miércoles, 12 de octubre de 2016

The Untold Truth about Zeus Case

So many publications on the case were made, this gave around the world, still does.

A judge sentenced two hackers involved in the creation, maintenance, and marketing of the SpyEye financial botnet to a combined sentence of 24 years in prison, the US Department of Justice has announced today

Aleksandr Andreevich Panin, 27, from Russia, known online as Gribodemon and Harderman, received nine and a half years in prison, while his accomplice, Hamza Bendelladj, 27, from Algeria, known online as Bx1, got 15 years in jail.

The official documents say that:

The lawsuit names "John Does 1-39" which are described by their online monickers or "handles", many of which will be well known to anyone who has been researching Zeus:

JOHN DOES 1-39 D/B/A Slavik, Monstr, IOO, Nu11, nvidiag, zebra7753, lexa_Mef, gss, iceIX, Harderman, Gribodemon, Aqua, aquaSecond, it, percent, cp01, hct, xman, Pepsi, miami, miamibc, petr0vich, Mr. ICQ, Tank, tankist, Kusunagi, Noname, Lucky, Bashorg, Indep, Mask, Enx, Benny, Bentley, Denis Lubimov, MaDaGaSka, Vkontake, rfcid, parik, reronic, Daniel, bx1, Daniel Hamza, Danielbx1, jah, Jonni, jtk, Veggi Roma, D frank, duo, Admin2010, h4x0rdz, Donsft, mary.J555, susanneon, kainehabe, virus_e_2003, spaishp, sere.bro, muddem, mechan1zm, vlad.dimitrov, jheto2002, sector.exploits AND JabberZeus Crew CONTROLLING COMPUTER BOTNETS THEREBY INJURING PLAINTIFFS, AND THEIR CUSTOMERS AND MEMBERS.

All of the supporting legal documents can be found on the Microsoft-registered server: 

The Zeus malware also goes under the name Ice-IX and SpyEye. Microsoft said John Doe 1, who goes by the name Slavik, Monstr, IOO, and Nu11, is the creator. John Doe 2, aka zebra 7753, lexa_mef, gss, and iceIX, created a Zeus family member called Ice-IX, Microsoft said, and John Doe 3, aka Harderman and Gribodemon, created another family member called SpyEye, the complaint said.

John Doe 5, aka miami and miamibc, John Doe 9, aka Kusunagi, and John Doe 38, aka jheto2002, are other developers involved, writing "Web inject" code that gets the malware onto victims' computers, the complaint said. Some other defendants also were involved in developing the software.

John Doe 4, aka Aqua, aquaSecond, percent, cp01, and other aliases, recruits "money mules" whose job it is to travel to different countries to create bogus bank accounts into which victims' money is transferred. Several of the other John Does are these money mules. John Does 23 and 24, aka jtk and Veggi Roma, respectively, also recruited money mules, the lawsuit said.

My mistake was publish an link of my PoC without source code on Hackforums, now not remember the post, that is the Source Code

For years i searching info about that, why , why, why, Until both found on LinkedIn, "Jorge Mieres" an researcher, he knowns all about Zeus, the he told me that had spent much time researching and long after demand also, we talk more for months, he explained that, the research was done lightly, without a thorough analysis, without facts simply they wrote down on paper, any damn profile fit on that, the investigation was not serious, just fish in a jumbled barrel, he spoke with many people from Microsoft and thought the same, but everyone kept his mouth shut, criminals, protecting criminals i always say, you do wrong things, you not like be "catched", especially if your company is "Microsoft" trying to "catch" Banking Trojans criminals.

On this time i be really desperate, months without job, freelance, nothing, all people call me criminal, that was the shit, and continues today, on this times i "decide" be "an criminal", an write a lot of shit on Pastebin, saying good bye, Jasper Hamill , write an article on Forbes "A Hacker's Guide To Finding A Job"

On 2011 the Source Code of Zeus was published on Github that contains the Server Code

On this days i try to demand this guys for that, but all layers on my country only talk about of lot money to review my case, and more money to send that to the court, well i continue with my life, doing more "PoC's", doing more reversing, cheeking Apps, Libs, API, a lot of things, is a lot of bullshit on the head, on this time i meet security people on LinkedIn (Kandy, Bob, Jorge, Hernan, Mayur, Dave, Remo, Marnix, Dhamu, and more) and Twitter (Disassembler, Claus, Odisseus, maldevel, and more), they always try give me ideas to get job or make tools to sell, sharing post's, or this type of things, really good people, while everyone called me criminal they always try to help me.

But the top news never says they spoke lies about me, I was never part of a criminal network, Internet all the idiots believe that "you are a criminal".

Some days ago, again come back this mother fucker, and sent an inbox message:

8 Oct, 21:57 Request: Please tell me a little bit about yourself. I remember your name from the Zeus botnet matter that I was involved with. I would appreciate learning a bit more about you. Thanks, Gabe.

That explode on my mind, this guy not have shame, i'm not "involved with", you say more crap about me, but i remember the words of Kandy: You are gifted, not an criminal, be an legend; That is the reason of this post and all my PoC's and Tools.

All my Twitter, LinkedIn and Blogger followers knowns what i can do with the code, if i be criminal, i be fully of money, and would not be seeking employment and/or trying to create my own LLC Company.

For this reason i send an email to "Public Defender on California", telling him this story, oh well, if these guys do not get charges, the legal system in the US sucks and is criminal, plain and simple.

How i probe i not be an criminal simple, i found and report this vulnerabilities:

Android CitiBank Colombia
Android IPC Communication 

Android Third Party Validation
Android Amazon AWS SDK 

Android Parse SDK

Technicolor TC7300 Bad configuration
Windows Privilege Escalation

Too i develop this things to detect vulnerabilities and protect the data of the people.

VectorAttackScanner - VAS
E2EE (End To End Encryption, RSA2048 + AES256 + PBKDF2 + RSA Signature Verification)

Too the news say that:

Thanks to Alexander Knorr for the research, and Security Scorecard by publishing: The Calm Before the Mobile API Data Breach Storm
Thanks to Jeremy Wagstaff for the research, and Reuters by
publishing: 'Billions' of Records at Risk From Mobile App Data Flaw  

Too if you compare My code and Zeus code is another thing, You need to be a very big ignorant if try to compare my PoC with the code of Zeus.

Or well, if i be an criminal spreading "Zeus", where are my fucking thousands or millions dollars ?  The reality is if i not finish my new tool LeakVM on few months, literally "we be on the street". 

When you say on an legal case, "jheto2002 (Jheto Xekri - Me), are other developers involved, writing "Web inject" code that gets the malware onto victims'", you are affirming, you need
facts, you defame me, you do damage the my public image, you doing damages their mental health and tranquility, and utterly destroy job opportunities on software/security industry, and maybe more, this makes you a criminal by you acts and by you words, you are a liar.