#the last assignment could have been for a billion reasons like was it bc i was late to class? was it bc i did it on the wrong side of the | Explore Tumblr Posts and Blogs

stillebesat · 4 years

Note

i was rereading your stork au (bc i Love It and im so soft for baby logan) and i was kinda wondering how the legal bits work in that universe? like do the storks tell whoever (idk the right government people lol) that ‘x has a kid now’ or do the new parents have to like,, go register or something? idk its just a thought that came to mind after reading

(So happy you love the STORK AU! ^^;; It’s been a favorite of mine to write)

Short Answer: MAGIC!! It fixes everything! ^^;; lol For the most part the STORK’s magic makes pretty much all the necessary changes to all documentation instantaneous as soon as the new parent(s) accept their child.

Longer Answer below the cut:

The nice thing about STORKS is that they do have their own brand of magic that helps to facilitate the child’s move to a better family.

Their main magic is used for the changing/erasing of the original parent(s)/guardian(s) memories so that they won’t go looking for the child and to ensure that the child doesn’t have to worry about running into them again.

But this magic also is used to alter official records that the government (and medical, educational, etc places) keep. Basically if a government person just happened to be looking at the child’s name on their birth certificate when they’re taken by the STORKS and accepted by their new family it would be like a ‘blink and you miss’ it sort of change. One second the name may say Joe Johnson and the next it would be Joe Anderson. (The person may not realize that the name changed or think they misread the name, it’s so quick)-And if the child doesn’t want to keep their name that their original parents gave them, then the paperwork could change to say Andrew Anderson or even Jennifer Anderson depending on what the child wants to be called. Etc.

-The changes are also very very easy to make for those government systems who have digitized their information. As basically just blip and the necessary information is altered and no one is the wiser.

The good thing about the government though is that there are billions of people living on the planet and keeping track of every single form for every individual is such a momentous task that unless the person in the government is involved directly with the STORKs (aka they accepted a child from a STORK) it’s unlikely anyone will notice any changes to documents that contain the child’s name.

The only major difference to most governments is that since most of the time the original parent(s)/guardian(s) believe that their child was killed, there needs to be a paper trail there just in case one is needed. (aka death certificates and insurance claims filed and processed)

-If there is insurance on the child, then there’s the added complication of ensuring that the money was processed and placed in the right accounts so the original parent(s)/guardian(s) aren’t like “Where’s my money?”

Also what all needs to be changed in the paper trail of the child often depends on the situation that they come from and their age.

It’s a lot easier on the STORKS when the child hasn’t yet entered school as there are less official records (mostly like a Birth Certificate, Social Security Number, and maybe a couple of medical records.) that need to be altered.

It’s also the reason why most of the STORKs work with babies and toddlers. (And how they got their reputation for carrying babies to parents in the stories) There’s less that needs to be altered to ensure that the child can seamlessly enter into their new family’s lives.

But if the child is older and in school then there’s more complications and potentially more legwork (including physical visits to differing locations) that the STORK has to complete after uniting the child with their new parents in order to ensure that the no one goes “Oh hey wait what happened to Jimmy who was in class last week?” When the original parents think that the child ‘died’ three years ago.

-Basically if a person was closer to the parents, their memories will shift so that they too think the child is dead.

-If the person was closer to the child, they will forget who the child’s original parents were and remember only the new parents and in most cases will think that left because they moved away.

But yah. Schools complicate everything because there’s such a paper trail in those buildings. Assignments, Tests, Scores, Assessments, Nurses Visits, etc etc. (again yay for digital stuff as computer records are quite easy to alter for the STORKS.)

It’s even more complicated in the rarer cases where the ‘child’ is at that near adult stage of 15-17 years old where they may have a job (and all those certifications/background checks, etc) or have received their learner’s permit/driver’s license.

Because Remy usually deals with infants and toddlers his job isn’t as complicated as other more experienced STORKS who take on the older children in need.

And because Virgil is Logan’s original Dad, his case is different than most as he can keep his original name as his birth certificate was filed using Virgil’s last name as Logan’s last name and named him as father.

The main complication is that the Mom is still alive and now believes that Logan is dead.

-With Remy’s magic she believes that he died in the boating accident along with Virgil because Virgil’s Grandfather told her that Virgil was dead. Now the memories shift to include Logan in that.

So there’s a tricky bit of magic there where you could call it…a mirage. If she were to happen to look at Logan’s birth certificate she would see Logan’s name with her Maiden Name (though since she and Virgil weren’t yet officially married, she never took his last name and hasn’t yet been married to anyone else.) But if Virgil were to look at that exact same certificate, he would see his last name as Logan’s last name.

There will also be a Death Certificate found in the state of Florida that has Logan’s name with his Mother’s Maiden Name on it if the Mom were to need it.

In very very rare cases. A STORK is unable to properly change memories/paperworkforms because they have to act in the spur of the moment and take the child before a new family can be found for them. In these sort of cases it’s like…’the strings of fate’ -or in this case the ties of family- are violently snapped leaving the child(ren) adrift with no connections to anyone (records vanished, memories people have of the completely gone from their minds leaving holes in memories) until the STORK can get them out of imminent danger and realign them with a better family.

This happens to Remy when Logan is 14 years old when he rescues nearly 16 year old Roman and Remus from a cousin they lived with who was deadset on killing them.

Remy basically yanked the twins off the street as they ran by, shielded them with his wings from their cousin’s view and promptly used his magic to ‘break’ every single thread connecting them to their old life because he had no time to be ‘delicate’ when their lives were literally on the line.

As to the new parent(s), mostly what they have to worry about is what they’re going to tell people when they’re like “Hey…who is this?” The STORK’s magic, however, ensures that whatever story the new parent(s) decide to tell, it will be believed so that the child can be better accepted into their new life. (Though there’s almost always that one distant relative that disproves of everything no matter what you tell them. “Can they even afford to have another child?!” “Adoption?! Why in the world would you subject yourself to that?!”)

Again with Babies it’s rather easy if there’s a parent involved who can bear children as they will often use the story of “I didn’t know I was pregnant!” With older children the reason can be slightly more complicated and parent(s) have told very simple stories of “we decided we wanted to adopt this little angel” to more complex stories of “So apparently I actually had twins in the hospital but they told me one died but only now through Ancestry.com did I discover my child had actually survived and after a lot of searching we found each other.” (The STORKS have to shake their heads at some of the stories they’ve heard the parent(s) tell to explain why they suddenly have another child)

Paperwork wise the parent(s) usually find all the necessary documentation for the child in the mail within the week (after the haze of ‘we have a new child!’ has faded a bit) to ensure that there won’t be difficulties in their future (drivers licenses, passports, job applications, college applications, medical history, etc).

Again with Virgil and Logan it’s easier in some ways and difficult in others since Logan is Virgil’s biological child. So he can rightfully claim that Logan is his son.

But it does take Virgil a good two or three days before he feels like he can leave the building with Logan and tell people the story he’s comfortable telling.

Because like….how do you explain to people that your Grandfather didn’t want your fiance to marry you and so he set up the boat explosion to kill them, but somehow they survived, but then he convinced the Mom to fake being dead and then lied to Virgil about the her and Logan’s survival only Virgil discovered years later that they could potentially still be alive and when he ‘found’ them (Virgil never sees the Mom again, Remy is the one who took action to find them before Virgil could get a chance to) and Logan’s Mom could no longer care for him (otherwise Remy wouldn’t have been able to take Logan from his mother) and ‘wanted’ (since she’s not alive) nothing to do with Virgil and so Virgil took Logan back home to live with him and raise.

Yah…Virgil doesn’t tell that story to more than a handful of people. He mostly sticks to “His Mother took him from me, but now can no longer care for him and so I took my son back.” And if they know his situation with his ex-fiance will also state that she ‘faked their deaths and I just discovered they were still alive.”

But yah, paperwork wise, not much needed to be changed for Logan as he was too young to be in school (at almost five) and his Mom hadn’t enrolled him in preschool and had stopped taking him to daycare a good year before when she realized he could take care of himself well enough that she could leave him home while she was at work and not worry about him burning down the house (and save $$$ in the process) so no one would question why he no longer was coming.

Hope that answers your questions! Let me know if you have any more. :D

#STORK AU #neglectful parents tw #death talk tw #attempted murder tw

20 notes · View notes

eunnieboo · 7 years

Text

ask replies!

it’s been a while since i’ve done one of these!! i'm like a dragon sitting on its hoard except my hoard is a pile of beautiful asks. thank you as always for these messages! you guys are absolute sweethearts and it’s so warm and humbling reading through these when i’m feeling blue.

on that note, i did make a curiouscat account! i’m so bad at answering tumblr asks - i can never guarantee that they’ll be answered on time, if at all >< if you want a prompt response this will be your best bet!

1. gosh thank you so much!! i feel like i’m constantly inspired by independent artists these days, but if i had to choose influences that were there from the very beginning, yoshihiko umakoshi and CLAMP are ones that come to mind :>

2. i think i touched on this briefly in my faq! but i’m honestly not sure just bc i don’t know what knowledge i could offer - i’m not too hot at explaining the reasoning behind why i do things... a simple walkthrough of my drawing process is what i’d be comfortable with, most likely! something to think about if i ever opened a patreon 👀 ✨

3. omg you’re totally fine anon! my icon is from a later season of ojamajo doremi, my favorite magical girl anime! actually now that we’re on the subject, i REALLY encourage everybody to read this article about it!!! it talks about what makes doremi so special, the staff behind production - it sums up what i love about the series in a much more eloquent way ♥

4. oh gosh! i don’t think i’m well known enough for that haha~ maybe someday?!

5. AHH ANON YOU MAKE MY HEART SING!!! asking about my ocs omg i’m slain. lana is from a very old story of mine - she was a side character suffering from an illness that kept her bedridden most of her life. iirc her disfiguration was an accident when she was younger.. she got something in her eye that blinded her and she tried to claw it out in a panic. she later gains transformative / regenerative abilities that grant her wish to look “beautiful” but after realizing her powers are temporary, she becomes desperate to keep them no matter the cost...

she’s ok in the end tho!!

@prettybone: WAHH thank you so much! omg that’s so great!!

@nicememerino: OMG YEE GOSH THANK U c(ˊᗜˋ*c)

@dogsahoy: rolls around i’m so glaD THANK YOUUU!!

@alexthealienboy: winces ahh ouch >< facebook, why do you do this... thank you though! i hope you enjoy your stay~

@ravenclawsidiot: omg thank you so much!! AAAAA

@vaciamos: oh my goodness, thank you! this makes me so happy!! i’m incredibly touched that my girls series is being received so well ;_; i hope to make more illustrations like it in the future!

1. ooommggGGG... T_______T thank you so much!! i’m floored

2. oh my gosh i just love hearing about people using my art as their desktop / phone backgrounds! what a treat <3 thank you so much ahh goodness

3. omg THANK YOU ANON!!

4. NOW THAT’S WHAT I LIKE TO HEAR (thank you forever!!!) 💖

@0xalis: oh my goodness thank YOU for sending such a lovely ask! what the heckie TvT i just love drawing characters. i know i still have a lot to learn, but that’s the fun part! let’s keep improving every day!! )9

@mitsu-romantica: ajSGJGJH THANK U OMG i hope that was a good time

@haniltin: GUESS WHAT, thank you for being you!! p.s. what a good bokuto!!!

@broadwaymack: omg thanks a billion, don’t be sorry! hehe

@paintedfaith: no worries friend, how could i be anything other than happy for receiving such a sweet message! thank u for liking my mii and mii art - and doremi! have a wonderful weekend~

@boredomkillscreativity: aw thank you!! ;v;

1. um no offense but i also love you ♥

2. !!! omgjfhgjfh thank u... blushes

3. ok anon but i’m warning you when i have cold fingers i WILL be sticking them on your neck to leech all ur warmth~

4. thank you so much!! U ARE THE CUTIE

5. wipes away a single tear from my face... thank u bb <3

6. ahh i’m so glad to hear that, thank you!!

7. omg! 😳 MISSION ACCOMPLISHED ᕙ( * •̀ ᗜ •́ * )ᕗ thank you so much!!

1. technically i have, at my bfa exhibition haha! we had a pop-up shop available so i drew a set of miniprints to promote a game demo i made as my senior project. i still have a bunch left over from then, golly... thank you so much tho waaa!

2. ahh not yet! i really want to make one tho! i’m leaning towards using tictail or storenvy when the time comes. thanks for your interest!

@softdisabledkid: i have! it’s definitely a goal of mine - and thank you so much, i’m really fond of how that assignment turned out too!! 😊 💕

@nicememerino: thank you very much aaa!! hey here’s a secret for you, there’s gonna be a part three to my girls series and i’m planning on making prints of all of them after i’ve drawn the last one..! 🙊

@fangirl-with-cat-ears: thank you so much!! omg u are too sweet TvT and gosh pickles was actually my only neko atsume art because he’s my fave... but here’s another bc i also love sapphire, what a fancy lady!

thank you again everyone!!! this is about two-thirds of the asks i’ve collected recently so i’ll be making another batch when i have the time~ once again, if you’d like to send me something that has a better chance of being answered, please direct all your questions to my curiouscat! it’ll also save me from spamming replies / taking the time to format these long posts ♥

p.s. some urls didn’t show up when i typed them and i’m not sure why? very sorry to those who didn’t receive a proper “@,” i've still tagged all your names tho!

#prettybone #nicememerino #dogsahoy #alexthealienboy #ravenclawsidiot #vaciamos #0xalis #mitsu-romantica #haniltin #broadwaymack #paintedfaith #boredomkillscreativity #softdisabledkid #fangirl-with-cat-ears #anon #replies

214 notes · View notes

amberdscott2 · 7 years

Text

Who Ran Leakedsource.com?

Late last month, multiple news outlets reported that unspecified law enforcement officials had seized the servers for Leakedsource.com, perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches — including billions of credentials for accounts at top sites like LinkedIn, Myspace, and Yahoo.

In a development that could turn out to be deeply ironic, it seems that the real-life identity of LeakedSource’s principal owner may have been exposed by many of the same stolen databases he’s been peddling.

The now-defunct LeakedSource service.

LeakedSource in October 2015 began selling access to passwords stolen in high-profile breaches. Enter any email address on the site’s search page and it would tell you if it had a password corresponding to that address. However, users had to select a payment plan before viewing any passwords.

LeakedSource was a curiosity to many, and for some journalists a potential source of news about new breaches. But unlike services such as BreachAlarm and HaveIBeenPwned.com — which force users to verify that they can access a given account or inbox before the site displays whether it has found a password associated with the account in question — LeakedSource did nothing to validate users. This fact, critics charged, showed that the proprietors of LeakedSource were purely interested in making money and helping others pillage accounts.

I also was curious about LeakedSource, but for a different reason. I wanted to chase down something I’d heard from multiple sources: That one of the administrators of LeakedSource also was the admin of abusewith[dot]us, a site unabashedly dedicated to helping people hack email and online gaming accounts.

Abusewith[dot]us began in September 2013 as a forum for learning and teaching how to hack accounts at Runescape, a massively multiplayer online role-playing game (MMORPG) set in a medieval fantasy realm where players battle for kingdoms and riches.

The currency with which Runescape players buy and sell weapons, potions and other in-game items are virtual gold coins, and many of Abusewith[dot]us’s early members traded in a handful of commodities: Phishing kits and exploits that could be used to steal Runescape usernames and passwords from fellow players; virtual gold plundered from hacked accounts; and databases from hacked forums and Web sites related to Runescape and other online games.

The administrator of Abusewith[dot]us is a hacker who uses the nickname “Xerx3s.” The avatar attached to Xerx3s’s account suggests the name is taken from Xerxes the Great, a Persian king who lived during the fifth century BC.

Xerx3s the hacker appears to be especially good at breaking into discussion forums and accounts dedicated to Runescape and online gaming. Xerx3s also is a major seller of Runescape gold — often sold to other players at steep discounts and presumably harvested from hacked accounts.

Xerx3s’s administrator account profile at Abusewith.us.

I didn’t start looking into who might be responsible for LeakedSource until July 2016, when I sought an interview by reaching out to the email listed on the site ([email protected]). Soon after, I received a Jabber chat invite from the address “[email protected].”

The entirety of that brief interview is archived here. I wanted to know whether the proprietors of the service believed they were doing anything wrong (we’ll explore more about the legal aspects of LeakedSource’s offerings later in this piece). Also, I wanted to learn whether the rumors of LeakedSource arising out of Abusewith[us] were true.

“After many of the big breaches of 2015, we noticed a common public trend…’Where can I search it to see if I was affected?’,” wrote the anonymous person hiding behind the [email protected] account. “And thus, the idea was born to fill that need, not rising out of anything. We are however going to terminate the interview as it does seem to be more of a witch hunt instead of journalism. Thank you for your time.”

Nearly two weeks after that chat with the LeakedSource administrator, I got a note from a source who keeps fairly close tabs on the major players in the English-speaking cybercrime underground. My source told me he’d recently chatted with Xerx3s using the Jabber address Xerx3s has long used prior to the creation of LeakedSource — [email protected].

Xerx3s told my source in great detail about my conversation with the Leakedsource administrator, suggesting that either Xerx3s was the same person I spoke with in my brief interview with LeakedSource, or that the LeakedSource admin had shared a transcript of our chat with Xerx3s.

Although his username on Abusewith[dot]us was Xerx3s, many of Xerx3s’s closest associates on the forum referred to him as “Wade” in their forum postings. This is in reference to a pseudonym Xerx3s frequently used, “Jeremy Wade.”

An associate of Xerx3s tells another abusewith[dot]us user that Xerx3s is the owner of LeakedSource. That comment was later deleted from the discussion thread pictured here.

One email address this Jeremy Wade identity used pseudonymously was [email protected]. According to a “reverse WHOIS” record search ordered through Domaintools.com, that email address is tied to two domain names registered in 2015: abusing[dot]rs, and cyberpay[dot]info. The original registration records for each site included the name “Secure Gaming LLC.”

The “Jeremy Wade” pseudonym shows up in a number of hacked forum databases that were posted to both Abusewith[dot]us and LeakedSource, including several other sites related to hacking and password abuse.

For example, the user database stolen and leaked from the DDoS-for-hire service “panic-stresser[dot]xyz” shows that a PayPal account tied to the email address [email protected] paid $5 to cover a subscription for a user named “jeremywade;” The leaked Panicstresser database shows the Jeremywade account was tied to the email address [email protected], and that the account was created in July 2012.

The leaked Panicstresser database also showed that the first login for that Jeremywade account came from the Internet address 68.41.238.208, which is a dynamic Internet address assigned to residential customers of Comcast Communications in Michigan.

According to a large number of forum postings, it appears that whoever used the [email protected] address also created several variations on that address, including [email protected], [email protected], [email protected], as well as [email protected].

The Gmail account [email protected] was used to register at least four domain names almost six years ago in 2011. Two of those domains — daily-streaming.com and tiny-chats.com — were originally registered to a “Nick Davros” at 3757 Dunes Parkway, Muskegon, Mich. The other two were registered to a Nick or Alex Davros at 868 W. Hile Rd., Muskegon, Mich. All four domain registration records included the phone number +12313430295.

I took that 68.41.238.208 Internet address that the leaked Panicstresser database said was tied to the account [email protected] and ran an Internet search on it. The address turned up in yet another compromised hacker forum database — this time in the leaked user database for sinister[dot]ly, ironically another site where users frequently post databases plundered from other sites and forums.

The leaked sinister[dot]ly forum database shows that a user by the name of “Jwade” who registered under the email address trpkisaiah@gmailcom first logged into the forum from the same Comcast Internet address tied to the [email protected] account at Panicstresser.

I also checked that Michigan Comcast address with Farsight Security, a security firm which runs a paid service that tracks the historic linkages between Internet addresses and domain names. Farsight reported that between 2012 and 2014, the Internet address 68.41.238.208 was tied to no-ip.biz, popular “dynamic IP” service.

No-ip.biz and other dynamic IP address services are usually free services that allow users to have Web sites hosted on servers that frequently change their Internet addresses. This type of service is useful for people who want to host a Web site on a home-based Internet address that may change from time to time, because services like No-ip.biz can be used to easily map the domain name to the user’s new Internet address whenever it happens to change.

Unfortunately, these dynamic IP providers are extremely popular in the attacker community, because they allow bad guys to keep their malware and scam sites up even when researchers mange to track the attacking IP address and convince the ISP responsible for that address to disconnect the malefactor. In such cases, dynamic IP services allow the owner of the attacking domain to simply re-route the attack site to another Internet address that he controls.

Farsight reports that the address 68.41.238.208 maps back to three different dynamic IP domains, including “jwade69.no-ip.biz,” “wadewon.no-ip.biz,” and “jrat6969.zapto.org.” That first dynamic address — jwade69.no-ip.biz — was included among several hundred others in a list published by the Federal Bureau of Investigation as tied to the distribution of Blackshades, a popular malware strain that was used as a password-stealing trojan by hundreds of paying customers prior to May 2014.

XERX3S HACKED?

In January 2017, when news of the alleged raid on LeakedSource began circulating in the media, I began going through my notes and emails searching for key accounts known to be tied to Xerx3s and the administrator of Abusewith[dot]us.

Somehow, in the previous three months I’d managed to overlook an anonymous message I received in mid-September from a reader who claimed to have hacked the email account [email protected], one of several addresses my research suggested was tied to Xerx3s.

The anonymous source didn’t say exactly how he hacked this account, but judging from the passwords tied to Xerx3s’s other known accounts that were included in the various forum database leaks listed above it may well have been because Xerx3s in some cases re-used the same password across multiple accounts.

My anonymous source shared almost a dozen screenshots of his access to [email protected], which indicate the name attached to the account was “Alex Davros.” The screenshots also show this user received thousands of dollars in Paypal payments from Leakedsource.com over a fairly short period in 2015.

The screenshots also showed that [email protected] was tied to a PayPal account assigned to a Secured Gaming LLC. Recall that this is the same company name included in the Web site registration records back in 2011 for daily-streaming.com and tiny-chats.com.

A screenshot shared with me in Sept. 2016 by an anonymous source who said he’d hacked the Gmail address “[email protected]”.

In addition, the screenshot above and others shared by my source indicate that the same Paypal account tied to [email protected] was habitually used to pay a monthly bill from Hyperfilter.com, a company that provides DDoS protection and hosting and which has long been the provider used by Abusewith[dot]us.

Finally, the anonymous hacker shared screenshots suggesting he had also hacked into the email account [email protected], an account apparently connected to a young lady in Michigan named Desi Parker. The screenshots for Ms. Parker suggest her hacked Gmail account was tied to an Apple iTunes account billed to a MasterCard ending in 7055 and issued to an Alexander Davros at 868 W. Hile, Muskegon, Mich.

The screenshots show the [email protected] address is associated with an Instagram account for a woman by the same name from Muskegon, Mich. (note that the address given in the WHOIS records for Alex Davros’s daily-streaming.com and tiny-chats.com also was Muskegon, Mich).

Desi Parker’s Instagram lists her “spouse” as Alex Davros, and says her phone number is 231-343-0295. Recall that this is the same phone number included in the Alex Davros domain registration records for daily-streaming.com and tiny-chats.com. That phone number is currently not in service.

Desi Parker’s Facebook account indeed says she is currently in a relationship with Alexander Marcus Davros, and the page links to this Facebook account for Alex Davros.

Alex’s Facebook profile is fairly sparse (at least the public version of it), but there is a singular notation in his entire profile that stands out: Beneath the “Other Names” heading under the “Details about Alexander” tab, Alex lists “TheKing.” Parker’s Instagram account includes a photo of an illustration she made including her beau’s first name with a crown on top.

Interestingly, two email addresses connected to domains associated with the Jeremy Wade alias — [email protected] and [email protected] — are tied to Facebook accounts for Michigan residents who both list Alex Davros among their Facebook friends.

Below is a rough mind map I created which attempts to show the connections between the various aliases, email addresses, phone numbers and Internet addresses mentioned above. At a minimum, they strongly indicate that Xerx3s is indeed an administrator of LeakedSource.

I managed to reach Davros through Twitter, and asked him to follow me so that we could exchange direct messages. Within maybe 60 seconds of my sending that tweet, Davros followed me on Twitter and politely requested via direct message that I remove my public Twitter messages asking him to follow me.

After I did as requested, Davros’s only response initially was, “Wow, impressive but I can honestly tell you I am not behind the service.” However, when pressed to be more specific, he admitting to being Xerx3s but claimed he had no involvement in LeakedSource.

“I am xer yes but LS no,” Davros said. He stopped answering my questions after that, saying he was busy “doing a couple things IRL.” IRL is Internet slang for “in real life.” Presumably these other things he was doing while I was firing off more questions had nothing to do with activities like deleting profiles or contacting an attorney.

Even if Davros is telling the truth, the preponderance of clues here and the myriad connections between them suggest that he at least has close ties to some of those who are involved in running LeakedSource.

A “mind map” I created to illustrate the apparent relationships between various addresses and pseudonyms referenced in this story.

THE LEGALITY OF LEAKEDSOURCE

On the surface, the rationale that LeakedSource’s proprietors have used to justify their service may seem somewhat reasonable: The service merely catalogs information that is already stolen from companies and that has been leaked in some form online.

But legal experts I spoke with saw things differently, saying LeakedSource’s owners could face criminal charges if prosecutors could show LeakedSource intended for the passwords that are for sale on the site to be used in the furtherance of a crime.

Orin Kerr, director of the Cybersecurity Law Initiative at The George Washington University, said trafficking in passwords is clearly a crime under the Computer Fraud and Abuse Act (CFAA).

Specifically, Section A6 of the CFAA, which makes it a crime to “knowingly and with intent to defraud traffic in any password or similar information through which a computer may be accessed without authorization, if…such trafficking affects interstate or foreign commerce.

“CFAA quite clearly punishes password trafficking,” Kerr said. “The statute says the [accused] must be trafficking in passwords knowingly and with intent to defraud, or trying to further unauthorized access.”

Judith Germano, a senior fellow at the Center on Law and Security at New York University’s School of Law, said LeakedSource might have a veneer of legitimacy if it made an effort to check whether users already have access to the accounts for which they’re seeking passwords.

“If they’re not properly verifying that when the user goes to the site to get passwords then I think that’s where their mask of credibility falls,” Germano said.

LeakedSource may be culpable also because at one point the site offered to crack hashed or encrypted passwords for a fee. In addition, it seems clear that the people who ran the service also advocated the use of stolen passwords for financial gain.

from Amber Scott Technology News https://krebsonsecurity.com/2017/02/who-ran-leakedsource-com/

0 notes

jennifersnyderca90 · 7 years

Text

Who Ran Leakedsource.com?

The now-defunct LeakedSource service.

Xerx3s’s administrator account profile at Abusewith.us.

An associate of Xerx3s tells another abusewith[dot]us user that Xerx3s is the owner of LeakedSource. That comment was later deleted from the discussion thread pictured here.

XERX3S HACKED?

A screenshot shared with me in Sept. 2016 by an anonymous source who said he’d hacked the Gmail address “[email protected]”.

Desi Parker’s Facebook account indeed says she is currently in a relationship with Alexander Marcus Davros, and the page links to this Facebook account for Alex Davros.

A “mind map” I created to illustrate the apparent relationships between various addresses and pseudonyms referenced in this story.

THE LEGALITY OF LEAKEDSOURCE

Orin Kerr, director of the Cybersecurity Law Initiative at The George Washington University, said trafficking in passwords is clearly a crime under the Computer Fraud and Abuse Act (CFAA).

“If they’re not properly verifying that when the user goes to the site to get passwords then I think that’s where their mask of credibility falls,” Germano said.

from https://krebsonsecurity.com/2017/02/who-ran-leakedsource-com/

0 notes