Type of site | Forum |
---|---|
Available in | English |
URL | hackforums |
Advertising | Yes |
Commercial | Yes |
Registration | Required |
Launched | 2007 |
Current status | Active |
Hack Forums (often shortened to 'HF') is an Internet forum dedicated to discussions related to hacker culture and computer security. [1] [2] The website ranks as the number one website in the "Hacking" category in terms of web-traffic by the analysis company Alexa Internet. [3] The website has been widely reported as facilitating online criminal activity, [4] [5] [6] [7] such as the case of Zachary Shames, who was arrested for selling keylogging software on Hack Forums in 2013 which was used to steal personal information. [8]
In June 2011, the hacktivist group LulzSec, as part of a campaign titled "50 days of lulz", breached Hack Forums and released the data they obtained. The leaked data included credentials and personal information of nearly 200,000 registered users. [9]
On 27 August 2014, Hack Forums was hacked with a defacement message by an Egyptian hacker, using the online handle "Eg-R1z". [10] [11]
On 26 July 2016, Hack Forums administrator ("Omniscient") warned its users of a security breach. [12] In an e-mail he suggested users to change their passwords and enable 2FA. [13] [ non-primary source needed ]
According to a press release [8] from the U.S. Department of Justice, Zachary Shames developed a keylogger in 2013 that allowed users to steal sensitive information, including passwords and banking credentials, from a victim's computer. Shames developed the keylogger known as "Limitless Logger Pro", which was sold for $35 on Hack Forums. [14] [15] [16]
On 12 August 2013, hackers used SSH brute-force to mass target Linux systems with weak passwords. The tools used by hackers were then later posted on Hack Forums. [17]
On 15 May 2014, the FBI targeted customers of a popular Remote Administration Tool (RAT) called 'Blackshades'. [18] Blackshades RAT was malware created and sold on Hack Forums. [2]
On 14 January 2016, the developer of the MegalodonHTTP Botnet was arrested. MegalodonHTTP included a number of features as "Binary downloading and executing", "Distributed Denial of service (DDoS) attack methods", "Remote Shell", "Antivirus Disabling", "Crypto miner for Bitcoin, Litecoin, Omnicoin and Dogecoin". The malware was sold on Hack Forums. [19]
On 22 September 2016, many major websites were forced offline after being hit with “Mirai”, a malware that targeted unsecured Internet of Things (IoT) devices. [20] The source code for Mirai was published on Hack Forums as open-source. [21] In response, on 26 October 2016, Omniscient, the administrator of Hack Forums, removed the DDoS-for-Hire section from the forum permanently. [22] [23] [24]
On 21 October 2016, popular websites, including Twitter, Amazon, Netflix, were taken down by a distributed denial-of-service attack. Researchers claimed that the attack was stemmed from contributors on Hack Forums. [25]
On Monday, 26 February 2018, Agence France-Presse (AFP) reported [26] that Ukrainian authorities had collared Avalanche cybercrime organizer Gennady Kapkanov, who was allegedly living under a fake passport in Poltava, a city in central Ukraine. He marketed the Remote Administration Tool (NanoCore RAT) and another software licensing program called Net Seal exclusively on Hack Forums. [27] Earlier, in December 2016, the FBI had arrested Taylor Huddleston, the programmer who created NanoCore and announced it first on Hack Forums. [28]
On 31 August 2018, several users on Hack Forums claimed to have received an e-mail from Google informing them that the FBI demanded the release of user data linked to the LuminosityLink malware sold on Hack Forums. [29]
On 29 October 2018, Vice Media reported that Saud Al-Qahtani, advisor to Crown Prince Mohammed bin Salman of Saudi Arabia and one of the alleged masterminds behind the assassination of Jamal Khashoggi, was heavily active on Hack Forums for many years under the username Nokia2mon2, requesting assistance in hacking victims and purchasing malicious surveillance software. There were rumours among users of Hack Forums that Nokia2mon2 was connected to the government of Saudi Arabia and he was using the website as a resource to perform espionage on journalists, foreigners, and dissidents. [30]
According to CyberScoop's Patrick Howell O'Neill, "The forum caters mostly to a young audience who are curious and occasionally malicious, but still learning... Furthermore, HackForums is the kind of internet community that can seem impenetrable, even incomprehensible, to outsiders. It has a reputation for being populated by trolls: chaos-driven children and brazen criminal activity." [2]
Cybersecurity journalist Brian Krebs described HackForums as "a forum that is overrun with teenage wannabe hackers who spend most of their time trying to impress, attack or steal from one another." [2]
Allison Nixon, Director of Security Research at Flashpoint, compared the activity on HackForums to that of real-world street gangs, stating:
You have a bunch of kids, not a lot of adults, and some people have their own predispositions, and sometimes there is not a lot of guidance to steer that in a productive direction. You see gangs end up forming. There are these online street gangs so to speak, some of them can get pretty destructive in the same way you have violent street gangs in a neighborhood. The individuals themselves may become part of such a gang in order to get a sense of community, a sense of safety, or perhaps something to do because they’re bored. It seems like there’s a lot of parallels. [2]
In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. The range of attacks varies widely, spanning from inundating a server with millions of requests to slow its performance, overwhelming a server with a substantial amount of invalid data, to submitting requests with an illegitimate IP address.
Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.
Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.
A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform distributed denial-of-service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.
Ransomware is a type of malware that permanently blocks access to the victim's personal data unless a "ransom" is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem, and difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.
Brian Krebs is an American journalist and investigative reporter. He is best known for his coverage of profit-seeking cybercriminals. Krebs is the author of a daily blog, KrebsOnSecurity.com, covering computer security and cybercrime. From 1995 to 2009, Krebs was a reporter for The Washington Post and covered tech policy, privacy and computer security as well as authoring the Security Fix blog.
Shadowserver Foundation is a nonprofit security organization that gathers and analyzes data on malicious Internet activity, sends daily network reports to subscribers, and works with law enforcement organizations around the world in cybercrime investigations. Established in 2004 as a "volunteer watchdog group," it liaises with national governments, CSIRTs, network providers, academic institutions, financial institutions, Fortune 500 companies, and end users to improve Internet security, enhance product capability, advance research, and dismantle criminal infrastructure. Shadowserver provides its data at no cost to national CSIRTs and network owners.
The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.
The Mariposa botnet, discovered December 2008, is a botnet mainly involved in cyberscamming and denial-of-service attacks. Before the botnet itself was dismantled on 23 December 2009, it consisted of up to 12 million unique IP addresses or up to 1 million individual zombie computers infected with the "Butterfly Bot", making it one of the largest known botnets.
GameOver ZeuS (GOZ), also known as peer-to-peer (P2P) ZeuS, ZeuS3, and GoZeus, is a Trojan horse developed by Russian cybercriminal Evgeniy Bogachev. Created in 2011 as a successor to Jabber Zeus, another project of Bogachev's, the malware is notorious for its usage in bank fraud resulting in damages of approximately $100 million and being the main vehicle through which the CryptoLocker ransomware attack was conducted, resulting in millions of dollars of losses. At the peak of its activity in 2012 and 2013, between 500,000 and 1 million computers were infected with GameOver ZeuS.
Lizard Squad was a black hat hacking group, mainly known for their claims of distributed denial-of-service (DDoS) attacks primarily to disrupt gaming-related services.
dark0de, also known as Darkode, is a cybercrime forum and black marketplace described by Europol as "the most prolific English-speaking cybercriminal forum to date". The site, which was launched in 2007, serves as a venue for the sale and trade of hacking services, botnets, malware, stolen personally identifiable information, credit card information, hacked server credentials, and other illicit goods and services.
Carding is a term of the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass exploitation of personal data, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.
SpyEye is a malware program that attacks users running Google Chrome, Safari, Opera, Firefox and Internet Explorer on Microsoft Windows operating systems. This malware uses keystroke logging and form grabbing to steal user credentials for malicious use. SpyEye allows hackers to steal money from online bank accounts and initiate transactions even while valid users are logged into their bank account
Mirai is malware that turns networked devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as IP cameras and home routers. The Mirai botnet was first found in August 2016 by MalwareMustDie, a white hat malware research group, and has been used in some of the largest and most disruptive distributed denial of service (DDoS) attacks, including an attack on 20 September 2016 on computer security journalist Brian Krebs' website, an attack on French web host OVH, and the October 2016 DDoS attacks on Dyn. According to a chat log between Anna-senpai and Robert Coelho, Mirai was named after the 2011 TV anime series Mirai Nikki.
On October 21, 2016, three consecutive distributed denial-of-service attacks were launched against the Domain Name System (DNS) provider Dyn. The attack caused major Internet platforms and services to be unavailable to large swathes of users in Europe and North America. The groups Anonymous and New World Hackers claimed responsibility for the attack, but scant evidence was provided.
MalwareMustDie, NPO is a whitehat security research workgroup that was launched in August 2012. MalwareMustDie is a registered nonprofit organization as a medium for IT professionals and security researchers gathered to form a work flow to reduce malware infection in the internet. The group is known for their malware analysis blog. They have a list of Linux malware research and botnet analysis that they have completed. The team communicates information about malware in general and advocates for better detection for Linux malware.
Marcus Hutchins, also known online as MalwareTech, is a British computer security researcher known for stopping the WannaCry ransomware attack. He is employed by cybersecurity firm Kryptos Logic. Hutchins is from Ilfracombe in Devon.
Government hacking permits the exploitation of vulnerabilities in electronic products, especially software, to gain remote access to information of interest. This information allows government investigators to monitor user activity and interfere with device operation. Government attacks on security may include malware and encryption backdoors. The National Security Agency's PRISM program and Ethiopia's use of FinSpy are notable examples.
On November 13, 2021, a hacker named Conor Brian Fitzpatrick, going by his alias "Pompompurin", compromised the FBI's external email system, sending thousands of messages warning of a cyberattack by cybersecurity CEO Vinny Troia who was falsely suggested to have been identified as part of The Dark Overlord hacking group by the United States Department of Homeland Security.