Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "DBID Is Not Definitive When Used As An Identifier"] [Next entry: "PFCLATK - Audit Trail Toolkit - Checksums"]

3200 Clever hackers are in my PC; wow!!

Hackers are clever people; they must be to hack other people and take over their private data and steal identities and money. I have to draw the limit at the number of hackers who claim to be in my PC, since October 2018 this is now over 3200 of them. They claim to have videos of me watching websites i didn't visit. Even my main PC doesn't even have a webcam and my laptop usually has the webcam covered with a little blocker window so they must be fantastic hackers to be able to video with no webcam or with a cover over it. They claim to have videos of the victim and that they have installed backdoors in my PC and have access to all social media and email accounts and if you don't pay them large amounts of money via bitcoin they will send out the video to your contacts.

I have collected 3200 of these scam emails since October 2018 till now, mid May 2019 - thats 8 months so an average of 14 hackers a day in my PC. It's madness; these top hackers must actually struggle to not fall over each other when they exploit my PC and each of them has left a backdoor so there must be now 3200 backdoors in my PC; The emails are a joke and some are so badly written that the victim must struggle to actually understand what's beings said.

In the beginning most of these emails included a password. These people claim that they know my email password and in fact none these passwords were ever for my email and are in fact passwords used in various websites that must have been hacked over the years and published on various sites that list peoples passwords. None of the passwords shown are current for me and are actually from many years ago; some from 20 years ago.

The first emails were a little more convincing actually sent to pete at petefinnigan dot com but after a short while the attackers could not be bothered to even send a password that i may recognise. Also they started to send emails to random strings at my domain such asenssw at petefinnigan dot com. Some sent the sender address as the password and claimed that this shows how fantastic a hacker they are. Some simply sent from random most lily spoofed addresses. In the beginning they tried to be more professional and send from my own email address (spoofed of course) and include the password to show me how fantastic they are and how they must have my password to my email - actually it was a password from a website from 20 years ago not my email. I now even receive these same emails in German, Chinese and Russian.

Some have written that they have looked into the bit coin addresses and people do pay these emails. don't pay they are not real; they do not have videos of you. Based on fear; some people pay them. it is a probably a lucrative business generating thousands (millions) of emails and sending them out; a scatter gun approach.

The most interesting ones for me was a password that was more recent quoted in one of these emails - 7 years ago. I used that password only once; all my passwords are unique anyway. I knew i used it to buy one item on a website in the UK and never visited that website again. This password only showed up 4 times whilst others showed up hundreds and hundreds of times. The PC that this password was used on once has been long since gone years ago. It was never used on any current PC and can only ever have come from an attack of that companies website. I contacted them and let them know; they said they were looking into it and asked their web host to check but would not admit (or could find) a breach. It has to come from there as the PC that was used by me went 6 years ago and the password was used once.

This is an area of interest to me. I wrote a book published by Apress on Oracle Incident response and forensics last year and i have been involved in many breaches of Oracle databases in the aftermath and also in helping secure those databases. For me its always interesting to find evidence of a breach in an Oracle database and how the attacker got in, who were they connected as, what did they see and do, what could they have done with the rights they had with more skills and most importantly what was the range of the attack. When did it start and when did it end. what is usually interesting is that usually the attacks lasted much longer than the client thought; they may have believed that the breach stared a week or so ago but it started a year ago. Its also interesting to see patterns and evidence of multiple attackers in an Oracle database that has been breached; i have seen this many times and it has parallels with these ridiculous emails - if we were to believe them then i had 3200 attackers in my PC.. but in real life in Oracle databases its often possible to see that there indeed has been multiple attackers - we can see the style and the patterns to establish this.

I have also been involved in performing security audits of Oracle databases where the client was to aware they had been breached but i found evidence of breaches in the near and sometimes distant past.

So, 3200 hackers are not in my PC i would never have any resources left to use and there are not 3200 backdoors as each attacker would fall over each other to install 3200 backdoors in one PC; madness; but there are parallels to Oracle database breaches, evidence that points to the source of the leak - i.e. this site that i used once with one password. GDPR comes into play as well here!