Dark Hacktivism

Original anonymously posted by Team GhostShell (TGS). Reposted here subsequent to the Ashley Madison hack as it may shed some light.

Dark Hacktivism represents the process of taking conventional hacktivism to the cyber-warfare level.

With one of the main cyber attacks coming along nicely it is time to start working on the concept. This release is being leaked to act as a general guideline for anyone out there that wishes to use this form of cyberattack. Knowledge should be free and experiences shared. Disclaimer: No harm was done to any system or person in the collection of this data. The same code of honor was used as before – “Information is everything.”

General criteria:

Taking the conventional type of open hacktivism and creating an alternate version of it.

The three main types of actors: Ghosts, Shades and Shadows.

Ghosts: The frontline cyber-warriors specialized in big data extraction, big data analysis, vulnerability assessment on large scale cyber regions, malware infection, cyber-weapons mastery both towards common and custom tools, code-breaking, general cryptology.

Shades: In a similar fashion on how a shade is the shadow of an object or overall phenomenon, Shades are the observers of a cyberattack, non-implicit but complicit to the action itself. They are usually represented as the ally of the ghost but at the same time they can also be neutral on the motives behind an attack altogether despite being part of its sphere. Or they can have ulterior motives against the action taken or the person itself. Example: People hanging out with ghosts in a chat-room and giving away their input on the matter. They are part of what’s going on as in they’re aware of what’s happening but have placed themselves in a state of limbo.

There can be different kinds of variations: A shade can be a ghost itself that has gone inactive or simply not taking part in someone else’s cyberattack (an observer of someone’s else cyberattack). A shade can be an infiltrator, usually from a federal agency, a federal agent, an informant or a paid troll. Private researchers as well as journalists can be included here too.

Shadows: The secondary cyber-warriors that shadow the ghosts in the same cyber-attack. In every single instance of a conventional attack related to hacktivism where 2-3 or more people are involved there will always be those that can’t/don’t keep up with the campaign, somewhat lagging behind but still helping. This may seem like a disadvantage but if done and used correctly it can be embodied as a great power. Both in conventional hacktivism and dark hacktivism they are the supporters of those that stand out the most, they help sustain or even enhance a cyber-attack by motivating the main people through their own actions. Example: The more people get involved within a certain attack and actively contribute the more meaningful the attack becomes. Humans tend to want their actions validated by one another, so in cases where the process may not be so clear viewed by society in general, that validation can help enforce the motive and reasoning behind them.

Shadows may or may not posses the following attributes: Advanced hacking capabilities, other various attacks such as Defacement, DoS, DDoS, Man in the middle, DNS hijacking, cross site scripting, spear phishing, general phishing, general cracking, social engineering, blackmail.



Chapter 00 – Void (The introduction)

Seven chapters will be used to describe the current on-going cyber-attack and the roles it has. Once the first cyber-attack is completed more will be added. Most if not all of the transcripts will be used in this concept. From statistics, to general data to overall reasoning. The external usage of data should be somewhat moderated when doing the transcripts themselves, don’t go into every single extraction but rather in general from the layout to the usual types of information found and so on. Follow the external data format used in the past – intro vuls – full data – general vuls.

The physical and psychological aspect of a long cyber campaign:

Sleep deprivation leads to incoherent behavior as well as distinct/different speech patterns. These changes go hand in hand with basic mistakes from twisted grammar to a dynamic aggressive personality both online and in real life. On and off periods much dependent on how much sleep you get. You should talk about more of these moods, their types and how to best handle them especially on long cyber campaigns. Taking notes of them is really important as it may help you prevent certain accidents.

For example: Panic attacks and general anxiety disorders. When we don’t move for long periods of time we tend to build tension in our muscles, we also generate a lot of adrenaline especially in this line of work. This can have a lingering anxiety effect. The best way to tackle this is by regularly exercising, keeping yourself active on a daily basis and even playing as a form of stress release.

Another factor that comes in mind is related to our blood vessels. The most common tension is frequently presented in the neck. It can present itself as a block on our vessels. The same ones that pump blood all the way to your hands. There’s another blockage that appears in this type of example where you will feel a slight pressure on your wrist. This is called the “carpal tunnel syndrome”. It usually appears after you’ve kept your hands in the same position over long periods of time. It can get worse if not treated. It isn’t a life threatening ordeal but it is crucial to mediate the problem before the pain becomes unbearable. This again is best done through physical exercises. Light aerobics are welcomed.

Depressions: They are very common among hackers. A lot of us incite this behavior all on our own by abusing drugs, through alcohol, tobacco, stress eating, to more abstract concepts such as worrying about poverty or being afraid of something or someone. A lot of the times these can be remediated but the real problems are the obstacles that we can’t so easily remove from our lives. Like people.

Always remember to play the part of a normal human being. People are afraid of what they don’t know or don’t understand. Isolation is one of the last things you’d want to do. You grow distant from others and when that happens this barrier of mistrust reenacts instead. As much as we hear on tv or online about how being different is nothing to be ashamed of, in the real world this is the exact opposite. Never reveal your true self, never be different, always adapt to their behavior, always mimic their movements, train of thought, habits, everything they do and are. From the way everyone else dresses to what they like to do in their free time. Blend in and you won’t suffer. Blend in and you won’t become an outcast. Blend in and you won’t be their enemy. Individuality in society is a myth that only a few can exercise but never do because of the consequences that come along with it.

Chapter 01 – Complicated Suicide
Chapter 02 – Genocide Party
Chapter 03 – Deaf Waltz
Chapter 04 – Zen Labyrinth
Chapter 05 – Nine Faces and Seven Masks
Chapter 06 – Scales of Vertigo
Chapter 07 – Supreme Kingdom


Chapter 01 – Complicated Suicide

Chapter 01 will be used to describe the downfall of not paying attention to your surroundings when prepping up and attacking a large group or entire region of targets.

In this situation we use the world governments as an example. How those from the top 1 mil. were comprised mostly of targets belonging to china and taiwan while the US, UK, AUS played a secondary role in adding up to the mistakes despite knowing about them in advance.

Even though a lot of breached websites were collected from various countries, the majority of them failed due to extreme negligence. By not taking into account current (last minute) changes in certain parts of cyberspace you can lose entire groups of targets from the very start. (i.e. the chinese ones using the charset, taiwan using firewalls etc.)

Then you have the old ones which are already known to be difficult in breaching. UK is an example. Hence why they were all ignored. (The british govs tend to all be connected to the same main network so even if they seem at first to be vulnerable your connection never goes through since it goes straight to a loop and to that main network that holds them all, or at least a large part of them. regional govs included.)

US ones can vary from network to network, they’re dynamic so in some cases you breach them in other cases you can’t. The underbelly to this example is that some networks have already applied the latest patches while others didn’t. Oracle type of system is usually present. AUS is a similar country when it comes to their govs.

(The constant public hacking of govs has somewhat forced authorities to actually patch up some of these govs and made quite a lot of them more impervious to the usual type of attacks.)

Transcripts:

Patterns found in governmental domains –

The chinese ones from the top 1 million websites are predominant with a “gbk2312” charset. It prevents the user from brute forcing its way inside as it simply cuts the connection short right before retrieving the server layout.

The turkish govs on the other side despite being well protected may have various access-points if tried enough on the same target. It worked in some instances.

Taiwan has been installing firewalls and so far its protection is solid. It would be wiser to try finding a good vector of attack for that defense.

In general (the govs) the main access-points have been deleted and the system patched or fortified with firewalls.

Other bothersome charsets include: “dwgk” and “xxgk”.

Overall the governments with still present access-points are vulnerable as far as their websites go, but they have decided to abandon web design and focus all their security on the server layout. Smart move, more cost effective.

Final note: Despite still breaching a significant number of govs, attacking them in general nowadays is a waste of time. They no longer hold any sensitive data for the most part. Aside from some large ones that still house accounts and private information on people, nothing else of value remains. Cyber government attacks can be conducted for comedic purposes from now on.


Chapter 02 – Genocide Party

Chapter 2 represents the exact opposite of the first one. When you’re so well prepared in advance and when you know your group or region of targets that everything goes smoothly and where almost all of them get breached all the while you’re certain every single website is vulnerable to the basic attacks.

An example here is the education group. Edu websites are by far the most vulnerable type of networks on the internet. Time and time again whether they get breached and publicly exposed, they all still seem to preserve that level of vulnerability no matter what. There are various reasons behind this.

Even if a website/network would want to patch up and protect itself from future attacks, the ironical absence of education will continue to remain.

1. The modules themselves that are casually used by edu’s throughout the net are the most vulnerable amongst all the modules. (not that they’re unique but it’s almost like they gathered the weakest ones and decided to use only those)

2. The constant expansion of these websites/networks will forever have a lingering aftereffect where some server somewhere will be vulnerable due to it being unpatched etc. which will not only let someone infiltrate it but it can be used to launch further attacks.

Transcripts:

Education websites are on average 9/10 vulnerable with the most basic types of attacks. They do vary in the way they respond to the attack but they can breached quite easily.

Besides the usual way of extracting data there is also the specific retrieval mechanism where you have to generally extract each database, then the tables and use a single one to get the columns out. Multi-threading doesn’t seem to work on a few of them.

Other websites already had signs of being infiltrated as the logs for the tools used were still there. (pollen.uw.edu.pl is one example)

Some access-points, despite being different at their frontal modules indicating a different server was actually part of the same one. (academicaffairs.mnscu.edu and asa.qa.mnscu.edu) Even though it isn’t unusual for this to happen in a network it is important that it is mentioned to prove its existence.

The infamous vulnerable RSS module has been de-throned by the next gen vulnerable module “apps”. Good stuff.

The turkish “sayfa” edu module is an interesting one. It has some fairly decent protection but it can be breached.

It seems that the chinese have been patching their edu’s as well with the same “gbk2312” charset.

The “sfs3” is spread across a large range of edu websites. This is one of the main examples on how we can use vulnerability foreshadowing to tell in advance if a website/network is vulnerable. This same “sfs3” module is found within the server layout. So it isn’t a custom module. Another one like this is “drupal”, usually for the western websites and “haber” and “duyuru” for the turkish targets. (these examples are part of Chapter 06 – Zen Labyrinth too)

Some Taiwan edu website have been firewalled as well. For example “dspcdc.ee.stust.edu.tw” was vulnerable enough to let me inside its network but it wouldn’t let me dump anything. Another example like this is: “ee.ntou.edu.tw”.

Another prime example of tied modules to the same server: “use.futa.edu.ng” and “spgs.futa.edu.ng” and “set.futa.edu.ng”.

A unique interesting charset found on target “web1.hc.edu.tw” known as “x-x-big5”.

More connection time-outs for the websites in Taiwan. Some of them coughed up the databases before the connection stopped so it’s difficult to say it they have a firewall or if it’s just a bad connection.

On average with only a few limited access-points picked at random for each target have yielded tremendous results. Most of the education websites from the top 1 million websites on the internet have been breached.



Chapter 03 – Deaf Waltz

The soundless cyber attack.

If the introduction will include things such as how the resources were put together and which ones were needed and how they were installed etc. then Chapter 3 will contain how the cyber attacks were carried out and why they were done in this specific manner. Begin with the convenience factor, then move to the limited resources then to why certain commands were used and why other were not.

Examples: How you can tell when it’s more convenient to use a keep-alive cmd, not just to fulfill it’s natural purpose but WHEN to use it for a specific target aka by knowing in advance which type of target you’re trying to breach.

Let’s say that you knew in advance a specific target would spam flood your terminal as soon as you’d try to attack it. Then it wouldn’t make much sense to add a keep-alive unless you wanted to freeze your entire box. The backlash it usually isn’t that dire but when you have multiple connections open it tends to happen. So by knowing in advance that (for example some of the chinese gov targets) would flood you, you can make sure not to add it.

Knowing when to raise the level and risk factors for an even deeper type of analysis and when not to. Let’s use the above example from the UK govs where you know that most if not all are connected to a main network. A deeper analysis would be useless and you’d just waste time.

Knowing when to recognize a stronger module and begin discarding it. At least partially while still testing it on newer targets from your list. Example: The “lib” / “libguides” from the edu. (“catalog” works too here) While some may be strong at initial attacks, other may not, so a prudent approach is needed to see if a large number can be found from the list while skipping through some. If the gamble pays off then it is more worthwhile to return and attack the rest. Either way the wasted time has been reduced by half or more.

Knowing when a certain connection has been cut off from your target by a third party. This third party is usually the person/people operating the said target. Some of the signs are most of the time clear. Example: you’re already dumping data, especially from the columns and the connection is simply cut off. This happens all the time due to connection time-outs (poor connections) but if you restart the attack and see that it won’t pick up where it left off at all (usually without the time-outs) then chances are that they took the server/network offline.

In some cases I’ve had the opportunity of getting back in. A lot of sysadmins they don’t know how to fix a certain hole so what they do is just restart their computer and go right back online. Nothing changes. In other examples they simply close your connection, if you begin with a new one (aka a new ip) then you can start right from where you left off with the data extraction, even from the same point.

The reasoning behind using common tools instead of unique programs that leave specific fingerprints. Explain it in more detail. And why customized tools should NEVER be used for large scale attacks. Well, it isn’t recommended for smaller ones either unless it’s strictly for testing purposes. Specific exploits are ok but not the tools themselves as far as their interface goes. It leaves a unique fingerprint that can traced back to other targets that you’ve attacked and it can help the authorities build a stronger case against you.


Chapter 04 – Zen Labyrinth

Describe the server layouts found in different cyber regions and domains. It would appear that there are specific patterns within similar groups of networks/websites. And interestingly enough they seem to be direct related to the vulnerability itself. If you can tie them officially together then maybe you can further expand on how to look for vulnerable targets.

Talk about how you can predict to some extent if a place is vulnerable from just the url alone. By adopting this new technique as well as how it could improve the probability.

There are multiple ways of experimenting this before being certain:

One of the ways is to reverse engineer the server layout without even knowing its content like it usually happens when a breach occurs. In plenty of examples the url encoding is a mirror towards the type of server programming and even its database/table names.

Another way which I’m still exploring is the “ghost url”, an extension based url from within a main directory. This one is at its best a gamble.

Past experiments were done but due to a lack of targets it was hard to get sufficient statistics. This time around I’ve made preparations to put this idea to the test in the japanese cyber region. I’ve collected a few hundred targets that only have their directory url. They are basically the targets from the main branch that I haven’t been able to find ID’s attached to them at first glance so I’ve decided to use them this way.

By finishing the main branch of targets I can put together the vulnerable url’s and make up a list of most encountered modules, id’s and overall end url’s. This list I can then attach to my second branch targets that have only their directory and test them this way. It was done before and it worked in some cases. Turns out that even though in a simple search the modules, id’s and so on may not appear, it doesn’t mean that they don’t exist. Usually there are two reasons for that: 1) The search was faulty, not sufficient, etc. And 2) The url’s have a different name for their encodings instead of the basic one. It means that when a web designer codes a website it can opt out of leaving the url’s the same way as they programmed it (adopted modules have the same type of encodings, example: moodle etc.) and simply rename the urls as they see fit.

The vulnerability here is that even if the web developer changes the name of the urls, their encodings don’t change, it’s the exact same programming on the inside it’s just that you can’t see it on the outside. There is a sure way of finding out if a target may be vulnerable and that is usually by seeking out its main directory. A target may have multiple directories. This is where it becomes a gamble. Once the directory is found you need to add your own extension but which one do you use? By knowing in advance the usual extensions used in a particular cyber region/country can help tremendously especially if you have inside information on which of those exactly are usually vulnerable as well.

Zen Labyrinth is about the statistics found in entire cyber regions and how to best use those to your advantage in a large scale campaign or even a smaller more concise one.


Chapter 05 – Nine Faces and Seven Masks

The psychology of the human component and its overall features present alongside the designated cyberattack(s).

Sub-notes – How repetitive work can or has to be countered with a parallel one that is similar with it to some degree. It puts less strain on your mental capacity of both observing and acting. If let’s say that the attack on a cyber region or even an attack in general is “observed” as repetitive then over time it can build up stress. Which means that another form of “acting” has to be introduced in order for the mind to be distracted from the original task and relieve somewhat that built up tension. Because the second task has such a crucial role in maintaining ones own health status it also needs to be denoted in some way. In this case it turns out that continuing the repetitiveness in the second form it helps balance things out. If the second form had a more chaotic nature then you wouldn’t be able to focus as much and your stamina would run out faster.

Example: Music played multiple times over and over is more favorable than playing action packed video games on the side. (or any other sort of activity that strains too far from your line of sight aka your first task)

Sub-notes – Creating, hiding, sacrificing and maintaining identities over short or long periods of time. How people usually do it and how it should actually be done in this concept. (mention all of these topics in the final transcripts)

The Nine Faces and Seven Masks idea:

We go from the premises that every single person has an original identity. That’s how you would normally think, however there is no original identity. The mentality of a person is often times changed to match its own personality. And personalities change on a regular basis. Everyone wears a different mask for a different situation. At home, school, work, various events, etc. Therefore we can’t really conclude that one human is capable of containing a single identity for a short period of time, let alone their entire lives.

This is where the idea of “faces and masks” comes into play.

The purpose is to “create” your own unique identity and call it “the original”. Now this is where you’ll gather all the information that you’d like this specific form to receive. From speech patterns to philosophy, general train of thought, political ideologies, static opinions in specific scenarios and so on. This is how you end up creating your “original” identity. After this process is finished you’ll have to hide it from prying eyes. Here is where the “Nine Faces and Seven Masks” begins.

The “Faces” represent your identities while the “Masks” represent your personalities. Because normally humans tend to have more masks than faces the way to truly remain hidden is by accumulating more identities instead of the latter.

The reason for that is best explained like this:

Nine Faces = Nine Identities

Seven Masks = Seven Personalities

Two of the faces are there as sacrificial pawns. The first line of defense if you will. The Faces have to always be first no matter of how high their number is as they are more believable than the Masks. If/Once that layer is peeled off by let’s say an outsider, you go straight to the Masks. Using your personalities to confuse the person that you’re in contact with is best used after the first layer of identities was stripped away. This is your chance of making your opponent doubt themselves and make them question their own realization.

Let’s say that for example you have been using an identity and someone suspected you of being a liar/fraud. Then the most appropriate course of action would be to go into your personality folder and simply pick something out. Here will include of course “speech patterns”, “general vocabulary”, “different knowledge tree”, “punctuation” etc. This process exists simply to reaffirm your original position of the identity that you chose and shake your adversary of their convictions.

This would be the easy/simple version. For the Nine Faces and Seven Masks it adds another spin to this story. Since there are Nine Faces and only Seven Masks, it means that at the first try you will have to remove/use in play two identities at the same time. But how?

This is about playing the “fool” scenario. Instead of using the example above with just one identity in play and one personality for each sequence, here you actually use two of them.

One of them will act as your “original” identity, let’s call it “fake original” while the second one is the “wrong” identity, let’s call it “wrong original”. By placing both of them on the board we let our adversary reach the conclusion on their own about which is which. The advantage here is tremendous since by sacrificing one “original” it will further enforce the notion that the second one must be the real identity. If this were a real example then we’d have names/accounts attached to each identity and used in a sequence.

If this process fails or is not strong enough then we simply have to go deeper into the personality branch where again we have two of them waiting for us. Here we have more options available. We could use both of them on a single identity to either enforce or denounce it. We could use one for each where they would try to protect themselves or sabotage on purpose. The variations should be used by taking into account the identity and personality of your adversary as well.

(Right now the algorithm is 9-2 = 7 identities, 7-2 = 5 personalities)

The Seven Faces and Five Masks

The same process follows here as well. If the first level fails, then we simply move on to the next.

The Five Faces and Three Masks

The action continues here too. Same principles apply.

The Three Faces and One Mask

How the last mask became your “the original” identity. It was there the entire time since you can’t actually discard it. And how this time around we’ve decided to use identities to hide another one, the last, the original that we first created instead of relying on the personalities. This final “personality” will be the last card to play. If the opponents can see past it then it will reach the conclusion that this is “you”. Even so, the ultimate plot twist is that there is no original identity to begin with since it’s constantly changing, morphing, evolving. Still, the prize here is that this “original identity” would normally mean that it has been compromised then it’s game over. You’ll have to start all over. The reason why there are so few chances to switch sets of personalities and identities is because the more you have the more likely it is for your adversary to figure out that you’ve been playing them from the start and by the time you reach to the “your original” identity they will no longer believe that it is the “real” one. Basically your smoke screen gets exposed and the level of trust broken.



Chapter 06 – Scales of Vertigo

Tearing apart companies by attacking them through multiple points of origin.

In a normal cyber attack, one or more individuals would regularly try to focus their actions on what they can see and that is usually the website itself. They can go about this by either flooding that site with traffic until it crashes, spam flood their mail inbox with malware, try to inject into their servers and so on. However these are all representing of the more basic strategies employed by hackers to disrupt, profit or express their social views. But what if this wasn’t the final evolution of hacking? What if outside of these normal hacks and the exaggerated ones in the media about taking down grids, tampering with water supplies or hijacking airplanes there were other ways to go about? A different route that had a similar depth to it but forged in a more realistic manner where anyone with an internet connection could be a part of.

This is where Scales of Vertigo comes in. Just as the name implies, it’s meaning lies in multiple layers of security or in this case insecurity that a person can take advantage of outside the basic structural hacking norms that we see everyday. With each “scale” being part of a much larger force that could impact your target in ways far different than what normal attacks generally accomplish.

Let’s use as a prime example a specific type of target and try to attach to it at least two scales of vertigo.

PRIME TARGET: Retail online store that home delivers + additional other functions

Retail stores are generally perfect targets for cyber criminals that want to make some quick cash. They tend to hold credit card information, personal details about their customers, different user accounts etc.

And yet the scope of this example is not to steal any data or rather not even to get inside the store itself but attack it by inputing data yourself. By contributing to its own mechanism. By obeying the rules in a way that actually bends them. In retrospect every single society, country, government, system, set of laws and rules is flawed by default. Everything has a weakness. If normal hacking is breaking things through that weakness then this is bending them instead.

Using the first scale – Scale of Ruin

Summary of target:

Using the example of an online retail store that is part of an international chain of stores that sell all kinds of products ranging from electronics to toys, basic household utilities and so on.

Their overall management settings are as follows:

You can buy products from their physical stores or their online ones. The online stores most of the time have more dynamic price cuts which encourages online shopping. Which means they have a lot of customers on a regular basic. They provide the transport of the goods to your location as well. This is done through a third party contractor. In order for someone to place their order you must first create an account on their website. This account usually holds private information about yourself such as your current address, email, full name, phone number, zip code (optional), city/province, and a few other details to help pinpoint your exact whereabouts.

The form of contact is done for the most part through your email account. Once you place your order you will receive a confirmation notice which will let you know that the shipment is on its way. The time of delivery is usually 24-48 hours. Usually they provide an address to contact them back if this wasn’t the order that you placed. In this example we’ll use that as well.

Preparing the attack:

With knowing just this much about our target can we truly launch an attack on it? Is this sufficient information to come up with a strategy that could undermine this specific company?

Scale of Ruin is the first wave of attack that is delivered after gathering all the basic information from your target. In this case from what we know the company in question is a retail store that houses all kinds of products with both low and high prices that also uses a third party to ship them to its customers. The way in which orders are placed is through an online account which you make on their website.

Right now we understand how our target works but more importantly we have managed to find out its points of origin. One of them is the online account. Another is the shipping party. And the last one is the low and high prices of the store alongside the email confirmations/reply. (Should be noted that this attack is best used when the company in question offers the at-home services and the paying cash on the spot, instead of just with a credit card online.)

The process should be visualized somewhat like this:

Prime target –> Point of origin 1 (the account) –> Get your credentials/account validated –> Point of origin 2 (placing your order/the shipment process) –> Confirming your order through your email –> Point of origin 3 (the email confirmation/reply if needed to further prove legitimacy)

Between placing your order and confirming it there should also be a careful evaluation of what you’re purchasing in terms of products and their prices. Creating a more dynamic workflow would give off less suspicion to your order and to your overall account. You avoid giving off any red flags by making your placements more natural rather than obvious scams or hoaxes that will make your purchase stand out from the rest.

Army of needles – the way to wound and kill a giant is not through a single blow but through a thousand cuts.

You build up your army by infiltrating the target with as many accounts as possible. You make sure that they’re all validated and confirmed to make legitimate purchases. And then you wait.

This process can and should take from weeks to months to plan out and prepare. Instead of registering thousands of accounts or even more in a couple of days, it should be done over a long period of time in order to avoid any suspicion. The main problem will be acquiring the email addresses. They should be from as many providers as possible. Freemails are an option. The second issue is with the IP addresses. These should be all from the country of where your target is and even further than that, the IPs should have the same city as far as their geo-location goes.

Online stores or rather websites in general log the traffic on their domains and use it to continue expanding their interests. By adapting to this process and blending in as much as possible it will make it even harder for your target to tell apart the fake accounts from their original ones. In severe cases this may prompt the company to shut down its website, thereby shutting down its online business. This would be more prudent of them since no matter what they do they will continue losing money.

Scale of Ruin is exactly what its name implies. The process of placing a company in a situation where no matter what they do they will lose money, customers and time. And the beauty of it is that this is only the first step in dismantling a company.

Scale of War – First Impact

We’ve taken our time to build the army of needles, everything is ready to go. Now we just need to pull the trigger and watch the whole thing unfold.

Dynamic purchases from the large number of accounts that have different ip’s but within the same location. Preserving a steady rhythm by only using a fraction of them at the same time and continuing the pace over a long time, slowing bleeding out your target. Time, money, clients lost. Broken reputation. Tensions between the third party and the retail chain store. Third party eventually quitting or being fired. If a new one is hired, repeat the process. slowly but steady, always staying in the shadow of your target.

Drastic measures may be taken by the company in question such as taking down the website or hunting down fake accounts. However if the Scale of Ruin was done correctly then these things would be irrelevant. What were waiting for is the inevitable obvious move which will played out. The block on new registered users and the mass removal of inactive accounts that have never made a successful purchase before. A desperate move but we were expecting it. At this point the business is crippled. It is time to attack it even further.

As soon as we can see that they don’t plan on shutting down their website to evaluate their situation we know that the most logical move would be the blockage and removal part. By anticipating this move we can use the army to attack their customer base on the website itself. Either by contacting them directly with disinformation “We’ve been hacked, all our information has been stolen. I’m gonna sue. How about you?” or if there’s no direct connection between the customers the most obvious access point would be the comments section of the products. Mass spam every inch of the place with various statements from lawsuit threats to hacking allegations.

These first two scales should be enough as a first strike on one of your targets without even the need to hack anything just by simply using their user policies and regulations against themselves.

Scale of Bond – Blackmail

Deciding to incorporate a third scale to the attack. How and when it is appropriate.

When faced with such a predicament, corporations can be unpredictable as to what they will do. Some decide to call the authorities and report the attack in an attempt to not file for bankruptcy. Most don’t. Most companies simply decide to handle the problem in-house which will prove a valuable opportunity to you. Figuring out when they do and don’t is important. Some time should usually pass before making your move to see how they react. Normally you can tell if they have contacted the authorities as the knowledge gets leaked, especially when federal authorities take the case. The feds employ the help of the people/citizens including those that work for various agencies to help them with the case. Private investigators are usually brought in as well. It doesn’t take long for chatter to appear in the public sector.

If this doesn’t happen after some time has passed, then you may make your move. First contact them in joke, something along the lines of “hey, i hacked your website, contact me asap or ill keep wrecking things”. If they take the bait then you can simply snowball that into a more serious relationship with them. If not, then start taking things more seriously while approaching them with proof that it really is you that is doing this. An advice would be to contact your targets on their private email addresses rather than their business ones.

Establish contact if you can whether through email, or maybe even through a phone if you’re capable of using burner phones or a hijacked online telecom connection. Even an sms platform could do the trick in just sending them texts.

Whether you hacked their network or not is irrelevant. You just need to make them believe that you did. Inflict even more emotional trauma to the point where they feel they’ve lost complete control of the situation. Where they have no choice but to retreat, in this particular case to close up shop before the situation goes public and the damages become irreversible.

Summary for Scales of Vertigo:

This is merely one set of scales designed for a specific challenge. There are as many scales as there are targets. It is simply a matter of choosing when it is best to use any of them. Remember that when attacking a corporation with many business chains it would be best to simply target all of them at the same time. It expands on your success rate and helps you move further with your plan. You’re no longer attacking a company, you’re going after a multi-conglomerate.

Chapter 07 – Supreme Kingdom

This chapter focuses on mapping out your own weaknesses all the while keeping tabs on your enemies as well. Being aware of your faults will help you better strengthen your own defense, whether it is physical, emotional or technical. Regardless of the section if it is done properly it will be a great morale boost. This part will also instinctively want you to observe your targets as well.

Geopolitics, economics, history, general details on the country of origin that your target belongs to. These all come into play when you launch an attack. To best understand them is to know in advance how the world works. In a civilized society, a country, one that is “advanced” enough to sustain its own economy and strong to repel its enemies, has always the exact same layout structure. In every major industry there lies a force that exerts its power on the entire nation. Back in the day this was conducted with the help of only one giant corporation at the top but things have changed and monopolies are technically banned in this day and age. Instead in its place are now always 5-6 multi-conglomerates that control the scene. Whether were talking about the weapons sector, energy, telecommunications, banking, transportation, anything really.

Is it a good or bad thing? Does it really matter? The point of interest is not in lashing out and protesting this in a chaotic manner. The point is in understanding what role they have exactly and why we decided to shape our society this way. This example is an easy one since the mini-monopolies were put in place instead of thousands of smaller corporations with a slight less capital so that some “stability” could be preserved. It is much easier to control a handful of them than a thousand. And the reason why a monopoly is no longer present is so that “continuity” can be maintained and each corporate entity can keep each other in check. It’s why there are at least two main political party’s in these nations too. Same principles.

A country’s history is also detrimental to your research. There’s an old saying that goes: “Wise men learn from history while fools from experience”. History has a way of repeating itself. By knowing both the past vulnerabilities alongside its habits when dealing with these backlashes could be quite useful in an actual attack.

Economics – it has a spot of interest here too. By digging out some information on your target’s financial aspects it may impact on how you lay out your plan of attack and when to best strike or how.

Geopolitical characteristic are by far the most influential from this list. If you can obtain the list of your target’s competitors/enemies you could apply even more psychological pressure or it may give you an edge to your direct attack power.


Dark Hacktivism doesn’t focus so much on the technical hacking part as it does on its human factor. If normal hacktivism is observed as a frontal assault to denial of service, deface or leaks then this version is more about using the system to your own advantage instead of just protesting.

Despite amassing and accessing large amounts of data like billions of accounts to trillions of record sets from numerous targets throughout the internet the goal is not in the leaking of the information itself by selecting the interesting data and discarding the non-interesting one, but rather it lies in devouring everything that comes in your path and ultimately processing that information in understanding how cyber regions, countries and even continents exist and operate on the internet.

By figuring out this vital piece of information you become one step closer towards comprehending and bringing into existence a form of attack like no other, one that is capable of systematically dismantling various types of dynasties along with the crushing of empires.

— Dark Hacktivism Part 1 END —

This entry was posted in политический, General IT and tagged . Bookmark the permalink.