‘Peace_of_Mind‘ (PoM) is a very active actor in The Real Deal Market and The Hell black markets, he offered for sale the dumps from clamorous data breaches, including Yahoo, LinkedIn and MySpace
The w0rm.ws a famous hacking platform, it is an ‘invite only’ hacking and a trading forum where it is possible to sell and buy exploits and stolen data.
Peace_of_Mind has defaced the website and leaked on its homepage the personal information of the alleges mastermind behind the hacking service, Sarpovu Nikolai.
The home page w0rm.ws was displaying Nikolai’s personal details, including date of birth, father’s name, mother’s name, nationality, and residence permit.
The hacker published the following message on the defaced homepage:
“Hacked by Peace of Mind for fucking with Hell Forum”
a circumstance that suggests a dispute between the underground hacking forums The Hell and wOrm.ws.
Also The Hell was hacked in the past, last year unknown crooks breached it and leaked its data, the hacking forum appeared back on the underground earlier this year.
Back to the w0rm.ws case, the colleagues at the Hackread.com published an interesting analysis made by Hacked-DB data mining company on the leaked data.
The main folder of the wOrm.ws, w0rmws.tar.gz, forum reveals that the hacking forum was running on an outdated and vulnerable version of the vBulletin CMS (version 3.8.7). The analysis of the content of the folder allowed the experts to find an email contact and a secret key for the Google captcha.
“Based on the leaked information it seems that the forum was hacked due to the old version of VBulletin with known exploits. The data basically uncover registered user accounts along with their PMs and IPs which can provide the lead if an authority will try to pursuit them. In addition, there are privately traded databases which may be only accessible to the forum users.” reported Hacked-DB.
The researchers at Hacked-DB have discovered that the administrator of the forum was using the Hunter exploit kit, the same used by The Hell and revealed after the data breach. On of the file included in the folder contains server login and timestamps details, it is not clear if they belong to the administrator of the platform.
The experts also found data related to 323 users of the forum, the records include username, encrypted password and personal messages sent by users to the forum admin.
The data dump included users’ activities and transactions successfully completed by the administrator of the forum since its launch:
Stay tuned!
[adrotate banner=”9″]
(Security Affairs – Peace_of_Mind, criminal underground)