string555
Banned
- 1,373
- Posts
- 6
- Years
- Age 32
- Wonderland
- Seen Mar 14, 2018
Back in the days when Myspace was still widely used, everyone knew who Tom was. He was the owner of Myspace. During those times when I was a teenager, I almost got into hacking, but I didn't really understand any of that stuff. I did, however, meet some people who knew a lot more than me. One friend, who we'll call PsuedoTom, noticed how simple the design of Tom's Myspace profile was. Surely it could be copied with ease.
So he looked at the real Tom's profile, and copied all the info from it into a new profile with his same name. It was all easy, except that the friends list on his profile just showed 1 friend, the real Tom. The comment section was also blank, that was no good. So, instead of writing code to fake those pieces, he just searched for an existing fake Tom profile to copy from. He told me there were many, he picked a good-looking one and pasted the code into his own fake profile. There it was, looked exactly like the real thing. The only thing that couldn't change was the URL for the page, but most people wouldn't notice that small of a detail.
PsuedoTom told me at first that he just used it to mess with people in chatrooms, but he got bored with that and got a little darker. He constructed a carefully designed message, I can't recall it exactly, but he told me it was something like this:
"Hello, there seems to be a problem with your profile. It's causing people with a certain web browser to crash. We need to fix this problem within 24 hours or your account will have to be deleted. The problem on your profile is preventing us from accessing your login information in the database, we need you to send it to us. You won't notice any problems while we are fixing your profile.
Thank you,
Tom"
Something like that. And so he sent it out to a few people here and there. I would have never though that anyone would fall for such a thing, but he told me that about 6/10 people he sent it to sent back their real login information. At first, he just messed with them in small ways, putting hidden comments on their profile. But, he got bored with that quickly, and so he got even darker again.
With some of them, he would wait until they were offline, than log in as them. He started cussing out the person's friends, going back and forth with it. If he saw that the person had a very large friend list, sometimes he would just delete the account entirely. I guess when someone that young gets that kind of power, it goes dark very quickly.
Then, there was one incident that ended up scaring him away from that world entirely. PsuedoTom realized that since Myspace used the person's email as their login name, maybe some of those passwords he collected might be the same for the actual email. He tried a few of them with no luck. Eventually, he came across the person we'll call "loveme". That was the person's Myspace password, it was also their email password. Once inside their email, PsuedoTom saw several other accounts. He went on those sites and tried their username with that same password, they all worked. The thing that really scared him away from those types of activities was when he saw loveme's banking info. He didn't touch anything with that, but this whole thing scared him. All he did was ask for a password, and it gave him that much access? There are some important lessons from this story:
1. Don't send your login information to anyone, no matter how much you think they are an admin.
2. Don't use the same password for every account. All it takes is one weak link and you're done for.
3. Don't use weak passwords. "loveme" is easy to memorize, but it could be cracked or even guessed with ease. And on that note, also don't use pet names or names of family members. Hell, don't even use words that have real meaning to you, because it would be easy to find out what someone's interests are. It might take a while to memorize a strong password, but it's worth the security. Password length is also important.
I lost contact with PsuedoTom years ago, but I know that he never did anything like that again. I saw him go down a dark path, but luckily he seemed to have found the light. Always protect your passwords!
-string555
So he looked at the real Tom's profile, and copied all the info from it into a new profile with his same name. It was all easy, except that the friends list on his profile just showed 1 friend, the real Tom. The comment section was also blank, that was no good. So, instead of writing code to fake those pieces, he just searched for an existing fake Tom profile to copy from. He told me there were many, he picked a good-looking one and pasted the code into his own fake profile. There it was, looked exactly like the real thing. The only thing that couldn't change was the URL for the page, but most people wouldn't notice that small of a detail.
PsuedoTom told me at first that he just used it to mess with people in chatrooms, but he got bored with that and got a little darker. He constructed a carefully designed message, I can't recall it exactly, but he told me it was something like this:
"Hello, there seems to be a problem with your profile. It's causing people with a certain web browser to crash. We need to fix this problem within 24 hours or your account will have to be deleted. The problem on your profile is preventing us from accessing your login information in the database, we need you to send it to us. You won't notice any problems while we are fixing your profile.
Thank you,
Tom"
Something like that. And so he sent it out to a few people here and there. I would have never though that anyone would fall for such a thing, but he told me that about 6/10 people he sent it to sent back their real login information. At first, he just messed with them in small ways, putting hidden comments on their profile. But, he got bored with that quickly, and so he got even darker again.
With some of them, he would wait until they were offline, than log in as them. He started cussing out the person's friends, going back and forth with it. If he saw that the person had a very large friend list, sometimes he would just delete the account entirely. I guess when someone that young gets that kind of power, it goes dark very quickly.
Then, there was one incident that ended up scaring him away from that world entirely. PsuedoTom realized that since Myspace used the person's email as their login name, maybe some of those passwords he collected might be the same for the actual email. He tried a few of them with no luck. Eventually, he came across the person we'll call "loveme". That was the person's Myspace password, it was also their email password. Once inside their email, PsuedoTom saw several other accounts. He went on those sites and tried their username with that same password, they all worked. The thing that really scared him away from those types of activities was when he saw loveme's banking info. He didn't touch anything with that, but this whole thing scared him. All he did was ask for a password, and it gave him that much access? There are some important lessons from this story:
1. Don't send your login information to anyone, no matter how much you think they are an admin.
2. Don't use the same password for every account. All it takes is one weak link and you're done for.
3. Don't use weak passwords. "loveme" is easy to memorize, but it could be cracked or even guessed with ease. And on that note, also don't use pet names or names of family members. Hell, don't even use words that have real meaning to you, because it would be easy to find out what someone's interests are. It might take a while to memorize a strong password, but it's worth the security. Password length is also important.
I lost contact with PsuedoTom years ago, but I know that he never did anything like that again. I saw him go down a dark path, but luckily he seemed to have found the light. Always protect your passwords!
-string555
