OGusers, a popular forum among cyber criminals, has been raided by a rival group. The incident exposed the email addresses, hashed passwords, IP addresses and private messages of nearly 113,000 members of the online criminal hacking community.
However, the damage was mitigated because the site’s administrator restored a backup from January 2019.
The administrator initially claimed that a hard drive failure had erased several months’ worth of private messages, forum posts and prestige points, but the incident was in fact an orchestrated attack by the rival group RaidForums, who also stole the site’s user database, a copy of which was obtained by cyber security reporter Brian Krebs.
Following the attack, RaidForums’ administrator, Omnipotent, posted a statement:
On the 12th of May 2019 the forum ogusers.com was breached 112,988 users were affected. I have uploaded the data from this database breach along with their website source files.
Their hashing algorithm was the default salted MD5 which surprised me, anyway the website owner has acknowledged data corruption but not a breach so I guess I’m the first to tell you the truth view his statement here or if you don’t want to visit their website view it here.
According to his statement he didn’t have any recent backups so I guess I will provide one on this thread lmfao.
Panic among OGusers
Soon after the attack, OGusers was flooded with concerned posts about how forum members’ stolen data was being used and how the breach occurred.
Some complained that they were receiving phishing emails, while others took aim at the site’s administrator, who reportedly altered the forum’s functionality after the attack to prevent users from removing their accounts.
The leaked database is a gift for law enforcement, as it contains a treasure trove of information about criminal hackers that should spark a series of arrests.
Meanwhile, many commentators have called the breach ‘poetic justice’, with OGusers brought down by fellow cyber criminals, all the while getting a taste of what it’s like to be a victim of the type of attacks they’ve perpetrated.
We wouldn’t begrudge anyone for feeling a little schadenfreude at this turn of events, but we’d also suggest that they consider the bigger picture.
What are the chances that anyone involved has realised that criminal hacking can be distressing for the victims and turned their back on a life of crime? Probably as likely as the chances of a street gang turning their back on a life of crime after getting involved in a turf war.
The far more likely outcome is this incident will escalate, with criminal hackers becoming ambitious in their attacks and more vigilant in their defence.
If they use those efforts to launch revenge campaigns, it will lead to more leaks like this. As good as that sounds, any scenario in which criminal hackers are galvanised seems like a dangerous scenario. The more ambitious criminals get, the more likely it is that innocent people will suffer.