Dark Web Forums: Cyberattack Compromises Renowned Cybercrime Platforms


A series of cyberattacks have almost crippled four of the widely used hacking-based dark web forums. The unknown attackers had successfully seized the personal data of the forum members and siphoned away cash.

In the past couple of weeks, the attackers had stolen user databases from these dark web forums. The databases contained hashed passwords and email addresses, as stated by the security researcher Brian Krebs. The incidents have pushed the members of these sites into utter worriedness about their real-world identities getting leaked. 

The latest hack had affected an invite-only cybercriminal forum named Maza. The cyberattack had taken place this week, where the security firm Intel 471 disclosed that its users had been redirected to a page displaying a data breach notification after they signed in. Apart from this, a 35-page PDF file had been published that allegedly contained a portion of the forum’s user data. The user data bore over 3,000 rows of email addresses, various contact details, partially obfuscated password hashes and usernames.

The Maza hack took its route of the attacks against Verified forum in January, Crdclub forum in February and Exploit forum the previous week. All of these are renowned dark web forums. Additionally, a fifth attack had been conducted on a well-known dark web marketplace, Hydra. The Hydra darknet market is famous for the illegal drugs trade and various other criminal activities, mentions Russian media reports.

“The incidents show that even perpetrators of cybercrime aren’t immune from experiencing the fallout that comes with personally identifiable information being made public,” Intel 471 said in a blog post.

“Various cybercrime forums are alive with chatter following the breaches, with nefarious actors wondering if their real-world identities will be discovered thanks to the leaked data.”

Some members of the forum had contemplated that these are the efforts of government agencies. However, Intel 471 had cast doubt on the theory due to these cyber attacks’ public nature. Krebs had also reported that the members across these dark web forums had put forward their questions about whether the broader strategy is to grow distrust across the community. This has now enabled cybercriminals to fix a decision on which forum on the dark web will be compromised next.

Furthermore, the security company added that while the criminals have not identified themselves, indirectly, they had provided the researchers with an advantage. All the information unearthed from the data breaches will help fight against cybercrime due to the additional visibility it offers to the security teams tracking the forum members, Intel 471 mentions.

After the Verified forum’s initial attack, the hackers then had claimed on another site, namely Raid Forums, who had acquired Verified’s complete database bearing the registered users and associated information like private messages, posts, and hashed passwords. The hackers had also managed to steal 150,000 (approximately £108,700) worthy cryptocurrency from Verified’s Bitcoin (BTC) wallet.

A month later, Crdclub’s administrator had announced that the forum had sustained a cyberattack where their own account had been compromised. The attacker had successfully lured the members into utilizing a money transfer service supposedly vouched for by the administrators leading to an unknown amount of money being diverted away from the website.

Last week, the attack against Exploit had noticed a proxy server that had been used to protect against the distributed denial of service (DDoS) attacks, compromised by an anonymous third-party. The deep web forum’s administrator mentioned that a monitoring service could detect secure shell (SSH) access to the server and capture network traffic.

Intel 471 stated that its researchers would keep on monitoring the widely used cybercrime forums for accessing how these incidents have affected the hacking community members.

Source: IT Pro

Disclaimer: Read the complete disclaimer here.



Please enter your comment!
Please enter your name here