Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hacked Cybercrime Forum Exposes Nearly 20,000 “Bad Actors”

Hackers Expose Member Data From Popular Eastern European Cybercrime Forum

Hackers Expose Member Data From Popular Eastern European Cybercrime Forum

Cyber-criminals targeted an online community and stole member information and login credentials from the site’s forum database late Tuesday. What sets this attack apart from similar data breaches is the fact that the victims were part of a community of Eastern European cyber-criminals.

Schadenfreude, indeed.

“Verified” happens to be one of the largest online communities for Eastern European cyber-criminals, according to security firm IntelCrawler, who disclosed details of the incident to SecurityWeek. Many of the topics posted on the forums had something to do with committing online banking fraud against financial institutions in the U.S., Australia, and the United Kingdom.

The attack against Verified seems to be the work of a group of administrators from a rival cyber-crime forum.

Verified Hacked

This incident shows the cyber-crime community is just as vulnerable to attack as legitimate businesses and ordinary Internet users, IntelCrawler researchers said. There is still a good lesson to be learned here about managing vulnerabilities in software.

How The Attack Worked

The attackers exploited a PHP vulnerability (CVE-2007-2087) in CNStats STD 4.3, a Web-based application used by site administrators to monitor traffic and other statistics. The breach exposed all the attachments that had been uploaded to the forum since 2011, and the attackers also downloaded the MySQL database containing user information and login credentials for the forums.

Advertisement. Scroll to continue reading.

Verified Cybercrime Forum Hacked

The stolen database, all 80.92 MB, has since been uploaded to Sendspace, exposing the information for more than 18,894 “bad actors,” IntelCrawler said. Verified was created back in 2005, and its membership roster included the likes of “SEVERA,” a famous spammer who worked with Alan Ralsky, the “Spam King” who pled guilty to spam and fraud in 2009.

Law enforcement types would be able to use the profile information as a form of “deep e-crime intelligence” and make some arrests, the researchers speculated.

According IntelCrawler, the community became popular for trading of new exploit kits, and was even used by recently arrested “Paunch”, the alleged author of the Blackhole exploit kit.

Unpatched Software A Risk Every data breach is a learning opportunity, and this incident is no difference, highlighting patching and software vulnerability management. The bug was originally discovered back in 2007 in CNStats 2.12 software. Based on the description posted by vulnerability management company Secunia, the issue remains unpatched,2 major versions and almost seven years later.

Secunia rated this vulnerability “highly critical” because, if exploited successfully, could give remote attackers the ability to execute arbitrary PHP codes remotely. The vulnerability is such that the attacker won’t even need authentication to succeed in gaining system access.

People using CNStats should apply workarounds since there is no patch available for this particular flaw. Secunia noted that in order for the attack on this flaw to succeed, the “register_globals” value in PHP configuration has to be enabled and that the support for “.htaccess” files is disabled. Users using CNStats should turn register_globals off. In fact, it should be turned off by default at all times.

It’s important to keep on top of these vulnerability reports, and installing fixes when necessary. If there is no patch available, one option is to stop using the software and switch to another, preferably one with less critical vulnerabilities. Application developers have to be shown that customers won’t tolerate insecure software.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.