Four widely-used hacking forums operating on the dark web have been compromised in a series of cyber attacks, with unknown attackers seizing the personal data of members while also siphoning away cash.
Over the past few weeks, attackers have stolen user databases from these forums, which have included email addresses and hashed passwords, according to security researcher Brian Krebs. The incidents have left members of these sites worried that subsequent leaks could reveal their real-world identities.
The most recent hack, affecting an invite-only cyber crime forum known as Maza, took place this week, with security firm Intel 471 revealing that its users were redirected to a breach notification page upon signing in. This was posted alongside a 35-page PDF file allegedly containing a portion of forum user data, comprising more than 3,000 rows of usernames, partially obfuscated password hashes, email addresses, and other contact details.
The Maza hack follows attacks against Verified in January, Crdclub in February, and Exploit last week - all well-known dark web forums. This is in addition to a recent fifth attack against Hydra, a dark web marketplace known for the trade of illegal drugs and other criminal services, according to reports from Russian media.
“The incidents show that even perpetrators of cybercrime aren’t immune from experiencing the fallout that comes with personally identifiable information being made public,” Intel 471 said in a blog post.
“Various cybercrime forums are alive with chatter following the breaches, with nefarious actors wondering if their real-world identities will be discovered thanks to the leaked data.”
Some forum members have speculated these are the efforts of government agencies, although Intel 471 has cast doubt on the theory due to the public nature of these attacks. Krebs also reported that members across these forums have questioned whether the wider strategy is to sow distrust across the community, with cyber criminals now fixated on which platform would be compromised next.
The security company added that while the perpetrators haven’t identified themselves, they have indirectly given researchers an advantage. All information unearthed from these breaches will help in the fight against cyber crime, Intel 471 said, due to the added visibility it gives security teams who are tracking forum members.
Following the initial attack on the Verified forum, hackers then claimed on another site, Raid Forums, that they had taken Verified’s entire database of registered users and associated information, such as private messages, hashed passwords, and posts. The attackers also managed to steal $150,000 (approximately £108,700) worth of cryptocurrency from Verified’s Bitcoin wallet.
Online safety: A leader's responsibilities
Sample our exclusive Business Briefing content
Crdclub’s administrator, a month later, announced the forum had sustained an attack in which their own account was compromised. The attacker was able to lure members into using a money transfer service that was supposedly vouched for by administrators, which led to an unknown amount of money being diverted away from the site.
Last week’s attack against Exploit saw a proxy server used to protect against distributed denial of service (DDoS) attacks compromised by an unknown third-party. The forum’s administrator said that a monitoring service had detected secure shell (SSH) access to the server, and had attempted to capture network traffic.
Intel 471 has said its researchers will continue to monitor widely-used cyber crime forums to assess how these incidents have affected members of the hacking community.
