Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hacked Cybercrime Forum Exposes Nearly 20,000 “Bad Actors”

Hackers Expose Member Data From Popular Eastern European Cybercrime Forum

Hackers Expose Member Data From Popular Eastern European Cybercrime Forum

Cyber-criminals targeted an online community and stole member information and login credentials from the site’s forum database late Tuesday. What sets this attack apart from similar data breaches is the fact that the victims were part of a community of Eastern European cyber-criminals.

Schadenfreude, indeed.

“Verified” happens to be one of the largest online communities for Eastern European cyber-criminals, according to security firm IntelCrawler, who disclosed details of the incident to SecurityWeek. Many of the topics posted on the forums had something to do with committing online banking fraud against financial institutions in the U.S., Australia, and the United Kingdom.

The attack against Verified seems to be the work of a group of administrators from a rival cyber-crime forum.

Verified Hacked

This incident shows the cyber-crime community is just as vulnerable to attack as legitimate businesses and ordinary Internet users, IntelCrawler researchers said. There is still a good lesson to be learned here about managing vulnerabilities in software.

How The Attack Worked

The attackers exploited a PHP vulnerability (CVE-2007-2087) in CNStats STD 4.3, a Web-based application used by site administrators to monitor traffic and other statistics. The breach exposed all the attachments that had been uploaded to the forum since 2011, and the attackers also downloaded the MySQL database containing user information and login credentials for the forums.

Advertisement. Scroll to continue reading.

Verified Cybercrime Forum Hacked

The stolen database, all 80.92 MB, has since been uploaded to Sendspace, exposing the information for more than 18,894 “bad actors,” IntelCrawler said. Verified was created back in 2005, and its membership roster included the likes of “SEVERA,” a famous spammer who worked with Alan Ralsky, the “Spam King” who pled guilty to spam and fraud in 2009.

Law enforcement types would be able to use the profile information as a form of “deep e-crime intelligence” and make some arrests, the researchers speculated.

According IntelCrawler, the community became popular for trading of new exploit kits, and was even used by recently arrested “Paunch”, the alleged author of the Blackhole exploit kit.

Unpatched Software A Risk Every data breach is a learning opportunity, and this incident is no difference, highlighting patching and software vulnerability management. The bug was originally discovered back in 2007 in CNStats 2.12 software. Based on the description posted by vulnerability management company Secunia, the issue remains unpatched,2 major versions and almost seven years later.

Secunia rated this vulnerability “highly critical” because, if exploited successfully, could give remote attackers the ability to execute arbitrary PHP codes remotely. The vulnerability is such that the attacker won’t even need authentication to succeed in gaining system access.

People using CNStats should apply workarounds since there is no patch available for this particular flaw. Secunia noted that in order for the attack on this flaw to succeed, the “register_globals” value in PHP configuration has to be enabled and that the support for “.htaccess” files is disabled. Users using CNStats should turn register_globals off. In fact, it should be turned off by default at all times.

It’s important to keep on top of these vulnerability reports, and installing fixes when necessary. If there is no patch available, one option is to stop using the software and switch to another, preferably one with less critical vulnerabilities. Application developers have to be shown that customers won’t tolerate insecure software.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.