Categories > WeAreDevs > Hangout >
[IMPORTANT!!] NEW WAY CLASSICCAT DOXES PEOPLE
Posted
ClassicCat almost doxed me. Don't let him dox you.
This is a serious post about doxing (the collection of personal information). Please read this post in order to protect yourself and others from this new method of doxing.
I know reading lots of text is boring, but I promise you, this one will be worth it. You will also learn valuable information that will help you prevent this method of attack in the future.
I know that this is posted in the Discussion category, but I feel as if this is important, so I want everyone to see this, so that they can avoid having their personal information being leaked. I will also post this in Disputes as well.
About a week ago (sorry for posting this so late), ClassicCat almost doxed me. The method that he used was very clever, unlike anything I've ever seen before.
He used clever social engineering in an attempt to dox me in a way that didn't feel suspicious to me in the slightest.
In this article, I will cover the obscure method that he used to dox me, and ways that you can protect yourself from this kind of special social-engineering attack.
If you aren't careful (like I wasn't), you could end up giving ClassicCat these details:
- Your full (first and last) name
- Your house / street address
- Your ZIP code
- Your phone number
How the Attack Works (SPOILERS, SKIP TO NEXT SECTION TO AVOID)
First off, what was the attack? The main part that makes this attack work is the information manager built into Google Chrome.
As most of you know, Chrome stores your usernames and passwords, but it also automatically stores other information that you feed it, such as your full name, house/street address, zip code, and phone number.
When you fill out a form that involves this data, Chrome will automatically save it in the background so that it may make it convenient to fill out forms faster in the future with just one click.
The downside to this is that Classiccat abuses this functionality to harvest peoples' personal information.
The Attack Process
ClassicCat started off by sending me a friend request on (or close to) New Year's Day, which is what kick started this whole thing off.
Once he had added me as a friend, he waited a day, and then sent me a message saying that he 'knew that was my alt.' In other words, he was saying that I was going on an alt account and harassing him.
I wasn't harassing him on an alt, so I figured he might've just been trolling me to waste my time. I was trying to convince him that he wasn't me, but he wouldn't buy it.
The next day, to prove that I was him, he had me share my screen in a call to Discord. If I could prove that I could type while the other account types at the same time using a screen share as proof, it would prove that we're not the same person. I had no problem doing this.
The call lasted for a while since he was sending messages slowly on his alt account that he said was me to drag out the call.
While we were waiting for the other account to respond, ClassicCat makes me aware of this guy who had a lot of information on me. The guy apparently told him of how my method of identifying ClassicCat works, and he told me that he'd tell me who it was if I paid him $5.
Not going to lie, I had actually considered giving him the $5. He added that I could also get him a Roblox gift card, which he jokingly implied that I could also get him free Robux if I found a way to. So, he gave me the idea of exploring some of these free Robux scam sites while we waited for the other account to respond. I had no problem doing this, as I find myself going down the scam site rabbithole sometimes. It can be fun to see where the scam sites go.
The Robux scam site we went to was robuxfree.top (SCAM SITE, DO NOT GO THERE). I went through the whole process of putting in the Robux amount, username, etc. Then, when it gets to the "human verification," you have four surveys that you can complete, which he directed me to the $200 Walmart Gift Card survey. I answered the questions in the survey (with fake answers, of course) by clicking each answer.
Now, this is where things can potentially get dangerous. At the end of the scam rabbit hole, after you've done the whole process and clicked through all the answers, there is a form. When you click into any box in the form, Chrome will display an auto-fill prompt, which, when moused over, will show all your personal information. Once this is shown, it's too late, since ClassicCat is constantly recording the screen share with OBS, and has captured the auto-fill prompt.
I clicked into the "Name" field, and since my mouse had to click into the text box in order for me to type, it was right next to the "John" auto-fill, which I moused over. Thankfully, John Hedgeman (my spam inbox account) was on the top, and Carson was on the bottom. If Carson was on the top, he would have captured my personal info with OBS, and it would've been game over. The only problem is, the auto-fill prompt is very easy to mouse over, and if you do for even a fraction of a second, ClassicCat's OBS will record it.
Image Showing the Attack (37.8 kB)
How to Protect Yourself From This Attack
To protect yourself from this attack, I'd suggest the following pointers:
- Turn off the auto-fill feature in Chrome's settings
- Always be suspicious of everything someone tells you or asks you to do
- Use Chrome in Incognito Mode while screen sharing
- Do not make any contact with ClassicCat. You may think that you are safe and that he won't be able to outsmart you, but he is smarter than you think he is.
Summary / Too Long; Didn't Read
TL;DR: ClassicCat uses a clever social-engineering tactic to have a victim screen share and click into a form, which causes Chrome to display the auto-fill prompt, which ClassicCat captures using OBS.
Final Thoughts
I hate to say it, but the way ClassicCat did this dox is surprisingly clever. Never in my days of ethical hacking have I ever been able to think up something of this scale. ClassicCat knew the inner workings of the scam sites, so he was able to maliciously envision an entire plan to try to dox people with. This just goes to show that although ClassicCat is young, he has a brilliant mind, coupled with bad intent, which makes him a serious threat to the state of security. I wish ClassicCat would use his knowledge for something good, like ethical hacking, other than using it for bad, like manipulating people to dox them, and making a tool that DDoSes servers. If he continues to do what he is doing, he could have his computer privileges taken away from him later on in life, or even worse, be imprisoned. Going into the ethical hacking world will not land people in jail. They will be contributing to security, and making the internet what it was supposed to be. The original creators of the internet didn't intend for everyone to be able to attack each other's servers with DDoS floods.
Hopefully this warning was able to help you, and I hope to see ClassicCat make wiser decisions with his time in the future (no, ACTUAL wise decisions; he can say he has changed into a better person all he wants to, but until that actually happens, we will just have to hope).
Extra Image
Classiccat just casually sends someone's info just to show off his doxing skills:
Also, I will probably be posting this thread eventually on V3rmillion, too, since classiccat is also posing a threat to that community as well.
â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘
Programmer. Discord: while true do end#9977
Exploits I have: Nopde Engine (Good in some cases), Coco Z4 lite (GOOD), Fluxus (Okay), Yoink (TRASH)
â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘
Replied
Its fairly easy to avoid getting doxed; Have some common sense.
Cancel
Post
Replied
@Ducxy Yes, but he is using a clever method of doxing. Not to be rude, but if you would've read the thread, you would've understood.
Cancel
Post
â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘
Programmer. Discord: while true do end#9977
Exploits I have: Nopde Engine (Good in some cases), Coco Z4 lite (GOOD), Fluxus (Okay), Yoink (TRASH)
â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘
Replied
this is a very clever tactic i wouldnt of noticed
its lucky i have chrome auto-fill off
Cancel
Post
JustMarie#0709
Â
Replied
This is not smart neither is it anything anyone should ever be worried about, you have to be an idiot to fall for this and nothing will ever stop an idiot from doing anything else that will get their Windows toaster bricked, mom's credit card sold on the darknet or logins sent to some Turkish caveman's PC.
This relies on very specific circumstances being in place:
* Screensharing - An act of streaming the contents of your unfiltered and unedited display live to a third party. Which may expose any private information you might've not hidden before you have started sharing your screen. No artificial delay for stopping information leaks? Seriously?
* Using autofill - Trusting your browser to collect and save private information, having no ask-before-display or no authentication for autofill. Using Chrome on itself is stupid, saving your personal information into it and synchronizing it with cloud is even more stupid.
Play stupid games, win stupid prizes. No one would fall for this as it's a reforged form of just seeing personal information scattered accidentally while screenshare is enabled. By calling this smart you are making a salty little kid on the internet screech in excitement from their mediocre social engineering skills aren't effective on anything more than a 50-year-old office milf.
Cancel
Post
it will no longer be possible to contact me here, but i will be on session for at least a bit :)
0520984e5ed65f84673ff6d3421d89a3b3e1dff2ed54cbd4ed012351789a347913
I am a used-to-be programmer, now producer, rapper and artist
https://cdn.discordapp.com/attachments/593162491085979649/926285159047770152/visuals-000415636677-YGc9rS-t2480x520_1.jpg
Replied
@Texas Those are some good points, and I appreciate the constructive criticism; however, for the actual auto-fill part, it is turned on by default in Chrome, and while you could argue that you could just turn it off, for the average user who doesn't know it's there or that it's going to pop up, they are most likely not going to turn it off.
Cancel
Post
â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘
Programmer. Discord: while true do end#9977
Exploits I have: Nopde Engine (Good in some cases), Coco Z4 lite (GOOD), Fluxus (Okay), Yoink (TRASH)
â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘
Replied
@Carson_Dev An average user is an average user, these days an average user is absolutely clueless about computers, security, social engineering due to the fact that companies like Apple and Microsoft have been brainwashing consumers for more than two decades. Nothing can be done about those that don't acknowledge their lack of wits and then proceed to get into situations without ever thinking of certain unforeseen consequences.
Cancel
Post
it will no longer be possible to contact me here, but i will be on session for at least a bit :)
0520984e5ed65f84673ff6d3421d89a3b3e1dff2ed54cbd4ed012351789a347913
Replied
@Texas Yeah, exactly. That's why I want to make the average user aware that this "vulnerability" exists, although it might not help much posting it here on WRD (since most people here definitely are not the average user and are very smart). But, I figured it'd be worth giving it a shot anyway.
Cancel
Post
â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘
Programmer. Discord: while true do end#9977
Exploits I have: Nopde Engine (Good in some cases), Coco Z4 lite (GOOD), Fluxus (Okay), Yoink (TRASH)
â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘
Replied
I honestly wouldn't blame you for not knowing he was trying to dox you, people usually don't question the security of features like Screenshare and Autofill because they wouldn't know how it would be abused, it's good that you let everyone know that this is kind of suspicious behavior.
Cancel
Post
WRD Account For Coco Z
Replied
Carson you still have your Covid10=Classicat signature
Cancel
Post
Replied
@Moon because he is lol (totally didn't admit he was covid10 like 5 weeks ago, we're still on the hunt for covid10 >:)
Cancel
Post
â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘
Programmer. Discord: while true do end#9977
Exploits I have: Nopde Engine (Good in some cases), Coco Z4 lite (GOOD), Fluxus (Okay), Yoink (TRASH)
â–‘â–‘â–‘â–‘â–‘â–‘â–‘â–‘
Replied
ummm came back now classic is doxing again??
Cancel
Post
Hello there
#StayHome
Users viewing this thread:
( Members: 0, Guests: 1, Total: 1 )
Cancel
Post