Defeating Security Scams With Maximum Lawls
Security is of the utmost importance for me, especially in my work for the MIT Bitcoin Project. So I was alarmed when this showed up in my inbox:
Unfortunately I was out and about when I saw this, but I wasn’t too concerned. After all, we’re only really running a static site at the moment. I couldn’t resist inquiring further. Later that evening:
I quickly found that Nakul’s motivations were simple:
Game on:
Holy shit. Here are the bugs: Injected my Database using Database Injection (my server has no DB); Leaked all my Bitcoins; or Defaced my whole server — and Nakul doesn’t care.
Who is our new friend anyways? A cursory search yields: https://medium.com/@tareksiddiki/story-of-a-beg-bounty-hunter-e9a1f58ddf9e. TL;DR: Nakul is some kind of dumb ass bug-bounty chaser. Thanks Tarek!
Thus the plan begins:
I throw up a simple “hacked by Nakul” on the main site, and send some concerned messages:
Nakul doesn’t respond. I tell Nakul I don’t want to escalate:
Nakul bites:
Wat:
At this point, you may view this version of the website at
for historical reasons. You’ll need your full attention & audio to maximize enjoyment.
So what does Nakul really want?
First & Foremost, a well deserved “I told you so”:
Nakul gets down to business:
I’m in too deep. At this point, Dan points out this amazing counter-scam tactic. http://imgur.com/a/tR48B. I weigh my options and dive deeper:
Our next messages are sent at the same time — Nakul’s comes in while mine is sending:
Nakul bites…
… I bite back:
Panic onsets:
I reset the website:
Say hello to my little friend:
Nakul doubles down:
Reading the Riot Act:
Nakul issues an empty threat:
The Donation is… a #DOGENATION. That’s right, I’m supporting the Shibes on this one.
To learn more about NYC Shiba Rescue, please see http://nycshibarescue.org/
Thanks for reading. Please let me know of any security vulnerabilities you may discover, I can’t promise a reward, but I can promise your continued lawls.
As a reminder, MIT BitComp Round 3 closes tomorrow at Midnight — good luck to all entrants!
For more info, please visit http://mitbitcoinproject.org/#bitcomp