H4xx0red – we 0wn j00 s3nd b1tc01n. or just use a password manager.

You know the e-mails I’m talking about. Yes you know exactly what i mean, that shit that goes into your spam folder and you wish you could respond to it. i must admit, since they became all the rage they are becoming somewhat less sophisticated.

Lets have a laugh at the latest one that dropped into my inbox.

SUBJECT: High level of danger. Your account was under attack.
Hel­lo!
 I have very ba­d news for you.
 27/12/2019 - on this day I ha­cked your OS and got full access to yo­ur account
 So, you can c­hange the password, yes.. But my malware inter­cepts it every time.
 How I made it:
 In the softw­are of the router, throug­h which you went online, was a vulne­rability.
 I just hacked this router and placed my malicious co­de on it.
 When you went onli­ne, my trojan was installed on the OS o­f your device.
 After that, I m­ade a full dump of your dis­k (I have all your address book, his­tory of viewing sites, all fi­les, phone numbers and addres­ses of all your contacts).
 You can ch­eck it - I sent this message from yo­ur account firestarter@swat-eam.org.uk
 A month ago, I wa­nted to lock your device and as­k for a not big amount of btc to unlock.
 But I looked at the sites that you regularly visit, and I w­as shocked by what I saw!!!
 I'm talk you about sit­es for adults.
 I want to sa­y - you are a BIG pervert. You­r fantasy is shifted far aw­ay from the normal course!
 And I g­ot an idea….
 I mad­e a screenshot of the ad­ult sites where you ha­ve fun (do you under­stand what it is about, huh?).
 After that, I made a scr­eenshot of your joys (using the ca­mera of your device) and glued them to­gether.
 Turned out ama­zing! You are so spectacular!
 I'm know t­hat you woul­d not like to sh­ow these screen­shots to your fri­ends, relatives or col­leagues.
 I thi­nk $774 is a very, very small amount for my silence.
 Besides, I have been spying on yo­u for so long, having spent a lot of time!
 Pay ONLY in Bi­tcoins!
 My BTC wall­et: 1SWATeAmcr9wuCbFGdAkPZi4KoXBjjMFe (yes this is ours not the one in  the actual email)
 You do no­t know how to use bitcoins?
 Enter a query in any s­earch engine: "how to replenish btc wallet".
 It's extreme­ly easy
 For this pay­ment I give you two days (48 hours).
 As soon as this letter is open­ed, the timer will work.
 After payment, my vi­rus and dirty screenshots with your en­joys will be self-destruct automatically.
 If I do not receive from you the specified am­ount, then your device will be locked, and all your con­tacts will receive a screenshots with your "enjoys".
 I hope you understand your si­tuation.
 Do not try to fin­d and destroy my virus! (All your data, files and scr­eenshots is already uploaded to a remote server)
 Do not try to contact me (you yourself will see that this is impo­ssible, I sent you an email fro­m your account)
 Various security se­rvices will not help you; formatting a disk or destroying a device will not h­elp, since your data is already on a remote server. 
 P.S. You are not my sin­gle victim. so, I guarantee you that I wil­l not disturb you again af­ter payment!
  This is the wo­rd of honor hacker.
 I also ask you to regularly upd­ate your antiviruses in the futu­re. This way you will no longer fall into a sim­ilar situation.
 Do not hold evil! I j­ust do my job.
 Good luck.

I mean seriously? this guy doesn’t even have a grasp of the English language and he expects me to send him bitcoin? in all fairness the level of English shown; shows someone that simple that i very much doubt they can grasp the concept of bitcoin.

Yes we all know this dipshit probably has English as his 3rd language or something (given the depths of serious grammatical errors – which is saying something given the original releases of SWAT Magazine – arr, 1998 was a shit year for the English language), but i mean seriously, if you want to try and scam some fucker at least put in some effort.

Don’t go trawling the darknet for hacked databases, extract all of the email addresses, throw together some weak effort of a spam mail and fire it off using some dubious SMTP server you bough for $3 from some kid in Romania only to have it delivered directly into the junk folder, all of that effort wasted. Note that the actual bitcoin address that was listed in the email received a total of 0 transactions many days after the fact.

Skids these days are just lazy.

Actually, if I’m honest it was after these e-mails became a bit of a fad that i started taking note of things, the interesting and unnerving ones that i received where the ones that had old passwords in them, chances are you’ve had one too.

Now don’t get me wrong, I’ve been known to have various permutations of several passwords, but once that shit starts getting decrypted out of databases, or even worse pulled plaintext from one SQL dump, shit starts getting worrying.

To make matters worse, every site on the net these days requires that you sign up and give them details of some description, i feel really sorry for all of the identities that I’ve been using over the years, god knows how much junk mail those poor buggers are getting.

Anyhow its actually what got me looking into password managers, personally I’ve never trusted the things, hell, back in the day the USA’s third biggest domain registrar couldn’t stop SWAT from owning all of its domain names, what chance do we have of some fucker looking after all of your passwords?

Well technology has moved on and i doubt very much they keep all of the login and passwords available in plaintext in a publicly readable directory, but nonetheless I’m always sceptical.

Upon further looking into things it’s quiet clever, despite the usual gimmicks of easily generating a 52 character password using the usual upper, lower, numbers and symbols, your password database is essentially encrypted using your “master password” so as long as you don’t go using shit like “p4ssw0rd” or or “letmein” then it should be reasonably secure.

So keep your 52 character passwords all nice and secure, auto fill them where you need to, update them on a whim and all that usual bollocks.

If you’re interested then check out LastPass, I’ve been using it for the last couple of years and had no issues, plus I’ve found you can use it to track down what databases have been hacked, the next time you get some skid emailing you with your password, tie it up to what site you’ve used it with.

Assuming that the database was plaintext of course, nobody is going to waste the CPU or even multiple GPU power decrypting some of the shit you can generate from the browser plugin.

Use it or don’t, i couldn’t care less, but its your accounts, not mine.