I practiced restraint and moved on.

3 51
Avatar for AnonSunamun
2 years ago

Disclaimer: I have written this article, taking great care to make sure the identity of the "target" cannot be extrapolated from anything in this article. Please inform me if you find anything identifiable I missed so I can take it out.

This is a follow-up to a previous article.

you may or may not have read my previous article:

You still can by clicking here.

You probably have not as not many have read it and even fewer responded to my question. But for those who did read it and wonder what I wound up doing, here's how the story ended (for the moment).

What I did to find the information I could use.

Finding out information about this guy was remarkably easy. The direct message he sent me on the forum I posted the image showed me his username, and surprisingly it was a username he used in other places as well. In fact, it turned out he used that username as his nickname for just about everything!

A DuckDuckGo search was all it took to find his activity on many forums and on social media, which I proceeded to look through. Pretty soon I had the guy's LinkedIn profile, the guy's FB page which was pretty revealing, even for anyone not on his friends list.

Those two alone, the LinkedIn and the Facebook, gave me his real name, his phone number, his home address, his current and past employers, and lots of other information that I could have used would I want to make life miserable for him.

This was too easy, either this guy is stupid, or he is such a badass he doesn't care.

Reading through the guy's posts on several other forums, I noticed it wasn't rare for the guy to get into... heated discussions shall we say with other people, and that threats weren't reserved for me alone. I found several threads that contained or ended with him threatening another user in one way or another.

One hit in the search results proved to be the pot of gold so to speak as it turned out the guy had at one point registered a domain (one of the free domains available from freedom) <username>.ml, and had the domain redirect to his home IP address.

Firing up my Kali Linux, starting a VPN, and simply scanning for open ports I was rewarded, astonishingly, with a number of ports that were open, that shouldn't be open, at least not in the case of a normal router connected to the internet and a normal computer connected to the router.

What did my searching get me?

It turned out this was not a normal router or a normal computer. I will not make this article too boring by going over the details but summarize by saying that the router had not been updated in years, his computer was put in the DMZ, and was running several applications that provided remote access features (media server, home cloud storage, mail server, ssh, FTP server, a WordPress and a Joomla installation)

I have never seen such casual disregard for privacy or security before!

A couple of hours later I had access to his router, his Joomla site, his media server, and most shockingly his Windows. At this point, I could literally do anything I wanted with his computer, up to and including locking him out of his own computer.

His security and configurations were so incredibly bad, I began to feel sorry for him.

Running through the contents of his drives I found nothing shocking, except maybe a preference for older women (very much older women), and some files in which he stupidly listed his uid's and pw's for several sites and services. But with most sites and services that matter using 2fa these days, I doubt they would have been useful in any sense.

I annihilated this pathetic man, that threatened me, for sure?

When I started this, I was genuinely pissed! I wanted to find this guy, and I wanted to show him he had messed with the wrong dude! I wanted to make him suffer so much he would never dare threaten anyone online ever again.

But over the time it took for me to get the information and the access to his shit I'd calmed down. I had also come to the conclusion that this was not a hardcore Internet Troll, an Intelligent person who'd be able to carry out his threat, or even a credibly intelligent man. This was a pathetic, stupid, ignorant, anti-social douchebag that wasn't worth the time I had already spent on him and his threat.

Although I did get nostalgic a bit, all this reminding me of what I did throughout the '80s and early 90s, I was an adult now and an IT Support Professional. I should hold myself to higher standards than I did back then, right?

In fact, I kind of felt pity for him and decided to let it slide, and even help him on his way to fixing his security a bit.

By the way, have a look at my sponsors! They're worth checking out!

Sponsors of AnonSunamun

So what did I do with all that power?

I did two things, which I hope will make him think twice before threatening anyone again in the same way, as well as make him aware of the risk he's running with the way he has set up his home network and his total disregard for security and privacy online.

I created a text file TIPS.TXT and placed it on the desktop of his windows, on all user profiles in his installation.

In it:

  • I listed the security vulnerabilities his router, his Windows, his Jellyfin, his HomeCloud, his WordPress, and his Joomla were offering to anyone interested in hacking him.

  • I also informed him that his nickname, Facebook, and LinkedIn had so much public information that I didn't even need to hack him to make his life miserable

  • I suggested that threatening people online, especially threatening people's families, was a stupid idea when you're as dumb with your privacy and security as he was.

  • I repeated that he best make sure he never ever threatened me or my family ever again.

Then I changed the desktop background image on all his user profiles in Windows to the following picture:

And that's it? Nothing else, no keylogger, backdoors, shadow accounts? Nothing?

Of course, I've got his nickname(s), his address, and all the other information about him locked away in a document somewhere, tucked away in a safe place. Just in case he decides he wants to be an asshole to me again. But if I never hear from him again, I will never open that document again either. And if he heeds my advice in the TIP.TXT file, the task that runs once a week will return errors when it tries to print out my parting gift onto his printer. ;-)

Thank you for reading this!

Stay safe and stay happy!


$ 1.65
$ 1.31 from @Pantera
$ 0.26 from @TheRandomRewarder
$ 0.08 from @LucyStephanie
Sponsors of AnonSunamun
Avatar for AnonSunamun
2 years ago


There is a lot I wanted to ask about both these articles. One thing I have to admit though,is that I have lost my sense of humor. I didn't get the reason your chart was funny, although I suspect that it had to do with the ridiculousness of crypto traders that try to justify short-term predictions with any random tool they find at tradingview. If this was the case, then your chart wasn't just funny but also a very genious approach that was mocking the absurd charts that were so convincingly presented.

When I was trying to learn trading, I stubbled upon a live stream by Tone Vays. The guy literally said that if price dropped at a certain level below his basic chart line of support, he would then move the line down... I mean this is totally crap. These guys are selling snake-oil and I don't know if there is a single day-trader that profits.

I may be wrong but I think that this was your plan with the chart you published. If not then I didn't get it, meaning I have grown old and sad as a person.

What bothers me is why this other dude got so irritated and threatened you and your family. I've met some people that react like that, I don't accept but I understand that some guys are dealing with a lot and vending their frustrations online.

I've never pm'ed someone and threatened, but I've talked sh*t to some people in a few chatrooms many years ago, when I was playing online poker. Not the same though, this is totally different and I didn't threaten the family of another person. It seems that this guy has a lot of issues.

Honestly, I feel I would react exactly like you did. (if I had the skills though). What you did sounds perfectly logical to me. I wanted to reply days ago when I read your post, and I had a comment already written, but some real life issues prevented me from finishing that comment. Eventually I had to rush and just shut down the page without publishing. I knew you would do the right thing and not punish the guy further, although the other part you uncovered, when he blamed his wife like that, this means the guy probably has very low ethics.

So, you see me now on Read.Cash, probably you know I have the same user name in other platforms and I have given links to those I use. I haven't taken extreme steps to protect my privacy but I wanted to ask if you, (as a user of a platform and not an admin,) can find out information about me, that will eventually help you to take control of my desktop.

I wouldn't like that and I would love to see the tips you gave to this guy. I value privacy and online security, but maybe I miss too many things I don't know about.

By the way, thanks a lot. It was one of the most entertaining series of articles I've read. I just sometimes have very little time (or funds), but I always try to make it up.

$ 0.05
2 years ago

Well, you did get the joke, so you've still got a sense of humor. LOL. It's more than ridiculous, some charts on tradingview. Seems some think that the more lines and squiggles they put in a chart, how more professional it looks. Some charts look more like abstract art than financial analysis. :P This pica i posted was meant to sarcastically hint at that ridiculousness.

I did a real quick tiny check on you, or rather your nickname, and the cursory glance says you're ok. A big help of course is that your nickname is already in use by a quite famous band, which tend to get hits about them higher up in the search results. The things i could find were mainly things related to steem, medium (did find your wallet balances and other account info. Not too versed on steem and the way they work but you migh want to have a look over there to make sure) and some older stuff from other sites. But like i said, nothing scary. If you're looking into.... finding people... you can often find the crack to start picking at with this: https://github.com/woj-ciech/SocialPath

But really, this guy had the worst sense of security i've ever seen. Just about anybody with half a brain has better security than he did. That's one of the things that made me decided to let him off the hook this time. I'm not entirely sure that he's playing with a full deck, so to speak. I wouldn't want to be that asshole that took advantage to get back at someone suffering mental health issues.

I'll let you in on a secret, though, getting his ip adress was the pivotal find in gaining access. If I didn't have that, I'd never gotten into any systems that he uses. Well, i got lucky and did manage to get it. At that point, with the tools available in Kali, scanning for vulnerabilities is easy, and if you're not updated you're screwed, and he was. Him putting his main pc in the routers DMZ didn't help him eiter :P

So i'm not especially skilled or anything. I've just been around for so long, and was part of the net before there was internet. Those days, most of the people you had contact with "online" were hackers and crackers, and they tend to be a boastful bunch. I picked up some tricks here and there from those times.

Thanks for reading and the tips, and for being my most loyal sponsor!

$ 0.30
2 years ago

Oh wow it must be great to be able to do what you did. If only I had the brains and interest to do such. Hahaha. See few years ago there were some trolls on a certain pay to write website I was a member of and for sure I wanted to do the same thing you did if only I knew how. Haha.

Ah such a scary world we live in where all the information about us is online.

$ 0.00
2 years ago