Weight In Traffic: How I Forced Lockbit to Surrender 1000’s Of chats with 2 .JPGs
Anyone a 70s? 80s or 90s Baby? If so we got a treat for you. Welcome back to another party… Who here remembers Call of Duty Modern Warfare 2 (2009) or the old P2P Era where we used Limewire and Napster? I do and thankfully It’s not just an Era of good music, Poor Economics, Good times and not a lot of drama but an Era where Netsec became a new topic and career. As time progressed people would Learn how to setup botnets, worms and annoying adware and what have you but we forgotten an Era that it was hard to hide in outside the realm of P2P and Law Enforcement was super uneducated about the internet.
Today I decided to break out a method I’ve been working with for over a year now. Since March 26th of 2022 I’ve failed to update QTox and have been running a Glasswire IDS. It makes figuring out where shit comes and goes from and protects from Malware being retarded and doing too much damage if I ever made a mistake. However I came to realize all IPs using Tox are viewable in it… But how do you trace a criminal back to where they’re at?
Weight in Traffic that’s how.
2 Ways to Achieve the goal Legally.
Social Engineering
So in case #1 New Ransomware group attempts to send me a 600 MB Video proving their locker works as Promised. I Talked them up and although reluctant I used sales pitches and “Well if you don’t show me than I’m not gonna waste my time on a potentially broken product” — End Result: IP Address from His house In Southern Ukraine. Brilliance.
Accepting the files
Ah Yes, Lockbit my favorite group of Criminals. See here’s something fun so lockbit currently enabled: “Accept all incoming transfers” — This totally won’t be exploited whatsoever… oh wait, I sent him a 300 KBs JPG and got him unknowingly to disclose His Hosting Provider & Server IP.
Whoops. It seems odd how anyone would just “leave” qTox to accept files automatically. This is bad practice and well as we see here there’s no other IP with more than 300 KBs, The file was 370 KBs
So if no other IP is matching the weight of which it’s received than it’s clearly their IP in New York. 104.xxx.xxx.xxx Port: 3389 (RDP)
So? P2P + WIT = Your IP Leaked. Use a VPN as well skids I law enforcement would love to read your files and could recover your data from a cache on the servers hard disks. Have fun. Learn and Get good.
