1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Do not take NO for an answer (my case study)

Discussion in 'Making Money' started by Elliot305, Aug 4, 2014.

  1. Elliot305

    Elliot305 Jr. VIP Jr. VIP

    Joined:
    Jul 21, 2010
    Messages:
    503
    Likes Received:
    1,323
    Occupation:
    Loophole/Exploit Specialist
    Location:
    In The Sun
    My Case Study

    The way I look at it there are two types of noes...the vague one and the affirmative one. Common sense needs to come into play of course with how you distinguish the two. Maybe this has been covered already, but I thought to share a recent experience I had with it (both in the verbal sense as well as action sense). Most people won't come across my type of situation but the concept remains the same and if I was able to do it given the hostile environment I was in then anybody should be able to turn some of those noes into yeses in your future endeavors. It's a bit of a story since it's a case study so if you don't want to read it...don't read it. As always, if you like my share feel free to hit the Thanks button.

    My expertise: Exploits

    My targets: Casinos

    My offer: Consulting

    Two months ago I offered consulting to a company after exploiting their system...they took me up on it. The deal was $3,000 per exploit I found. First one they paid me, second one they paid me. A week or so later they relaunch the game and ask me if I can find anything new with it...I did within the hour. I contact them back informing them of this and stated I could get a video made showing it shortly. He says he'll inform his partners and get back to me after the weekend so no need to do it yet.

    Monday comes and I notice the game is back online and the vulnerability is no longer there. I emailed him stating my frustration as it appeared I was now used as a guinea pig to answer the question of whether it's secured or not...but not to show them where it was and how to fix it. That's where the "cheap labor" would come in to keep pentesting the site. This is not the deal we had. Is it good business policy to get cheap labor? Sure. But as the old saying goes...you pay for what you get.

    When I received a response I was informed that I would be paid a fraction of what the Agreement was since it only took a very short time to find and that my services will now be only used for Yes or No responses pertaining to if their games are secure and I would now be paid at their discretion. The balls on these guys. I knew which side of the fence I had to stand on now. I could have fucked them over for more than 3k on numerous occasions but I was trying to build something of a relationship with them via consulting.

    After the game was "fixed" and back online, I dropped what I was doing and dedicated the rest of my day to it. I didn't take NO for an answer with whether I could break the game again. The game was offline for several days to put in the patches so clearly if it was relaunched then everything had to be secure, right? Well, I wasn't going to accept that contention. This wasn't about money anymore. It's one thing to not afford the original Agreement and to work something out with me. It's another thing to railroad me because you got cheaper labor somewhere else and think some guy off of Odesk charging $15 an hour is somehow comparable to me.

    Later that day I had the game cracked again. I wasn't paid my "Yes or No" fee yet so I waited for them to send it. That night the exploit was deployed and I got paid...on my terms. Fuck them! My loyalties were misguided based on me trying to go somewhat legit. I knew what had to be done. The next morning, their BTC wallet was empty and the game was pulled offline again...I didn't say a word to them. I could have waited until the weekend when I knew they would put more in for the heavier action but I wanted to leave a message...if you cross me during the day you'll be sorry by the time night hits.

    I then focused my attention to their blackjack game which I wasn't able to crack in the whole 2 months of me "working" with them. I had a shit load of motivation and money was only 1% of it. They probably weren't worried about blackjack since I wasn''t able to do anything with it before. But I was up for the challenge. I spent around $400 testing the game out. A lot of my procedures come from aborting and/or malfunctioning the game so I knew heavy testing would come at a larger price. I refused to accept their blackjack game being non-breakable and I was just wasting money. There had to be something...and there was.

    This vulnerability didn't come up every time but when it did it paid off huge. I launched the exploit at night and once again by the time morning hit their wallet was empty and the game was offline. Over the next few days they kept their wallet super thin. I sent the owner a skype message to see if they wanted the fix. I knew what I was getting into but business is business and I'm not afraid to purpose an offer to a company I exploited. So, I'll leave out most of the shit talking and insults they threw at me and skip to where my offers come in, the rejections that follow and how I turned that NO into a YES! This was a skype conversation but I'll take out the misc skype details and just leave the text.

    ME:

    Blackjack down?

    THEM:

    you tell me
    you want 1,000,000,000 to find the defect?
    good hit on the video poker too the other day?
    can?t say your not good
    so what?s up.. you got an itch to steal more, or what?


    ME: (1st offer)

    just wanted to know why what's up with blackjack. why, did someone crack it? thought you had video poker are secured too? you pay for what you get it suppose.
    you want the fix for blackjack?
    there's a reason why I did it during the day...to get your attention
    don't need to hide behind doing it during the wee hours while you're sleeping
    well, if you're interested, feel free to present an offer.
    otherwise have your crackerjack team spend days on it
    .

    THEM: (1st rejection)

    i?m not interested in dealing with people I can?t trust, and you sir have clearly proven (on 3 occasions now) i can?t trust you
    i will have the crackerjack guys attempt to put some bandaids on it


    ME: (2nd offer)

    i get the job done, i could care less what you think of me.
    you want a feel good employee, lol
    I'm a businessman...I don't take your shit talking personally. If you wish to present an offer to me tomorrow or whenever, feel free to do so.


    THEM:

    i?m letting the owners know, we gotta shut down
    you?re right, i?m wrong - i?m an idiot
    Praise be unto Him


    ME:

    My offer still stands though. Otherwise, drink some redbull and keep that wallet thiiinnnnn

    THEM: (2nd rejection)

    Cool story bro

    ME: (3rd offer) (here I was looking for an affirmative NO and I would be on my way)

    so I know for future reference and to avoid unnecessary conversations with you, is it a moot point trying to offer the fix for what I will continue to find on your site? if so, that's cool, we don't need to communicate any further. I don't reach out to you to just talk. If working with me is off the table going forward then it doesn't make much sense talking any further. So if it is, say so now.

    THEM:

    so we saw that you could double after you received blackjack. If you have other exploits on blackjack - we haven?t found them yet

    ME:

    yeah, there's more. doesn't do me any good either since my response will only induce you to hire cheaper labor to look for it and patch it, just like you did before

    THEM:

    How much do you personally think you could ?get? from it? In reality - you did a good job last week.

    ME: (4th offer)

    if you want to make a deal for the rest of the exploit we can

    THEM:


    shoot - give me the offer, knowing you could probably get away with it later tonight at 2 AM when I?m asleep

    Trust me, the conversation was a lot more contentious than what was included but you can see here that even in situations like this you can sometimes turn that NO into a YES and make money from it. Don't always take what someone says or what a situation brings at face value. There's oftentimes more to the story...or exploit in my case.
     
    • Thanks Thanks x 27
  2. popcrdom29

    popcrdom29 Jr. VIP Jr. VIP Premium Member

    Joined:
    May 20, 2008
    Messages:
    807
    Likes Received:
    518
    Sounds like you did the right thing by sticking to your guns. They tried to take the cheap way out but ended up paying anyway.
     
    • Thanks Thanks x 1
  3. Elliot305

    Elliot305 Jr. VIP Jr. VIP

    Joined:
    Jul 21, 2010
    Messages:
    503
    Likes Received:
    1,323
    Occupation:
    Loophole/Exploit Specialist
    Location:
    In The Sun
    Yes, they did. Working on another one for them currently, but since they would rather pay someone else to fix it, looks like I'll be exploiting it first and offering consulting after. This is the weird dynamic of the relationship now...but it was brought upon themselves.
     
    Last edited: Aug 4, 2014
  4. YouTubez

    YouTubez Regular Member

    Joined:
    Feb 3, 2013
    Messages:
    327
    Likes Received:
    140
    Occupation:
    YouTube Marketing
    Extremely smart man, keep at it and you'll see a healthy bank account now and in the future!
     
    • Thanks Thanks x 1
  5. Pilfer7

    Pilfer7 Regular Member

    Joined:
    Sep 3, 2012
    Messages:
    383
    Likes Received:
    194
    Location:
    Las Vegas
    Home Page:
    Your threads are awesome man
     
    • Thanks Thanks x 1
  6. wild1

    wild1 Jr. VIP Jr. VIP

    Joined:
    Dec 19, 2008
    Messages:
    485
    Likes Received:
    1,000
    Location:
    Caribbean
    Sucks to be them lol
     
  7. Pringles

    Pringles Jr. VIP Jr. VIP

    Joined:
    Dec 31, 2009
    Messages:
    264
    Likes Received:
    94
    Are you able to find other online casinos to exploit and sell your services? Seems like a lucrative business and you obviously know what you're doing. I always wanted to get into security type work but haven't yet.
     
  8. DatMoney

    DatMoney Regular Member

    Joined:
    Jul 20, 2014
    Messages:
    238
    Likes Received:
    103
    Occupation:
    Chief Engineer at NASA
    Location:
    New York, United Kingdom
    Home Page:
    You did the right thing! :)
     
    • Thanks Thanks x 1
  9. antichrist

    antichrist Jr. VIP Jr. VIP

    Joined:
    Aug 21, 2012
    Messages:
    1,722
    Likes Received:
    2,070
    Location:
    On top of the world!
    Looks like someone is playing the "big dog" part properly.
     
    • Thanks Thanks x 1
  10. Elliot305

    Elliot305 Jr. VIP Jr. VIP

    Joined:
    Jul 21, 2010
    Messages:
    503
    Likes Received:
    1,323
    Occupation:
    Loophole/Exploit Specialist
    Location:
    In The Sun
    Yes, I do carry the consulting out to other companies...mixed results thus far.
     
  11. King_James

    King_James Regular Member

    Joined:
    Jun 21, 2013
    Messages:
    211
    Likes Received:
    111
    Location:
    Europe
    Awesome, well played man!
     
    • Thanks Thanks x 1
  12. davain

    davain Regular Member

    Joined:
    Jun 18, 2014
    Messages:
    220
    Likes Received:
    83
    Having to pay someone for exploiting your software; that yes at the end must have been so hard for them to say
     
  13. Elliot305

    Elliot305 Jr. VIP Jr. VIP

    Joined:
    Jul 21, 2010
    Messages:
    503
    Likes Received:
    1,323
    Occupation:
    Loophole/Exploit Specialist
    Location:
    In The Sun
    Indeed I'm sure it was...which was more of a payoff than the money itself in a way.
     
  14. V

    V Elite Member

    Joined:
    May 18, 2012
    Messages:
    2,113
    Likes Received:
    2,543
    Occupation:
    Student
    Location:
    /tmp
    Nice man, i read your previous thread about finding an exploit. :) Keep working hard, it's the best business because nothing is 100% secure. ;) :p
     
    • Thanks Thanks x 1
  15. lord1027

    lord1027 Elite Member

    Joined:
    Sep 20, 2013
    Messages:
    3,174
    Likes Received:
    2,222
    I should start looking for exploits :D
    Good job turning that NO into Yes!
     
    • Thanks Thanks x 1
  16. lucia pavelkova

    lucia pavelkova Junior Member

    Joined:
    Jul 23, 2014
    Messages:
    115
    Likes Received:
    8
    Occupation:
    SEO
    Location:
    Prague/Bali
    Awesome. Lot to learn from you!
     
    • Thanks Thanks x 1
  17. Ming the Merciless

    Ming the Merciless Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 30, 2012
    Messages:
    680
    Likes Received:
    820
    Location:
    United States
    I always enjoy your posts. They make me feel like I am in some spy movie! haha. This is good stuff right here...
     
    • Thanks Thanks x 1
  18. junxt24

    junxt24 Newbie

    Joined:
    Aug 7, 2014
    Messages:
    16
    Likes Received:
    1
    Home Page:
    Persistence is key to success? Great job!
     
    • Thanks Thanks x 1
  19. crystalrichie1

    crystalrichie1 Registered Member

    Joined:
    Apr 15, 2013
    Messages:
    98
    Likes Received:
    6
    Anyways how can I get in on the action? Although I must admit, I know nothing about hacking or exploits.
     
  20. redirect

    redirect Newbie

    Joined:
    Jun 26, 2014
    Messages:
    10
    Likes Received:
    1
    Then turn away now... Stick to what you know.