Lord777
Professional
- Messages
- 2,577
- Reaction score
- 1,563
- Points
- 113
And so, let's start with the hacker scheme of earning money. It is not complicated, profitable, and most importantly, cool.
In order to start working on it, you need basic knowledge in web programming or at least a desire to learn. If you are already somewhat familiar with hacking, then you will not be charged at all. You will enter quickly, and it is not difficult at its core.
What is it like?! I'll give you a real-life example, and then I'll tell you in more detail.
There is a website that supplies commercial equipment for businesses or small businesses, the equipment is very expensive, in my opinion, from 50 000 rubles and above, much higher. Hacking such sites is not very difficult in principle, even hacking it can not be called.
Most likely, well-thought-out social engineering. With the help of any analyzer, they find out on which hosting the site is hosted, then write an email on behalf of the hosting company. That they say your site didn't work for say a couple of hours due to a DDOS attack.
Further, the message says, please enable the anti-ddos feature - it is absolutely fingerless. Well, noodles on the ears are hung up that they say DDOS attacks harm the site, users can not view it and it falls in the results of Yandex and Google. That is, they scare you corny, but in moderation. So that they don't wet themselves. The main task is to scare that there is a risk of losing profit or site downtime.
You should understand that the email clearly states that this site needs to enable the anti-ddos service, which is also free. They also talk about all the resulting problems if the site is affected by an attack. And of course, the link that leads to your personal account. But in fact, this is a phishing site that copies the original authorization page of the hosting provider. And in order to do phishing just need a basic knowledge of web programming.
Moreover, if, say, a Hacker has a ddos panel, then he can specifically DDOS it the site for, say, 1 day, and then send an email saying that the site was subjected to a DDOS attack. In addition, Yandex.Metrica will also send them an email stating that the site is down and unavailable. After such notifications, faith in the email that you need to connect the anti-DDOS panel almost 100%. And there is no doubt that the email is from the hosting company either.
P.S. Sometimes, if the site is large. Then they play out a whole performance Writes, allegedly the IT department of the hosting provider, notifies about a DDOS attack on the site and tells you what measures need to be taken. After making sure that the vigilance is put to sleep, it already plows the link to the phishing panel.
However, in most cases, you don't even need to DDOS the site, they immediately believe in such a letter. The main thing is to make it colorful without mistakes. Of course, then the person enters the username and password from the hosting provider's account, and he gets a message that the anti-ddos service is connected and everything is fine, they say, do not worry. And the hacker himself gets access to the control panel and does not wave anything to him already on this site to fill in shell access. As you can see, you don't even need to look for holes, everything is trite simple.
P.S. This method is even used to hack TV companies
And when you already have shell access to the site, the choice that can be made with it is very large.
First, they write to competitors that they say we are cool hackers and hacked this site. We can redirect the flow of visitors to your site for a fee, or send them from the equipment request form to your email address, and not to them. That is, you understand that this site can be sold to competitors, not even the site itself, but traffic from it! And traffic to competitors brings income, and they are willing to pay.
Secondly, they also write to competitors that we are cool hackers and hacked this site. We can stop its operation for a very long time, which means that it will disappear from the search. The question of the amount. They say that we can hack your other competitors, and you will be alone. All the money and orders are yours(rainbow noodles on the ears, usually in moderation). Of course, there are many development options. As a rule, competitors get a good amount of money for such cases and hackers simply merge. And someone continues to work further, it all depends on what hackers got caught and what plans they have.
Third, if, for example, hackers could not find competitors, then the head of this site (who was hacked) is sent to VKili via personal email, saying that competitors ordered to hack your site. We hacked it, they give us proofs that is, evidence. And then the dialogue in this way, they say we can close all the holes on Your website and no one else will be able to hack and give advice on how to rise in the search for Yandex and Google.
They hang noodles in the style of SEO optimizers. The goal is very simple to get as much money as possible, and then get off with some bullshit thread. They also offer to tell us who ordered them to be hacked... it happens that sometimes they are asked to hack them in retaliation, hackers are thanked and even paid money for it.
PS It happens that not only do they not close vulnerabilities that do not exist. And they also sell shell
In the case of the site about equipment for enterprises, competitors agreed that the site should fall for a long time and hackers were instructed to hack other sites. The price was paid about $ 1000, but the whole joke did not end there. Hackers wrote to the site manager that his site was ordered to be hacked, and they hacked it. This is what I mentioned above. They offered to close all vulnerabilities on the site and also tell us about cool SEO optimization tips. They didn't manage to knock out much, but they haggled for about $ 300. As you can see, the profit is very good, that is, with one simple hack it turned out $ 1000.
It happens that competitors who buy traffic from a hacked site are simply intimidated or demonstrate strength, so to speak. They launch a DDOS attack on a competitor's site. All methods are good on the way to the goal.
Also, no one and nothing prevents you from selling shell on a hacker site, there is no special task and complexity here.
As you can see, in principle, there is nothing complicated. Everything in detail is simple and clear. Almost no one uses this scheme anymore, and both site owners and competitors have forgotten about it. Most hackers have moved on to other topics, and it is idle. I think there will be people who will say that this is not possible. Alas, you are wrong. Since such sites are usually owned by people who are very uneducated in terms of IT. Hack them, hang noodles in principle is not difficult. It also happens that they order boxes for hacking, and many hackers only get their hands on ... as they say, I got money and flew off. But of course, not everyone does this.
There are a lot of sites. Not only can we tell you about equipment for businesses, but there are also all the different law offices or other websites. You can find a lot of goals I will tell you about another story with a large portal on women's topics with visitors of about 20,000 people a day.
It was hacked in exactly the same way as I described above. The DDOS site did not last for 1 day, but for 3 whole days. Then they sent a letter from the hosting provider, and the administration logged in without suspecting anything. Then they just threw the shell, merged the database and sold it for .... $ 10000+ I don't remember how much they asked for the database. As you can see, not only simple sites come across, but also large projects. Those who bought shell, they just screwed up a breakthrough exploit pack and in general they did quite a lot of things there.
If you stop and look, it works.
They are looking for a site that can be hacked, using the method that I described above. Someone has DDOS, someone does not, it all depends on the resources, the main thing is that they send a letter that there was a ddos attack and in the letter there is a link to connect the free anti-ddos module. Once the data is received, then everything is at the discretion of the hacker. Selling to competitors, selling shell access, just offering security audits, etc.
That's basically all, such a profitable (gray) earnings scheme. And you don't have to be a special hacker to work on it. The question is the ability to properly organize a SI attack.
You can calculate the profit yourself On average, if Hackers do not worry, then they can easily earn $ 10000 on the auto-pilot. And the most experienced ones are many times more, but here it is already necessary to properly hacked).
In order to start working on it, you need basic knowledge in web programming or at least a desire to learn. If you are already somewhat familiar with hacking, then you will not be charged at all. You will enter quickly, and it is not difficult at its core.
What is it like?! I'll give you a real-life example, and then I'll tell you in more detail.
There is a website that supplies commercial equipment for businesses or small businesses, the equipment is very expensive, in my opinion, from 50 000 rubles and above, much higher. Hacking such sites is not very difficult in principle, even hacking it can not be called.
Most likely, well-thought-out social engineering. With the help of any analyzer, they find out on which hosting the site is hosted, then write an email on behalf of the hosting company. That they say your site didn't work for say a couple of hours due to a DDOS attack.
Further, the message says, please enable the anti-ddos feature - it is absolutely fingerless. Well, noodles on the ears are hung up that they say DDOS attacks harm the site, users can not view it and it falls in the results of Yandex and Google. That is, they scare you corny, but in moderation. So that they don't wet themselves. The main task is to scare that there is a risk of losing profit or site downtime.
You should understand that the email clearly states that this site needs to enable the anti-ddos service, which is also free. They also talk about all the resulting problems if the site is affected by an attack. And of course, the link that leads to your personal account. But in fact, this is a phishing site that copies the original authorization page of the hosting provider. And in order to do phishing just need a basic knowledge of web programming.
Moreover, if, say, a Hacker has a ddos panel, then he can specifically DDOS it the site for, say, 1 day, and then send an email saying that the site was subjected to a DDOS attack. In addition, Yandex.Metrica will also send them an email stating that the site is down and unavailable. After such notifications, faith in the email that you need to connect the anti-DDOS panel almost 100%. And there is no doubt that the email is from the hosting company either.
P.S. Sometimes, if the site is large. Then they play out a whole performance Writes, allegedly the IT department of the hosting provider, notifies about a DDOS attack on the site and tells you what measures need to be taken. After making sure that the vigilance is put to sleep, it already plows the link to the phishing panel.
However, in most cases, you don't even need to DDOS the site, they immediately believe in such a letter. The main thing is to make it colorful without mistakes. Of course, then the person enters the username and password from the hosting provider's account, and he gets a message that the anti-ddos service is connected and everything is fine, they say, do not worry. And the hacker himself gets access to the control panel and does not wave anything to him already on this site to fill in shell access. As you can see, you don't even need to look for holes, everything is trite simple.
P.S. This method is even used to hack TV companies
And when you already have shell access to the site, the choice that can be made with it is very large.
First, they write to competitors that they say we are cool hackers and hacked this site. We can redirect the flow of visitors to your site for a fee, or send them from the equipment request form to your email address, and not to them. That is, you understand that this site can be sold to competitors, not even the site itself, but traffic from it! And traffic to competitors brings income, and they are willing to pay.
Secondly, they also write to competitors that we are cool hackers and hacked this site. We can stop its operation for a very long time, which means that it will disappear from the search. The question of the amount. They say that we can hack your other competitors, and you will be alone. All the money and orders are yours(rainbow noodles on the ears, usually in moderation). Of course, there are many development options. As a rule, competitors get a good amount of money for such cases and hackers simply merge. And someone continues to work further, it all depends on what hackers got caught and what plans they have.
Third, if, for example, hackers could not find competitors, then the head of this site (who was hacked) is sent to VKili via personal email, saying that competitors ordered to hack your site. We hacked it, they give us proofs that is, evidence. And then the dialogue in this way, they say we can close all the holes on Your website and no one else will be able to hack and give advice on how to rise in the search for Yandex and Google.
They hang noodles in the style of SEO optimizers. The goal is very simple to get as much money as possible, and then get off with some bullshit thread. They also offer to tell us who ordered them to be hacked... it happens that sometimes they are asked to hack them in retaliation, hackers are thanked and even paid money for it.
PS It happens that not only do they not close vulnerabilities that do not exist. And they also sell shell
In the case of the site about equipment for enterprises, competitors agreed that the site should fall for a long time and hackers were instructed to hack other sites. The price was paid about $ 1000, but the whole joke did not end there. Hackers wrote to the site manager that his site was ordered to be hacked, and they hacked it. This is what I mentioned above. They offered to close all vulnerabilities on the site and also tell us about cool SEO optimization tips. They didn't manage to knock out much, but they haggled for about $ 300. As you can see, the profit is very good, that is, with one simple hack it turned out $ 1000.
It happens that competitors who buy traffic from a hacked site are simply intimidated or demonstrate strength, so to speak. They launch a DDOS attack on a competitor's site. All methods are good on the way to the goal.
Also, no one and nothing prevents you from selling shell on a hacker site, there is no special task and complexity here.
As you can see, in principle, there is nothing complicated. Everything in detail is simple and clear. Almost no one uses this scheme anymore, and both site owners and competitors have forgotten about it. Most hackers have moved on to other topics, and it is idle. I think there will be people who will say that this is not possible. Alas, you are wrong. Since such sites are usually owned by people who are very uneducated in terms of IT. Hack them, hang noodles in principle is not difficult. It also happens that they order boxes for hacking, and many hackers only get their hands on ... as they say, I got money and flew off. But of course, not everyone does this.
There are a lot of sites. Not only can we tell you about equipment for businesses, but there are also all the different law offices or other websites. You can find a lot of goals I will tell you about another story with a large portal on women's topics with visitors of about 20,000 people a day.
It was hacked in exactly the same way as I described above. The DDOS site did not last for 1 day, but for 3 whole days. Then they sent a letter from the hosting provider, and the administration logged in without suspecting anything. Then they just threw the shell, merged the database and sold it for .... $ 10000+ I don't remember how much they asked for the database. As you can see, not only simple sites come across, but also large projects. Those who bought shell, they just screwed up a breakthrough exploit pack and in general they did quite a lot of things there.
If you stop and look, it works.
They are looking for a site that can be hacked, using the method that I described above. Someone has DDOS, someone does not, it all depends on the resources, the main thing is that they send a letter that there was a ddos attack and in the letter there is a link to connect the free anti-ddos module. Once the data is received, then everything is at the discretion of the hacker. Selling to competitors, selling shell access, just offering security audits, etc.
That's basically all, such a profitable (gray) earnings scheme. And you don't have to be a special hacker to work on it. The question is the ability to properly organize a SI attack.
You can calculate the profit yourself On average, if Hackers do not worry, then they can easily earn $ 10000 on the auto-pilot. And the most experienced ones are many times more, but here it is already necessary to properly hacked).
