Last night, I was PMed by an anon on a decidedly non-anon network, congratulating me on the nice leak that had gone up roughly 4 hours earlier. Not knowing what he was talking about, I asked and was pointed to a new file on doxbin named USSC-USMS_WITSEC_backup_Witness_Protection.txt. He mentioned that if one Ctrl+Fed for "Monsegur" it would lead to this little gem:
 
INSERT INTO contact_SENTRY_WITSEC_clean (id, number, gender, givenname, middleinitial, surname, streetaddress, city, state, zipcode, country, USMS_email, password, NPA-NXX-CPE, birth_surname, birthday, GOV_CCType, GOV_CCNumber, CVV2, CCExpires, WITSEC_SSN, UPS_prepaid_USMS_pack, WITSEC_occupation) values (157, 160, 'male', 'Hector', 'S', 'Basulto', '14281 SW 23rd Ln', 'Miami', 'FL', '33175', 'US', 'Hector.S.Basulto@maxhardcore.com', 'ooraeK6ohf7', '315-221-7227', 'Monsegur', '1983-06-07 00:00:00', 'Visa', '4556268016798707', '728', '2014-05-01 00:00:00', '266-72-9313', '1Z 020 886 53 3535 464 6', 'Lathe operator');
 
The first thing that stuck out was the @maxhardcore.com e-mail address. If that means nothing to you, I suggest that you read his Wikipedia page (https://en.wikipedia.org/wiki/Max_Hardcore) and count yourself lucky that you're too young to remember him. As it turns out, all 1,000 entries had @maxhardcore.com e-mail addresses (I still want one, by the way). Strange. Why would 1,000 people in WITSEC have that for an e-mail address? Why wouldn't they just use GMail accounts?
 
Next up was the "UPS_prepaid_USMS_pack" Very strange. Those strings of numbers didn't resemble any patterns that looked familiar at the time, but it still stuck out. Regardless, the sole purpose of the @doxbin twitter account has always been to tweet out the more interesting dox and in general abuse white/blackhats alike, and I've built a reputation for doing so and walking away unscathed. With all that in mind, I made this tweet:
 
"http://doxbinphonls5hsk.onion/doxviewer.php?dox=USSC-USMS_WITSEC_backup_Witness_Protection Ctrl+F for "Monsegur" Hmm, wonder if it's real..."
 
Source: https://twitter.com/doxbin/status/295395251701547008
 
Rather quickly, @AnonymousIRC picked it up, and so did some other accounts. In all the chaos and butthurt that ensued (The usual litany of empty threats, begging, people laughing, and even one guy who came out of the woodwork just to tell me "nigga u crazy"), a couple of tweets rose from the muck:
 
"@AnonymousIRC @doxbin its a setup the list is over a year old with sabu added in"
 
Source: https://twitter.com/Bitchiest/status/295414310828646400
 
"@doxbin I would like to report that USSC leak as fake -> https://github.com/gradleware/oreilly-gradle-book-examples/blob/master/plugins/database-setup/create-schema.sql … All Entries are from an example DB + some editing"
 
Source: https://twitter.com/Sanguinarious/status/295419455436115968
 
And now, the format of the "UPS_prepaid_USMS_pack" numbers made sense. As it turns out, those are UPS tracking numbers. Fake Name Generator spits these out, and whoever made this fake db 2 years ago probably just clobbered Fake Name Generator until they got 1,000 fake sets of information.
 
Now, compare
 
http://doxbinumfxfyytnh.onion/fail/USSC-USMS_WITSEC_backup_Witness_Protection.txt
 
to
 
https://github.com/gradleware/oreilly-gradle-book-examples/blob/master/plugins/database-setup/create-schema.sql
 
What's funny is that googling pretty much anything from that .txt will pull up the github link as the first result. Crowdsourcing is a bitch.
 
And that, boys and girls, is how fake leaks are dissected.
 
 
P.S. There was one additional tweet by @xDictate that came before these (But has since been deleted), pointing out that the address in the above-mentioned db entry went to a Jose Basulto on whitepages. You may wish to put on your tinfoil hats before visiting the next two links:
 
https://en.wikipedia.org/wiki/Jos%C3%A9_Basulto
https://en.wikipedia.org/wiki/Brothers_to_the_rescue
 
 
- @doxbin

create a new version of this paste RAW Paste Data