May 7, 2024

Can Exposed[.]vc attract BreachForum’s loyal users? It’s trying to.

11 months ago

In a somewhat unusual approach to marketing, a new hacking-related forum intentionally leaked a database with the usernames and email addresses of many of the very people it hopes will register for its new forum — and then advertised the leak. How’s that working out for them so far? When RAIDForums was seized by law enforcement in 2022, one of the forum users, Pompompurin, stepped up and opened BreachForums based on the RAIDForums design and policies. And when BreachForums was taken down by an administrator after Pompompurin was arrested and databases were seized, forum users waited for the administrator, “Baphomet,” to create a new and secure forum for them. But more than two months later, there has been no replacement forum for BreachForums, although there have been some attempts, like the short-lived Vice Forums that went up quickly in March but was taken down after one hour due to security issues. It never came back as a real forum. This week, talk within the BreachForums community was that the threat actor known as “ShinyHunters” on Telegram (@sh_corp on Twitter) would be opening a forum to replace BreachForums with the assistance of BreachForum staff. Because ShinyHunters had been active on RAIDForums and BreachForums, they already have a known history and reputation that may make people feel more confident that the new forum will not be a federally controlled honeypot. But there is also another new contender seeking to attract users, and Exposed[.]vc (“Exposed“) made a bold move to get attention — they leaked a users’ database from RAIDForums. The database contained 478,000 entries with usernames, email addresses, date registered, last date the user visited the forum, and other fields, including some IP addresses. The earliest entries appeared to be from March 2015 and the most recent were from September 2020 [RAIDForums continued until early 2022 when it was seized by law enforcement]. If you had been a registered user of RAIDForums and a new forum by someone unknown to you just leaked the RAIDForums user database, would you be inclined to trust that forum or forum owner? Or would you figure that since law enforcement already seized the databases from RAIDForums, there was no additional risk to you by the leak? Exposed had already been making some progress in gaining users. The BlackByte ransomware gang used the forum in May to leak 10 GB of data from its  Augusta, Georgia attack, and the hacker known as “Bjorka,” who has been a thorn in the Indonesian government’s side for more than a year, also started leaking data on the forum. But it was the leak of the RAIDForum’s user database that really got attention. DataBreaches asked “Impotent,” the owner of Exposed, if they would answer a few questions and they agreed.  DataBreaches notes that there is almost nothing in what Impotent claims that could really be confirmed or disconfirmed by this site. The following was conducted by email and Telegram over the past two days and has been lightly edited for clarity and length: Interview with “Impotent” Dissent Doe (DD): Because users are generally suspicious that any forum or site is a honeypot or federally controlled, let’s start with who “Impotent” is. Are you willing to say what username(s) you used on RAIDforums and BreachForums? If you’re not, why not, and why should people trust you? Impotent (I): Impotent was the regular dude that started by searching how to make money online. Not long after I got my hands to operate a few DN services and some other stuff that helped me live through. It is not possible to fully trust me, same as I don’t trust anyone even my close people. I think it is a good time for everyone to think about their own opsec and decide who to trust. DD: You didn’t answer that as directly as one would hope, so to follow up: A number of people have said/claimed that you are Kmeta. Are you willing to confirm or deny that you were Kmeta on BreachForums? I: Officially I deny the existence of any old alias. What people say is really just a very small part of the whole story. But no; I am not. DD: Why did you create Exposed? And have you ever created and secured a forum before? I: Due to a “fatal” ending of a service I was administrator on for a very long time. DD: But have you ever created and had sole responsibility for securing a forum before? If this is going to be all on you, how good are your forum-securing skills? I: I was holding a website but not a forum. I had the responsibility for securing a service before. I believe in myself so I have to say my skills are excellent. DD: Who will have authorized access to the databases of Exposed? I: Only Impotent DD: For how long will Exposed retain logs? I: Logs such as IP addresses get purged every 24h. DD: Are there any circumstances under which you will comply with law enforcement requests for user info or post removal? If so, what are those circumstances? I: Never. The only posts that can be removed within a report are posts containing CP. DD: When I had interviewed Pom around the time he opened BreachForums, he wasn’t particularly concerned about being caught or arrested. Are you concerned at all about being identified and arrested, indicted, and/or extradited to the U.S. (if you are not currently in the U.S.)? I: I mean, I was never worried about myself. Of course I have it in mind that at any time I can get busted. For that purpose we make sure that the infrastructure is really untouchable. It’s not my first fight with US feds, so I think they should be given a rematch. DD: Can you clarify that or say more about that? Do you feel you were in a fight in the past with the U.S. somehow? I: In the past I was being a target of […]

About The Author

See author's posts

More Stories

Smoke Alarm Data Breach

5 days ago admin

How we built the new Find My Device network with user security and privacy in mind

2 weeks ago admin

Prevent Generative AI Data Leaks with Chrome Enterprise DLP

2 weeks ago admin