OGUsers

Last updated

OGUsers
Oguserslogo.png
OGUsers logo
Type of site
 Internet forum
Available inEnglish
Founder(s) "Ace" [1]
Advertising Yes
CommercialYes
RegistrationOptional (required to participate)
LaunchedApril 2017; 7 years ago [2]

OGUsers (OGU) [3] is an Internet forum that facilitates the discussion and buying of social media accounts and online usernames. [4] [5] Established in 2017, the website is dedicated to the buying and selling of "rare" or "OG" online accounts that are considered valuable due to their name or age. [6] The website acts as a platform for cybercrime and the harassment of individuals for access to their online accounts. [7] [8] [9] [10] [11] Several high-profile incidents have been linked to the forum, most notably the 2020 Twitter account hijacking. [12]

Contents

Incidents

The site has been linked to various SIM swap scams, where discussion took place on identity theft methods to change login information for online accounts. [13] [14]

Graham Ivan Clark, regarded as the "mastermind" behind the 2020 Twitter account hijacking, was a former member of the forum. [15] Two participants, Mason Sheppard and Nima Fazeli, acted as brokers in selling of Twitter handles on the website. [16]

In 2020, a man from Tennessee died from a heart attack from a swatting. An individual in the United Kingdom was attempting to coerce the man for an online username by utilizing tactics of the site, with him later being sentenced to five years in prison. [17] [18]

Security breaches

The website was hacked in May 2019, with the administrator of RaidForums uploading the database of the website for anyone to access. [19] In December 2020, the website was hacked again with user data being stolen. [20]

Reception

Brian Krebs, an American journalist and investigative reporter known for the coverage of cybercriminals, has described the forum as a place "overrun with shady characters who are there mainly to rip off other members." [11] In his report, he described how Facebook, Instagram, TikTok, and Twitter have taken steps to crack down on users of the forum involved in the trafficking of hijacked accounts. [21] Facebook told Krebs that the forum uses various tactics, such as harassment, intimidation, hacking, coercion, extortion, sextortion, SIM swapping, and swatting. [11]

See also

Related Research Articles

Domain hijacking or domain theft is the act of changing the registration of a domain name without the permission of its original registrant, or by abuse of privileges on domain hosting and registrar software systems.

<span class="mw-page-title-main">Yahoo Mail</span> American email service

Yahoo! Mail is an email service offered by the American company Yahoo, Inc. The service is free for personal use, with an optional monthly fee for additional features. Business email was previously available with the Yahoo! Small Business brand, before it transitioned to Verizon Small Business Essentials in early 2022. Launched on October 8, 1997, as of January 2020, Yahoo! Mail has 225 million users.

Brian Krebs is an American journalist and investigative reporter. He is best known for his coverage of profit-seeking cybercriminals. Krebs is the author of a daily blog, KrebsOnSecurity.com, covering computer security and cybercrime. From 1995 to 2009, Krebs was a reporter for The Washington Post and covered tech policy, privacy and computer security as well as authoring the Security Fix blog.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

<span class="mw-page-title-main">Instagram</span> Social media platform owned by Meta Platforms

Instagram is an American photo and video sharing social networking service owned by Meta Platforms. It allows users to upload media that can be edited with filters, be organized by hashtags, and be associated with a location via geographical tagging. Posts can be shared publicly or with preapproved followers. Users can browse other users' content by tags and locations, view trending content, like photos, and follow other users to add their content to a personal feed. A Meta-operated image-centric social media platform, it is available on iOS, Android, Windows 10, and the web. Users can take photos and edit them using built-in filters and other tools, then share them on other social media platforms like Facebook. It supports 32 languages including English, Hindi, Spanish, French, Korean, and Japanese.

Shadow banning, also called stealth banning, hellbanning, ghost banning, and comment ghosting, is the practice of blocking or partially blocking a user or the user's content from some areas of an online community in such a way that the ban is not readily apparent to the user, regardless of whether the action is taken by an individual or an algorithm. For example, shadow-banned comments posted to a blog or media website would be visible to the sender, but not to other users accessing the site.

Lizard Squad Hacker group

Lizard Squad was a black hat hacking group, mainly known for their claims of distributed denial-of-service (DDoS) attacks primarily to disrupt gaming-related services.

<span class="mw-page-title-main">Dark0de</span> Online black marketplace and cybercrime forum

dark0de, also known as Darkode, is a cybercrime forum and black marketplace described by Europol as "the most prolific English-speaking cybercriminal forum to date". The site, which was launched in 2007, serves as a venue for the sale and trade of hacking services, botnets, malware, stolen personally identifiable information, credit card information, hacked server credentials, and other illicit goods and services.

<span class="mw-page-title-main">Carding (fraud)</span> Crime involving the trafficking of credit card data

Carding is a term of the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass exploitation of personal data, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.

<span class="mw-page-title-main">OurMine</span> Hacker group

OurMine is a hacker group that is known for hacking popular accounts and websites, such as Jack Dorsey and Mark Zuckerberg's Twitter accounts. The group often causes cybervandalism to advertise their commercial services, which is among the reasons why they are not widely considered to be a "white hat" group.

<span class="mw-page-title-main">TikTok</span> Video-focused social media platform

TikTok, whose mainland Chinese and Hong Kong counterpart is Douyin, is a short-form video hosting service owned by Chinese internet company ByteDance. It hosts user-submitted videos, which can range in duration from three seconds to 60 minutes. It can be accessed with a smart phone app.

A SIM swap scam is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification in which the second factor or step is a text message (SMS) or call placed to a mobile telephone.

<span class="mw-page-title-main">2020 Twitter account hijacking</span> July 2020 compromise of multiple Twitter accounts to post scam tweets

On July 15, 2020, between 20:00 and 22:00 UTC, 130 high-profile Twitter accounts were reportedly compromised by outside parties to promote a bitcoin scam. Twitter and other media sources confirmed that the perpetrators had gained access to Twitter's administrative tools so that they could alter the accounts themselves and post the tweets directly. They appeared to have used social engineering to gain access to the tools via Twitter employees. Three individuals were arrested by authorities on July 31, 2020, and charged with wire fraud, money laundering, identity theft, and unauthorized computer access related to the scam.

<span class="mw-page-title-main">Censorship of TikTok</span> Restriction of access to TikTok by governments and organizations

Many countries have imposed past or ongoing restrictions on the video sharing social network TikTok. Bans from government devices usually stem from national security concerns over potential access of data by the Chinese government. Other bans have cited children's well-being and offensive content such as pornography.

<span class="mw-page-title-main">Graham Ivan Clark</span> American hacker and cybercriminal (born 2003)

Graham Ivan Clark is an American computer hacker, cybercriminal and a convicted felon regarded as the mastermind behind the 2020 Twitter account hijacking.

Lapsus$, stylised as LAPSUS$ and classified by Microsoft as Strawberry Tempest, is an international extortion-focused hacker group known for its various cyberattacks against companies and government agencies. The group was active in several countries, and has had its members arrested in Brazil and the UK in 2022. According to City of London Police at least two of the members were teenagers.

Antisemitism on social media can manifest in various forms such as emojis, GIFs, memes, comments, and reactions to content. Studies have categorized antisemitic discourse into different types: hate speech, calls for violence, dehumanization, conspiracy theories and Holocaust denial.

Namespace security is a digital security discipline that refers to the practices and technologies employed to protect the names and identifiers within a digital namespace from unauthorized access, manipulation, or misuse. It involves ensuring the integrity and security of domain names and other digital identifiers within networked environments, such as the Internet's Domain Name System (DNS), software development namespaces and containerization platforms. Effective namespace security is crucial for maintaining the reliability and trustworthiness of brands and their digital services and for preventing cyber threats including impersonation, domain name hijacking or spoofing of digital identifiers like domain names and social media handles.

References

  1. "Admin of Forum Where Users Trade Stolen Instagrams: Hacking Is 'Not Our Problem'". www.vice.com. Archived from the original on 25 February 2023. Retrieved 25 February 2023.
  2. Ramasubramanian, Sowmya (22 February 2021). "Instagram accounts take downs and the role of 'OGUsers' explained". The Hindu. ISSN   0971-751X. Archived from the original on 25 February 2023. Retrieved 25 February 2023.
  3. "Hackers' forum hacked, OGUsers database dumped (again)". Naked Security. 6 April 2020. Archived from the original on 9 August 2022. Retrieved 10 March 2023.
  4. Pastrana, Sergio; Hutchings, Alice; Thomas, Daniel; Tapiador, Juan (21 October 2019). "Measuring eWhoring" (PDF). University of Cambridge. Archived (PDF) from the original on 25 February 2023. Retrieved 24 February 2023.
  5. Newman, Lily Hay. "A Coordinated Takedown Targets 'OGUser' Account Thieves". Wired. ISSN   1059-1028. Archived from the original on 25 February 2023. Retrieved 25 February 2023.
  6. Serapiglia, Anthony (2019). "Cybersecurity and Cryptocurrencies: Introducing ecosystem vulnerabilities through current events" (PDF). Interagency Security Classification Appeals Panel. Archived (PDF) from the original on 25 February 2023. Retrieved 24 February 2023.
  7. "OGUsers hacker forum hacked for 4th time; database leaked". 29 April 2021. Archived from the original on 25 February 2023. Retrieved 25 February 2023.
  8. "The Hackers Who Can Hijack Your SIM Card Using Only Your Phone Number". www.vice.com. Archived from the original on 25 February 2023. Retrieved 25 February 2023.
  9. "Harassing texts. Unwanted deliveries. Fake bomb threats that bring police to the door. Inside the tactics cybercriminals use to get social media users to surrender their accounts". www.cbsnews.com. Archived from the original on 25 February 2023. Retrieved 25 February 2023.
  10. Lorenz, Taylor (4 February 2021). "Instagram Bans Hundreds of Accounts With Stolen User Names". The New York Times. ISSN   0362-4331. Archived from the original on 25 February 2023. Retrieved 25 February 2023.
  11. 1 2 3 "Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts – Krebs on Security". KrebsonSecurity. 4 February 2021. Archived from the original on 25 February 2023. Retrieved 24 February 2023.
  12. Ghosh, Isobel Asher Hamilton, Shona. "A hacker forum obsessed with super-short 'OG' handles was selling Twitter account access for $3,000 days before the giant hack". Business Insider. Archived from the original on 25 February 2023. Retrieved 25 February 2023.{{cite web}}: CS1 maint: multiple names: authors list (link)
  13. Morris, Alex (8 July 2022). "How 'Baby Al Capone' Pulled Off a $24 Million Crypto Heist". Rolling Stone. Archived from the original on 25 February 2023. Retrieved 25 February 2023.
  14. Hicks, Jasmine (20 October 2021). "Two SIM swappers phished a phone company so they could steal $16K in crypto". The Verge. Archived from the original on 25 February 2023. Retrieved 25 February 2023.
  15. Goodin, Dan (17 March 2021). "I was a teenage Twitter hacker. Graham Ivan Clark gets 3-year sentence". Ars Technica. Archived from the original on 25 February 2023. Retrieved 25 February 2023.
  16. "How the FBI tracked down the Twitter hackers". ZDNET. Archived from the original on 25 February 2023. Retrieved 25 February 2023.
  17. Price, Rob. "'I want your Instagram account': First came the threatening texts, followed by the SWAT teams. Then someone wound up dead". Business Insider. Archived from the original on 2 March 2023. Retrieved 2 March 2023.
  18. Cramer, Maria (24 July 2021). "A Grandfather Died in 'Swatting' Over His Twitter Handle, Officials Say". The New York Times. ISSN   0362-4331. Archived from the original on 2 March 2023. Retrieved 2 March 2023.
  19. "Account Hijacking Forum OGusers Hacked – Krebs on Security". Archived from the original on 25 February 2023. Retrieved 25 February 2023.
  20. "Stolen credentials forum OGUsers hacked again with user data stolen". SiliconANGLE. 2 December 2020. Archived from the original on 25 February 2023. Retrieved 25 February 2023.
  21. "Facebook, Instagram, TikTok and Twitter crack down on 'OGUsers' theft ring". CNET. Archived from the original on 25 February 2023. Retrieved 25 February 2023.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.