It’s every forum for itself in the cut-throat market of carder forums, and a security breach affecting one of them means more market share for the rest. It is, therefore, highly likely that this latest hack into the carder.cc forum was perpetrated by or at the behest of some of its competitors.
After hacking the forum, the hackers posted a massive amount of information about forum members (including their passwords) on a public file-sharing network, where McAfee‘s Francois Paget stumbled upon them.
The file that sparked his attention was a RAR archive containing a dump of the forum and a tool that allowed him (or anyone curious enough) to “reconstruct” the site in its entirety and browse through it freely, since the reconstruction process provides automatic administrator rights for the person who did it.
Having done this, the person can view a lot of interesting information. He can find out the usernames of the four administrators, their emails and the exact day when they registered on the forum, not to mention the IP address from which they access the forum (whether it’s real or fake, a cursory glance can’t reveal):
Apart from all that, Paget managed to set up a short statistic regarding the members of the forum, revealing that there are 4121 simple members, 5 global moderators, 258 second-level and 7 third-level members, 4 moderators, 17 verified vendors and 497 banned members.
When registering, some of them provided quite enough information, providing law enforcement agencies with a good start if they choose to discover who the people behind these identities are. In some cases, age and nationality, contact information (such as ICQ, Yahoo Messenger, MSN and/or AOL Messenger numbers) and website addresses have been entered.
Among the usual things sold on this kind of market (card numbers, botnets-for-hire), there are also some unusual things one can buy, ranging from iTunes gift certificates to falsified documents:
For us, this occurrence presents a peek into the fascinating world of data theft and the economy behind it, but the forum is likely to lose a great number of members – if not all.