Detailed step by step guide to how Gamma Group was hacked. The most important safety recommendations are in the first section.
* Use an encrypted volume with a hidden container.
* Install Whonix inside the hidden container
* Never use your hacking rig for personal computing
* Never use your personal computing rig for hacking
Compartmentation + basic denial
* Never tell your friends about your hacking (basic stfu OPSEC)
* Never tell your criminal coconspirators about your personal life (basic stfu OPSEC)
“don’t sell no crack where you rest at”
* Use a hacked wifi connection to get internet access
* Use a hacked or rented (with BTC!) server for hacking. Personally, I’m not sure BTC will be safe into the future. Be sure to wash them first.
The rest is a very basic intro to pen testing guide. Usual recon, exploitation, escalation, pivot, wash rinse repeat.
One important security note to take away is that if you deploy a web service: audit the damn thing! This was an entirely preventable hack. The system was locked down, the network was locked down, the website was wide open. If you’re paying for a bespoke solution, audit it and make them fix bugs for free.
Definitely interesting. Thanks for the info!