As part of my research project on cyber-crime and hacking I met online with a social engineer to get information on how social engineering or SE has become its own industry.
I found this social engineer who goes by the name Sasuke on Telegram. We talked about about the types of products SEs target, and why legal policy makes it difficult for companies to discriminate against SEs without hampering claims by legitimate customers.
We also talked about companies that were popular targets in the past such as Fitbit and ones that are popular now like Bose. He even spoke about a secret method for medical equipment with a retail value of $150,000.
Interview:
Philip:
Ok so you've been involved with social engineering?
Sasuke:
I was in the scene since 2017
I have been learning from people and their methods
Philip:
Was it easier in 2017?
Sasuke:
Mostly leeching was helpful
Very 😹
It is just "raped" now
Philip:
What kind of things did you SE back then?
Sasuke:
Logitech bulk, and mostly speakers
I was managing to bulk 43 LBS of Logitech headsets
Philip:
nice, did you need serial codes?
Sasuke:
Correct, I did need them
There were tools that had an algorithm for serials
Philip:
How did you get them?
oh nice so cracked serials
Sasuke:
Learning the algorithm
for example: Searching eBay and asking sellers for serial numbers
to "verify authenticity"
Philip:
this would be gravy train
Sasuke:
Not really
Philip:
no?
Sasuke:
Like for Bose
Let me show you
076742283000194AE
076742283000188AE
076742283000546AE
Check them
076742283000XXXAE is the pattern for advanced exchange serials.
Philip:
Is that for the sleepbuds that was popular to SE recently?
Sasuke:
Correct.
Philip:
advanced exchange?
Sasuke:
Yes, the company send a replacement first with a prepaid label, then you ship the product.
Philip:
It seemed as soon as Bose annouced a recall, people started targetting them. Is that a common thing? Look for recalls or common problems with a product and target that company?
Sasuke:
Correct
Philip:
but the SE person never send the original product back, since they never had it 😂
Sasuke:
Well, it was being first targeted by popular Social Engineering forum Incidious.se
They had the method in a specific tier
Philip:
I saw a guy from that forum who has been targetting Fitbit for years
Sasuke:
DarkPID is great too, but it is dying.
Philip:
Yet with Bose people are saying it became hard
Sasuke:
No skill people
Philip:
they have tier levels where you get access to different methods?
Sasuke:
I mean, he just bought the method trying to "rape" it
Yes sir.
As much as you constribute, the higher the tier you are.
Philip:
ohh k gotcha
Sasuke:
Elite had a $150,000 method posted by
Philip:
What makes it $150,000 ?
Like that's how much he made from it over a year??
Sasuke:
Secret, I don't know and it is private
He gave away the item as he claims
I assume it's medical equipment.
Philip:
Or he charges that much for the method?
Oh I think I understand
it is an item you can SE that is worth $150K normally?
Sasuke:
It is an exclusive method for Incidious Elite tier.
Yeah.
Philip:
Crazy
Sasuke:
Very
Philip:
What is the most expensive item you have heard SE'd that you can tell me?
Sasuke:
That
I have never seen something more than the $155,000
Philip:
I was told people do cars, but I'm not sure if it is really considered "SE" since the method involved creating a CPN and getting it financed.
Sasuke:
It is not.
That's credit apply
Philip:
CPN being a SSN that isn't your original for those reading, whole other topic
right
Sasuke:
Credit Privacy Number is CPN
I think we got off the topic
Philip:
agreed
Sasuke:
Let's get back to it
Philip:
Any other interesting items you've heard SE'd?
I guess some stuff could be worth good money but hard to sell
Sasuke:
I was able to SE Dell
Philip:
For computers?
Sasuke:
for an Alienware before
Yes.
Philip:
That is a high price item
Sasuke:
It was an Area 51 Maxed out
Philip:
Oh wow, how much would that retail for?
Sasuke:
Great laptop
I think 3-5k
Philip:
You had a serial number for one to do it?
Sasuke:
Depends on specs
Dell is service tag, I was the co owner of a service tag generator.
and Dell invoice grabber
Philip:
What is tag?
Sasuke:
7 characters
Random
Identifies your Dell product
Philip:
So fairly each to generate I guess?
Sasuke:
It is easy
Dell blocks + Has akamai + Requires an account to check
We had some problems and forced to shutdown the whole project
Philip:
Did they have akamai and that account requirment originally?
Sasuke:
Yes
Philip:
What made you have to shutdown?
Sasuke:
Cannot reveal.
Owner was
Philip:
Have you heard about the guy who apparently used free Google Mini codes to order 10,000 to a single address?
I heard there was a screenshot of a nasty email he got from Google going around. Not sure if it was real or fake.
Sasuke:
I have heard of it, I assume it's fake
I'll call that "clout chasing"
Philip:
People want to seem better at SE than they are to sell methods I guess?
Sasuke:
and 10,000 is an impossible number, that's already cops at your house while doing the 26th one
Selling methods doesn't mean you just can't do them anymore
We have our own private ones
Philip:
Do you think watching for companies doing recalls is a good method for identifying potential targets?
Sasuke:
That is correct
Philip:
I imagine the more people using a method the more likely it is that the company will change policy
Sasuke:
Bose is forced
Philip:
So could be risky selling a method if you're using it yourself
Sasuke:
Same for other companies
Buyers bought a product while the old policy was in use
They will get sued if they changed the policy
Philip:
Yet other companies seem to be SE'd for years. I was told the Fitbit method has been used since 2014.
That's basically 5 years
Sasuke:
and they are required to pay anyone damaged
Fitbit was cracked accounts with the device + serial
Philip:
So they had an account leak in 2014 but I see a guy selling Vera 2 which is the latest model.
Sasuke:
No
People were cracking accounts
for it then using them for the SE
Fitbit is dead now
Long dead buddy.
Philip:
OHH, I see so you can still crack accounts because people re-use passwords
Sasuke:
🤷♀
Fitbit is acquired by Google now
So good luck "raping" it again.
Philip:
Anything else hot right now that you can mention? Similiar to how Bose was.
Sasuke:
Actually really nothing.
Other than private companies
Philip:
meaning private methods, that aren't being shared?
Sasuke:
Made by you
Philip:
since if they get shared it will get shut down
Oh gotcha
Sasuke:
or shared to private groups
or specific people
Philip:
Ever had any close calls with getting caught doing it?
Sasuke:
Dell
But not going further into it
👀
If this interview was of interest to you, be sure to check out the early reader program for my book about cyber-crime.
Want to get in touch? You can find me on Twitter or email kirkins and gmail dot com.