Account

May 14, 2026

  1. david

    Web Hackers

    Transcript IMG_0414

    David · 00:00:00

    Here's an idea. We need a token-based reward system for bounties. For this sort of thing that I experienced tonight. I mean, there are security services for defending your websites. Lots of different options. But I'm talking about paying someone to go on the offensive. Monitoring and then actively seeking and trying to find the IP address or browser fingerprints or whatever. Who's responsible to whatever degree it is possible.

    Someone could specialize in doing this with the AI tools that are coming out. And basically make a living off of operating many small-time bounty contracts. For small-time bounties. For small-time offenses like this. They wouldn't catch everyone, but if this became popular, it would become too risky for most people to engage in this kind of ridiculous behavior. I don't want to spend my time trying to develop a project like that, but that's a younger man's game. Collecting venture capital and rolling out blockchain projects. But it's wide open. Hell, it should probably be subsidized. We all pay enough in taxes.

    Do people want the problem solved? Do you think it's going to be solved by causing everyone to put their government ID into a computer to log in? No. That's not going to solve it. Might help some. What you need is an offensive unit. That is intimidating. It won't stop it. Nothing ever will stop it completely. I don't think. We don't want to go down that road. Too much freedom will be eliminated.

    Now, I'm not claiming I have the skills to do this, but there are people who do. A hundred percent. And I think that they probably many of them have day jobs, but they prefer to be doing this full time if they could just get paid well enough for it. You government people want this problem solved? You can solve it with taxpayers. I don't think we should stand for this shit anymore.

    If somebody was coming to my house in the middle of the day and checking all the doors and windows and floors and ceilings for entry points, that would be actionable by the local authorities. I mean, not here in Houston. Apparently, they don't do anything if you go and make reports. Sorry, people. I'm not going to stop talking shit about you until somebody calls me back about my harassment. It's fucking ridiculous. You're going to make me come down to the police station a third fucking time? Because I'm going to. At some point, I'm coming back down there.

    But anyways, this isn't about that. Our digital properties should be easier to secure. And the funds are there to pay teams of people who have the ability to. To at least potentially track down a sizable percentage of who's doing this. Nobody fucking listens to me.

    Transcript IMG_0415

    David · 00:00:00

    I mean, these intelligence agencies have access to all of our data. Why are we not holding them responsible to catching people who do this shit? It's not like they're going to release the reins they have on this data. It's not going to happen, people. But don't you think we should hold them quite a bit more tightly responsible for stopping this kind of bullshit?

    I mean, shouldn't somebody knock on their door and say, Hey, you guys have access to all of the data going through all of the internet trunks everywhere through Prism. What are you fucking doing to stop cybercrime? Are you sitting over there with your thumbs up your ass? Are you using the FISA court system to target individuals who don't fucking deserve it instead? Fucking clown world. Run by fucking clowns and populated by clowns. Fucking clowns. For the most part. Sorry. It's fucking true.

    Transcript IMG_0416

    David · 00:00:00

    Oh hell, I'm just going to let it rip tonight. Here's another thought, or a concern. How can we allow justices that have no fucking idea how this technology works to rule on cases like this? They got to be trained from ground zero or ground 20% every time a new case starts? Sorry people, it's moving too fast now because of AI. They're obsolete already for much of this stuff that's emerging. What are y'all going to do about that? Y'all got your thumbs up your ass over there in the legal system too? Bunch of justices sitting on benches who ain't got a fucking shred of expertise in this kind of technology area? Look, it's a fucking joke. You people are a fucking joke.

    Web Hackers — 1 of 6
    Web Hackers — 2 of 6
    Web Hackers — 3 of 6
    Web Hackers — 4 of 6
    Web Hackers — 5 of 6
    Web Hackers — 6 of 6

    A newly-published reference site, plausibleadmission.org, drew four distinct scanners within hours of its first TLS certificate going live — a CT-log-watching credentials scraper from a bulletproof-hosting cluster, a LeakIX indexing pass, a curated curl recon run, and a ChatGPT-User-vectored LLM-assisted probe. Three videos of the evening reaction and a forensic analysis the next morning.

    Related

  2. david

    Phishing for Mary

    Four screenshots of a back-and-forth SMS conversation with an unknown sender claiming to be 'Eileen' looking for her friend 'Mary'. — 1 of 4
    Four screenshots of a back-and-forth SMS conversation with an unknown sender claiming to be 'Eileen' looking for her friend 'Mary'. — 2 of 4
    Four screenshots of a back-and-forth SMS conversation with an unknown sender claiming to be 'Eileen' looking for her friend 'Mary'. — 3 of 4
    Four screenshots of a back-and-forth SMS conversation with an unknown sender claiming to be 'Eileen' looking for her friend 'Mary'. — 4 of 4

    An hour-long SMS conversation with a sender persistently working a hop-seeding pretext — "Eileen" looking for her old friend "Mary", who supposedly used this number. Includes an explicit rapport-building line and a re-engagement attempt six hours after the conversation ended.

    A hop-seeding opener that walked all the way through the script — pretextual contact, polite misdirection-handling when challenged, rapport invitation, and a re-engagement attempt that afternoon after the conversation had been formally closed.

    The opener was a single line at 10:45 AM: "When do you see yourself coming back?" — addressed to nobody, inviting any reply at all. I replied that the recipient they thought they were reaching was not me, that the number had been SIM-hacked the year before, and asked who they were looking for. The sender pivoted to the next module: an old friend named "Mary" who supposedly used to use this number, and who they had lost touch with. Their own name, they said, was "Eileen."

    When I told them my actual demographic context did not match the friend they were looking for, they did not let go. The reply was the line that names the whole operation: "It's okay, you'll share with me once we're more familiar with each other. Have a great Thursday, what are your plans for today?" That is the rapport-building module quoted directly — the deliberate move past the failed first pretext into the long-con phase.

    I told them there was no real reason to keep talking, but asked if they could share anything about "Mary" — to test whether the friend was a real person or part of the script. The reply tried to flip the framing on me: "I don't know who you're talking about. I thought this number was always used by my friend Mary, and no one had leaked your number."

    I closed the conversation. "We're done here." They sent a polite sign-off.

    Six hours later, at 5:00 PM, the same number sent a fresh message: "Good evening. I wonder what you're busy with right now?" — the re-engagement module, designed to bypass the formal close and start the conversation fresh as if the morning had not happened. I did not reply.

    What this entry documents, in addition to the structured data: a script with at least four distinct modules — pretext, rapport-building after the pretext fails, narrative-flip when challenged, and timed re-engagement after a no.

    Related