Disclaimer: I am not a Black Hat hacker. If anything I am Grey Hat at worst, but I consider myself White Hat. I try my hardest not to break the laws of the land I am in when I know about them.
The following private conversation below is a dialog I had on IRC with a Black Hat. I have obscured the conversation to hide his or her contact details and other information throughout the conversation that may give hints as to who this person is. Normally, I do not snitch on people unless they are directly going to endanger other peoples lives. This is why I am protecting this persons information. I enjoy social networking with all kinds of people, even if they are the kind of person that is on what people consider to be the “evil” side. My integrity for the bad guys means just as much to me as it does for the good guys. One thing I must state though is that I do not wish to be in contact with people that are foreign nationals or stupid people that are going to tell me about classified information. So if you have classified information, don’t talk to me about it. I do not want to end up being the next Adrian Lamo.
I am publishing this conversation for two reasons. (1) Because I want to show people out there that real computer crimes are out there (paying well) and (2) I wanted to flaunt that this person apparently thinks I have enough skills that they sought me out to break into a database and steal personal information. I am flattered really, but again I am not a Black Hat and would never do anything like this. With that said, here is the conversation:
— Log opened Fri Jul 02 09:13:48 2010
09:13 -!- Irssi: Starting query in #obscured# with #obscured username#
09:13 <obscured> hello
09:19 <Dantevios> hi
09:20 <obscured> Nice to meet you
09:20 <obscured> I want to know you,and i make you my friend .Could i?
09:21 <Dantevios> Nice to meet you too, it is possible. I do like making friends, especially in the information security field. Where are you from?
09:23 <obscured> I’M from #obscured#
09:23 <Dantevios> Very interesting. I must ask though, do you work for the #obscured# government?
09:24 <Dantevios> Or are you a Nationalistic hacker?
09:25 <obscured> no
09:25 <Dantevios> Very good then, we can be friends 
09:25 <Dantevios> How old are you?
09:25 <obscured> #obscured#
09:26 <obscured> are you?
09:26 <Dantevios> I’m 23
09:26 <Dantevios> What do you do for a living?
09:28 <obscured> I’m work about business information
09:28 <Dantevios> cool, do you have a website or a blog?
09:29 <obscured> sorry,no
09:30 <obscured> are you hacker?
09:30 <Dantevios> I wouldn’t say I was a hacker, but a Penetration Tester sure.
09:30 <Dantevios> Hacker carriers a negative connotation in America, we don’t like to use that word to classify our profession.
09:32 <obscured> Understand
09:32 <obscured> I need to hacking the database
09:32 <obscured> i need your help
09:34 <obscured> hello,in?
09:35 <obscured> Of course, I will pay you
09:36 <Dantevios> What database?
09:36 <obscured> #obscured# Database
09:37 <Dantevios> This is a company? #obscured#?
09:39 <obscured> #obscured#
09:40 <Dantevios> do they have a website or something? I’m not sure what you are referring to
09:42 <obscured> I need the Mobile phone users date
09:42 <obscured> #obscured website#
09:43 <Dantevios> why me? and how much would you pay for this data?
09:44 <obscured> 10000 dollar
09:44 <Dantevios> US?
09:44 <obscured> yes
09:45 <Dantevios> and how will you pay me?
09:47 <obscured> Bank Transfer
09:48 <obscured> or eBay
09:48 <Dantevios> you have never done something like this before have you?
09:49 <Dantevios> don’t you know escrow? paypal? etc
09:49 <obscured> yes.i know
09:50 <Dantevios> What kind of data are you looking for specifically?
09:51 <obscured> the Mobile phone users date
09:51 <Dantevios> yeah, are you looking for accounts/passwords or numbers or what kind of data
09:51 <Dantevios> there is a lot of data
09:53 <obscured> For example, the number, zip code, ID card, the bill, the age. . .
09:53 <obscured> yes
09:54 <obscured> 50-200G
09:55 <Dantevios> what do you mean 50-200G?
09:55 <obscured> I guess, maybe not so much?
09:56 <Dantevios> I don’t understand these numbers 50-200G
09:56 <Dantevios> what are you referring to when you say 50-200G?
09:58 <obscured> the database capacity
09:59 <Dantevios> 50-200 gigabytes of data?
09:59 <obscured> yes
09:59 <Dantevios> Is there any way I can contact you other than IRC?
10:01 <obscured> do you have ICQ?
10:01 <obscured> or gtalk?
10:01 <Dantevios> I have gtalk, what is your gtalk?
10:02 <obscured> #obscured email address#
10:05 <Dantevios> and ICQ?
10:06 <obscured> #obscured ICQ number#
10:07 <Dantevios> How did you find out about me? Did you just message me because I was in #obscured chatroom# ?
10:09 <obscured> no
10:09 <Dantevios> ah, where have you heard of me before then?
10:12 <obscured> a friend in network. but I forgot the name
10:13 <Dantevios> A friend I wrote an email harvesting tool for perhaps?
10:17 <obscured> no understand
10:18 <Dantevios> Well you have contacted me from no where and I don’t know who you are, but you know who I am. I am trying to figure out how my friends know your friends .
10:19 <Dantevios> This is about trust.
10:19 <obscured> understand
10:20 <obscured> what do you know?
10:20 <Dantevios> what do I kno wabout what?
10:20 <Dantevios> what do I know about what? *
10:21 <obscured> Do you want to know?
10:21 <Dantevios> yes
10:22 <obscured> #obscured email#
10:22 <obscured> it’s gtalk
10:23 <Dantevios> he told you about me?
10:27 <obscured> yes
10:27 <Dantevios> How does he know me? I do not know him….
10:28 <obscured> This I don’t know
10:29 <Dantevios> When do you need this information by?
10:33 <obscured> July, August.The sooner the better
10:35 <obscured> hello,in?
10:36 <obscured> 2010.7-2010.8.The sooner the better
10:36 <Dantevios> Give me some time to think about it. I am at work right now. I must bet back to my job. If I am in, I will contact you.
10:38 <obscured> ok.thanks.How do I contact you?
10:40 <Dantevios> You don’t. I will contact you.
10:41 <obscured> ok
10:43 <obscured> What time can you contact me?
10:44 <obscured> last?
10:47 <Dantevios> I will contact you by emailing you at #obscured email#
10:49 -!- obscured [~#obscured#] has quit [Ping timeout: 240 seconds]
— Log closed Fri Jul 02 10:55:26 2010
— Log opened Fri Jul 02 11:11:56 2010
11:11 <obscured> hello,in?
11:14 <Dantevios> hi, what?
11:15 <obscured> What time can you contact me?last time
11:18 <Dantevios> I told you I will contact you by email, probably at around 00:00 GMT
11:18 <Dantevios> to your address #obscured#
11:19 <obscured> ok
— Log closed Fri Jul 02 11:24:26 2010
— Log opened Fri Jul 02 12:11:05 2010
12:11 -!- obscured [~#obscured#] has quit []
— Log closed Fri Jul 02 12:16:26 2010
http://theweek.com/article/index/204061/wikileaks-who-is-hacker-hero-adrian-lamo
Here you see I scanned the pizza flyer into my computer on the front and back side. I believe this is the legitimate flyer from the phishing scam. I say this because if you look up the numbers on the flyer they are unpublished. What kind of business does not want their number publicly known? Also if you look up numbers for Roma’s Pizza in Orlando Florida near universal, the closest one away from the Imperial Swan hotel is on International Dr. and their numbers are different from the numbers on this flyer. In fact, no numbers for Roma’s Pizza in the area even come close to matching those the phone numbers listed on the flyer. I didn’t want to call the numbers on the flyer because I did not want my phone number to be data mined for advertisement schemes, but when my friend called at 3 am we did not get an answer. The flyer says they are open until 4 am. This may be a legitimate business on the flyer, but I sure am not going to call and find out. On another observation, this just goes to show you how lucrative a business phishing can be if people can afford to print out and distribute flyers at physical locations in order to steal your credit card/debit card information.