1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Possible for someone to track you from a PDF?

Discussion in 'BlackHat Lounge' started by kytro360, Jun 27, 2013.

  1. kytro360

    kytro360 Power Member

    Joined:
    Jan 12, 2010
    Messages:
    703
    Likes Received:
    732
    Hey so I downloaded a product on this website and the PDF said that they embedded tracking code inside the PDF to track if you shared the guide or not.

    It went like this:
    Is he bluffing? I've never even heard of this concept before, and I feel like its a big drastic. What are your thoughts?

    P.S: How would they even track us down?
     
    • Thanks Thanks x 1
  2. ReALeST

    ReALeST Power Member

    Joined:
    May 16, 2012
    Messages:
    584
    Likes Received:
    399
    lol duno about that but i do no u can bind a RAT to a pdf with backtrack and do more than just track some1 :)
     
  3. seoactive

    seoactive Regular Member

    Joined:
    Nov 15, 2012
    Messages:
    409
    Likes Received:
    21
    then I'm going to sue you - the person who bought the program - for damages, which the law allows to be up to $150,000 and up to 2 years in jail.[/quote]

    Unless that ebook is extremely expensive, i think he wouldn't bother sueing anyone for $7 - $10 per sale. Then there are other factors like whether if that person is on the other side of the world, or if the file is really being shared.. what if the file is stolen without owner knowing etc. All kinds of factors man.
     
  4. kytro360

    kytro360 Power Member

    Joined:
    Jan 12, 2010
    Messages:
    703
    Likes Received:
    732
    Unless that ebook is extremely expensive, i think he wouldn't bother sueing anyone for $7 - $10 per sale. Then there are other factors like whether if that person is on the other side of the world, or if the file is really being shared.. what if the file is stolen without owner knowing etc. All kinds of factors man.[/QUOTE]

    I think this guide cost like 100 something bucks. Even though it said hes gonna sue the owner Imm delete it from my harddrive ASAP. Dont want to risk anything, I dont have that type of money being 16 haha.
     
  5. oobble

    oobble Registered Member

    Joined:
    Jan 19, 2013
    Messages:
    53
    Likes Received:
    26
    Just copy and paste the text into your favourite word processing program and Viola! Supposed tracking device gone.
     
    • Thanks Thanks x 3
  6. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Premium Member

    Joined:
    Nov 10, 2012
    Messages:
    10,112
    Likes Received:
    28,531
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    You can be tracked by meta-data but this sounds like BS. If he has embedded something then it can be removed.

    Who was the product by ? They sound like a wanker.

    If you could post the sales page and let me have a look, that would be cool.

    Edit: Before you delete it, I would like to take a look.
     
  7. kytro360

    kytro360 Power Member

    Joined:
    Jan 12, 2010
    Messages:
    703
    Likes Received:
    732
    Code:
    http://affiliateblackbook.com/
     
  8. muscleteen

    muscleteen Regular Member

    Joined:
    Oct 28, 2008
    Messages:
    397
    Likes Received:
    861
    1. Sounds like BS.

    2. "I'm going to sue you - the person who bought the program - for damages, which the law allows to be up to $150,000 and up to 2 years in jail."

    Basically, he's saying he'll sue the guy who actually bought the program. You said you just downloaded it from a website, so according to his lame "Warning", you are safe.
     
    • Thanks Thanks x 1
  9. seoactive

    seoactive Regular Member

    Joined:
    Nov 15, 2012
    Messages:
    409
    Likes Received:
    21
    Just unplug internet connection when you're reading. There is no way to track anything often. The connection is gone. Real offline
     
  10. Goal Line Technology

    Goal Line Technology Senior Member

    Joined:
    Dec 30, 2011
    Messages:
    929
    Likes Received:
    2,157
    kytro360
    I thought that you had more sense than this,
    of course it is OK, and it is from Mr X,
    he is only trying to stop a lot of BS,
    my advice,
    chill and get on with your life.
    Cheers for all your contributions :)
     
  11. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    8,835
    Likes Received:
    7,445
    Occupation:
    ZLinky2Buy SEO Services
    Location:
    ⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩
    Home Page:
    Aren't PDF files capable of carrying some executable code in them? Like macros or something? Or was that accidental / due to a security hole?
     
  12. kytro360

    kytro360 Power Member

    Joined:
    Jan 12, 2010
    Messages:
    703
    Likes Received:
    732
    LOL I know, Ive been at the blackhat game for a while but this is the first time I actually read a disclaimer and it freaked me out haha
     
  13. tresm

    tresm Newbie

    Joined:
    May 19, 2012
    Messages:
    45
    Likes Received:
    23
    Location:
    The Netherlands
    He isn't going to be 'tracking you' or anything. I suspect that he watermarked it or changed the wording slightly for different people, so he knows who leaked it when a copy appears on the internet.
     
  14. Ash2012

    Ash2012 Regular Member

    Joined:
    Nov 20, 2012
    Messages:
    343
    Likes Received:
    58
    PDF includes support for Javascripts, and has doc object that can fetch a url, something like: app.doc.getURL so I guess you could send each unique copy to a separate url to track it, but it would seem like a lot of work for a shitty little $10 document.

    If you want to be safe / sure just copy the poorly written pdf into a text editor, recopy that text into word and save as PDF removing any script that was embedded in it.


    edit: Adobe Acrobat scripting guide here
     
  15. RedStain

    RedStain Regular Member

    Joined:
    Oct 19, 2012
    Messages:
    201
    Likes Received:
    67
    Location:
    US
    Give me a copy! lol. Just copy and paste it man then get rid of the file. That or snap shot it. You can then turn it into your own PDF.
     
  16. HelloInsomnia

    HelloInsomnia Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Mar 1, 2009
    Messages:
    1,814
    Likes Received:
    2,910
    Of course it's possible:

    http://www.wired.com/gadgetlab/2013/06/new-ebook-drm/

    I am sure you can make it so each ebook is generated a little bit differently on your own or somehow include a string of characters in it, basically just figure out a way to give each ebook some kind of fingerprint and match that up to a database which would contain your transaction details.

    I'm not saying that he is bluffing or not - just pointing out that it is possible if you are creative enough.
     
    • Thanks Thanks x 1
  17. The Scarlet Pimp

    The Scarlet Pimp Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 2, 2008
    Messages:
    787
    Likes Received:
    3,117
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    this guy is john barker - a small, ex-army loudmouth who likes to talk tough.
    he wrote "adwords blackbook" some years ago. it's a good book!

    p.s. lawyers charge a retainer for taking cases like this. nobody is going to come after you for this.
     
  18. allply

    allply Registered Member

    Joined:
    May 21, 2013
    Messages:
    52
    Likes Received:
    6
    I second that lol
     
  19. OldSalt

    OldSalt Moderator Staff Member Moderator Jr. VIP Premium Member

    Joined:
    May 19, 2009
    Messages:
    1,279
    Likes Received:
    7,437
    Gender:
    Male
    Occupation:
    IT Sys Admin
    Location:
    US, East Coast
    It's easily possible and if it's done well, would be hard to figure out what it is. As HelloInsomnia said, all it would require is to change one section with a code that doesn't look like one. He could even use a unicode combination that looks like the text, but isn't. Could be done by computer to create the digital signature and record it for each sale. If he was motivated and REALLY wanted to do it... it could be legit.

    And copying and pasting into a Word doc may not clear the signature if he was using words rather than characters (uniquely spinning a specific paragraph maybe?)
     
  20. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Premium Member

    Joined:
    Nov 10, 2012
    Messages:
    10,112
    Likes Received:
    28,531
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    Well the funny thing is, it doesn't actually stop the product being shared.
    Code:
    http://www.blackhatworld.com/blackhat-seo/member-downloads/580354-get-affiliate-black-book-x-127-a.html
    And it is highly unlikely that he would be able to prosecute anybody that had purchased the product because he would have to prove that they did actually share it. The cost of which is prohibitive (unless you are a major film/music studio).http://en.wikipedia.org/wiki/Damages
    His threats are meaningless so that makes me believe that he is a bullshitter.