In the world of hacking, labels such as black hat, grey hat, and white hat are often used to categorize hackers based on their activities. However, these terms fail to convey the true abilities and intentions of these individuals. When it comes to describing an elite hacker with malicious intent, I prefer to use the term “Sith Lords.” Among the few Sith Lords I’ve encountered, one stands out as particularly ruthless. For safety reasons, I won’t disclose his real name, but I will refer to him as Maul. Hailing from the Russian Mafia, he operates within a secretive network of brilliant minds driven by malicious intent and abundant resources. In this article, I will share my personal encounter with Maul, how I crossed paths with him, and the dangerous game that ensued.

The Craigslist Scam

My journey with Maul begins with a cautionary tale of falling victim to a Craigslist scam. This was well before many of the now-common scams were so widely known. Intrigued by a great opportunity to purchase a laptop from a girl living abroad, I found myself ensnared in a well-crafted con. The scammers had created a perfect replica of the DHL website to handle escrow and purchasing and I didn’t thoroughly vet the website or domain. Unbeknownst to me, the transaction was a ruse, and I unwittingly sent $600 to the scammers for a laptop I would never receive. Realizing my mistake a short time later, I decided to confront the scammer via email. I created my own hidden pixel to embed in the email in order to collect as much information as I could about the host machine.

With the hidden pixel, I managed to track down the scammer’s location, which turned out to be in Nigeria. Astonishingly, in addition to the information I collected passively, the scammer responded to my email, leading to an unexpected turn of events that would forever alter my fate.

Unveiling the Scammer

Eager to turn the tables and recover my losses, I engaged the scammer in additional conversation about the purchase. I approached the conversation pretending to be naive about the transaction. I offered up as a red herring additional payment with a prepaid debit card for priority shipping. I hoped the scammer would bite and I was right.

I convinced the scammer, Obi, to move over to AOL Instant Messenger (AIM) so I could quickly send payment details. I sent an image to Obi on AIM that appeared to be a screenshot of my debit card information. Unbeknownst to Obi, he had accepted a Trojan Horse utilizing a program called KnockKnock. Within minutes, I had successfully taken control of his machine. I knew his identity and had full access to his entire network shortly thereafter.

But I had no clue that this would become a game of cat and mouse. By hijacking the scammer’s machine, I had placed myself on the radar of a high-profile criminal organization. Worse yet, I was about to go head-to-head with a much more experienced hacker than I, with Maul himself.

Blackmailed by Maul

Shortly after hacking the Nigerian scammer, I woke up one morning to a startling message in an opened notepad on my computer.

Hi [name].

Good job getting into Obi’s machine. My turn. Join me on this IRC and let’s talk. This is not a request.

– Daemon

Maul had discovered my identity and hacked into my machine while also removing my access to Obi’s systems. Though terrified to do so, I needed to talk to Maul and try to de-escalate the situation. After debating in my head for a couple of days about what I would do or say to protect myself, I finally decided to jump on the IRC channel.

To make a long story short: Maul’s resolution was ultimately blackmail to join him on a server heist. I was coerced into participating in an attack to breach an MSN server. I was assigned a fairly trivial task of running a botnet and perform port probing, and I thought it would be a simple and low-risk resolution to the situation. Little did I know, my true purpose was to serve as the fall guy. Owning another hacker’s identity is a coveted prize in the hacking world, and by leaving my information at the scene of the cybercrime, Maul ensured I became an invaluable asset in his risky endeavor. I didn’t know it at the time, but he was actually proxied through my computer to perform the entire operation.

Hello FBI

A few weeks later I had an unexpected visit from a gentleman from the FBI. At least I had heads-up that they were coming. They had visited an old residence of mine already and my old roommate warned me and did me the favor of disposing of some of my devices. They tracked me down to a current address shortly after. Do you know what it’s like to answer the door with an agent waving a badge in your face? Well, let me tell you: it’s pretty terrifying. Especially when you have spent a good few years participating in a myriad of illegal activities. Even though I thought of myself as an ethical hacktivist, I was an enemy of the state. The only safety I had was that I was still a minor.

I wish I could say that I had backbone or knew my rights, but when pressed even the slightest, I squealed like a pig. I answered every question the FBI had as I walked them through the entire journey and showed them evidence of whatever I could.

Although I faced some trouble as a result of my involvement in the MSN attack, the repercussions were not severe. I was put on a watch list and an informal record was created making me a person of interest. I was given a serious warning about the associates I had made connections with. The FBI revealed that Maul was known to be affiliated with the Russian Mafia and that the organization had zero reservations about getting rid of loose ends. The whole experience taught me a valuable lesson about the dangers that lurk within the hacker-space and that I needed to be more cautious. It especially highlighted the importance of safeguarding identity when entering the world of hacking. A few other lessons learned from this experience include:

  • A hacker can easily be framed if they match a profile.
  • Digital evidence is fairly easy to plant.
  • The best hackers always use an unknowing host.

I’m fairly ashamed to admit that I also learned and used these lessons to my advantage operating as a black hat hacker for a time. I performed many nefarious operations using other amateur hackers as a shield. It’s not something I’m proud to admit, but thankfully, nobody ever suffered any consequences.

Unmasking Maul

In the aftermath of the MSN attack, I devoted myself to uncovering more about Maul and the organization he represented. As I did, I realized I was not merely up against an individual but a formidable and truly powerful group. While I cannot claim to understand the inner workings of the Russian Mafia, my limited knowledge taught me to exercise extreme caution when dealing with them. Over time I realized and witnessed many notorious cybercrimes that could be traced back to this organization. Maul and his counterparts were among the elite within their ranks. The modern-day Godfather now dons the appearance of a computer geek, and I often wonder if they still sport the iconic fedoras.

Conclusion

In the realm of hacking, the distinction between good and evil becomes blurred, and it is within these shadows that Sith Lords like Maul thrive. My encounter with Maul left me with a bitter taste, as I realized the true extent of his power and the dangerous web in which he operated. The hacking world is filled with enigmatic figures and unexpected twists. One must tread carefully when seeking knowledge and navigating the dark side of cyberspace.

Categorized in: