Infighting as hijacking forum hacked, database leaked & phishers phished

News by Mark Mayne

A forum dedicated to hijacking and SIM cloning attacks has been hacked, exposing the details of nearly 113,000 forum users who now report being phished and fearful of lawenforcement follow up.

In what appears to be a case of rivalry among hacking groups, a well-known hijacking forum ‘OGusers’ has been hacked, and the membership database subsequently leaked on a rival forum.

According to security researcher Brian Krebs, the leaked database: "appears to hold the usernames, email addresses, hashed passwords, private messages and IP address at the time of registration for approximately 113,000 users (although many of these nicknames are likely the same people using different aliases)."

According to Krebs, the incident began with the administrator of OGusers explaining to forum members that a 12 May site outage was a simple hardware failure, and that the forum’s data (including private messages) had been restored successfully from a much earlier backup from January.  However, just days later, on 16May, the administrator of rival hacking community RaidForums posted the entire OGusers database with the following message:

"On the 12th of May 2019 the forum was breached [and] 112,988 users were affected." The post by RaidForums administrator Omnipotent adds, "I have uploaded the data from this database breach along with their website source files. Their hashing algorithm was the default salted MD5 which surprised me, anyway the website owner has acknowledged data corruption but not a breach so I guess I’m the first to tell you the truth. According to his statement he didn’t have any recent backups so I guess I will provide one on this thread lmfao."

Unsurprisingly, users of the ‘OGusers’ forum - which specialised in SIM cloning and swapping, often used in bank fraud, where the cloned SIM is used to seize control of a victim’s phone and intercept reset codes from their bank - were immediately concerned. In a twist of no small irony, forum members were reporting phishing attacks almost immediately.

However, as Twitter users were quick to point out, the value of the private messages to law enforcement should be considerable. As Krebs summarised: "It’s difficult not to admit feeling a bit of schadenfreude in response to this event. Law enforcement investigators going after SIM swappers are likely to have a field day with this database, and my guess is this leak will fuel even more arrests and charges for those involved."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews