Cryptographic proof that one of TheShadowBrokers' Monthly Dump Service customers left them negative feedback

in #shadowbrokers7 years ago (edited)

If you're unfamiliar with TheShadowBroker's Monthly Dump Service, start out by reading the Monthly Dump Service background section of my post here. Otherwise, skip right ahead:

Negative Feedback

On July 11th at 21:38 (UTC), @fsyourmoms made a post on Steemit titled, "TheShadowBrokers are NOT Making America Great again!!!", accompanied by a tweet which mentioned some of the prominent InfoSec twitter personalities who are involved in the @TheShadowBrokers saga.

The post begins:

TheShadowBrokers ripped me off. I paid 500 XMR for their “Wine of the Month Club” and only they sent me a single tool that already requires me to have a box exploited.

and then turns into an interesting tirade against TheShadowBrokers.

Rational followers of hacking news remained skeptical -- after all, anonymous posters make crazy claims with no way to back them up all the time. The most likely explanation was that @fsyourmoms was just a hoaxer, FUDster or LARPer. Because of this, the post was largely ignored.

I did notice one interesting detail in @fsyourmoms post, which inspired a response post by me where I pointed out a detail which lent some credence to @fsyourmoms:

In an earlier article, I described how I scraped e-mail addresses for TheShadowBrokers's(TSB) Monero customers from the XMR blockchain, and found a cap for how much XMR TSB may have earned from their monthly dump service. After seeing @fsyourmoms' steemit post, I noted I found an e-mail address that may have belonged to @fsyourmoms. What I wrote in the post:

One of the e-mail addresses I found was fucksyourmoms@**********.com. This is very similar to @fsyourmoms username.

Of course, just using the same username as a publicly available e-mail address is pretty weak evidence for such grand claims and careful observers (myself included) remained skeptical.

Fortunately, Monero was actually designed to be able to handle situations like this, and thus it is possible to prove that a payment was sent if you have the payment address, payment transaction ID, and a secret payment key known only to the sender.

Read this link. It explains the secret payment key better than I can.

In my post, I set goal lines for what would convince me (and most cryptographers) that @fsyourmoms was for real:

If it's not a hoax and @fsyourmoms wants to improve their credibility, they could prove they're legit in the following ways:
1.) Using the e-mail address from the tx linked above. (Proves identity but doesn't actually prove payment was sent.)
2.) Post the secret tx key from their Monero payment to TSB. (Proves identity AND that payment was sent.)

Well, @fsyourmoms delivered.

In a steemit post and tweet earlier today, @fsyourmoms provided both the private key from their XMR payment, and a screenshot of the e-mail from TSB.

We now have:

  • TSB's XMR payment address (41jwGGMNRBKNurVnuo7ZW4HqrgPnfiJbfHUi3k46b5nFhvbpwcK6KdTSjvTRdbzdEzZbQ1t5GWhsW7scxcNv2adUJSbtExP) from this post by TSB
  • the payment transaction ID (782dc6139511ac4f5515a91452b1c5f019594b63a8cc8e015b8cd4b411af0d36) from the tx that I identified as containing the fucksyourmoms@**********.com e-mail address in my post here.
  • @fsyourmoms secret transaction key (a944723f77415dd06c5d34260363935e24ac6d5ac7fe711366f64768fa055803) from their steemit post/tweet.

I entered these into Monero GUI 2:

Screenshot 2017-07-14 11.34.56.png

Click check and voilà:
Screenshot 2017-07-14 11.35.00.png

Of course, you shouldn't take my word for it. You should download a Monero client and check yourself. Alternatively, if you trust xmrchain.net, you can verify it there:

  1. View the Monero transaction on xmrchain.net
  2. Scroll down to the box that says 'Decode outputs/Prove sending', select 'Prove sending'
  3. Enter the private key and TSB payment address from above.
  4. Click prove sending and it will verify the payment for you.

It'll look like this: Screenshot 2017-07-14 12.06.01.png

Conclusions:

  • @theshadowbrokers received at least 500 XMR from their June Monthly Dump. (They may have received significantly more, see my post about that.)
  • @fsyourmoms revealed a private key which proves they sent 500 XMR to TSB's June Monthly Dump address. This is a fact.
  • @fsyourmoms revealed a screenshot which appears to show a gpg signed file that came from TSB. Since the e-mail address was publicly available, anybody (feds) could have sent that e-mail as a honey pot or something, but presumably, @fsyourmoms verified the signature and it did indeed come from TSB.
  • @fsyourmoms says they only received 1 tool from TSB and they're disappointed with it. (I have no idea what the tool actually was, nor any way to evaluate whether the tool was worth 500 XMR. And it's none of my business anyways, this is between TSB and @fsyourmoms.)

To be clear, my intention with these posts is in no way to judge or interfere with TSB's and @fsyourmoms business. I'm just eating popcorn, watching the drama unfold, trying to inform people about cryptocurrencies and trying to provide unbiased analysis that I'm certain LE and criminal hackers already have.
Popcorn


If you have any questions or comments, or caught any mistakes, please don't hesitate to post a comment, PM me or e-mail me. If you didn't get something, odds are a lot of other readers didn't understand it either so please ask me to clarify it!

wh1sks@keemail.me PGP key

follow me on twitter to get updates beamed straight to a screen near you.
south-park-s17e01.jpg

Sort:  

Fsyourmoms Fsyourmoms tweeted @ 14 Jul 2017 - 12:53 UTC

Proof. steemit.com/shadowbrokers/…

TX KEY: a944723f77415dd06c5d34260363935e24ac6d5ac7fe711366f64768fa055803… twitter.com/i/web/status/8…

Fsyourmoms Fsyourmoms tweeted @ 11 Jul 2017 - 21:53 UTC

@MalwareJake @msuiche @drwolfff @thegrugq twitter.com/Fsyourmoms/sta…

Disclaimer: I am just a bot trying to be helpful.

Wow, so great information!

The rabbit hole keeps getting deeper and deeper.

Wow thanks for the heads up, I'll stay clear of shadowbrokers

I had no idea you could verify Monero transactions this way. good to know.

trying to understand the material of the article.
thanks anyway for your time.

If you're just starting to follow TheShadowBrokers story now, I'd recommend catching up by reading up on TheShadowBrokers (google it and pick your favorite news outlet, I guess). For this specific story, you should read up on monero as well at getmonero.org.

This post is the 3rd I've written about TheShadowBrokers and basically just a continuation of the earlier 2 posts.

Honestly, there's so much background information that someone could write a book on it.

Well done post, thanks for sharing

Hay @wh1sks Nice Post Vote & Followed
I always follow your journey whether it is Travel or Other !!
I Wish You Would Also Follow and Upvote My Post @funnystuff
Really I Liked What You Do Every Day
And Always Join - Upvote - Comment and Reesteem
I wish the same
Thank You Sweet

thanks for sharing this info @wh1sks thanks for the headsup

Congratulations @wh1sks! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of comments received

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!