Please fasten your seatbelts

[Warl0ck]

According to twitter a full data dump (IP, email, PMs etc) of another forum is happening. The hacker is on a mission.

@FredZed. These forums use an MD5 + salt style of encryption. It's pretty secure and cracking a salted password even with ASICS is nearly impossible.

 

[badbadboy]

I would like to read up on this. Please post a link.

 

[badbubba]

You would think one-way encryption used for password storage is pretty secure except you can create a lookup table with a list of exposed passwords (big list from the rockyou hack) and dictionary words to see if you get a match since everyone uses the same algorithm. Your password probably won't be compromised if it is unique or if the website "salts" it before encryption. With Ashley Madison, their source code got released and they used the password in a second database field where it could be potentially extracted.

In practical terms - don't reuse passwords for sensitive websites (banking, paypal, email, etc), use long and unique passwords (non-dictionary words, symbols if allowed, upper and lower case, numbers) and use a separate email to register with websites you want to remain anonymous (ashley madison, perb....). If your email offers 2 factor authentiction (sends text code to phone for confirmation, available on gmail and hotmail), enable it. Email needs to be secure since hackers can change your website login passwords if they control your email.

I got a weird email once suggesting my anonymous email was no longer anonymous. I created a new one, changed any website login associated with it to the new one (important) and then deleted the old one.

 

[rictor71]

The more I read about their issues and the already upcoming plans for 2.0.....the more I think this was not some Hacker overseas.Interesting.

 

[aznnza]

I wonder what they want? I thought everybody used junk emails. I'd be more concerned as a provider since they must have given payment information.

 

[Warl0ck]

A lookup table or a rainbow table work when a password is hashed but not salted. If 6 people use the password MyDogRover it creates the same hash every time making cracking the hash easy. In simplistic terms, salting is adding random data to each hash. It is then compared to the original when logging in & access is granted if they match (being simplistic).

As for an overseas hacker attacking, that is unlikely. They likely just used a VPN or a proxy (or several) and jumped off out of Asia. Given the nature of the comments on Twitter, it appears to be the work of several people & it's personal for one of them. I can't speak for the specifics of the other forum but it's no secret there are some very nasty sites out there including some that seem to make it their goal to push BBFS and intimidate sex workers. That type of behaviour is going to attract black hat hacker vigilantism.

 

[Fuzzy Thumper]

I wonder what they want? I thought everybody used junk emails

If there really is to be a "dump", I suspect the serious drama will come when they start disseminating the posts from the provider lounge (including "commentary", reference information and blacklists)....

 

[westwoody]

If there really is to be a "dump", I suspect the serious drama will come when they start disseminating the posts from the provider lounge (including "commentary", reference information and blacklists)....

Oh yes then we will really see some fireworks!

 

[rictor71]

If there really is to be a "dump", I suspect the serious drama will come when they start disseminating the posts from the provider lounge (including "commentary", reference information and blacklists)....

Be a lot of broken hearts when that "reality" dump gets out there.....

 

[Warl0ck]

I decided I'd dig into this last night and snoop around researching the individual being attacked. I do not know what the hackers motivations are but they appear to be personal. It's akin to when police find a dead body and it's a crime of passion (versus being random). I will not get into details on this forum as to what I found only that it was not difficult to profile him & I know a great deal about him (including family). More shocking was I didn't use tools like Maltego, I just used search without any real in-depth commands. I wanted to get the perspective of an "average" guy looking things up

To the mod of that forum: You are in possession of a LOT of personal information (we call it PII). It appears all that personal information will soon be available for the public to view. You were entrusted WITH that information and it's release could destroy careers, marriages & lives. If the allegations are true (and I am not implying they are) please do the right thing. If it's not, then make a public statement if ONLY to defend those people who frequented your forum.

To the hacker: I tip my grey hat to you. With power comes responsibility. Whatever beef you have with this individual that is your own. If he is the monster you claim take him down. But, the data you hold can destroy the lives of potentially thousands of other people. And many of those people are guilty of what? Joining a sex forum to pay for sex? And what of the sex workers that are simply trying to make a living? Will their details be made public too? Those women already deal with enough bullshit in this industry without the fear of their personal comments, etc being displayed for all to see. Actions like that make you NO better than bullshit like the Dirty or what Hunter Moore did (how's prison Hunter?). Justice should never include bystanders.

Don't profit off the misery of others. It's wrong. You want a better, open, safer sex trade, then it's up to you.

./rant

 

[westwoody]

Is it the mod who got fired and banned and is now ranting non stop on another forum?

 

[Bad Santa]

I decided I'd dig into this last night and snoop around researching the individual being attacked. I do not know what the hackers motivations are but they appear to be personal. It's akin to when police find a dead body and it's a crime of passion (versus being random). I will not get into details on this forum as to what I found only that it was not difficult to profile him & I know a great deal about him (including family). More shocking was I didn't use tools like Maltego, I just used search without any real in-depth commands. I wanted to get the perspective of an "average" guy looking things up

To the mod of that forum: You are in possession of a LOT of personal information (we call it PII). It appears all that personal information will soon be available for the public to view. You were entrusted WITH that information and it's release could destroy careers, marriages & lives. If the allegations are true (and I am not implying they are) please do the right thing. If it's not, then make a public statement if ONLY to defend those people who frequented your forum.

To the hacker: I tip my grey hat to you. With power comes responsibility. Whatever beef you have with this individual that is your own. If he is the monster you claim take him down. But, the data you hold can destroy the lives of potentially thousands of other people. And many of those people are guilty of what? Joining a sex forum to pay for sex? And what of the sex workers that are simply trying to make a living? Will their details be made public too? Those women already deal with enough bullshit in this industry without the fear of their personal comments, etc being displayed for all to see. Actions like that make you NO better than bullshit like the Dirty or what Hunter Moore did (how's prison Hunter?). Justice should never include bystanders.

Don't profit off the misery of others. It's wrong. You want a better, open, safer sex trade, then it's up to you.

./rant

It's definitely kind of scarey. And I agree with what's been said. I think the hacker is local. But what can be done? Looks like the cat's already out of the bag.