digg

Facebook Connect Join Digg About

Script Kiddie Leaves Photo ID Behind After Wreaking Havoc

chrisbrunner.com As the administrator of a free shell account provider, I see all kinds of questionable activity on a regular basis. People usually try to cover their tracks before trying anything stupid. Not so in the case of Mr. Machelesen of the Netherlands.

Who dugg this? Made popular Sep 20, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

72 Comments

show profanity settings
expand all
  • inactive, on 10/12/2007, -2/+64Anyone thought about the fact that may not actually be him but rather hes trying to set someone up?
  • theone3, on 10/12/2007, -0/+17brunner (submitter) says below: "Nah, I confirmed the info on this ID against the PayPal records. This is really him"
  • brunner, on 10/12/2007, -0/+17A $1 donation is required via PayPal if you don't sign up for free by postal mail...
  • w0rd, on 10/12/2007, -4/+20You rang?
  • purrdeta, on 10/12/2007, -0/+13Does anyone look especially good in their government issued IDs? I know I dont :P
  • brunner, on 10/12/2007, -0/+10There's nothing illegal about this. He uploaded it to his public_html directory. I just copied it when I posted the article. Here's the original link: http://silenceisdefeat.org/~defusion/idkaart.png
  • brunner, on 10/12/2007, -1/+11Nah, I confirmed the info on this ID against the PayPal records. This is really him.
  • swazo, on 10/12/2007, -1/+10http://duggmirror.com/offbeat_news/Script_Kiddie_Leaves_Photo_ID_Behind_After_Wreaking_Havoc/

    I guess Macaulay Culkin dropped off the face of the earth and became a computer nerd.
  • wilsonder, on 10/12/2007, -0/+9what an idiot. Unless, he's smarter than he looks and is trying to screw someone else.
  • Urusai, on 10/12/2007, -0/+8Publicly issued documents should be public record.
  • daveddd, on 10/12/2007, -1/+9Come on, he cant be that stupid.
  • rabidwalrus, on 10/12/2007, -1/+7@qwerty967

    Remember, *he* posted it to his public_html directory!
  • tidu, on 10/12/2007, -1/+7Well he looks rather dapper in his portrait, wouldn't you say?
  • GravyTrain6, on 10/12/2007, -3/+8http://duggmirror.com/offbeat_news/Script_Kiddie_Leaves_Photo_ID_Behind_After_Wreaking_Havoc/
  • jerr0328, on 10/12/2007, -3/+8this guy probably makes script kiddies ashamed
  • brunner, on 10/12/2007, -1/+5You people kill me. I can't believe how many people just assume that I posted every single bit of evidence I have, and then go on to assume that this kid was framed, without knowing anything other than what you read in the article. I'm going to repost a comment I left below:
    - People saw this happen, while it was happening on the server.
    - He contacted me today via AIM and then IRC after the dutch media called his house, and lo and behold, *his IP matched exactly with the one that was used to run the perl script.*
    - He's stated on his own website that the ID really belongs to him.
    - He also claims to be part of the "hacking" community because he's an admin of a script kiddie-ish forum that talks about MS Word exploits and the like. He shows all the features of a script kiddie!
    - He admitted to me via IRC that he writes scripts like this all the time.

    What else do you want??
    You can read samble's comment towards the bottom of the page for first-hand testimony, but aside from that, I can't help you very much.

    The truth is clear to those who are capable of even the smallest amount of reason. I give up on convincing the rest of you.
  • samble, on 10/12/2007, -0/+4I was logged on to silenceisdefeat via ssh at about 4:00 PM CST yesterday, just messing around and talking to folks in their IRC channel. I noticed the system was running slow, and ran 'top.' The topmost line, sorted by %CPU and with the option to show all command line arguments, was:

    32641 defusion 64 0 1104K 2280K run - 1:17 86.04% perl udp.pl 66.252.4.76 80 0

    Then not too long after, sd's IP range was null routed by their colo service. A listing of his home directory shows scattered examples of "security-related" tools and files, including a compiled brute force password cracker:

    samble@brunner:~$ ls -F /home/defusion/
    a.out* du.txt* nmap-4.01/ ps.pl* rl.pl* scan/ users.txt*
    benchmark.c* for* nmap-4.01.tar.bz2* public_html/ roulette.log* tr.pl*
    doc@ mail/ parser.pl* rl.csv* roulette.pl* type*


    samble@brunner:~$ ls -F /home/defusion/scan/
    216.194.pscan.22* 82.66.pscan.22* auto* scan/ start*
    404.shtml* 84.75.pscan.22* brute* scan.conf* vuln.txt*

    A little swipe of Occam's Razor, and I don't think a reasonable person would have much doubt. I realize this is digg so that does not apply, but I will abstain from making an appeal more suitable the readers and users here.

  • msikma, on 10/12/2007, -1/+5Indeed. Nobody uploads his own photo before hacking a server. This was done by some other kid. He's 17 years old--the age that kids do stupid things. One of his mates from school might have decided to do this hilarious (not) prank. So congratulations: you've published someone's personal ID without having solid proof that it was him who uploaded it!
  • brunner, on 10/12/2007, -2/+6Well, we could either call his local police or make fun of him in public... It may be more professional to call the police, but he's probably much better off this way. We didn't make any of his information public that he hadn't already posted publicly.
  • toxicredm, on 10/12/2007, -2/+5Maybe he hijacked this person's PayPal account too.
  • brunner, on 10/12/2007, -0/+3Oh god... you're honestly trying to argue that what? someone broke into his house and did this? His father is trying to frame him? Get real, dude.
  • ryan_merket, on 10/12/2007, -2/+5"free shell account provider" - with Paypal records?
  • MacNTT, on 10/12/2007, -0/+3Dumbass. Well, at least he brought laughter to a bunch of people he didn't know. ;-)
  • rubored, on 10/12/2007, -0/+3LOL!
    A Script Kiddie just did the most Sript-Kiddiest thing I've ever seen!
    >.<
    +DIGG! for Sheer Stupidity!
  • purrdeta, on 10/12/2007, -1/+4The user in question is the one who uploaded it. IT was in his public_html folder!
  • t0ny, on 10/12/2007, -1/+4How do you know he didnt steal the id and the paypal account?
  • brunner, on 10/12/2007, -0/+2This is because most of the people who are posting these kinds of comments didn't read everything available to them. Marvin readily admits the ID and the picture are his. The IP of the SD user who ran the perl script matches the IP *HE'S CURRENTLY USING TO TALK TO ME ON IRC*. What other proof could you want?

    Furthermore, xelad, had you posted the comment with a valid email address, I would have responded with the actual proof that matches him to the perl process.
  • Niek, on 10/12/2007, -0/+2For his address + phone #, do a "whois defusion.nl"
  • brunner, on 10/12/2007, -1/+3Good lord, dude. What makes you think I've posted every bit of evidence I have? People saw this happen, while it was happening on the server. He contacted me today via AIM and then IRC, and lo and behold, his IP matched exactly with the one that ran the perl script. He's stated on his own website that the ID is his. He also claims to be part of the security community because he's an admin of a script kiddie-ish exploit forum that talks about MS Word exploits and the like. He admitted to me via IRC that he writes scripts like this all the time. What else do you want?? You can read samble's comment towards the bottom of the page for first-hand testimony, aside from that, I can't help you very much. The truth is clear to those who are capable of even the smallest amount of reason. I give up on convincing the rest of you.
  • whistles, on 10/12/2007, -0/+2And what if its a Joe Job? He is just as much of an ass for publishing the id card.
  • Qazzian, on 10/12/2007, -0/+2@ ryan_merket

    Look at the root website and you'll see.
    http://silenceisdefeat.org/
  • jfreeman, on 10/12/2007, -5/+7Exactly. You beat me to it, but there's no way you can verify the person on that ID is the one with the shell account.
  • RoboPimp3000, on 10/12/2007, -1/+3"Publicly issued documents should be public record."

    Oh yeah, that's a great idea. Let's just post everybody's birth certificates, driver's license, passports, and social security cards online.
  • brotherfranciz, on 10/12/2007, -0/+1pffft, 1.6m tall. haha... really is a script 'kiddie' after all... Apparently, the Dutch were the tallest nation in the world (a couple years back - can't remember...) - but then again, you get some anomalies...
  • omnidatacenter, on 10/12/2007, -2/+3I'm not convinced that the kid wasn't framed and they really don't have solid proof that it was really him.
  • invader, on 10/12/2007, -3/+4same here.. it would be funny if it was the ID of the target :)
  • qwerty967, on 10/12/2007, -1/+2Did you investigate the possibility that his credentials might have been compromised and someone else propagated these attacks? I mean if he's dumb enough to upload his id, then he might be dumb enough to have his password stolen. I'm just putting it out there.
  • ryan_merket, on 10/12/2007, -2/+3@brunner

    What kind of "free shell account provider" are you with PayPal records?
  • justahuman, on 10/12/2007, -0/+1stupid kid . .but this is how u learn . .u still have a lot to learn..

    wtf happened to h4cky0u.org?
  • qwerty967, on 10/12/2007, -1/+2Actually I do. Already in the comments area of your blog entry, someone suggested that they visit his home with a soft club. I know he's (probably) joking, but there are some crazy people on the internet.
  • brunner, on 10/12/2007, -0/+1_ _
  • purrdeta, on 10/12/2007, -0/+1They are public record. You can go down to the records office and look stuff like that up. Maybe not SSN but surely property records, drivers license, and all that jazz.
  • PaiTrakt, on 10/12/2007, -0/+1Somebody set us up the bomb?
  • brunner, on 10/12/2007, -1/+2No one is going to his house. That comment was obviously a joke.

    Join me on #sd on irc.oftc.net and we'll talk about this further. I remember seeing you around, and we do value you use a user.
  • GoodOlClint, on 10/12/2007, -5/+5exactly what I was thinking
  • mix3dsign4lz, on 10/12/2007, -0/+0in the words of jayne mansfield; "what a moron".

  • xelad, on 10/12/2007, -0/+0This picture is 5 years old. It says: Issued on October 4, 2001.
  • Niek, on 10/12/2007, -1/+1Some Dutch media picked this up:

    http://webwereld.nl/ref/rss/42950
    http://www.geenstijl.nl/mt/archieven/017682.html
  • glguy, on 10/12/2007, -2/+2If the person that set up this guy had access to his ID, why wouldn't he go ahead and create a paypal account as the same person??

    The chances are slim that this is not a set-up, and I hope the author of the article doesn't get sued for libel when the truth comes out.
  • stevland, on 10/12/2007, -1/+1
    here is marvin's lastfm account:
    http://www.last.fm/user/defusion/

    and here is the home page this article refers to:
    http://www.last.fm/user/defusion/

    more:
    http://www.google.com/search?hl=en&lr=&safe=off&c2coff=1&rls=GGGL%2CGGGL%3A2006-18%2CGGGL%3Aen&q=Marvin+Machelesen&btnG=Search

    happy 15 minutes of digg, marvin!

  • Fetching more discussions...
    Show 51 - 72 of 72 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.