world of internet security, latest cyber security news,information,updates on technology,it job vacancies,internet security,breaches,and safeguards

Monday, 30 October 2017

Hacking site hacked by hackers

with 2 comments

We try not to guffaw at cyber crime, but sometimes – especially on a Monday just after reading a report from  Bleeping Computer in which a cyber crook turned on his fellow crooks by hacking their underground forum and saying he would expose them to the cops…

…unless they forked over $50,000:

MESSAGE TO BASETOOLS OWNER:

Hello, you have only 24 hours to pay 50.000$ OTHERWISE YOU WILL BE 
EXPOSED AROUND THE WORLD & ALSO WE HAVE TOO MANY PROOFS THAT WE HAVEN'T 
INCLUDED THEM HERE AND THOSE WE WILL SENT TO THE RELEVANT BODIES


The crook uploaded some of his “proofs” to the Basetools hacking site itself, presumably to cause maximum embarrassment amongst the site’s criminal community.

These published “proofs” included a screenshot that’s supposed to show the web administration panel of the Basetools forum, listing the pseudonyms of the last 15 buyers and sellers, as well as the last 9 refunds. Seems that the crooks have problems trusting each other on many different levels.

To pay or not to pay?

We don’t want to be seen as offering advice to cybercriminals, but we’d strongly urge against paying up in extortion cases like this. It’s clear that the data has already been stolen – and some of it already shared with the world, let alone with US law enforcement – so paying now won’t do much good.

In ransomware demands, the extortion typically covers a decryption key for data that almost certainly wasn’t copied by the crooks – in other words, if you decide you aren’t going to pay up, the crooks have nothing further to squeeze you with.

But when the crooks already have copies of your data, and are threatening to besmirch, embarrass or defraud you by exposing it, paying the fee won’t do anything to stop them besmirching you anyway.Or coming back for more money next week.
For what it’s worth, it seems that the Basetools site owners haven’t quite figured out what to do yet – at the time of writing, their underground forum said:


What to do?

Hackers hacking hackers sounds funny, and perhaps it is – but if hackers can be hacked, then so can you, if you aren’t careful. We don’t know how this attack happened, but the obvious precautions you can take for your own online service include:

  1. Patch promptly: If the crooks know what server software version you are using, and it has a known security hole, they may very well be able to break in automatically. In other words, if you haven’t patched, you’re the low-hanging fruit.
  2. Choose decent passwords: If the crooks can guess your password, or if you used the same password on another site that already got hacked, then the crooks don’t need to do any hacking themselves – they can just login directly.
  3. Use two-factor authentication (2FA): A one-time code that changes every time you login means that just guessing or stealing your password isn’t enough. If the code is calculated on or sent to your phone, then the crooks need your phone (and its unlock code) as well, which is a higher bar to jump over.
  4. Check your logs: If you keep log files for auditing purposes, for example so you can check who logged in when, examine them proactively in order to find out about security anomalies sooner rather than later.    Honour amongst thieves, eh?

2 comments:

  1. This professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired

    him too, he can help you with any of the following hacks:

    -Phone hacks (remotely)
    -Credit repair
    -Bitcoin recovery (any cryptocurrency)
    -Make money from home (USA only)
    -Social media hacks
    -Website hacks
    -Erase criminal records (USA & Canada only)
    -Grade change

    Email: onlineghosthacker247@gmail.com

    ReplyDelete
  2. Are you interested in the service of a hacker to get into a phone, facebook account, snapchat, Instagram, yahoo, Whatsapp, get verified on any social network account, increase your followers by any amount, bank wire and bank transfer. Contact him on= ETHICALHACKERS009@GMAIL.COM

    OR WHATSAPP +1 213 295 1376

    ReplyDelete