Stefano Zanella

Discover anonymous questions on ask.fm

Learn how to discover the person behind that idiot question on ask.fm

3 min read By Stefano Zanella

Back to 2015

For the ones who were not lucky enough to ask and receive anonymous questions on ask.fm, well you probably lost a lot of fun in your young age! Now i am seeing that on the internet there are multiple services that allow the same source of fun (Tellonym, NGM, ...) but the first one has been ask.fm

Who wants to know the fuckin bastard who asked that stupid question over your crush?

Everyone! The willingness to know the person (aka stupid child) behind that question was incredibly high. The topic of the nights passed with friends were about speculating over anonymous questions and guessing was at the order of the day. The curiosity toward this (now) stupid topic was incredibly high for people of 16 years old. Actually i would say that knowing who did some anonymous thing is really fascinating even at 27!

TADA! scoprianon.altervista.org

This is when, in the mind of a really young curious of the wild web, an incredible idea popped out! What if i am going to build a website that allow people to know the person behind that insult? Or better, what if i am going to build a website, that convice people that they will be able to know the person behind that insult?

In that period i was eagirly leaning some social engineering stuff, how easy was to make people believe certain things and how the most impactful vector attack is people.

So with my basic knowledge of HTML, CSS and PHP i made a simple web page, informing the user about my experience (WHATT) in security and that i ve created a way to discover anonymous people of the questions. The only thing needed from the user was to provide username and password through a form and wait for 3 days due to the high amount of requests. Yes, you read it right! Provide username and password through a form and wait for 3 days due to the high amount of request.

Of course, as you can imagine, there was no way to discover identities behind anonymous questions, but there was an easy way to get thousands of ask.fm accounts in my email account. In the following i received an abnormous quantity of credentials, so many that i stopped everything, being worried to get caught by the police (at the time i was 16, so please forgive me!).

Conclusion

Now ask.fm has been closed (sigh) and my glorious and highly effective website has been dismantled. But the internet is a wild place. There is no identity here and bad actors are always seeking for unaware users. Be careful and enjoy navigating the web!