What happened? On February 19, 2024, penetration testing of two of my servers took place, at 06:39 UTC I discovered an error on the 502 Bad Gateway site, restarted nginx – nothing changed, restarted mysql – nothing changed, restarted PHP – the site worked. I didn’t attach any importance to this, because after 5 years of swimming in money I became very lazy, and continued to ride on a yacht with busty girls. At 20:47 I discovered that the site was giving a new error 404 Not Found nginx, I tried to log into the server via SSH and could not, the password did not match, as it turned out later, all the information on the disks was erased. Due to my personal negligence and irresponsibility, I relaxed and did not update PHP on time; PHP 8.1.2 version was installed on the servers, which was successfully tested for penetration, most likely this CVE https://www.cvedetails.com/cve/CVE -2023-3824/, as a result of which access was gained to two main servers where this version of PHP was installed. I understand that perhaps it was not this particular CVE that was involved, but something else, for example 0day for PHP, but I cannot be 100% sure of this, because it is reliably known that the version installed on my servers was affected already known vulnerability, so most likely this is how access to the servers of the panel with admin panels and chats for victims and to the blog server was gained. Now the latest version of PHP 8.3.3 is installed on the new servers. If anyone discovers a CVE for this version, please be the first to let me know and receive a reward. The problem concerns not only me.
2Anyone who has used vulnerable versions of PHP, be aware that your server could have been compromised, I’m sure many competitors could have been hacked the same way, and they didn’t even understand how it happened.
I am sure that familiar forums were also hacked via PHP, there are good reasons to be sure of this, and not only because of my hacking, but also because of information from informants. I accidentally noticed a problem with PHP, and only I have a decentralized infrastructure with different servers, so I was able to quickly understand how the attack occurred, if I did not have backup servers that do not have PHP, I might not have guessed how the hack occurred.
The FBI decided to hack right now for only one reason, because they did not want to leak information from https://fultoncountyga.gov/, the stolen documents contain a lot of interesting things and the court cases of Donald Trump, which could affect the course of the upcoming elections in the United States. Personally, I will vote for Trump, because the situation on the border with Mexico is some kind of nightmare, it’s time for Biden to retire, he is a puppet. If not for the FBI attack, the documents would have been published on the same day, because the negotiations reached a dead end, immediately after the partner published a press release on the blog, the FBI did not like it that the public found out the true reasons for the failure of all systems in this city . If it weren’t for the election situation, the FBI would have continued to sit on my server, waiting for any leads to arrest me and my partners, but to avoid being caught, you just need to launder cryptocurrency efficiently. The FBI can sit on your resources and also collect information useful for the FBI, but not show the whole world that you have been hacked, because you do not cause any critical damage, you only bring benefits. What conclusions can be drawn from this situation? Very simple, that we need to attack the .gov sector more often and more, it is after such attacks that the FBI will be forced to show me my weak points and vulnerabilities and make me stronger. By attacking the .gov sector, you can find out for sure whether the FBI has the ability to attack us or not.
Even if you updated your PHP version after reading this information, this will not be enough, because you need to change the hoster, the server, all possible passwords, user passwords in the database, audit the sources and transfer everything; there is no guarantee that you have not been assigned to server. There are no guarantees that the FBI does not have a 0-day for your servers about which they have already learned enough information to hack again, so only a complete change of everything that can be replaced will help. All other servers with backup blogs on which PHP was not installed were not affected and will continue to distribute data stolen from the attacked companies. As a result of hacking the servers, the FBI received a database, web panel sources, locker stubs, which are not sources as they claim, and a small part of unprotected decryptors, they claim 1000 decryptors, although there were almost 20,000 decryptors on the server, most of which were protected and cannot be used by the FBI. Thanks to the database, they learned the generated nicknames of partners that have nothing in common with their real nicknames on forums and even nicknames in messengers, not deleted chats with attacked companies and, accordingly, wallets for money, which they will use to conduct investigations and look for all those who are not launders crypto, and perhaps arrest people involved in laundering and accuse them of being my partners, although this is not the case. All this information has no value, because all this is transferred to the FBI and without hacking the panel, after each transaction by insurance agents or negotiators.
The only thing that is valuable and a potential threat is the source code of the panel, thanks to them, future hacks are likely possible if everyone is allowed into the panel, but now the panel will be divided into many servers, for trusted partners and for random people, up to 1 copy of the panel for 1 partner per separate server, previously there was one panel for everyone. Thanks to the division of the panel and larger-scale decentralization, the absence of a trial decrypt in automatic mode, maximum protection of decryptors for each company, the chance of hacking will be significantly reduced. Competitors also leaked the source code of the panel, but it didn’t stop them from continuing their work, and it won’t stop me either. The FBI says that they received about 1000 decryptors, a beautiful figure, but it does not look like the truth at all, and they received some unprotected decryptors, those locker builds that were made without the “maximum decryptor protection” checkbox could have been received by the FBI only in the last 30 days, it is not known on what day the FBI gained access to the server, but the date of publication of the CVE and the date when PHP issued an error are known for sure; until February 19, the attacked companies regularly paid even for unprotected decryptors, so there is a possibility that the FBI were on the server for only 1 day, it was It would be nice if the FBI published all the decryptors in the public domain, then they could trust that they really own the decryptors, and are not bluffing and praising their superiority, and not the superiority of 1 smart pentester with a public CVE. Please note that the vast majority of unprotected decryptors come from partners who encrypt brute-force Dediks and spam single computers, taking ransoms of $2,000, i.e. even if the FBI has 1000 decryptors, they are of little use, the main thing is that they did not receive all the decryptors for all 5 years of work, the number of which is about 40,000. It turns out that the FBI were able to take possession of only 2.5% of the decryptors from the total number, but this is bad , but this is not fatal. From this significant moment, when the FBI cheered me up, I will stop being lazy and will make sure that absolutely every build of the locker will have maximum protection, now there will be no automatic trial decrypt, all trial decrypts and the issuance of decryptors will be done only in manual mode. Thus, in the event of a possible next attack, the FBI will not be able to obtain a single decryptor for free.
Probably everyone has already noticed how beautifully the FBI changed the design of the blog, they have never given such honors to anyone, usually everyone was simply given the usual plug with praise from all the special services of the world. Although in fact only one person from all over the planet deserves praise, it was the one who conducted a pentest of my site and selected the necessary CVE public, I wonder how much he was paid, how much was his bonus? If it’s less than a million dollars, then come work for me, with me you’ll probably earn more. Or just come talk to me at tox 3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D709C3C4AE9B7 remember that I always have an active bug bounty program and I pay money for the bugs I find. The FBI doesn’t value your talents, but I do and am willing to pay generously. I wonder why the blogs of alpha, revil, and hive were not designed so beautifully? Why didn’t the deanons publish them? Although the FBI knows their identities? Strange isn’t it? because with such stupid methods the FBI is trying to intimidate me and force me to stop working. A designer from the FBI should work for me, you have good taste, I especially liked the new preloader, we should do something similar in the new update, the USA, UK and Europe revolve around my logo, a brilliant idea, they really did it for me, thank you . A couple of my partners were allegedly arrested, to be honest, I very much doubt it, most likely these are just people who launder cryptocurrencies, perhaps they worked for some mixers and drop exchangers, so they were arrested and considered my partners, it would be interesting to see the video arrest, where they have houses, Lamborghinis and laptops with evidence of involvement in our activities, but for some reason it seems to me that we will not see this, since the FBI arrested random people to receive a certificate of honor from the management, they say, look, there are landings, we We don’t get the money in vain, we honestly work out taxes and put random people in jail, while real pentesters calmly continue their work. Busterlord hasn’t been caught, I know Busterlord’s real name and it’s different from the poor guy the FBI caught.
I don’t know any military journalist from Sevastopol, Colonel Kassad, and I’ve never donated money to anyone. It would be nice if the FBI showed the transaction so that I could check on the blockchain where they came from such conclusions and why they claim that it was me who did it, never I don’t do a single transaction without a Bitcoin mixer. If I could use the same cryptocurrency exchange service that someone from Evil Corp used, this does not mean at all that I am related to Evil Corp, again, where are the transactions? How do I know who uses which exchanger? I use different exchangers and do not concentrate all my money on one cryptocurrency exchanger. Let’s blame the hundreds of other people who use public exchanges for being Evil Corp. I really don’t like that all such stuffing is done without publishing transactions and wallets, so it is impossible to check what is true. You can accuse me of anything without proving anything, and I can’t refute it in any way, because there are no Bitcoin transactions or wallets. The FBI states that my income is more than 100 million dollars, this is true, I am very glad that I deleted chats with very large payments, now I will delete small payments more often too. These numbers indicate that I am on the right track, that even making mistakes does not stop me and I correct mistakes and continue to earn money. This shows that no FBI hack can stop a business from thriving, because what doesn’t kill me makes me stronger. All the actions of the FBI are aimed at destroying the reputation of my affiliate program, demoralizing me, they want me to leave and quit my job, they want to scare me because they can’t find and eliminate me, they can’t stop me, you can’t even hope until I alive, I will continue to do pentesting with post-payment.
I am very pleased that the FBI cheered me up, brought me into good shape and forced me to break away from entertainment and spending money, it is very difficult to sit at a computer with hundreds of millions of dollars, the only thing that motivates me to work is strong competitors and the FBI, there is an interest in sports and a desire to compete. With competitors, who will earn more money and attack more companies, and with the FBI, will they be able to catch me or not, and I am sure that they will not be able to, looking at the methods they work with. The FBI promised to publish my deanon, but did not fulfill their promise, these people dare to lie that I allegedly do not delete the stolen company information after paying the ransom, they staged a clown show. It turns out that the FBI have officially admitted that they are liars and lie very often, as my friends, lawyers Arkady Bukh, Dmitry Naskavets and Viktor Smilyanets, stated, and now I believe them 100%. They made a stupid attempt to discredit me, said that I work for the FBI, a man who encrypts US companies every day, and makes hundreds of millions of dollars, does it with the approval of the FBI? Is that how it works? Very clever. You might think, why should I work with hundreds of millions of dollars?
And I will answer that I’m just bored, I love my job, it brings me joy from life, money and luxury don’t bring such joy as my work, that’s why I’m ready to risk my life for the sake of my business, which is exactly how bright, rich and dangerous it should be be life on my mind. *when I write the word FBI, I mean not only the FBI, but also all their assistants who know how to arrest partner servers that act as the first layer after data theft from an attacked company and are of no value:
South West Regional Organized Crime Unit in the U.K., Metropolitan Police Service in the U.K., Europol, Gendarmerie-C3N in France, the State Criminal Police Office L-K-A and Federal Criminal Police Office in Germany, Fedpol and Zurich Cantonal Police in Switzerland, the National Police Agency in Japan, the Australian Federal Police in Australia, the Swedish Police Authority in Sweden, the National Bureau of Investigation in Finland, the Royal Canadian Mounted Police in Canada, and the National Police in the Netherlands.
Therefore, I ask you not to be offended, I have not forgotten about you, you were also very useful in this operation. But let me remind you that I personally think the only person who deserves a prize and a certificate of honor is the one who selected the appropriate public PHP CVE for my servers, I assume this is someone from Prodaft.
A list of backup blog domains that the FBI could not reach because PHP was not installed on these servers. These servers host not only the companies that you can see on the main domain, but also many companies that were submitted for downloading manually, i.e. links for which are secret and are published if the company refuses to pay the ransom, for example:
- http://lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion/secret/d8103cc7ba967d32a268d5cb3cff5b29/8×8.com http://lockbit7z2jwcskxpbokpemdxmlt ipntwlkmidcll2qirbu7ykg46eyd.onion/secret/7bbed20cee2fef7f16def020b3690b0f/muellersystems.com http://lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion/secret/7b20fb8ef3064e45ce4954446cc6e858/boeing.com http://lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion/secret/c852ee1bccff6830b7316afb016be962/estes-express.com http://lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion/secret/a38cdf047c11d9a8cdcff00da7f62385/cityofclarksville.com http:/ /lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion/secret/23f187fabd0681c79f1b0107275bdd27/esser-ps.de http://lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.on ion/secret/8c877f8eae9e950552605a44f0485835/heinrichseegers.de http://lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion/secret/0fa4f7c543ddc8203f772322a2b0203e/hotelemc 2.com http://lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd. onion/secret/46216a24a00ccd4cdc6d96c7c82ebd69/roehr-stolberg.de http://lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion/secret/ab738d1822d63fa3e81193b75b89fb8b/ro th-werkzeugbau.de http://lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion/secret/dd20772d156397072e50c5ce8af54994/schuett-grundei.de http://lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2q irbu7ykg46eyd .onion/secret/0b8fe87adbd6a829b1af92bbb482f473/starkpower.de http://lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion/secret/8d1ff2c9e62ae75972b8371b789c8a69/thewalkerschool. org http://lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion/secret/b7f14428465e73416571d7f0ace4e1f8/unitednotions.com http://lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.on ion/secret/ cad65f46efbec2e5f1ab35d1b1d40b34/wombleco.com http://lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion/secret/2a366160a6eeba8ffb0d21d734148e57/gitiusa.com http://lockbit7z2j wcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion/secret/70ef5f8ac50d8d7e09ad8c4478cff8e8/Good-Lawyer.com http://lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion/secret/12eee6 5c430a7f2a3a8317acb68b1303/aei .cc http://lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion/secret/b946864a63e28e9177d4a5fe7834ed1d/carsonteam.com http://lockbit7z2mmiz3ryxafn5kapbvbbiywsxwovasfkgf5dqqp5kx lajad.onion/secret/5c60836b0eccdc9845b9c9e278e0033a/dena.de/
these and many other companies have survived, they will be published later in a new blog.
Mirrors of a backup blog, you can substitute any domain for secret links, if any domain is overloaded with people wanting to download stolen data:
- http://lockbit7z2jwcskxpbokpemdxmltipntwlkmidcll2qirbu7ykg46eyd.onion/ http://lockbit7z2mmiz3ryxafn5kapbvbbiywsxwovasfkgf5dqqp5kxlajad.onion/ http://lockbit7z2og4jlsmdy7dzty3g42eu3gh2sx2b6ywtvhrjtss7li4fyd.onion/ http://lockbit7z355oalq4hiy5p7de64l6rsqutwlvydqje56uvevcc57r6qd.onion/ http://lockbit7z36ynytxwjzuoao46ck7b3753gpedary3qvuizn3iczhe4id.onion/ http://lockbit7z37ntefjdbjextn6tmdkry4j546ejnru 5cejeguitiopvhad.onion/ http://lockbit7z3azdoxdpqxzliszutufbc2fldagztdu47xyucp25p4xtqad.onion/ http://lockbit7z3ddvg5vuez2vznt73ljqgwx5tnuqaa2ye7lns742yiv2zyd.onion/ http://lockbit7z3hv7ev5knxbrh svv2mmu2rddwqizdz4vwfvxt5izrq6zqqd.onion/ http: //lockbit7z3ujnkhxwahhjduh5me2updvzxewhhc5qvk2snxezoi5drad.onion/ http://lockbit7z4bsm63m3dagp5xglyacr4z4bwytkvkkwtn6enmuo5fi5iyd.onion/ http://lockbit7z4cgxvictidwfxpuiov4scdw34nxot mbdjyxpkvkg34mykyd.onion/ http://lockbit7z4k5zer5fbqi2vdq5sx2vuggatwyqvoodrkhubxftyrvncid.onion/ http://lockbit7z4ndl6thsct34yd47jrzdkpnfg3acfvpacuccb45pnars2ad.onion/ New main blog domains http://lockbit3753ekioc yo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/ http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/ http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/ http://lockbit435xk3ki62yun7z5nhwz6jyjdp 2c64j5vge536if2eny3gtid.onion/ http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/ http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/ http://lockbit7ouvrsdgto jeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
Even after the FBI hack, the stolen data will be published on the blog, there is no chance of destroying the stolen data without payment. After introducing maximum protection for each locker build, there will be no chance of a free decrypt even for 2.5% of attacked companies.
New partners can work in my affiliate program if they have a reputation on the forums, can prove that they are pentesters with post-payment, or by making a deposit of 2 bitcoins, the increase in the deposit is associated with evidence and beautiful advertising from the FBI, which is that my partners and I earn hundreds of millions of dollars together, and also that no FBI with its assistants can scare or stop me, the stability of the service is guaranteed by years of continuous work. Write to tox 3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D709C3C4AE9B7 Why did it take 4 days to recover? Because I had to edit the sources for the latest version of PHP, since there was incompatibility.
Best regards,
LockBit.
You must be logged in to post a comment.