Hacker Caught While Checking
His Yahoo Account 2007-May-08

PayPal Phisher Busted

The following information was captured from the khgt3am5@Yahoo.com account on May 8th at 8:00pm CST. 

The hacker made it easy for us to trace his victims - by leaving his Yahoo account wide open.

Rick saw the mouse was seen moving around on our FS15 computer.  I thought David might have been logging in, but he said no.  So it was a hacker was checking his Yahoo account.  He had gotten in through VNC - Virtual Network Computing utility.  He was evidently attempting to use our IP address (67.55.221.5) to mask his activities.

I closed VNC, locking him out, and leaving his Yahoo account still open.  He was trying to close the window and after a fast and furious "mouse battle" I closed VNC on him.  This left me in his Yahoo account.  I then proceed to quickly copy and paste the emails to this FrontPage page, before it times out.

All the people in this list should be notified that the hacker has their information to varying degrees.  He seems to have succeeded in duping people in to giving their credit card information.

The hacker uses a handle called TeRoR - which may indicate that he is involved in raising funds for terrorist activities.  He probably has many Yahoo accounts.

Evidently his sender ID is an IP address he has hijacked followed by PP.2 which may stand for PayPal.  He has listed some as a result of his Phishing "TeRoR PayPal FULLz"

I erased the sent messages to cover my tracks, and he may use the account again.

The Phisher logged in to our computer using VNC from 14:48 to 14:50 about 2 minutes

Please let me know if I can be of assistance.

Rick or David
Internet Security
C I Corporation
202-829-4444

We reported this internet crime to the
FBI's Internet Crime Complaint Center (IC3):

Complaint Id: I0705081957346091

 

Screen Shot of Hacker's Yahoo Account

 

Event Log with Phisher's IP Address: 85.30.84.175


Phisher logged in to our PC at 14:48
and started checking his Yahoo email


We closed them out at 5/8/2007 14:50
after seeing mouse move around for 2 minutes

 

 

 

Sender Subject Date Size
    MAILER-DAEMON@ yahoo.com failure notice Tue May 08, 2007 5k
    MAILER-DAEMON@ yahoo.com failure notice Tue May 08, 2007 4k
 
   67.175.149.88@PP.2 mnmmom9596@aol.com - mqt96mjt95 Mon May 07, 2007 1k
    68.184.113.166@PP.2 lewisandfamily@charter.net - chelsie1cat Mon May 07, 2007 1k
    67.10.11.137@PP.2 jj_alva@yahoo.com - dl04686918 Mon May 07, 2007 1k
    24.58.196.16@PP.2 Dood@twcny.rr.com - foreigner Mon May 07, 2007 1k
    69.236.86.181@PP.2 pstkschmitt@yahoo,com - 2258333 Mon May 07, 2007 1k
    200.121.202.167@PP.2 hjuliog@yahoo.com - josedaniel Mon May 07, 2007 1k
    64.136.26.235@PP.2 bryannguyen2918@yahoo.com - lennanguyen Mon May 07, 2007 1k
    72.48.1.105@PP.2 lisa-scott@excite.com - brandon1 Mon May 07, 2007 1k
    205.188.117.9@PP.2 lwitwen@aol.com - hannah29 Mon May 07, 2007 1k
    65.103.17.236@PP.2 jcblum44@msn.com - 64grams07 Mon May 07, 2007 1k
    24.27.43.217@PP.2 lgs_737@yahoo.com - canada11 Mon May 07, 2007 1k
    70.105.182.95@PP.2 warmvanilla_sugar@verizon.net - neilviper49 Mon May 07, 2007 1k
    24.41.86.214@PP.2 cbograd@yahoo.com - mistyb Mon May 07, 2007 1k
    68.230.13.117@PP.3 TeRoR PayPal FULLz Mon May 07, 2007 2k
    59.144.124.128@PP.2 sdfgsdfg@asasdf.com - asdfasdfasdf Mon May 07, 2007 1k
    68.230.13.117@PP.2 suemc@cox.net - harlan Mon May 07, 2007 1k
    64.136.26.226@PP.3 TeRoR PayPal FULLz Mon May 07, 2007 2k
    205.188.117.9@PP.2 jandjward73@wmconnect.com - ruby54 Mon May 07, 2007 1k
    69.209.111.245@PP.2 henryrpost@sbcglobal.net - SacredStud1944 Mon May 07, 2007 1k
    64.136.26.226@PP.2 wmiddle779@netzero.com - tippermid Mon May 07, 2007 1k
    67.174.121.155@PP.2 kaitlinanne580@aim.com - rl=2cute Mon May 07, 2007 1k
    65.35.43.220@PP.2 phucu@uscammer.com - fuckuall Mon May 07, 2007 1k
    71.251.173.48@PP.2 august52@mail.com - gordie52 Mon May 07, 2007 1k
71.251.173.48@PP.2 august52@mail.com - gordie52 Mon May 07, 2007 1k
12.76.134.99@PP.2 conradvienot@conradvienot.ws - 4honesty Mon May 07, 2007 1k
12.76.134.99@PP.2 conradvienot@conradvienot.ws - 4honesty Mon May 07, 2007 1k
70.92.92.134@PP.2 blushingjess@yahoo - fooboo Mon May 07, 2007 1k
201.246.253.126@PP.2 njaramillo@charlesycia.cl - kennedy Mon May 07, 2007 1k
205.188.117.9@PP.2 mmdeignan@aol.com - dancedoll Mon May 07, 2007 1k
68.103.126.20@PP.2 meggierea@yahoo.com - jasonsbaby Mon May 07, 2007 1k
71.32.18.120@PP.2 klockart@msn.com - elk2425 Mon May 07, 2007 1k
66.183.172.159@PP.2 dgaspar@telus.net - darrylsdog Mon May 07, 2007 1k
66.183.172.159@PP.2 twilabc - darrylsdog Mon May 07, 2007 1k
71.32.18.120@PP.2 klockart@msn.com - elk2425 Mon May 07, 2007 1k
71.32.18.120@PP.2 klockart@msn.com - elk2425 Mon May 07, 2007 1k
41.201.225.244@PP.3 TeRoR PayPal FULLz Mon May 07, 2007 2k
41.201.225.244@PP.2 sdsds - dsdsds Mon May 07, 2007 1k
68.59.97.224@PP.2 nana1232404 - turtle Mon May 07, 2007 1k
71.227.100.218@PP.3 TeRoR PayPal FULLz Mon May 07, 2007 3k
71.227.100.218@PP.2 dillona7@aol.com - latifink Mon May 07, 2007 1k
72.190.20.187@PP.3 TeRoR PayPal FULLz Mon May 07, 2007 3k
58.107.5.90@PP.2 irv@optushome.com.au - charlotterain Mon May 07, 2007 1k
67.188.54.201@PP.3 TeRoR PayPal FULLz Mon May 07, 2007 3k
72.240.17.88@PP.2 callen@carestar.com - 7623catt. Mon May 07, 2007 1k
206.213.183.3@PP.2 ndate@juno.com - kitty2 Mon May 07, 2007 1k
24.166.43.178@PP.2 digidash2000@netzero.net - lucy01 Mon May 07, 2007 1k
72.190.20.187@PP.2 gailminsky@aol.com - blalock9 Mon May 07, 2007 1k
67.188.54.201@PP.2 really@yahoo.com - liar Mon May 07, 2007 1k
68.98.81.227@PP.2 we@aol.com - 333333444 Mon May 07, 2007 1k
61.88.208.105@PP.3 TeRoR PayPal FULLz Mon May 07, 2007 3k
61.88.208.105@PP.2 scrapps@bigpond.com - jemima6571 Mon May 07, 2007 1k
67.186.41.167@PP.3 TeRoR PayPal FULLz Mon May 07, 2007 3k
68.39.128.201@PP.2 v81day@yahoo.com - sept0981 Mon May 07, 2007 1k
205.188.117.9@PP.2 cameron0414@aol.com - acura35rl Mon May 07, 2007 1k
67.186.41.167@PP.2 WendyPoohgirl3@comcast.net - precious Mon May 07, 2007 1k
152.163.100.74@PP.2 alic8g@aol.com - aggp2002 Mon May 07, 2007 1k
207.200.116.138@PP.2 mjmaterazo - ojyram Mon May 07, 2007 1k
69.234.208.222@PP.2 fuckoff@aol.com - fuckyou Mon May 07, 2007 1k
71.182.24.198@PP.2 warrickd1@msn.com - baylee18 Mon May 07, 2007 1k
69.85.152.118@PP.2 fuck you @ eatshit.com - fuckyoutoo Mon May 07, 2007 1k
74.171.116.50@PP.2 scorpion_4mk69@yahoo.com - buick Mon May 07, 2007 1k
64.12.116.10@PP.2 avoneckart@aol.com - hayden23 Mon May 07, 2007 1k
64.12.116.10@PP.2 avoneckart@aol.com - hayden23 Mon May 07, 2007 1k
205.188.117.9@PP.2 Sallymavs101@aol.com - SG0430 Mon May 07, 2007 1k

sample emails

 

This message is not flagged. [ Flag Message - Mark as Unread ]
Date: Tue, 8 May 2007 12:15:55 +0800
To: kk.nightwolf@gmail.com, khgt3am5@yahoo.com
Subject: pstkschmitt@yahoo,com - 2258333
From: 69.236.86.181@PP.2  Add to Address BookAdd to Address Book  Add Mobile Alert 

2nd Attempt Login Report for TeRoR
PayPal Login: pstkschmitt@yahoo,com
PayPal Password2: 2258333
IP Login: 69.236.86.181
Date: Tue, 8 May 2007 12:14:56 +0800
To: kk.nightwolf@gmail.com, khgt3am5@yahoo.com
Subject: hjuliog@yahoo.com - josedaniel
From: 200.121.202.167@PP.2  Add to Address BookAdd to Address Book  Add Mobile Alert 

2nd Attempt Login Report for TeRoR
PayPal Login: hjuliog@yahoo.com
PayPal Password2: josedaniel
IP Login: 200.121.202.167
Date: Tue, 8 May 2007 12:07:49 +0800
To: kk.nightwolf@gmail.com, khgt3am5@yahoo.com
Subject: bryannguyen2918@yahoo.com - lennanguyen
From: 64.136.26.235@PP.2  Add to Address BookAdd to Address Book  Add Mobile Alert 

2nd Attempt Login Report for TeRoR
Date: Tue, 8 May 2007 11:57:58 +0800
To: kk.nightwolf@gmail.com, khgt3am5@yahoo.com
Subject: lisa-scott@excite.com - brandon1
From: 72.48.1.105@PP.2  Add to Address BookAdd to Address Book  Add Mobile Alert 

2nd Attempt Login Report for TeRoR
PayPal Login: lisa-scott@excite.com
PayPal Password2: brandon1
IP Login: 72.48.1.105
Date: Tue, 8 May 2007 11:42:34 +0800
To: kk.nightwolf@gmail.com, khgt3am5@yahoo.com
Subject: lwitwen@aol.com - hannah29
From: 205.188.117.9@PP.2  Add to Address BookAdd to Address Book  Add Mobile Alert 

2nd Attempt Login Report for TeRoR
PayPal Login: lwitwen@aol.com
PayPal Password2: hannah29
IP Login: 205.188.117.9
Date: Tue, 8 May 2007 11:06:04 +0800
To: kk.nightwolf@gmail.com, khgt3am5@yahoo.com
Subject: TeRoR PayPal FULLz
From: 68.230.13.117@PP.3  Add to Address BookAdd to Address Book  Add Mobile Alert 


----------------- PayPal * FULL Infoz -----------------|
PayPal Name     : Susan McPherson
Address1        : 3834 W Kelton Ln
                : 
Address2        : Phoenix, AZ 85053
County (Non US) : 
Country         : United States
Home Phone      : 602-978-6168
Work Phone      : --
SSN / NIN       : 
MMN             : Fredrickson
DOB (M/D/Y)     : 07/24/1949
DL Number       :  [Issued State: --]
CARDs Information --------------------------------|
Card Type       : VISA - Credit
Card Name       : Susan J McPherson
Card Number     : 4356880017088359
CASH            : NOT Cashable
Exp - CVN - PIN : 03/2009 - 567 - 5313
SWITCH and SOLO Cards only -----------------------|
Issue Number    : 
Start Date      : --/--
BANK Information ---------------------------------|
Bank Name       : 
Bank Phone      : 
Routing Number  : 
Account Number  : 
Account Type    : --
PayPal Information -------------------------------|
Paypal Email    : suemc@cox.net
Paypal Pass     : Harlan34
Question1       : Pet's name [sweetpea]
Question2       : Pet's name [sweetpea]
Logged IP       : 68.230.13.117
Logged Date     : Tue May 08, 2007 11:06 am
Sent to		    : kk.nightwolf@gmail.com,khgt3am5@yahoo.com
--------------------------------------------------|
Date: Tue, 8 May 2007 11:05:23 +0800
To: kk.nightwolf@gmail.com, khgt3am5@yahoo.com
Subject: sdfgsdfg@asasdf.com - asdfasdfasdf
From: 59.144.124.128@PP.2  Add to Address BookAdd to Address Book  Add Mobile Alert 

2nd Attempt Login Report for TeRoR
PayPal Login: sdfgsdfg@asasdf.com
PayPal Password2: asdfasdfasdf
IP Login: 59.144.124.128


----------------- PayPal * FULL Infoz -----------------|
PayPal Name     : W. M. Middleton
Address1        : 4215 Croydon Road
                :
Address2        : Pensacola, FL 32514-6815
County (Non US) :
Country         : United States
Home Phone      : 850-477-7947
Work Phone      : --
SSN / NIN       : 260220841
MMN             : mock
DOB (M/D/Y)     : 08/17/1925
DL Number       : m343933252970 [Issued State: FL]
CARDs Information --------------------------------|
Card Type       : VISA - Credit
Card Name       : William M. Middleton
Card Number     : 4115077026065500
CASH            : NOT Cashable
Exp - CVN - PIN : 10/2009 - 072 - 1725
SWITCH and SOLO Cards only -----------------------|
Issue Number    :
Start Date      : --/--
BANK Information ---------------------------------|
Bank Name       :
Bank Phone      :
Routing Number  :
Account Number  :
Account Type    : --
PayPal Information -------------------------------|
Paypal Email    : wmiddle779@netzero.com
Paypal Pass     : tippermid
Question1       : Town/City of birth [brinson]
Question2       : Mother's maiden name [mock]
Logged IP       : 64.136.26.226
Logged Date     : Tue May 08, 2007 10:56 am
Sent to     : kk.nightwolf@gmail.com,khgt3am5@yahoo.com
--------------------------------------------------|
 

Date: Tue, 8 May 2007 11:06:04 +0800
To: kk.nightwolf@gmail.com, khgt3am5@yahoo.com
Subject: TeRoR PayPal FULLz
From: 68.230.13.117@PP.3  Add to Address BookAdd to Address Book  Add Mobile Alert 


----------------- PayPal * FULL Infoz -----------------|
PayPal Name     : Susan McPherson
Address1        : 3834 W Kelton Ln
                : 
Address2        : Phoenix, AZ 85053
County (Non US) : 
Country         : United States
Home Phone      : 602-978-6168
Work Phone      : --
SSN / NIN       : 
MMN             : Fredrickson
DOB (M/D/Y)     : 07/24/1949
DL Number       :  [Issued State: --]
CARDs Information --------------------------------|
Card Type       : VISA - Credit
Card Name       : Susan J McPherson
Card Number     : 4356880017088359
CASH            : NOT Cashable
Exp - CVN - PIN : 03/2009 - 567 - 5313
SWITCH and SOLO Cards only -----------------------|
Issue Number    : 
Start Date      : --/--
BANK Information ---------------------------------|
Bank Name       : 
Bank Phone      : 
Routing Number  : 
Account Number  : 
Account Type    : --
PayPal Information -------------------------------|
Paypal Email    : suemc@cox.net
Paypal Pass     : Harlan34
Question1       : Pet's name [sweetpea]
Question2       : Pet's name [sweetpea]
Logged IP       : 68.230.13.117
Logged Date     : Tue May 08, 2007 11:06 am
Sent to		    : kk.nightwolf@gmail.com,khgt3am5@yahoo.com
--------------------------------------------------|

 

 

 

KK FOLDER

81.79.27.246@PP.2 gntmancr@btinternet.com - capetown Mon Apr 30, 2007 1k
    74.101.180.242@PP.2 fuckyou - fu(kyou Mon Apr 30, 2007 1k
    144.134.145.120@PP.2 chavi2383@hotmail.com - tangible Mon Apr 30, 2007 1k
    192.169.41.37@PP.2 dennis.yeo@pacific.net.sg - dennisyeo Mon Apr 30, 2007 1k
    68.34.35.56@PP.2 Fokwulfe@msn.com - 1125 Mon Apr 30, 2007 1k
    67.188.131.178@PP.2 kathleenalcala@comcast.net - Chunky21 Mon Apr 30, 2007 1k
    68.52.156.133@PP.2 madamsera@aol.com - kenner21 Mon Apr 30, 2007 1k
    70.157.60.230@PP.2 spencerjeremyd@hotmail.com - 3newikow Mon Apr 30, 2007 1k
    68.52.156.133@PP.2 madamsera@aol.com - kenner21 Mon Apr 30, 2007 1k
    209.36.244.253@PP.2 smarcoccia@yahoo.com - Chicago04 Mon Apr 30, 2007 1k
    aokkk leshmarr Mon Apr 30, 2007 11k
    aokkk leshmarr Mon Apr 30, 2007 11k
    aokkk leshmarr Mon Apr 30, 2007 11k
    aokkk leshmarr Mon Apr 30, 2007 11k
    68.60.42.189@PP.2 rallen3456@comcast.net - gostate Mon Apr 30, 2007 1k
    66.173.161.10@PP.2 hauer0470@comcast.net - allie42902 Mon Apr 30, 2007 1k
    66.227.182.242@PP.2 nursela@hotmail.com - 05071983 Mon Apr 30, 2007 1k
    85.30.84.196@PP.3 TeRoR PayPal FULLz Mon Apr 30, 2007 3k
    85.30.84.196@PP.2 terror@uyhoo.com - saodksaokd Mon Apr 30, 2007 1k
    24.81.247.52@PP.3 TeRoR PayPal FULLz Mon Apr 23, 2007 2k
    222.124.92.55@PP.2 boong@itu.com - ngibul Mon Apr 23, 2007 1k
    24.81.247.52@PP.2 huiyi.wang@agape.twu.ca - 11300614 Mon Apr 23, 2007 1k
    77.81.201.34@PP.2 alin3d@yahoo.com - nokitel Mon Apr 23, 2007 1k
 
   81.249.10.195@PP.2 dumbass - do you really think I am that stupid? Mon Apr 23, 2007 1k
    217.115.218.80@PP.2 bloody_mary_and_saint_john - nice_scam_guys ;) Mon Apr 23, 2007 1k

 

Date: Tue, 1 May 2007 08:11:00 +0200
To: kk.nightwolf@gmail.com, khgt3am5@yahoo.com
Subject: gntmancr@btinternet.com - capetown
From: 81.79.27.246@PP.2  Add to Address BookAdd to Address Book  Add Mobile Alert 

2nd Attempt Login Report for TeRoR
PayPal Login: gntmancr@btinternet.com
PayPal Password2: capetown
IP Login: 81.79.27.246

 

 

.