Email or username:

Password:

Forgot your password?
r000t's posts Post Back to profile
r000t

The child who swatted me hundreds of times, issued bomb threats to commercial airlines, and DDoS'd PSN and XBL during Christmas of 2014 now has an international warrant out for his arrest.

This time, he extorted tens of thousands of psychotherapy patients, threatening to release their private therapy notes if they did not pay a ransom.

But check out how he got caught... He accidentally uploaded his entire home folder to the darknet forum he was using. Whoopsie!
8 Nov 2022 at 16:01 | Open on infosec.exchange
15 comments
Ryan Basden

@r000t Is that the same kid who was in LizardSquad and was like 12?

8 Nov 2022 at 16:05 | Open on infosec.exchange
ayla :unverified:

@rybaz @r000t I’m pretty sure it is. He made some tweets the other day I think trying to claim innocence(?)

8 Nov 2022 at 16:06 | Open on infosec.exchange
r000t
Mobius

@r000t Noob mistake expected of a script kiddie. Glad to hear he's toast! I detest ransom extortionists!

8 Nov 2022 at 16:08 | Open on toot.community
null
the grugq

@r000t @gossithedog I wonder how much benefit he would’ve gained from HashKnownHosts? Of course, config would’ve been an issue anyway, and probably ~/.bash_history

As usual, the core failure was a compartmentation failure. Using a personal device to do crimes is not smart.

Humans make mistakes. Build security to work even when the user isn’t perfect.

8 Nov 2022 at 16:27 | Open on infosec.exchange
:gnu: bonifartius 𒂼𒄄

@r000t why are therapy notes stored online in finland and who thinks having these things stored in a central place is fine?

8 Nov 2022 at 16:38 | Open on qoto.org
:gnu: bonifartius 𒂼𒄄

@r000t i mean.. it really sucks for the people whose stuff is now online, but it shouldn't have been in a central system in the first place. the people who design those things are as guilty as the one who hacked it and leaked it imho. it's text book negligence..

8 Nov 2022 at 17:03 | Open on qoto.org
r000t

@bonifartius
1) I believe it was a private firm, like Talkspace or BetterHelp.

2) The firm was breached in 2018 and kept it under wraps for over a year and a half. This would be a fucking crime in America, under HIPAA.

8 Nov 2022 at 17:09 | Open on infosec.exchange
Something Someone

@bonifartius @r000t in Turkey, this is seen as something normal, since almost everything have moved to online central systems. i am not saying this is bad but i am not sure if there are strict protections in place. also all hospitals have their own servers connected to main server for health data which,,, every note about patient no matter the case, are recorded and sent to servers.

8 Nov 2022 at 18:15 | Open on mastodon.social
r000t

@erdh
Fun fact: Those federate, too! Literally just like Mastodon.
@bonifartius

8 Nov 2022 at 18:43 | Open on infosec.exchange
Something Someone

@r000t @bonifartius oh i didn't knew that hospitals' servers federate too in Turkey, i thought that data transmission was like: hospital 1 > e-nabız > hospital 2. that was also interesting to know about. as i far know, servers still have to report to e-nabız but bypassing e-nabız is faster and nicer too.

8 Nov 2022 at 18:49 | Open on mastodon.social
r000t

@erdh
Ah, it might be different in Turkey. Remember, everything about healthcare in the US is ass backwards.
@bonifartius

8 Nov 2022 at 18:55 | Open on infosec.exchange
Mika

@bonifartius @r000t The former CEO of the company has been charged with data protection offences.
yle.fi/news/3-12641083

8 Nov 2022 at 18:20 | Open on infosec.exchange
Go Up