• When you click on links to various merchants on this site and make a purchase, this can result in this site earning a commission. Affiliate programs and affiliations include, but are not limited to, the eBay Partner Network.

Chuck Got Hacked and He's Not Happy
2 2

Started by Pirate,

90 posts in this topic

Pirate

Pirate

Posted
Posted

Chuck got hacked with a DOS and he's not happy.  He has already contacted authorities and is going ahead with a civil lawsuit against the hackers for all the business lost.  1000 computers were used against him.  Good luck with that chuckles   This guy is a load of fun to read.  

Link to comment
Share on other sites
Pirate

Pirate

Posted
  • Author
Posted
3 minutes ago, Pontoon said:

But is he going to have a Hacking Sale to commemorate?

He extended his Halloween Code Word Sale.  Next it will be the Hacking Legal Fund.  Suing Russia is expensive

Link to comment
Share on other sites
BlowUpTheMoon

BlowUpTheMoon

Posted
Posted
Mile High Comics Website Attacked - HALLOWEEN Codeword Extended

Howdy!

I thought that you might like to know that someone tried to put us out of business on Monday. Right after my newsletter was released in which I urged everyone to please try to find the time to vote in next Tuesday's election, our server began experiencing a flood of false information requests in what is called a "Denial of Service" attack. Over 1,000computers were used in this coordinated effort to overwhelm our incoming Internet "pipe", and the internal computing capacity of our servers.

102918chuckvotesm.jpg
Vote poster

If you tried to access our website on Monday evening, Tuesday, or Wednesdaymorning, you would have seen that this attack was successful, as our website was totally unavailable. Blessedly, the tech professionals at our Internet Service Provider have dealt with this craziness before with some of their other clients, and knew how to remedy the problem. They are also very well connected with the law enforcement community, so we are optimistic that the perpetrator will be identified, and eventually charged with a Federal crime. Given that our business was harmed significantly, we will also file a civil suit. Interfering with Interstate Commerce is a truly unwise thing for someone to do.

Link to comment
Share on other sites
bc

bc

Posted
Posted

A Distributed Denial of Services (DDOS) took his site out for 3 days? The ISP must have some old gear/software as this kind of attack is readily known and can be mitigated/prevented in numerous ways.

This isn't a "hack" as no data was breached (at least that has not been mentioned). It simply stops others from accessing a web site by flooding it with requests.

Someone must be very unhappy with Mile High to coordinate a 1000 device DDOS campaign against them, maybe the Code Word didn't work for them?

Or was it the Russians????

Link to comment
Share on other sites
theCapraAegagrus

theCapraAegagrus

Posted
Posted (edited)

I call BS. What is his verification for "over 1,000 computers" being used..? Does he also work for or know the Attorney General? How can he be so certain that they'll be charged with a Federal Crime..? This guy's stuff stinks real bad. I'm not convinced in the slightest. He must've paid his internet bill late and needed a few days to make the ISP whole. Loser.

Edit: Also, is he calling the information being requested false, or the inquiries being false? Because neither of these are true. This guy doesn't know anything about computers, networks, information, or life...

Edited by TwoPiece
Questions raised.
Link to comment
Share on other sites
bc

bc

Posted
Posted
15 minutes ago, TwoPiece said:

I call BS. What is his verification for "over 1,000 computers" being used..? Does he also work for or know the Attorney General? How can he be so certain that they'll be charged with a Federal Crime..? This guy's stuff stinks real bad. I'm not convinced in the slightest. He must've paid his internet bill late and needed a few days to make the ISP whole. Loser.

Edit: Also, is he calling the information being requested false, or the inquiries being false? Because neither of these are true. This guy doesn't know anything about computers, networks, information, or life...

A competent ISP would have firewall/ADC logs of the source IP addresses performing the DDOS attack . Those addresses could be easily counted to get an idea of the magnitude.

This is not meant to justify his statement or the other questions you raise.

Link to comment
Share on other sites
N e r V

N e r V

Posted
Posted
30 minutes ago, TwoPiece said:

I call BS. What is his verification for "over 1,000 computers" being used..? Does he also work for or know the Attorney General? How can he be so certain that they'll be charged with a Federal Crime..? This guy's stuff stinks real bad. I'm not convinced in the slightest. He must've paid his internet bill late and needed a few days to make the ISP whole. Loser.

Edit: Also, is he calling the information being requested false, or the inquiries being false? Because neither of these are true. This guy doesn't know anything about computers, networks, information, or life...

 

9 minutes ago, bc said:

A competent ISP would have firewall/ADC logs of the source IP addresses performing the DDOS attack . Those addresses could be easily counted to get an idea of the magnitude.

This is not meant to justify his statement or the other questions you raise.

I’m sure he’d tell both of you “many people are saying this...” :devil:

Link to comment
Share on other sites
revat

revat

Posted
Posted
3 minutes ago, bc said:
23 minutes ago, TwoPiece said:

I call BS. What is his verification for "over 1,000 computers" being used..? Does he also work for or know the Attorney General? How can he be so certain that they'll be charged with a Federal Crime..? This guy's stuff stinks real bad. I'm not convinced in the slightest. He must've paid his internet bill late and needed a few days to make the ISP whole. Loser.

Edit: Also, is he calling the information being requested false, or the inquiries being false? Because neither of these are true. This guy doesn't know anything about computers, networks, information, or life...

A competent ISP would have firewall/ADC logs of the source IP addresses performing the DDOS attack . Those addresses could be easily counted to get an idea of the magnitude.

This is not meant to justify his statement or the other questions you raise.

I don't mean to sound too dumb OR too smart with this question, but isn't it somewhat common practice for sophisticated people trying to perpetrate internet 'attacks' to rout those attacks through multiple ISP's to obfuscate the true source of the attack?  I think some ISP's or computers might be 'used' without the knowledge of the people using those ISP's.  I'm not sure if this goes to Chuck's point or anyone else's.  I don't think it was like 1,000 people sitting at 1,000 individual computers purposefully trying to take Chuck down, but it does seem possible that 1,000 computers were 'used', depending on the definition.  And there's also a high percentage chance that Chuck did not completely understand the explanation given him AND that he utilized some hyperbole/embellishment. 

If I were him, I would not have commented even this much, for fear of publicly misstating some material fact, therefore hurting my chances in the lawsuit/prosecution to follow. 

My statement would have been this: "Our Milehigh website was the victim of a cyberattack, which left our servers and website down for XXXX time.  We are happy and relieved to tell you that we are back online now, and ready help you, our loyal customers, get the comic books you need.  We want to thank our ISP providers and law enforcement for their hard work to get our business online again.  We will pursue all civil and criminal action against the perpetrators of this vicious attack.  We want to make it very clear that at no point was the personal or financial information of any of our customers vulnerable during this cyberattack (if this is true).  Again, thanks for your patience, your kind words, and thank you for choosing to shop with Milehigh."

Link to comment
Share on other sites
Dick Pontoon

Dick Pontoon

Posted
Posted
4 minutes ago, revat said:

I don't mean to sound too dumb OR too smart with this question, but isn't it somewhat common practice for sophisticated people trying to perpetrate internet 'attacks' to rout those attacks through multiple ISP's to obfuscate the true source of the attack?  I think some ISP's or computers might be 'used' without the knowledge of the people using those ISP's.  I'm not sure if this goes to Chuck's point or anyone else's.  I don't think it was like 1,000 people sitting at 1,000 individual computers purposefully trying to take Chuck down, but it does seem possible that 1,000 computers were 'used', depending on the definition.  And there's also a high percentage chance that Chuck did not completely understand the explanation given him AND that he utilized some hyperbole/embellishment. 

Or possibly even complete and utter fabrication.

Link to comment
Share on other sites
theCapraAegagrus

theCapraAegagrus

Posted
Posted (edited)
6 minutes ago, revat said:

I don't mean to sound too dumb OR too smart with this question, but isn't it somewhat common practice for sophisticated people trying to perpetrate internet 'attacks' to rout those attacks through multiple ISP's to obfuscate the true source of the attack?  I think some ISP's or computers might be 'used' without the knowledge of the people using those ISP's.  I'm not sure if this goes to Chuck's point or anyone else's.  I don't think it was like 1,000 people sitting at 1,000 individual computers purposefully trying to take Chuck down, but it does seem possible that 1,000 computers were 'used', depending on the definition.  And there's also a high percentage chance that Chuck did not completely understand the explanation given him AND that he utilized some hyperbole/embellishment. 

If I were him, I would not have commented even this much, for fear of publicly misstating some material fact, therefore hurting my chances in the lawsuit/prosecution to follow. 

My statement would have been this: "Our Milehigh website was the victim of a cyberattack, which left our servers and website down for XXXX time.  We are happy and relieved to tell you that we are back online now, and ready help you, our loyal customers, get the comic books you need.  We want to thank our ISP providers and law enforcement for their hard work to get our business online again.  We will pursue all civil and criminal action against the perpetrators of this vicious attack.  We want to make it very clear that at no point was the personal or financial information of any of our customers vulnerable during this cyberattack (if this is true).  Again, thanks for your patience, your kind words, and thank you for choosing to shop with Milehigh."

It's more common practice to use methods that generate multiple addresses on a single machine to give the appearance of many machines. I could generate thousands of seemingly "separate" attacks on an 8-cluster supercomputer (homemade).

IMO, he should just admit that he forgot to pay his cable bill. I've done it.

Edited by TwoPiece
Typos.
Link to comment
Share on other sites
bc

bc

Posted
Posted
Just now, revat said:

I don't mean to sound too dumb OR too smart with this question, but isn't it somewhat common practice for sophisticated people trying to perpetrate internet 'attacks' to rout those attacks through multiple ISP's to obfuscate the true source of the attack?  I think some ISP's or computers might be 'used' without the knowledge of the people using those ISP's.  I'm not sure if this goes to Chuck's point or anyone else's.  I don't think it was like 1,000 people sitting at 1,000 individual computers purposefully trying to take Chuck down, but it does seem possible that 1,000 computers were 'used', depending on the definition.  And there's also a high percentage chance that Chuck did not completely understand the explanation given him AND that he utilized some hyperbole/embellishment. 

Yes, it is very common practice to utilize multiple attack vectors; hence the Distributed version of a DOS event. And yes, the owners of the networks or devices are very likely unaware that their property was used.

Either way, Mile High's ISP should still have a log of addresses that were accessing his site. That ISP will contact the local FBI if they follow any security requirements (HiTrust, HIPAA, NIST-800-171, ISO9000, PCI-DSS etc.). That is standard practice for almost any cyber-security event.

Baby monitors have been used in DDOS attacks in the past. All it takes is a small bit of code on an internet-connected device that can be remotely activated.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
2 2
Go to topic listing