User Controls
Over 6,000,000 SSN hacked from 10 websites by MrHigh
-
2017-03-16 at 1:01 AM UTCHey look, a screenshot of MrHigh's other thread in the news.
http://www.idahostatesman.com/news/politics-government/state-politics/article102340697.html -
2017-03-16 at 1:15 AM UTCI never answer my phone anyways.
-
2017-03-16 at 4:38 AM UTCIf any intelligence agencies are reading this: are you hiring? I probably won't pass drug or loyalty tests but I can sip whisky and smoke cigars in dimly lit rooms while engaging in nefarious cyber activities with the best of them!The following users say it would be alright if the author of this post didn't die in a fire!
-
2017-03-16 at 4:40 AM UTC
Originally posted by Ajax Hey look, a screenshot of MrHigh's other thread in the news.
http://www.idahostatesman.com/news/politics-government/state-politics/article102340697.html
not only did these niggers refuse to say the site name, they won't even fucking link it.
That's it, I'm suing their asses for posting an image of my copyrighted totse theme without my permission
Post last edited by Lanny at 2017-03-16T04:45:38.204311+00:00The following users say it would be alright if the author of this post didn't die in a fire! -
2017-03-16 at 4:42 AM UTCDO IT!!!!!
-
2017-03-16 at 4:53 AM UTCWonder why they won't link this site...
-
2017-03-16 at 7:38 AM UTC
Originally posted by MrHigh I found an easy security issue in a network of websites and was able to obtain over six million names, dob, and ssn. In the midst of pulling the data from the servers the admin must have noticed a large number of requests and investigated. The admin banned all of my accounts and fix the error. I estimate that it would have been over 10 million. I got over half of what I expected. I have not contacted the admin yet. I am going to wait and see if the US government announces it to the public. These were all government websites and most ended with .gov. The people were ordinary citizens using a certain service.
These are the totals from each state.
Alabama = 1,394,018
Arizona = 891,820
Arkansas = 597,242
Delaware = 236,293
Idaho = 151,992
Illinois = 1,235,564
Kansas = 647,230
Maine = 283,558
Oklahoma = 862,278
Vermont = 183,536
I know of several other security holes in government websites. That is all for now.
Your dearest friend,
MrHigh
You sure like to talk about these things a lot and I'm really impressed. Did I mention that I'm a single, healthy girl, that likes to work out? I really like listening to you talk about these things and I'd like to meet you somewhere in person so that we could discuss these things you do.
There is a Subway near my accounting office and they have coffee and caffeinated soda pop(caffeine is good for you). I'd like to buy you a soda or coffee and just listen to these things that you do. My partner(a stern man that usually wears a suit and tie), who is also an accountant, would also like to come along and just listen to you talk about these really impressive things you do. Did I mention that I'm an attractive girl that is single?
I've included a map with a red arrow that points to the Subway near my office but if it's too far away that's okay because I have offices all over the country(and world) and could meet you anywhere a caffeinated drink is served.
The following users say it would be alright if the author of this post didn't die in a fire! -
2017-03-16 at 7:40 AM UTC
Originally posted by Lanny not only did these niggers refuse to say the site name, they won't even fucking link it.
I think you have a case.
That's it, I'm suing their asses for posting an image of my copyrighted totse theme without my permission
Post last edited by Lanny at 2017-03-16T04:45:38.204311+00:00 -
2017-03-16 at 2:54 PM UTC
Originally posted by SBTlauien You sure like to talk about these things a lot and I'm really impressed. Did I mention that I'm a single, healthy girl, that likes to work out? I really like listening to you talk about these things and I'd like to meet you somewhere in person so that we could discuss these things you do.
There is a Subway near my accounting office and they have coffee and caffeinated soda pop(caffeine is good for you). I'd like to buy you a soda or coffee and just listen to these things that you do. My partner(a stern man that usually wears a suit and tie), who is also an accountant, would also like to come along and just listen to you talk about these really impressive things you do. Did I mention that I'm an attractive girl that is single?
I've included a map with a red arrow that points to the Subway near my office but if it's too far away that's okay because I have offices all over the country(and world) and could meet you anywhere a caffeinated drink is served.
I read an article about this guy who got his hands on a pretty high-profile DB. His OPSEC was a bit lacking but of course the police needed a confession, they knew he was really proud of all his 31337 hacking knowledge and his dank hax(It wasn't that dank just an SQL injection). So the officers responsible for the questioning decided to play a different angle. They were all like, well Mr. Haxx0r, this attack seems pretty sophisticated and we don't think you'd have the skill to pull it off, after an hour of this, the guy, insulted, felt compelled to tell them exactly how he would pull of the hack that he was suspected of. Which eventually was enough to get him arrested, ayy lmao. -
2017-03-16 at 5:48 PM UTC
Originally posted by Sophie I read an article about this guy who got his hands on a pretty high-profile DB. His OPSEC was a bit lacking but of course the police needed a confession, they knew he was really proud of all his 31337 hacking knowledge and his dank hax(It wasn't that dank just an SQL injection). So the officers responsible for the questioning decided to play a different angle. They were all like, well Mr. Haxx0r, this attack seems pretty sophisticated and we don't think you'd have the skill to pull it off, after an hour of this, the guy, insulted, felt compelled to tell them exactly how he would pull of the hack that he was suspected of. Which eventually was enough to get him arrested, ayy lmao.
I remember reading something like that. The agent was saying things like "you don't impress me" and the guy laid everything out for the agent. What agent was it though? -
2017-03-16 at 6:08 PM UTC
-
2017-03-20 at 9:47 PM UTCI just came across this article here.
http://www.arkansasonline.com/news/2017/mar/17/virus-found-in-database-of-job-seekers--1/?f=news-arkansas
Looks like MrHigh used malware and it appears as if they don't know the extent of the breach yet. -
2017-03-20 at 9:54 PM UTC
Originally posted by MrHigh These are the urls that lead to the webservers that were hacked.
joblink.alabama.gov
azjobconnection.gov
arjoblink.arkansas.gov
joblink.delaware.gov
idahoworks.gov
illinoisjoblink.illinois.gov
kansasworks.com
joblink.maine.gov
okjobmatch.com
vermontjoblink.com
so there is going to be the PI from white people exclusively.The following users say it would be alright if the author of this post didn't die in a fire! -
2017-03-20 at 10:13 PM UTCAlso does anyone else feel a bit strange that we've been talking/joking/trolling about this for a week now and the media still has no idea?
What other forums was this posted on? -
2017-03-22 at 4:01 AM UTCany real contys or just desert
-
2017-03-24 at 4:32 AM UTCHere are some of the news articles.
http://www.governing.com/topics/mgmt/tns-joblink-hack.html
http://www.idahostatesman.com/news/local/article140230103.html
http://www.tulsaworld.com/news/state/state-website-hacked-personal-info-of-oklahomans-others-compromised/article_32a30814-46e8-5eb6-aa45-5a55dd7b626f.html
http://www.delawareonline.com/story/news/2017/03/22/del-joblink-cite-hacked-200000-exposed/99514074/
http://www.wmtw.com/article/maine-jobs-website-hacked-personal-data-may-be-compromised-officials-say/9172427
There was no malware involved in this. It was a security hole in the web application. I also hacked a website in West Virginia.
I know of more. -
2017-03-24 at 4:44 AM UTC
-
2017-03-24 at 6:06 AM UTC
Originally posted by Sophie The media is known for not understanding cyber.
They never do. I was not able to get a shell on any of these servers. I did see what looked like another hacker was trying a SQL injection attack. It could have been a bad automatic maintenance routine the admin put in place. It basically listed a whole load of SQL info and info on the internals of the servers. I noticed this in several of the servers around the same time. It always happened on the same day of the week. I knew of these for a while.
Another big one I have known of for several years. It involves being able to set up ACH transactions from accounts. -
2017-03-24 at 7:21 AM UTC
-
2017-03-24 at 10:12 AM UTC
Originally posted by MrHigh They never do. I was not able to get a shell on any of these servers. I did see what looked like another hacker was trying a SQL injection attack. It could have been a bad automatic maintenance routine the admin put in place. It basically listed a whole load of SQL info and info on the internals of the servers. I noticed this in several of the servers around the same time. It always happened on the same day of the week. I knew of these for a while.
Another big one I have known of for several years. It involves being able to set up ACH transactions from accounts.
Yeah that sounds like maintenance script of some sort on a cron job. Way too regular for another hacker, i'd say. Also if you're in it for the money couldn't you sell the vuln that has to do with ACH?
