A Wannabe Hacker Thought I Was a Hacker and Tried to Hire Me

A couple of weeks ago, I received an email written in Russian from a throwaway Gmail account belonging to someone whose name appeared to be "Artem."

In his extremely short message, Artem told me that he had watched a video on Stegosploit, a technique with which you can get hacked just by looking at a picture online, and needed me to send him "files."

"We need Stegosploit," Artem wrote. He clearly believed I was the creator of the tool—probably because I wrote about it for Motherboard.

I was curious, so I asked him why he needed Stegosploit.

Artem said he was interested in my "development," and asked me how much I was willing to sell it for. He punctuated the email with a dollar sign, just to make sure I understood what he meant.

In the underground world of cybercrime, malicious hackers can either develop their own hacking tools, like the creator of the infamous Zeus malware did, or buy them from somebody else. Hackers who don't write their own tools or exploits are commonly, and scornfully, referred to as "script kiddies" or "skiddies." (It's worth noting that these days, even seasoned hackers use somebody else's code, so the definition has lost some of its original meaning.)

I played along, and asked him how much he was willing to pay.

"Come this way!" he wrote, finally in English (after I asked him to, so that I wouldn't have to rely on Google Translate only). "Here is my file!," he added, linking to a file he claimed was a .jpg image file. He said he was willing to pay me $200 if I turned that regular image file into a weaponized one using Stegosploit.

"You do send me, I check," he said in his next email. "If it works, then I will pay for the files."

I asked him once again why he needed the files, but he ignored my question and asked me if I could do what he requested.

Note that this whole conversation, happened on my VICE email, and Artem never realized he wasn't talking to the actual developer of Stegosploit. He didn't even realize he was talking to somebody that's not even a hacker.

At that point, I stopped trolling and told him I was not the author of Stegosploit. Seemingly unfazed, Artem asked me if I could put him in touch with the creator.

That's when stopped answering Artem, and I shared this exchange with Saumil Shah, the person who actually came up with Stegosploit.

Shah told me that he believed he received an email from Artem a few weeks ago as well, and that "almost every day" he gets emails from people asking for help using his technique or the necessary tools.

"Most of them ended up being script kiddies who were too lazy to search," he told me in an email.

If they weren't that lazy, they'd see that Shah published an article on how to recreate Stegosploit in a recent issue of an online zine called The International Journal Of Proof-of-Concept or Get The Fuck Out.

"The problem that most of them face is that they don't read through the article on how to extract the tools hidden in the PDF file, and then how to use them," he added. "At least this separates the hackers from the kiddies."

Artem, who is clearly a wannabe hacker, should perhaps learn to be less lazy if he wants to hack people with sophisticated techniques.