"Blackmailing is just a hobby for us, not a business. We like to be famous." –Zilterio

Zilterio (sometimes called Mr. Zilterio) was a very effective cracker who appeared on the WWW in 2000. Zilterio clamed to be the ringleader of a group of Russian hackers who provided 'security services' for web sites. He would crack a website and then contact the company with an offer to fix the security problems for a large fee. He usually backed up his threat by including a large file of confidential customer information. If the company wouldn’t pay, he sent e-mail massages to thousands of customers, alerting them that their accounts were insecure, and proving it with personal information.

I HATE TO INFORM YOU that your account has been hacked on {Everything2.com}. This site has a very weak security protection system and the database with credit cards and other personal information is not protected at all. Your personal details:

Your address
Your credit card information

We offered them our help many times. But top management of {Everything2.com} doesn’t care about their customers - you. They care only about their money.

In a 2002 e-mail interview with MSNBC’s Bob Sullivan, Zilterio claimed that nine companies (eight American, one European) had paid up, for a combined total of $150,000. Zilterio said that he would normally offer to help the company for $50,000, and settle for about half of that. No one is certain how many companies actually paid him, or how much. You can find claims online that he may have managed to make up to 4 billion dollars through this blackmailing, but it’s more likely that he failed to make even the $150,000 that he claimed. Zilterio’s five high-profile cracks (Webcertificate.com, TheNerds.net, Homenational.com, LinkLine {an ISP}, Fahnestock & Co. {a brokerage firm}) did not pay – but there were certainly many others who did not receive so much media attention, and possibly other cracks that were not reported to either the authorities or customers. One private investigator did find evidence that at least one company had paid Zilterio something.

He did make mistakes; on one occasion he demanded $45,000, or he would release customers’ credit card information – not realizing that the 16 digit numbers he had found at Webcertificate.com were not credit card numbers but gift certificate identification numbers, and nearly worthless. Sometimes he was just unpredictable; after cracking TheNerds.net, he sent the customers’ information out to the customers without ever sending any extortion note to the company.

But Zilterio made clear that all this was really just a hobby. Fun, profitable, but not what he/they did for a living. Most of their funds came from online auctions fraud, credit card fraud, and direct bank hacking. They also offered protection services to any firm that would pay them, although he did not make clear what this protection might consist of.

So – what happened? As far as I can find, nothing. The FBI were chasing him. There are rumors that they had traced him to Yemen. The private investigator that I mentioned earlier told MSNBC.com that he had tracked Zilterio to a prepaid dialup ISP account in Ukraine. But by late 2002 the story had faded, and Zilterio has since disappeared. If he was caught, I can find no reference to the capture. I assume that he wasn’t making enough money with this scam, or that the security holes that he was exploiting were patched. He’s gone now.

Here’s a mission statement / justification that appeared on Zilterio’s website, now defunct. The typos and bad grammar are sic.

“The situation with online security is very and very dangerous now. Almost 75 percent of all big e-commerce sites can be breaken in less than 2 hours. Customers should not trust these sites, but they do. These online shops and banks don’t pay enough to their software developers and technical directors maybe. We don’t know why, but this is what we have now.

Our mission is to help companies to protect their customers’ data. There are many skilled hackers in our team. We can break almost any modern computer system, including online banks and big online shops. When we get access to such systems we notify their owners about it. Some companies are ready to cooperate and they get our help. We send them instructions about how to improve their systems and later we track the process of this improvement. These companies care about their customers.

But some Internet sites don’t want to cooperate. In this case we notify all their customers about existing security loopholes. We do it to protect people against further lost of personal information. This is our mission.”

Sources of note:
Your Evil Twin: Behind the Identity Theft Epidemic by Bob Sullivan.

Log in or registerto write something here or to contact authors.