Black Hat Hacking Forums Hacked | Possibly a LulzSec Attack

Image of proof of leak

Presently, the world of black hat forums appears to be engulfed in a series of cyberattacks. According to a Telegram channel, on 18th June 2019 it was reported that three leading black hat hacking forums were reportedly exploited, affecting an aggregate of over 260,000 hackers. From the disclosed data, it appears as though the creator of the aforementioned Telegram Channel has access to certain Ukrainian police files which may have led to the leak. 

This entire episode coincides with the closure of the Ukrainian dark web hosting company, Whost. Although this dark web hosting company run by one Mikhail Rytikov might seem illegal to the rest of the world, but is a legitimate entity in Ukraine.

Not very long ago, yet another hacking and carding forum was attacked, and the self-proclaimed Hacker had allegedly demanded ransom from that particular forum’s members, offering to guard the confidentiality of their personal information.

Why is anonymity so important to the Black Hat Hacking Forums?

Black Hat Hacking forums are a place where hackers collaborate with other hackers, and also a place where the rest of the world can find them and hire their black hat hacking services. So, it is more like what LinkedIn is to the rest of the world, where professionals network and customers look up for specialized vendors.

However, owing to the nature and purpose of black hat networking, which is often for cybercrime, it becomes crucial for the Members of these forums to remain anonymous. On the other hand, authorities across the globe are trying to unravel the mesh, and get hold of any data that can corroborate to high-profile cybercrimes.

What enabled this Attack?

The aforementioned hacking forums were reportedly built using XenForo, which is a commercial software package, developed using the PHP language. So, it appears as though the administrators installed a malicious free plug-in, which created a backdoor through which the attacker gained access. The surprising part is that the email ID of the alleged hacker is [email protected] which clearly indicates it to be the work of Lulz Security.

 

Who is LulzSec?

Lulz Security, often dubbed as LulzSec is the infamous hacking group which was involved in several high-profile cyberattacks, and was spearheaded by Hector Monsegur, better known by his pseudo name ‘Sabu’. Backtrace Security played a pivotal role in identifying Monsegur, an American citizen, who was later taken into custody.

LulzSec, during its existence, was involved in launching attacks against several noteworthy entities, which included PBS, Bethesda Studios, and the CIA. The hacking group had also hacked into the data of Sony Playstation network, and allegedly gained access to the data of around 24.6 million customers. They had also made a serious attempt to hack Nintendo but missed their target.

In June 2011, Monsegur was arrested and he then turned into an FBI informant and provided necessary assistance to the FBI for a period of about eleven months. Later, Monsegur received a ‘time spent’ for having helped the authorities and for preventing close to 300 cyber attacks.

It is believed that Monsegur and the five others who accompanied him in his exploits formed the core of Lulz Security. This association was allegedly formed on one of the hacking forums, which most hacking enthusiasts use to network and collaborate.

 

What happened to the other LulzSec Members?

During its existence, members of the LulzSec group remained absolutely anonymous, so much that the core members of this group did not reveal their real-world identities to each other, and stuck on to their respective pseudonyms. It was only when Monsegur turned into an FBI informant that the authorities could trace the remaining members, with his assistance.

Monsegur’s co-operation helped the FBI trace two other members of the LulzSec group, who were later identified as Ryan Cleary and James Jeffery — both from the UK. In due course, the FBI reportedly made further arrests.

Could it be LulzSec?

The dark web is way too dark to be certain about any particular attack, and those responsible for it. From what sources state, Monsegur was the brain behind Lulzsec and since he was converted into an FBI informant, things started to unwind.

Also, Monsegur’s act of turning into an informant made him enemies with several others. Monsegur, who received ‘time spent’ for having prevented close to 300 attacks, which safe-guarded data belonging to the Pentagon and several others could be the one here — at least this is what we feel at the moment.

What happens to the data?

The attackers, who seem to have gained access through a malicious plug-in, seem to have gathered some critical information that could lead to further arrests. Information of the Black Hat Forum members such as their individual IPs, Date of Visits and the log-in timings have reportedly been compromised.

Apparently, this data can be used to easily nail down Hackers who’ve been involved in various cyber crimes by using the log details such as IPs and Log timings to correlate the various posts on some of the most popular hacking forums. If so, several cybercriminal groups may be traced and there could be more Sabus being awarded “time spent” in the near future.

At the moment, this attack appears to be an attempt to unveil cyber attackers who’ve been lurking around for quite some time. However, there is no clear evidence for us to conclude that it is the work of Lulz Security, as the hacking group has long since ceased to exist.