There was always a constant need for fresh databases. It was the fuel that kept my spam operation running. The only options back then were to buy them from a sketchy source which was probably a fed or a scammer or to hack them yourself. I don’t know what caused me to have such a great belief in myself, but I remember thinking. “What can any other hacker learn that I can’t?”. I looked at it from a completely different perspective than I did sports like basketball, football, or baseball. It didn’t require you to be physically gifted or talented. I used the same tool everyone else had access to, Google.
I learned how to hack using Google. I think the first thing anyone learns when it comes to hacking is SQL injection. After spending an hour reading about SQL injection and downloading Havij, I was ready to begin hacking. I set my goals high and wanted to only hack the largest databases. To do that I first needed to see what the most popular websites online were. So I headed over to alexa.com and downloaded the top 1M websites list. I had my programmer create software that would search each site on google with a dork list and check to see if the website was vulnerable. When it was done it would look something like this:
This would search Google for all injection points and place a ‘ after the = sign. If an error came back it meant the website was vulnerable. I admit, it wasn’t a sophisticated method at all, but the number of positive hits that came back was astounding. In fact, there were too many results, it got to the point where if the website didn’t have more than 100k records, I wouldn’t even bother dumping them. I hacked hundreds of websites using this method that I basically taught myself in less than a couple hours. At this moment I realized how far security really was behind technology. This would go on to provide me a steady stream of data for almost a year.