Hack Forums

Last updated

Hack Forums
Hack Forums Logo.png
Type of site
Forum
Available inEnglish
URL hackforums.net
Advertising Yes
CommercialYes
RegistrationRequired
Launched2007
Current statusActive

Hack Forums (often shortened to 'HF') is an Internet forum dedicated to discussions related to hacker culture and computer security. [1] [2] The website ranks as the number one website in the "Hacking" category in terms of web-traffic by the analysis company Alexa Internet. [3] The website has been widely reported as facilitating online criminal activity, [4] [5] [6] [7] such as the case of Zachary Shames, who was arrested for selling keylogging software on Hack Forums in 2013 which was used to steal personal information. [8]

Contents

Security breaches

In June 2011, the hacktivist group LulzSec, as part of a campaign titled "50 days of lulz", breached Hack Forums and released the data they obtained. The leaked data included credentials and personal information of nearly 200,000 registered users. [9]

On 27 August 2014, Hack Forums was hacked with a defacement message by an Egyptian hacker, using the online handle "Eg-R1z". [10] [11]

On 26 July 2016, Hack Forums administrator ("Omniscient") warned its users of a security breach. [12] In an e-mail he suggested users to change their passwords and enable 2FA. [13] [ non-primary source needed ]

Alleged criminal incidents

According to a press release [8] from the U.S. Department of Justice, Zachary Shames developed a keylogger in 2013 that allowed users to steal sensitive information, including passwords and banking credentials, from a victim's computer. Shames developed the keylogger known as "Limitless Logger Pro", which was sold for $35 on Hack Forums. [14] [15] [16]

On 12 August 2013, hackers used SSH brute-force to mass target Linux systems with weak passwords. The tools used by hackers were then later posted on Hack Forums. [17]

On 15 May 2014, the FBI targeted customers of a popular Remote Administration Tool (RAT) called 'Blackshades'. [18] Blackshades RAT was malware created and sold on Hack Forums. [2]

On 14 January 2016, the developer of the MegalodonHTTP Botnet was arrested. MegalodonHTTP included a number of features as "Binary downloading and executing", "Distributed Denial of service (DDoS) attack methods", "Remote Shell", "Antivirus Disabling", "Crypto miner for Bitcoin, Litecoin, Omnicoin and Dogecoin". The malware was sold on Hack Forums. [19]

On 22 September 2016, many major websites were forced offline after being hit with “Mirai”, a malware that targeted unsecured Internet of Things (IoT) devices. [20] The source code for Mirai was published on Hack Forums as open-source. [21] In response, on 26 October 2016, Omniscient, the administrator of Hack Forums, removed the DDoS-for-Hire section from the forum permanently. [22] [23] [24]

On 21 October 2016, popular websites, including Twitter, Amazon, Netflix, were taken down by a distributed denial-of-service attack. Researchers claimed that the attack was stemmed from contributors on Hack Forums. [25]

On Monday, 26 February 2018, Agence France-Presse (AFP) reported [26] that Ukrainian authorities had collared Avalanche cybercrime organizer Gennady Kapkanov, who was allegedly living under a fake passport in Poltava, a city in central Ukraine. He marketed the Remote Administration Tool (NanoCore RAT) and another software licensing program called Net Seal exclusively on Hack Forums. [27] Earlier, in December 2016, the FBI had arrested Taylor Huddleston, the programmer who created NanoCore and announced it first on Hack Forums. [28]

On 31 August 2018, several users on Hack Forums claimed to have received an e-mail from Google informing them that the FBI demanded the release of user data linked to the LuminosityLink malware sold on Hack Forums. [29]

On 29 October 2018, Vice Media reported that Saud Al-Qahtani, advisor to Crown Prince Mohammed bin Salman of Saudi Arabia and one of the alleged masterminds behind the assassination of Jamal Khashoggi, was heavily active on Hack Forums for many years under the username Nokia2mon2, requesting assistance in hacking victims and purchasing malicious surveillance software. There were rumours among users of Hack Forums that Nokia2mon2 was connected to the government of Saudi Arabia and he was using the website as a resource to perform espionage on journalists, foreigners, and dissidents. [30]

Public reception

According to CyberScoop's Patrick Howell O'Neill, "The forum caters mostly to a young audience who are curious and occasionally malicious, but still learning... Furthermore, HackForums is the kind of internet community that can seem impenetrable, even incomprehensible, to outsiders. It has a reputation for being populated by trolls: chaos-driven children and brazen criminal activity." [2]

Cybersecurity journalist Brian Krebs described HackForums as "a forum that is overrun with teenage wannabe hackers who spend most of their time trying to impress, attack or steal from one another." [2]

Allison Nixon, Director of Security Research at Flashpoint, compared the activity on HackForums to that of real-world street gangs, stating:

You have a bunch of kids, not a lot of adults, and some people have their own predispositions, and sometimes there is not a lot of guidance to steer that in a productive direction. You see gangs end up forming. There are these online street gangs so to speak, some of them can get pretty destructive in the same way you have violent street gangs in a neighborhood. The individuals themselves may become part of such a gang in order to get a sense of community, a sense of safety, or perhaps something to do because they’re bored. It seems like there’s a lot of parallels. [2]

See also

Related Research Articles

<span class="mw-page-title-main">Denial-of-service attack</span> Type of cyber-attack

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. The range of attacks varies widely, spanning from inundating a server with millions of requests to slow its performance, overwhelming a server with a substantial amount of invalid data, to submitting requests with an illegitimate IP address.

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.

Ransomware is a type of cryptovirological malware that permanently blocks access to the victim's personal data unless a ransom is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem, and difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

Brian Krebs is an American journalist and investigative reporter. He is best known for his coverage of profit-seeking cybercriminals. Krebs is the author of a daily blog, KrebsOnSecurity.com, covering computer security and cybercrime. From 1995 to 2009, Krebs was a reporter for The Washington Post and covered tech policy, privacy and computer security as well as authoring the Security Fix blog.

Shadowserver Foundation is a nonprofit security organization that gathers and analyzes data on malicious Internet activity, sends daily network reports to subscribers, and works with law enforcement organizations around the world in cybercrime investigations. Established in 2004 as a "volunteer watchdog group," it liaises with national governments, CSIRTs, network providers, academic institutions, financial institutions, Fortune 500 companies, and end users to improve Internet security, enhance product capability, advance research, and dismantle criminal infrastructure. Shadowserver provides its data at no cost to national CSIRTs and network owners.

The Mariposa botnet, discovered December 2008, is a botnet mainly involved in cyberscamming and denial-of-service attacks. Before the botnet itself was dismantled on 23 December 2009, it consisted of up to 12 million unique IP addresses or up to 1 million individual zombie computers infected with the "Butterfly Bot", making it one of the largest known botnets.

<span class="mw-page-title-main">Gameover ZeuS</span> Peer-to-peer botnet

GameOver ZeuS (GOZ), also known as peer-to-peer (P2P) ZeuS, ZeuS3, and GoZeus, is a Trojan horse developed by Russian cybercriminal Evgeniy Bogachev. Created in 2011 as a successor to Jabber Zeus, another project of Bogachev's, the malware is notorious for its usage in bank fraud resulting in damages of approximately $100 million and being the main vehicle through which the CryptoLocker ransomware attack was conducted, resulting in millions of dollars of losses. At the peak of its activity in 2012 and 2013, between 500,000 and 1 million computers were infected with GameOver ZeuS.

Lizard Squad Hacker group

Lizard Squad was a black hat hacking group, mainly known for their claims of distributed denial-of-service (DDoS) attacks primarily to disrupt gaming-related services.

<span class="mw-page-title-main">Dark0de</span>

dark0de, also known as Darkode, is a cybercrime forum and black marketplace described by Europol as "the most prolific English-speaking cybercriminal forum to date". The site, which was launched in 2007, serves as a venue for the sale and trade of hacking services, botnets, malware, stolen personally identifiable information, credit card information, hacked server credentials, and other illicit goods and services.

<span class="mw-page-title-main">Carding (fraud)</span> Crime involving the trafficking of credit card data

Carding is a term of the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass exploitation of personal data, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.

Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them between 2010 and 2021. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

SpyEye is a malware program that attacks users running Google Chrome, Safari, Opera, Firefox and Internet Explorer on Microsoft Windows operating systems. This malware uses keystroke logging and form grabbing to steal user credentials for malicious use. SpyEye allows hackers to steal money from online bank accounts and initiate transactions even while valid users are logged into their bank account

Mirai is malware that turns networked devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as IP cameras and home routers. The Mirai botnet was first found in August 2016 by MalwareMustDie, a white hat malware research group, and has been used in some of the largest and most disruptive distributed denial of service (DDoS) attacks, including an attack on 20 September 2016 on computer security journalist Brian Krebs' website, an attack on French web host OVH, and the October 2016 Dyn cyberattack. According to a chat log between Anna-senpai and Robert Coelho, Mirai was named after the 2011 TV anime series Mirai Nikki.

<span class="mw-page-title-main">DDoS attacks on Dyn</span> 2016 cyberattack in Europe and North America

On October 21, 2016, three consecutive distributed denial-of-service attacks were launched against the Domain Name System (DNS) provider Dyn. The attack caused major Internet platforms and services to be unavailable to large swathes of users in Europe and North America. The groups Anonymous and New World Hackers claimed responsibility for the attack, but scant evidence was provided.

<span class="mw-page-title-main">MalwareMustDie</span> Whitehat security research workgroup

MalwareMustDie, NPO is a whitehat security research workgroup that was launched in August 2012. MalwareMustDie is a registered nonprofit organization as a medium for IT professionals and security researchers gathered to form a work flow to reduce malware infection in the internet. The group is known for their malware analysis blog. They have a list of Linux malware research and botnet analysis that they have completed. The team communicates information about malware in general and advocates for better detection for Linux malware.

Marcus Hutchins, also known online as MalwareTech, is a British computer security researcher known for stopping the WannaCry ransomware attack. He is employed by cybersecurity firm Kryptos Logic. Hutchins is from Ilfracombe in Devon.

Government hacking permits the exploitation of vulnerabilities in electronic products, especially software, to gain remote access to information of interest. This information allows government investigators to monitor user activity and interfere with device operation. Government attacks on security may include malware and encryption backdoors. The National Security Agency's PRISM program and Ethiopia's use of FinSpy are notable examples.

On November 13, 2021, a hacker compromised the FBI's external email system, sending thousands of messages warning of a cyberattack by cybersecurity CEO Vinny Troia who was falsely suggested to have been identified as part of The Dark Overlord hacking group by the United States Department of Homeland Security.

References

  1. "'Bustling' web attack market shut down". BBC News. 3 November 2016. Archived from the original on 18 July 2018. Retrieved 3 June 2018.
  2. 1 2 3 4 5 Patrick Howell O'Neill (31 October 2016). "Inside HackForums' rebellious cybercrime empire". Cyberscoop. Archived from the original on 6 July 2018. Retrieved 2 June 2018.
  3. "Alexa - Top Sites by Category: Top/Computers/Hacking". www.alexa.com. Archived from the original on 5 August 2019. Retrieved 5 August 2019.
  4. "'LuminosityLink RAT' Author Pleads Guilty — Krebs on Security". 16 July 2018. Retrieved 30 May 2020.
  5. "Bug Bounty Hunter Ran ISP Doxing Service — Krebs on Security". 9 November 2018. Retrieved 30 May 2020.
  6. "The Rise of "Bulletproof" Residential Networks — Krebs on Security". 19 August 2019. Retrieved 30 May 2020.
  7. "DDoS-for-Hire Boss Gets 13 Months Jail Time — Krebs on Security". 20 November 2019. Retrieved 30 May 2020.
  8. 1 2 "College Student Pleads Guilty To Developing Malicious Software". www.justice.gov (Press release). 13 January 2017. Archived from the original on 7 July 2018. Retrieved 2 June 2018.
  9. "Have I Been Pwned: Pwned websites". haveibeenpwned.com. Archived from the original on 3 October 2015. Retrieved 11 July 2018.
  10. Wei, Wang. "Popular Hackforums Website Defaced by Egyptian Hacker". The Hacker News. Archived from the original on 13 July 2018. Retrieved 2 June 2018.
  11. Gurung, Vivek. "HackForums.net hacked and deface by Egyptian hacker". Cyber Kendra - Hacking News and Tech Updates. Archived from the original on 13 July 2018. Retrieved 13 July 2018.
  12. Murdock, Jason (4 May 2016). "HackForums may have just been hacked". International Business Times UK. Archived from the original on 12 July 2018. Retrieved 3 June 2018.
  13. "Troy Hunt on Twitter". Twitter. Retrieved 3 June 2018.
  14. Khandelwal, Swati. "Student Faces 10 Years In Prison For Creating And Selling Limitless Keylogger". The Hacker News. Archived from the original on 7 July 2018. Retrieved 2 June 2018.
  15. "Student Hacker Faces 10 Years in Prison For Spyware That Hit 16,000 Computers". Motherboard. 13 January 2017. Archived from the original on 7 July 2018. Retrieved 3 June 2018.
  16. Franceschi-Bicchierai, Lorenzo (13 January 2017). "Student Hacker Faces 10 Years in Prison For Spyware That Hit 16,000 Computers". Vice. Archived from the original on 14 August 2019. Retrieved 14 August 2019.
  17. "PSA: Improperly Secured Linux Servers Targeted with Chaos Backdoor". BleepingComputer. Archived from the original on 23 February 2018. Retrieved 21 July 2018.
  18. Finkle, Jim. "FBI plans cyber crime crackdown, arrests coming in weeks". U.S. Archived from the original on 13 July 2018. Retrieved 2 June 2018.
  19. Khandelwal, Swati. "Creator of MegalodonHTTP DDoS Botnet Arrested". The Hacker News. Archived from the original on 7 July 2018. Retrieved 2 June 2018.
  20. "Who is Anna-Senpai, the Mirai Worm Author? — Krebs on Security". krebsonsecurity.com. Archived from the original on 22 January 2017. Retrieved 2 June 2018.
  21. "How an army of vulnerable gadgets took down the web today". The Verge . Archived from the original on 16 November 2016. Retrieved 2 June 2018.
  22. Cimpanu, Catalin. "The Internet's Biggest Hacking Forum Removes Its DDoS-for-Hire Section". Softpedia . Archived from the original on 7 July 2018. Retrieved 3 June 2018.
  23. Kan, Michael. "Hacking forum cuts section allegedly linked to DDoS attacks". Computerworld . Archived from the original on 7 July 2018. Retrieved 26 June 2018.
  24. Waqas (29 October 2016). "HackForums delete "Server Stress Testing" amidst links with Dyn DDoS Attack". HackRead. Archived from the original on 13 July 2018. Retrieved 13 July 2018.
  25. "Internet Experts Issue Dire Warning to Government about the Internet of Things". The Daily Dot . 16 November 2016. Archived from the original on 13 July 2018. Retrieved 3 June 2018.
  26. "Ukraine arrests 'Avalanche' cybercrime organiser: police". Archived from the original on 7 July 2018. Retrieved 2 June 2018.
  27. "Bot Roundup: Avalanche, Kronos, NanoCore — Krebs on Security". krebsonsecurity.com. 27 February 2018. Archived from the original on 8 June 2018. Retrieved 2 June 2018.
  28. Poulsen, Kevin (31 March 2017). "FBI Arrests Hacker Who Hacked No One". The Daily Beast . Archived from the original on 31 May 2017. Retrieved 26 June 2018.
  29. "Google Notifies People Targeted by Secret FBI Investigation". Motherboard. 4 September 2018. Archived from the original on 22 September 2018. Retrieved 22 September 2018.
  30. "How 'Mr. Hashtag' Helped Saudi Arabia Spy on Dissidents". Motherboard. 29 October 2018.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.