Welcome to ECCIE - Sign up today!

JustforFun2012 · 02-22-2022, 01:15 PM

The other site, OH2, has had SSL certificate issues all this week. This is typically something sysadmins can briefly struggle with, so maybe it's the cause, but it's typically an 'oops I forgot that certificate' and quickly gets fixed. I'd estimate one business day even for a newbie to get this fixed, at most if there are skills and $ to fix it.

But this duration is strange....So it got me thinking of other potential causes-

1) The site has been hacked-More in a moment
2) OH2 has an inept or no sysadmin
3) No $ to buy the replacement certificate ($50+).

So #2 is unlikely, it took somebody to create the site after all and even if things went sideways with the old guy, a hire can be addressed online. #3-it's just too low of a bar to cross, they surely earn plenty of $ from ads, waaaaayyyyy way more than $50.

So #1 got me thinking-why. What do you have to gain as a hacker from a site like OH2/Eccie? Not much direct revenue, not like putting ransomware out there. You can't embed viruses/worms and effect everybody, even Google would mark Eccie as a threat. So it leads to my last conclusion, and I'm typically not this conspiracy minded: State sponsored hacking.

A brief tech background: If you visit a site with an SSL certificate (cert) the data between you and the site is encrypted, or scrambled, so an eavesdropper can't hear your conversation. If you spoke an extinct language only you and your buddy knew, it doesn't matter if an eavesdropper is there, they won't understand your dead language. This is a decent enough analogy to encryption of the site to your PC or phone.

So as it stands today, if I'm LE, I don't need a warrant to get everybody's passwords and info. I just have to break their SSL certificate, prevent it from being corrected, and then work with the Internet provider to get everybody's username, pw, and any other critical info. Most Internet providers will have a low bar and most already work with LE. Since this has been down all week, and other sites as noted in another thread, I think something else is going on that's bigger and why I wrote this novella.

If I were you I wouldn't do any interactions on OH2 or login again unless you understand that somebody can see your actions and words. Hope you have a separate username there vs. here and a unique password. I'd stay OFF of OH2 until this is fixed and even then I'm suspicious.

Be careful out there. I hope to hell I'm wrong as can be but this is pretty damn fishy by this point.

ThoreXile · 02-22-2022, 03:21 PM

I think CK is 1.stupid, 2.inept and 3. easy to do a DDOS on his SSL cert. He is being dosed as we speak and he pissed al ot of people. I will just leave it at that. Ain't LE 10000%

winn dixie · 02-22-2022, 03:29 PM

That owner has worked with LE in the past. And has proven to throw others under the bus to save his hide.

JustforFun2012 · 02-22-2022, 03:40 PM

Quote:

Originally Posted by ThoreXile

I think CK is 1.stupid, 2.inept and 3. easy to do a DDOS on his SSL cert. He is being dosed as we speak and he pissed al ot of people. I will just leave it at that. Ain't LE 10000%

Thor, I can go down the rabbit hole technically again but DDOS and SSL certs are NOT the same. DDOS just prevents you getting there. You get a page cannot be displayed or hourglass just sits with nothing.

This issue seen today is different, like a misconfigured server intentionally.

Another analogy-DDOS is like running out of gas, it can work again once the denial of service (DOS in DDOS) is done. A bad cert is like putting diesel into a gas car-it's not going to work, ever.

If the follow-up response is accurate, everybody active on OH2 especially providers SHOULD be scared at this point. I cited this as a concern b/c it's different than a DDOS attack and more concerning. IDK CK or his history so I'm not going to guess at that but...at a technical level this server is frankly dangerous AF and smells so fishy it's like Portland's fish market on a 100F day.

atanion · 02-22-2022, 05:03 PM

JustsforFun2012, I'm curious, if I tried to login to OH2, and my username and password were transmitted in an unencrypted fashion, what's the danger? I use a different password on this site, and I've never shared personal information with anyone on OH2. What should I be worried about?

GhostRiderYYZ · 02-22-2022, 05:43 PM

to break an SSL you would have to hack either the site that issued it or the site that uses it. HACKING is a FELONY & LE is not about to do that because if it was proven (and most likely it could be as net traffic, routes, IP address's can be logged by 3rd party monitoring) then LE would be in serious trouble as the felony would be a federal one.

the moral outcry would be "so what, its a hooker board" but the legal argument against that would be "If the cops can't get what they want they will HACK your system until they get what they want because they are immune from prosecution" ergo your privacy would be at stake and guess what.. the 4th amendment is one we ALL love!

And if it was LE doing this and it was proven, any evidence would not be allowed because they "did not have a search warrant / court order" so that would set them back.

I think this is just some hacking group poking around.. some net research might yield a more focused form of answer, like if this a shared server what else is on that server as it might be the target and Oh2 is collateral damage. Same as RR

TryWeakly · 02-22-2022, 06:07 PM

So you are implying that LE doesnt do anything illegal?

Tiger811 · 02-22-2022, 07:08 PM

I am no expert but it seems as though RR is having some of the same issues.

Over the last year, our site has been under constant cyber attack. Attackers have phished users' data, rerouted DNS traffic, spoofed transactions, DDOS attacked our IP address, stolen ads from users, and more. The attacks have been relentless and sophisticated. The latest attack occurred 2/19/22, and the hackers wiped out our users' ads and images from our ad database.

To continue, we will need to perform an infrastructure overhaul and repair the damage. We do not have a timeline for completion, so we are recommending advertisers use a different website for now. We sincerely apologize for this turn of events.

ThoreXile · 02-22-2022, 08:05 PM

Quote:

Originally Posted by JustforFun2012

Thor, I can go down the rabbit hole technically again but DDOS and SSL certs are NOT the same. DDOS just prevents you getting there. You get a page cannot be displayed or hourglass just sits with nothing.

This issue seen today is different, like a misconfigured server intentionally.

Another analogy-DDOS is like running out of gas, it can work again once the denial of service (DOS in DDOS) is done. A bad cert is like putting diesel into a gas car-it's not going to work, ever.

If the follow-up response is accurate, everybody active on OH2 especially providers SHOULD be scared at this point. I cited this as a concern b/c it's different than a DDOS attack and more concerning. IDK CK or his history so I'm not going to guess at that but...at a technical level this server is frankly dangerous AF and smells so fishy it's like Portland's fish market on a 100F day.

I do this for a a living since my ruski days LOL. I started as a blackhat and moved to grey and then white hat. Is a DDOS

Austin Ellen · 02-22-2022, 08:46 PM

You just spread lies and lies. You're the one who outs ladies and stalks ladies on OH2. You are the one who is the threat.
That's why you get banned over there but you keep wanting to come back begging CK to let you back on his site. Pathatic.

Quote:

Originally Posted by winn dixie

That owner has worked with LE in the past. And has proven to throw others under the bus to save his hide.

MarcellusWalluz · 02-22-2022, 10:00 PM

@ Austin Ellen: If you ever cum out of retirement let me know.

JustforFun2012 · 02-23-2022, 10:36 AM

Quote:

Originally Posted by atanion

JustsforFun2012, I'm curious, if I tried to login to OH2, and my username and password were transmitted in an unencrypted fashion, what's the danger? I use a different password on this site, and I've never shared personal information with anyone on OH2. What should I be worried about?

First up a DDOS and what's going on with RR is markedly different than a cert, what effects OH2. Really read up on Wikipedia at a minimum about the tech, DDOS is too much traffic for the server while a cert issue is a certificate located ON the server. Different tech, applications, etc. I'm not debating that further when I know I'm right.

Now, here's a simple scenario of how LE can benefit from a similar situation. I'm not saying this is what happened to OH2 but it well could:

LE works with the ISP hosting RR or OH2 or whatever site they're targeting. ISPs will readily work with LE as it's a mutually beneficial relationship in stopping hackers. In this instance the LE probably won't need a warrant or extensive support due to their relationship that's existing. If you're an ISP and your network is being DDOS'ed you're freaking calling the FBI to help.

It
happens
a lot.

Site's certificate times out or gets intentionally corrupted by the owner of the site b/c he's working with LE. Certs need annual refreshes but can be purchase for up to 10 yrs. in advance. Let's say that have a 1 yr. and they know it expires 2/1/22. With a broken cert everything goes clear-text between that site with the bad cert and the public Internet. LE starts listening to the network traffic between the server and the Internet. If the cert works, it makes their job VERY difficult b/c they have to decrypt/unscramble everything. If the cert is broken now they see your login, your DMs, searches, etc.

It's not necessarily what you'd say directly but if I'm LE I can now combine what you sent in PMs for buddies asking questions, your searches, as well as a review. Now that's getting harder to prove in a court vs. saying it wasn't you. 2nd up, and more impact, if I'm LE now I see all the DMs to/from providers so I know who their client is IRL, who they are, and what clients are coming up. I can find info on all the providers and get the initial info to continue with future warrants / research. Instead of hunting providers 1x at a time, I get them all in an area and can nab 100's at a time.

It's not too outlandish or crazy. Like I said before, fixing a SSL cert is relatively trivial so it's just weird AF that it's broken this long. That alone is troubling and that plus scenarios that can happen like the above make OH2 frankly untrustworthy.

If they're legit, fix the cert quickly to prove me wrong (really please do, I'd rather have more sites vs. 1 trustworthy one!).

JustforFun2012 · 02-23-2022, 10:53 AM

Quote:

Originally Posted by GhostRiderYYZ

to break an SSL you would have to hack either the site that issued it or the site that uses it. HACKING is a FELONY & LE is not about to do that because if it was proven (and most likely it could be as net traffic, routes, IP address's can be logged by 3rd party monitoring) then LE would be in serious trouble as the felony would be a federal one.

the moral outcry would be "so what, its a hooker board" but the legal argument against that would be "If the cops can't get what they want they will HACK your system until they get what they want because they are immune from prosecution" ergo your privacy would be at stake and guess what.. the 4th amendment is one we ALL love!

And if it was LE doing this and it was proven, any evidence would not be allowed because they "did not have a search warrant / court order" so that would set them back.

I think this is just some hacking group poking around.. some net research might yield a more focused form of answer, like if this a shared server what else is on that server as it might be the target and Oh2 is collateral damage. Same as RR

Ghostrider-If you think that Fed or LE won't hack a target despite the legality of hacking or not hacking you need to research:

1) The Shadow Brokers-This is the NSA's hacking arm that ahem, hacks us, you, everybody

2) Stuxnet-Developed with a Windows 0 day vulnerability Microsoft knew nothing about for YEARS. Used by the US and Israli intel to attack Iranian nuke centrifuges

3) NSA has dedicated fiber taps into ALL Internet traffic coming/going. Just google 'Att nsa room'

That's just the tip of the iceberg. I hate to shatter your ideas but yeah-LE will do WTF they want whenever they want laws or not involved. They have fed support. This list above is just the BIG stuff that came out via Wikileaks and other leaks. The small, local LE stuff probably never hits the radar or news...ever. IF this is what's going on I'm sure the Fed will participate to have 100's-1000's of providers busted nationally. They'll blame Russia, N Korea, China etc. on this 'hack' but the truth of their method will NOT come out.

This is why I'm raising an alarm bell. It's not only capable, to me it's more probable than you think. If this is news to you please wake up yourself and other sheeple and research the above.

GhostRiderYYZ · 02-23-2022, 10:56 AM

Quote:

Originally Posted by TryWeakly

So you are implying that LE doesnt do anything illegal?

No, I am implying that if LE did something illegal to obtain evidence of a crime and it was proven they did, any and all evidence they obtained would be tossed out and not be allowed.

Ask a lawyer about this

But *WOULD* they do something illegal ? jury is still out on this one.

GhostRiderYYZ · 02-23-2022, 11:03 AM

Quote:

Originally Posted by JustforFun2012

Ghostrider-If you think that Fed or LE won't hack a target despite the legality of hacking or not hacking you need to research:

1) The Shadow Brokers-This is the NSA's hacking arm that ahem, hacks us, you, everybody

2) Stuxnet-Developed with a Windows 0 day vulnerability Microsoft knew nothing about for YEARS. Used by the US and Israli intel to attack Iranian nuke centrifuges

3) NSA has dedicated fiber taps into ALL Internet traffic coming/going. Just google 'Att nsa room'

That's just the tip of the iceberg. I hate to shatter your ideas but yeah-LE will do WTF they want whenever they want laws or not involved. They have fed support. This list above is just the BIG stuff that came out via Wikileaks and other leaks. The small, local LE stuff probably never hits the radar or news...ever. IF this is what's going on I'm sure the Fed will participate to have 100's-1000's of providers busted nationally. They'll blame Russia, N Korea, China etc. on this 'hack' but the truth of their method will NOT come out.

This is why I'm raising an alarm bell. It's not only capable, to me it's more probable than you think. If this is news to you please wake up yourself and other sheeple and research the above.

hmm so let me get this straight:

the FEDERAL GOVERNMENT is hacking an escort review board *AND* possibly a website that advertises body rubs for what purpose? International Security? What are they looking for?

Stuxnet if you recall sabotaged the centrifuges of Iran to prevent them from creating nuclear material, as for the NSA and your theory of them hacking Oh2 etc.. you need to add another layer of tinfoil to your hat.