Twitter user posts database from Ragebooter profiling

Oct 14, 2014 15:51 GMT  ·  By

It is not unusual for individuals to try to capture some attention by issuing false statements or taking credit for something others did. Over the weekend, a tweet was published announcing that KrebsOnSecurity had been hacked, making allegedly stolen information public.

Light analysis of the data reveals that it has nothing to do with Brian Krebs’ website, since it does not fit any database that may be administered by the security blogger.

Twitter user Narcocachos (@N4rCochaos) pointed to a Pastebin post that supposedly contained usernames, hashed passwords and email addresses of KrebsOnSecurity visitors.

The first clue of deceit is the availability of the alleged passwords because, in fact, no account is required to access the information on the website or to comment on the articles.

Trying to identify the origin of the data shows that it was in fact taken from an old article of the blogger, where he profiled a DDoS-for-hire-service called Ragebooter. This does not require any more effort than searching on Google.

Narcocachos’ intent remains unclear but it may be that the main reason here was to experience being in the spotlight for a while; this can be a dangerous game, though, because real hackers may have just found a new pinata to beat on.