Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security

Three Top Russian Cybercrime Forums Hacked (krebsonsecurity.com) 26

tsu doh nimh shares a report: Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums' user databases, including email and Internet addresses and hashed passwords. Members of all three forums are worried the incidents could serve as a virtual Rosetta Stone for connecting the real-life identities of the same users across multiple crime forums. On Tuesday, someone dumped thousands of usernames, email addresses and obfuscated passwords on the dark web apparently pilfered from Mazafaka (a.k.a. "Maza," "MFclub"), an exclusive crime forum that has for more than a decade played host to some of the most experienced and infamous Russian cyberthieves.

At the top of a 35-page PDF leaked online is a private encryption key allegedly used by Maza administrators. The database also includes ICQ numbers for many users. ICQ, also known as "I seek you," was an instant message platform trusted by countless early denizens of these older crime forums before its use fell out of fashion in favor of more private networks, such as Jabber and Telegram. This is notable because ICQ numbers tied to specific accounts often are a reliable data point that security researchers can use to connect multiple accounts to the same user across many forums and different nicknames over time. Cyber intelligence firm Intel 471 assesses that the leaked Maza database is legitimate.

This discussion has been archived. No new comments can be posted.

Three Top Russian Cybercrime Forums Hacked

Comments Filter:
  • Where is the file? It would be fun to have a lookzy...
    • I can't be sure but it seems like the kind of people who have the skillset to really understand a file like that... already know where to find it.

      • by deKernel ( 65640 )

        Shhhh, I bet if you tell him its behind the chair that he will go look.

      • Yes, but why waste the time? Humans are the easiest line in the chain, so why not just be efficient and ask, until you come off the pooper and get back to the proper PC? ;)

    • Agreed. Might be interesting to chase IP addresses down; especially if they aren't associated with TOR or another VPN. And is "Bogie" Bogachev in the list?
      • What's the point in chasing after the clueless script kiddies and junkies that stumbled on something bigger than themselves?

  • Hacking unsuspecting victims is one thing but taking down a target that knows it's going to be attacked so thoroughly has to hurt their pride a bit. If nothing else, this exposes people who really wanted to stay hidden.

    • by e3m4n ( 947977 )
      why would anyone actually present their real world information on a forum thats the equivalent to a thieves den or pirate cove? Surely its stolen identities or fake names. This just in, agents are getting closer to apprehending the notorious I. P. Freely after a security breach revealed sensitive information. However, thus far, authorities have been unable to locate 123 Sesame Street and have been searching addresses in more than 1500 counties.
      • why would anyone actually present their real world information on a forum thats the equivalent to a thieves den or pirate cove?

        Who said they would? IP addresses and email/password combos provide ways of identifying people.

        • by e3m4n ( 947977 )
          its a hacking forum, fairly sure they all connect from an onion router.
          • They might usually but even nation-state hackers slip up on occasion.

          • Only newbies use TOR thougj. 90% of the nodes are state spying agencies nowadays, so if they can ever not trace you, it's only because they are trampling on each other's feet.

            Usually, pros would have their own botnet, and use that as non-logging private onion-routed mix. (And you would not trust the zombies to not be hackes by enemies either.)

    • Uum, first of all, this is a site with nothing but hackers. What do you think, they weren't the site with the most hacking attacks in the history of the Internet? It was only a question of time.

      And it was also completely expected by everyone in there, from day one.
      So all your hacked data will be entirely useless. User names, passwords and adresses used nowhere else, and logs of connections by zombie proxies, postinf stuff that anyone of the admins and mostly all users could already see.

      The news is just for

  • by guygo ( 894298 ) on Thursday March 04, 2021 @03:32PM (#61124160)

    karma's at the door

  • We are inundated with TV shows about spies, and spy-like contractors, with whole fictional worlds where assassins live like kings on their huge assassin income.

    (Very depressing for murder-groupies to discover that actual Russian assassins live with Mom in a small apartment, that most Mexican murders go for a few hundred bucks.)

    Where the heck is our Blacklist/Blindspot/MI/Alias/Covert-Affairs show about hunting down cybercriminals?

    Granted it wouldn't be very heroic, shooting these people on the way in to the

    • Mr. Robot is a good start.
    • The third law of thermodynamics states that information will always flow from a database to a tabloid.
    • Re: (Score:3, Informative)

      by takionya ( 7833802 )
      > Where the heck is our Blacklist/Blindspot/MI/Alias/Covert-Affairs show about hunting down cybercriminals?

      Pictures of people hunched over a keyboard aren't very exciting. To make it more exciting, you would have to depict the hack being done from a moving car to a flying airplane. The pilot passing a CAT5 cable to the passenger who plugs it into her laptop and debugs the planes software :]

      Hacker Airplane Scene from Scorpion (TV-Show) [youtube.com]
  • Hey Sergei, this more where this came from. Buckle up!

  • And now the Russians retaliate?
    • You betcha.

      The US TLAs haven't been bragging about wanting to be the bestestestestest in the world for nothing.

      We alway only hear of their attacks, and almost never of ours. And vice versa. But you can bet money that there's a war out there. And just like the "cold war", it only looks cold.

      All I wonder, is if the Mossad plays Brave Little Taylor here. ;))

  • Anyone with half a brain will have used separate users/passwords/adresses/IPs for each site. Apart from probably a self-made onion routing mix of zombie proxies, for the high stakes ones.

    And given the nature of the site, that's true for everyone but the n00bs that just stumbled in.

    So this is rather meaningless in practice.

  • It must have been the Russians :]
    • by clovis ( 4684 )

      It must have been the Russians :]

      That was my first thought. All this was another group showing off their leet e-peen.

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...