The Case of Happy Hacker
Unmasking BX1
Scenario:
In 2013, Hamza Bendelladj, also known as BX1, was arrested for developing and spreading the SpyEye banking malware. SpyEye infected thousands of systems, stealing banking credentials and financial data. However, before his arrest, BX1 allegedly left behind a hidden message—a final piece of evidence leading to his secret transactions. Your mission is to track his digital footprint, uncover his hidden message, and reveal the final flag using OSINT techniques.
Identify Known Aliases and Online Profiles
● Find all known usernames and aliases used by BX1 on hacking forums and social media.
● Discover any leaked credentials or past activities on underground websites.
What was BX1's most commonly used hacker alias besides "Happy Hacker"?
Analyze Public Communications & Extract Metadata
● Locate a leaked arrest photo of Hamza Bendelladj and extract hidden metadata.
● Find any hidden messages in past social media or forum posts.
What city was BX1’s arrest photo taken in?
Investigate the SpyEye Malware Network
● Track the distribution networks used to spread the SpyEye malware.
● Find details on affiliates or sales advertisements on dark web markets.
What domain name was once used to sell SpyEye?
Decoding the Hidden Digital Footprint
Track the digital traces left behind by BX1's SpyEye malware through its network of infected machines. Your mission is to follow the breadcrumbs of communication between compromised machines and uncover key artifacts that link to his activities.
What was the IP address of the last known active C2 server used by SpyEye before its shutdown?
Uncover the Final Flag in an Encrypted Message
● A PGP-encrypted message was found on an old hacker forum.
● You must decrypt the message and retrieve the final flag.
What is the hidden flag inside BX1’s final encrypted message?