Today morning my colleague Mr.Balakrishnan came to me asking if I changed the password of ourScriptlance account… I said I didn’t do anything with the account and immediately bala went to his system trying to reset the password… Only then we came to know our account was hacked…
There is no way our account could have been hacked because no one other I and bala knows the password and our systems are also not shared with other networks in office… Also we never share passwords using IM’s… So, we confirmed it must be some miscreant inside Scriptlance…
In the whole episode two things happened
- Irony with Scriptlance support desk…
- An email from the hacker…
First let me share you the screenshots of things, experience with Scriptlance & hackers email…
Myself and bala were using the account till 11.30 PM yesterday night and the site must have got hacked in another 15 – 30 min… We calculated this using time on the mail received… We took this screenshot by 3.45 PM today and 16 hours before must be around 11.30 PM – 12 AM yesterday or the day beginning… This screenshot has been sent by Scriptlance confirming the change in account details, without this alert we wouldn’t have found about this hack quickly… Now the irony part you can see the text in this screenshot “If you did not request this change please contact support” below IP address in this screenshot… On clicking that link we were taken to the screenshot which comes next…
I filled all the fields in despair which again resulted in despair :(… Please look at next screenshot to see what happened
Our account is hacked but Scriptlance’s system didn’t take up the complaint stating we are not guest and it promptly says we have an account by name “COGZIDEL”… Reason is because of cookie, but when things go wrong everything goes wrong…
Now comes the best part… Couple of minutes back bala got an email from the hacker asking for a ransom to release the account… Here is the screenshot of the mail received by bala…
This drove our interest to dig deep inside and bala was very proactive in finding who did this and we zeroed in on a person… But we must have released this report only after the investigation is fully complete and once we are sure about the hacker… But I’m sharing the details of the person whom we think is the man behind this attack :(… Look at the email id specified in the email screenshot received form the hacker it has come from “viroxic@gmail.com”… We searched in Scriptlance for “viroxic” and found that there is a user with that handle… Then we traced the IP address which was sent in the mail (check first screenshot), the IP was traced to Morocco… Also we googled “viroxic”, we got two more profile’s with the name “viroxic” from other sites… Look at those profiles
https://www.eufreelance.com/users/26190.html
https://www.scriptlance.com/cgi-bin/freelancers/buyers.cgi?view=viroxic
https://www.getafreelancer.com/users/868495.html
In his profile it states he is from Morocco… So, we think we have almost zeroed in on the hacker…
But still we didn’t get any response from the webmaster/customer support department of Scriptlance… Still we are keeping our fingers crossed and we must see if we are the only ones who are affected or there are couple of other who are affected… We have posted a post in Scriptlance Forum and waiting for more reactions… Our first priority is to get the account back and then understand how this hacking was done… Then we have to take a strategic call if we must continue with Scriptlance or not…
Please share with us if you have any such experience so that others can learn from our experience… Also I promise to share the entire case once we are out of this…
AnandNataraj 