Finally good hacking news: hacker on hacker crime leads to personal information of 24,000 illegal data buyers leaked online

[techietraveller84]

There's not a lot of good news in the cyber world these days, but today saw a story that brought a smile to my face. 

Quote

A user on a popular hacker forum is selling a database containing highly sensitive information of more than 24,000 customers of the now-defunct illegal online service WeLeakInfo. 

Before it was shut down by the FBI in January 2020, WeLeakInfo was a website that had been selling access to stolen information scraped from more than 10,000 data breaches, which contained over 12 billion indexed user credentials, including names, usernames, email addresses and passwords for online accounts.

The forum user is selling the highly sensitive information of former WeLeakInfo customers – including their full names, IP addresses, street addresses, and phone numbers – for about $2 in virtual forum currency. 

What was leaked?

The author of the forum post is selling a ZIP archive that contains payment data of WeLeakInfo customers who made their illicit purchases via Stripe, including:

• Full names
• Partial credit card data
• Transaction dates and their Stripe reference numbers
• Currencies and amounts paid for stolen data
• Email addresses
• IP addresses
• User Agents (used to identify the browser/device used by the customer)
• Street addresses
• Phone numbers

How the data was acquired: an oversight by the FBI?

The user who is selling the WeLeakData archive on the hacker forum claims that the FBI might have missed a spot during the seizure of the original WeLeakInfo domain. According to the forum post author, there was a separate domain associated with the WeLeakInfo service that was used to process payments made by people who bought stolen data via Stripe. And it seems that the payment website was, inadvertently or not, allowed to expire in March 2021. 

This means that after the website expired, anyone could have claimed the domain as their own. Which the cheeky forum user seemingly did on March 11. 

The author claims they were then able to perform a password reset against the Stripe.com account that was potentially associated with one of the two owners of WeLeakInfo, and gain access to all the data from the website, which seems to have operated for less than a year and accumulated sales of a little over £100,000 from 24,603 customers. 

Judging from the samples of data provided by the author, the age of the Stripe account owner is consistent with the FBI’s information about the arrested owners of WeLeakInfo.

https://cybernews.com/security/hacker-on-hacker-crime-personal-information-of-24000-illegal-data-buyers-put-for-sale-online/?&web_view=true

[techietraveller84]

More good news, kind of. Another hacker forum was well, hacked, exposing "12,344 sets of data for card shop admins, sellers and buyers, including user names, hashed passwords, contact details, sales activity and current balances."

 

At the same time though, the "database also has 498 sets of (stolen) online banking account credentials and 69,592 sets of U.S. Social Security Numbers and Canadian Social Insurance Numbers."

 

https://threatpost.com/623m-payment-cards-stolen-from-cybercrime-forum/165336/

[faraday]

Anybody in custody...?

[techietraveller84]

15 minutes ago, faraday said:

Anybody in custody...?

Good question. Looks like it was a Russian site, most likely used by the Russian speaking hacking community. Not sure how they handle things like this over there.

[techietraveller84]

Different story, but in similar feel-good topic, another bad guy in the hacker world has been arrested and sentenced.

Still though, why do I have the feeling he'll still be running crime from prison?

Quote

A high-level manager of cybercrime group FIN7, also known as the Carbanak Group and the Navigator Group, has been sentenced to ten years in prison, the Department of Justice reports.

FIN7 has operated since at least 2015 and had more than 70 people organized into business units and teams.. While its activity is global, in the United States, FIN7 has breached corporate computer networks in all 50 states and the District of Columbia. Attackers have stolen more than 20 million payment card records from at least 6,500 point-of-sale terminals at more than 3,600 businesses.

Ukrainian national Fedir Hladyr was a systems administrator for FIN7. He was arrested in Dresden, Germany in 2018 at the request of US law enforcement. In 2019 he pleaded guilty to conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.

To conduct its attacks, FIN7 wrote emails to appear legitimate to an organization's employees and followed up with phone calls to further legitimize their activity. When an email attachment was opened, FIN used a modified version of the Carbanak malware, in addition to other tools, to steal customers' payment card data. Much of this data has been sold on the Dark Web.

As systems administrator for FIN7, Hladyr played a core role in aggregating stolen data, supervising other criminals in the group, and maintaining the network of servers that FIN7 used to target and control victims' machines. He also handled FIN7's encrypted communication channels, officials report.

 

https://www.darkreading.com/attacks-breaches/high-level-admin-of-fin7-cybercrime-group-sentenced-to-10-years-in-prison/d/d-id/1340717?&web_view=true