World of the CT, Realm of Deception A Technical Essay By Ian R. Curella (Suspicious_c) ~ A magician stands before an excited audience, preparing for the first illusion of the show. As the audience looks on, the magician turns away slightly placing a small red handkerchief into the palm of his hand, keeping it out of the peoples line of vision. As the audience looks on, he makes several gestures with his empty hand, keeping their attention on that side of his body. In a flash, he reaches into the hand holding the handkerchief and pulls on it slightly, revealing it to the audience as though it appeared from thin air. The audience claps as the magician bows and gears up for the next illusion. Why wasnt the audience aware that the magician had the handkerchief in his hand the entire time? Why were they so surprised when the handkerchief miraculously appeared? Well, its called misdirection, a tactic often used by magicians while performing their illusions. However, misdirection as a tactic can be used in several different ways, not related to the world of magic. In this technical paper, I will attempt to explain several of these techniques as they relate to how people are often manipulated into believing cleverly crafted falsities. I will also examine those who use these deceptive measures and perhaps why they spend a vast amount of energy and dedication creating the fictional environment in which these tactics are so often successfully performed. Join me as I take you through the World of a Career Troll and into his Realm of Deception. Ever thought of how a serial killer picks his victims or what brings a sexual predator into the dark alleys in which they often find their prey? Well, we could say its just insanity that drives this evil, however, insanity, perhaps is too broad a term. The explanation lies in their dedication to their world, their reality. The same type of sickness can be found in some internet trolls. A troll is a chat term that refers to a person that takes personal satisfaction in disrupting the chat room, belittling users, or attempting to overwhelm the chats users with their superior knowledge of a particular subject. Ah, but some arent just trolls, theyre more than that. Theyve made this behavior into a science. Usually, its just a young adolescent in search for the attention that he or she may not receive from within their households or at school. Or, perhaps a bored spouse that isnt receiving the love and affection from their marriage that they would like to be. Last, it could be just a single man or woman with low self-esteem that desperately needs recognition. This behavior, for the most part, is temporary and will stop once the persons needs are met. However, there lurks another type, the worst and perhaps, most dangerous of the group. This type is the career troll, normally a career fraud and habitual liar as well. The CTs, in which I will herein refer to them as, are actually, borderlinesociopaths. The CT is beyond hope in the conventional sense. They exist only for the purpose of feeding on the attention and ignorance of other chat users, draining their mental and physical energy like vampires. In the world of the Internet, the CT can thrive vigorously for as long as he or she desires. The chat room has become their world, their reality. With that being the case, the CT can manipulate reality as they see fit. They can change names as many times as needed and hide long enough to begin feeding again, then just resort back and forth under whatever name they fancy at that particular moment. They often create an entire separate entity, complete with a life history, skills, names, and friends. In rare occasions, the CT can perfectly act out whatever part is needed in order to feed. However, like most deceptive tactics, the CTs role-play is only as effective as the people who are willing to believe it. So long that theres one person to be an audience, the CT can feed and will linger for as long as that audience stays available. Understand, without an audience, the CT has nothing to feed on and will quickly move on. For example, how exciting is a magic trick for a magician if theres no one to see him perform it? The same applies to the CT. The CTs world is based entirely on deceit. Deception is the mechanism that drives the CTs engine. CTs are powered by it. Naturally, truth is the CTs worst enemy. A CT can be superman in their made up world, but even superman had a weakness, as do CTs. No matter how long theyve cleverly thought out their character or lived in their made up world, truth is the CTs Kryptonite. However, before the truth is revealed, the CT goes through a series of well mastered tactics in order to avoid the truth or being caught. Those tactics are the basis for this paper. They are Diversion, Misdirection, and Evasion; coupled with something I have termed Indirect-Misdirection. I will attempt to explain them in detail and give examples of how to identify and ultimately defeat these CT tactics. Understand, an experienced CT has mastered these tactics to precision. Revealing a CTs true self isnt an easy task. As a matter of fact, its nearly impossible, however, this paper should help one understand how a CT works and how to avoid being fed upon. In order to understand the tactics of a CT, we must first look at what happens during a CTs feeding session. Phase one of the session begins with a baiting phase. Upon entering the chat room or shortly thereafter, the CT will make a comment that he knows will incite a reaction. This reaction is called the hook. It allows the CT to begin feeding on the emotion caused by the reaction to the bait comments obvious controversial and argumentative nature. The comment is laced with a hidden agenda, and most people can see that. Thus is why this phase is vital to the CTs routine. Without a response to the baiting comment or question, the CT is forced with either a second attempt with new bait, or having to move on to another room. However, sometimes, the CT will wait until someone says something that he can bait with a response. I suppose this would be called a baited response. This too, is wrapped with arrogance and normally has an insulting theme to its delivery. This is often a quick way for the CT to begin feeding. He can sit and lurk for a short period of time, and feed without a lot of effort using a baited response. This situation can be compared to a fish just jumping in the fishermans net. The fisherman accomplishes his task with ease because he really didnt have to do anything but sit there and wait. The same applies here to the baited response. Phase two only takes place following an acceptable response to the CTs bait. Phase two is the shock and awe phase of the session. Its where the CTs deception is the most obvious. The victim is overwhelmed with massive amounts of information, normally obscured (not necessarily complex), just obscured as to imply a CTs superior understanding of the particular subject. This is the greatest weapon in the CTs arsenal. To anyone that doesnt fully comprehend the obscure topics, the CT can begin to inject his own personalized perception of himself into the persons mind, causing them to fall victim to his ranting and well, become his next meal. Understand that this tactic is a stacked attack. The CT hopes for an information overload by piling up obscure terms, names, or theories on a particular subject. Hell pile it on thick until the person has no choice but to comply with a simple Yeah, thats right? or I see what youre saying?. However, the person has just been injected with informational toxin that will spread until he or she doesnt have any mental fortitude remaining to disagree. A known CT often uses Computer Networking as his Modis Operandi. This is due mainly to the fact that Computer Networking has thousands of various terms, theories, and acronyms to flood the persons mind with. Not too mention, its practically effortless to read pre-defined questions, terms, or theories from previously saved and quickly accessed text files. There are times where the information injection doesnt follow directly after the baiting phase. This is where the CT desires to possibly build his credibility as an expert of his chosen M.O.. This is done with Indirect Misdirection and External Validation. First, a CT will never directly admit to being a so-called expert. Indirect Misdirection is where the CT admits that is he NOT? an expert of the topic and continues by explaining a common characteristic that an expert of the topic would have. The CT then proclaims to have the characteristics he previously mentioned. Thus, the Indirect Misdirection has been used and the CT subliminally states hes an expert.. Heres an example: If I wanted to make a person believe I was a good cook by using Indirect Misdirection, I would begin by saying that Im not a good cook. Then I would say, a good cook doesnt burn food. Perhaps I would even just assume the person knows that a good cook doesnt burn food. I would conclude by saying Well, I dont burn food?. So the example would be I m not a good cook but I dont burn food.? This is a very simple example of Indirect Misdirection and most likely youll never see it in such a simple form, however hopefully the simplicity of the example was better understood than a more complex one. (In which most CTs will deliver it) Now, often CTs will combine Indirect Misdirection with External Validation. External Validation is where the CT will re-direct his credibility to an external source to be validated. This external source will normally be a friend (already fed upon and injected numerous times) or a person that the CTs deems as being knowledgeable enough to confirm the CTs superior understanding of the said topic. More times than not, the CTs friend or selected witness is either a CT as well or isnt in a position to confirm the CT at all. However, the CT is validated nonetheless and the feeding continues. The logistics of this is that if the CT uses External Validation, one could defeat the tactic by shifting focus from CT to his external source. However, this isnt a good practice, for the CT could still feed simply because you are spending the energy not to reveal his true self, but to argue the credibility of his external sources. Not too mention, if his externals are also CTs, they all could feed on you at once. It would be best to keep on topic and focus on revealing the CTs true self, while keeping in mind, External Validation is being used. Now, during the long periods of feeding sessions, a CT will amass a large number of enemies and even hunters. Hunters are opponents that purposely seek out a CT in order to prevent it from feeding. A hunter is normally someone who understands that the CT is a liar or a troll and seeks to reveal that to anyone that might be caught sleeping, so to speak. A hunter will often confront the CT directly and ask to see proof of the CTs expert understanding of the topic in question. However this sometimes backfires for the CT is a master of his world and thus, he can jump backwards, bait and inject the hunter with more information and actually feed on the hunter instead of the original victim the hunter was trying to prevent from being fed upon. However, hunters soon find that Information Injection is about the only proof a CT is willing to give. Remember, the CTs world is fictional. So anything that could threaten the continuum of this fabrication, hell tend to stray away from. Besides, if he has to do something other than what hes already practiced, memorized, or has stored previously, he cannot feed and that isnt the CTs purpose. Hunters sometimes see examples of this when they attempt to show or teach the CT something. Being CTs, theyre not really capable of receiving new information easily, especially if its not in a term or theory format. This is why, over a long periods of time, a hunter will see a CT reuse topics or terms that were argued upon previously in some other session. This could happen over and over, with the CT altering just enough of the topic to give the illusion that its a new discovery or finding. Although, its most likely been in the CTs notes for a while. During a normal confrontation, the CT has the advantage. This is because a CT chooses his opponents carefully. The selected opponents are, either an amateur of the subject or uneducated in the M.O. topics of the CT altogether. As stated before, amateurs will find themselves facing a foe that can spurt off information of the given topic, verbatim to anything they can look up or ask. Again, its Information Injection. However, when confronted by a hunter, a CT will change his mode and quickly turn to the next tactic, Diversion. Diversion appears to be one of the only ways a CT chooses to defend himself against a hunter. When a CT begins to be questioned by a hunter or is confronted directly about a particular contradiction, he quickly diverts to another area or topic that he feels comfortable with. The CT usually just jumps to another area thats listed in his topic M.O. and begins to Redirect the focus of the confrontation to the credibility of the hunter. Redirection and Diversion go hand and hand at this point. Diversion is used to steer the audience away from the truth while redirection is used to switch the focus to the opposing force. (Note: An experienced CT has the ability to use all of the tactics at once, in a row, or in combinations. It is extremely difficult to follow exactly whats happening until you understand all the tactics and can recognize them right away). During this time External Validation is often used to Divert and Redirect the confrontation away from the CTs true self. A hunter will often see the CT reaching out for assistance if severely threatened. Its compared to someone sinking in quicksand, desperately clawing at tree limbs, trying to escape. This actually does succeed more than you would think. The reason being is that the hunter grows tired and weak from being fed upon from so many directions that his keenness isnt at its prime, where it should be. Hes shot in so many directions that sometimes; the hunter cant keep up. Nonetheless if the hunt is successful, the next CT tactic is introduced, Evasion. Evasion occurs after the CT has been more or less defeated. He wont necessarily leave or give up; he merely stops attempting to feed for that session. He could, perhaps ignore the hunter or leave the room. However, the CT merely migrates to another room and begins the process all over again. The CT can be elusive and migrate several times before finally stopping to restart the process anew. While doing this, the CT also passes another tactic into the list. If he was evading a previous confrontation with a hunter, he will use that situation as bait to lure in another victim for feeding. This is called Retreat Baiting or Baiting on the run. After a CT faces a hunter, he himself is drained of energy and quickly needs to refuel in order to gear up for another normal feeding session. Using his confrontation with the hunter as bait for someone else, he refuels. This is normally the last tactic the CT uses before the actually accepting defeat. (Although this doesnt happen often and when it does, its not for long) The final tactic (The Coup De Grace) isnt really a tactic. Its more like a behavior. The CT, realizing that hes not going to be feeding or fearing that more hunters will show to oppose him, will go into stasis. Hell lie dormant and silent. However, if any condition that allows the use of any of the previously mention tactics becomes available, hell resume his attempt to feed. An example of this would be a friend or fellow CT entering the room, or a chance to bait a less formidable and easier target. Conclusion: I hope this paper has provoked thought and helped you understand the workings of a CT with the tactics used by them. Remember a few simple rules when dealing with them, it will bring up that Coup De Grace a lot sooner and hopefully before youre too drained to actually do what you intended when you came into chat in the first place. Below I have annotated some logs of where a known CT displayed several of the tactics I have discussed in this paper. But understand, normally this particular CT doesnt use his tactics in text; he prefers a chat rooms voice service to verbally do his feeding (its because his topic M.O doesnt include expert typing) Enjoy and happy Hunting. Suspicious_c Example of Baiting and External Validation Elus1ve: sugar , i am in the windows rooms , we talk about domains, active dir, security , lots o shitinstead of "haxoring the planet" like most tards in here] elus1ve: you see , sugar , thc has yet to configure his first domain , but can call himself a hacker elus1ve: he also says he knows ALL ABOUT asm and memory ..ask him what a GDT is elus1ve: its purpose elus1ve: and if he says he does not know..then laugh when he says he knows asm elus1ve: and like i said , HE CANNOT EVEN AFFORD A FUCKIN MIC elus1ve: so what have you been up to sugar?) Example of Indirect Misdirection (although somewhat obscure) laventa...no not hardly im hate being a boss i like being a simple worker doing my own thing getting a job done i like to actually work Example of Diversion and Redirection uproot: I just dont see how you can hack "invent something new if all you do is explore the technology and functionality made by others uproot: I call that a user deceptive_measures: uproot..you sit thee ant talk like your punk ass has made a handful of expolits ..name one son uproot: a hacker is someone who breaks the mold in their feild one_clockwork_orange: deceptive are you hidden agenda? gr1m_r34p3r5: It is everyones loopback IP in IPv4. In IP v6 the loopback is: 0:0:0:0:0:0:0:1 or otherwise: 0::1 one_clockwork_orange: decompiled... is he? deceptive_measures: break the fuckin mold..you follow the leader son This is another more clear example of Indirect Misdirection deceptive_measures: i say once more..you must have shit in your ears.. i DONT CARE TO BE A HACKER later in another feeding session an example of me as opposed to the other "haxors" in here when i get an ip ..i think ahead..i plan i do an arp poison because i am limited in "spoofing" (my network has egress filtering/source route blocked) and i can "impersonate" another segment ip...and i get the reply back and when i ping..i go hope on a public 7206 looking glass router read..my point is ..i dont go race to my prompt and type fuckin PING! Example of Information Injection w/ a Bait Comment i know the messenger service and how it uses rpc ...cant the same type of "alert" message be sent w/ a port 138 nb datagram MAILSLOT message w/ the targets ALERTER service running....and if so ..what client is out there to do so? would anyone know where , on a win box ..you would (or could) alter the broadcast segment address so you could use a datagrm MAILSLOT in a unicast environment? here i am asking about BROWSER MAILSLOTS on port 138 and how to send an alert message...go see if you can find that on a "haxor" page...i think of my own shit and new ways to try shit...one day the kids(sheep) might also learn that approach More Indirect Misdirection and Baiting i do shit on a scale that most have no clue on doesnt make me better..makes me unique in approach is all i just hate being PREDICTABLE More External Validation ill ask my friend protocol--he is one of the few that has a clue This is a prime choice example of Indirect Misdirection just a land of mouths i tell people what i know and what I DONT KNOW so i cant be too egotistical lol LMFAO oo_ug because i always point out my flaws A prime example of External Validation crayon , you seem to be the only one in here that has any clue whare i am comming from ive actually watched you since we talked , you take this shit quite seriously and you THINK FIRST before you act most kids dont Here is another great example of Baiting >>> maintained_state has joined the room anyone in here do any packet crafting? lol its hidden agenda nevermind----i see recess is in session (No, a feeding session) ill wait for hazzard sup web have you played w/ packet crafting crayon? (Here hes trying to feed on crayon blatantly) Here is an example of Baiting and External Validation then later, a Retreat Baiting (casting out a new line into the water from the boat) damn you people are fuckin RUDE lolf youre an idiot that thinks everybody else is fuqt thats your problem just rant it out :> thats why you come here each day isnt it. :] go on. were listneing *listening even were gonna pat you like a puppy dog heck, you may even cry on voice if you want though that usually happens by itself anyway crayon , get that shit yet? < sits and waits for intelligent minds Here is an example of Baiting/ Information Injection and Injection Recurrence elus1ve: and i HATE masm elus1ve: i cant stand the syntax elus1ve: i use nasm gantrep is back. gantrep: i use pimpasm elus1ve: and the ide elus1ve: < would never use something stupid called "pimp" asm elus1ve: sounds all "haxor" ish gantrep: NEITHER WOULD I BECAUSE IT DOESNT EXIST THATS WHY ITS A JOKE elus1ve: asm is just fuckin MEMORIZING elus1ve: all int ..and functions inside elus1ve: i stick w/ network shit Here is an example of External Validation with some who doesnt understand a word hes saying so its also Information Injection and Overload sugar...i think in the next few days , im gonna get back into using DEBUG and doing some memory mappping...laying off network shit for awhile..the stuff i want to do , route injection , is mainly layer 3 shit anyway , and there are no tools to do layer 3 packet injection in windows.. i use netcat as my injection source and that does not support layer 3 i use lcrzo , but those are defined scripts , i have no way of writing my own they need to port the nemesis engine over to win32 Another perfect example of External Validation i met a friend of lamezoids,and we talked yesreday in H3... but anyway,not trying to brag,but after an hour long discussion,he told me i had "great potential and talent" and was "so impressed a mind like mine was walking around" he said the way i look at things unlike the "standard way" was something quite unique EOF