Widely-used cyber crime forums targeted in hacking spree

Security researchers say hacker-on-hacker campaigns indirectly help the good guys

Four widely-used hacking forums operating on the dark web have been compromised in a series of cyber attacks, with unknown attackers seizing the personal data of members while also siphoning away cash.

Over the past few weeks, attackers have stolen user databases from these forums, which have included email addresses and hashed passwords, according to security researcher Brian Krebs. The incidents have left members of these sites worried that subsequent leaks could reveal their real-world identities.

The most recent hack, affecting an invite-only cyber crime forum known as Maza, took place this week, with security firm Intel 471 revealing that its users were redirected to a breach notification page upon signing in. This was posted alongside a 35-page PDF file allegedly containing a portion of forum user data, comprising more than 3,000 rows of usernames, partially obfuscated password hashes, email addresses, and other contact details.

The Maza hack follows attacks against Verified in January, Crdclub in February, and Exploit last week - all well-known dark web forums. This is in addition to a recent fifth attack against Hydra, a dark web marketplace known for the trade of illegal drugs and other criminal services, according to reports from Russian media.

“The incidents show that even perpetrators of cybercrime aren’t immune from experiencing the fallout that comes with personally identifiable information being made public,” Intel 471 said in a blog post.

“Various cybercrime forums are alive with chatter following the breaches, with nefarious actors wondering if their real-world identities will be discovered thanks to the leaked data.”

Some forum members have speculated these are the efforts of government agencies, although Intel 471 has cast doubt on the theory due to the public nature of these attacks. Krebs also reported that members across these forums have questioned whether the wider strategy is to sow distrust across the community, with cyber criminals now fixated on which platform would be compromised next.

The security company added that while the perpetrators haven’t identified themselves, they have indirectly given researchers an advantage. All information unearthed from these breaches will help in the fight against cyber crime, Intel 471 said, due to the added visibility it gives security teams who are tracking forum members.

Following the initial attack on the Verified forum, hackers then claimed on another site, Raid Forums, that they had taken Verified’s entire database of registered users and associated information, such as private messages, hashed passwords, and posts. The attackers also managed to steal $150,000 (approximately £108,700) worth of cryptocurrency from Verified’s Bitcoin wallet.

Related Resource

Online safety: A leader's responsibilities

Sample our exclusive Business Briefing content

Online safety: A leader's responsibilities - The Business Briefing from IT ProDownload now

Crdclub’s administrator, a month later, announced the forum had sustained an attack in which their own account was compromised. The attacker was able to lure members into using a money transfer service that was supposedly vouched for by administrators, which led to an unknown amount of money being diverted away from the site.

Last week’s attack against Exploit saw a proxy server used to protect against distributed denial of service (DDoS) attacks compromised by an unknown third-party. The forum’s administrator said that a monitoring service had detected secure shell (SSH) access to the server, and had attempted to capture network traffic.

Intel 471 has said its researchers will continue to monitor widely-used cyber crime forums to assess how these incidents have affected members of the hacking community.

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
FBI shuts down web shells in hacked Exchange servers
cyber security

FBI shuts down web shells in hacked Exchange servers

14 Apr 2021
Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021
Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
UK exploring plans to launch its own digital currency
digital currency

UK exploring plans to launch its own digital currency

19 Apr 2021