Posted on August 13, 2019 at 7:25 PM
Hackers hack hackers: Cracked.to’s Giant Database Breached By Raidforums
The hacking world recently endured an attack between peers, when Raidforums cybercriminals managed to work their magic and breach the Cracked.to a hacking forum, considered a rival/competitor.
Because of the attack, data and information of over 321,000 members of Cracked.to were exposed to dozens of hackers, endangering the integrity of their files, accounts, and devices. The breach was perpetrated at a moment in which the victims were talking about incurring in illegal or frowned upon activities, such as selling software vulnerabilities, cracking Fortnite profiles, and more.
The attack resulted in precisely 749,161 unique email contacts being posted on Raidforums over the weekend, according to information provided by the breach notifier HaveIBeenPwned.
IP Addresses, Private Conversation, Emails, and More
That’s not all: among the stolen information were other valuable bits of data that include IP addresses, private conversations, username, passphrases saved as bcrypt hashes, and much more. Those items alone can help hackers detect lots of info about their victims, including their location and access to critical accounts.
Raidforums implemented the website forum application myBB to generate a large and incriminating database. According to its own description, Cracked.to refers to itself as a platform that offers cracking tutorials, combolists, and other resources, while Raidforums provides access to sites and forums that cover similar themes.
The arstechnica website checked a large 2.11 gigabyte file that the Raidforums’ people made public, related to the Cracked.to hack. They found nearly 400,000 (roughly 397,000) private messages, most of which covered conversations about hack-related details and information. Cybercriminals usually like to hide these.
Hidden Details
Many of the “hidden” conversations that saw daylight were about people trying to buy or sell software or services used to crack accounts on Fortnite, one of the top games of the moment. The identities of these individuals were revealed through their usernames, IP addresses, and email addresses.
For example, one of the messages had a subject that read “freshly cracked” Fortnite accounts, with skins captured. Another email explained, step by step, how to modify the email on cracked Fortnite profiles. Other people promoted their capabilities and resources to exploit CVE-2019-20250, which is known as a WinRAR (a file compressor) vulnerability.
Numerous hackers took advantage of the mentioned WinRAR vulnerability earlier in 2019 as a means to install malware on computers, which was extremely difficult to correctly detect and repel.
It is not yet clear how the people of Raidforums managed to perform the data breach on the Cracked.to the platform, although specialists are speculating that they did it by using IP addresses that were anonymized by Tor or similar tools. After all, both law enforcement groups and rival cybercriminals only need a small distraction to pounce.
Now, every person related to the breached data should be on the alert, especially those who had their email addresses and IP addresses published. The events that took place on Friday are proof that there are no perfect security measures, and that databases are always prone to be compromised.
Taking Advantage of An Exploit
“Omnipotent,” which is the creator, owner, and host of the Radioforum site, told Ars that they achieved to perform the attack thanks to an exploit in a statement of the obvious. However, he declined to offer details about how they managed to put so many people in danger. There is a strong possibility that his platform used a resource to crack myBB, but it is also possible that someone obtained administrator credentials to access.
Another possible scenario involves an inside job, albeit unlikely. A top admin at Cracked.to said last month that someone, a “trustworthy person,” had backups and database of the forum.
A switch to a stronger password hashing scheme prompted users to change their passphrase a few months ago, and that may have actually helped to prevent a much more fatal hacking attack. The administrator of Cracked.to stated that while there is no way to control every private conversation that people have in a forum, he regretted the data breach.