1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What would you do? (How hard would you hit this guy's site?)

Discussion in 'BlackHat Lounge' started by GiorgioB, Dec 10, 2012.

  1. GiorgioB

    GiorgioB Supreme Member

    Joined:
    Feb 28, 2012
    Messages:
    1,288
    Likes Received:
    1,318
    Occupation:
    Making money
    Location:
    Touching the Sky
    I have a bit of an ethics dilemma at the moment and would like opinions.

    I have been working for a company for about 2 years, then I quit my job. The company went out of business a few weeks later (which I foresaw, thus my quitting), and now I've noticed that a former employee which was not a big buddy of mine, but OK, has opened a new online shop. Curious about this (i wasn't sure it was him at the time) I sent an email from a fake address asking for information (subtle.. not like "who is behind this website?")

    So this part is the weirdest part. I received an email to my main email inbox (it is linked to the fake email address) a few hours later saying someone had changed my password and had deleted the secondary (my main) email address... and replaced with one where I could clearly see who was behind that. I think the message was like "don't play with us" or something laughable like that.

    After a couple of days of investigating...I've managed to log myself into the backend of his website (ecommerce). Now.. what should I do? Should I place hidden links in his website? Steal his customer list? Replace his Paypal / moneybookers email address with mine? Or should I just not do anything? He probably knows my own private shop, but I highly doubt he can get into it.

    The thing is the website is not very old (like 1-2 months old) and he hasn't had any sales yet. He has like 2 customers who have signed up and actually I know those customers cos I used to handle their accounts in our ex-company. We're talking customers who order $2000-3000 worth of merch every few months.

    What would you do? I want to fly under the radar as long as possible and I want to make money off this guy without him noticing me.
     
  2. Berkeli

    Berkeli Regular Member

    Joined:
    Oct 16, 2012
    Messages:
    352
    Likes Received:
    216
    Occupation:
    SEO
    Location:
    Above & Beyond
    Home Page:
    if he figured out your fake email i'm pretty sure he'll figure out that you are in his shop right now...

    my previous employers had hit me pretty hard but I just left them to the god's will. and a couple of weeks ago their servers were hacked and they didn't have a website backup (about 10 websites, online shop, restaurant, hotel, spa..) And as I had backups I charged them a whopping 6000£.

    that paid me back pretty well. they say patience is the deadliest weapon
     
  3. Zapdos

    Zapdos Power Member

    Joined:
    Oct 22, 2011
    Messages:
    597
    Likes Received:
    708
    Location:
    Eastern North Carolina
    Unless you live in some "hostile" country like russia or china, hacking into is usually considered a serious crime and you do jail time. Changing the paypal/cc information is stupid, after the first order they would notice and it would be fraud + hacking.

    Let it go, and fix your shitty passwords/security questions.
     
  4. GiorgioB

    GiorgioB Supreme Member

    Joined:
    Feb 28, 2012
    Messages:
    1,288
    Likes Received:
    1,318
    Occupation:
    Making money
    Location:
    Touching the Sky
    Yes.. I see.. but that is pretty lucky for you.
    edit: he won't know i'm in his shop unless I leave some kind of mark


    Actually I do live in one of those 2 countries. Not planning to do anything for the moment but am open to ideas.
     
    Last edited: Dec 10, 2012
  5. olystyle

    olystyle Regular Member

    Joined:
    Jan 6, 2012
    Messages:
    238
    Likes Received:
    103
    How about making use/money of his security problem while being perfectly legal: contact him, tell him about his security problem and that you are willing to help him for small fee - do this either disguised as a security consultant, or tell him that you changed professions or be honest and tell him that you are his (nice) competitor... Shouldn't be to hard to convince him that he needs to improve the security of his site. Stealing his customers or replacing Paypal account willl get you into jail - and jails in Russia or China aren't that nice from what i've heard...

    Keep in mind that having a good relationship to your competitor might be useful aswell - Joint Ventures, Link Exchanges to harden both of your positions in the SERPs,....

    cheers
     
  6. Stizerg

    Stizerg Power Member

    Joined:
    Oct 23, 2011
    Messages:
    611
    Likes Received:
    167
    I would watch his customers and every time they about to order something I would send them a better deal.
     
  7. TimeMachine

    TimeMachine Junior Member

    Joined:
    Jul 17, 2008
    Messages:
    111
    Likes Received:
    29
    FYI The best place to hurt anyone is in their wallet..