Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /d/Security
- Viewing post
- 12
- PSA treat hugbunter with caution
- Posted 3 days ago* in /d/Security
- by throwawayregret
- there's no way in hell I'd host a vendor shop with someone who disappears and comes back claiming everything is fine. this is not FUD this is my personal experience below.
- I was a fucking idiot college kid and ran a hacking forum in the USA
- knew nothing about OPSEC just used SOCKS proxy so of course DNS leaks everywhere
- FBI (yes) arrested me for 24 hours which scared the shit out of me
- then offered if i run the forum and don't allow any product to be sold, if i followed majority of USA law, then they would tell my judge and i might not be screwed
- i logged back in after a week offline and they told me to post some story about how i was sick and whatever
- i was required to let them have SSH access to server and help them make database dumps daily which I emailed them a link to download.
- all they cared about was PMs so many people talk about dumb shit in PMs especially fraud people no body encrypts.
- I love this place and hope this has not happened but please for the love of god treat HugBunter as if he's a Reddit employee or some normal fucking person who can turn you in to the cops.
- 1. ENCRYPT YOUR PMs everywhere I know the majority of you aren't doing it. assume LE is reading everything. it does not matter if you encrypt.
- 2. Don't trust hugbunter with illegal projects. assume that if there's any way he convinced LE he can return it's by telling them he's working on vendor shops and can provide not-pgp shipping addresses. anyone trusting him with vendorshops is insane.
- 3. they have his PGP key if this happened assume any previous communication is compromised even if encrypted to him
- 4. assume everyone keeps jabber chat logs out of vanity even very smart people
- 5. if a rules here about sourcing change especially if dread doesn't allow FENT to be sold then you know some cop scared the shit out of admin. USA hates fent
- 6. dont use any username here you used on alphabay hansa or silk roads!!
- I hope this isn't true but I need everyone to take this seriously in the event it is.
- this all mirrors my life experience too closely and freaks my the fuck out
- i had to run that forum for four years before they finally took it down and it really affected my college with all the stress but im not in jail even though i feel like shit about it sorry
- if this gets deleted you know they're nervous
- hug i am sorry but you are already in my opinion burned and you should release the source code of your big accomplishment here
- 53 comments Report
- Comments
- 7
- /u/innovation
- 3 days ago
- The "power surge" explanation is very unlikely in 2018. When was the last time someone here lost all their electronics to a power surge? especially someone with technical competence?
- Bigger sign: When was the last time someone lost a USB drive to power surge? Absurdly unlikely.
- Quiz hugbunter with questions only the real hugbunter would know the answer to.
- Do not allow hugbunter access to any of your servers. Take his code have it audited and run your own vendor shops.
- Report
- Reply
- 2
- /u/HugBunter
- 3 days ago
- Well, you'd think so. I think it was more the power cutting off that corrupted persistence data. I'll reply to the post with a signed message anyway.
- Report
- Reply
- /u/HugBunter
- 1
- /u/OlympusMarket
- 3 days ago
- /u/HugBunter Please also answer the private message. Thank you.
- Report
- Reply
- /u/OlympusMarket
- 1
- /u/freetaykkk
- 3 days ago*
- /u/HugBunter can you reply to my message pls
- Report
- Reply
- /u/freetaykkk
- 1
- /u/HugBunter
- 3 days ago
- /u/OlympusMarket Will do soon man, going to check through my messages shortly!
- Report
- Reply
- /u/HugBunter
- 5
- /u/lsof
- 3 days ago*
- [removed]
- Reply
- 1
- /u/innovation
- 3 days ago
- Good point about pushing projects. To be fair OP said not to *trust* him with them however.
- Report
- Reply
- /u/innovation
- 2
- /u/Fuckthat
- 3 days ago
- /u/innovation feds are allowed to certain illegal activities when they are doing investigation.
- Undercover cops can sell drug etc etc etc.
- And feds do shit they are not allowed to do
- If I was a vendor I would never never never use his service after what happened. No offense but his power surge explaination and the time it's taken for him to be back are fishy.
- That is not FUD it's comon sens.
- The OP had enough balls to post what most of us are thinking
- Yes we like the guy and he did an amazing job with dread but I'm sorry there is no way I would trust him enough after that to work on a illegal project and Iwouldnt do business with vendor who have shop build with him.
- If I was a vendor I would prefer losing my money than losing my freedom.
- I don't understand how he can expect poeple to still trust him.
- No offense, I'm sure it's a good dude and I'm very sorry for him.
- Report
- Reply
- /u/Fuckthat
- 1
- /u/confusedasfuck
- 3 days ago
- /u/Fuckthat Exactly how i feel. Its a real shame because one two of the vendors that already sent him money is two that i was really fond of,but now i have to cut ties with them over this.
- Report
- Reply
- /u/confusedasfuck
- 1
- /u/VendyMcVendface
- 3 days ago
- Why would you cut ties with the vendors?
- Just use their/our listings on whichever market you prefer.
- Frankly I'm not sure if the private site I paid for will ever be delivered, nor if it is that it can be trusted.
- Report
- Reply
- /u/VendyMcVendface
- 1
- /u/fl3xb0x
- 2 days ago
- /u/VendyMcVendface Do NOT NOT use whatever "site" you paid for even if it ever comes to fruition.
- Be smart, not desperate.
- I know it was HB emailing vendors on here to advertise building them shops once Reddit slammed the ban hammer on everyone.
- Report
- Reply
- /u/fl3xb0x
- 5
- /u/Fuckthat
- 3 days ago
- Poeple wake the fuck up !
- You guys are seriously beleiving his power surge explaination ???
- /u/2happytimes2 a moderator here and a vendor have all his last weeks packs get seized by LE (domestic packs) went MIA during 1 week and he came back with a sketchy equipement failure explaination. He never show up after and he never refund his buyers.
- At the same time...
- /u/HugBunter went MIA more than 1 week too and came back with a sketchy equipement failure due to a power surge
- Yes he said he wanted take some time off, so what ??? you dont go in vaccation and not inform people you are doing business with nor your staff and come back with a fishy explaination like that.
- That is way too much equipement failure.
- There is no way you can check if the guy is compromised or not and that was true before he went mia.
- You guys shouldnt trust blindly
- Report
- Reply
- 2
- /u/confusedasfuck
- 3 days ago*
- People seem to think that a signed message and all is well. I dont believe that one bit because as we have seen before,when people get busted on darkweb they fold like a WET paper bag very easy. They hand over their pgp keys and all. 2happy2times and hugbunter are one in the same. Both come back with computer failure. Bullshit! Even the Dutch national police account typed on one those threads "Got em"
- Report
- Reply
- /u/confusedasfuck
- 1
- /u/fl3xb0x
- 2 days ago
- I absolutely believe 2happy has been caught.
- Spoke to him a couple weeks back about some hash, everything was seemingly fine. Then, logged into Dream a couple days ago and his profile is inactive with all listings taken down. With a message stating to come here and read up on what happened.
- Fully believe he was profiled, especially since he was shipping those mason and Quart jars of illegal liquor everywhere. Shit came in huge boxes and was heavy as fuck.
- His hash used to come in small orange envelopes with "organic fruit" written on the inside....Stupid as fuck because shipping fruit is still illegal too....
- These guys...
- Report
- Reply
- /u/fl3xb0x
- 3
- /u/skalde
- 3 days ago
- hmmm. Does it matter? Do you not treat ev1 like they're compromised? Always question your opsec.
- Report
- Reply
- 1
- /u/BeefyMcWhatnow
- 3 days ago
- Exactly what I was thinking. No offense to /u/HugBunter, but why do people assume he wasn't compromised from the start? I don't see how the "disappearance" changes anything, you should always use good OPSEC.
- Report
- Reply
- /u/BeefyMcWhatnow
- 2
- /u/Leximer
- 3 days ago
- The most suspicious thing is that 2happytimes2 is still a mod. You would think OPSEC pro hugbunter would be slightly worried about having LE on his mod team? He's barely even addressed the fact that someone that he trusted has either been busted or exit scammed, who left about the same time as he did? Perhaps they're tied together?
- Report
- Reply
- 2
- /u/dreadfucked
- 3 days ago
- Thats becuase they are both working for le now.
- Report
- Reply
- /u/dreadfucked
- 2
- /u/FatherTed
- 3 days ago
- HugBunter is the known doxer P, he used to run the forums onionland and doxbin and you lot are having him build your webshops OMFG youse are gonna get rekt
- Report
- Reply
- 1
- /u/innovation
- 3 days ago
- [removed]
- Reply
- 1
- /u/ghostcurser
- 3 days ago
- You guys do know that Hug had stated that they were planning to take time off exactly when they took time off right? It's clear as day on on of the posts on /dread ... it's pinned in fact.
- Report
- Reply
- 1
- /u/AJp0KZTiBIo4vpXw7
- 3 days ago
- Alright guys! I guess that means everything is a-okay and nothing is wrong!
- HugBunter at the start, and when the Reddit bannings happened, was very active and very response. He's been very distant recently and hasn't fulfilled promises and has been very quiet. Something isn't right. Just because he/they announced when they would be gone before they vanish, that doesn't mean it's a-okay. Should still be very skeptical.
- Report
- Reply
- /u/AJp0KZTiBIo4vpXw7
- 1
- /u/HugBunter
- 3 days ago
- /u/AJp0KZTiBIo4vpXw7 Considering the amount of work I've taken on by offering the Dread service and personal services on top of it, surely you should understand the amount of pressure that is on me and I'm trying not to rush the new work out, I was more active when I needed to be.
- Report
- Reply
- /u/HugBunter
- 1
- /u/AJp0KZTiBIo4vpXw7
- 3 days ago
- /u/HugBunter It's not even just the actual development process of it, but how you're handling the site overall. If you have such immense pressure on you from running the site, then surely you'd be working hard to keep it running smoothly? Instead you vanish for a while and then come back with pretty sketchy excuses.
- Report
- Reply
- /u/AJp0KZTiBIo4vpXw7
- 2
- /u/VendyMcVendface
- 3 days ago
- >You guys do know that Hug had stated that they were planning to take time off exactly when they took time off right?
- He made no such statement to me in private messages regarding the creating of the private site I paid for. We were back and forth about every other day, and at no time did he warn me he was going to take time off, further pushing back delivery of an already late site.
- Report
- Reply
- /u/VendyMcVendface
- 1
- /u/PurityRing
- 3 days ago*
- Let's not forget this is his second un-planned disappearance.
- The first time he went AWOL after taking a $1500 order from Anna-Counterfeit to build a site. She had plans for the future.
- Now she is totally AWOL. From "Excited for future business" to "Having the run-around from HB" to "Now disappeared"
- Bizarre stuff.
- Report
- Reply
- 2
- /u/confusedasfuck
- 3 days ago
- He also took 3,000 from Vendy mcvendface and has not even spoke to Vendy since. Im willing to bet both 2happy & hug are burned.
- Report
- Reply
- /u/confusedasfuck
- 1
- /u/PurityRing
- 3 days ago
- /u/confusedasfuck is Vendy McVendface still active?
- Both of them smell like burning from where i'm standing.
- And this place stinks of an Intel Op. Harvesting data from users that were previously somewhat protected by Reddit's data holding policy.
- The timing, convenience, these other oddities.
- Report
- Reply
- /u/PurityRing
- 1
- /u/ghostcurser
- 3 days ago
- They literally posted about taking a break last week. The post is actually pinned up on the /dread page right now! Go see for yourselves.
- Report
- Reply
- /u/ghostcurser
- 1
- /u/confusedasfuck
- 3 days ago
- /u/PurityRing Yes,he posted just a few hours ago. Im like u man this place Stinks right now. 2happy going Mia comes back with a lame response,then hug going Mia. i dont even believe the singed messages because as we have seen in the past when people get caught they give the Law everything including the pgp keys.
- Report
- Reply
- /u/confusedasfuck
- 1
- /u/HugBunter
- 3 days ago
- /u/confusedasfuck /u/PurityRing
- No idea what happened with Anna, been trying to contact them for weeks. When they posted about that, I literally told them before they paid /u/syntax would have your design over within 4 days. The very next day I hadn't responded to a message asking for an update and they made a post saying I had scammed them. Syntax provided their design within the time frame.
- Vendy sent payment and I provided the demo shop link and sent off the details for syntax to complete his design. I then set too short deadlines for myself to get his flavor of the vendor shop platform up and running to test and then of course I have had this absense.
- He'll also be updated tonight..
- Report
- Reply
- /u/HugBunter
- 1
- /u/confusedasfuck
- 3 days ago
- /u/HugBunter I hope and pray u are alright Hug. I never thought for one minute you was a scammer. That was the last thing from my mine when Vendy said you hadnt spoke to him since payment.
- Report
- Reply
- /u/confusedasfuck
- 1
- /u/Fuckthat
- 3 days ago
- /u/ghostcurser yes he talking about a break but he came back with a very fishy power surge explaination.
- Report
- Reply
- /u/Fuckthat
- 1
- /u/fl3xb0x
- 2 days ago
- /u/confusedasfuck Interesting...
- What if....
- HB has been sending out those emails to vendors on here promoting a Vendor Site Building business and asking for Vendors to send in however small or large of a sample they would like.
- I would bet $100,000 I am correct there.
- Now, maybe 2happy took HB up on his offer and sent HB $ and sensitive information.
- Boom, 2happy gets caught.
- Report
- Reply
- /u/fl3xb0x
- 1
- /u/HugBunter
- 3 days ago
- -----BEGIN PGP SIGNED MESSAGE-----
- Hash: SHA512
- I can't be without contact from everyone when I have technical issues of my own or personal life to attend to apparently, I would want people to be skeptical in my absense, but here is a mandatory signed message and ask me any questions you like.
- I, HugBunter am alive and free as of April 17th, 2018.
- -----BEGIN PGP SIGNATURE-----
- iQIzBAEBCgAdFiEEYTOs4fS4fFHb8/6l6GEFEPmm6SIFAlrWJewACgkQ6GEFEPmm
- 6SJHjw/+PBqjJA+1ZwPzTBL9zR3NR12cbkwN2UFuYh8WRHsx2nrLvFtxt0BvVbWK
- C8O5n2Skjtcsigce5iGM6Zci1fjTz05m8OcMZ22nlEwaFyqS6f7ovmGZSpm7D5eT
- 1ar8LP8JWfH7BLB7aMdpX/vfVHl8nAAwFYQCtlzLJgRB/d8MaVay+KUm3HmsVX2n
- SVNa9SU6U+7YbllJ9igHef5cPV5rsJmIZVpt+gAiqTSZDuXjFsFONZL5CScLo6fX
- mn3LP+W0GnfYAQ0Sdnz/Bgj2NanePPoV2msyW6+t4KV2kKGenOw0acRI7hP0rL5O
- Arz7hkH6vDt2TLb6rs2574KNHCZsgYLvh8+S+bWZdHmduTyuOydjqwtmMgQ0mhVf
- 8xm1NCwhMKWH7i2EVv9vG+o/eBNBHCoFw6fdrxlGc5wPLV0eAhuMzdiZ8+zpgFc8
- fQ7WKxd3ZrDc8bfmck2pfiVm3U+dpEe4WTsXXJMyZMNHZZzoEP1BIUap3cxrV1k+
- Gb7C+hiinMlsfpw8Z8AD6xyGJW26qM2gIJbdzmZHcrIm/TUdoJNtYx2L1R92yvid
- xlTcUlQk590hSA4EZyLIXnYt9qoSerxNFqVDOwoaGN9n8iBu5n/vsUB8NxS2CzzQ
- 4Fnw8Zf4JNrIr+vSJknc54yHMELHSS3imcQsOo5+aajzdD4Dz7A=
- =zEJ1
- -----END PGP SIGNATURE-----
- Report
- Reply
- 1
- /u/Haws
- 3 days ago
- ...but why leave us in the dark for so long...
- Report
- Reply
- /u/Haws
- 1
- /u/ghostcurser
- 3 days ago
- I feel like I was the only one that actually read into this more than one second... I saw the post that you wrote last week about taking time off. Then you took time off. But then everyone immediately assumed the very worst! Either way, Glad you're back.
- Report
- Reply
- /u/ghostcurser
- 1
- /u/HugBunter
- 3 days ago
- /u/Haws Didn't have my PGP key or any passwords, also limited internet access, with no way to verify and I didn't expect to be away for so long I had to leave it until now, I didn't honestly expect people to have really noticed.
- Report
- Reply
- /u/HugBunter
- 2
- /u/AJp0KZTiBIo4vpXw7
- 3 days ago
- A signed message would be useless if you just give it to the authorities.
- I'm still skeptical.
- Report
- Reply
- /u/AJp0KZTiBIo4vpXw7
- 1
- /u/AJp0KZTiBIo4vpXw7
- 3 days ago
- /u/HugBunter You're surprised people noticed the owner of a Tor site where people discuss illegal activities vanished for a bit??
- Report
- Reply
- /u/AJp0KZTiBIo4vpXw7
- 1
- /u/Fuckthat
- 3 days ago
- /u/ghostcurser he didnt took time off he said he had an equipment failure caused by a power surge.
- That make sens for you ?
- Report
- Reply
- /u/Fuckthat
- 1
- /u/confusedasfuck
- 3 days ago
- /u/AJp0KZTiBIo4vpXw7 Exactly what i been saying. As we have seen in the past when darknet vendors and admins get busted they fold like a WET paper bag and hand everything over to LE. even the dutch national police account said in one those threads "got em". Now i dont know if that account is really them or not but seeing how they like to brag about things it would not surprise me the least bit.
- Report
- Reply
- /u/confusedasfuck
- 1
- /u/DarkDotFail
- 2 days ago
- Limited internet access? on Earth? Stop sharing more details you're making it more complicated for yourself :)
- Report
- Reply
- /u/DarkDotFail
- 1
- /u/HugBunter
- 2 days ago
- /u/DarkDotFail By that I meant, travelling with no internet access other than an internet cafe etc. I would never connect from there insecurely.
- Report
- Reply
- /u/HugBunter
- 1
- /u/throwsmeways
- 3 days ago
- did you ever enter the fxp scene?
- i had something similar my friend.. all i can tell anyone reading this: trust noone, keep your mouth shut, dont spill personal details, keep your pc and house clean!!!!!
- Report
- Reply
- 1
- /u/throwsmeways
- 3 days ago
- and make sure your "getting ready procedure" requires at least 5-10minutes and multiple passwords/encryption layers which are MEMORIZED
- Report
- Reply
- /u/throwsmeways
- 1
- /u/luggagegaiters
- 3 days ago
- I am mostly disappointed that Hugbunter lied about him having nothing to do with Libertas when its now very obvious that he is the admin or at least plays a very big part in Libertas (like main developer), since he always lied about it i can not trust anything he says now :(
- Report
- Reply
- 1
- /u/PartyTime2018
- 3 days ago*
- [removed]
- Reply
- 1
- /u/HugBunter
- 3 days ago
- -----BEGIN PGP SIGNED MESSAGE-----
- Hash: SHA512
- Ok so, I would like to address your points directly regardless. I have proved my identity, but doesn't cover your own story which may or may not be true as this seems to be directly attacking my services now.
- 1. ENCRYPT YOUR PMs everywhere I know the majority of you aren't doing it. assume LE is reading everything. it does not matter if you encrypt.
- > This should have been happening since the start and I have pushed for auto encrypt to be removed from markets and start enforcing PGP to be used wherever necessary.
- 2. Don't trust hugbunter with illegal projects. assume that if there's any way he convinced LE he can return it's by telling them he's working on vendor shops and can provide not-pgp shipping addresses. anyone trusting him with vendorshops is insane.
- > My vendor shop platform, doesn't allow unencrypted addresses and doesn't provide auto encrypt. Buyers are forced to provide the encrypted message(s) themselves, otherwise the message isn't sent.
- 3. they have his PGP key if this happened assume any previous communication is compromised even if encrypted to him
- > I would never hand over access to my PGP key, would not be willing to make any sort of deal. If I go down, it dies with me, I've said this from the start. Why would I spend all of my time protecting users, to then fuck them all over in order to save myself? Also, this is a forum, not a market, so most of what you are saying doesn't actually make sense.
- > 4. assume everyone keeps jabber chat logs out of vanity even very smart people
- I don't, I do not see the need to keep jabber logs, I save any information I need such as payments to keep track of, stored encrypted of course. But yes, no one should be storing their chat logs.
- > 5. if a rules here about sourcing change especially if dread doesn't allow FENT to be sold then you know some cop scared the shit out of admin. USA hates fent
- I already made comments regarding fentanyl following launching the site, I'm not fond of it but won't be censoring discussion. The rules haven't even been updated to include that I don't allow direct sales here.
- > 6. dont use any username here you used on alphabay hansa or silk roads!!
- No one should be doing this anyway, other than vendors.
- -----BEGIN PGP SIGNATURE-----
- iQIzBAEBCgAdFiEEYTOs4fS4fFHb8/6l6GEFEPmm6SIFAlrW1gsACgkQ6GEFEPmm
- 6SJXgBAAm4xkJX5UWDOE1U+0dTD6+JHLVVF8b1nHvBlMDo/D25AVy0FO/5xzDqXt
- vY4gqhEQBXXZQodM6xJUfBIY4v8V1mDASWFatvZgdXypKd0t6AvJTeZGTP9CNh+8
- NcCRFta870BFqLE1Vlmu/V9qIlxLBZg3e4v9KxpQQJoJs81TFlTaMas9F19tm4k0
- BslkybchWmxYiUp/O6Bd+DDq7XN6G3/HOSFM7rpkfqQxwY39gpDL0zK34UZ2HO3E
- lb0nO6iUIBQpS1d9f/661t+WEUv87lbPIpUdEbKc/V/zwRoXgmSEjhCwC/2a/OOn
- mNQTrMSzJmlElntnckr8hb9Syk75b25WH8fB/2e0HZ8n6EwOQdl/MQ39Oy7Yq3xi
- 2Dk/J66OrzQ/SUXe+uhIQMiDoeoGnVzs7UbpbjrYoOjf/yLqSXH6KMuP9YgAZH16
- 3kNfEHUV+ajVfi+QnyIUAAodHWNbztvfOrtdwZq/HnqCoV0f7yfn92er+BQnTSAu
- OWkd2ADgEb71Z85r3FUmMVtWvMB0qvnszZO+3V+hzhT+AAQm04t+vANDRpbhdtPO
- yfkRf+chTBhvOpnHDVp6uYq+wwL+HnrUhOPl0OLKNQniczvSCzLfgfVE7d9vowfZ
- cHM+bNOfzIa8MsT33b0U0oLdULRdZUlUd+2eGPd9yOBvqMVcSdQ=
- =XhP6
- -----END PGP SIGNATURE-----
- Report
- Reply
- 1
- /u/technigeneric
- 3 days ago
- Bullshit, I've been calling out hugBunter for weeks now and all I got was, you don't know what you're talking about this is HugBunter it must be right cause he did it. This whole place is a fucking honeypot. And take that mod shit off my account and delete it. Fucking forum log on one day and I'm a mod to a sub I never asked to be in? Then ask to start a sub with levels of pgp so that vendor tactics would stop being talked about in the open and I get oh sorry. Too new to be a mod, bitch I wasn't when your fucking stim douche made me one out of nowhere. Turned me down because my sub would have ruined the whole point of this honeypot. And honeypot? ha, theres not one captcha or login required in this site till you try and post, read,copy whatever the fuck you want. Before all this happened I proved that I ran a crawler on the site for hours w/out a hitch. The almighty fucking HugBunter. Come on bitch. Before this shit site you knew what my clearnet site is so take it down. Come on almighty bughunter I want to see you do it.
- Remove Reply
- 0
- /u/HumboldtGrowers
- 3 days ago
- Dam. Just sent him 6500$ for advertizing and a website. FML
- Report
- Reply
- 1
- /u/Leximer
- 3 days ago
- Ask if toucan get your money back. If you just did it, no work was done so ..?
- Report
- Reply
- /u/Leximer
- 1
- /u/HumboldtGrowers
- 3 days ago
- Yeah no work has been done it has been a week with no reply and i paid him 3 weeks ago
- Report
- Reply
- /u/HumboldtGrowers
- Dread
- Design by /u/syntax
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement