Interview with a Social Engineer - Getting Free Product from Fitbits to $150,000 Medical Equipment

in #hacking5 years ago

As part of my research project on cyber-crime and hacking I met online with a social engineer to get information on how social engineering or SE has become its own industry.

Social Engineering

I found this social engineer who goes by the name Sasuke on Telegram. We talked about about the types of products SEs target, and why legal policy makes it difficult for companies to discriminate against SEs without hampering claims by legitimate customers.

We also talked about companies that were popular targets in the past such as Fitbit and ones that are popular now like Bose. He even spoke about a secret method for medical equipment with a retail value of $150,000.

Interview:


Philip:
Ok so you've been involved with social engineering?

Sasuke:
I was in the scene since 2017

I have been learning from people and their methods

Philip:
Was it easier in 2017?

Sasuke:
Mostly leeching was helpful

Very 😹

It is just "raped" now

Philip:
What kind of things did you SE back then?

Sasuke:
Logitech bulk, and mostly speakers

I was managing to bulk 43 LBS of Logitech headsets

Philip:
nice, did you need serial codes?

Sasuke:
Correct, I did need them

There were tools that had an algorithm for serials

Philip:
How did you get them?

oh nice so cracked serials

Sasuke:
Learning the algorithm

for example: Searching eBay and asking sellers for serial numbers

to "verify authenticity"

Philip:
this would be gravy train

Sasuke:
Not really

Philip:
no?

Sasuke:
Like for Bose

Let me show you

076742283000194AE
076742283000188AE
076742283000546AE

Check them

076742283000XXXAE is the pattern for advanced exchange serials.

Philip:
Is that for the sleepbuds that was popular to SE recently?

Sasuke:
Correct.

Philip:
advanced exchange?

Sasuke:
Yes, the company send a replacement first with a prepaid label, then you ship the product.

Philip:
It seemed as soon as Bose annouced a recall, people started targetting them. Is that a common thing? Look for recalls or common problems with a product and target that company?

Sasuke:
Correct

Philip:
but the SE person never send the original product back, since they never had it 😂

Sasuke:
Well, it was being first targeted by popular Social Engineering forum Incidious.se

They had the method in a specific tier

Philip:
I saw a guy from that forum who has been targetting Fitbit for years

Sasuke:
DarkPID is great too, but it is dying.

Philip:
Yet with Bose people are saying it became hard

Sasuke:
No skill people

Philip:
they have tier levels where you get access to different methods?

Sasuke:
I mean, he just bought the method trying to "rape" it

Yes sir.

As much as you constribute, the higher the tier you are.

Philip:
ohh k gotcha

Sasuke:
Elite had a $150,000 method posted by

Philip:
What makes it $150,000 ?

Like that's how much he made from it over a year??

Sasuke:
Secret, I don't know and it is private

He gave away the item as he claims

I assume it's medical equipment.

Philip:
Or he charges that much for the method?

Oh I think I understand

it is an item you can SE that is worth $150K normally?

Sasuke:
It is an exclusive method for Incidious Elite tier.

Yeah.

Philip:
Crazy

Sasuke:
Very

Philip:
What is the most expensive item you have heard SE'd that you can tell me?

Sasuke:
That

I have never seen something more than the $155,000

Philip:
I was told people do cars, but I'm not sure if it is really considered "SE" since the method involved creating a CPN and getting it financed.

Sasuke:
It is not.

That's credit apply

Philip:
CPN being a SSN that isn't your original for those reading, whole other topic

right

Sasuke:
Credit Privacy Number is CPN

I think we got off the topic

Philip:
agreed

Sasuke:
Let's get back to it

Philip:
Any other interesting items you've heard SE'd?

I guess some stuff could be worth good money but hard to sell

Sasuke:
I was able to SE Dell

Philip:
For computers?

Sasuke:
for an Alienware before

Yes.

Philip:
That is a high price item

Sasuke:
It was an Area 51 Maxed out

Philip:
Oh wow, how much would that retail for?

Sasuke:
Great laptop

I think 3-5k

Philip:
You had a serial number for one to do it?

Sasuke:
Depends on specs

Dell is service tag, I was the co owner of a service tag generator.

and Dell invoice grabber

Philip:
What is tag?

Sasuke:
7 characters

Random

Identifies your Dell product

Philip:
So fairly each to generate I guess?

Sasuke:
It is easy

Dell blocks + Has akamai + Requires an account to check

We had some problems and forced to shutdown the whole project

Philip:
Did they have akamai and that account requirment originally?

Sasuke:
Yes

Philip:
What made you have to shutdown?

Sasuke:
Cannot reveal.

Owner was

Philip:
Have you heard about the guy who apparently used free Google Mini codes to order 10,000 to a single address?

I heard there was a screenshot of a nasty email he got from Google going around. Not sure if it was real or fake.

Sasuke:
I have heard of it, I assume it's fake

I'll call that "clout chasing"

Philip:
People want to seem better at SE than they are to sell methods I guess?

Sasuke:
and 10,000 is an impossible number, that's already cops at your house while doing the 26th one

Selling methods doesn't mean you just can't do them anymore

We have our own private ones

Philip:
Do you think watching for companies doing recalls is a good method for identifying potential targets?

Sasuke:
That is correct

Philip:
I imagine the more people using a method the more likely it is that the company will change policy

Sasuke:
Bose is forced

Philip:
So could be risky selling a method if you're using it yourself

Sasuke:
Same for other companies

Buyers bought a product while the old policy was in use

They will get sued if they changed the policy

Philip:
Yet other companies seem to be SE'd for years. I was told the Fitbit method has been used since 2014.

That's basically 5 years

Sasuke:
and they are required to pay anyone damaged

Fitbit was cracked accounts with the device + serial

Philip:
So they had an account leak in 2014 but I see a guy selling Vera 2 which is the latest model.

Sasuke:
No

People were cracking accounts

for it then using them for the SE

Fitbit is dead now

Long dead buddy.

Philip:
OHH, I see so you can still crack accounts because people re-use passwords

Sasuke:
🤷‍♀

Fitbit is acquired by Google now

So good luck "raping" it again.

Philip:
Anything else hot right now that you can mention? Similiar to how Bose was.

Sasuke:
Actually really nothing.

Other than private companies

Philip:
meaning private methods, that aren't being shared?

Sasuke:
Made by you

Philip:
since if they get shared it will get shut down

Oh gotcha

Sasuke:
or shared to private groups

or specific people

Philip:
Ever had any close calls with getting caught doing it?

Sasuke:
Dell

But not going further into it

👀


If this interview was of interest to you, be sure to check out the early reader program for my book about cyber-crime.


Want to get in touch? You can find me on Twitter or email kirkins and gmail dot com.