From: security curmudgeon (jericho@attrition.org)
To: Todd Shriber (nascar24_08530@yahoo.com)
Date: Wed, 9 Aug 2006 16:01:58 -0400 (EDT)
Subject: Re: Question for you or other Attrition members


: Lyger - I came across Attrition.org for the first time. I enjoyed the
: site though I am not an expert with computers. That brings me to my next
: point: I need to urgently make contact with a hacker that would be
: interested in doing a one-time job for me. The pay would be good. I'm
: not sure what exactly the job would entail with respect to computer
: jargon, but I can go into rough detail upon making contact with a
: candidate. Thanks for your help.

Need more details to have an idea what you need done..

From: security curmudgeon (jericho@attrition.org)
To: Todd Shriber (nascar24_08530@yahoo.com)
Date: Wed, 9 Aug 2006 16:34:23 -0400 (EDT)
Subject: Re: Question for you or other Attrition members


: Would it be possible for us to discuss over the phone? I assure you the
: job wouldn't be anything like invading a government mainframe for
: classified documents or stealing money from a bank. Rather it'd be a
: modification of some personal data. I can provide a phone number if that
: is OK. If not, we can continue email correspondence.

Phone is bad.

From: security curmudgeon (jericho@attrition.org)
To: Todd Shriber (nascar24_08530@yahoo.com)
Date: Wed, 9 Aug 2006 17:01:49 -0400 (EDT)
Subject: Re: Question for you or other Attrition members


On Wed, 9 Aug 2006, Todd Shriber wrote:

: OK here it is: I need an adjustment to my college GPA. Is this an absurd
: request?

Absurd no, difficult yes. Really depends on the college, security in
place, the amount of databases required to truly update, log servers to
compromise to remove evidence, type of access required to access the
systems (internet? LAN? dialup? carrier pigeon?), and a dozen other
things that come into play.

From: security curmudgeon (jericho@attrition.org)
To: Todd Shriber (nascar24_08530@yahoo.com)
Date: Wed, 9 Aug 2006 17:13:42 -0400 (EDT)
Subject: Re: Question for you or other Attrition members


: What would you or anyone else need from me to see if you could it?

For starters, college name, full name, and whatever number they track you
by. Student ID or SS# or whatever else.

And, are there pigeons on campus?

From: security curmudgeon (jericho@attrition.org)
To: Todd Shriber (nascar24_08530@yahoo.com)
Date: Wed, 9 Aug 2006 17:23:07 -0400 (EDT)
Subject: Re: Question for you or other Attrition members


: I can supply all that. Forgive what I assume is dumb question, but what
: are pigeons? I know you're not talking about the bird.

Actually I am.

From: security curmudgeon (jericho@attrition.org)
To: Todd Shriber (nascar24_08530@yahoo.com)
Date: Wed, 9 Aug 2006 17:30:44 -0400 (EDT)
Subject: Re: Question for you or other Attrition members

: Wow, I feel dumb now. I honestly cannot rember if there were pigeons on
: campus or not. A lot of crazy squirrels, but I can't remember pigeons.
: Just for my own edification, why do you need to know that? I'll find out
: for you.

Hey, squirrels work fine. First, let's be clear. You are soliciting me to
break the law and hack into a computer across state lines. That is a
federal offense and multiple felonies. Obviously I can't trust anyone and
everyone that mails such a request, you might be an FBI agent, right?

So, I need three things to make this happen:

1. A picture of a squirrel or pigeon on your campus. One close-up, one
with background that shows buildings, a sign, or something to indicate you
are standing on the campus.

2. The information I mentioned so I can find the records once I get into
the database.

3. Some idea of what I get for all my trouble.

From: security curmudgeon (jericho@attrition.org)
To: Todd Shriber (nascar24_08530@yahoo.com)
Date: Wed, 9 Aug 2006 18:01:40 -0400 (EDT)
Subject: Re: Question for you or other Attrition members


: OK. The pictures might take me a little while as I've been out of school
: for a few years and I don't live in that state anymore. I will supply

What state do you live in, and what college is it? The picture can still
work wherever you are. Main thing is to prove to a degree who you are,
that you can do something unique and quickly, etc.

: the other info with the pictures unless you request otherwise. What is a

Rest of the information is required to find the right record.

: typical fee for this kind of work? Understanding the risk involved to
: both of us, I want to adequately take care of you, but I'd also like to
: know if you've ever performed a similiar task before. A simple yes or no
: would suffice,I don't need or want details. Most importantly, as I'm
: sure you have the skill, but do you have the necessary technology to do
: this without drawing attention to either of us?

I have. Fee is based on time and that all depends on what I run into on
their network. So many variables in this it's impossible to say without
snooping.

If attention comes down, remember that we're both equally liable in the
actions. I'd rather not go to prison, you? I'll use some snazzy IDS
evasion techniques, spoof my IP, use my neighbor's wireless, send decoy
packets from a BitTorrent network, use some old PBX tricks to make them
think it is an internal job and more. Think of all the stuff you see in
the movies, but better.

From: security curmudgeon (jericho@attrition.org)
To: Todd Shriber (nascar24_08530@yahoo.com)
Date: Wed, 9 Aug 2006 18:11:59 -0400 (EDT)
Subject: Re: Question for you or other Attrition members


: Prison most certainly is not an option, so we are in agreement there. I
: assume the quicker you can do this the better?

Is there another time frame involved that I need to be aware of? This
isn't a "flip a switch" type process.

: Is there anything I can give you in the meantime that would allow you to
: snoop so that you have an idea of what you're up against and I have an
: idea of a fee? In a perfect world, I'd like this to happen without them
: even knowing you were there. Is that possible?

Everything is possible. I need college name, your full name, and whatever
ID they track students by for starters. While I poke around, you work on
the picture, and I need it in a few hours to make sure there is a level of
trust between us.

From: security curmudgeon (jericho@attrition.org)
To: Todd Shriber (nascar24_08530@yahoo.com)
Date: Wed, 9 Aug 2006 18:51:26 -0400 (EDT)
Subject: Re: Question for you or other Attrition members


: I don't live near the college anymore, I'm 1,000 miles away. Is there
: some other sign of trust I can extend to you or should I wait a few
: weeks and travel to my school and get these pictures?

A picture of a squirrel or pigeon near where you live is fine. One close
up, one from the distance enough so there are buildings or anything to
help identify the location of where the pic was taken from.

From: security curmudgeon (jericho@attrition.org)
To: Todd Shriber (nascar24_08530@yahoo.com)
Date: Wed, 9 Aug 2006 18:56:28 -0400 (EDT)
Subject: Re: Question for you or other Attrition members


: Ok. I may not be able to get them to you tonight, but I'll get them to
: you tomorrow. (I don't own a camera, so I'll have to borrow one from a
: friend) I'll send them tomorrow along with the other info. Is this
: agreeable to you?

Mail me when you have it. I will give some additional details about the
picture requirement.

From: security curmudgeon (jericho@attrition.org)
To: Todd Shriber (nascar24_08530@yahoo.com)
Date: Wed, 9 Aug 2006 19:12:57 -0400 (EDT)
Subject: Re: Question for you or other Attrition members


: Ok. How does tomorrow afternoon work for you?

I should be here.

From: security curmudgeon (jericho@attrition.org)
To: Todd Shriber (nascar24_08530@yahoo.com)
Date: Tue, 15 Aug 2006 16:04:46 -0400 (EDT)
Subject: Re: pictures


: I hope these work, there's no pigeons, but some of other birds and a
: couple with a squirrel. Let me know how to proceed from here. I think
: there's a way to verify that I took these yesterday...

Unfortunate that there are no pigeons but this works nicely and proves to
us that you are legit. Thanks for taking the time, it is very important
for everyone's safety.

Next step, mail lyger@attrition.org who will do that actual work this
time. His schedule is clear this week while I am out of town helping a
few other people with various things. He will need some basic info that I
mentioned like which school, some way to identify you (student id # for
example) and any time frame you are under. I have sent him a heads up so
don't worry about any formality, just make sure your subject is "the
squirrels are nice here" and he will understand.

From: lyger (lyger@attrition.org)
To: Todd Shriber (nascar24_08530@yahoo.com)
Bcc: security curmudgeon (jericho@attrition.org)
Date: Wed, 16 Aug 2006 18:26:39 -0400 (EDT)
Subject: Re: the squirrels are nice here...


On Wed, 16 Aug 2006, Todd Shriber wrote:

": " Lyger -
": " Jericho told me to contact you regarding the job I'd
": " like you guys to work on for me. My school is Texas
": " Christian University. www.tcu.edu
": " My student ID is 1XXXXXXXX
": " To view my transcript, the username is TXXXXXXXX and
": " the password is tXXXXXXX

Todd,

Couple of things to note:

1.  Even though many universities are moving away from using Social
Security numbers as student IDs, those same universities rarely purge all
SSN records from their databases.  In order to find certain records, it
would be easier and faster if we had that record as well as a date of
birth (DOB) as potential query items.

2.  As Jericho has probably already mentioned, we would be assuming
some risk with this project.  In general, universities have less
secure networks than, say, the Department of Defense, but we still have to
take unique precautions in order to be successful.  Please mention this
project to absolutely nobody, even your closest friends.  The smallest
leak could lead to compromise.

": " For now, I'd like it if you could "snoop" around and
": " assess the job's cost, difficulty, probablity of
": " success and risk. I'm not under a huge time constraint
": " here, so you don't need to do the actual job this
": " week. I'd just like to know what I'll need to set
": " aside in the way of fair compensation and what you'll
": " actually be able to accomplish for me with the least
": " amount of risk.

Please allow a couple of days for us to do what we do, and we'll be back
in touch.

": " I assume I will have to let you know at some point
": " exactly what I'd like you to change, etc? We can go
": " over that once you get back to me.

Sounds fair.

From: lyger (lyger@attrition.org)
To: Todd Shriber (nascar24_08530@yahoo.com)
Bcc: security curmudgeon (jericho@attrition.org)
Date: Sat, 19 Aug 2006 20:32:28 -0400 (EDT)
Subject: Re: the squirrels are nice here...


Todd,

We'll make a quick recon run late tonight and let you know how it goes.
Any other information or tips, please let us know in the next few hours.

Lyger

From: lyger (lyger@attrition.org)
To: Todd Shriber (nascar24_08530@yahoo.com)
Bcc: security curmudgeon (jericho@attrition.org)
Date: Wed, 23 Aug 2006 18:59:18 -0400 (EDT)
Subject: Re: the squirrels are nice here...


On Wed, 23 Aug 2006, Todd Shriber wrote:

": " Any news Lyger? Do you need anything else from me at
": " this point? Just let me know when you get a chance.
": " Thanks -- Todd

Todd,

Shouldn't need anything else.  Have had a chance to set up a couple of
IDS/IPS evasion bots, perimeter scanning came up clean.  Small SQL
injection issue merged with XSS shows that the backend database may be
either 768-bit encrypted or a simple 3DES matter, but a little more time
should take care of that issue.  Once the tables are writable to sa,
should be ready to jump in and jump out with no problem.  One of their
systems caught an early sniff, but was shut down with a smurf.

Any questions, let me know.  Another 4-6 hours will tell more.

From: lyger (lyger@attrition.org)
To: Todd Shriber (nascar24_08530@yahoo.com)
Bcc: security curmudgeon (jericho@attrition.org)
Date: Fri, 25 Aug 2006 13:10:54 -0400 (EDT)
Subject: Re: the squirrels are nice here...


On Thu, 24 Aug 2006, Todd Shriber wrote:

": " Thanks for the update, Lyger. I likely won't be near a
": " computer again for about ten hours (at least), but let
": " me know if I should start making a list of the changes
": " I want made for you and I'll get it back to you when
": " I'm near a computer again. Thanks - Todd

Todd,

Had a long night of it, but looks like everything is just about ready.
We have replicated hosts set up for MITM and alternate methods of
spoofing.  When the front-end traversals are complete, the back-end
injection process should be fairly simple.  Make your list and check it
twice, because we should be able to hole-shot this once the hashes match.
Any more questions, speak now or forever hold your..

Lyger

From: lyger (lyger@attrition.org)
To: Todd Shriber (nascar24_08530@yahoo.com)
Bcc: security curmudgeon (jericho@attrition.org)
Date: Sun, 27 Aug 2006 03:15:31 -0400 (EDT)
Subject: Re: the squirrels are nice here...


On Sat, 26 Aug 2006, Todd Shriber wrote:

": " I'll take a quick look on Saturday and get the changes
": " to you immediately following that. Let me know if it's
": " OK for me to log into that site.

todd... no more.. omfg we are SO busted.. fuck fuck fuck FUCK FUCK
everything was PERFECT until their night noc ran a reverse udp traceroute
back to one of the hosts we had set up  after that, straight DOWNHILL.
i've already been called twice by my isp asking about unusual activity,
some other shit about access attempts to a federally monitored system they
have everything in logs including the rot-26 stuff that finally got me
access all goes back to your login sorry i really fucked up BAD

theyre prob gonna end up calling you since they have your info just duck
and run if you can, i'm going deep underground if they ask about me or
attrition we don't know each other you know youre just as guilty and
liable so when they come knocking dont say anything without a lawyer and
when you ask them to put the gun down say it nice because that shit isnt
fun

man dont even visit attrition.org again theyre trying to check web logs
one last email should be ok but we're so fucked sorry