Monday, April 9, 2012

Will the real HOIC Author, Please stand Up.

 I was taking a look a the Anonymous Hacking Tool HOIC and I noticed a lovely little file included in the directory - hoic.rdp.rdp.  A google search for rdp turns up - Real Studio.  Unfortunately, when I opened it up, I received the following error:

Unfortunately, my user-name is not "subwar".  So, I decided to dedicate some time to finding out who "subwar" is.

Looks like over at HackForums.net, there are quite a few folks who were scammed out of $60, but a "subwar".

http://www.hackforums.net/member.php?action=profile&uid=114891

You mentioned the program you used to code HOIC as well on HackForum:
http://www.hackforums.net/showthread.php?tid=1279855&page=3


Looks like you were also dumped in one of TeaMp0isoN's leaks:
http://www.gonullyourself.org/ezines/TeaMp0isoN/TeaMp0isoN%201.txt

subwar $H$9K1UMdcazF/jef9.9R9FJl/YnBsKuK. subwar.public@subwar.net

With that link, I was able to identify your website.  Unfortunately, my copy of IE6 couldn't open it.  However, there was some warnings about it:
http://support.clean-mx.de/clean-mx/viruses.php?domain=subwar.net&sort=first%20desc

It also looks like some of your callbacks are set to "Subwar.com":
http://pastebin.com/d4a067ce2

I also came across your Wikipedia and xFire user...And you location: Austin, TX:
http://en.wikipedia.7val.com/wiki/User:Subwar
http://beta.xfire.com/profile/subwarnet/
That leads me to your twitter:
http://twitter.com/#!/subwar

(I want to totally say, I'm an Acid Bath fan too!)

Back to the subject at hand:
http://en.wikipedia.org/w/index.php?title=User:Subwar&action=history

Some IPs:
67.182.132.10
70.178.12.97
69.165.131.178

Now, whats odd for me.  Is on twitter, your followed by Stephen Roy, who's twitter is:
http://twitter.com/#!/sirtwat

His domain, sirtwat.com was registered to the same IP as "subwar.net".  Oh, and you originally registered the domain to:
Registrant Contact:
   Stephen Roy
   Stephen Roy ()
  
   Fax:
   414 Mountain Laurel
   Cedar Park, TX 78613
   US

But the thing is with Stephen Roy, is he has another twitter:
http://twitter.com/#!/t0phux

Your reddit profile let me to another of your websites:
http://redditgifts.com/profiles/view/t0phux/

And you own: CraftersoftheBadass.com

registrant-firstname:            Stephen
registrant-lastname:             Roy
registrant-street1:              12311 Shropshire Blvd
registrant-pcode:                78753
registrant-state:                TX
registrant-city:                 Austin
registrant-ccode:                US
registrant-phone:                +1.5125866566
registrant-email:                t0phux@gmail.com

admin-c-firstname:               Stephen
admin-c-lastname:                Roy
admin-c-street1:                 12311 Shropshire Blvd
admin-c-pcode:                   78753
admin-c-state:                   TX
admin-c-city:                    Austin
admin-c-ccode:                   US
admin-c-phone:                   +1.5125866566
admin-c-email:                   t0phux@gmail.com






Posted by at

1 comment:

Subscribe to: Post Comments (Atom)