Jump to content
Guidelines - Read before posting!

A Scamming Company Dilemma

Token

By Token
in Chit Chat

 Share

Recommended Posts

Token Too Much Spare Time

Token

Posted
Posted

Wow, first time being back here in a few months... Hello everyone.

Basically I have a bit of an issue and I thought I'd ask the wise hub of TF Chit-Chat for advice.

The story is I advertised my mums car for her on the AutoTrader and she had a guy phone up claiming to be from a car credit finance company claiming they had 3 buyers for the car, she initially refused as it sounded dodgy but after the 3rd phone call she gave in and on the promise that she would be refunded her initial payment of £99.99 if the buyer didn't turn up. You probably guessed it, buyers didn't turn and the company refused any acknowledgement (they're also apparently based in Cyprus after doing a bit of research). On a quick google, there's a few forum posts in other forums claiming the company to be a scam also. The bank also refuse to do anything about it because she gave her details over to them, they may be able to do a chargeback for not receiving services she paid for but it looks pretty unlikely.

As I don't generally agree with people that steal from other people I thought I'd do something about it so I hacked their website (I know there are people that are going to disagree with what I did here, but I'll get over it) Now I have admin access to their website and databases with a so claimed 23,924 peoples details. So what do I do? Ideally I'd like to report them to the Financial Services Authority, Ofcom or the Financial Ombordsman with all the details I've got, but I'm not sure.

What do I do?

  • Like 1
Link to comment
Share on other sites
Token Too Much Spare Time

Token

Posted
  • Author
Posted

Deleteing all their entries from their databases won't stop them from what they're doing. I'm pretty sure they have a backup and if they don't they only have to start phoning more people up from AutoTrader/eBay and start over with a new database, I didn't mention before but the first time I hacked their website I changed all the drop down boxes so instead of different makes and models of cars to select from it just came up with one entry to choose from and it was 'SCAMMING F**KS'. After I did that, I had my dinner and by the evening they'd realised and restored everything and changed their admin username and password.

What to do? I want some good to come from it rather than just defacing their website.

Surely you can change the website to say 'Scammers United' an all sorts of shit?

Kiddy porn :shifty:

Unfortunately I have limited Admin Access, I don't think I can modify their main website only everything to do with the databases. Deleting/Saving all their 23,000 users, creating false entries etc. I'll have a proper look because it'd be nice to lock them out of the admin portal and put some pretty horrific shit on there, but like I said before, I really would prefer to get Financial Services Authority involved or something like that.

Link to comment
Share on other sites
Max Quinn Too Much Spare Time

Max Quinn

Posted
Posted (edited)

but like I said before, I really would prefer to get Financial Services Authority involved or something like that.

Thing is, what you've done's also illegal so surely that's not really possible now?

Edit: Can you send mailouts to everyone on their database?

Edited by Max Quinn
Link to comment
Share on other sites
JD™ Post Whore

JD™

Posted
Posted

Edit: Can you send mailouts to everyone on their database?

Oooh, that's a good idea. "Have you been scammed by xx? Send this* email to: fsa@fsa.gov.uk - If we all do it they might take notice"

*This would be an attachment which you'd written as a complaint. 23,000 emails would be pretty tough to ignore. However, you'd have to have a provider that would let you send that many emails because I assume you don't have their SMTP details.

Link to comment
Share on other sites
Token Too Much Spare Time

Token

Posted
  • Author
Posted

Oooh, that's a good idea. "Have you been scammed by xx? Send this* email to: fsa@fsa.gov.uk - If we all do it they might take notice"

*This would be an attachment which you'd written as a complaint. 23,000 emails would be pretty tough to ignore. However, you'd have to have a provider that would let you send that many emails because I assume you don't have their SMTP details.

It is a good idea, and although I have access to all 23,000+ email addresses and names, the admin portal is literally a customer search (which lists all customers + their details) and I have the ability to edit each customer individually.

My SQL knowledge is limited so I'm not too sure on how to save all of the details in one go. (it'd take forever to go through 23,000 users individually)

Link to comment
Share on other sites
JD™ Post Whore

JD™

Posted
Posted

It is a good idea, and although I have access to all 23,000+ email addresses and names, the admin portal is literally a customer search (which lists all customers + their details) and I have the ability to edit each customer individually.

My SQL knowledge is limited so I'm not too sure on how to save all of the details in one go. (it'd take forever to go through 23,000 users individually)

It's been 6 years since I touched SQL, and even then it was only very basic, but wouldn't something like:

SELECT email FROM table WHERE email==" "

work?

That'd just give you a list of email addresses if I've got the right head on. Oh, and I can't remember not equal in SQL, so it might not be == but I'm sure you know.

Link to comment
Share on other sites
anzo Thats Enough Now Tart

anzo

Posted
Posted

This will certainly be backed up - so I think subtle changes would be best a complete deletion will bugger things up for a couple of days for sure, but they'll soon have the data restored and be back in business; probably with better security than what they previously had...

  • Like 1
Link to comment
Share on other sites
Token Too Much Spare Time

Token

Posted
  • Author
Posted

The best plan, the likelihood is that you will never get that £99 back. But you could cause a lot more than £99 worth of damage.... (not that I condone this, just stating the facts :))

In a related incident:

http://www.blackbergsecurity.us/

Ha I like that deface! I'm abit annoyed that I don't know enough about SQL databases to be able to get more info :(

Just out of interest can we have a look at the website/company?

I don't really want to give that sort of info away after just admitting hacking their admin account with being a long time member of this forum, people know my name and where I work etc. It's just not worth the hassle.

This will certainly be backed up - so I think subtle changes would be best a complete deletion will bugger things up for a couple of days for sure, but they'll soon have the data restored and be back in business; probably with better security than what they previously had...

Yeah it was backed up last time after I defaced the drop down boxes and it went back to being normal again pretty soon which was annoying and they changed the login details.

Link to comment
Share on other sites
Max Quinn Too Much Spare Time

Max Quinn

Posted
Posted

Semi related: Some fanny hacked my website, Broken Culture, this morning. Home page just read:

Hacked by number 7

Best defacer in Kairouan-Tunisia.

GreeTz;Top-Sec 1337db.com zone-h/crew

an.7@live.fr

I managed to restore it all back fairly painlessly but still, what kind of pleb does that?

What do people get out of it? Especially targeting small, non profit websites. Is it literally just food for the inferiority complex of a spotty geek with a small dick, or is there some higher purpose?

When I first saw the Matrix there was me thinking hackers were cool, but there just bellends with something to prove, desperate for attention.

Link to comment
Share on other sites
Token Too Much Spare Time

Token

Posted
  • Author
Posted

Semi related: Some fanny hacked my website, Broken Culture, this morning. Home page just read:

I managed to restore it all back fairly painlessly but still, what kind of pleb does that?

What do people get out of it? Especially targeting small, non profit websites. Is it literally just food for the inferiority complex of a spotty geek with a small dick, or is there some higher purpose?

When I first saw the Matrix there was me thinking hackers were cool, but there just bellends with something to prove, desperate for attention.

I think most of the time it's script kiddies that a bit like chavs like to graffiti on pointless things, I don't understand the mentality and I agree it's pointless. I'm not doing this for fun though, I genuinely don't like scammers.

Is there anyone with some SQL knowledge? This is part of the string that I can use to obtain information:

/Customer_Search_Result1.asp?CurrentPage=1234&vadsid=&cname=%20&email=&postcode=&telephone=&mobile=&user_status=live

In red is where I can select different page numbers upto about 2300 pages I think, each with 10 users on each page, however I want to view all entries on one page so that should make it possible to save the whole database perhaps :S anyone know how I can make that possible or better way?

Link to comment
Share on other sites
Max Quinn Too Much Spare Time

Max Quinn

Posted
Posted

I think most of the time it's script kiddies that a bit like chavs like to graffiti on pointless things, I don't understand the mentality and I agree it's pointless. I'm not doing this for fun though, I genuinely don't like scammers.

Yer not relating you to that at all. Just I know for a fact that guy has no reason to do that to me and potentially could have royally f**ked over a lot of work, just to get his name on a site that only gets 200 visitors a day anyway.

But yer I guess I can't really talk, as it is a bit like internet graffiti.

Link to comment
Share on other sites
Azarathal Trials Elite

Azarathal

Posted
Posted

You might want to ask Tom or Danny to delete this thread after you're done. Just for good measure.

It'll still show up in search engines until the search engines clear their cache, as well as having being impossible to remove from the server completely. Removing this thread will do nothing.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...