Going Nuclear - A Tale of Revenge
by 2dedd54f25ae2730225e6f1b8968fda52f0831ce
It all started when my wife posted an article to social media about taking care of handicapped family members.
She has a severely handicapped family member, so she naturally has a soft spot for people in that situation. After posting the article, a person neither of us know commented on the story making fun of handicapped people. My wife, unacquainted with the cruelty that's common on the Internet, responded by asking the commenter how they could make fun of a disabled person when they themselves could have easily received the same lot. This is where things heated up. The commenter proceeded to be even more aggressive and insulting about the disabled and towards my wife personally.
After the second encounter, I walked into the room and found my wife crying. She showed me what happened and I, understandably, began to get angry. I reached out to the man privately to tell him that his jests had, in fact, brought my wife to tears and asked him to lay off. I naively thought that he would see that his trolling had gone too far. His response took me by surprise. He scoffed and threatened to do far worse to her and me.
I understand that this was just one of a million social media wars that erupt every day and that this complete stranger posed no real threat to my family or myself.
I will not try to justify the actions I took immediately following the encounter. When he threatened my wife and me, a switch flipped inside of me and I intended on burning this fool like he'd never been burned in his life. I loaded a live Linux distro (Tails) from an SD card, fired up Tor, and began building a basic profile. I searched through social media, reverse email lookups, and various other places until I had more than enough information to execute a nuclear strike. I found a sex offender registry and navigated to one of the more scary and local profile pages, and copied the HTML of the page down locally. I stripped out analytics, moved the CSS to the head of the document, and replaced the sex offenders' image and name with the image and name of my target. The single-file HTML document worked as expected on my machine. Now to get it online.
At this point, the only assets I had to deal with were an image and an HTML page.
I dropped the image into an anonymous image host (there's plenty) and edited the HTML to point to that location for the profile picture. Next, I knew of a Pastebin-like service that let you paste HTML and the service would serve up the page just like a web page. This particular service no longer exists, but the same thing can be accomplished with a temporary Dropbox account if a suitable Pastebin can't be found.
Next, and this is key, I purchased a domain that included the name of the sex offender website with the addition of "-alert" at the end. ICANN requires that a real identity be connected to a domain name, but this can be circumvented by using a domain name proxy service, fake personal information, and a burner email. I needed a registrar that had this loophole and accepted Bitcoin. It didn't take me long to find one. After purchasing the domain, I set it to forward to my Pastebin page with domain name masking turned on (this would ensure that my domain showed as the URL). Lastly, I double-checked to make sure all the links on my pages linked properly to the real sex offender site to advance the allusion that the page was a part of that website.
The table was set.
It was time for the main dish. I looked around online and found a flyer designed to inform neighbors when a violent sex offender moves into a neighborhood. I modified the flyer, adding the target's image, personal information, and the URL to my fake web page. I knew the target's home address and place of work from the profile I initially compiled. I sent the PDF to a printing/shipping service that accepted Bitcoin under the guise of representing a neighborhood watch and had the flyers sent to the target's neighbors and place of work. Like I said, I don't encourage this kind of reckless behavior.
This entire attack took me an afternoon and cost less than $30. Everything was wiped after the operation ended. The Bitcoin wallet, the burner email, and local media were all destroyed when I pulled the SD card. I never sought to follow-up on what kind of fallout ensued. Even if and when the entire ordeal was cleared up on my target's end, I suspect that his neighbors and associates would forever judge him with a measure of suspicion.
It's good to take mental notes of services that accept Bitcoin with the idea that they can frequently be piped together to accomplish unusual things. If nothing else, the above course of events illustrates the brave new world that hyper connectivity and anonymous cryptocurrencies have made possible.
Don't be evil!