Security

Vigilantes Hack Criminal Carding Forum and Expose Underground Dealings

A German cybercrime forum was hacked by attackers who have exposed the underground dealings of the criminal denizens. The hackers snagged the database containing what appears to be all the private correspondence of the forum members, and posted it to the web. The hackers also posted information on the IP addresses forum members used when […]

owned-and-exposed-ezine

A German cybercrime forum was hacked by attackers who have exposed the underground dealings of the criminal denizens. The hackers snagged the database containing what appears to be all the private correspondence of the forum members, and posted it to the web.

The hackers also posted information on the IP addresses forum members used when they signed up for membership, noting that most of the administrators and moderators on the site didn't use a proxy to access it. They also posted usernames, e-mail addresses and some cracked passwords of members, who number 5,000. The data was posted to the RapidShare file-trading site.

Here we go. Some crazy combination of username:password:plain:mail. I hope you guys dont mind if we did not crack all of them. Passwords are stored as sha1($username.$pass). Feel free to bruteforce the rest.

DEIM0S:97e36bdc7778264c9ca785b86beda24a277c4713::deimos@carders.cc
Nowo:bdda38c461e2bcaf54c8c0d0adf9b946::nowolix@hotmail.de
MoneyBoss:2dca6800fdf6ea230f48ba307b68e5bf::asdfg-1337@web.de
sPloiT:5f2c0db92c5c716a2e4e4e55bca6b995::cadazadmin@gmail.com
Moq:da2384e118f6d9aca8c0d832fdf28c90c4218c8a:fenerbahce::Mehmet-43-@hotmail.de
cyberhood:29b0b59fd185b3b4a7072fb374e282e19cdc3361::soh.cyberhood@googlemail.com

The hack was first reported by Brian Krebs.

Carders.cc was hacked through a poorly secured web server, according to the attackers, who disclosed their method and reason for hacking the forum in an e-zine they published with one of the data files:

Many of you guys may have noticed this breeding German “underground” shit called carders.cc. For those who don’t: Carders is a marketplace full of everything that is illegal and bad. Carding, fraud, drugs, weapons and tons of kiddies. They used to be only a small forum, but after we erased 1337-crew they got more power. The rats left the sinking ship. The voices told us to own them since carders is our fault and we had to fix our flaw. So we did.

During the ownage they also gave us lulz by showing off their ridiculous configuration skills which had a specific impact on their security. They actually managed to chmod and chown nearly everything to 777 and www-user readable. Including their /root directory.

The database of correspondence includes messages between buyers and sellers on the forum as they exchanged stolen bank-card data and criminal services.

One message is from a vendor selling skimmers to attach to bank-card readers to sniff the card data. He's also hawking login information to bank accounts in the United States and Britain that have a minimum $15,000 balance in them.

But for "REAL" hackers, he claims to offer backdoor access straight into the networks of financial institutions such as Citibank, HSBC and Bank of America.

\nICQ:574-109-754\nYM:rfidskimmer@yahoo.com\n\nmy name is rohan im here to show these fake ass ripper how a realy business man do business we dont take peoples money and run away\n\ni know that there is a lot of rippers out there and people be all scared to do business but let me tell you a little about me Im a verified MSR606 seller i can show pick and video if you need to know. my dumps+pin are straight from the bank
no second hand dumps i even sell skimmer kit for all who are interested in the big money game i will show how to correctly install and use skimmer kit i also get CVV directly from bank too i will show all newbies to this game how to make a purchase from cvv and get it ship directly to thier address in steady of billing address\n\ni have also bank logins with limit 15k UK and US, i have the newly created WU bug no body on the face of the earth has got this only me because i have an inside link to western union server that helped me creat this software add me and we talk about it(rfidskimmer)\n\nFor my fellow REAL hackers i have v4 and v5 socks selling i even have back door entrance to HSBC,B.O.A,CITIBANK E.T.C

He's challenged by another member, however, who suspects a scam.

'TO befire: man if u have citibank online accounts please connect me, but I working with online banking many years and I khow when people said that has got backdoor to bank it''s always be rippers. I f u really have some banks accounts of citibank or otherplease contact me In PM but it''s imbosible have backdoor to bank because If u have it u never tell about it in public forum...

This isn't the first time a carding forum has been owned by outsiders. Notorious hacker Max Vision, who ran the carding forum CardersMarket under the handle Iceman, took over several competing carding forums in 2006 through an ingenious hack, snagging their content and appropriating their members for his own carding empire.