Mike,
You could be a competent hacker threatening my privacy and security, or you could be some idiot trying to scare me into paying up.
Let's see shall we? Let's start with your internet headers. You are posting from gmail. OK, I'll contact abuse at gmail.com with those details, have your account there killed. Same for safe-mail. If you can't even set up a secure email service then really, you aren't in the running as a computer hacker. Go set up your own email server on a bit of dark-matter IPv4 subnet. If you can't do that, well, that's you failing the competence test there and then.
Then there's the fact that the mail servers set a bulk precedence on the email, the implication being you are sending this out as some sort of mass mailing. Which combined with the fact that you fail to provide any data on the OS you hacked, how you broke in, or what data you retrieved, makes me suspicious.
Then there's the data you claim to have. My digital photos and other documents. Well, that's about 1.5 terabytes of data, which, given the atrocious uplink speeds of my substandard telco is going to take you significantly more than a week. At the rate they run, I'd estimate the egress rate of 1.5TB of data to be about four weeks of saturated uplink, and the computer hasn't been on that long this year.
Therefore before I even begin to take you seriously, please can you supply me with:
- the hostname, public IPv4 address of it, it's NATed subnet address to show you made it that far
- the operating system and version, including service pack and patch history. Otherwise, you are making the whole thing up.
- a hint as to how you broken in. If it's a browser 0-day exploit, identify the browsers used, and don't say IE, as our household has a no-IE policy. If it's something like Flash or PDF, identify the flash version and PDF browser in use, again, being accurate as you may fall foul of my policy of which tools are/are not permitted
I'd also like an explanation of why the same email was sent out to other people last week
In particular, that email requested US$200 or 150 pounds in UK money. But my estimate of the exchange rates says that $200 comes in at GBP 125. Now we all need to hedge our products against global exchange rates, but come on, this excessive for a 1 to 1 deal. Anyway, who keeps money in pounds? Or dollars? Even the Chinese government are having doubts there. Euros, but only the ones with german buildings on, not those with Greek, Portuguese or Irish artwork.
Finally, once you've convinced me that you aren't some idiot trying to scam me, then we can discuss the photographs, the documents and the code. But you'll have to justify why I should pay you anything given that the photos that are any good are up on flickr, the source is all open source stuff published to open source repositories or at least attached to JIRA issues. Text wise, again, nothing secret, there are some spreadsheets related to tax returns, but here's the thing there: they won't make sense to anyone but me. In fact, given I did the tax returns about three weeks ago, I don't think I'd understand them. The HMRC could have them, but as I sent them the 20 quid the spreadsheet says I owed them, I don't think they will care either.
Thank you! Looking forward to a productive discussion.
S.
-----Original Message----- From: Mike A Message-ID: In-Reply-To: <4d4d98b9.8927e30a.7acf.2e5bSMTPIN_ADDED@mx.google.com> References: <4d4d98b9.8927e30a.7acf.2e5bSMTPIN_ADDED@mx.google.com> Subject: Re: Notice MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Precedence: bulk X-Autoreply: yes Return-Path: mike_45a@sify.com To: Loughran, Steve Subject: Re: Notice Importance: High Hello. My name is Mike. Last week, one woman has contacted me and asked to hack your computer in order to get copies of certain interested her files. For showing your digital photos, text documents, e-mail messages, she promised to pay me 150 GBP. Yesterday I managed to hack your computer and now I have all copies of your files and messages, in 72 hours I will send this all to my client. And, perhaps the most important: if, among all those files and messages, there is nothing that could damage your reputation or cause any other unwanted consequences for you - just ignore this email. Otherwise, I'm sure we can agree on to keep your personal files and messages before I send them to my client. In order to do this, immediately contact me: stop_mike@Safe-mail.net ------------------------------