Hackers Expose Member Data From Popular Eastern European Cybercrime Forum
Cyber-criminals targeted an online community and stole member information and login credentials from the site’s forum database late Tuesday. What sets this attack apart from similar data breaches is the fact that the victims were part of a community of Eastern European cyber-criminals.
“Verified” happens to be one of the largest online communities for Eastern European cyber-criminals, according to security firm IntelCrawler, who disclosed details of the incident to SecurityWeek. Many of the topics posted on the forums had something to do with committing online banking fraud against financial institutions in the U.S., Australia, and the United Kingdom.
The attack against Verified seems to be the work of a group of administrators from a rival cyber-crime forum.
This incident shows the cyber-crime community is just as vulnerable to attack as legitimate businesses and ordinary Internet users, IntelCrawler researchers said. There is still a good lesson to be learned here about managing vulnerabilities in software.
How The Attack Worked
The attackers exploited a PHP vulnerability (CVE-2007-2087) in CNStats STD 4.3, a Web-based application used by site administrators to monitor traffic and other statistics. The breach exposed all the attachments that had been uploaded to the forum since 2011, and the attackers also downloaded the MySQL database containing user information and login credentials for the forums.
The stolen database, all 80.92 MB, has since been uploaded to Sendspace, exposing the information for more than 18,894 “bad actors,” IntelCrawler said. Verified was created back in 2005, and its membership roster included the likes of “SEVERA,” a famous spammer who worked with Alan Ralsky, the “Spam King” who pled guilty to spam and fraud in 2009.
Law enforcement types would be able to use the profile information as a form of “deep e-crime intelligence” and make some arrests, the researchers speculated.
According IntelCrawler, the community became popular for trading of new exploit kits, and was even used byrecently arrested“Paunch”, the alleged author of theBlackhole exploit kit.
Unpatched Software A Risk Every data breach is a learning opportunity, and this incident is no difference, highlighting patching and software vulnerability management. The bug was originally discovered back in 2007 in CNStats 2.12 software. Based on the description posted by vulnerability management company Secunia, the issue remains unpatched,2 major versions and almost seven years later.
Secunia rated this vulnerability “highly critical” because, if exploited successfully, could give remote attackers the ability to execute arbitrary PHP codes remotely. The vulnerability is such that the attacker won’t even need authentication to succeed in gaining system access.
People using CNStats should apply workarounds since there is no patch available for this particular flaw. Secunia noted that in order for the attack on this flaw to succeed, the “register_globals” value in PHP configuration has to be enabled and that the support for “.htaccess” files is disabled. Users using CNStats should turn register_globals off. In fact, it should be turned off by default at all times.
It’s important to keep on top of these vulnerability reports, and installing fixes when necessary. If there is no patch available, one option is to stop using the software and switch to another, preferably one with less critical vulnerabilities. Application developers have to be shown that customers won’t tolerate insecure software.
Fahmida Y. Rashid is a contributing writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.Previous Columns by Fahmida Y. Rashid:Hacked Cybercrime Forum Exposes Nearly 20,000 Bad ActorsDont Focus on Predictions: What are Your 2014 IT Security Resolutions?Experts Debate How Hackers Stole 40 Million Card Numbers from TargetBlack Hat Researchers Remotely Hack Into SCADA Systems on Oil RigsResearchers Demonstrate Million Browser Botnet Concept Built on Legitimate Ad Networks
Tags: NEWS INDUSTRY