can then find out which IP to target via a portscan or ping sweep. You would be looking for systems with port 80 open, it does not matter if it asks for a password as we are not looking to gain access only find the location of the router. If the router goes down, then the company loses internet connectivity.

If the company is reliant on its customer base accessing their accounts online, then you will need to find out if they are using a web based firewall such as cloudflare or incapsula as these provide DDOS protection.

Find a reliable darkmarket online to source services.

On the Internet you have different types of darknets, PUBLIC aka CLEARNET, HIDDEN aka TOR or I2P and various telegram, signal, xmpp based communities. Finding these communities are simple, just use google to locate PUBLIC forums and then search for either ONION links (TOR) or eepsite links (I2P). Be aware that police usually setup DARK websites to perform dragnets on the LARGER suppliers, so as long as we act like little fish and take into account our OPSEC we should be ok.

Source reliable ddos service which can shut down websites/networks for an hour.

Most providers are in competition and you will see the prices have dropped over the past few years, Understand the way the market prices work are similar to high street or online websites. They are all in competion similar to the breadwars a few years back when supermarkets dropped prices of bread to undercut each other and at one point you could buy a loaf for around 10p. Its exactly the same on the darkmarkets.

Marketing is very effective on the darknet, however dont be fooled. If a deal looks too good to be true it usually is.

Watch out for scammers by checking the reputations scores (yes it is like ebay) and THE MOST RECENT comments on their posts, I tend to stay away from suppliers with NO FEEDBACK or REPUTATION. Unless you can PROVE to the supplier you know what you are talking about, be aware they may take your money and run. The whole point of scammers is to discourage people who dont know what they are doing.

however, by saying directly "Hi, I need a DDOS service for my team, while we setup our own. Can you target IP addresses directly and get around cloudflare web based firewalls or incapsula? contact me on xmpp (address)" you should be able to discourage the scammers as they usually go for weak targets.

Pay DDOS service to take down website for hour via BITCOIN

Once you have found a reliable DDOS service, I suggest you use BITCOIN to complete the transaction, however do not buy bitcoin online only use localbitcoin.com as online transactions CAN and WILL be traced. Meet the guy/girl in local bar or cafe.

Contact company anonymously demanding payment to bitcoin or they lose business.

This part can be done via anonymouse email, payphone or for maximum effect, publically on social media. Twitter is a great example of how to do this, many people will see this and be unable to access their acct and start complaining, forcing the target company to pay much quicker as they are losing business.

You should demand payment in bitcoin as this makes tracing the attack practically impossible.
 
May I ask one question. As I would like to know if the imei number can show up on the wild. or do they have to have physical presence to get it? Thank you and great work
 
Назад
Верх Низ