Logically Logo
BACK  BACK TO ALL EPISODES
Post to LI  Post to X  Post to FB
To: Shamane, Wes, Chris, Michelle, CJ, Ed
Subject Line: ‼ Urgent: Dark Web Forum Post Discovery - Read Immediately
Team,
As you know, our reputation has severely suffered. We were unable to restore our critical systems despite our best efforts, and many of our top customers’ personal photos and credit card data were compromised. After some careful consideration, Shamane and I decided it was best to pay the ransom and hoped the attacker would follow through with his promises.
Luckily, we’ve been able to rely on our cloud-based online platform to stay afloat. This helped us tremendously and, I believe, will continue to be our main revenue generator in the future.
In an effort to keep you all informed, I’d like to share something with you. As part of our ongoing investigation into the recent breach, a member of my team came across a post and video confession on a dark web forum from the threat actor himself. It’s unsettling, to say the least. His account reveals exactly how he executed the attack on us, exploiting vulnerabilities and trust within our systems. I’ve spoken with Shamane, and we decided it was best to share this information only with the executive team.
We’re sharing this to ensure we learn from our mistakes and prevent anything like this from happening again. I urge you to read this carefully and take its implications seriously.
Stay vigilant,
Josh
Shutter Pro CTO
THREAT FACTOR | FINALE

The Hacker’s
Step-by-Step
Takedown

The CTO uncovers a dark web confession from the hacker, exposing just how easily their systems were infiltrated.
Josh, CTO

An easy $5M. You can do it, too.

POSTED 7 OCTOBER 2024 - 3:20 AM

 
Tired of being disrespected by corporations? Yeah, me too. This company thought they could change their return policy without a heads-up—so I showed them what happens when you cross someone with the skills and the will to act.
Look, I’m not a horrible person, but when a company wrongs me, I will retaliate. So, here’s my blueprint for how I turned a camera company’s incompetence into a $5M payday:

Step 1: Exploit Their Weak Minds (Simple Phishing)

Honestly, chat, these normies are almost always too dumb to see what’s right in front of them. It’s embarrassing. After the store manager stiffed me by changing up the return policy on me, I decided to see if I could hack into her computer and reverse the charge for the camera myself. 
It was easy. I quickly found the manager’s email on LinkedIn, sent her a fake $200 charge notification email from her bank, and slapped a “call support” number in there that routed to me. It worked like a charm. She called the number in a panic, and I knew by the tone of her voice that I could get her to do whatever I wanted. She clicked on a masked link in an email I sent her and ended up giving me unattended access through AnyDesk. 

Step 2: Bask in Their Stupidity (Reconnaissance)

After looking around on the computer for a bit, I realized it was the store manager’s work device. I couldn’t believe it—she really logged onto her personal email on the store computer. HA. And in just a few minutes, I knew I struck gold.
I found out that they left their credit card data in a folder literally labeled “Credit Cards.” This proved, yet again, how brain-dead these people are. After that, I did a bit more digging and found a spreadsheet one of their nitwit IT members created containing important login credentials, including those for their active directory and security tools.
I also found a list of customers who’ve spent over $25K, their cyber insurance policy, and even an online repository where company and customer photos were stored. Even better? I gained access to their payment processor’s central database and realized that the encryption keys I found earlier worked across ALL of their brick-and-mortar locations.
It was like they were begging for someone with a brain to take control! And so I did :) I devised a plan to hold them for a $5M ransom, which seemed like a fair price for their absolute stupidity.

Step 3: Cripple Their Operations (Lateral Movement & Encryption)

With their security down, moving through their system was a breeze. I accessed the central payment processor database and encrypted every device in every store across the US. They didn’t have many left, to be honest. Those losers have a dying business if you ask me.
All it took to take them down was a few clicks. I scheduled a ransom note to appear right when their stores would be busiest. These corporate NPCs rely on their systems for everything, so crippling them with a single move was all too satisfying.

Step 4: Make Them Squirm (Ransom Demand)

After displaying the ransom note on all store devices, I reiterated the $5M ransom demand in an email to the CEO to drive the point even further. You mess with me; you get the big guns!
I knew it’d be easy to scare her, so I threatened her by saying, “You either pay the ransom or watch as I expose your customer data and destroy your payment processors.” And believe me, I could’ve asked for more if I wanted to. Their weak systems made them easy targets.

Step 5: Exploit Personal Relationships (Vishing Call)

I was surprised that I hadn’t heard back from them for a while, so I decided to up the ante—for fun. Why not, right? I was monitoring the IT team’s system one day and saw that the Marketing Director had requested to reset his password. A quick LinkedIn search revealed that the Marketing Director was buddy-buddy with the IT Director. Jackpot. 
So, I did what any logical person would do and impersonated the Marketing Director by calling the IT Director “again” for his login. All I had to do was drop a few friendly lines, and the IT Director handed me access to the Marketing Director’s Shopify account.

Step 6: Push Them to the Brink (Customer Data Leak)

Once inside the backend of his Shopify account, I targeted their high-value customers. Duh, go where the money is. I sent each customer a personalized email with their “sensitive” photos. LOL. It was quite fun. Nothing scares those rich weaklings more than public embarrassment.
The company’s top clients were freaking out, and their reputation was imploding right in front of my eyes. It was everything I had hoped for and more.

Bottom Line

Here’s what I learned: So many high-dollar businesses out there are built on weak foundations, and this company was no different. These clueless employees are easy prey when you know how to play the game. 
The keys to success? Exploit their idiocy, infiltrate their systems, and use their own fragile relationships against them. If you’re tired of being looked down on, take control. After all, they deserve it, don’t they?

Don’t Let It Happen to You

Want to learn how to protect your organization from Shutter Pro’s fate? Watch our on-demand webinar, where Logically experts break down each episode and share strategies for stronger resilience.
BACK  BACK TO ALL EPISODES
Post to LI  Post to X  Post to FB